Skip to content

Commit

Permalink
Do not assume TLC cert files location
Browse files Browse the repository at this point in the history
  • Loading branch information
horkhe committed Sep 6, 2018
1 parent 122660f commit acc1630
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 33 deletions.
52 changes: 21 additions & 31 deletions etcdutil/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,6 @@ import (
)

const (
pathToCA = "/etc/mailgun/ssl/localhost/ca.pem"
pathToKey = "/etc/mailgun/ssl/localhost/etcd-key.pem"
pathToCert = "/etc/mailgun/ssl/localhost/etcd-cert.pem"
localEtcdEndpoint = "127.0.0.1:2379"
)

Expand All @@ -28,9 +25,14 @@ func init() {
}
}

func NewSecureClient(cfg *etcd.Config) (*etcd.Client, error) {
// NewClient creates a new etcd.Client with the specified config where blanks
// are filled from environment variables by NewConfig.
//
// If the provided config is nil and no environment variables are set, it will
// return a client connecting without TLS via localhost:2379.
func NewClient(cfg *etcd.Config) (*etcd.Client, error) {
var err error
if cfg, err = NewEtcdConfig(cfg); err != nil {
if cfg, err = NewConfig(cfg); err != nil {
return nil, errors.Wrap(err, "failed to build etcd config")
}

Expand All @@ -41,25 +43,21 @@ func NewSecureClient(cfg *etcd.Config) (*etcd.Client, error) {
return etcdClt, nil
}

// Create a new etcd.Config using environment variables. If an existing
// config is passed, will fill in missing configuration using environment
// variables or defaults if they exists on the local system.
// NewConfig creates a new etcd.Config using environment variables. If an
// existing config is passed, it will fill in missing configuration using
// environment variables or defaults if they exists on the local system.
//
// If no environment variables are set, it will return a config set to
// connect without TLS via localhost:2379.
func NewConfig(cfg *etcd.Config) (*etcd.Config, error) {
var envEndpoint, tlsCertFile, tlsKeyFile, tlsCAFile string

// If no environment variables are set, will return a config set to
// connect without TLS via localhost:2379
func NewEtcdConfig(cfg *etcd.Config) (*etcd.Config, error) {
var envEndpoint, tlsCertFile, tlsKeyFile, tlsCaFile string

// Create a config if none exists and get user/pass
holster.SetDefault(&cfg, &etcd.Config{})
holster.SetDefault(&cfg.Username, os.Getenv("ETCD3_USER"))
holster.SetDefault(&cfg.Password, os.Getenv("ETCD3_PASSWORD"))

// Don't set default file locations for these if they don't exist on disk
// as dev or testing environments might not have certificates
holster.SetDefault(&tlsCertFile, os.Getenv("ETCD3_TLS_CERT"), ifExists(pathToCert))
holster.SetDefault(&tlsKeyFile, os.Getenv("ETCD3_TLS_KEY"), ifExists(pathToKey))
holster.SetDefault(&tlsCaFile, os.Getenv("ETCD3_CA"), ifExists(pathToCA))
holster.SetDefault(&tlsCertFile, os.Getenv("ETCD3_TLS_CERT"))
holster.SetDefault(&tlsKeyFile, os.Getenv("ETCD3_TLS_KEY"))
holster.SetDefault(&tlsCAFile, os.Getenv("ETCD3_CA"))

// Default to 5 second timeout, else connections hang indefinitely
holster.SetDefault(&cfg.DialTimeout, time.Second*5)
Expand All @@ -74,15 +72,15 @@ func NewEtcdConfig(cfg *etcd.Config) (*etcd.Config, error) {
}

// If the CA file was provided
if tlsCaFile != "" {
if tlsCAFile != "" {
holster.SetDefault(&cfg.TLS, &tls.Config{})

var certPool *x509.CertPool = nil
if pemBytes, err := ioutil.ReadFile(tlsCaFile); err == nil {
if pemBytes, err := ioutil.ReadFile(tlsCAFile); err == nil {
certPool = x509.NewCertPool()
certPool.AppendCertsFromPEM(pemBytes)
} else {
return nil, errors.Errorf("while loading cert CA file '%s': %s", tlsCaFile, err)
return nil, errors.Errorf("while loading cert CA file '%s': %s", tlsCAFile, err)
}
holster.SetDefault(&cfg.TLS.RootCAs, certPool)
cfg.TLS.InsecureSkipVerify = false
Expand Down Expand Up @@ -116,11 +114,3 @@ func NewEtcdConfig(cfg *etcd.Config) (*etcd.Config, error) {

return cfg, nil
}

// If the file exists, return the path provided
func ifExists(file string) string {
if _, err := os.Stat(file); err == nil {
return file
}
return ""
}
2 changes: 1 addition & 1 deletion etcdutil/election.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ func NewElection(election, candidate string, etcdConfig *etcd.Config) (*Election
e.Election = path.Join("/elections", e.Election)

var err error
e.etcdConfig, err = NewEtcdConfig(etcdConfig)
e.etcdConfig, err = NewConfig(etcdConfig)
if err != nil {
return nil, err
}
Expand Down
2 changes: 1 addition & 1 deletion version
Original file line number Diff line number Diff line change
@@ -1 +1 @@
1.8.3
1.9.0

0 comments on commit acc1630

Please sign in to comment.