Merge pull request #4184 from hashicorp/bugfix/gh-4076

Fix #4076 - Agent configured Watches now work with HTTPS only agents
2018-06-01 08:55:34 -04:00 · 2018-06-01 08:55:34 -04:00 · 41f4bb44f7
parent 83d27beb8f 1fbe828c35
commit 41f4bb44f7
3 changed files with 46 additions and 3 deletions
--- a/agent/agent.go
+++ b/agent/agent.go
@ -646,14 +646,19 @@ func (a *Agent) reloadWatches(cfg *config.RuntimeConfig) error {

 	// Determine the primary http(s) endpoint.
 	var netaddr net.Addr
+	https := false
 	if len(cfg.HTTPAddrs) > 0 {
 		netaddr = cfg.HTTPAddrs[0]
 	} else {
 		netaddr = cfg.HTTPSAddrs[0]
+		https = true
 	}
 	addr := netaddr.String()
 	if netaddr.Network() == "unix" {
 		addr = "unix://" + addr
+		https = false
+	} else if https {
+		addr = "https://" + addr
 	}

 	// Fire off a goroutine for each new watch plan.
@ -669,7 +674,19 @@ func (a *Agent) reloadWatches(cfg *config.RuntimeConfig) error {
 				wp.Handler = makeHTTPWatchHandler(a.LogOutput, httpConfig)
 			}
 			wp.LogOutput = a.LogOutput
-			if err := wp.Run(addr); err != nil {
+
+			config := api.DefaultConfig()
+			if https {
+				if a.config.CAPath != "" {
+					config.TLSConfig.CAPath = a.config.CAPath
+				}
+				if a.config.CAFile != "" {
+					config.TLSConfig.CAFile = a.config.CAFile
+				}
+				config.TLSConfig.Address = addr
+			}
+
+			if err := wp.RunWithConfig(addr, config); err != nil {
 				a.logger.Printf("[ERR] agent: Failed to run watch: %v", err)
 			}
 		}(wp)
--- a/agent/agent_test.go
+++ b/agent/agent_test.go
@ -2206,3 +2206,23 @@ func TestAgent_reloadWatches(t *testing.T) {
 		t.Fatalf("bad: %s", err)
 	}
 }
+
+func TestAgent_reloadWatchesHTTPS(t *testing.T) {
+	t.Parallel()
+	a := TestAgent{Name: t.Name(), UseTLS: true}
+	a.Start()
+	defer a.Shutdown()
+
+	// Normal watch with http addr set, should succeed
+	newConf := *a.config
+	newConf.Watches = []map[string]interface{}{
+		{
+			"type": "key",
+			"key":  "asdf",
+			"args": []interface{}{"ls"},
+		},
+	}
+	if err := a.reloadWatches(&newConf); err != nil {
+		t.Fatalf("bad: %s", err)
+	}
+}
--- a/watch/plan.go
+++ b/watch/plan.go
@ -19,11 +19,17 @@ const (
 	maxBackoffTime = 180 * time.Second
 )

-// Run is used to run a watch plan
 func (p *Plan) Run(address string) error {
+	return p.RunWithConfig(address, nil)
+}
+
+// Run is used to run a watch plan
+func (p *Plan) RunWithConfig(address string, conf *consulapi.Config) error {
 	// Setup the client
 	p.address = address
-	conf := consulapi.DefaultConfig()
+	if conf == nil {
+		conf = consulapi.DefaultConfig()
+	}
 	conf.Address = address
 	conf.Datacenter = p.Datacenter
 	conf.Token = p.Token