state/remote/atlas: Use go-rootcerts for certificate loading
Allows CA certs to be configured via `ATLAS_CAFILE` and `ATLAS_CAPATH` env vars, and works around https://github.com/golang/go/issues/14514 on OS X.
This commit is contained in:
parent
1690a65231
commit
4ac6dda633
|
@ -3,6 +3,7 @@ package remote
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"crypto/md5"
|
"crypto/md5"
|
||||||
|
"crypto/tls"
|
||||||
"encoding/base64"
|
"encoding/base64"
|
||||||
"fmt"
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
|
@ -13,7 +14,9 @@ import (
|
||||||
"path"
|
"path"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
"github.com/hashicorp/go-cleanhttp"
|
||||||
"github.com/hashicorp/go-retryablehttp"
|
"github.com/hashicorp/go-retryablehttp"
|
||||||
|
"github.com/hashicorp/go-rootcerts"
|
||||||
"github.com/hashicorp/terraform/terraform"
|
"github.com/hashicorp/terraform/terraform"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -90,7 +93,10 @@ func (c *AtlasClient) Get() (*Payload, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Request the url
|
// Request the url
|
||||||
client := c.http()
|
client, err := c.http()
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
resp, err := client.Do(req)
|
resp, err := client.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -169,7 +175,10 @@ func (c *AtlasClient) Put(state []byte) error {
|
||||||
req.ContentLength = int64(len(state))
|
req.ContentLength = int64(len(state))
|
||||||
|
|
||||||
// Make the request
|
// Make the request
|
||||||
client := c.http()
|
client, err := c.http()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
resp, err := client.Do(req)
|
resp, err := client.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Failed to upload state: %v", err)
|
return fmt.Errorf("Failed to upload state: %v", err)
|
||||||
|
@ -197,7 +206,10 @@ func (c *AtlasClient) Delete() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Make the request
|
// Make the request
|
||||||
client := c.http()
|
client, err := c.http()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
resp, err := client.Do(req)
|
resp, err := client.Do(req)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("Failed to delete state: %v", err)
|
return fmt.Errorf("Failed to delete state: %v", err)
|
||||||
|
@ -247,11 +259,23 @@ func (c *AtlasClient) url() *url.URL {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *AtlasClient) http() *retryablehttp.Client {
|
func (c *AtlasClient) http() (*retryablehttp.Client, error) {
|
||||||
if c.HTTPClient != nil {
|
if c.HTTPClient != nil {
|
||||||
return c.HTTPClient
|
return c.HTTPClient, nil
|
||||||
}
|
}
|
||||||
return retryablehttp.NewClient()
|
tlsConfig := &tls.Config{}
|
||||||
|
err := rootcerts.ConfigureTLS(tlsConfig, &rootcerts.Config{
|
||||||
|
CAFile: os.Getenv("ATLAS_CAFILE"),
|
||||||
|
CAPath: os.Getenv("ATLAS_CAPATH"),
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
rc := retryablehttp.NewClient()
|
||||||
|
t := cleanhttp.DefaultTransport()
|
||||||
|
t.TLSClientConfig = tlsConfig
|
||||||
|
rc.HTTPClient.Transport = t
|
||||||
|
return rc, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// Atlas returns an HTTP 409 - Conflict if the pushed state reports the same
|
// Atlas returns an HTTP 409 - Conflict if the pushed state reports the same
|
||||||
|
|
Loading…
Reference in New Issue