Add config option to enable (m)TLS between Poseidon and Nomad

This commit is contained in:
Jan-Eric Hellenberg
2021-07-27 13:45:46 +02:00
committed by Jan-Eric Hellenberg
parent e2d71a11ad
commit 6a60b6cd89
14 changed files with 134 additions and 98 deletions

View File

@ -19,19 +19,26 @@ import (
var (
Config = &configuration{
Server: server{
Address: "127.0.0.1",
Port: 7200,
Token: "",
TLS: false,
CertFile: "",
KeyFile: "",
Address: "127.0.0.1",
Port: 7200,
Token: "",
TLS: TLS{
Active: false,
CertFile: "",
KeyFile: "",
},
InteractiveStderr: true,
},
Nomad: nomad{
Address: "127.0.0.1",
Port: 4646,
Token: "",
TLS: false,
Nomad: Nomad{
Address: "127.0.0.1",
Port: 4646,
Token: "",
TLS: TLS{
Active: false,
CAFile: "",
CertFile: "",
KeyFile: "",
},
Namespace: "default",
},
Logger: logger{
@ -54,21 +61,37 @@ type server struct {
Address string
Port int
Token string
TLS bool
CertFile string
KeyFile string
TLS TLS
InteractiveStderr bool
}
// nomad configures the used Nomad cluster.
type nomad struct {
// URL returns the URL of the Poseidon webserver.
func (s *server) URL() *url.URL {
return parseURL(s.Address, s.Port, s.TLS.Active)
}
// Nomad configures the used Nomad cluster.
type Nomad struct {
Address string
Port int
Token string
TLS bool
TLS TLS
Namespace string
}
// URL returns the URL for the configured Nomad cluster.
func (n *Nomad) URL() *url.URL {
return parseURL(n.Address, n.Port, n.TLS.Active)
}
// TLS configures TLS on a connection.
type TLS struct {
Active bool
CAFile string
CertFile string
KeyFile string
}
// logger configures the used logger.
type logger struct {
Level string
@ -77,7 +100,7 @@ type logger struct {
// configuration contains the complete configuration of Poseidon.
type configuration struct {
Server server
Nomad nomad
Nomad Nomad
Logger logger
}
@ -96,16 +119,6 @@ func InitConfig() error {
return nil
}
// NomadAPIURL returns the URL for the configured Nomad cluster.
func (c *configuration) NomadAPIURL() *url.URL {
return parseURL(Config.Nomad.Address, Config.Nomad.Port, Config.Nomad.TLS)
}
// PoseidonAPIURL returns the URL of the Poseidon webserver.
func (c *configuration) PoseidonAPIURL() *url.URL {
return parseURL(Config.Server.Address, Config.Server.Port, false)
}
func parseURL(address string, port int, tlsEnabled bool) *url.URL {
scheme := "http"
if tlsEnabled {

View File

@ -13,9 +13,9 @@ import (
)
var (
getServerPort = func(c *configuration) interface{} { return c.Server.Port }
getNomadToken = func(c *configuration) interface{} { return c.Nomad.Token }
getNomadTLS = func(c *configuration) interface{} { return c.Nomad.TLS }
getServerPort = func(c *configuration) interface{} { return c.Server.Port }
getNomadToken = func(c *configuration) interface{} { return c.Nomad.Token }
getNomadTLSActive = func(c *configuration) interface{} { return c.Nomad.TLS.Active }
)
func newTestConfiguration() *configuration {
@ -24,11 +24,13 @@ func newTestConfiguration() *configuration {
Address: "127.0.0.1",
Port: 3000,
},
Nomad: nomad{
Nomad: Nomad{
Address: "127.0.0.2",
Port: 4646,
Token: "SECRET",
TLS: false,
TLS: TLS{
Active: false,
},
},
Logger: logger{
Level: "INFO",
@ -87,8 +89,8 @@ func TestReadEnvironmentVariables(t *testing.T) {
{"SERVER_PORT", "4000", 4000, getServerPort},
{"SERVER_PORT", "hello", 3000, getServerPort},
{"NOMAD_TOKEN", "ACCESS", "ACCESS", getNomadToken},
{"NOMAD_TLS", "true", true, getNomadTLS},
{"NOMAD_TLS", "hello", false, getNomadTLS},
{"NOMAD_TLS_ACTIVE", "true", true, getNomadTLSActive},
{"NOMAD_TLS_ACTIVE", "hello", false, getNomadTLSActive},
}
prefix := "POSEIDON_TEST"
for _, testCase := range environmentTests {
@ -131,8 +133,8 @@ func TestReadYamlConfigFile(t *testing.T) {
}{
{[]byte("server:\n port: 5000\n"), 5000, getServerPort},
{[]byte("nomad:\n token: ACCESS\n"), "ACCESS", getNomadToken},
{[]byte("nomad:\n tls: true\n"), true, getNomadTLS},
{[]byte(""), false, getNomadTLS},
{[]byte("nomad:\n tls:\n active: true\n"), true, getNomadTLSActive},
{[]byte(""), false, getNomadTLSActive},
{[]byte("nomad:\n token:\n"), "SECRET", getNomadToken},
}
for _, testCase := range yamlTests {
@ -197,12 +199,12 @@ func TestURLParsing(t *testing.T) {
func TestNomadAPIURL(t *testing.T) {
config := newTestConfiguration()
assert.Equal(t, "http", config.NomadAPIURL().Scheme)
assert.Equal(t, "127.0.0.2:4646", config.NomadAPIURL().Host)
assert.Equal(t, "http", config.Nomad.URL().Scheme)
assert.Equal(t, "127.0.0.2:4646", config.Nomad.URL().Host)
}
func TestPoseidonAPIURL(t *testing.T) {
config := newTestConfiguration()
assert.Equal(t, "http", config.PoseidonAPIURL().Scheme)
assert.Equal(t, "127.0.0.1:3000", config.PoseidonAPIURL().Host)
assert.Equal(t, "http", config.Server.URL().Scheme)
assert.Equal(t, "127.0.0.1:3000", config.Server.URL().Host)
}