diff options
author | Harald Musum <musum@verizonmedia.com> | 2019-07-05 17:47:51 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-07-05 17:47:51 +0200 |
commit | 8bd66b92b22446d1d696044cc8efcf6ad2c36fab (patch) | |
tree | 9b5f8382e0c00a3ba4712acc0f1c2353494de547 /security-tools/src/main | |
parent | 7fe25033fc0e83fa2eb2ed50e9f2983ec98c2b6f (diff) |
Revert "Bjorncs/tls vespa deploy"
Diffstat (limited to 'security-tools/src/main')
-rw-r--r-- | security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java | 14 | ||||
-rwxr-xr-x | security-tools/src/main/sh/vespa-curl-wrapper | 15 |
2 files changed, 17 insertions, 12 deletions
diff --git a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java index 367d7b9dd83..ae18700246c 100644 --- a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java +++ b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java @@ -51,15 +51,17 @@ public class Main { Map<OutputVariable, String> outputVariables = new TreeMap<>(); Optional<TransportSecurityOptions> options = TransportSecurityUtils.getOptions(envVars); - MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(envVars); - if (options.isPresent() && mixedMode != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) { + if (options.isPresent()) { outputVariables.put(OutputVariable.TLS_ENABLED, "1"); options.get().getCaCertificatesFile() .ifPresent(caCertFile -> outputVariables.put(OutputVariable.CA_CERTIFICATE, caCertFile.toString())); - options.get().getCertificatesFile() - .ifPresent(certificateFile -> outputVariables.put(OutputVariable.CERTIFICATE, certificateFile.toString())); - options.get().getPrivateKeyFile() - .ifPresent(privateKeyFile -> outputVariables.put(OutputVariable.PRIVATE_KEY, privateKeyFile.toString())); + MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(envVars); + if (mixedMode != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) { + options.get().getCertificatesFile() + .ifPresent(certificateFile -> outputVariables.put(OutputVariable.CERTIFICATE, certificateFile.toString())); + options.get().getPrivateKeyFile() + .ifPresent(privateKeyFile -> outputVariables.put(OutputVariable.PRIVATE_KEY, privateKeyFile.toString())); + } } shell.writeOutputVariables(stdOut, outputVariables); EnumSet<OutputVariable> unusedVariables = outputVariables.isEmpty() diff --git a/security-tools/src/main/sh/vespa-curl-wrapper b/security-tools/src/main/sh/vespa-curl-wrapper index da857984c01..7c2f31d7719 100755 --- a/security-tools/src/main/sh/vespa-curl-wrapper +++ b/security-tools/src/main/sh/vespa-curl-wrapper @@ -6,23 +6,26 @@ set -e -eval $(vespa-security-env) +. $(vespa-security-env) -CURL_PARAMETERS=("$@") +CURL_PARAMETERS=$1 +CONFIGSERVER_URI_WITHOUT_SCHEME=$2 if [ -n "${VESPA_TLS_ENABLED}" ] then - CURL_PARAMETERS=("${CURL_PARAMETERS[@]/http:/https:}") + CONFIGSERVER_URI="https://${CONFIGSERVER_URI_WITHOUT_SCHEME}" +else + CONFIGSERVER_URI="http://${CONFIGSERVER_URI_WITHOUT_SCHEME}" fi if [ -n "${VESPA_TLS_CA_CERT}" ] then - CURL_PARAMETERS=("--cacert" "${VESPA_TLS_CA_CERT}" "${CURL_PARAMETERS[@]}") + CURL_PARAMETERS="--cacert \"${VESPA_TLS_CA_CERT}\" ${CURL_PARAMETERS}" fi if [[ -n "${VESPA_TLS_CERT}" && -n "${VESPA_TLS_PRIVATE_KEY}" ]] then - CURL_PARAMETERS=("--cert" "${VESPA_TLS_CERT}" "--key" "${VESPA_TLS_PRIVATE_KEY}" "${CURL_PARAMETERS[@]}") + CURL_PARAMETERS="--cert \"${VESPA_TLS_CERT}\" --key \"${VESPA_TLS_PRIVATE_KEY}\" ${CURL_PARAMETERS}" fi -curl "${CURL_PARAMETERS[@]}" +curl ${CURL_PARAMETERS} "${CONFIGSERVER_URI}" |