From 1c3551b06bd53cf913b15156de7bb9d84f2498e7 Mon Sep 17 00:00:00 2001 From: Quentin Dufour Date: Thu, 16 Mar 2023 10:46:07 +0100 Subject: [PATCH] Working Nomad+Consul TLS --- .albatros | 1 - README.md | 2 +- main.go | 56 +++++++++++++++++++++++++++++++++++++++++++------------ 3 files changed, 45 insertions(+), 14 deletions(-) diff --git a/.albatros b/.albatros index 91e273e..ee444c8 100755 --- a/.albatros +++ b/.albatros @@ -3,5 +3,4 @@ set -euxo pipefail go build -cat $SECRET_PATH echo "done" >&2 diff --git a/README.md b/README.md index 7f818ae..e2b545d 100644 --- a/README.md +++ b/README.md @@ -140,7 +140,7 @@ See this v1.0 as a MVP that will serve Deuxfleurs needs, nothing more. Don't have any expectation in term of code quality, abstraction or anything else. -- [ ] Read Nomad+Consul config from environment variables +- [X] Read Nomad+Consul config from environment variables - [X] Inject secrets only when the sender is trusted - [ ] Test PR behavior diff --git a/main.go b/main.go index b0d49f7..6450a18 100644 --- a/main.go +++ b/main.go @@ -338,39 +338,71 @@ var NomadClient *nomad.Client var ConsulClient *consul.Client type config struct { - AlbatrosURL string `env:"ALBATROS_URL,required"` - // @TODO get nomad config from env - // @TODO get consul config from env + AlbatrosURL string `env:"ALBATROS_URL,required"` + NomadAddr string `env:"NOMAD_ADDR"` + NomadClientCert string `env:"NOMAD_CLIENT_CERT"` + NomadClientKey string `env:"NOMAD_CLIENT_KEY"` + NomadCACert string `env:"NOMAD_CACERT"` + ConsulAddr string `env:"CONSUL_HTTP_ADDR"` + ConsulClientCert string `env:"CONSUL_CLIENT_CERT"` + ConsulClientKey string `env:"CONSUL_CLIENT_KEY"` + ConsulCACert string `env:"CONSUL_CACERT"` } var GlobalConfig config -func main() { - var err error - - // init config - if err = env.Parse(&GlobalConfig); err != nil { +func initConfig() { + if err := env.Parse(&GlobalConfig); err != nil { log.Fatal(fmt.Sprintf("unable to parse config, error: %+v\n", err)) - return } log.Printf("Albatros public URL: %s\n", GlobalConfig.AlbatrosURL) + if GlobalConfig.NomadAddr != "" { + isTLS := GlobalConfig.NomadClientCert != "" && GlobalConfig.NomadClientKey != "" && GlobalConfig.NomadCACert != "" + log.Printf("Nomad URL: %s, TLS: %t\n", GlobalConfig.NomadAddr, isTLS) + } else { + log.Println("Use Nomad default configuration") + } + if GlobalConfig.ConsulAddr != "" { + isTLS := GlobalConfig.ConsulClientCert != "" && GlobalConfig.ConsulClientKey != "" && GlobalConfig.ConsulCACert != "" + log.Printf("Consul URL: %s, TLS: %t\n", GlobalConfig.ConsulAddr, isTLS) + } else { + log.Println("Use Consul default configuration") + } +} - // init nomad +func initNomad() { + var err error nomadConfig := nomad.DefaultConfig() nomadConfig.Namespace = "ci" + nomadConfig.Address = GlobalConfig.NomadAddr + nomadConfig.TLSConfig.CACert = GlobalConfig.NomadCACert + nomadConfig.TLSConfig.ClientCert = GlobalConfig.NomadClientCert + nomadConfig.TLSConfig.ClientKey = GlobalConfig.NomadClientKey NomadClient, err = nomad.NewClient(nomadConfig) if err != nil { log.Fatal("Unable to connect to Nomad, check your config and setup") - return } +} - // init consul +func initConsul() { + var err error consulConfig := consul.DefaultConfig() + consulConfig.Address = GlobalConfig.ConsulAddr + consulConfig.TLSConfig.CAFile = GlobalConfig.ConsulCACert + consulConfig.TLSConfig.CertFile = GlobalConfig.ConsulClientCert + consulConfig.TLSConfig.KeyFile = GlobalConfig.ConsulClientKey ConsulClient, err = consul.NewClient(consulConfig) if err != nil { log.Fatal("Unable to connect to Consul, check your config and setup") return } +} + +func main() { + var err error + initConfig() + initNomad() + initConsul() // init webserver http.HandleFunc("/hook", hook)