From 6ee6f676956e5311ea22a96200563f5798c69cdc Mon Sep 17 00:00:00 2001
From: Armon Dadgar <armon.dadgar@gmail.com>
Date: Fri, 6 Feb 2015 14:10:01 -0800
Subject: [PATCH] agent: Use AtlasACLToken

---
 command/agent/http.go  | 22 +++++++++++++++++++---
 command/agent/scada.go | 12 +++++++-----
 2 files changed, 26 insertions(+), 8 deletions(-)

diff --git a/command/agent/http.go b/command/agent/http.go
index bb46787b2..85ea3c6c9 100644
--- a/command/agent/http.go
+++ b/command/agent/http.go
@@ -19,6 +19,14 @@ import (
 	"github.com/mitchellh/mapstructure"
 )
 
+var (
+	// scadaHTTPAddr is the address associated with the
+	// HTTPServer. When populating an ACL token for a request,
+	// this is checked to switch between the ACLToken and
+	// AtlasACLToken
+	scadaHTTPAddr = "SCADA"
+)
+
 // HTTPServer is used to wrap an Agent and expose various API's
 // in a RESTful manner
 type HTTPServer struct {
@@ -144,7 +152,7 @@ func NewHTTPServers(agent *Agent, config *Config, scada net.Listener, logOutput
 			listener: scada,
 			logger:   log.New(logOutput, "", log.LstdFlags),
 			uiDir:    config.UiDir,
-			addr:     "SCADA",
+			addr:     scadaHTTPAddr,
 		}
 		srv.registerHandlers(false) // Never allow debug for SCADA
 
@@ -439,9 +447,17 @@ func (s *HTTPServer) parseDC(req *http.Request, dc *string) {
 func (s *HTTPServer) parseToken(req *http.Request, token *string) {
 	if other := req.URL.Query().Get("token"); other != "" {
 		*token = other
-	} else if *token == "" {
-		*token = s.agent.config.ACLToken
+		return
 	}
+
+	// Set the AtlasACLToken if SCADA
+	if s.addr == scadaHTTPAddr && s.agent.config.AtlasACLToken != "" {
+		*token = s.agent.config.AtlasACLToken
+		return
+	}
+
+	// Set the default ACLToken
+	*token = s.agent.config.ACLToken
 }
 
 // parse is a convenience method for endpoints that need
diff --git a/command/agent/scada.go b/command/agent/scada.go
index 1805611a2..a7929a552 100644
--- a/command/agent/scada.go
+++ b/command/agent/scada.go
@@ -7,6 +7,7 @@ import (
 	"io"
 	"log"
 	"net"
+	"os"
 	"strconv"
 	"sync"
 	"time"
@@ -59,13 +60,14 @@ func NewProvider(c *Config, logOutput io.Writer) (*client.Provider, net.Listener
 	config := ProviderConfig(c)
 	config.Logger = log.New(logOutput, "", log.LstdFlags)
 
-	// TODO: REMOVE
-	config.TLSConfig = &tls.Config{
-		InsecureSkipVerify: true,
+	// SCADA_INSECURE env variable is used for testing to disable
+	// TLS certificate verification.
+	if os.Getenv("SCADA_INSECURE") != "" {
+		config.TLSConfig = &tls.Config{
+			InsecureSkipVerify: true,
+		}
 	}
 
-	// TODO: AtlasACLToken
-
 	// Create an HTTP listener and handler
 	list := newScadaListener(c.AtlasInfrastructure)
 	config.Handlers["http"] = func(capability string, meta map[string]string,