From acc1630460169f3944143da8a7ad8819f808487d Mon Sep 17 00:00:00 2001 From: Maxim Vladimirskiy Date: Wed, 5 Sep 2018 11:21:53 +0300 Subject: [PATCH] Do not assume TLC cert files location --- etcdutil/config.go | 52 ++++++++++++++++++-------------------------- etcdutil/election.go | 2 +- version | 2 +- 3 files changed, 23 insertions(+), 33 deletions(-) diff --git a/etcdutil/config.go b/etcdutil/config.go index 4f2bc0d6..ad9b9894 100644 --- a/etcdutil/config.go +++ b/etcdutil/config.go @@ -15,9 +15,6 @@ import ( ) const ( - pathToCA = "/etc/mailgun/ssl/localhost/ca.pem" - pathToKey = "/etc/mailgun/ssl/localhost/etcd-key.pem" - pathToCert = "/etc/mailgun/ssl/localhost/etcd-cert.pem" localEtcdEndpoint = "127.0.0.1:2379" ) @@ -28,9 +25,14 @@ func init() { } } -func NewSecureClient(cfg *etcd.Config) (*etcd.Client, error) { +// NewClient creates a new etcd.Client with the specified config where blanks +// are filled from environment variables by NewConfig. +// +// If the provided config is nil and no environment variables are set, it will +// return a client connecting without TLS via localhost:2379. +func NewClient(cfg *etcd.Config) (*etcd.Client, error) { var err error - if cfg, err = NewEtcdConfig(cfg); err != nil { + if cfg, err = NewConfig(cfg); err != nil { return nil, errors.Wrap(err, "failed to build etcd config") } @@ -41,25 +43,21 @@ func NewSecureClient(cfg *etcd.Config) (*etcd.Client, error) { return etcdClt, nil } -// Create a new etcd.Config using environment variables. If an existing -// config is passed, will fill in missing configuration using environment -// variables or defaults if they exists on the local system. +// NewConfig creates a new etcd.Config using environment variables. If an +// existing config is passed, it will fill in missing configuration using +// environment variables or defaults if they exists on the local system. +// +// If no environment variables are set, it will return a config set to +// connect without TLS via localhost:2379. +func NewConfig(cfg *etcd.Config) (*etcd.Config, error) { + var envEndpoint, tlsCertFile, tlsKeyFile, tlsCAFile string -// If no environment variables are set, will return a config set to -// connect without TLS via localhost:2379 -func NewEtcdConfig(cfg *etcd.Config) (*etcd.Config, error) { - var envEndpoint, tlsCertFile, tlsKeyFile, tlsCaFile string - - // Create a config if none exists and get user/pass holster.SetDefault(&cfg, &etcd.Config{}) holster.SetDefault(&cfg.Username, os.Getenv("ETCD3_USER")) holster.SetDefault(&cfg.Password, os.Getenv("ETCD3_PASSWORD")) - - // Don't set default file locations for these if they don't exist on disk - // as dev or testing environments might not have certificates - holster.SetDefault(&tlsCertFile, os.Getenv("ETCD3_TLS_CERT"), ifExists(pathToCert)) - holster.SetDefault(&tlsKeyFile, os.Getenv("ETCD3_TLS_KEY"), ifExists(pathToKey)) - holster.SetDefault(&tlsCaFile, os.Getenv("ETCD3_CA"), ifExists(pathToCA)) + holster.SetDefault(&tlsCertFile, os.Getenv("ETCD3_TLS_CERT")) + holster.SetDefault(&tlsKeyFile, os.Getenv("ETCD3_TLS_KEY")) + holster.SetDefault(&tlsCAFile, os.Getenv("ETCD3_CA")) // Default to 5 second timeout, else connections hang indefinitely holster.SetDefault(&cfg.DialTimeout, time.Second*5) @@ -74,15 +72,15 @@ func NewEtcdConfig(cfg *etcd.Config) (*etcd.Config, error) { } // If the CA file was provided - if tlsCaFile != "" { + if tlsCAFile != "" { holster.SetDefault(&cfg.TLS, &tls.Config{}) var certPool *x509.CertPool = nil - if pemBytes, err := ioutil.ReadFile(tlsCaFile); err == nil { + if pemBytes, err := ioutil.ReadFile(tlsCAFile); err == nil { certPool = x509.NewCertPool() certPool.AppendCertsFromPEM(pemBytes) } else { - return nil, errors.Errorf("while loading cert CA file '%s': %s", tlsCaFile, err) + return nil, errors.Errorf("while loading cert CA file '%s': %s", tlsCAFile, err) } holster.SetDefault(&cfg.TLS.RootCAs, certPool) cfg.TLS.InsecureSkipVerify = false @@ -116,11 +114,3 @@ func NewEtcdConfig(cfg *etcd.Config) (*etcd.Config, error) { return cfg, nil } - -// If the file exists, return the path provided -func ifExists(file string) string { - if _, err := os.Stat(file); err == nil { - return file - } - return "" -} diff --git a/etcdutil/election.go b/etcdutil/election.go index 719646f0..64884429 100644 --- a/etcdutil/election.go +++ b/etcdutil/election.go @@ -73,7 +73,7 @@ func NewElection(election, candidate string, etcdConfig *etcd.Config) (*Election e.Election = path.Join("/elections", e.Election) var err error - e.etcdConfig, err = NewEtcdConfig(etcdConfig) + e.etcdConfig, err = NewConfig(etcdConfig) if err != nil { return nil, err } diff --git a/version b/version index a7ee35a3..f8e233b2 100644 --- a/version +++ b/version @@ -1 +1 @@ -1.8.3 +1.9.0