Pass around an API Config object and convert to env vars for the managed proxy

This commit is contained in:
Matt Keeler 2018-07-10 12:13:51 -04:00
parent cb4efd5737
commit 358e6c8f6a
4 changed files with 94 additions and 0 deletions

View File

@ -380,6 +380,13 @@ func (a *Agent) Start() error {
a.logger.Printf("[WARN] agent: error restoring proxy state: %s", err)
}
}
acfg, err := a.config.APIConfig(true)
if err != nil {
return err
}
a.proxyManager.APIConfig = acfg
go a.proxyManager.Run()
}

View File

@ -9,6 +9,7 @@ import (
"time"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/consul/lib"
"github.com/hashicorp/consul/tlsutil"
"github.com/hashicorp/consul/types"
@ -1187,6 +1188,64 @@ func (c *RuntimeConfig) IncomingHTTPSConfig() (*tls.Config, error) {
return tc.IncomingTLSConfig()
}
func (c *RuntimeConfig) apiAddresses(maxPerType int) (unixAddrs, httpAddrs, httpsAddrs []string) {
if len(c.HTTPSAddrs) > 0 {
for i, addr := range c.HTTPSAddrs {
if i < maxPerType {
httpsAddrs = append(httpsAddrs, addr.String())
} else {
break
}
}
}
if len(c.HTTPAddrs) > 0 {
unix_count := 0
http_count := 0
for _, addr := range c.HTTPAddrs {
net := addr.Network()
if net == "unix" && unix_count < maxPerType {
unixAddrs = append(unixAddrs, addr.String())
unix_count += 1
} else if net != "unix" && http_count < maxPerType {
httpAddrs = append(httpAddrs, addr.String())
http_count += 1
}
}
}
return
}
func (c *RuntimeConfig) APIConfig(includeClientCerts bool) (*api.Config, error) {
cfg := &api.Config{
Datacenter: c.Datacenter,
TLSConfig: api.TLSConfig{InsecureSkipVerify: true},
}
unixAddrs, httpAddrs, httpsAddrs := c.apiAddresses(1)
if len(httpsAddrs) > 0 {
cfg.Address = httpsAddrs[0]
cfg.Scheme = "https"
cfg.TLSConfig.CAFile = c.CAFile
cfg.TLSConfig.CAPath = c.CAPath
if includeClientCerts {
cfg.TLSConfig.CertFile = c.CertFile
cfg.TLSConfig.KeyFile = c.KeyFile
}
} else if len(httpAddrs) > 0 {
cfg.Address = httpAddrs[0]
cfg.Scheme = "http"
} else if len(unixAddrs) > 0 {
cfg.Address = "unix://" + unixAddrs[0]
cfg.Scheme = "http"
} else {
return nil, fmt.Errorf("No suitable client address can be found")
}
return cfg, nil
}
// Sanitized returns a JSON/HCL compatible representation of the runtime
// configuration where all fields with potential secrets had their
// values replaced by 'hidden'. In addition, network addresses and

View File

@ -11,6 +11,7 @@ import (
"github.com/hashicorp/consul/agent/local"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/go-multierror"
)
@ -69,6 +70,9 @@ type Manager struct {
//
DataDir string
// Configuration information to tell the proxy how to talk to us
APIConfig *api.Config
// SnapshotPeriod is the duration between snapshots. This can be set
// relatively low to ensure accuracy, because if the new snapshot matches
// the last snapshot taken, no file will be written. Therefore, setting
@ -435,6 +439,9 @@ func (m *Manager) newProxy(mp *local.ManagedProxy) (Proxy, error) {
// Pass in the environmental variables for the proxy process
cmd.Env = os.Environ()
if m.APIConfig != nil {
cmd.Env = append(cmd.Env, m.APIConfig.GenerateEnv()...)
}
// Build the daemon structure
proxy.Command = &cmd

View File

@ -405,6 +405,27 @@ func SetupTLSConfig(tlsConfig *TLSConfig) (*tls.Config, error) {
return tlsClientConfig, nil
}
func (c *Config) GenerateEnv() []string {
env := make([]string, 10)
env[0] = fmt.Sprintf("%s=%s", HTTPAddrEnvName, c.Address)
env[1] = fmt.Sprintf("%s=%s", HTTPTokenEnvName, c.Token)
if c.HttpAuth != nil {
env[2] = fmt.Sprintf("%s=%s:%s", HTTPAuthEnvName, c.HttpAuth.Username, c.HttpAuth.Password)
} else {
env[2] = fmt.Sprintf("%s=", HTTPAuthEnvName)
}
env[3] = fmt.Sprintf("%s=%t", HTTPSSLEnvName, c.Scheme == "https")
env[4] = fmt.Sprintf("%s=%s", HTTPCAFile, c.TLSConfig.CAFile)
env[5] = fmt.Sprintf("%s=%s", HTTPCAPath, c.TLSConfig.CAPath)
env[6] = fmt.Sprintf("%s=%s", HTTPClientCert, c.TLSConfig.CertFile)
env[7] = fmt.Sprintf("%s=%s", HTTPClientKey, c.TLSConfig.KeyFile)
env[8] = fmt.Sprintf("%s=%s", HTTPTLSServerName, c.TLSConfig.Address)
env[9] = fmt.Sprintf("%s=%t", HTTPSSLVerifyEnvName, !c.TLSConfig.InsecureSkipVerify)
return env
}
// Client provides a client to the Consul API
type Client struct {
config Config