From 0e86fb6bb991084284968b2ce285372561658a14 Mon Sep 17 00:00:00 2001 From: Roger Peppe Date: Thu, 6 Oct 2016 08:51:29 +0100 Subject: [PATCH] cmd/juju/commands: default to port 443 when autocert configured --- cmd/juju/commands/bootstrap.go | 11 ++++++---- cmd/juju/commands/bootstrap_test.go | 32 ++++++++++++++--------------- 2 files changed, 22 insertions(+), 21 deletions(-) diff --git a/cmd/juju/commands/bootstrap.go b/cmd/juju/commands/bootstrap.go index 682e7a8caa2..d36450e320a 100644 --- a/cmd/juju/commands/bootstrap.go +++ b/cmd/juju/commands/bootstrap.go @@ -136,7 +136,6 @@ type bootstrapCommand struct { AutoUpgrade bool AgentVersionParam string AgentVersion *version.Number - ForceAPIPort bool config common.ConfigFlag modelDefaults common.ConfigFlag @@ -173,7 +172,6 @@ func (c *bootstrapCommand) SetFlags(f *gnuflag.FlagSet) { f.StringVar(&c.Placement, "to", "", "Placement directive indicating an instance to bootstrap") f.BoolVar(&c.KeepBrokenEnvironment, "keep-broken", false, "Do not destroy the model if bootstrap fails") f.BoolVar(&c.AutoUpgrade, "auto-upgrade", false, "Upgrade to the latest patch release tools on first bootstrap") - f.BoolVar(&c.ForceAPIPort, "force-api-port", false, "Allow use of non-standard HTTPS port when official DNS name specified") f.StringVar(&c.AgentVersionParam, "agent-version", "", "Version of tools to use for Juju agents") f.StringVar(&c.CredentialName, "credential", "", "Credentials to use when bootstrapping") f.Var(&c.config, "config", "Specify a controller configuration file, or one or more configuration\n options\n (--config config.yaml [--config key=value ...])") @@ -585,8 +583,13 @@ func (c *bootstrapCommand) Run(ctx *cmd.Context) (resultErr error) { if err != nil { return errors.Annotate(err, "constructing controller config") } - if controllerConfig.AutocertDNSName() != "" && controllerConfig.APIPort() != 443 && !c.ForceAPIPort { - return errors.Errorf(`autocert-dns-name is set but it's not usually possible to obtain official certificates without api-port=443 config; use --force-api-port to override this if you plan on using a port forwarder`) + if controllerConfig.AutocertDNSName() != "" { + if _, ok := controllerConfigAttrs[controller.APIPort]; !ok { + // The configuration did not explicitly mention the API port, + // so default to 443 because it is not usually possible to + // obtain autocert certificates without listening on port 443. + controllerConfig[controller.APIPort] = 443 + } } if err := common.FinalizeAuthorizedKeys(ctx, modelConfigAttrs); err != nil { diff --git a/cmd/juju/commands/bootstrap_test.go b/cmd/juju/commands/bootstrap_test.go index 6150d4ac7b2..14b6a5d6209 100644 --- a/cmd/juju/commands/bootstrap_test.go +++ b/cmd/juju/commands/bootstrap_test.go @@ -1287,33 +1287,31 @@ func (s *BootstrapSuite) TestBootstrapConfigFileAndAdHoc(c *gc.C) { c.Assert(err, jc.ErrorIsNil) } -func (s *BootstrapSuite) TestBootstrapAutocertDNSNameBadPort(c *gc.C) { +func (s *BootstrapSuite) TestBootstrapAutocertDNSNameDefaultPort(c *gc.C) { s.patchVersionAndSeries(c, "raring") - _, err := coretesting.RunCommand( - c, s.newBootstrapCommand(), "ctrl", "dummy", - "--config", "autocert-dns-name=foo.example", - ) - c.Assert(err, gc.ErrorMatches, `autocert-dns-name is set but it's not usually possible to obtain official certificates without api-port=443 config; use --force-api-port to override this if you plan on using a port forwarder`) -} - -func (s *BootstrapSuite) TestBootstrapAutocertDNSNameOKPort(c *gc.C) { - s.patchVersionAndSeries(c, "raring") - _, err := coretesting.RunCommand( + var bootstrap fakeBootstrapFuncs + s.PatchValue(&getBootstrapFuncs, func() BootstrapInterface { + return &bootstrap + }) + coretesting.RunCommand( c, s.newBootstrapCommand(), "ctrl", "dummy", "--config", "autocert-dns-name=foo.example", - "--config", "api-port=443", ) - c.Assert(err, jc.ErrorIsNil) + c.Assert(bootstrap.args.ControllerConfig.APIPort(), gc.Equals, 443) } -func (s *BootstrapSuite) TestBootstrapAutocertDNSNameForceAPIPort(c *gc.C) { +func (s *BootstrapSuite) TestBootstrapAutocertDNSNameExplicitAPIPort(c *gc.C) { s.patchVersionAndSeries(c, "raring") - _, err := coretesting.RunCommand( + var bootstrap fakeBootstrapFuncs + s.PatchValue(&getBootstrapFuncs, func() BootstrapInterface { + return &bootstrap + }) + coretesting.RunCommand( c, s.newBootstrapCommand(), "ctrl", "dummy", "--config", "autocert-dns-name=foo.example", - "--force-api-port", + "--config", "api-port=12345", ) - c.Assert(err, jc.ErrorIsNil) + c.Assert(bootstrap.args.ControllerConfig.APIPort(), gc.Equals, 12345) } func (s *BootstrapSuite) TestBootstrapCloudConfigAndAdHoc(c *gc.C) {