config

Documentation

Index

• Constants
• func KindSpecificWriteWarning(reqEntry api.ConfigEntry) string
• func New() *cmd

Constants

const (
	// TODO(pglass): These warnings can go away when the UI provides visibility into
	// permissive mTLS settings (expected 1.17).
	WarningServiceDefaultsPermissiveMTLS = "MutualTLSMode=permissive is insecure. " +
		"Set to `strict` when your service no longer needs to accept non-mTLS " +
		"traffic. Check `tcp.permissive_public_listener` metrics in Envoy for " +
		"non-mTLS traffic. Refer to Consul documentation for more information."

	WarningProxyDefaultsPermissiveMTLS = "MutualTLSMode=permissive is insecure. " +
		"To keep your services secure, set MutualTLSMode to `strict` whenever possible " +
		"and override with service-defaults only if necessary. To check which " +
		"service-defaults are currently in permissive mode, run `consul config list " +
		"-kind service-defaults -filter 'MutualTLSMode = \"permissive\"'`."

	WarningMeshAllowEnablingPermissiveMutualTLS = "AllowEnablingPermissiveMutualTLS=true " +
		"allows insecure MutualTLSMode=permissive configurations in the proxy-defaults " +
		"and service-defaults config entries. You can set " +
		"AllowEnablingPermissiveMutualTLS=false at any time to disallow additional " +
		"permissive configurations. To list services in permissive mode, run `consul " +
		"config list -kind service-defaults -filter 'MutualTLSMode = \"permissive\"'`."
)

Functions

func KindSpecificWriteWarning

func KindSpecificWriteWarning(reqEntry api.ConfigEntry) string

KindSpecificWriteWarning returns a warning message for the given config entry write. Use this to inform the user of (un)recommended settings when they read or write config entries with the CLI.

Do not return a warning on default/zero values. Because the config entry is parsed, we cannot distinguish between an absent field in the user-provided content and a zero value, so we'd end up warning on every invocation.

func New

func New() *cmd