consul

package
v0.5.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 7, 2023 License: MPL-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	RootCAFile           = "root-ca.pem"
	ClientCertFile       = "client.crt"
	ClientPrivateKeyFile = "client.pem"
	SDSCertConfigFile    = "tls-sds.json"
	SDSCAConfigFile      = "validation-context-sds.json"
)
View Source 
const (
	WildcardNamespace = "*"
	DefaultNamespace  = "default"
)

Variables

This section is empty.

Functions

func EnsureNamespaceExists added in v0.5.0 

func EnsureNamespaceExists(client Client, ns string, partitionInfo PartitionInfo) (bool, error)

EnsureNamespaceExists ensures a Consul namespace with name ns exists. If it doesn't, it will create it and set crossNSACLPolicy as a policy default. Boolean return value indicates if the namespace was created by this call.

Types

type Authenticator 

type Authenticator struct {
	// contains filtered or unexported fields
}

Authenticator handles Consul auth login logic.

func NewAuthenticator 

func NewAuthenticator(logger hclog.Logger, consul *api.Client, method, namespace string) *Authenticator

NewAuthenticator initializes a new Authenticator instance.

func (*Authenticator) Authenticate 

func (a *Authenticator) Authenticate(ctx context.Context, service, bearerToken string) (string, error)

Authenticate logs into Consul using the given auth method and returns the generated token.

func (*Authenticator) WithTries 

func (a *Authenticator) WithTries(tries uint64) *Authenticator

type CertManager 

type CertManager struct {
	// contains filtered or unexported fields
}

CertManager handles Consul leaf certificate management and certificate rotation. Once a leaf certificate has expired, it generates a new certificate and writes it to the location given in the configuration options with which it was created.

func NewCertManager 

func NewCertManager(logger hclog.Logger, client Client, service string, options *CertManagerOptions) *CertManager

NewCertManager creates a new CertManager instance.

func (*CertManager) Certificate 

func (c *CertManager) Certificate() []byte

Certificate returns the current leaf cert

func (*CertManager) Manage 

func (c *CertManager) Manage(ctx context.Context) error

Manage is the main run loop of the manager and should be run in a go routine. It should be passed a cancellable context that signals when the manager should stop and return. If it receives an unexpected error the loop exits.

func (*CertManager) PrivateKey 

func (c *CertManager) PrivateKey() []byte

PrivateKey returns the current leaf cert private key

func (*CertManager) RenderSDSConfig 

func (c *CertManager) RenderSDSConfig() (string, error)

func (*CertManager) RootCA 

func (c *CertManager) RootCA() []byte

RootCA returns the current CA cert

func (*CertManager) RootPool 

func (c *CertManager) RootPool() *x509.CertPool

RootPool returns the certificate pool for the connect root CA

func (*CertManager) TLSCertificate 

func (c *CertManager) TLSCertificate() *tls.Certificate

TLSCertificate returns the current leaf certificate as a parsed structure

func (*CertManager) WaitForWrite 

func (c *CertManager) WaitForWrite(ctx context.Context) error

WaitForWrite acts as a signalling mechanism for when the certificates are written to disk. It is intended to be used for use-cases where initial certificates must be in place prior to being referenced by a consumer.

type CertManagerOptions 

type CertManagerOptions struct {
	Directory         string
	PrimaryDatacenter string
	SDSAddress        string
	SDSPort           int
}

CertManagerOptions contains the optional configuration used to initialize a CertManager.

func DefaultCertManagerOptions 

func DefaultCertManagerOptions() *CertManagerOptions

DefaultCertManagerOptions returns the default options for a CertManager instance.

type Client added in v0.5.0 

type Client interface {
	Agent() *api.Agent
	ACL() *api.ACL
	Catalog() *api.Catalog
	ConfigEntries() *api.ConfigEntries
	DiscoveryChain() *api.DiscoveryChain
	Namespaces() *api.Namespaces
	Peerings() PeeringClient

	WatchServers(ctx context.Context) error

	Token() string
	Wait(until time.Duration) error

	// TODO: drop this
	Internal() *api.Client
}

func NewClient added in v0.5.0 

func NewClient(config ClientConfig) Client

type ClientConfig added in v0.5.0 

type ClientConfig struct {
	Name            string
	Namespace       string
	ApiClientConfig *api.Config
	UseDynamic      bool
	PlainText       bool
	Addresses       string
	HTTPPort        int
	GRPCPort        int
	TLS             *tls.Config
	Credentials     discovery.Credentials
	Logger          hclog.Logger
}

type ConfigEntryIndex 

type ConfigEntryIndex struct {
	// contains filtered or unexported fields
}

func NewConfigEntryIndex 

func NewConfigEntryIndex(kind string) *ConfigEntryIndex

func (*ConfigEntryIndex) Add 

func (i *ConfigEntryIndex) Add(entry api.ConfigEntry)

func (*ConfigEntryIndex) Count 

func (i *ConfigEntryIndex) Count() int

func (*ConfigEntryIndex) Difference 

func (i *ConfigEntryIndex) Difference(other *ConfigEntryIndex) *ConfigEntryIndex

Difference will return an ConfigEntryIndex with entries that not found in the current ConfigEntryIndex

func (*ConfigEntryIndex) Get 

func (i *ConfigEntryIndex) Get(name string) (api.ConfigEntry, bool)

func (*ConfigEntryIndex) Intersection 

func (i *ConfigEntryIndex) Intersection(other *ConfigEntryIndex) *ConfigEntryIndex

func (*ConfigEntryIndex) Merge 

func (i *ConfigEntryIndex) Merge(other *ConfigEntryIndex)

func (*ConfigEntryIndex) ToArray 

func (i *ConfigEntryIndex) ToArray() []api.ConfigEntry

type IntentionsReconciler 

type IntentionsReconciler struct {
	// contains filtered or unexported fields
}

IntentionsReconciler maintains a reconcile loop that computes the changes required to the intention graph to allow traffic from the api gateway to target services. Changes are detected by watching the service's computed discovery chain and iterating through the included targets.

func NewIntentionsReconciler 

func NewIntentionsReconciler(consul Client, ingress *api.IngressGatewayConfigEntry, logger hclog.Logger) *IntentionsReconciler

func (*IntentionsReconciler) Reconcile 

func (r *IntentionsReconciler) Reconcile() error

Reconcile forces a synchronous reconcile, returning any errors that occurred as a result

func (*IntentionsReconciler) SetIngressServices 

func (r *IntentionsReconciler) SetIngressServices(igw *api.IngressGatewayConfigEntry)

func (*IntentionsReconciler) Stop 

func (r *IntentionsReconciler) Stop()

type PartitionInfo added in v0.5.2 

type PartitionInfo struct {
	EnablePartitions bool
	PartitionName    string
}

func NewPartitionInfo added in v0.5.2 

func NewPartitionInfo(partitionName string) PartitionInfo

type PeeringClient added in v0.5.1 

type PeeringClient interface {
	Read(ctx context.Context, name string, q *api.QueryOptions) (*api.Peering, *api.QueryMeta, error)
}

type Peerings added in v0.5.1 

type Peerings interface {
	Read(context.Context, string, *api.QueryOptions) (*api.Peering, *api.QueryMeta, error)
}

type ServiceRegistry 

type ServiceRegistry struct {
	// contains filtered or unexported fields
}

ServiceRegistry handles the logic for registering a consul-api-gateway service in Consul. Note that the registry is *not* thread safe and should only ever call Register/Deregister from a single managing goroutine.

func NewServiceRegistry 

func NewServiceRegistry(logger hclog.Logger, client Client, service, namespace, partition, host string) *ServiceRegistry

NewServiceRegistry creates a new service registry instance

func (*ServiceRegistry) Deregister 

func (s *ServiceRegistry) Deregister(ctx context.Context) error

Deregister de-registers a service from Consul.

func (*ServiceRegistry) ID 

func (s *ServiceRegistry) ID() string

func (*ServiceRegistry) Namespace 

func (s *ServiceRegistry) Namespace() string

func (*ServiceRegistry) Partition added in v0.5.3 

func (s *ServiceRegistry) Partition() string

func (*ServiceRegistry) Register 

func (s *ServiceRegistry) Register(ctx context.Context) error

Register registers a service with Consul.

func (*ServiceRegistry) RegisterGateway added in v0.5.0 

func (s *ServiceRegistry) RegisterGateway(ctx context.Context, ttl bool) error

Register registers a Gateway service with Consul.

func (*ServiceRegistry) WithTags added in v0.5.0 

func (s *ServiceRegistry) WithTags(tags []string) *ServiceRegistry

WithTags adds tags to associate with the service being registered.

func (*ServiceRegistry) WithTries 

func (s *ServiceRegistry) WithTries(tries uint64) *ServiceRegistry

WithTries tells the service registry to retry on any remote operations.

type TestClient added in v0.5.1 

type TestClient struct {
	*api.Client
	// contains filtered or unexported fields
}

func NewTestClient added in v0.5.1 

func NewTestClient(c *api.Client) *TestClient

func (*TestClient) Internal added in v0.5.1 

func (c *TestClient) Internal() *api.Client

func (*TestClient) Peerings added in v0.5.1 

func (c *TestClient) Peerings() PeeringClient

func (*TestClient) SetPeerings added in v0.5.1 

func (c *TestClient) SetPeerings(peerings *mocks.MockPeerings)

func (*TestClient) Token added in v0.5.1 

func (c *TestClient) Token() string

func (*TestClient) Wait added in v0.5.1 

func (c *TestClient) Wait(time.Duration) error

func (*TestClient) WatchServers added in v0.5.1 

func (c *TestClient) WatchServers(ctx context.Context) error

Source Files

View all Source files

Directories

Path Synopsis
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.