consul

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 27, 2022 License: MPL-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source
const (
	RootCAFile           = "root-ca.pem"
	ClientCertFile       = "client.crt"
	ClientPrivateKeyFile = "client.pem"
	SDSCertConfigFile    = "tls-sds.json"
	SDSCAConfigFile      = "validation-context-sds.json"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Authenticator

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator handles Consul auth login logic.

func NewAuthenticator

func NewAuthenticator(logger hclog.Logger, consul *api.Client, method, namespace string) *Authenticator

NewAuthenticator initializes a new Authenticator instance.

func (*Authenticator) Authenticate

func (a *Authenticator) Authenticate(ctx context.Context, service, bearerToken string) (string, error)

Authenticate logs into Consul using the given auth method and returns the generated token.

func (*Authenticator) WithTries

func (a *Authenticator) WithTries(tries uint64) *Authenticator

type CertManager

type CertManager struct {
	// contains filtered or unexported fields
}

CertManager handles Consul leaf certificate management and certificate rotation. Once a leaf certificate has expired, it generates a new certificate and writes it to the location given in the configuration options with which it was created.

func NewCertManager

func NewCertManager(logger hclog.Logger, consul *api.Client, service string, options *CertManagerOptions) *CertManager

NewCertManager creates a new CertManager instance.

func (*CertManager) Certificate

func (c *CertManager) Certificate() []byte

Certificate returns the current leaf cert

func (*CertManager) Manage

func (c *CertManager) Manage(ctx context.Context) error

Manage is the main run loop of the manager and should be run in a go routine. It should be passed a cancellable context that signals when the manager should stop and return. If it receives an unexpected error the loop exits.

func (*CertManager) PrivateKey

func (c *CertManager) PrivateKey() []byte

PrivateKey returns the current leaf cert private key

func (*CertManager) RenderSDSConfig

func (c *CertManager) RenderSDSConfig() (string, error)

func (*CertManager) RootCA

func (c *CertManager) RootCA() []byte

RootCA returns the current CA cert

func (*CertManager) RootPool

func (c *CertManager) RootPool() *x509.CertPool

RootPool returns the certificate pool for the connect root CA

func (*CertManager) SPIFFE

func (c *CertManager) SPIFFE() *url.URL

func (*CertManager) TLSCertificate

func (c *CertManager) TLSCertificate() *tls.Certificate

TLSCertificate returns the current leaf certificate as a parsed structure

func (*CertManager) WaitForWrite

func (c *CertManager) WaitForWrite(ctx context.Context) error

WaitForWrite acts as a signalling mechanism for when the certificates are written to disk. It is intended to be used for use-cases where initial certificates must be in place prior to being referenced by a consumer.

type CertManagerOptions

type CertManagerOptions struct {
	Directory  string
	SDSAddress string
	SDSPort    int
}

CertManagerOptions contains the optional configuration used to initialize a CertManager.

func DefaultCertManagerOptions

func DefaultCertManagerOptions() *CertManagerOptions

DefaultCertManagerOptions returns the default options for a CertManager instance.

type ConfigEntryIndex

type ConfigEntryIndex struct {
	// contains filtered or unexported fields
}

func NewConfigEntryIndex

func NewConfigEntryIndex(kind string) *ConfigEntryIndex

func (*ConfigEntryIndex) Add

func (i *ConfigEntryIndex) Add(entry api.ConfigEntry)

func (*ConfigEntryIndex) Count

func (i *ConfigEntryIndex) Count() int

func (*ConfigEntryIndex) Difference

func (i *ConfigEntryIndex) Difference(other *ConfigEntryIndex) *ConfigEntryIndex

Difference will return an ConfigEntryIndex with entries that not found in the current ConfigEntryIndex

func (*ConfigEntryIndex) Get

func (i *ConfigEntryIndex) Get(name string) (api.ConfigEntry, bool)

func (*ConfigEntryIndex) Intersection

func (i *ConfigEntryIndex) Intersection(other *ConfigEntryIndex) *ConfigEntryIndex

func (*ConfigEntryIndex) Merge

func (i *ConfigEntryIndex) Merge(other *ConfigEntryIndex)

func (*ConfigEntryIndex) ToArray

func (i *ConfigEntryIndex) ToArray() []api.ConfigEntry

type IntentionsReconciler

type IntentionsReconciler struct {
	// contains filtered or unexported fields
}

IntentionsReconciler maintains a reconcile loop that computes the changes required to the intention graph to allow traffic from the api gateway to target services. Changes are detected by watching the service's computed discovery chain and iterating through the included targets.

func NewIntentionsReconciler

func NewIntentionsReconciler(consul *api.Client, ingress *api.IngressGatewayConfigEntry, logger hclog.Logger) *IntentionsReconciler

func (*IntentionsReconciler) Reconcile

func (r *IntentionsReconciler) Reconcile() error

Reconcile forces a synchronous reconcile, returning any errors that occurred as a result

func (*IntentionsReconciler) SetIngressServices

func (r *IntentionsReconciler) SetIngressServices(igw *api.IngressGatewayConfigEntry)

func (*IntentionsReconciler) Stop

func (r *IntentionsReconciler) Stop()

type ServiceRegistry

type ServiceRegistry struct {
	// contains filtered or unexported fields
}

ServiceRegistry handles the logic for registering a consul-api-gateway service in Consul. Note that the registry is *not* thread safe and should only ever call Register/Deregister from a single managing goroutine.

func NewServiceRegistry

func NewServiceRegistry(logger hclog.Logger, consul *api.Client, service, namespace, host string) *ServiceRegistry

NewServiceRegistry creates a new service registry instance

func (*ServiceRegistry) Deregister

func (s *ServiceRegistry) Deregister(ctx context.Context) error

Deregister de-registers a service from Consul.

func (*ServiceRegistry) ID

func (s *ServiceRegistry) ID() string

func (*ServiceRegistry) Namespace

func (s *ServiceRegistry) Namespace() string

func (*ServiceRegistry) Register

func (s *ServiceRegistry) Register(ctx context.Context) error

Register registers a service with Consul.

func (*ServiceRegistry) WithTries

func (s *ServiceRegistry) WithTries(tries uint64) *ServiceRegistry

WithTries tells the service registry to retry on any remote operations.

Directories

Path Synopsis
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL