resilien
/
terraform
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

state/remote/atlas: Use go-rootcerts for certificate loading 

Allows CA certs to be configured via `ATLAS_CAFILE` and `ATLAS_CAPATH`
env vars, and works around https://github.com/golang/go/issues/14514 on
OS X.
This commit is contained in:
Paul Hinze 2016-05-03 08:44:35 -05:00
parent 1690a65231
commit 4ac6dda633
No known key found for this signature in database
GPG Key ID: B69DEDF2D55501C0
1 changed files with 30 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
state/remote/atlas.go
View File

@ -3,6 +3,7 @@ package remote
import ( import (
"bytes" "bytes"
"crypto/md5" "crypto/md5"
"crypto/tls"
"encoding/base64" "encoding/base64"
"fmt" "fmt"
"io" "io"
@ -13,7 +14,9 @@ import (
"path" "path"
"strings" "strings"
"github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/go-retryablehttp" "github.com/hashicorp/go-retryablehttp"
"github.com/hashicorp/go-rootcerts"
"github.com/hashicorp/terraform/terraform" "github.com/hashicorp/terraform/terraform"
) )
@ -90,7 +93,10 @@ func (c *AtlasClient) Get() (*Payload, error) {
} }
// Request the url // Request the url
client := c.http() client, err := c.http()
if err != nil {
return nil, err
}
resp, err := client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {
return nil, err return nil, err
@ -169,7 +175,10 @@ func (c *AtlasClient) Put(state []byte) error {
req.ContentLength = int64(len(state)) req.ContentLength = int64(len(state))
// Make the request // Make the request
client := c.http() client, err := c.http()
if err != nil {
return err
}
resp, err := client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {
return fmt.Errorf("Failed to upload state: %v", err) return fmt.Errorf("Failed to upload state: %v", err)
@ -197,7 +206,10 @@ func (c *AtlasClient) Delete() error {
} }
// Make the request // Make the request
client := c.http() client, err := c.http()
if err != nil {
return err
}
resp, err := client.Do(req) resp, err := client.Do(req)
if err != nil { if err != nil {
return fmt.Errorf("Failed to delete state: %v", err) return fmt.Errorf("Failed to delete state: %v", err)
@ -247,11 +259,23 @@ func (c *AtlasClient) url() *url.URL {
} }
} }
func (c *AtlasClient) http() *retryablehttp.Client { func (c *AtlasClient) http() (*retryablehttp.Client, error) {
if c.HTTPClient != nil { if c.HTTPClient != nil {
return c.HTTPClient return c.HTTPClient, nil
} }
return retryablehttp.NewClient() tlsConfig := &tls.Config{}
err := rootcerts.ConfigureTLS(tlsConfig, &rootcerts.Config{
CAFile: os.Getenv("ATLAS_CAFILE"),
CAPath: os.Getenv("ATLAS_CAPATH"),
})
if err != nil {
return nil, err
}
rc := retryablehttp.NewClient()
t := cleanhttp.DefaultTransport()
t.TLSClientConfig = tlsConfig
rc.HTTPClient.Transport = t
return rc, nil
} }
// Atlas returns an HTTP 409 - Conflict if the pushed state reports the same // Atlas returns an HTTP 409 - Conflict if the pushed state reports the same