Add TLS support.

Signed-off-by: Alex Welch <me@alexwelch.com>

actions/actions.go

@@ -3,6 +3,7 @@ package actions
 import (
 	"encoding/json"
 	"fmt"
+	"os/user"
 	"strings"
 
 	"github.com/CenturyLinkLabs/prettycli"
@@ -27,8 +28,40 @@ func init() {
 }
 
 type Options struct {
-	Args  []string
-	Flags map[string]string
+	Args            []string
+	Flags           map[string]string
+	EndpointOptions EndpointOptions
+}
+
+type EndpointOptions struct {
+	Host      string
+	TLS       bool
+	TLSVerify bool
+	TLSCaCert string
+	TLSCert   string
+	TLSKey    string
+}
+
+func (eo EndpointOptions) tlsCaCert() string {
+	return resolveHomeDirectory(eo.TLSCaCert)
+}
+
+func (eo EndpointOptions) tlsCert() string {
+	return resolveHomeDirectory(eo.TLSCert)
+}
+
+func (eo EndpointOptions) tlsKey() string {
+	return resolveHomeDirectory(eo.TLSKey)
+}
+
+func resolveHomeDirectory(path string) string {
+	if strings.Contains(path, "~") {
+		usr, _ := user.Current()
+		dir := usr.HomeDir
+		return strings.Replace(path, "~", dir, 1)
+	}
+
+	return path
 }
 
 type Zodiaction func(Options) (prettycli.Output, error)

actions/deploy.go

@@ -12,7 +12,7 @@ import (
 func Deploy(options Options) (prettycli.Output, error) {
 	fmt.Println("Deploying your application...")
 
-	endpoint, err := endpointFactory(options.Flags["endpoint"])
+	endpoint, err := endpointFactory(options.EndpointOptions)
 	if err != nil {
 		return nil, err
 	}

actions/deploy_test.go

@@ -52,7 +52,7 @@ func TestDeploy_Success(t *testing.T) {
 		},
 	}
 
-	endpointFactory = func(string) (Endpoint, error) {
+	endpointFactory = func(EndpointOptions) (Endpoint, error) {
 		return e, nil
 	}
 

actions/endpoint.go

@@ -1,7 +1,10 @@
 package actions
 
 import (
+	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
+	"io/ioutil"
 	"net/url"
 
 	log "github.com/Sirupsen/logrus"
@@ -13,17 +16,57 @@ var (
 )
 
 func init() {
-	endpointFactory = func(dockerHost string) (Endpoint, error) {
-		c, err := dockerclient.NewDockerClient(dockerHost, nil)
+	endpointFactory = func(endpointOpts EndpointOptions) (Endpoint, error) {
+
+		tlsConfig, err := getTlsConfig(endpointOpts)
+		if err != nil {
+			return nil, err
+		}
+
+		c, err := dockerclient.NewDockerClient(endpointOpts.Host, tlsConfig)
 		if err != nil {
 			return nil, err
 		}
 
-		return &DockerEndpoint{url: dockerHost, client: c}, nil
+		return &DockerEndpoint{url: endpointOpts.Host, client: c}, nil
 	}
 }
 
-type EndpointFactory func(string) (Endpoint, error)
+func getTlsConfig(endpointOpts EndpointOptions) (*tls.Config, error) {
+	var tlsConfig *tls.Config
+
+	if endpointOpts.TLS {
+
+		tlsConfig = &tls.Config{
+			InsecureSkipVerify: !endpointOpts.TLSVerify,
+		}
+
+		if endpointOpts.tlsCert() != "" && endpointOpts.tlsKey() != "" {
+
+			cert, err := tls.LoadX509KeyPair(endpointOpts.tlsCert(), endpointOpts.tlsKey())
+			if err != nil {
+				return nil, err
+			}
+			tlsConfig.Certificates = []tls.Certificate{cert}
+		}
+
+		// Load CA cert
+		if endpointOpts.tlsCaCert() != "" {
+
+			caCert, err := ioutil.ReadFile(endpointOpts.tlsCaCert())
+			if err != nil {
+				return nil, err
+			}
+			caCertPool := x509.NewCertPool()
+			caCertPool.AppendCertsFromPEM(caCert)
+
+			tlsConfig.RootCAs = caCertPool
+		}
+	}
+	return tlsConfig, nil
+}
+
+type EndpointFactory func(EndpointOptions) (Endpoint, error)
 
 type Endpoint interface {
 	Version() (string, error)
@@ -40,6 +83,7 @@ type DockerEndpoint struct {
 	client dockerclient.Client
 }
 
+// TODO: can we ditch this? Should always have it on the client
 func (e *DockerEndpoint) Host() string {
 	url, _ := url.Parse(e.url)
 	return url.Host
@@ -54,13 +98,13 @@ func (e *DockerEndpoint) Version() (string, error) {
 	return v.Version, nil
 }
 
+// TODO: can we ditch this? Should always have it on the client
 func (e *DockerEndpoint) Name() string {
 	return e.url
 }
 
 func (e *DockerEndpoint) StartContainer(name string, cc ContainerConfig) error {
 	dcc, _ := translateContainerConfig(cc)
-
 	id, err := e.client.CreateContainer(&dcc, name)
 	if err != nil {
 		log.Fatalf("Problem creating container: ", err)

actions/list.go

@@ -10,7 +10,7 @@ import (
 
 func List(options Options) (prettycli.Output, error) {
 
-	endpoint, err := endpointFactory(options.Flags["endpoint"])
+	endpoint, err := endpointFactory(options.EndpointOptions)
 	if err != nil {
 		return nil, err
 	}

actions/list_test.go

@@ -74,7 +74,7 @@ func TestList_Success(t *testing.T) {
 		},
 	}
 
-	endpointFactory = func(string) (Endpoint, error) {
+	endpointFactory = func(EndpointOptions) (Endpoint, error) {
 		return e, nil
 	}
 

actions/rollback.go

@@ -12,7 +12,7 @@ import (
 func Rollback(options Options) (prettycli.Output, error) {
 	fmt.Println("Rolling back your application...")
 
-	endpoint, err := endpointFactory(options.Flags["endpoint"])
+	endpoint, err := endpointFactory(options.EndpointOptions)
 	if err != nil {
 		return nil, err
 	}

actions/rollback_test.go

@@ -90,7 +90,7 @@ func TestRollback_Success(t *testing.T) {
 		},
 	}
 
-	endpointFactory = func(string) (Endpoint, error) {
+	endpointFactory = func(EndpointOptions) (Endpoint, error) {
 		return e, nil
 	}
 
@@ -168,7 +168,7 @@ func TestRollbackWithID_Success(t *testing.T) {
 		},
 	}
 
-	endpointFactory = func(string) (Endpoint, error) {
+	endpointFactory = func(EndpointOptions) (Endpoint, error) {
 		return e, nil
 	}
 
@@ -234,7 +234,7 @@ func TestRollbackWithNoPreviousDeployment_Error(t *testing.T) {
 		},
 	}
 
-	endpointFactory = func(string) (Endpoint, error) {
+	endpointFactory = func(EndpointOptions) (Endpoint, error) {
 		return e, nil
 	}
 
@@ -304,7 +304,7 @@ func TestRollbackWithNonexistingID_Error(t *testing.T) {
 		},
 	}
 
-	endpointFactory = func(string) (Endpoint, error) {
+	endpointFactory = func(EndpointOptions) (Endpoint, error) {
 		return e, nil
 	}
 

actions/teardown.go

@@ -8,7 +8,7 @@ import (
 
 func Teardown(options Options) (prettycli.Output, error) {
 
-	endpoint, err := endpointFactory(options.Flags["endpoint"])
+	endpoint, err := endpointFactory(options.EndpointOptions)
 	if err != nil {
 		return nil, err
 	}

actions/teardown_test.go

@@ -44,7 +44,7 @@ func TestTeardown_Success(t *testing.T) {
 		},
 	}
 
-	endpointFactory = func(string) (Endpoint, error) {
+	endpointFactory = func(EndpointOptions) (Endpoint, error) {
 		return e, nil
 	}
 

actions/verify.go

@@ -12,7 +12,7 @@ var RequredAPIVersion = semver.MustParse("1.6.0")
 
 func Verify(options Options) (prettycli.Output, error) {
 
-	endpoint, err := endpointFactory(options.Flags["endpoint"])
+	endpoint, err := endpointFactory(options.EndpointOptions)
 	if err != nil {
 		return nil, err
 	}

actions/verify_test.go

@@ -27,7 +27,7 @@ func (e mockVerifyEndpoint) Name() string {
 
 func TestVerify_Success(t *testing.T) {
 	e := mockVerifyEndpoint{version: "1.6.1", url: "http://foo.bar"}
-	endpointFactory = func(string) (Endpoint, error) {
+	endpointFactory = func(EndpointOptions) (Endpoint, error) {
 		return e, nil
 	}
 	o, err := Verify(Options{})
@@ -38,7 +38,7 @@ func TestVerify_Success(t *testing.T) {
 
 func TestVerify_ErroredOldVersion(t *testing.T) {
 	e := mockVerifyEndpoint{version: "1.5.0"}
-	endpointFactory = func(string) (Endpoint, error) {
+	endpointFactory = func(EndpointOptions) (Endpoint, error) {
 		return e, nil
 	}
 	o, err := Verify(Options{})
@@ -49,7 +49,7 @@ func TestVerify_ErroredOldVersion(t *testing.T) {
 
 func TestVerify_ErroredCrazyVersion(t *testing.T) {
 	e := mockVerifyEndpoint{version: "eleventy-billion"}
-	endpointFactory = func(string) (Endpoint, error) {
+	endpointFactory = func(EndpointOptions) (Endpoint, error) {
 		return e, nil
 	}
 	o, err := Verify(Options{})
@@ -60,7 +60,7 @@ func TestVerify_ErroredCrazyVersion(t *testing.T) {
 
 func TestVerify_ErroredAPIError(t *testing.T) {
 	e := mockVerifyEndpoint{ErrorForVersion: errors.New("test error")}
-	endpointFactory = func(string) (Endpoint, error) {
+	endpointFactory = func(EndpointOptions) (Endpoint, error) {
 		return e, nil
 	}
 	o, err := Verify(Options{})

integration_test.go

@@ -14,6 +14,8 @@ import (
 
 var b *clitest.BuildTester
 
+const TLSFlag = "--tls=false"
+
 func setup(t *testing.T) {
 	if testing.Short() {
 		t.SkipNow()
@@ -49,7 +51,7 @@ func TestVerify_Successful(t *testing.T) {
 	s, endpointFlag := newFakeServerAndFlag()
 	defer s.Close()
 
-	r := b.Run(t, endpointFlag, "verify")
+	r := b.Run(t, TLSFlag, endpointFlag, "verify")
 	r.AssertSuccessful()
 	assert.Contains(t, r.Stdout(), "Successfully verified endpoint:")
 	assert.Empty(t, r.Stderr())
@@ -71,10 +73,10 @@ func TestVerify_EndpointEnvVar(t *testing.T) {
 
 	parts := strings.Split(endpointFlag, "=")
 
-	os.Setenv("ZODIAC_DOCKER_ENDPOINT", parts[1])
-	defer os.Unsetenv("ZODIAC_DOCKER_ENDPOINT")
+	os.Setenv("DOCKER_HOST", parts[1])
+	defer os.Unsetenv("DOCKER_HOST")
 
-	r := b.Run(t, "verify")
+	r := b.Run(t, TLSFlag, "verify")
 	r.AssertSuccessful()
 	assert.Contains(t, r.Stdout(), "Successfully verified endpoint:")
 	assert.Empty(t, r.Stderr())
@@ -85,7 +87,7 @@ func TestDeploy_Successful(t *testing.T) {
 	s, endpointFlag := newFakeServerAndFlag()
 	defer s.Close()
 
-	r := b.Run(t, endpointFlag, "deploy", "-f", "fixtures/webapp.yml")
+	r := b.Run(t, TLSFlag, endpointFlag, "deploy", "-f", "fixtures/webapp.yml")
 	fmt.Println(r.Stderr())
 	fmt.Println(r.Stdout())
 	r.AssertSuccessful()