Skip to content

Commit 4ac6dda

Browse files
phinzephinze
committed
state/remote/atlas: Use go-rootcerts for certificate loading
Allows CA certs to be configured via `ATLAS_CAFILE` and `ATLAS_CAPATH` env vars, and works around golang/go#14514 on OS X.
1 parent 1690a65 commit 4ac6dda

File tree

1 file changed

+30
-6
lines changed

1 file changed

+30
-6
lines changed

state/remote/atlas.go

+30-6
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ package remote
33
import (
44
"bytes"
55
"crypto/md5"
6+
"crypto/tls"
67
"encoding/base64"
78
"fmt"
89
"io"
@@ -13,7 +14,9 @@ import (
1314
"path"
1415
"strings"
1516

17+
"github.com/hashicorp/go-cleanhttp"
1618
"github.com/hashicorp/go-retryablehttp"
19+
"github.com/hashicorp/go-rootcerts"
1720
"github.com/hashicorp/terraform/terraform"
1821
)
1922

@@ -90,7 +93,10 @@ func (c *AtlasClient) Get() (*Payload, error) {
9093
}
9194

9295
// Request the url
93-
client := c.http()
96+
client, err := c.http()
97+
if err != nil {
98+
return nil, err
99+
}
94100
resp, err := client.Do(req)
95101
if err != nil {
96102
return nil, err
@@ -169,7 +175,10 @@ func (c *AtlasClient) Put(state []byte) error {
169175
req.ContentLength = int64(len(state))
170176

171177
// Make the request
172-
client := c.http()
178+
client, err := c.http()
179+
if err != nil {
180+
return err
181+
}
173182
resp, err := client.Do(req)
174183
if err != nil {
175184
return fmt.Errorf("Failed to upload state: %v", err)
@@ -197,7 +206,10 @@ func (c *AtlasClient) Delete() error {
197206
}
198207

199208
// Make the request
200-
client := c.http()
209+
client, err := c.http()
210+
if err != nil {
211+
return err
212+
}
201213
resp, err := client.Do(req)
202214
if err != nil {
203215
return fmt.Errorf("Failed to delete state: %v", err)
@@ -247,11 +259,23 @@ func (c *AtlasClient) url() *url.URL {
247259
}
248260
}
249261

250-
func (c *AtlasClient) http() *retryablehttp.Client {
262+
func (c *AtlasClient) http() (*retryablehttp.Client, error) {
251263
if c.HTTPClient != nil {
252-
return c.HTTPClient
264+
return c.HTTPClient, nil
265+
}
266+
tlsConfig := &tls.Config{}
267+
err := rootcerts.ConfigureTLS(tlsConfig, &rootcerts.Config{
268+
CAFile: os.Getenv("ATLAS_CAFILE"),
269+
CAPath: os.Getenv("ATLAS_CAPATH"),
270+
})
271+
if err != nil {
272+
return nil, err
253273
}
254-
return retryablehttp.NewClient()
274+
rc := retryablehttp.NewClient()
275+
t := cleanhttp.DefaultTransport()
276+
t.TLSClientConfig = tlsConfig
277+
rc.HTTPClient.Transport = t
278+
return rc, nil
255279
}
256280

257281
// Atlas returns an HTTP 409 - Conflict if the pushed state reports the same

0 commit comments

Comments
 (0)