Merge pull request #69 from nicholasjackson/f-tls-configurable

Enable TLS for API can be disabled
nicholasjackson · Sep 9, 2022 · b4c8a9c · b4c8a9c
2 parents faa9bc8 + 86ad7ef
commit b4c8a9c
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 25 deletions.
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
@@ -58,11 +58,11 @@ jobs:
       matrix:
         tags:
           - "@k8s_canary_existing"
-            #- "@k8s_canary_none"
-            #- "@k8s_canary_rollback"
-            #- "@k8s_canary_with_post_deployment_test"
-            #- "@k8s_canary_with_post_deployment_test_fail"
-            # - "@nomad_canary_existing"
+          - "@k8s_canary_none"
+          - "@k8s_canary_rollback"
+          - "@k8s_canary_with_post_deployment_test"
+          - "@k8s_canary_with_post_deployment_test_fail"
+            #- "@nomad_canary_existing"
     steps:
     - uses: actions/checkout@v2
 

diff --git a/pkg/api/server.go b/pkg/api/server.go
@@ -80,30 +80,32 @@ func New(config *ServerConfig, p interfaces.Provider, l hclog.Logger) (*Server,
 
 // Start the server and block until complete
 func (a *Server) Start() error {
-	// Create TLS listener.
-	a.logger.Info("HTTPS Listening on ", "address", a.config.TLSBindAddress, "port", a.config.TLSBindPort)
-	l, err := net.Listen("tcp4", fmt.Sprintf("%s:%d", a.config.TLSBindAddress, a.config.TLSBindPort))
-	if err != nil {
-		return fmt.Errorf("unable to create TCP listener: %s", err)
-	}
-
-	a.httpsListener = l
+	errChan := make(chan error)
 
-	a.httpsServer = &http.Server{
-		Handler:      a.router,
-		ReadTimeout:  10 * time.Second,
-		WriteTimeout: 10 * time.Second,
-	}
+	if a.config.TLSBindAddress != "" {
+		// Create TLS listener.
+		a.logger.Info("HTTPS Listening on ", "address", a.config.TLSBindAddress, "port", a.config.TLSBindPort)
+		l, err := net.Listen("tcp4", fmt.Sprintf("%s:%d", a.config.TLSBindAddress, a.config.TLSBindPort))
+		if err != nil {
+			return fmt.Errorf("unable to create TCP listener: %s", err)
+		}
 
-	errChan := make(chan error)
+		a.httpsListener = l
 
-	// start the TLS endpoint
-	go func() {
-		err := a.httpsServer.Serve(tls.NewListener(l, a.tlsConfig))
-		if err != nil && err != http.ErrServerClosed {
-			errChan <- fmt.Errorf("unable to start TLS server: %s", err)
+		a.httpsServer = &http.Server{
+			Handler:      a.router,
+			ReadTimeout:  10 * time.Second,
+			WriteTimeout: 10 * time.Second,
 		}
-	}()
+
+		// start the TLS endpoint
+		go func() {
+			err := a.httpsServer.Serve(tls.NewListener(l, a.tlsConfig))
+			if err != nil && err != http.ErrServerClosed {
+				errChan <- fmt.Errorf("unable to start TLS server: %s", err)
+			}
+		}()
+	}
 
 	// if we are listening on plain HTTP start the server
 	if a.config.HTTPBindAddress != "" {