Add secure option to registry

2016-01-16 20:25:18 +00:00 · 2016-01-16 20:25:18 +00:00 · 60ee085cbc
commit 60ee085cbc
parent fb25558142
2 changed files with 37 additions and 0 deletions
--- a/registry/consul_registry.go
+++ b/registry/consul_registry.go
@ -1,10 +1,14 @@
 package registry

 import (
+	"crypto/tls"
 	"encoding/json"
 	"errors"
 	"fmt"
 	"net"
+	"net/http"
+	"runtime"
+	"time"

 	consul "github.com/hashicorp/consul/api"
 )
@ -15,6 +19,24 @@ type consulRegistry struct {
 	Options Options
 }

+func newTransport() *http.Transport {
+	t := &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		Dial: (&net.Dialer{
+			Timeout:   30 * time.Second,
+			KeepAlive: 30 * time.Second,
+		}).Dial,
+		TLSHandshakeTimeout: 10 * time.Second,
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: true,
+		},
+	}
+	runtime.SetFinalizer(&t, func(tr **http.Transport) {
+		(*tr).CloseIdleConnections()
+	})
+	return t
+}
+
 func encodeEndpoints(en []*Endpoint) []string {
 	var tags []string
 	for _, e := range en {
@ -94,6 +116,13 @@ func newConsulRegistry(addrs []string, opts ...Option) Registry {
 		}
 	}

+	// requires secure connection?
+	if opt.Secure {
+		config.Scheme = "https"
+		// We're going to support InsecureSkipVerify
+		config.HttpClient.Transport = newTransport()
+	}
+
 	// create the client
 	client, _ := consul.NewClient(config)

--- a/registry/options.go
+++ b/registry/options.go
@ -8,6 +8,7 @@ import (

 type Options struct {
 	Timeout time.Duration
+	Secure  bool

 	// Other options for implementations of the interface
 	// can be stored in a context
@ -19,3 +20,10 @@ func Timeout(t time.Duration) Option {
 		o.Timeout = t
 	}
 }
+
+// Secure communication with the registry
+func Secure(b bool) Option {
+	return func(o *Options) {
+		o.Secure = b
+	}
+}