Use go-rootcerts to configure TLS

Allows configuration of the CA certs for the Atlas connection via environment variables `ATLAS_CAFILE` or `ATLAS_CAPATH`. Also catches the workaround for golang/go#14514 in go-rootcerts so that OS X clients behave properly.
hashicorp · May 3, 2016 · def1343 · def1343
1 parent 0008886
commit def1343
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/v1/client.go b/v1/client.go
@@ -2,6 +2,7 @@ package atlas
 
 import (
 	"bytes"
+	"crypto/tls"
 	"encoding/json"
 	"fmt"
 	"io"
@@ -14,6 +15,7 @@ import (
 	"strings"
 
 	"github.com/hashicorp/go-cleanhttp"
+	"github.com/hashicorp/go-rootcerts"
 )
 
 const (
@@ -24,6 +26,14 @@ const (
 	// default Atlas address.
 	atlasEndpointEnvVar = "ATLAS_ADDRESS"
 
+	// atlasCAFileEnvVar is the environment variable that causes the client to
+	// load trusted certs from a file
+	atlasCAFileEnvVar = "ATLAS_CAFILE"
+
+	// atlasCAPathEnvVar is the environment variable that causes the client to
+	// load trusted certs from a directory
+	atlasCAPathEnvVar = "ATLAS_CAPATH"
+
 	// atlasTokenHeader is the header key used for authenticating with Atlas
 	atlasTokenHeader = "X-Atlas-Token"
 )
@@ -112,6 +122,17 @@ func NewClient(urlString string) (*Client, error) {
 // init() sets defaults on the client.
 func (c *Client) init() error {
 	c.HTTPClient = cleanhttp.DefaultClient()
+	tlsConfig := &tls.Config{}
+	err := rootcerts.ConfigureTLS(tlsConfig, &rootcerts.Config{
+		CAFile: os.Getenv(atlasCAFileEnvVar),
+		CAPath: os.Getenv(atlasCAPathEnvVar),
+	})
+	if err != nil {
+		return err
+	}
+	t := cleanhttp.DefaultTransport()
+	t.TLSClientConfig = tlsConfig
+	c.HTTPClient.Transport = t
 	return nil
 }