Skip to content

Commit

Permalink
Merge pull request #2793 from hashicorp/b-2776-ct-vault-servername
Browse files Browse the repository at this point in the history
Propagate vault.tls_server_name to consul-template
  • Loading branch information
schmichael committed Jul 7, 2017
2 parents 7536f7e + e5c03ac commit 0ce0973
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 12 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,8 @@ BUG FIXES:
* client/artifact: Handle tars where file in directory is listed before
directory [GH-2524]
* client/config: Use `cpu_total_compute` whenever it is set [GH-2745]
* client/config: Respect `vault.tls_server_name` setting in consul-template
[GH-2793]
* driver/exec: Properly set file/dir ownership in chroots [GH-2552]
* driver/docker: Fix panic in Docker driver on Windows [GH-2614]
* driver/rkt: Fix env var interpolation [GH-2777]
Expand Down
26 changes: 14 additions & 12 deletions client/consul_template.go
Original file line number Diff line number Diff line change
Expand Up @@ -485,21 +485,23 @@ func runnerConfig(config *config.Config, vaultToken string) (*ctconf.Config, err
skipVerify := config.VaultConfig.TLSSkipVerify != nil && *config.VaultConfig.TLSSkipVerify
verify := !skipVerify
conf.Vault.SSL = &ctconf.SSLConfig{
Enabled: &t,
Verify: &verify,
Cert: &config.VaultConfig.TLSCertFile,
Key: &config.VaultConfig.TLSKeyFile,
CaCert: &config.VaultConfig.TLSCaFile,
CaPath: &config.VaultConfig.TLSCaPath,
Enabled: &t,
Verify: &verify,
Cert: &config.VaultConfig.TLSCertFile,
Key: &config.VaultConfig.TLSKeyFile,
CaCert: &config.VaultConfig.TLSCaFile,
CaPath: &config.VaultConfig.TLSCaPath,
ServerName: &config.VaultConfig.TLSServerName,
}
} else {
conf.Vault.SSL = &ctconf.SSLConfig{
Enabled: &f,
Verify: &f,
Cert: &emptyStr,
Key: &emptyStr,
CaCert: &emptyStr,
CaPath: &emptyStr,
Enabled: &f,
Verify: &f,
Cert: &emptyStr,
Key: &emptyStr,
CaCert: &emptyStr,
CaPath: &emptyStr,
ServerName: &emptyStr,
}
}
}
Expand Down
20 changes: 20 additions & 0 deletions client/consul_template_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (
ctestutil "github.com/hashicorp/consul/testutil"
"github.com/hashicorp/nomad/client/config"
"github.com/hashicorp/nomad/client/driver/env"
"github.com/hashicorp/nomad/helper"
"github.com/hashicorp/nomad/nomad/mock"
"github.com/hashicorp/nomad/nomad/structs"
sconfig "github.com/hashicorp/nomad/nomad/structs/config"
Expand Down Expand Up @@ -1033,3 +1034,22 @@ func TestTaskTemplateManager_Env_Multi(t *testing.T) {
t.Errorf("expected FOO=bar but found %q", vars["yup"])
}
}

// TestTaskTemplateManager_Config_ServerName asserts the tls_server_name
// setting is propogated to consul-template's configuration. See #2776
func TestTaskTemplateManager_Config_ServerName(t *testing.T) {
c := config.DefaultConfig()
c.VaultConfig = &sconfig.VaultConfig{
Enabled: helper.BoolToPtr(true),
Addr: "https://localhost/",
TLSServerName: "notlocalhost",
}
ctconf, err := runnerConfig(c, "token")
if err != nil {
t.Fatalf("unexpected error: %v", err)
}

if *ctconf.Vault.SSL.ServerName != c.VaultConfig.TLSServerName {
t.Fatalf("expected %q but found %q", c.VaultConfig.TLSServerName, *ctconf.Vault.SSL.ServerName)
}
}

0 comments on commit 0ce0973

Please sign in to comment.