// Client() returns a new client for accessing consul.
//
func (c *Config) Client() (*consulapi.Client, error) {
config := consulapi.DefaultConfig()
if c.Datacenter != "" {
config.Datacenter = c.Datacenter
}
if c.Address != "" {
config.Address = c.Address
}
if c.Scheme != "" {
config.Scheme = c.Scheme
}
tlsConfig := &consulapi.TLSConfig{}
tlsConfig.CAFile = c.CAFile
tlsConfig.CertFile = c.CertFile
tlsConfig.KeyFile = c.KeyFile
cc, err := consulapi.SetupTLSConfig(tlsConfig)
if err != nil {
return nil, err
}
config.HttpClient.Transport.(*http.Transport).TLSClientConfig = cc
if c.Token != "" {
config.Token = c.Token
}
client, err := consulapi.NewClient(config)
log.Printf("[INFO] Consul Client configured with address: '%s', scheme: '%s', datacenter: '%s'",
config.Address, config.Scheme, config.Datacenter)
if err != nil {
return nil, err
}
return client, nil
}
func (f *Factory) New(uri *url.URL) bridge.RegistryAdapter {
config := consulapi.DefaultConfig()
if uri.Scheme == "consul-unix" {
config.Address = strings.TrimPrefix(uri.String(), "consul-")
} else if uri.Scheme == "consul-tls" {
tlsConfigDesc := &consulapi.TLSConfig{
Address: uri.Host,
CAFile: os.Getenv("CONSUL_CACERT"),
CertFile: os.Getenv("CONSUL_TLSCERT"),
KeyFile: os.Getenv("CONSUL_TLSKEY"),
InsecureSkipVerify: false,
}
tlsConfig, err := consulapi.SetupTLSConfig(tlsConfigDesc)
if err != nil {
log.Fatal("Cannot set up Consul TLSConfig", err)
}
config.Scheme = "https"
transport := cleanhttp.DefaultPooledTransport()
transport.TLSClientConfig = tlsConfig
config.HttpClient.Transport = transport
config.Address = uri.Host
} else if uri.Host != "" {
config.Address = uri.Host
}
client, err := consulapi.NewClient(config)
if err != nil {
log.Fatal("consul: ", uri.Scheme)
}
return &ConsulAdapter{client: client}
}
// ApiConfig() returns a usable Consul config that can be passed directly to
// hashicorp/consul/api. NOTE: datacenter is not set
func (c *ConsulConfig) ApiConfig() (*consul.Config, error) {
config := consul.DefaultConfig()
if c.Addr != "" {
config.Address = c.Addr
}
if c.Token != "" {
config.Token = c.Token
}
if c.Timeout != 0 {
config.HttpClient.Timeout = c.Timeout
}
if c.Auth != "" {
var username, password string
if strings.Contains(c.Auth, ":") {
split := strings.SplitN(c.Auth, ":", 2)
username = split[0]
password = split[1]
} else {
username = c.Auth
}
config.HttpAuth = &consul.HttpBasicAuth{
Username: username,
Password: password,
}
}
if c.EnableSSL {
config.Scheme = "https"
tlsConfig := consul.TLSConfig{
Address: config.Address,
CAFile: c.CAFile,
CertFile: c.CertFile,
KeyFile: c.KeyFile,
InsecureSkipVerify: !c.VerifySSL,
}
tlsClientCfg, err := consul.SetupTLSConfig(&tlsConfig)
if err != nil {
return nil, fmt.Errorf("error creating tls client config for consul: %v", err)
}
config.HttpClient.Transport = &http.Transport{
TLSClientConfig: tlsClientCfg,
}
}
if c.EnableSSL && !c.VerifySSL {
config.HttpClient.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
}
}
return config, nil
}
// New returns an initialized consul client
func (cc *Config) New() (*Client, error) {
var c *api.Config // upstream client configuration
var client *Client // client wrapper
var err error // general error holder
// init upstream config
c = api.DefaultConfig()
// overwrite address if needed
if cc.Address != "" {
c.Address = cc.Address
}
// overwrite scheme if needed
if cc.Scheme != "" {
c.Scheme = cc.Scheme
}
// overwrite dc if needed
if cc.Datacenter != "" {
c.Datacenter = cc.Datacenter
}
// overwrite token if needed
if cc.Token != "" {
c.Token = cc.Token
}
// configure if any TLS specific options were passed
if cc.TLS.CAFile != "" || cc.TLS.CertFile != "" || cc.TLS.KeyFile != "" || cc.TLS.InsecureSkipVerify {
var tlsConfig *tls.Config // client TLS config
// attempt to build tls config from passed options
if tlsConfig, err = api.SetupTLSConfig(cc.TLS); err != nil {
return nil, err
}
// build a new http client and transport
httpClient := cleanhttp.DefaultClient()
httpTransport := cleanhttp.DefaultTransport()
httpTransport.TLSClientConfig = tlsConfig
httpClient.Transport = httpTransport
// set client
c.HttpClient = httpClient
}
// init client wrapper
client = new(Client)
client.Client, err = api.NewClient(c)
// return client and error
return client, err
}
// New creates a Consul client
func newClient(conf *Config) (*api.Client, error) {
config := api.DefaultConfig()
config.HttpClient = http.DefaultClient
config.Address = conf.address
//config.Datacenter = conf.Datacenter
config.Scheme = "http"
if conf.auth.Enabled {
config.HttpAuth = &api.HttpBasicAuth{
Username: conf.auth.Username,
Password: conf.auth.Password,
}
}
if conf.enableSSL {
tlsConfigDesc := &api.TLSConfig{
Address: conf.address,
CAFile: conf.caCertFile,
CertFile: conf.certFile,
KeyFile: conf.keyFile,
InsecureSkipVerify: false,
}
if !conf.sslVerify {
tlsConfigDesc.InsecureSkipVerify = true
}
tlsConfig, err := api.SetupTLSConfig(tlsConfigDesc)
if err != nil {
return nil, err
}
config.Scheme = "https"
transport := cleanhttp.DefaultPooledTransport()
transport.TLSClientConfig = tlsConfig
config.HttpClient.Transport = transport
}
config.WaitTime = time.Duration(conf.timeout)
config.Token = conf.token
client, err := api.NewClient(config)
return client, err
}
// NewSyncer returns a new consul.Syncer
func NewSyncer(consulConfig *config.ConsulConfig, shutdownCh chan struct{}, logger *log.Logger) (*Syncer, error) {
var err error
var c *consul.Client
cfg := consul.DefaultConfig()
// If a nil consulConfig was provided, fall back to the default config
if consulConfig == nil {
consulConfig = cconfig.DefaultConfig().ConsulConfig
}
if consulConfig.Addr != "" {
cfg.Address = consulConfig.Addr
}
if consulConfig.Token != "" {
cfg.Token = consulConfig.Token
}
if consulConfig.Auth != "" {
var username, password string
if strings.Contains(consulConfig.Auth, ":") {
split := strings.SplitN(consulConfig.Auth, ":", 2)
username = split[0]
password = split[1]
} else {
username = consulConfig.Auth
}
cfg.HttpAuth = &consul.HttpBasicAuth{
Username: username,
Password: password,
}
}
if consulConfig.EnableSSL {
cfg.Scheme = "https"
tlsCfg := consul.TLSConfig{
Address: cfg.Address,
CAFile: consulConfig.CAFile,
CertFile: consulConfig.CertFile,
KeyFile: consulConfig.KeyFile,
InsecureSkipVerify: !consulConfig.VerifySSL,
}
tlsClientCfg, err := consul.SetupTLSConfig(&tlsCfg)
if err != nil {
return nil, fmt.Errorf("error creating tls client config for consul: %v", err)
}
cfg.HttpClient.Transport = &http.Transport{
TLSClientConfig: tlsClientCfg,
}
}
if consulConfig.EnableSSL && !consulConfig.VerifySSL {
cfg.HttpClient.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
}
}
if c, err = consul.NewClient(cfg); err != nil {
return nil, err
}
consulSyncer := Syncer{
client: c,
logger: logger,
consulAvailable: true,
shutdownCh: shutdownCh,
servicesGroups: make(map[ServiceDomain]map[ServiceKey]*consul.AgentServiceRegistration),
checkGroups: make(map[ServiceDomain]map[ServiceKey][]*consul.AgentCheckRegistration),
trackedServices: make(map[consulServiceID]*consul.AgentServiceRegistration),
trackedChecks: make(map[consulCheckID]*consul.AgentCheckRegistration),
checkRunners: make(map[consulCheckID]*CheckRunner),
periodicCallbacks: make(map[string]types.PeriodicCallback),
}
return &consulSyncer, nil
}
// NewConsulService returns a new ConsulService
func NewConsulService(config *ConsulConfig, logger *log.Logger, allocID string) (*ConsulService, error) {
var err error
var c *consul.Client
cfg := consul.DefaultConfig()
if config.Addr != "" {
cfg.Address = config.Addr
}
if config.Token != "" {
cfg.Token = config.Token
}
if config.Auth != "" {
var username, password string
if strings.Contains(config.Auth, ":") {
split := strings.SplitN(config.Auth, ":", 2)
username = split[0]
password = split[1]
} else {
username = config.Auth
}
cfg.HttpAuth = &consul.HttpBasicAuth{
Username: username,
Password: password,
}
}
if config.EnableSSL {
cfg.Scheme = "https"
tlsCfg := consul.TLSConfig{
Address: cfg.Address,
CAFile: config.CAFile,
CertFile: config.CertFile,
KeyFile: config.KeyFile,
InsecureSkipVerify: !config.VerifySSL,
}
tlsClientCfg, err := consul.SetupTLSConfig(&tlsCfg)
if err != nil {
return nil, fmt.Errorf("error creating tls client config for consul: %v", err)
}
cfg.HttpClient.Transport = &http.Transport{
TLSClientConfig: tlsClientCfg,
}
}
if config.EnableSSL && !config.VerifySSL {
cfg.HttpClient.Transport = &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
}
}
if c, err = consul.NewClient(cfg); err != nil {
return nil, err
}
consulService := ConsulService{
client: c,
allocID: allocID,
logger: logger,
trackedServices: make(map[string]*consul.AgentService),
trackedChecks: make(map[string]*consul.AgentCheckRegistration),
checkRunners: make(map[string]*CheckRunner),
shutdownCh: make(chan struct{}),
}
return &consulService, nil
}