storagenomad

package module
v0.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 13, 2022 License: Apache-2.0 Imports: 14 Imported by: 0

README

TO DOs

  • Test manually locally
  • Clean up

Caddy Certmagic TLS cluster support for Nomad Variables

Nomad Variable Storage for Caddy TLS data.

This cluster plugin enables Caddy 2 to store TLS data like keys and certificates as Nomad Variables so you don't have to rely on a shared filesystem. This allows you to use Caddy 2 in distributed environment and use a centralized storage for auto-generated certificates that is shared between all Caddy instances.

The version of this plugin in the master branch supports Caddy 2.0.0+ using CertMagic's Storage Interface

Older versions

This will only work with Caddy 2.

Configuration

Caddy configuration

You need to specify nomad as the storage module in Caddy's configuration. This can be done in the config file of using the admin API.

JSON (reference)

{
  "admin": {
    "listen": "0.0.0.0:2019"
  },
  "storage": {
    "module": "nomad",
    "address": "localhost:4646",
    "prefix": "caddytls",
    "token": "nomad-access-token",
  }
}

Caddyfile (reference)

{
    storage nomad {
           address      "127.0.0.1:4646"
           token        "nomad-access-token"
           timeout      10
           prefix       "caddytls"
           value_prefix "myprefix"
           aes_key      "nomadtls-1234567890-caddytls-32"
           tls_enabled  "false"
           tls_insecure "true"
    }
}
Nomad configuration

Because this plugin uses the official Nomad API client you can use all ENV variables like nomad_HTTP_ADDR or nomad_HTTP_TOKEN to define your Nomad address and token. For more information see https://github.com/hashicorp/nomad/blob/master/api/api.go

Without any further configuration a running Nomad on 127.0.0.1:4646 is assumed.

There are additional ENV variables for this plugin:

  • CADDY_CLUSTERING_nomad_PREFIX defines the prefix for the keys in the Variable. Default is caddytls
Nomad ACL Policy

To access Nomad you need a token with a valid ACL policy. Assuming you configured cadytls as your Variable path prefix you can use the following settings:

namespace "default" {
  variables {
    path "cadytls/*" {
      capabilities = ["write", "read", "destroy"]
    }
  }
}

Acknowledgements

This plugin code is based off of pteich/caddy-tlsconsul, big thanks to pteich for that.

Documentation

Index

Constants

View Source 
const (
	// DefaultPrefix defines the default prefix in variable store
	DefaultPrefix = "caddytls"

	// DefaultValuePrefix sets a prefix to variables to check validation
	DefaultValuePrefix = "caddy-storage-nomad"

	// DefaultTimeout is the default timeout for Nomad connections
	DefaultTimeout = 10

	// EnvNamePrefix defines the env variable name to override Var key prefix
	EnvNamePrefix = "CADDY_CLUSTERING_NOMAD_PREFIX"

	// EnvValuePrefix defines the env variable name to override Var value prefix
	EnvValuePrefix = "CADDY_CLUSTERING_NOMAD_VALUEPREFIX"
)

Variables

This section is empty.

Functions

func NomaWriteDefaults 

func NomaWriteDefaults(ctx context.Context) *nomad.WriteOptions

func NomadQueryDefaults 

func NomadQueryDefaults(ctx context.Context) *nomad.QueryOptions

Types

type NomadStorage 

type NomadStorage struct {
	certmagic.Storage
	NomadClient *nomad.Client

	Address     string `json:"address"`
	Token       string `json:"token"`
	Timeout     int    `json:"timeout"`
	Prefix      string `json:"prefix"`
	ValuePrefix string `json:"value_prefix"`
	TlsEnabled  bool   `json:"tls_enabled"`
	TlsInsecure bool   `json:"tls_insecure"`
	// contains filtered or unexported fields
}

NomadStorage allows to store certificates and other TLS resources in a shared cluster environment using Nomad Variables.

func New 

func New() *NomadStorage

New connects to Nomad and returns a NomadStorage

func (NomadStorage) CaddyModule 

func (NomadStorage) CaddyModule() caddy.ModuleInfo

func (*NomadStorage) CertMagicStorage 

func (ns *NomadStorage) CertMagicStorage() (certmagic.Storage, error)

func (NomadStorage) Delete 

func (ns NomadStorage) Delete(ctx context.Context, key string) error

Delete a key from Nomad KV

func (NomadStorage) Exists 

func (ns NomadStorage) Exists(ctx context.Context, key string) bool

Exists checks if a key exists

func (NomadStorage) List 

func (ns NomadStorage) List(ctx context.Context, prefix string, recursive bool) ([]string, error)

List returns a list with all keys under a given prefix

func (NomadStorage) Load 

func (ns NomadStorage) Load(ctx context.Context, key string) ([]byte, error)

Load retrieves the value for a key from Nomad KV

func (NomadStorage) Lock added in v0.0.2 

func (ns NomadStorage) Lock(ctx context.Context, key string) error

func (*NomadStorage) Provision 

func (ns *NomadStorage) Provision(ctx caddy.Context) error

Provision is called by Caddy to prepare the module

func (NomadStorage) Stat 

func (ns NomadStorage) Stat(ctx context.Context, key string) (certmagic.KeyInfo, error)

Stat returns statistic data of a key

func (NomadStorage) Store 

func (ns NomadStorage) Store(ctx context.Context, key string, value []byte) error

Store saves data value as a variable in Nomad

func (NomadStorage) Unlock added in v0.0.2 

func (ns NomadStorage) Unlock(ctx context.Context, key string) error

func (*NomadStorage) UnmarshalCaddyfile 

func (ns *NomadStorage) UnmarshalCaddyfile(d *caddyfile.Dispenser) error

type StorageData 

type StorageData struct {
	Value    []byte    `json:"value"`
	Modified time.Time `json:"modified"`
}

StorageData describes the data that is saved in a Secure Variable

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.