consul

package
v0.5.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 3, 2023 License: MPL-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source
const (
	RootCAFile           = "root-ca.pem"
	ClientCertFile       = "client.crt"
	ClientPrivateKeyFile = "client.pem"
	SDSCertConfigFile    = "tls-sds.json"
	SDSCAConfigFile      = "validation-context-sds.json"
)
View Source
const (
	WildcardNamespace = "*"
	DefaultNamespace  = "default"
)

Variables

This section is empty.

Functions

func EnsureNamespaceExists added in v0.5.0

func EnsureNamespaceExists(client Client, ns string, partitionInfo PartitionInfo) (bool, error)

EnsureNamespaceExists ensures a Consul namespace with name ns exists. If it doesn't, it will create it and set crossNSACLPolicy as a policy default. Boolean return value indicates if the namespace was created by this call.

Types

type Authenticator

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator handles Consul auth login logic.

func NewAuthenticator

func NewAuthenticator(logger hclog.Logger, consul *api.Client, method, namespace string) *Authenticator

NewAuthenticator initializes a new Authenticator instance.

func (*Authenticator) Authenticate

func (a *Authenticator) Authenticate(ctx context.Context, service, bearerToken string) (string, error)

Authenticate logs into Consul using the given auth method and returns the generated token.

func (*Authenticator) WithTries

func (a *Authenticator) WithTries(tries uint64) *Authenticator

type CertManager

type CertManager struct {
	// contains filtered or unexported fields
}

CertManager handles Consul leaf certificate management and certificate rotation. Once a leaf certificate has expired, it generates a new certificate and writes it to the location given in the configuration options with which it was created.

func NewCertManager

func NewCertManager(logger hclog.Logger, client Client, service string, options *CertManagerOptions) *CertManager

NewCertManager creates a new CertManager instance.

func (*CertManager) Certificate

func (c *CertManager) Certificate() []byte

Certificate returns the current leaf cert

func (*CertManager) Manage

func (c *CertManager) Manage(ctx context.Context) error

Manage is the main run loop of the manager and should be run in a go routine. It should be passed a cancellable context that signals when the manager should stop and return. If it receives an unexpected error the loop exits.

func (*CertManager) PrivateKey

func (c *CertManager) PrivateKey() []byte

PrivateKey returns the current leaf cert private key

func (*CertManager) RenderSDSConfig

func (c *CertManager) RenderSDSConfig() (string, error)

func (*CertManager) RootCA

func (c *CertManager) RootCA() []byte

RootCA returns the current CA cert

func (*CertManager) RootPool

func (c *CertManager) RootPool() *x509.CertPool

RootPool returns the certificate pool for the connect root CA

func (*CertManager) TLSCertificate

func (c *CertManager) TLSCertificate() *tls.Certificate

TLSCertificate returns the current leaf certificate as a parsed structure

func (*CertManager) WaitForWrite

func (c *CertManager) WaitForWrite(ctx context.Context) error

WaitForWrite acts as a signalling mechanism for when the certificates are written to disk. It is intended to be used for use-cases where initial certificates must be in place prior to being referenced by a consumer.

type CertManagerOptions

type CertManagerOptions struct {
	Directory         string
	PrimaryDatacenter string
	SDSAddress        string
	SDSPort           int
}

CertManagerOptions contains the optional configuration used to initialize a CertManager.

func DefaultCertManagerOptions

func DefaultCertManagerOptions() *CertManagerOptions

DefaultCertManagerOptions returns the default options for a CertManager instance.

type Client added in v0.5.0

type Client interface {
	Agent() *api.Agent
	ACL() *api.ACL
	Catalog() *api.Catalog
	ConfigEntries() *api.ConfigEntries
	DiscoveryChain() *api.DiscoveryChain
	Namespaces() *api.Namespaces
	Peerings() PeeringClient

	WatchServers(ctx context.Context) error

	Token() string
	Wait(until time.Duration) error

	// TODO: drop this
	Internal() *api.Client
}

func NewClient added in v0.5.0

func NewClient(config ClientConfig) Client

type ClientConfig added in v0.5.0

type ClientConfig struct {
	Name            string
	Namespace       string
	ApiClientConfig *api.Config
	UseDynamic      bool
	PlainText       bool
	Addresses       string
	HTTPPort        int
	GRPCPort        int
	TLS             *tls.Config
	Credentials     discovery.Credentials
	Logger          hclog.Logger
}

type ConfigEntryIndex

type ConfigEntryIndex struct {
	// contains filtered or unexported fields
}

func NewConfigEntryIndex

func NewConfigEntryIndex(kind string) *ConfigEntryIndex

func (*ConfigEntryIndex) Add

func (i *ConfigEntryIndex) Add(entry api.ConfigEntry)

func (*ConfigEntryIndex) Count

func (i *ConfigEntryIndex) Count() int

func (*ConfigEntryIndex) Difference

func (i *ConfigEntryIndex) Difference(other *ConfigEntryIndex) *ConfigEntryIndex

Difference will return an ConfigEntryIndex with entries that not found in the current ConfigEntryIndex

func (*ConfigEntryIndex) Get

func (i *ConfigEntryIndex) Get(name string) (api.ConfigEntry, bool)

func (*ConfigEntryIndex) Intersection

func (i *ConfigEntryIndex) Intersection(other *ConfigEntryIndex) *ConfigEntryIndex

func (*ConfigEntryIndex) Merge

func (i *ConfigEntryIndex) Merge(other *ConfigEntryIndex)

func (*ConfigEntryIndex) ToArray

func (i *ConfigEntryIndex) ToArray() []api.ConfigEntry

type IntentionsReconciler

type IntentionsReconciler struct {
	// contains filtered or unexported fields
}

IntentionsReconciler maintains a reconcile loop that computes the changes required to the intention graph to allow traffic from the api gateway to target services. Changes are detected by watching the service's computed discovery chain and iterating through the included targets.

func NewIntentionsReconciler

func NewIntentionsReconciler(consul Client, ingress *api.IngressGatewayConfigEntry, logger hclog.Logger) *IntentionsReconciler

func (*IntentionsReconciler) Reconcile

func (r *IntentionsReconciler) Reconcile() error

Reconcile forces a synchronous reconcile, returning any errors that occurred as a result

func (*IntentionsReconciler) SetIngressServices

func (r *IntentionsReconciler) SetIngressServices(igw *api.IngressGatewayConfigEntry)

func (*IntentionsReconciler) Stop

func (r *IntentionsReconciler) Stop()

type PartitionInfo added in v0.5.2

type PartitionInfo struct {
	EnablePartitions bool
	PartitionName    string
}

func NewPartitionInfo added in v0.5.2

func NewPartitionInfo(partitionName string) PartitionInfo

type PeeringClient added in v0.5.1

type PeeringClient interface {
	Read(ctx context.Context, name string, q *api.QueryOptions) (*api.Peering, *api.QueryMeta, error)
}

type Peerings added in v0.5.1

type Peerings interface {
	Read(context.Context, string, *api.QueryOptions) (*api.Peering, *api.QueryMeta, error)
}

type ServiceRegistry

type ServiceRegistry struct {
	// contains filtered or unexported fields
}

ServiceRegistry handles the logic for registering a consul-api-gateway service in Consul. Note that the registry is *not* thread safe and should only ever call Register/Deregister from a single managing goroutine.

func NewServiceRegistry

func NewServiceRegistry(logger hclog.Logger, client Client, service, namespace, host string) *ServiceRegistry

NewServiceRegistry creates a new service registry instance

func (*ServiceRegistry) Deregister

func (s *ServiceRegistry) Deregister(ctx context.Context) error

Deregister de-registers a service from Consul.

func (*ServiceRegistry) ID

func (s *ServiceRegistry) ID() string

func (*ServiceRegistry) Namespace

func (s *ServiceRegistry) Namespace() string

func (*ServiceRegistry) Register

func (s *ServiceRegistry) Register(ctx context.Context) error

Register registers a service with Consul.

func (*ServiceRegistry) RegisterGateway added in v0.5.0

func (s *ServiceRegistry) RegisterGateway(ctx context.Context, ttl bool) error

Register registers a Gateway service with Consul.

func (*ServiceRegistry) WithTags added in v0.5.0

func (s *ServiceRegistry) WithTags(tags []string) *ServiceRegistry

WithTags adds tags to associate with the service being registered.

func (*ServiceRegistry) WithTries

func (s *ServiceRegistry) WithTries(tries uint64) *ServiceRegistry

WithTries tells the service registry to retry on any remote operations.

type TestClient added in v0.5.1

type TestClient struct {
	*api.Client
	// contains filtered or unexported fields
}

func NewTestClient added in v0.5.1

func NewTestClient(c *api.Client) *TestClient

func (*TestClient) Internal added in v0.5.1

func (c *TestClient) Internal() *api.Client

func (*TestClient) Peerings added in v0.5.1

func (c *TestClient) Peerings() PeeringClient

func (*TestClient) SetPeerings added in v0.5.1

func (c *TestClient) SetPeerings(peerings *mocks.MockPeerings)

func (*TestClient) Token added in v0.5.1

func (c *TestClient) Token() string

func (*TestClient) Wait added in v0.5.1

func (c *TestClient) Wait(time.Duration) error

func (*TestClient) WatchServers added in v0.5.1

func (c *TestClient) WatchServers(ctx context.Context) error

Directories

Path Synopsis
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL