Override TLS flags individually for meta commands

hashicorp · Nov 30, 2021 · 1ac9424 · 1ac9424
1 parent 16b2428
commit 1ac9424
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 14 deletions.
diff --git a/GNUmakefile b/GNUmakefile
@@ -7,6 +7,8 @@ GIT_COMMIT := $(shell git rev-parse HEAD)
 GIT_DIRTY := $(if $(shell git status --porcelain),+CHANGES)
 
 GO_LDFLAGS := "-X github.com/hashicorp/nomad/version.GitCommit=$(GIT_COMMIT)$(GIT_DIRTY)"
+CGO_ENABLED = 1
+CGO_CFLAGS ?=
 
 GO_TAGS ?=
 
@@ -78,6 +80,7 @@ ifeq (,$(findstring $(THIS_OS),$(SUPPORTED_OSES)))
 endif
 	@echo "==> Building $@ with tags $(GO_TAGS)..."
 	@CGO_ENABLED=$(CGO_ENABLED) \
+		CGO_CFLAGS=$(CGO_CFLAGS) \
 		GOOS=$(firstword $(subst _, ,$*)) \
 		GOARCH=$(lastword $(subst _, ,$*)) \
 		CC=$(CC) \
@@ -95,6 +98,8 @@ ifeq (Darwin,$(THIS_OS))
 pkg/linux_%/nomad: CGO_ENABLED = 0
 endif
 
+pkg/darwin_%/nomad: CGO_CFLAGS=-Wno-undef-prefix
+
 pkg/windows_%/nomad: GO_OUT = $@.exe
 
 # Define package targets for each of the build targets we actually have on this system

diff --git a/command/meta.go b/command/meta.go
@@ -5,12 +5,13 @@ import (
 	"os"
 	"strings"
 
+	"golang.org/x/crypto/ssh/terminal"
+
 	"github.com/hashicorp/nomad/api"
 	colorable "github.com/mattn/go-colorable"
 	"github.com/mitchellh/cli"
 	"github.com/mitchellh/colorstring"
 	"github.com/posener/complete"
-	"golang.org/x/crypto/ssh/terminal"
 )
 
 const (
@@ -121,6 +122,7 @@ type ApiClientFactory func() (*api.Client, error)
 // the default command line arguments and env vars.
 func (m *Meta) clientConfig() *api.Config {
 	config := api.DefaultConfig()
+
 	if m.flagAddress != "" {
 		config.Address = m.flagAddress
 	}
@@ -131,23 +133,36 @@ func (m *Meta) clientConfig() *api.Config {
 		config.Namespace = m.namespace
 	}
 
-	// If we need custom TLS configuration, then set it
-	if m.caCert != "" || m.caPath != "" || m.clientCert != "" || m.clientKey != "" || m.tlsServerName != "" || m.insecure {
-		t := &api.TLSConfig{
-			CACert:        m.caCert,
-			CAPath:        m.caPath,
-			ClientCert:    m.clientCert,
-			ClientKey:     m.clientKey,
-			TLSServerName: m.tlsServerName,
-			Insecure:      m.insecure,
-		}
-		config.TLSConfig = t
-	}
-
 	if m.token != "" {
 		config.SecretID = m.token
 	}
 
+	// If the user has passed custom TLS configuration, override with that.
+	// Refactored to address issue #11539
+	if m.caCert != "" {
+		config.TLSConfig.CACert = m.caCert
+	}
+
+	if m.caPath != "" {
+		config.TLSConfig.CAPath = m.caPath
+	}
+
+	if m.clientCert != "" {
+		config.TLSConfig.ClientCert = m.clientCert
+	}
+
+	if m.clientKey != "" {
+		config.TLSConfig.ClientKey = m.clientKey
+	}
+
+	if m.tlsServerName != "" {
+		config.TLSConfig.TLSServerName = m.tlsServerName
+	}
+
+	if m.insecure {
+		config.TLSConfig.Insecure = m.insecure
+	}
+
 	return config
 }