Initial working server commit

Dockerfile

@@ -0,0 +1,9 @@
+FROM golang
+
+COPY . /go/src/github.com/docker/vetinari
+
+RUN go get github.com/docker/vetinari/cmd/vetinari-server
+
+EXPOSE 4443
+
+CMD vetinari-server -cert /go/src/github.com/docker/vetinari/fixtures/ca.pem -key /go/src/github.com/docker/vetinari/fixtures/ca-key.pem -debug

cmd/vetinari-server/main.go

@@ -0,0 +1,89 @@
+package main
+
+import (
+	"crypto/rand"
+	"crypto/tls"
+	_ "expvar"
+	"flag"
+	"log"
+	"net/http"
+	"os"
+
+	_ "github.com/docker/distribution/health"
+	"github.com/docker/vetinari/server/handlers"
+	"github.com/gorilla/mux"
+)
+
+const ADDR = ":4443"
+const DEBUG_ADDR = "localhost:8080"
+
+var debug bool
+var certFile, keyFile string
+
+func init() {
+	flag.StringVar(&certFile, "cert", "", "Intermediate certificates")
+	flag.StringVar(&keyFile, "key", "", "Private key file")
+	flag.BoolVar(&debug, "debug", false, "show the version and exit")
+}
+
+func main() {
+	flag.Usage = usage
+	flag.Parse()
+
+	if DEBUG_ADDR != "" {
+		go debugServer(DEBUG_ADDR)
+	}
+
+	if certFile == "" || keyFile == "" {
+		usage()
+		log.Fatalf("Certificate and key are mandatory")
+	}
+
+	tlsConfig := &tls.Config{
+		MinVersion:               tls.VersionTLS12,
+		PreferServerCipherSuites: true,
+		CipherSuites: []uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
+			tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+			tls.TLS_RSA_WITH_AES_256_CBC_SHA},
+	}
+	tlsConfig.Rand = rand.Reader
+
+	r := mux.NewRouter()
+	r.HandleFunc("/", handlers.MainHandler)
+
+	server := http.Server{
+		Addr:      ADDR,
+		Handler:   r,
+		TLSConfig: tlsConfig,
+	}
+
+	if debug {
+		log.Println("[Vetinari Server] : Listening on", ADDR)
+	}
+
+	err := server.ListenAndServeTLS(certFile, keyFile)
+	if err != nil {
+		log.Fatalf("[Vetinari Server] : Failed to start %s", err)
+	}
+}
+
+func usage() {
+	log.Println(os.Stderr, "usage:", os.Args[0], "<config>")
+	flag.PrintDefaults()
+}
+
+// debugServer starts the debug server with pprof, expvar among other
+// endpoints. The addr should not be exposed externally. For most of these to
+// work, tls cannot be enabled on the endpoint, so it is generally separate.
+func debugServer(addr string) {
+	log.Println("[Vetinari Debug Server] server listening on", addr)
+	if err := http.ListenAndServe(addr, nil); err != nil {
+		log.Fatalf("[Vetinari Debug Server] error listening on debug interface: %v", err)
+	}
+}

cmd/vetinari-server/main_test.go

@@ -0,0 +1 @@
+package main

fixtures/ca-key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEA4zWKzehx/YuLfvbphGLLAnxHiAizsqR17Ch9zN5wxZInJduz
+9v2HZCFgqV/4ZqITsA/y5ibr6X31KLkiSgPABc/AZiBcgONz41TmGVIy7lzU9xsq
+vDwTqzyYyoBXN+TbJk6NAHglhHpbOa6T1Pwf2K9D6ypSytpFkz6JltLJFbpIxYtz
+g3cpCwR/ZBOS5f4bqzMnrIlfZUbta50/wc5HIgU6Q3Ggx/CIiICMEgtWZxoPM5Oq
+tt0tnVZPJoSA9xUOVRXOnb9NZVrHgvyCpL8D9qsGISOUveV/fvYOw/+Iy+2y5rc7
+dSfSH1XbczE8RLdhTMLYgmg6km7rq4JQBvtIlwIDAQABAoIBAQCNweUlTQZ502uo
+PnM5hs30cgfLJuq+5X8xZZ3/iTVA/0vvgeEJk+q6HV0Kr/bySeMQsRKyZ8w+tLiV
+vNRY63gN6C25Si2MuNygFGMvnyppr3+r4MZMBQuchcUqauJ/3AijINU2Wr/FpPVv
+yq0vcFKKReeRPKnFKGPKV3VOpZqSM6ds1fqjG0vJPtW4OYhii9QWBky94kb9P9ef
+52X7EcESY+G+gLOxEt95KYCY5gLvyOxObUtk9xGzmcKMmYr80fgqDllavMie7BQ6
+BHm5EUfxtPd1Q0Pd8ZYYZusYD1dxiBISlncf0kDG0PYWifb8HTPOEddX9CwzYfnV
+alea2ENZAoGBAOeoQW+dwTU9OBDOUADysBoR0EU2F/+wbCLsQTj4QBZXg91+CR0P
+o57v56yoCEz4dsVi2YtphFbM2Gb8ByqMDa4/onlUrnbkb+bUR4mJ34vF78kSrMnu
+3HwP1SBvucleaRpr7O8Qh6A5+AHs8O4ApMU3DJyBeo0BO37XjBpMFIhTAoGBAPsV
+oStqT0zS1axXeR/wlg7181e9ZAbJWo6YYktabud7V+iPn+8zjecpD2rNn92wWkYR
+tGUL4XJeC/vF0IP9EdmOg275IFgC22svNnli7daMOMeznuxoz7nzVscHqw7HVTp+
+bkDPBs55IwrIG9hy3XlvgD6VmgaZa5cBQG0H8SYtAoGAGdB3EkALEqqyv7St150z
+oIQRqFTB0d1P/4hCMF4BjjvMVvc/fryKaCCluWi0HBen7JD6Wv20IJQNHVTCW6xl
+reArc8fK9Ta5fYh0PFBf18yDzu1E0e/LJAwDnOy2UEkz/xy9t1opMuKiz1we8Paj
+ZdKfliUbifD0N0s/soJ92z8CgYEAz/vPwJXUUG/I3XSr+eAhfQ0Q4NoaFGEQaVQj
+AAZOHeOXIyZttgf/gL8LbU4dIdbmQGqEAru/qSvsQ0dN/TdRZORfTTqCJ0Vemj/G
+oPBo0TLgCdRpTa1YfNDsTfu1H43QtJ5sF7UmDzxa4aB3KGmlueS51522s8a8T56S
+zn4orJUCgYBNdWYT6HZEyhcCwchFCDGurSFDP1NEO4chMS4R4fFKulOA9reL7xAP
+KSkKGTgZwNF6fjY7+iVnK533dPsi3aWdnkSNi0inXCeUCwbUUosENtmPslltGbYL
+qC7m5yTyCi/nh0dXh23bTCRuxqVcTNnPENZ5uXt3T7kiw2IGIXKqEQ==
+-----END RSA PRIVATE KEY-----

fixtures/ca.pem

@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC1jCCAcCgAwIBAgIRAP8N1ySxBPApJwblEm6nP14wCwYJKoZIhvcNAQELMBYx
+FDASBgNVBAoTC0Jvb3QyRG9ja2VyMB4XDTE1MDMzMTIzMTQyN1oXDTE4MDMxNTIz
+MTQyN1owFjEUMBIGA1UEChMLQm9vdDJEb2NrZXIwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQDjNYrN6HH9i4t+9umEYssCfEeICLOypHXsKH3M3nDFkicl
+27P2/YdkIWCpX/hmohOwD/LmJuvpffUouSJKA8AFz8BmIFyA43PjVOYZUjLuXNT3
+Gyq8PBOrPJjKgFc35NsmTo0AeCWEels5rpPU/B/Yr0PrKlLK2kWTPomW0skVukjF
+i3ODdykLBH9kE5Ll/hurMyesiV9lRu1rnT/BzkciBTpDcaDH8IiIgIwSC1ZnGg8z
+k6q23S2dVk8mhID3FQ5VFc6dv01lWseC/IKkvwP2qwYhI5S95X9+9g7D/4jL7bLm
+tzt1J9IfVdtzMTxEt2FMwtiCaDqSbuurglAG+0iXAgMBAAGjIzAhMA4GA1UdDwEB
+/wQEAwIApDAPBgNVHRMBAf8EBTADAQH/MAsGCSqGSIb3DQEBCwOCAQEAzJ8XzvTU
+jV3p38Oe6tzzJmL51MVbJ0+FTGAVBXxiS50Gmb7bTgG6VpDVn4mzBFxbZHKmljDZ
+mWDO2S6AH+Z8La+81cStoRxhcHrHPRu676qQlmZCXOgScyjccMJShsz26fWTcafh
+cbSBzY8CvtSNvbk8SV1+r4Yq91cII6HHUsYE78GblW6y6SP3gqTP55vATJajaEqp
+0mcX4JaFg3+hnTVZlRlKbR5BsYKDaR2bp2PE2EE7KQv4PrsqvVq4iJ0nxjMkdC4R
+OcFjUgb5uplOnuhm6u287mSVsTbbFGQeojL9RpBcrwXr2Lbkh9MuEHxMyW2FtkFU
+vsnNyfVXIR+xOA==
+-----END CERTIFICATE-----

server/handlers/default.go

@@ -0,0 +1,17 @@
+package handlers
+
+import (
+	"encoding/json"
+	"net/http"
+)
+
+func MainHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method == "GET" {
+		err := json.NewEncoder(w).Encode("{}")
+		if err != nil {
+			w.Write([]byte("{server_error: 'Could not parse error message'}"))
+		}
+	} else {
+		w.WriteHeader(http.StatusNotFound)
+	}
+}

server/handlers/default_test.go

@@ -0,0 +1 @@
+package handlers