Use go-rootcerts to configure TLS

Allows configuration of the CA certs for the Atlas connection via environment variables `ATLAS_CAFILE` or `ATLAS_CAPATH`. Also catches the workaround for golang/go#14514 in go-rootcerts so that OS X clients behave properly.
hashicorp · May 3, 2016 · b2f8540 · b2f8540
1 parent 0008886
commit b2f8540
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/v1/client.go b/v1/client.go
@@ -14,6 +14,7 @@ import (
 	"strings"
 
 	"github.com/hashicorp/go-cleanhttp"
+	"github.com/hashicorp/go-rootcerts"
 )
 
 const (
@@ -24,6 +25,14 @@ const (
 	// default Atlas address.
 	atlasEndpointEnvVar = "ATLAS_ADDRESS"
 
+	// atlasCAFileEnvVar is the environment variable that causes the client to
+	// load trusted certs from a file
+	atlasCAFileEnvVar = "ATLAS_CAFILE"
+
+	// atlasCAPathEnvVar is the environment variable that causes the client to
+	// load trusted certs from a directory
+	atlasCAPathEnvVar = "ATLAS_CAPATH"
+
 	// atlasTokenHeader is the header key used for authenticating with Atlas
 	atlasTokenHeader = "X-Atlas-Token"
 )
@@ -112,6 +121,15 @@ func NewClient(urlString string) (*Client, error) {
 // init() sets defaults on the client.
 func (c *Client) init() error {
 	c.HTTPClient = cleanhttp.DefaultClient()
+	t := cleanhttp.DefaultTransport()
+	err := rootcerts.ConfigureTLS(t.TLSClientConfig, &rootcerts.Config{
+		CAFile: os.Getenv(atlasCAFileEnvVar),
+		CAPath: os.Getenv(atlasCAPathEnvVar),
+	})
+	if err != nil {
+		return err
+	}
+	c.HTTPClient.Transport = t
 	return nil
 }