From fc2f97ca89a232847b42b112532108b9779541fe Mon Sep 17 00:00:00 2001 From: Colin Moller Date: Wed, 3 Jun 2015 17:09:02 -0700 Subject: [PATCH] Add a boolean flag to http remote that disables cert validity checking (for e.g. self-signed certs) --- state/remote/http.go | 48 ++++++++++++++++++++++++++++++++++++++------ 1 file changed, 42 insertions(+), 6 deletions(-) diff --git a/state/remote/http.go b/state/remote/http.go index 8b410fb3d..a5233c04a 100644 --- a/state/remote/http.go +++ b/state/remote/http.go @@ -8,6 +8,8 @@ import ( "io" "net/http" "net/url" + "crypto/tls" + "strconv" ) func httpFactory(conf map[string]string) (Client, error) { @@ -24,18 +26,41 @@ func httpFactory(conf map[string]string) (Client, error) { return nil, fmt.Errorf("address must be HTTP or HTTPS") } + skip_cert_verification := false + skip_cert_config_string, ok := conf["skip_cert_verification"] + if !ok { + // config wasn't specified + // use the default - check cert validity + } else { + skip_cert_verification, err = strconv.ParseBool(skip_cert_config_string) + if err != nil { + return nil, fmt.Errorf("skip_cert_verification must be boolean (true/false)") + } + // skip_cert_verification should now be set to true or false + } + return &HTTPClient{ URL: url, + skipCertVerify: skip_cert_verification, }, nil } -// HTTPClient is a remote client that stores data in Consul. +// HTTPClient is a remote client that stores data in Consul or HTTP REST. type HTTPClient struct { URL *url.URL + skipCertVerify bool } func (c *HTTPClient) Get() (*Payload, error) { - resp, err := http.Get(c.URL.String()) + + // Build the HTTP client + tr := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: c.skipCertVerify}, + } + + client := &http.Client{Transport: tr} + + resp, err := client.Get(c.URL.String()) if err != nil { return nil, err } @@ -110,7 +135,13 @@ func (c *HTTPClient) Put(data []byte) error { } */ - // Make the HTTP client and request + // Build the HTTP client and request + tr := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: c.skipCertVerify}, + } + + client := &http.Client{Transport: tr} + req, err := http.NewRequest("POST", base.String(), bytes.NewReader(data)) if err != nil { return fmt.Errorf("Failed to make HTTP request: %s", err) @@ -122,7 +153,7 @@ func (c *HTTPClient) Put(data []byte) error { req.ContentLength = int64(len(data)) // Make the request - resp, err := http.DefaultClient.Do(req) + resp, err := client.Do(req) if err != nil { return fmt.Errorf("Failed to upload state: %v", err) } @@ -138,14 +169,19 @@ func (c *HTTPClient) Put(data []byte) error { } func (c *HTTPClient) Delete() error { - // Make the HTTP request + // Build the HTTP request + tr := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: c.skipCertVerify}, + } + + client := &http.Client{Transport: tr} req, err := http.NewRequest("DELETE", c.URL.String(), nil) if err != nil { return fmt.Errorf("Failed to make HTTP request: %s", err) } // Make the request - resp, err := http.DefaultClient.Do(req) + resp, err := client.Do(req) if err != nil { return fmt.Errorf("Failed to delete state: %s", err) }