From 3db60aeb436b1dcab0514d85a97e6be23367d758 Mon Sep 17 00:00:00 2001
From: Edwin Xie <exie@pivotal.io>
Date: Thu, 6 Feb 2020 09:59:23 -0800
Subject: [PATCH] allow configuration of nats-tls hostname

Prefer a locally specified hostname in the route-emitter and route-emitter
windows spec over the use of the nats-tls link instances.address.

This is required if specifying a bosh-dns-alias for nats-tls. It is
helpful to have a bosh-dns-alias when connecting to a host using TLS for
hostname verification.

[#170956876](https://www.pivotaltracker.com/story/show/170956876)

Co-authored-by: Aidan Obley <aobley@pivotal.io>
Co-authored-by: Clay Kauzlaric <ckauzlaric@pivotal.io>
---
 jobs/route_emitter/spec                                     | 2 ++
 jobs/route_emitter/templates/route_emitter.json.erb         | 3 +++
 jobs/route_emitter_windows/spec                             | 2 ++
 jobs/route_emitter_windows/templates/route_emitter.json.erb | 3 +++
 4 files changed, 10 insertions(+)

diff --git a/jobs/route_emitter/spec b/jobs/route_emitter/spec
index 26383b542c..7c84cbba40 100644
--- a/jobs/route_emitter/spec
+++ b/jobs/route_emitter/spec
@@ -59,6 +59,8 @@ properties:
   diego.route_emitter.nats.tls.enabled:
     description: "Enable connecting to NATS server via TLS."
     default: false
+  diego.route_emitter.nats.tls.hostname:
+    description: "Hostname of the NATS cluster."
   diego.route_emitter.nats.tls.client_cert:
     description: "PEM-encoded certificate for the route-emitter to present to NATS for verification when connecting via TLS."
   diego.route_emitter.nats.tls.client_key:
diff --git a/jobs/route_emitter/templates/route_emitter.json.erb b/jobs/route_emitter/templates/route_emitter.json.erb
index 3f28b4b258..fba3371c0b 100644
--- a/jobs/route_emitter/templates/route_emitter.json.erb
+++ b/jobs/route_emitter/templates/route_emitter.json.erb
@@ -32,6 +32,9 @@
   if_link('nats-tls') do |nats_link|
     if p("diego.route_emitter.nats.tls.enabled")
       nats_machines = nats_link.instances.map { |instance| instance.address }
+      if_p("diego.route_emitter.nats.tls.hostname") do | prop |
+        nats_machines = [prop]
+      end
       nats_port = nats_link.p("nats.port")
       nats_user = nats_link.p("nats.user")
       nats_password = nats_link.p("nats.password")
diff --git a/jobs/route_emitter_windows/spec b/jobs/route_emitter_windows/spec
index 2fb3a19bb4..d86340e8f0 100644
--- a/jobs/route_emitter_windows/spec
+++ b/jobs/route_emitter_windows/spec
@@ -49,6 +49,8 @@ properties:
   diego.route_emitter.nats.tls.enabled:
     description: "Enable connecting to NATS server via TLS."
     default: false
+  diego.route_emitter.nats.tls.hostname:
+    description: "Hostname of the NATS cluster."
   diego.route_emitter.nats.tls.client_cert:
     description: "PEM-encoded certificate for the route-emitter to present to NATS for verification when connecting via TLS."
   diego.route_emitter.nats.tls.client_key:
diff --git a/jobs/route_emitter_windows/templates/route_emitter.json.erb b/jobs/route_emitter_windows/templates/route_emitter.json.erb
index 034e7a1af7..a13382adae 100644
--- a/jobs/route_emitter_windows/templates/route_emitter.json.erb
+++ b/jobs/route_emitter_windows/templates/route_emitter.json.erb
@@ -32,6 +32,9 @@
   if_link('nats-tls') do |nats_link|
     if p("diego.route_emitter.nats.tls.enabled")
       nats_machines = nats_link.instances.map { |instance| instance.address }
+      if_p("diego.route_emitter.nats.tls.hostname") do | prop |
+        nats_machines = [prop]
+      end
       nats_port = nats_link.p("nats.port")
       nats_user = nats_link.p("nats.user")
       nats_password = nats_link.p("nats.password")