2023-03-28 19:39:22 +01:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
2023-08-11 09:12:13 -04:00
|
|
|
// SPDX-License-Identifier: BUSL-1.1
|
2023-03-28 19:39:22 +01:00
|
|
|
|
2020-07-28 15:31:48 -04:00
|
|
|
package autoconf
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
2021-06-21 15:19:34 -04:00
|
|
|
"crypto/x509"
|
2020-07-28 15:31:48 -04:00
|
|
|
"net"
|
2020-08-31 13:12:17 -04:00
|
|
|
"time"
|
2020-07-28 15:31:48 -04:00
|
|
|
|
2020-10-01 19:02:32 -04:00
|
|
|
"github.com/hashicorp/go-hclog"
|
|
|
|
|
2020-08-31 13:12:17 -04:00
|
|
|
"github.com/hashicorp/consul/agent/cache"
|
2020-07-28 15:31:48 -04:00
|
|
|
"github.com/hashicorp/consul/agent/config"
|
2023-06-13 10:54:45 -05:00
|
|
|
"github.com/hashicorp/consul/agent/leafcert"
|
2020-08-31 13:12:17 -04:00
|
|
|
"github.com/hashicorp/consul/agent/metadata"
|
2023-06-13 10:54:45 -05:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
2020-08-31 13:12:17 -04:00
|
|
|
"github.com/hashicorp/consul/agent/token"
|
2020-10-01 19:02:32 -04:00
|
|
|
"github.com/hashicorp/consul/lib/retry"
|
2020-07-28 15:31:48 -04:00
|
|
|
)
|
|
|
|
|
|
|
|
// DirectRPC is the interface that needs to be satisifed for AutoConfig to be able to perform
|
|
|
|
// direct RPCs against individual servers. This will not be used for any ongoing RPCs as once
|
|
|
|
// the agent gets configured, it can go through the normal RPC means of selecting a available
|
|
|
|
// server automatically.
|
|
|
|
type DirectRPC interface {
|
|
|
|
RPC(dc string, node string, addr net.Addr, method string, args interface{}, reply interface{}) error
|
|
|
|
}
|
|
|
|
|
2020-08-31 13:12:17 -04:00
|
|
|
// Cache is an interface to represent the methods of the
|
|
|
|
// agent/cache.Cache struct that we care about
|
|
|
|
type Cache interface {
|
|
|
|
Notify(ctx context.Context, t string, r cache.Request, correlationID string, ch chan<- cache.UpdateEvent) error
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 17:34:40 -05:00
|
|
|
Prepopulate(t string, result cache.FetchResult, dc string, peerName string, token string, key string) error
|
2020-08-31 13:12:17 -04:00
|
|
|
}
|
|
|
|
|
2023-06-13 10:54:45 -05:00
|
|
|
// LeafCertManager is an interface to represent the methods of the
|
|
|
|
// agent/leafcert.Manager struct that we care about
|
|
|
|
type LeafCertManager interface {
|
|
|
|
Prepopulate(
|
|
|
|
ctx context.Context,
|
|
|
|
key string,
|
|
|
|
index uint64,
|
|
|
|
value *structs.IssuedCert,
|
|
|
|
authorityKeyID string,
|
|
|
|
) error
|
|
|
|
Notify(ctx context.Context, req *leafcert.ConnectCALeafRequest, correlationID string, ch chan<- cache.UpdateEvent) error
|
|
|
|
}
|
|
|
|
|
2020-08-31 13:12:17 -04:00
|
|
|
// ServerProvider is an interface that can be used to find one server in the local DC known to
|
|
|
|
// the agent via Gossip
|
|
|
|
type ServerProvider interface {
|
|
|
|
FindLANServer() *metadata.Server
|
|
|
|
}
|
|
|
|
|
|
|
|
// TLSConfigurator is an interface of the methods on the tlsutil.Configurator that we will require at
|
|
|
|
// runtime.
|
|
|
|
type TLSConfigurator interface {
|
|
|
|
UpdateAutoTLS(manualCAPEMs, connectCAPEMs []string, pub, priv string, verifyServerHostname bool) error
|
|
|
|
UpdateAutoTLSCA([]string) error
|
|
|
|
UpdateAutoTLSCert(pub, priv string) error
|
2021-06-21 15:19:34 -04:00
|
|
|
AutoEncryptCert() *x509.Certificate
|
2020-08-31 13:12:17 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// TokenStore is an interface of the methods we will need to use from the token.Store.
|
|
|
|
type TokenStore interface {
|
|
|
|
AgentToken() string
|
|
|
|
UpdateAgentToken(secret string, source token.TokenSource) bool
|
|
|
|
Notify(kind token.TokenKind) token.Notifier
|
|
|
|
StopNotify(notifier token.Notifier)
|
2020-07-28 15:31:48 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
// Config contains all the tunables for AutoConfig
|
|
|
|
type Config struct {
|
|
|
|
// Logger is any logger that should be utilized. If not provided,
|
|
|
|
// then no logs will be emitted.
|
|
|
|
Logger hclog.Logger
|
|
|
|
|
|
|
|
// DirectRPC is the interface to be used by AutoConfig to make the
|
|
|
|
// AutoConfig.InitialConfiguration RPCs for generating the bootstrap
|
|
|
|
// configuration. Setting this field is required.
|
|
|
|
DirectRPC DirectRPC
|
|
|
|
|
2020-08-31 13:12:17 -04:00
|
|
|
// ServerProvider is the interfaced to be used by AutoConfig to find any
|
|
|
|
// known servers during fallback operations.
|
|
|
|
ServerProvider ServerProvider
|
|
|
|
|
2020-10-01 01:14:21 -04:00
|
|
|
// Waiter is used during retrieval of the initial configuration.
|
|
|
|
// When around of requests fails we will
|
2020-07-28 15:31:48 -04:00
|
|
|
// wait and eventually make another round of requests (1 round
|
|
|
|
// is trying the RPC once against each configured server addr). The
|
|
|
|
// waiting implements some backoff to prevent from retrying these RPCs
|
2020-10-01 01:14:21 -04:00
|
|
|
// too often. This field is not required and if left unset a waiter will
|
2020-07-28 15:31:48 -04:00
|
|
|
// be used that has a max wait duration of 10 minutes and a randomized
|
|
|
|
// jitter of 25% of the wait time. Setting this is mainly useful for
|
|
|
|
// testing purposes to allow testing out the retrying functionality without
|
|
|
|
// having the test take minutes/hours to complete.
|
2020-10-01 19:02:32 -04:00
|
|
|
Waiter *retry.Waiter
|
2020-07-28 15:31:48 -04:00
|
|
|
|
2020-08-12 12:35:30 -04:00
|
|
|
// Loader merges source with the existing FileSources and returns the complete
|
|
|
|
// RuntimeConfig.
|
2020-12-21 13:25:32 -05:00
|
|
|
Loader func(source config.Source) (config.LoadResult, error)
|
2020-08-31 13:12:17 -04:00
|
|
|
|
|
|
|
// TLSConfigurator is the shared TLS Configurator. AutoConfig will update the
|
|
|
|
// auto encrypt/auto config certs as they are renewed.
|
|
|
|
TLSConfigurator TLSConfigurator
|
|
|
|
|
|
|
|
// Cache is an object implementing our Cache interface. The Cache
|
2023-06-13 10:54:45 -05:00
|
|
|
// used at runtime must be able to handle Roots watches
|
2020-08-31 13:12:17 -04:00
|
|
|
Cache Cache
|
|
|
|
|
2023-06-13 10:54:45 -05:00
|
|
|
// LeafCertManager is an object implementing our LeafCertManager interface.
|
|
|
|
LeafCertManager LeafCertManager
|
|
|
|
|
2020-08-31 13:12:17 -04:00
|
|
|
// FallbackLeeway is the amount of time after certificate expiration before
|
|
|
|
// invoking the fallback routine. If not set this will default to 10s.
|
|
|
|
FallbackLeeway time.Duration
|
|
|
|
|
|
|
|
// FallbackRetry is the duration between Fallback invocations when the configured
|
|
|
|
// fallback routine returns an error. If not set this will default to 1m.
|
|
|
|
FallbackRetry time.Duration
|
|
|
|
|
|
|
|
// Tokens is the shared token store. It is used to retrieve the current
|
|
|
|
// agent token as well as getting notifications when that token is updated.
|
|
|
|
// This field is required.
|
|
|
|
Tokens TokenStore
|
2021-05-17 16:01:32 -04:00
|
|
|
|
|
|
|
// EnterpriseConfig is the embedded specific enterprise configurations
|
|
|
|
EnterpriseConfig
|
2020-07-28 15:31:48 -04:00
|
|
|
}
|