Use correct certificate/key when generating curl command in hosted

3 files changed, 34 insertions, 28 deletions

diff --git a/client/go/cmd/curl.go b/client/go/cmd/curl.go
index 65cac223309..289a65465bd 100644
--- a/client/go/cmd/curl.go
+++ b/client/go/cmd/curl.go
@@ -42,11 +42,11 @@ $ vespa curl -- -v --data-urlencode "yql=select * from music where album contain
 		if err != nil {
 			return err
 		}
-		app, err := getApplication()
+		target, err := getTarget()
 		if err != nil {
 			return err
 		}
-		service, err := getService(curlService, 0, "")
+		service, err := target.Service(curlService, 0, 0, "")
 		if err != nil {
 			return err
 		}
@@ -58,26 +58,14 @@ $ vespa curl -- -v --data-urlencode "yql=select * from music where album contain
 		}
 		switch curlService {
 		case vespa.DeployService:
-			t, err := getTarget()
-			if err != nil {
-				return err
-			}
-			if t.Type() == vespa.TargetCloud {
-				if err := addCloudAuth0Authentication(t.Deployment().System, cfg, c); err != nil {
+			if target.Type() == vespa.TargetCloud {
+				if err := addCloudAuth0Authentication(target.Deployment().System, cfg, c); err != nil {
 					return err
 				}
 			}
 		case vespa.DocumentService, vespa.QueryService:
-			privateKeyFile, err := cfg.PrivateKeyPath(app)
-			if err != nil {
-				return err
-			}
-			certificateFile, err := cfg.CertificatePath(app)
-			if err != nil {
-				return err
-			}
-			c.PrivateKey = privateKeyFile
-			c.Certificate = certificateFile
+			c.PrivateKey = service.TLSOptions.PrivateKeyFile
+			c.Certificate = service.TLSOptions.CertificateFile
 		default:
 			return fmt.Errorf("service not found: %s", curlService)
 		}
diff --git a/client/go/cmd/curl_test.go b/client/go/cmd/curl_test.go
index 253943f2b04..50b837e0d85 100644
--- a/client/go/cmd/curl_test.go
+++ b/client/go/cmd/curl_test.go
@@ -3,6 +3,7 @@ package cmd
 
 import (
 	"fmt"
+	"os"
 	"path/filepath"
 	"testing"
 
@@ -13,14 +14,27 @@ import (
 func TestCurl(t *testing.T) {
 	homeDir := filepath.Join(t.TempDir(), ".vespa")
 	httpClient := &mock.HTTPClient{}
-	out, _ := execute(command{homeDir: homeDir, args: []string{"curl", "-n", "-a", "t1.a1.i1", "--", "-v", "--data-urlencode", "arg=with space", "/search"}}, t, httpClient)
+	_, outErr := execute(command{args: []string{"config", "set", "application", "t1.a1.i1"}, homeDir: homeDir}, t, nil)
+	assert.Equal(t, "", outErr)
+	_, outErr = execute(command{args: []string{"config", "set", "target", "cloud"}, homeDir: homeDir}, t, nil)
+	assert.Equal(t, "", outErr)
+	_, outErr = execute(command{args: []string{"auth", "api-key"}, homeDir: homeDir}, t, nil)
+	assert.Equal(t, "", outErr)
+	_, outErr = execute(command{args: []string{"auth", "cert", "--no-add"}, homeDir: homeDir}, t, nil)
+	assert.Equal(t, "", outErr)
+
+	os.Setenv("VESPA_CLI_ENDPOINTS", "{\"endpoints\":[{\"cluster\":\"container\",\"url\":\"http://127.0.0.1:8080\"}]}")
+	out, _ := execute(command{homeDir: homeDir, args: []string{"curl", "-n", "--", "-v", "--data-urlencode", "arg=with space", "/search"}}, t, httpClient)
 
 	expected := fmt.Sprintf("curl --key %s --cert %s -v --data-urlencode 'arg=with space' http://127.0.0.1:8080/search\n",
 		filepath.Join(homeDir, "t1.a1.i1", "data-plane-private-key.pem"),
 		filepath.Join(homeDir, "t1.a1.i1", "data-plane-public-cert.pem"))
 	assert.Equal(t, expected, out)
 
-	out, _ = execute(command{homeDir: homeDir, args: []string{"curl", "-a", "t1.a1.i1", "-s", "deploy", "-n", "/application/v4/tenant/foo"}}, t, httpClient)
+	_, outErr = execute(command{args: []string{"config", "set", "target", "local"}, homeDir: homeDir}, t, nil)
+	assert.Equal(t, "", outErr)
+	out, outErr = execute(command{homeDir: homeDir, args: []string{"curl", "-a", "t1.a1.i1", "-s", "deploy", "-n", "/application/v4/tenant/foo"}}, t, httpClient)
+	assert.Equal(t, "", outErr)
 	expected = "curl http://127.0.0.1:19071/application/v4/tenant/foo\n"
 	assert.Equal(t, expected, out)
 }
diff --git a/client/go/cmd/helpers.go b/client/go/cmd/helpers.go
index 9003a64b33b..eb801b51d97 100644
--- a/client/go/cmd/helpers.go
+++ b/client/go/cmd/helpers.go
@@ -39,30 +39,30 @@ func athenzPath(filename string) (string, error) {
 	return filepath.Join(userHome, ".athenz", filename), nil
 }
 
-func athenzKeyPair() (tls.Certificate, error) {
+func athenzKeyPair() (KeyPair, error) {
 	certFile, err := athenzPath("cert")
 	if err != nil {
-		return tls.Certificate{}, err
+		return KeyPair{}, err
 	}
 	keyFile, err := athenzPath("key")
 	if err != nil {
-		return tls.Certificate{}, err
+		return KeyPair{}, err
 	}
 	kp, err := tls.LoadX509KeyPair(certFile, keyFile)
 	if err != nil {
-		return tls.Certificate{}, err
+		return KeyPair{}, err
 	}
 	cert, err := x509.ParseCertificate(kp.Certificate[0])
 	if err != nil {
-		return tls.Certificate{}, err
+		return KeyPair{}, err
 	}
 	now := time.Now()
 	expiredAt := cert.NotAfter
 	if expiredAt.Before(now) {
 		delta := now.Sub(expiredAt).Truncate(time.Second)
-		return tls.Certificate{}, errHint(fmt.Errorf("certificate %s expired at %s (%s ago)", certFile, cert.NotAfter, delta), "Try renewing certificate with 'athenz-user-cert'")
+		return KeyPair{}, errHint(fmt.Errorf("certificate %s expired at %s (%s ago)", certFile, cert.NotAfter, delta), "Try renewing certificate with 'athenz-user-cert'")
 	}
-	return kp, nil
+	return KeyPair{KeyPair: kp, CertificateFile: certFile, PrivateKeyFile: keyFile}, nil
 }
 
 func vespaCliHome() (string, error) {
@@ -255,7 +255,11 @@ func createCloudTarget(targetType string) (vespa.Target, error) {
 		if err != nil {
 			return nil, err
 		}
-		apiTLSOptions = vespa.TLSOptions{KeyPair: kp}
+		apiTLSOptions = vespa.TLSOptions{
+			KeyPair:         kp.KeyPair,
+			CertificateFile: kp.CertificateFile,
+			PrivateKeyFile:  kp.PrivateKeyFile,
+		}
 		deploymentTLSOptions = apiTLSOptions
 	} else {
 		return nil, fmt.Errorf("invalid cloud target: %s", targetType)