Working Nomad+Consul TLS

.albatros

@@ -3,5 +3,4 @@
 set -euxo pipefail
 
 go build
-cat $SECRET_PATH
 echo "done" >&2

README.md

@@ -140,7 +140,7 @@ See this v1.0 as a MVP that will serve Deuxfleurs needs,
 nothing more. Don't have any expectation in term
 of code quality, abstraction or anything else.
 
-- [ ] Read Nomad+Consul config from environment variables
+- [X] Read Nomad+Consul config from environment variables
 - [X] Inject secrets only when the sender is trusted
 - [ ] Test PR behavior
 

main.go

@@ -338,39 +338,71 @@ var NomadClient *nomad.Client
 var ConsulClient *consul.Client
 
 type config struct {
-	AlbatrosURL string `env:"ALBATROS_URL,required"`
+	AlbatrosURL      string `env:"ALBATROS_URL,required"`
-	// @TODO get nomad config from env
+	NomadAddr        string `env:"NOMAD_ADDR"`
-	// @TODO get consul config from env
+	NomadClientCert  string `env:"NOMAD_CLIENT_CERT"`
+	NomadClientKey   string `env:"NOMAD_CLIENT_KEY"`
+	NomadCACert      string `env:"NOMAD_CACERT"`
+	ConsulAddr       string `env:"CONSUL_HTTP_ADDR"`
+	ConsulClientCert string `env:"CONSUL_CLIENT_CERT"`
+	ConsulClientKey  string `env:"CONSUL_CLIENT_KEY"`
+	ConsulCACert     string `env:"CONSUL_CACERT"`
 }
 
 var GlobalConfig config
 
-func main() {
+func initConfig() {
-	var err error
+	if err := env.Parse(&GlobalConfig); err != nil {
-
-	// init config
-	if err = env.Parse(&GlobalConfig); err != nil {
 		log.Fatal(fmt.Sprintf("unable to parse config, error: %+v\n", err))
-		return
 	}
 	log.Printf("Albatros public URL: %s\n", GlobalConfig.AlbatrosURL)
+	if GlobalConfig.NomadAddr != "" {
+		isTLS := GlobalConfig.NomadClientCert != "" && GlobalConfig.NomadClientKey != "" && GlobalConfig.NomadCACert != ""
+		log.Printf("Nomad URL: %s, TLS: %t\n", GlobalConfig.NomadAddr, isTLS)
+	} else {
+		log.Println("Use Nomad default configuration")
+	}
+	if GlobalConfig.ConsulAddr != "" {
+		isTLS := GlobalConfig.ConsulClientCert != "" && GlobalConfig.ConsulClientKey != "" && GlobalConfig.ConsulCACert != ""
+		log.Printf("Consul URL: %s, TLS: %t\n", GlobalConfig.ConsulAddr, isTLS)
+	} else {
+		log.Println("Use Consul default configuration")
+	}
+}
 
-	// init nomad
+func initNomad() {
+	var err error
 	nomadConfig := nomad.DefaultConfig()
 	nomadConfig.Namespace = "ci"
+	nomadConfig.Address = GlobalConfig.NomadAddr
+	nomadConfig.TLSConfig.CACert = GlobalConfig.NomadCACert
+	nomadConfig.TLSConfig.ClientCert = GlobalConfig.NomadClientCert
+	nomadConfig.TLSConfig.ClientKey = GlobalConfig.NomadClientKey
 	NomadClient, err = nomad.NewClient(nomadConfig)
 	if err != nil {
 		log.Fatal("Unable to connect to Nomad, check your config and setup")
-		return
 	}
+}
 
-	// init consul
+func initConsul() {
+	var err error
 	consulConfig := consul.DefaultConfig()
+	consulConfig.Address = GlobalConfig.ConsulAddr
+	consulConfig.TLSConfig.CAFile = GlobalConfig.ConsulCACert
+	consulConfig.TLSConfig.CertFile = GlobalConfig.ConsulClientCert
+	consulConfig.TLSConfig.KeyFile = GlobalConfig.ConsulClientKey
 	ConsulClient, err = consul.NewClient(consulConfig)
 	if err != nil {
 		log.Fatal("Unable to connect to Consul, check your config and setup")
 		return
 	}
+}
+
+func main() {
+	var err error
+	initConfig()
+	initNomad()
+	initConsul()
 
 	// init webserver
 	http.HandleFunc("/hook", hook)