From 66487607e2081c7c2af2281c62c14ee000d5024b Mon Sep 17 00:00:00 2001
From: Brad Fitzpatrick <bradfitz@golang.org>
Date: Thu, 1 Feb 2018 23:02:22 +0000
Subject: [PATCH] cmd/tip: enable HTTP ACME challenges

Updates golang/go#23627

Change-Id: I9dff655b531dc3491419ee1883c570c0bc5d8955
Reviewed-on: https://go-review.googlesource.com/91518
Reviewed-by: Andrew Bonventre <andybons@golang.org>
---
 cmd/tip/Dockerfile | 65 +++++++++++++++++++++++++++-------------------
 cmd/tip/Makefile   |  8 +++++-
 cmd/tip/cert.go    | 23 ++++++++++++----
 cmd/tip/tip.go     | 20 +++++++++++---
 4 files changed, 79 insertions(+), 37 deletions(-)

diff --git a/cmd/tip/Dockerfile b/cmd/tip/Dockerfile
index 86dfe364..51cf6d3c 100644
--- a/cmd/tip/Dockerfile
+++ b/cmd/tip/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.8
+FROM golang:1.9
 
 RUN apt-get update && apt-get install --no-install-recommends -y -q build-essential git
 
@@ -7,59 +7,59 @@ ENV GOROOT_BOOTSTRAP /usr/local/go
 
 # BEGIN deps (run `make update-deps` to update)
 
-# Repo cloud.google.com/go at 76d607c (2017-07-20)
-ENV REV=76d607c4e7a2b9df49f1d1a58a3f3d2dd2614704
+# Repo cloud.google.com/go at 1d0c2da (2018-01-30)
+ENV REV=1d0c2da40456a9b47f5376165f275424acc15c09
 RUN go get -d cloud.google.com/go/compute/metadata `#and 6 other pkgs` &&\
     (cd /go/src/cloud.google.com/go && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
 
-# Repo github.com/golang/protobuf at 0a4f71a (2017-07-11)
-ENV REV=0a4f71a498b7c4812f64969510bcb4eca251e33a
+# Repo github.com/golang/protobuf at 9255415 (2018-01-25)
+ENV REV=925541529c1fa6821df4e44ce2723319eb2be768
 RUN go get -d github.com/golang/protobuf/proto `#and 6 other pkgs` &&\
     (cd /go/src/github.com/golang/protobuf && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
 
-# Repo github.com/googleapis/gax-go at 84ed267 (2017-06-10)
-ENV REV=84ed26760e7f6f80887a2fbfb50db3cc415d2cea
+# Repo github.com/googleapis/gax-go at 317e000 (2017-09-15)
+ENV REV=317e0006254c44a0ac427cc52a0e083ff0b9622f
 RUN go get -d github.com/googleapis/gax-go &&\
     (cd /go/src/github.com/googleapis/gax-go && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
 
-# Repo golang.org/x/build at da1460b (2017-07-31)
-ENV REV=da1460b7c9c9b65383d1336593ed9ad346f6a1c5
+# Repo golang.org/x/build at e879390 (2018-02-01)
+ENV REV=e8793909ba350594eea4c7c6bdb0f0d9a0d0f77a
 RUN go get -d golang.org/x/build/autocertcache &&\
     (cd /go/src/golang.org/x/build && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
 
-# Repo golang.org/x/crypto at 6914964 (2017-07-20)
-ENV REV=6914964337150723782436d56b3f21610a74ce7b
+# Repo golang.org/x/crypto at 1875d0a (2018-01-27)
+ENV REV=1875d0a70c90e57f11972aefd42276df65e895b9
 RUN go get -d golang.org/x/crypto/acme `#and 2 other pkgs` &&\
     (cd /go/src/golang.org/x/crypto && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
 
-# Repo golang.org/x/net at ab54850 (2017-07-21)
-ENV REV=ab5485076ff3407ad2d02db054635913f017b0ed
+# Repo golang.org/x/net at 6d90978 (2018-02-01)
+ENV REV=6d90978dc4889d44e8cfbd04c05d17b5417823c7
 RUN go get -d golang.org/x/net/context `#and 8 other pkgs` &&\
     (cd /go/src/golang.org/x/net && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
 
-# Repo golang.org/x/oauth2 at b53b38a (2017-07-19)
-ENV REV=b53b38ad8a6435bd399ea76d0fa74f23149cca4e
+# Repo golang.org/x/oauth2 at 30785a2 (2018-01-04)
+ENV REV=30785a2c434e431ef7c507b54617d6a951d5f2b4
 RUN go get -d golang.org/x/oauth2 `#and 5 other pkgs` &&\
     (cd /go/src/golang.org/x/oauth2 && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
 
-# Repo golang.org/x/text at 836efe4 (2017-07-14)
-ENV REV=836efe42bb4aa16aaa17b9c155d8813d336ed720
+# Repo golang.org/x/text at e19ae14 (2017-12-27)
+ENV REV=e19ae1496984b1c655b8044a65c0300a3c878dd3
 RUN go get -d golang.org/x/text/secure/bidirule `#and 4 other pkgs` &&\
     (cd /go/src/golang.org/x/text && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
 
-# Repo google.golang.org/api at 295e4bb (2017-07-18)
-ENV REV=295e4bb0ade057ae2cfb9876ab0b54635dbfcea4
+# Repo google.golang.org/api at 7d0e2d3 (2018-01-30)
+ENV REV=7d0e2d350555821bef5a5b8aecf0d12cc1def633
 RUN go get -d google.golang.org/api/gensupport `#and 9 other pkgs` &&\
     (cd /go/src/google.golang.org/api && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
 
-# Repo google.golang.org/genproto at b0a3dcf (2017-07-12)
-ENV REV=b0a3dcfcd1a9bd48e63634bd8802960804cf8315
+# Repo google.golang.org/genproto at 4eb30f4 (2018-01-25)
+ENV REV=4eb30f4778eed4c258ba66527a0d4f9ec8a36c45
 RUN go get -d google.golang.org/genproto/googleapis/api/annotations `#and 3 other pkgs` &&\
     (cd /go/src/google.golang.org/genproto && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
 
-# Repo google.golang.org/grpc at fa1cb32 (2017-07-31)
-ENV REV=fa1cb32dc4f81e23ab862dd5e7ac4f2920a33088
-RUN go get -d google.golang.org/grpc `#and 14 other pkgs` &&\
+# Repo google.golang.org/grpc at 0bd008f (2018-01-25)
+ENV REV=0bd008f5fadb62d228f12b18d016709e8139a7af
+RUN go get -d google.golang.org/grpc `#and 23 other pkgs` &&\
     (cd /go/src/google.golang.org/grpc && (git cat-file -t $REV 2>/dev/null || git fetch -q origin $REV) && git reset --hard $REV)
 
 # Optimization to speed up iterative development, not necessary for correctness:
@@ -109,15 +109,24 @@ RUN go install cloud.google.com/go/compute/metadata \
 	google.golang.org/genproto/googleapis/iam/v1 \
 	google.golang.org/genproto/googleapis/rpc/status \
 	google.golang.org/grpc \
+	google.golang.org/grpc/balancer \
+	google.golang.org/grpc/balancer/base \
+	google.golang.org/grpc/balancer/roundrobin \
 	google.golang.org/grpc/codes \
+	google.golang.org/grpc/connectivity \
 	google.golang.org/grpc/credentials \
-	google.golang.org/grpc/grpclb/grpc_lb_v1 \
+	google.golang.org/grpc/encoding \
+	google.golang.org/grpc/encoding/proto \
+	google.golang.org/grpc/grpclb/grpc_lb_v1/messages \
 	google.golang.org/grpc/grpclog \
 	google.golang.org/grpc/internal \
 	google.golang.org/grpc/keepalive \
 	google.golang.org/grpc/metadata \
 	google.golang.org/grpc/naming \
 	google.golang.org/grpc/peer \
+	google.golang.org/grpc/resolver \
+	google.golang.org/grpc/resolver/dns \
+	google.golang.org/grpc/resolver/passthrough \
 	google.golang.org/grpc/stats \
 	google.golang.org/grpc/status \
 	google.golang.org/grpc/tap \
@@ -128,5 +137,7 @@ RUN go install cloud.google.com/go/compute/metadata \
 ADD . /go/src/tip
 RUN go install --tags=autocert tip
 ENTRYPOINT ["/go/bin/tip"]
-# App Engine expects us to listen on port 8080
-EXPOSE 8080
+
+# We listen on 8080 (for historical reasons). The service.yaml maps public port 80 to 8080.
+# We also listen on 443 for LetsEncrypt TLS.
+EXPOSE 8080 443
diff --git a/cmd/tip/Makefile b/cmd/tip/Makefile
index 7d2f6ed3..79026883 100644
--- a/cmd/tip/Makefile
+++ b/cmd/tip/Makefile
@@ -4,9 +4,15 @@
 
 VERSION=v2
 
+.PHONY: usage
+
+usage:
+	echo "See Makefile"
+	exit 1
+
 update-deps:
 	go install golang.org/x/build/cmd/gitlock
-	gitlock --update=Dockerfile --ignore=NONE golang.org/x/tools/cmd/tip
+	gitlock --update=Dockerfile --ignore=NONE --tags=autocert golang.org/x/tools/cmd/tip
 
 docker-prod: Dockerfile
 	docker build -f Dockerfile --tag=gcr.io/symbolic-datum-552/tip:$(VERSION) .
diff --git a/cmd/tip/cert.go b/cmd/tip/cert.go
index e00777b2..f912cf38 100644
--- a/cmd/tip/cert.go
+++ b/cmd/tip/cert.go
@@ -25,9 +25,13 @@ import (
 
 func init() {
 	runHTTPS = runHTTPSAutocert
+	certInit = certInitAutocert
+	wrapHTTPMux = wrapHTTPMuxAutocert
 }
 
-func runHTTPSAutocert(h http.Handler) error {
+var autocertManager *autocert.Manager
+
+func certInitAutocert() {
 	var cache autocert.Cache
 	if b := *autoCertCacheBucket; b != "" {
 		sc, err := storage.NewClient(context.Background())
@@ -36,15 +40,24 @@ func runHTTPSAutocert(h http.Handler) error {
 		}
 		cache = autocertcache.NewGoogleCloudStorageCache(sc, b)
 	}
-	m := autocert.Manager{
+	autocertManager = &autocert.Manager{
 		Prompt:     autocert.AcceptTOS,
 		HostPolicy: autocert.HostWhitelist(*autoCertDomain),
 		Cache:      cache,
 	}
+}
+
+func runHTTPSAutocert(h http.Handler) error {
 	s := &http.Server{
-		Addr:      ":https",
-		Handler:   h,
-		TLSConfig: &tls.Config{GetCertificate: m.GetCertificate},
+		Addr:    ":https",
+		Handler: h,
+		TLSConfig: &tls.Config{
+			GetCertificate: autocertManager.GetCertificate,
+		},
 	}
 	return s.ListenAndServeTLS("", "")
 }
+
+func wrapHTTPMuxAutocert(h http.Handler) http.Handler {
+	return autocertManager.HTTPHandler(h)
+}
diff --git a/cmd/tip/tip.go b/cmd/tip/tip.go
index 6e0fd47a..91032dc2 100644
--- a/cmd/tip/tip.go
+++ b/cmd/tip/tip.go
@@ -38,9 +38,13 @@ var (
 	autoCertCacheBucket = flag.String("autocert-bucket", "", "if non-empty, the Google Cloud Storage bucket in which to store the LetsEncrypt cache")
 )
 
-// runHTTPS, if non-nil, specifies the function to serve HTTPS.
-// It is set non-nil in cert.go with the "autocert" build tag.
-var runHTTPS func(http.Handler) error
+// Hooks that are set non-nil in cert.go if the "autocert" build tag
+// is used.
+var (
+	certInit    func()
+	runHTTPS    func(http.Handler) error
+	wrapHTTPMux func(http.Handler) http.Handler
+)
 
 func main() {
 	flag.Parse()
@@ -56,6 +60,10 @@ func main() {
 		log.Fatalf("Unknown %v value: %q", k, os.Getenv(k))
 	}
 
+	if certInit != nil {
+		certInit()
+	}
+
 	p := &Proxy{builder: b}
 	go p.run()
 	mux := newServeMux(p)
@@ -65,7 +73,11 @@ func main() {
 	errc := make(chan error, 1)
 
 	go func() {
-		errc <- http.ListenAndServe(":8080", mux)
+		var httpMux http.Handler = mux
+		if wrapHTTPMux != nil {
+			httpMux = wrapHTTPMux(httpMux)
+		}
+		errc <- http.ListenAndServe(":8080", httpMux)
 	}()
 	if *autoCertDomain != "" {
 		if runHTTPS == nil {