Merge pull request #152 from vfarcic/auto-certs

Auto certs

Author: vfarcic

actions/reconfigure_test.go

@@ -1100,6 +1100,11 @@ func (m *ProxyMock) RemoveService(service string) {
 	m.Called(service)
 }
 
+func (m *ProxyMock) GetCertPaths() []string {
+	params := m.Called()
+	return params.Get(0).([]string)
+}
+
 func getProxyMock(skipMethod string) *ProxyMock {
 	mockObj := new(ProxyMock)
 	if skipMethod != "RunCmd" {
@@ -1126,6 +1131,9 @@ func getProxyMock(skipMethod string) *ProxyMock {
 	if skipMethod != "RemoveService" {
 		mockObj.On("RemoveService", mock.Anything)
 	}
+	if skipMethod != "GetCertPaths" {
+		mockObj.On("GetCertPaths")
+	}
 	return mockObj
 }
 

actions/remove.go

@@ -68,10 +68,6 @@ func (m *Remove) removeFiles(templatesPath, serviceName, aclName string, registr
 	defer mu.Unlock()
 	for _, path := range paths {
 		OsRemove(path)
-		// TODO: Remove commented. Files not be used when everything is moved to in-memory
-		//		if err := OsRemove(path); err != nil {
-		//			return err
-		//		}
 	}
 	if !strings.EqualFold(mode, "service") && !strings.EqualFold(mode, "swarm") {
 		var err error

actions/remove_test.go

@@ -84,17 +84,6 @@ func (s RemoveTestSuite) Test_Execute_RemovesConfigurationFileUsingAclName_WhenP
 	s.Equal(expected, actual)
 }
 
-// TODO: Remove. Files not be used when everything is moved to in-memory
-//func (s RemoveTestSuite) Test_Execute_ReturnsError_WhenFailure() {
-//	OsRemove = func(name string) error {
-//		return fmt.Errorf("The file could not be removed")
-//	}
-//
-//	err := s.remove.Execute([]string{})
-//
-//	s.Error(err)
-//}
-
 func (s RemoveTestSuite) Test_Execute_Invokes_HaProxyCreateConfigFromTemplates() {
 	proxyOrig := proxy.Instance
 	defer func() { proxy.Instance = proxyOrig }()

args_test.go

@@ -326,6 +326,11 @@ func (m *ProxyMock) RemoveService(service string) {
 	m.Called(service)
 }
 
+func (m *ProxyMock) GetCertPaths() []string {
+	params := m.Called()
+	return params.Get(0).([]string)
+}
+
 func getProxyMock(skipMethod string) *ProxyMock {
 	mockObj := new(ProxyMock)
 	if skipMethod != "RunCmd" {
@@ -352,5 +357,8 @@ func getProxyMock(skipMethod string) *ProxyMock {
 	if skipMethod != "RemoveService" {
 		mockObj.On("RemoveService", mock.Anything)
 	}
+	if skipMethod != "GetCertPaths" {
+		mockObj.On("GetCertPaths")
+	}
 	return mockObj
 }

docs/config.md

@@ -12,7 +12,7 @@ The following environment variables can be used to configure the *Docker Flow Pr
 |Variable           |Description                                               |Required|Default|Example|
 |-------------------|----------------------------------------------------------|--------|-------|-------|
 |BIND_PORTS         |Ports to bind in addition to `80` and `443`. Multiple values can be separated with comma|No| |8085, 8086|
-|CERTS              |Comma separated list of certs. If set, cert files need to be available in the `/certs` directory.|No| |cert-1.pem, cert-2.pem|
+|CERTS              |This parameter is **deprecated** as of February 2017. All the certificates from the `/cets/` directory are now loaded automatically| | | |
 |CONNECTION_MODE    |HAProxy supports 5 connection modes. *keep alive*: all requests and responses are processed. *tunnel*: only the first request and response are processed, everything else is forwarded with no analysis. *passive close*: tunnel with "Connection: close" added in both directions. *server close*: the server-facing connection is closed after the response. *forced close*: the connection is actively closed after end of response. In general it is preferred to use *http-server-close* with application servers, and some static servers might benefit from *http-keep-alive*.|No|http-server-close|http-keep-alive|
 |CONSUL_ADDRESS     |The address of a Consul instance used for storing proxy information and discovering running nodes.  Multiple addresses can be separated with comma (e.g. 192.168.0.10:8500,192.168.0.11:8500).|Only in the *default* mode| |192.168.0.10:8500|
 |DEFAULT_PORTS      |The default ports used by the proxy. Multiple values can be separated with comma (`,`). If a port should be for SSL connections, append it with `:ssl.|No|80,443:ssl| |

integration_tests/integration_swarm_test.go

@@ -245,9 +245,9 @@ func (s IntegrationSwarmTestSuite) Test_Reload() {
 // Util
 
 func (s *IntegrationSwarmTestSuite) areContainersRunning(expected int, name string) bool {
-	out, _ := exec.Command("/bin/sh", "-c", "docker ps -q -f label=com.docker.swarm.service.name=" + name ).Output()
+	out, _ := exec.Command("/bin/sh", "-c", "docker ps -q -f label=com.docker.swarm.service.name="+name).Output()
 	lines := strings.Split(string(out), "\n")
-	return len(lines) == (expected +1) //+1 because there is new line at the end of ps output
+	return len(lines) == (expected + 1) //+1 because there is new line at the end of ps output
 }
 
 func (s *IntegrationSwarmTestSuite) createService(command string) {

proxy/ha_proxy.go

@@ -42,27 +42,32 @@ type ConfigData struct {
 	ContentFrontendSNI   string
 }
 
-func NewHaProxy(templatesPath, configsPath string, certs map[string]bool) Proxy {
-	data.Certs = certs
+func NewHaProxy(templatesPath, configsPath string) Proxy {
 	data.Services = map[string]Service{}
 	return HaProxy{
 		TemplatesPath: templatesPath,
 		ConfigsPath:   configsPath,
 	}
 }
 
-func (m HaProxy) AddCert(certName string) {
-	if data.Certs == nil {
-		data.Certs = map[string]bool{}
+func (m HaProxy) GetCertPaths() []string {
+	paths := []string{}
+	files, _ := ReadDir("/certs")
+	for _, file := range files {
+		if !file.IsDir() {
+			path := fmt.Sprintf("/certs/%s", file.Name())
+			paths = append(paths, path)
+		}
 	}
-	data.Certs[certName] = true
+	return paths
 }
 
 func (m HaProxy) GetCerts() map[string]string {
 	certs := map[string]string{}
-	for cert := range data.Certs {
-		content, _ := ReadFile(fmt.Sprintf("/certs/%s", cert))
-		certs[cert] = string(content)
+	paths := m.GetCertPaths()
+	for _, path := range paths {
+		content, _ := ReadFile(path)
+		certs[path] = string(content)
 	}
 	return certs
 }
@@ -164,15 +169,16 @@ backend dummy-be
 
 // TODO: Too big... Refactor it.
 func (m HaProxy) getConfigData() ConfigData {
-	certs := []string{}
-	if len(data.Certs) > 0 {
-		certs = append(certs, " ssl")
-		for cert := range data.Certs {
-			certs = append(certs, fmt.Sprintf("crt /certs/%s", cert))
+	certPaths := m.GetCertPaths()
+	certsString := []string{}
+	if len(certPaths) > 0 {
+		certsString = append(certsString, " ssl")
+		for _, certPath := range certPaths {
+			certsString = append(certsString, fmt.Sprintf("crt %s", certPath))
 		}
 	}
 	d := ConfigData{
-		CertsString: strings.Join(certs, " "),
+		CertsString: strings.Join(certsString, " "),
 	}
 	d.ConnectionMode = m.getSecretOrEnvVar("CONNECTION_MODE", "http-server-close")
 	d.TimeoutConnect = m.getSecretOrEnvVar("TIMEOUT_CONNECT", "5")