opentofu/state/remote/consul.go
Paul Hinze 0a24e72c3b state/remote: allow https consul addresses
Sending state over a cleartext protocol is bad in untrusted networks.
Expose `-backend-config="scheme=https"` and wire it through to the
Consul client.
2015-03-17 17:11:35 -04:00

74 lines
1.3 KiB
Go

package remote
import (
"crypto/md5"
"fmt"
consulapi "github.com/hashicorp/consul/api"
)
func consulFactory(conf map[string]string) (Client, error) {
path, ok := conf["path"]
if !ok {
return nil, fmt.Errorf("missing 'path' configuration")
}
config := consulapi.DefaultConfig()
if token, ok := conf["access_token"]; ok && token != "" {
config.Token = token
}
if addr, ok := conf["address"]; ok && addr != "" {
config.Address = addr
}
if scheme, ok := conf["scheme"]; ok && scheme != "" {
config.Scheme = scheme
}
client, err := consulapi.NewClient(config)
if err != nil {
return nil, err
}
return &ConsulClient{
Client: client,
Path: path,
}, nil
}
// ConsulClient is a remote client that stores data in Consul.
type ConsulClient struct {
Client *consulapi.Client
Path string
}
func (c *ConsulClient) Get() (*Payload, error) {
pair, _, err := c.Client.KV().Get(c.Path, nil)
if err != nil {
return nil, err
}
if pair == nil {
return nil, nil
}
md5 := md5.Sum(pair.Value)
return &Payload{
Data: pair.Value,
MD5: md5[:],
}, nil
}
func (c *ConsulClient) Put(data []byte) error {
kv := c.Client.KV()
_, err := kv.Put(&consulapi.KVPair{
Key: c.Path,
Value: data,
}, nil)
return err
}
func (c *ConsulClient) Delete() error {
kv := c.Client.KV()
_, err := kv.Delete(c.Path, nil)
return err
}