search

sous-chefs / consul

Development repository for the consul cookbook
https://supermarket.chef.io/cookbooks/consul
Apache License 2.0
192 stars 244 forks source link

modify consul_acl resource to support SSL options #442

Closed shayangz closed 7 years ago

shayangz commented 7 years ago

Currently the consul_acl resource breaks with an SSL only Consul cluster. This PR adds ability to pass optional SSL attributes to enable using the resource in such situations.

legal90 commented 7 years ago

Hi @shayangz, Thank you for the contribution! Adding SSL options to consul_acl is a good idea. But since ssl hash is passing through Diplomat directly to Faraday HTTP lib, may be it would be better an easier just to add a single attribute ssl to allow users to pass the desired hash?

      # @!attribute ssl
      # @return [Hash]

      attribute(:ssl, kind_of: Hash, default: {})

Then it should be possible to pass a hash with custom SSL settings:

consul_acl 'token' do
  # ... other params
  ssl({
    client_cert: '...',
    client_key: '...',
    ca_file: '...',
    ca_path: '...',
    cert_store: '...'
  })
end

as well as this one (to disable peer verification):

consul_acl 'token' do
  # ... other params
  ssl({ verify: false })
end
shayangz commented 7 years ago

Consolidating the options into a single Hash sounds great. Updated the PR.

legal90 commented 7 years ago

@shayangz Thank you!

lock[bot] commented 4 years ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.