notaryproject · endophage · Jul 25, 2016 · Jul 22, 2016
@@ -5,7 +5,6 @@ import (
 	"errors"
 	"fmt"
 	"net"
-	"net/http"
 	"os"
 	"strings"
 	"time"
@@ -62,7 +61,7 @@ func parseSignerConfig(configFilePath string) (signer.Config, error) {
 	utils.SetUpBugsnag(bugsnagConf)
 
 	// parse server config
-	httpAddr, grpcAddr, tlsConfig, err := getAddrAndTLSConfig(config)
+	grpcAddr, tlsConfig, err := getAddrAndTLSConfig(config)
 	if err != nil {
 		return signer.Config{}, err
 	}
@@ -74,7 +73,6 @@ func parseSignerConfig(configFilePath string) (signer.Config, error) {
 	}
 
 	return signer.Config{
-		HTTPAddr:       httpAddr,
 		GRPCAddr:       grpcAddr,
 		TLSConfig:      tlsConfig,
 		CryptoServices: cryptoServices,
@@ -213,33 +211,18 @@ func setupGRPCServer(grpcAddr string, tlsConfig *tls.Config,
 	return grpcServer, lis, nil
 }
 
-func setupHTTPServer(httpAddr string, tlsConfig *tls.Config,
-	cryptoServices signer.CryptoServiceIndex) *http.Server {
-
-	return &http.Server{
-		Addr:      httpAddr,
-		Handler:   api.Handlers(cryptoServices),
-		TLSConfig: tlsConfig,
-	}
-}
-
-func getAddrAndTLSConfig(configuration *viper.Viper) (string, string, *tls.Config, error) {
+func getAddrAndTLSConfig(configuration *viper.Viper) (string, *tls.Config, error) {
 	tlsConfig, err := utils.ParseServerTLS(configuration, true)
 	if err != nil {
-		return "", "", nil, fmt.Errorf("unable to set up TLS: %s", err.Error())
+		return "", nil, fmt.Errorf("unable to set up TLS: %s", err.Error())
 	}
 
 	grpcAddr := configuration.GetString("server.grpc_addr")
 	if grpcAddr == "" {
-		return "", "", nil, fmt.Errorf("grpc listen address required for server")
-	}
-
-	httpAddr := configuration.GetString("server.http_addr")
-	if httpAddr == "" {
-		return "", "", nil, fmt.Errorf("http listen address required for server")
+		return "", nil, fmt.Errorf("grpc listen address required for server")
 	}
 
-	return httpAddr, grpcAddr, tlsConfig, nil
+	return grpcAddr, tlsConfig, nil
 }
 
 func bootstrap(s interface{}) error {

@@ -58,18 +58,11 @@ func main() {
 		logrus.Fatal(err.Error())
 	}
 
-	httpServer := setupHTTPServer(signerConfig.HTTPAddr, signerConfig.TLSConfig, signerConfig.CryptoServices)
-
 	if debug {
 		log.Println("RPC server listening on", signerConfig.GRPCAddr)
-		log.Println("HTTP server listening on", signerConfig.HTTPAddr)
 	}
 
-	go grpcServer.Serve(lis)
-	err = httpServer.ListenAndServeTLS("", "")
-	if err != nil {
-		log.Fatal("HTTPS server failed to start:", err)
-	}
+	grpcServer.Serve(lis)
 }
 
 func usage() {

@@ -40,26 +40,24 @@ func configure(jsonConfig string) *viper.Viper {
 // error is propagated.
 func TestGetAddrAndTLSConfigInvalidTLS(t *testing.T) {
 	invalids := []string{
-		`{"server": {"http_addr": ":1234", "grpc_addr": ":2345"}}`,
+		`{"server": {"grpc_addr": ":2345"}}`,
 		`{"server": {
-				"http_addr": ":1234",
 				"grpc_addr": ":2345",
 				"tls_cert_file": "nope",
 				"tls_key_file": "nope"
 		}}`,
 	}
 	for _, configJSON := range invalids {
-		_, _, _, err := getAddrAndTLSConfig(configure(configJSON))
+		_, _, err := getAddrAndTLSConfig(configure(configJSON))
 		require.Error(t, err)
 		require.Contains(t, err.Error(), "unable to set up TLS")
 	}
 }
 
 // If a GRPC address is not provided, an error is returned.
 func TestGetAddrAndTLSConfigNoGRPCAddr(t *testing.T) {
-	_, _, _, err := getAddrAndTLSConfig(configure(fmt.Sprintf(`{
+	_, _, err := getAddrAndTLSConfig(configure(fmt.Sprintf(`{
 		"server": {
-			"http_addr": ":1234",
 			"tls_cert_file": "%s",
 			"tls_key_file": "%s"
 		}
@@ -68,31 +66,16 @@ func TestGetAddrAndTLSConfigNoGRPCAddr(t *testing.T) {
 	require.Contains(t, err.Error(), "grpc listen address required for server")
 }
 
-// If an HTTP address is not provided, an error is returned.
-func TestGetAddrAndTLSConfigNoHTTPAddr(t *testing.T) {
-	_, _, _, err := getAddrAndTLSConfig(configure(fmt.Sprintf(`{
-		"server": {
-			"grpc_addr": ":1234",
-			"tls_cert_file": "%s",
-			"tls_key_file": "%s"
-		}
-	}`, Cert, Key)))
-	require.Error(t, err)
-	require.Contains(t, err.Error(), "http listen address required for server")
-}
-
 // Success parsing a valid TLS config, HTTP address, and GRPC address.
 func TestGetAddrAndTLSConfigSuccess(t *testing.T) {
-	httpAddr, grpcAddr, tlsConf, err := getAddrAndTLSConfig(configure(fmt.Sprintf(`{
+	grpcAddr, tlsConf, err := getAddrAndTLSConfig(configure(fmt.Sprintf(`{
 		"server": {
-			"http_addr": ":2345",
 			"grpc_addr": ":1234",
 			"tls_cert_file": "%s",
 			"tls_key_file": "%s"
 		}
 	}`, Cert, Key)))
 	require.NoError(t, err)
-	require.Equal(t, ":2345", httpAddr)
 	require.Equal(t, ":1234", grpcAddr)
 	require.NotNil(t, tlsConf)
 }
@@ -241,12 +224,6 @@ func TestSetupCryptoServicesInvalidStore(t *testing.T) {
 	require.Equal(t, err.Error(), fmt.Sprintf("%s is not an allowed backend, must be one of: %s", "invalid_backend", []string{notary.SQLiteBackend, notary.MemoryBackend, notary.RethinkDBBackend}))
 }
 
-func TestSetupHTTPServer(t *testing.T) {
-	httpServer := setupHTTPServer(":4443", nil, make(signer.CryptoServiceIndex))
-	require.Equal(t, ":4443", httpServer.Addr)
-	require.Nil(t, httpServer.TLSConfig)
-}
-
 func TestSetupGRPCServerInvalidAddress(t *testing.T) {
 	_, _, err := setupGRPCServer("nope", nil, make(signer.CryptoServiceIndex))
 	require.Error(t, err)

@@ -25,7 +25,6 @@ learn more about the configuration section corresponding to that key:
 
 <pre><code class="language-json">{
   <a href="#server-section-required">"server"</a>: {
-    "http_addr": ":4444",
     "grpc_addr": ":7899",
     "tls_cert_file": "./fixtures/notary-signer.crt",
     "tls_key_file": "./fixtures/notary-signer.key",
@@ -57,7 +56,6 @@ Example:
 
 ```json
 "server": {
-  "http_addr": ":4444",
   "grpc_addr": ":7899",
   "tls_cert_file": "./fixtures/notary-signer.crt",
   "tls_key_file": "./fixtures/notary-signer.key",
@@ -71,22 +69,6 @@ Example:
 		<th>Required</th>
 		<th>Description</th>
 	</tr>
-	<tr>
-		<td valign="top"><code>http_addr</code></td>
-		<td valign="top">yes</td>
-		<td valign="top">The TCP address (IP and port) to listen for HTTP
-			traffic on.  Examples:
-			<ul>
-			<li><code>":4444"</code> means listen on port 4444 on all IPs (and
-				hence all interfaces, such as those listed when you run
-				<code>ifconfig</code>)</li>
-			<li><code>"127.0.0.1:4444"</code> means listen on port 4444 on
-				localhost only.  That means that the server will not be
-				accessible except locally (via SSH tunnel, or just on a local
-				terminal)</li>
-			</ul>
-		</td>
-	</tr>
 	<tr>
 		<td valign="top"><code>grpc_addr</code></td>
 		<td valign="top">yes</td>
@@ -107,14 +89,14 @@ Example:
 		<td valign="top"><code>tls_key_file</code></td>
 		<td valign="top">yes</td>
 		<td valign="top">The path to the private key to use for
-			HTTPS. The path is relative to the directory of the
+			GRPC TLS. The path is relative to the directory of the
 			configuration file.</td>
 	</tr>
 	<tr>
 		<td valign="top"><code>tls_cert_file</code></td>
 		<td valign="top">yes</td>
 		<td valign="top">The path to the certificate to use for
-			HTTPS. The path is relative to the directory of the
+			GRPC TLS. The path is relative to the directory of the
 			configuration file.</td>
 	</tr>
 	<tr>

@@ -1,6 +1,5 @@
 {
 	"server": {
-		"http_addr": ":4444",
 		"grpc_addr": ":7899",
 		"tls_cert_file": "./notary-signer.crt",
 		"tls_key_file": "./notary-signer.key",

@@ -1,6 +1,5 @@
 {
 	"server": {
-		"http_addr": ":4444",
 		"grpc_addr": ":7899",
 		"tls_cert_file": "./notary-signer.crt",
 		"tls_key_file": "./notary-signer.key",

@@ -1,6 +1,5 @@
 {
 	"server": {
-		"http_addr": ":4444",
 		"grpc_addr": ":7899",
 		"tls_cert_file": "./notary-signer.crt",
 		"tls_key_file": "./notary-signer.key",

@@ -17,8 +17,6 @@ ENV SERVICE_NAME=notary_signer
 ENV NOTARY_SIGNER_DEFAULT_ALIAS="timestamp_1"
 ENV NOTARY_SIGNER_TIMESTAMP_1="testpassword"
 
-EXPOSE 4444
-
 # Install notary-signer
 RUN go install \
     -tags pkcs11 \