aboutsummaryrefslogtreecommitdiffstats
path: root/security-tools
diff options
context:
space:
mode:
authorHarald Musum <musum@verizonmedia.com>2019-07-05 17:47:51 +0200
committerGitHub <noreply@github.com>2019-07-05 17:47:51 +0200
commit8bd66b92b22446d1d696044cc8efcf6ad2c36fab (patch)
tree9b5f8382e0c00a3ba4712acc0f1c2353494de547 /security-tools
parent7fe25033fc0e83fa2eb2ed50e9f2983ec98c2b6f (diff)
Revert "Bjorncs/tls vespa deploy"
Diffstat (limited to 'security-tools')
-rw-r--r--security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java14
-rwxr-xr-xsecurity-tools/src/main/sh/vespa-curl-wrapper15
2 files changed, 17 insertions, 12 deletions
diff --git a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java
index 367d7b9dd83..ae18700246c 100644
--- a/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java
+++ b/security-tools/src/main/java/com/yahoo/vespa/security/tool/securityenv/Main.java
@@ -51,15 +51,17 @@ public class Main {
Map<OutputVariable, String> outputVariables = new TreeMap<>();
Optional<TransportSecurityOptions> options = TransportSecurityUtils.getOptions(envVars);
- MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(envVars);
- if (options.isPresent() && mixedMode != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) {
+ if (options.isPresent()) {
outputVariables.put(OutputVariable.TLS_ENABLED, "1");
options.get().getCaCertificatesFile()
.ifPresent(caCertFile -> outputVariables.put(OutputVariable.CA_CERTIFICATE, caCertFile.toString()));
- options.get().getCertificatesFile()
- .ifPresent(certificateFile -> outputVariables.put(OutputVariable.CERTIFICATE, certificateFile.toString()));
- options.get().getPrivateKeyFile()
- .ifPresent(privateKeyFile -> outputVariables.put(OutputVariable.PRIVATE_KEY, privateKeyFile.toString()));
+ MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(envVars);
+ if (mixedMode != MixedMode.PLAINTEXT_CLIENT_MIXED_SERVER) {
+ options.get().getCertificatesFile()
+ .ifPresent(certificateFile -> outputVariables.put(OutputVariable.CERTIFICATE, certificateFile.toString()));
+ options.get().getPrivateKeyFile()
+ .ifPresent(privateKeyFile -> outputVariables.put(OutputVariable.PRIVATE_KEY, privateKeyFile.toString()));
+ }
}
shell.writeOutputVariables(stdOut, outputVariables);
EnumSet<OutputVariable> unusedVariables = outputVariables.isEmpty()
diff --git a/security-tools/src/main/sh/vespa-curl-wrapper b/security-tools/src/main/sh/vespa-curl-wrapper
index da857984c01..7c2f31d7719 100755
--- a/security-tools/src/main/sh/vespa-curl-wrapper
+++ b/security-tools/src/main/sh/vespa-curl-wrapper
@@ -6,23 +6,26 @@
set -e
-eval $(vespa-security-env)
+. $(vespa-security-env)
-CURL_PARAMETERS=("$@")
+CURL_PARAMETERS=$1
+CONFIGSERVER_URI_WITHOUT_SCHEME=$2
if [ -n "${VESPA_TLS_ENABLED}" ]
then
- CURL_PARAMETERS=("${CURL_PARAMETERS[@]/http:/https:}")
+ CONFIGSERVER_URI="https://${CONFIGSERVER_URI_WITHOUT_SCHEME}"
+else
+ CONFIGSERVER_URI="http://${CONFIGSERVER_URI_WITHOUT_SCHEME}"
fi
if [ -n "${VESPA_TLS_CA_CERT}" ]
then
- CURL_PARAMETERS=("--cacert" "${VESPA_TLS_CA_CERT}" "${CURL_PARAMETERS[@]}")
+ CURL_PARAMETERS="--cacert \"${VESPA_TLS_CA_CERT}\" ${CURL_PARAMETERS}"
fi
if [[ -n "${VESPA_TLS_CERT}" && -n "${VESPA_TLS_PRIVATE_KEY}" ]]
then
- CURL_PARAMETERS=("--cert" "${VESPA_TLS_CERT}" "--key" "${VESPA_TLS_PRIVATE_KEY}" "${CURL_PARAMETERS[@]}")
+ CURL_PARAMETERS="--cert \"${VESPA_TLS_CERT}\" --key \"${VESPA_TLS_PRIVATE_KEY}\" ${CURL_PARAMETERS}"
fi
-curl "${CURL_PARAMETERS[@]}"
+curl ${CURL_PARAMETERS} "${CONFIGSERVER_URI}"