Adding support for communicating with Aurora using TLS.

aurora-scheduler · Apr 26, 2018 · f4d8653 · f4d8653
1 parent 72692b5
commit f4d8653
Show file tree

Hide file tree

Showing 3 changed files with 21 additions and 6 deletions.
diff --git a/Gopkg.lock b/Gopkg.lock
diff --git a/Gopkg.toml b/Gopkg.toml
@@ -2,7 +2,7 @@ required = ["git.apache.org/thrift.git/lib/go/thrift"]
 
 [[constraint]]
   name = "github.com/paypal/gorealis"
-  revision = "94e7c878b4e54385b6fbbb7b0c1ce5a82865af2b"
+  branch = "develop"
 
 [[constraint]]
   name = "github.com/spf13/cobra"

diff --git a/cmd/root.go b/cmd/root.go
@@ -24,12 +24,18 @@ var username, password, zkAddr, schedAddr string
 var env, role, name string
 var client realis.Realis
 var monitor *realis.Monitor
+var insecureSkipVerify bool
+var caCertsPath string
+var clientKey, clientCert string
 
 func init() {
 	rootCmd.PersistentFlags().StringVarP(&zkAddr, "zookeeper", "z", "", "Zookeeper node(s) where Aurora stores information.")
 	rootCmd.PersistentFlags().StringVarP(&username, "username", "u", "", "Username to use for API authentication")
 	rootCmd.PersistentFlags().StringVarP(&password, "password", "p", "", "Password to use for API authentication")
 	rootCmd.PersistentFlags().StringVarP(&schedAddr, "scheduler_addr", "s", "", "Aurora Scheduler's address.")
+	rootCmd.PersistentFlags().StringVarP(&clientKey, "clientKey", "k", "", "Client key to use to connect to Aurora.")
+	rootCmd.PersistentFlags().StringVarP(&clientCert, "clientCert", "c", "", "Client certificate to use to connect to Aurora.")
+	rootCmd.PersistentFlags().StringVarP(&caCertsPath, "caCertsPath", "a", "", "CA certificates path to use.")
 }
 
 func Execute() {
@@ -50,18 +56,26 @@ func connect(cmd *cobra.Command, args []string) {
 			Jitter:   0.1,
 		})}
 
-
 	// Prefer zookeeper if both ways of connecting are provided
 	if zkAddr != "" {
-		realisOptions = append(realisOptions, realis.ZKUrl(zkAddr))
+
+		// Configure Zookeeper to connect
+		zkOptions := []realis.ZKOpt{ realis.ZKEndpoints(zkAddr), realis.ZKPath("/aurora/scheduler")}
+
+		if clientKey != "" || clientCert != "" || caCertsPath != "" {
+			zkOptions = append(zkOptions, realis.ZKAuroraPortOverride(8081), realis.ZKAuroraSchemeOverride("https"))
+
+			realisOptions = append(realisOptions, realis.Certspath(caCertsPath), realis.ClientCerts(clientKey, clientCert))
+		}
+
+		realisOptions = append(realisOptions, realis.ZookeeperOptions(zkOptions...))
 	} else if schedAddr != "" {
 		realisOptions = append(realisOptions, realis.SchedulerUrl(schedAddr))
 	} else {
 		fmt.Println("Zookeeper address or Scheduler URL must be provided.")
 		os.Exit(1)
 	}
 
-
 	// Connect to Aurora Scheduler and create a client object
 	client, err = realis.NewRealisClient(realisOptions...)