Skip to content

Commit

Permalink
state/remote/atlas: Use go-rootcerts for certificate loading
Browse files Browse the repository at this point in the history 
Allows CA certs to be configured via `ATLAS_CAFILE` and `ATLAS_CAPATH`
env vars, and works around golang/go#14514 on
OS X.
  • Loading branch information
@phinze @cristicalin
phinze authored and cristicalin committed May 24, 2016
1 parent f965304 commit 41bbd41
Showing 1 changed file with 30 additions and 6 deletions.
36 changes: 30 additions & 6 deletions state/remote/atlas.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ package remote
import (
"bytes"
"crypto/md5"
"crypto/tls"
"encoding/base64"
"fmt"
"io"
Expand All @@ -13,7 +14,9 @@ import (
"path"
"strings"

"github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/go-retryablehttp"
"github.com/hashicorp/go-rootcerts"
"github.com/hashicorp/terraform/terraform"
)

Expand Down Expand Up @@ -90,7 +93,10 @@ func (c *AtlasClient) Get() (*Payload, error) {
}

// Request the url
client := c.http()
client, err := c.http()
if err != nil {
return nil, err
}
resp, err := client.Do(req)
if err != nil {
return nil, err
Expand Down Expand Up @@ -169,7 +175,10 @@ func (c *AtlasClient) Put(state []byte) error {
req.ContentLength = int64(len(state))

// Make the request
client := c.http()
client, err := c.http()
if err != nil {
return err
}
resp, err := client.Do(req)
if err != nil {
return fmt.Errorf("Failed to upload state: %v", err)
Expand Down Expand Up @@ -197,7 +206,10 @@ func (c *AtlasClient) Delete() error {
}

// Make the request
client := c.http()
client, err := c.http()
if err != nil {
return err
}
resp, err := client.Do(req)
if err != nil {
return fmt.Errorf("Failed to delete state: %v", err)
Expand Down Expand Up @@ -247,11 +259,23 @@ func (c *AtlasClient) url() *url.URL {
}
}

func (c *AtlasClient) http() *retryablehttp.Client {
func (c *AtlasClient) http() (*retryablehttp.Client, error) {
if c.HTTPClient != nil {
return c.HTTPClient
return c.HTTPClient, nil
}
tlsConfig := &tls.Config{}
err := rootcerts.ConfigureTLS(tlsConfig, &rootcerts.Config{
CAFile: os.Getenv("ATLAS_CAFILE"),
CAPath: os.Getenv("ATLAS_CAPATH"),
})
if err != nil {
return nil, err
}
return retryablehttp.NewClient()
rc := retryablehttp.NewClient()
t := cleanhttp.DefaultTransport()
t.TLSClientConfig = tlsConfig
rc.HTTPClient.Transport = t
return rc, nil
}

// Atlas returns an HTTP 409 - Conflict if the pushed state reports the same
Expand Down

0 comments on commit 41bbd41

Please sign in to comment.