Skip to content

Commit

Permalink
Support for setting Vault CA from VAULT_CACERT_BYTES env (#1782)
Browse files Browse the repository at this point in the history
  • Loading branch information
tomhjp authored Aug 2, 2023
1 parent 74fa6ff commit 347e1cd
Show file tree
Hide file tree
Showing 8 changed files with 302 additions and 142 deletions.
15 changes: 8 additions & 7 deletions config/consul_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -309,13 +309,14 @@ func TestConsulConfig_Finalize(t *testing.T) {
Attempts: Int(DefaultRetryAttempts),
},
SSL: &SSLConfig{
CaCert: String(""),
CaPath: String(""),
Cert: String(""),
Enabled: Bool(false),
Key: String(""),
ServerName: String(""),
Verify: Bool(true),
CaCert: String(""),
CaCertBytes: String(""),
CaPath: String(""),
Cert: String(""),
Enabled: Bool(false),
Key: String(""),
ServerName: String(""),
Verify: Bool(true),
},
Token: String(""),
TokenFile: String(""),
Expand Down
75 changes: 40 additions & 35 deletions config/nomad_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -228,13 +228,14 @@ func TestNomadConfig_Finalize(t *testing.T) {
Enabled: Bool(false),
Namespace: String(""),
SSL: &SSLConfig{
CaCert: String(""),
CaPath: String(""),
Cert: String(""),
Enabled: Bool(false),
Key: String(""),
ServerName: String(""),
Verify: Bool(true),
CaCert: String(""),
CaCertBytes: String(""),
CaPath: String(""),
Cert: String(""),
Enabled: Bool(false),
Key: String(""),
ServerName: String(""),
Verify: Bool(true),
},
Token: String(""),
AuthUsername: String(""),
Expand Down Expand Up @@ -266,13 +267,14 @@ func TestNomadConfig_Finalize(t *testing.T) {
Enabled: Bool(true),
Namespace: String(""),
SSL: &SSLConfig{
CaCert: String(""),
CaPath: String(""),
Cert: String(""),
Enabled: Bool(false),
Key: String(""),
ServerName: String(""),
Verify: Bool(true),
CaCert: String(""),
CaCertBytes: String(""),
CaPath: String(""),
Cert: String(""),
Enabled: Bool(false),
Key: String(""),
ServerName: String(""),
Verify: Bool(true),
},
Token: String(""),
AuthUsername: String(""),
Expand Down Expand Up @@ -311,13 +313,14 @@ func TestNomadConfig_Finalize(t *testing.T) {
Enabled: Bool(true),
Namespace: String(""),
SSL: &SSLConfig{
CaCert: String("ca.crt"),
CaPath: String(""),
Cert: String("foo.crt"),
Enabled: Bool(true),
Key: String("foo.key"),
ServerName: String("server.global.nomad"),
Verify: Bool(true),
CaCert: String("ca.crt"),
CaCertBytes: String(""),
CaPath: String(""),
Cert: String("foo.crt"),
Enabled: Bool(true),
Key: String("foo.key"),
ServerName: String("server.global.nomad"),
Verify: Bool(true),
},
Token: String(""),
AuthUsername: String(""),
Expand Down Expand Up @@ -351,13 +354,14 @@ func TestNomadConfig_Finalize(t *testing.T) {
Enabled: Bool(true),
Namespace: String(""),
SSL: &SSLConfig{
CaCert: String(""),
CaPath: String(""),
Cert: String(""),
Enabled: Bool(false),
Key: String(""),
ServerName: String(""),
Verify: Bool(true),
CaCert: String(""),
CaCertBytes: String(""),
CaPath: String(""),
Cert: String(""),
Enabled: Bool(false),
Key: String(""),
ServerName: String(""),
Verify: Bool(true),
},
Token: String(""),
AuthUsername: String(""),
Expand Down Expand Up @@ -395,13 +399,14 @@ func TestNomadConfig_Finalize(t *testing.T) {
Enabled: Bool(false),
Namespace: String(""),
SSL: &SSLConfig{
CaCert: String(""),
CaPath: String(""),
Cert: String(""),
Enabled: Bool(false),
Key: String(""),
ServerName: String(""),
Verify: Bool(true),
CaCert: String(""),
CaCertBytes: String(""),
CaPath: String(""),
Cert: String(""),
Enabled: Bool(false),
Key: String(""),
ServerName: String(""),
Verify: Bool(true),
},
Token: String(""),
AuthUsername: String(""),
Expand Down
27 changes: 20 additions & 7 deletions config/ssl.go
Original file line number Diff line number Diff line change
Expand Up @@ -12,13 +12,14 @@ const (

// SSLConfig is the configuration for SSL.
type SSLConfig struct {
CaCert *string `mapstructure:"ca_cert"`
CaPath *string `mapstructure:"ca_path"`
Cert *string `mapstructure:"cert"`
Enabled *bool `mapstructure:"enabled"`
Key *string `mapstructure:"key"`
ServerName *string `mapstructure:"server_name"`
Verify *bool `mapstructure:"verify"`
CaCert *string `mapstructure:"ca_cert"`
CaCertBytes *string `mapstructure:"ca_cert_bytes"`
CaPath *string `mapstructure:"ca_path"`
Cert *string `mapstructure:"cert"`
Enabled *bool `mapstructure:"enabled"`
Key *string `mapstructure:"key"`
ServerName *string `mapstructure:"server_name"`
Verify *bool `mapstructure:"verify"`
}

// DefaultSSLConfig returns a configuration that is populated with the
Expand All @@ -35,6 +36,7 @@ func (c *SSLConfig) Copy() *SSLConfig {

var o SSLConfig
o.CaCert = c.CaCert
o.CaCertBytes = c.CaCertBytes
o.CaPath = c.CaPath
o.Cert = c.Cert
o.Enabled = c.Enabled
Expand Down Expand Up @@ -70,6 +72,10 @@ func (c *SSLConfig) Merge(o *SSLConfig) *SSLConfig {
r.CaCert = o.CaCert
}

if o.CaCertBytes != nil {
r.CaCertBytes = o.CaCertBytes
}

if o.CaPath != nil {
r.CaPath = o.CaPath
}
Expand Down Expand Up @@ -99,6 +105,7 @@ func (c *SSLConfig) Finalize() {
c.Enabled = Bool(false ||
StringPresent(c.Cert) ||
StringPresent(c.CaCert) ||
StringPresent(c.CaCertBytes) ||
StringPresent(c.CaPath) ||
StringPresent(c.Key) ||
StringPresent(c.ServerName) ||
Expand All @@ -113,6 +120,10 @@ func (c *SSLConfig) Finalize() {
c.CaCert = String("")
}

if c.CaCertBytes == nil {
c.CaCertBytes = String("")
}

if c.CaPath == nil {
c.CaPath = String("")
}
Expand All @@ -138,6 +149,7 @@ func (c *SSLConfig) GoString() string {

return fmt.Sprintf("&SSLConfig{"+
"CaCert:%s, "+
"CaCertBytes:%s, "+
"CaPath:%s, "+
"Cert:%s, "+
"Enabled:%s, "+
Expand All @@ -146,6 +158,7 @@ func (c *SSLConfig) GoString() string {
"Verify:%s"+
"}",
StringGoString(c.CaCert),
StringGoString(c.CaCertBytes),
StringGoString(c.CaPath),
StringGoString(c.Cert),
BoolGoString(c.Enabled),
Expand Down
Loading

0 comments on commit 347e1cd

Please sign in to comment.