From 8e0e239e427ffba46dd78265f1747207bb74ee27 Mon Sep 17 00:00:00 2001
From: Matt Keeler <mjkeeler7@gmail.com>
Date: Thu, 31 May 2018 17:07:36 -0400
Subject: [PATCH 1/3] Allow passing in a config to the watch plan to use when
 creating the API client

This allows watches from consul agent config (rather than consul watch command) to be able to utilize HTTPs
---
 agent/agent.go         | 19 ++++++++++++++++++-
 command/watch/watch.go |  2 +-
 watch/plan.go          |  6 ++++--
 3 files changed, 23 insertions(+), 4 deletions(-)

diff --git a/agent/agent.go b/agent/agent.go
index 20f5a1ca66c9..d6b3eabe7662 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -646,14 +646,19 @@ func (a *Agent) reloadWatches(cfg *config.RuntimeConfig) error {
 
 	// Determine the primary http(s) endpoint.
 	var netaddr net.Addr
+	https := false
 	if len(cfg.HTTPAddrs) > 0 {
 		netaddr = cfg.HTTPAddrs[0]
 	} else {
 		netaddr = cfg.HTTPSAddrs[0]
+		https = true
 	}
 	addr := netaddr.String()
 	if netaddr.Network() == "unix" {
 		addr = "unix://" + addr
+		https = false
+	} else if https {
+		addr = "https://" + addr
 	}
 
 	// Fire off a goroutine for each new watch plan.
@@ -669,7 +674,19 @@ func (a *Agent) reloadWatches(cfg *config.RuntimeConfig) error {
 				wp.Handler = makeHTTPWatchHandler(a.LogOutput, httpConfig)
 			}
 			wp.LogOutput = a.LogOutput
-			if err := wp.Run(addr); err != nil {
+
+			config := api.DefaultConfig()
+			if https {
+				if a.config.CAPath != "" {
+					config.TLSConfig.CAPath = a.config.CAPath
+				}
+				if a.config.CAFile != "" {
+					config.TLSConfig.CAFile = a.config.CAFile
+				}
+				config.TLSConfig.Address = addr
+			}
+
+			if err := wp.Run(addr, config); err != nil {
 				a.logger.Printf("[ERR] agent: Failed to run watch: %v", err)
 			}
 		}(wp)
diff --git a/command/watch/watch.go b/command/watch/watch.go
index 3b8c67836b50..14e4701b8bd5 100644
--- a/command/watch/watch.go
+++ b/command/watch/watch.go
@@ -226,7 +226,7 @@ func (c *cmd) Run(args []string) int {
 	}()
 
 	// Run the watch
-	if err := wp.Run(c.http.Addr()); err != nil {
+	if err := wp.Run(c.http.Addr(), nil); err != nil {
 		c.UI.Error(fmt.Sprintf("Error querying Consul agent: %s", err))
 		return 1
 	}
diff --git a/watch/plan.go b/watch/plan.go
index 9f470018ec7f..2743518dacc3 100644
--- a/watch/plan.go
+++ b/watch/plan.go
@@ -20,10 +20,12 @@ const (
 )
 
 // Run is used to run a watch plan
-func (p *Plan) Run(address string) error {
+func (p *Plan) Run(address string, conf *consulapi.Config) error {
 	// Setup the client
 	p.address = address
-	conf := consulapi.DefaultConfig()
+	if conf == nil {
+		conf = consulapi.DefaultConfig()
+	}
 	conf.Address = address
 	conf.Datacenter = p.Datacenter
 	conf.Token = p.Token

From 53fbe2b1119d8d12938e547d7bce21d2eea30589 Mon Sep 17 00:00:00 2001
From: Matt Keeler <mjkeeler7@gmail.com>
Date: Thu, 31 May 2018 17:20:16 -0400
Subject: [PATCH 2/3] Update unit tests to reflect change to func signature

---
 agent/agent_test.go | 20 ++++++++++++++++++++
 watch/funcs_test.go | 18 +++++++++---------
 watch/plan_test.go  |  2 +-
 3 files changed, 30 insertions(+), 10 deletions(-)

diff --git a/agent/agent_test.go b/agent/agent_test.go
index b4989de662c8..58ada5561d21 100644
--- a/agent/agent_test.go
+++ b/agent/agent_test.go
@@ -2206,3 +2206,23 @@ func TestAgent_reloadWatches(t *testing.T) {
 		t.Fatalf("bad: %s", err)
 	}
 }
+
+func TestAgent_reloadWatchesHTTPS(t *testing.T) {
+	t.Parallel()
+	a := TestAgent{Name: t.Name(), UseTLS: true}
+	a.Start()
+	defer a.Shutdown()
+
+	// Normal watch with http addr set, should succeed
+	newConf := *a.config
+	newConf.Watches = []map[string]interface{}{
+		{
+			"type": "key",
+			"key":  "asdf",
+			"args": []interface{}{"ls"},
+		},
+	}
+	if err := a.reloadWatches(&newConf); err != nil {
+		t.Fatalf("bad: %s", err)
+	}
+}
diff --git a/watch/funcs_test.go b/watch/funcs_test.go
index 190ae24faa2f..35de2387aaf6 100644
--- a/watch/funcs_test.go
+++ b/watch/funcs_test.go
@@ -64,7 +64,7 @@ func TestKeyWatch(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr()); err != nil {
+		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -118,7 +118,7 @@ func TestKeyWatch_With_PrefixDelete(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr()); err != nil {
+		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -171,7 +171,7 @@ func TestKeyPrefixWatch(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr()); err != nil {
+		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -225,7 +225,7 @@ func TestServicesWatch(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr()); err != nil {
+		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -276,7 +276,7 @@ func TestNodesWatch(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr()); err != nil {
+		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -332,7 +332,7 @@ func TestServiceWatch(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr()); err != nil {
+		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -393,7 +393,7 @@ func TestChecksWatch_State(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr()); err != nil {
+		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -459,7 +459,7 @@ func TestChecksWatch_Service(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr()); err != nil {
+		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -510,7 +510,7 @@ func TestEventWatch(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr()); err != nil {
+		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
diff --git a/watch/plan_test.go b/watch/plan_test.go
index 16e4cfbc2103..c7b16fade01e 100644
--- a/watch/plan_test.go
+++ b/watch/plan_test.go
@@ -47,7 +47,7 @@ func TestRun_Stop(t *testing.T) {
 
 	errCh := make(chan error, 1)
 	go func() {
-		errCh <- plan.Run("127.0.0.1:8500")
+		errCh <- plan.Run("127.0.0.1:8500", nil)
 	}()
 
 	select {

From 1fbe828c35bd97f69ad11eadd23e403d8bda0cdb Mon Sep 17 00:00:00 2001
From: Matt Keeler <mjkeeler7@gmail.com>
Date: Thu, 31 May 2018 20:22:14 -0400
Subject: [PATCH 3/3] Add RunWithConfig and put Run signature back to normal

---
 agent/agent.go         |  2 +-
 command/watch/watch.go |  2 +-
 watch/funcs_test.go    | 18 +++++++++---------
 watch/plan.go          |  6 +++++-
 watch/plan_test.go     |  2 +-
 5 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/agent/agent.go b/agent/agent.go
index d6b3eabe7662..f11b717824c9 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -686,7 +686,7 @@ func (a *Agent) reloadWatches(cfg *config.RuntimeConfig) error {
 				config.TLSConfig.Address = addr
 			}
 
-			if err := wp.Run(addr, config); err != nil {
+			if err := wp.RunWithConfig(addr, config); err != nil {
 				a.logger.Printf("[ERR] agent: Failed to run watch: %v", err)
 			}
 		}(wp)
diff --git a/command/watch/watch.go b/command/watch/watch.go
index 14e4701b8bd5..3b8c67836b50 100644
--- a/command/watch/watch.go
+++ b/command/watch/watch.go
@@ -226,7 +226,7 @@ func (c *cmd) Run(args []string) int {
 	}()
 
 	// Run the watch
-	if err := wp.Run(c.http.Addr(), nil); err != nil {
+	if err := wp.Run(c.http.Addr()); err != nil {
 		c.UI.Error(fmt.Sprintf("Error querying Consul agent: %s", err))
 		return 1
 	}
diff --git a/watch/funcs_test.go b/watch/funcs_test.go
index 35de2387aaf6..190ae24faa2f 100644
--- a/watch/funcs_test.go
+++ b/watch/funcs_test.go
@@ -64,7 +64,7 @@ func TestKeyWatch(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
+		if err := plan.Run(a.HTTPAddr()); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -118,7 +118,7 @@ func TestKeyWatch_With_PrefixDelete(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
+		if err := plan.Run(a.HTTPAddr()); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -171,7 +171,7 @@ func TestKeyPrefixWatch(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
+		if err := plan.Run(a.HTTPAddr()); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -225,7 +225,7 @@ func TestServicesWatch(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
+		if err := plan.Run(a.HTTPAddr()); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -276,7 +276,7 @@ func TestNodesWatch(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
+		if err := plan.Run(a.HTTPAddr()); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -332,7 +332,7 @@ func TestServiceWatch(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
+		if err := plan.Run(a.HTTPAddr()); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -393,7 +393,7 @@ func TestChecksWatch_State(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
+		if err := plan.Run(a.HTTPAddr()); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -459,7 +459,7 @@ func TestChecksWatch_Service(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
+		if err := plan.Run(a.HTTPAddr()); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
@@ -510,7 +510,7 @@ func TestEventWatch(t *testing.T) {
 	wg.Add(1)
 	go func() {
 		defer wg.Done()
-		if err := plan.Run(a.HTTPAddr(), nil); err != nil {
+		if err := plan.Run(a.HTTPAddr()); err != nil {
 			t.Fatalf("err: %v", err)
 		}
 	}()
diff --git a/watch/plan.go b/watch/plan.go
index 2743518dacc3..fff9da7c7c83 100644
--- a/watch/plan.go
+++ b/watch/plan.go
@@ -19,8 +19,12 @@ const (
 	maxBackoffTime = 180 * time.Second
 )
 
+func (p *Plan) Run(address string) error {
+	return p.RunWithConfig(address, nil)
+}
+
 // Run is used to run a watch plan
-func (p *Plan) Run(address string, conf *consulapi.Config) error {
+func (p *Plan) RunWithConfig(address string, conf *consulapi.Config) error {
 	// Setup the client
 	p.address = address
 	if conf == nil {
diff --git a/watch/plan_test.go b/watch/plan_test.go
index c7b16fade01e..16e4cfbc2103 100644
--- a/watch/plan_test.go
+++ b/watch/plan_test.go
@@ -47,7 +47,7 @@ func TestRun_Stop(t *testing.T) {
 
 	errCh := make(chan error, 1)
 	go func() {
-		errCh <- plan.Run("127.0.0.1:8500", nil)
+		errCh <- plan.Run("127.0.0.1:8500")
 	}()
 
 	select {