forked from TritonDataCenter/containerpilot
/
config.go
106 lines (96 loc) · 3.23 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
package discovery
import (
"os"
"strings"
"github.com/asokolov365/containerpilot/config/decode"
"github.com/hashicorp/consul/api"
)
// ConsulConfig is used to configure the creation of
// the Consul Discovery service client.
type ConsulConfig struct {
Address string `mapstructure:"address"`
Scheme string `mapstructure:"scheme"`
Token string `mapstructure:"token"`
TLS ConsulTLSConfig `mapstructure:"tls"` // optional TLS settings
}
// ConsulTLSConfig is optional TLS settings for ConsulConfig.
type ConsulTLSConfig struct {
HTTPCAFile string `mapstructure:"cafile"`
HTTPCAPath string `mapstructure:"capath"`
HTTPClientCert string `mapstructure:"clientcert"`
HTTPClientKey string `mapstructure:"clientkey"`
HTTPTLSServerName string `mapstructure:"servername"`
HTTPSSLVerify bool `mapstructure:"verify"`
}
// override an already-parsed ConsulConfig with any options that might
// be set in the environment and then return the TLSConfig
func getConsulTLSConfig(cfg *ConsulConfig) api.TLSConfig {
if cafile := os.Getenv("CONSUL_CACERT"); cafile != "" {
cfg.TLS.HTTPCAFile = cafile
}
if capath := os.Getenv("CONSUL_CAPATH"); capath != "" {
cfg.TLS.HTTPCAPath = capath
}
if clientCert := os.Getenv("CONSUL_CLIENT_CERT"); clientCert != "" {
cfg.TLS.HTTPClientCert = clientCert
}
if clientKey := os.Getenv("CONSUL_CLIENT_KEY"); clientKey != "" {
cfg.TLS.HTTPClientKey = clientKey
}
if serverName := os.Getenv("CONSUL_TLS_SERVER_NAME"); serverName != "" {
cfg.TLS.HTTPTLSServerName = serverName
}
verify := os.Getenv("CONSUL_HTTP_SSL_VERIFY")
switch strings.ToLower(verify) {
case "1", "true":
cfg.TLS.HTTPSSLVerify = true
case "0", "false":
cfg.TLS.HTTPSSLVerify = false
}
tlsConfig := api.TLSConfig{
Address: cfg.TLS.HTTPTLSServerName,
CAFile: cfg.TLS.HTTPCAFile,
CAPath: cfg.TLS.HTTPCAPath,
CertFile: cfg.TLS.HTTPClientCert,
KeyFile: cfg.TLS.HTTPClientKey,
InsecureSkipVerify: !cfg.TLS.HTTPSSLVerify,
}
return tlsConfig
}
func consulConfigFromMap(raw map[string]interface{}) (*api.Config, error) {
parsed := &ConsulConfig{}
if err := decode.ToStruct(raw, parsed); err != nil {
return nil, err
}
config := &api.Config{
Address: parsed.Address,
Scheme: parsed.Scheme,
Token: parsed.Token,
TLSConfig: getConsulTLSConfig(parsed),
}
return config, nil
}
func consulConfigFromURI(uri string) (*api.Config, error) {
address, scheme := parseRawConsulURI(uri)
parsed := &ConsulConfig{Address: address, Scheme: scheme}
config := &api.Config{
Address: parsed.Address,
Scheme: parsed.Scheme,
Token: parsed.Token,
TLSConfig: getConsulTLSConfig(parsed),
}
return config, nil
}
// Returns the uri broken into an address and scheme portion
func parseRawConsulURI(raw string) (string, string) {
var scheme = "http" // default
var address = raw // we accept bare address w/o a scheme
// strip the scheme from the prefix and (maybe) set the scheme to https
if strings.HasPrefix(raw, "http://") {
address = strings.Replace(raw, "http://", "", 1)
} else if strings.HasPrefix(raw, "https://") {
address = strings.Replace(raw, "https://", "", 1)
scheme = "https"
}
return address, scheme
}