mirror of https://github.com/status-im/consul.git
agent: add "http_config"
This patch adds an "http_config" object to the config file and moves the "http_api_response_headers" option there. "http_api_response_headers" is now deprecated in favor of "http_config.response_headers"
This commit is contained in:
parent
c7f35ef2f9
commit
37785028be
|
@ -129,6 +129,12 @@ type DNSConfig struct {
|
||||||
RecursorTimeoutRaw string `mapstructure:"recursor_timeout" json:"-"`
|
RecursorTimeoutRaw string `mapstructure:"recursor_timeout" json:"-"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// HTTPConfig is used to fine tune the Http sub-system.
|
||||||
|
type HTTPConfig struct {
|
||||||
|
// ResponseHeaders are used to add HTTP header response fields to the HTTP API responses.
|
||||||
|
ResponseHeaders map[string]string `mapstructure:"response_headers"`
|
||||||
|
}
|
||||||
|
|
||||||
// RetryJoinEC2 is used to configure discovery of instances via Amazon's EC2 api
|
// RetryJoinEC2 is used to configure discovery of instances via Amazon's EC2 api
|
||||||
type RetryJoinEC2 struct {
|
type RetryJoinEC2 struct {
|
||||||
// The AWS region to look for instances in
|
// The AWS region to look for instances in
|
||||||
|
@ -365,6 +371,9 @@ type Config struct {
|
||||||
// Domain is the DNS domain for the records. Defaults to "consul."
|
// Domain is the DNS domain for the records. Defaults to "consul."
|
||||||
Domain string `mapstructure:"domain"`
|
Domain string `mapstructure:"domain"`
|
||||||
|
|
||||||
|
// HTTP configuration
|
||||||
|
HTTPConfig HTTPConfig `mapstructure:"http_config"`
|
||||||
|
|
||||||
// Encryption key to use for the Serf communication
|
// Encryption key to use for the Serf communication
|
||||||
EncryptKey string `mapstructure:"encrypt" json:"-"`
|
EncryptKey string `mapstructure:"encrypt" json:"-"`
|
||||||
|
|
||||||
|
@ -706,9 +715,6 @@ type Config struct {
|
||||||
// send with the update check. This is used to deduplicate messages.
|
// send with the update check. This is used to deduplicate messages.
|
||||||
DisableAnonymousSignature bool `mapstructure:"disable_anonymous_signature"`
|
DisableAnonymousSignature bool `mapstructure:"disable_anonymous_signature"`
|
||||||
|
|
||||||
// HTTPAPIResponseHeaders are used to add HTTP header response fields to the HTTP API responses.
|
|
||||||
HTTPAPIResponseHeaders map[string]string `mapstructure:"http_api_response_headers"`
|
|
||||||
|
|
||||||
// AEInterval controls the anti-entropy interval. This is how often
|
// AEInterval controls the anti-entropy interval. This is how often
|
||||||
// the agent attempts to reconcile its local state with the server's
|
// the agent attempts to reconcile its local state with the server's
|
||||||
// representation of our state. Defaults to every 60s.
|
// representation of our state. Defaults to every 60s.
|
||||||
|
@ -759,11 +765,12 @@ type Config struct {
|
||||||
|
|
||||||
// deprecated fields
|
// deprecated fields
|
||||||
// keep them exported since otherwise the error messages don't show up
|
// keep them exported since otherwise the error messages don't show up
|
||||||
DeprecatedAtlasInfrastructure string `mapstructure:"atlas_infrastructure" json:"-"`
|
DeprecatedAtlasInfrastructure string `mapstructure:"atlas_infrastructure" json:"-"`
|
||||||
DeprecatedAtlasToken string `mapstructure:"atlas_token" json:"-"`
|
DeprecatedAtlasToken string `mapstructure:"atlas_token" json:"-"`
|
||||||
DeprecatedAtlasACLToken string `mapstructure:"atlas_acl_token" json:"-"`
|
DeprecatedAtlasACLToken string `mapstructure:"atlas_acl_token" json:"-"`
|
||||||
DeprecatedAtlasJoin bool `mapstructure:"atlas_join" json:"-"`
|
DeprecatedAtlasJoin bool `mapstructure:"atlas_join" json:"-"`
|
||||||
DeprecatedAtlasEndpoint string `mapstructure:"atlas_endpoint" json:"-"`
|
DeprecatedAtlasEndpoint string `mapstructure:"atlas_endpoint" json:"-"`
|
||||||
|
DeprecatedHTTPAPIResponseHeaders map[string]string `mapstructure:"http_api_response_headers"`
|
||||||
}
|
}
|
||||||
|
|
||||||
// IncomingHTTPSConfig returns the TLS configuration for HTTPS
|
// IncomingHTTPSConfig returns the TLS configuration for HTTPS
|
||||||
|
@ -1368,6 +1375,19 @@ func DecodeConfig(r io.Reader) (*Config, error) {
|
||||||
result.TLSCipherSuites = ciphers
|
result.TLSCipherSuites = ciphers
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// This is for backwards compatibility.
|
||||||
|
// HTTPAPIResponseHeaders has been replaced with HTTPConfig.ResponseHeaders
|
||||||
|
if len(result.DeprecatedHTTPAPIResponseHeaders) > 0 {
|
||||||
|
fmt.Fprintln(os.Stderr, "==> DEPRECATION: http_api_response_headers is deprecated and "+
|
||||||
|
"is no longer used. Please use http_config.response_headers instead.")
|
||||||
|
if result.HTTPConfig.ResponseHeaders == nil {
|
||||||
|
result.HTTPConfig.ResponseHeaders = make(map[string]string)
|
||||||
|
}
|
||||||
|
for field, value := range result.DeprecatedHTTPAPIResponseHeaders {
|
||||||
|
result.HTTPConfig.ResponseHeaders[field] = value
|
||||||
|
}
|
||||||
|
result.DeprecatedHTTPAPIResponseHeaders = nil
|
||||||
|
}
|
||||||
return &result, nil
|
return &result, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1974,12 +1994,12 @@ func MergeConfig(a, b *Config) *Config {
|
||||||
result.SessionTTLMin = b.SessionTTLMin
|
result.SessionTTLMin = b.SessionTTLMin
|
||||||
result.SessionTTLMinRaw = b.SessionTTLMinRaw
|
result.SessionTTLMinRaw = b.SessionTTLMinRaw
|
||||||
}
|
}
|
||||||
if len(b.HTTPAPIResponseHeaders) != 0 {
|
if len(b.HTTPConfig.ResponseHeaders) > 0 {
|
||||||
if result.HTTPAPIResponseHeaders == nil {
|
if result.HTTPConfig.ResponseHeaders == nil {
|
||||||
result.HTTPAPIResponseHeaders = make(map[string]string)
|
result.HTTPConfig.ResponseHeaders = make(map[string]string)
|
||||||
}
|
}
|
||||||
for field, value := range b.HTTPAPIResponseHeaders {
|
for field, value := range b.HTTPConfig.ResponseHeaders {
|
||||||
result.HTTPAPIResponseHeaders[field] = value
|
result.HTTPConfig.ResponseHeaders[field] = value
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if len(b.Meta) != 0 {
|
if len(b.Meta) != 0 {
|
||||||
|
|
|
@ -332,7 +332,11 @@ func TestDecodeConfig(t *testing.T) {
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
in: `{"http_api_response_headers":{"a":"b","c":"d"}}`,
|
in: `{"http_api_response_headers":{"a":"b","c":"d"}}`,
|
||||||
c: &Config{HTTPAPIResponseHeaders: map[string]string{"a": "b", "c": "d"}},
|
c: &Config{HTTPConfig: HTTPConfig{ResponseHeaders: map[string]string{"a": "b", "c": "d"}}},
|
||||||
|
},
|
||||||
|
{
|
||||||
|
in: `{"http_config":{"response_headers":{"a":"b","c":"d"}}}`,
|
||||||
|
c: &Config{HTTPConfig: HTTPConfig{ResponseHeaders: map[string]string{"a": "b", "c": "d"}}},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
in: `{"key_file":"a"}`,
|
in: `{"key_file":"a"}`,
|
||||||
|
@ -1389,8 +1393,10 @@ func TestMergeConfig(t *testing.T) {
|
||||||
},
|
},
|
||||||
DisableUpdateCheck: true,
|
DisableUpdateCheck: true,
|
||||||
DisableAnonymousSignature: true,
|
DisableAnonymousSignature: true,
|
||||||
HTTPAPIResponseHeaders: map[string]string{
|
HTTPConfig: HTTPConfig{
|
||||||
"Access-Control-Allow-Origin": "*",
|
ResponseHeaders: map[string]string{
|
||||||
|
"Access-Control-Allow-Origin": "*",
|
||||||
|
},
|
||||||
},
|
},
|
||||||
UnixSockets: UnixSocketConfig{
|
UnixSockets: UnixSocketConfig{
|
||||||
UnixSocketPermissions{
|
UnixSocketPermissions{
|
||||||
|
|
|
@ -162,7 +162,7 @@ func (s *HTTPServer) handler(enableDebug bool) http.Handler {
|
||||||
// wrap is used to wrap functions to make them more convenient
|
// wrap is used to wrap functions to make them more convenient
|
||||||
func (s *HTTPServer) wrap(handler func(resp http.ResponseWriter, req *http.Request) (interface{}, error)) http.HandlerFunc {
|
func (s *HTTPServer) wrap(handler func(resp http.ResponseWriter, req *http.Request) (interface{}, error)) http.HandlerFunc {
|
||||||
return func(resp http.ResponseWriter, req *http.Request) {
|
return func(resp http.ResponseWriter, req *http.Request) {
|
||||||
setHeaders(resp, s.agent.config.HTTPAPIResponseHeaders)
|
setHeaders(resp, s.agent.config.HTTPConfig.ResponseHeaders)
|
||||||
setTranslateAddr(resp, s.agent.config.TranslateWanAddrs)
|
setTranslateAddr(resp, s.agent.config.TranslateWanAddrs)
|
||||||
|
|
||||||
// Obfuscate any tokens from appearing in the logs
|
// Obfuscate any tokens from appearing in the logs
|
||||||
|
|
|
@ -241,7 +241,7 @@ func TestHTTPAPI_TranslateAddrHeader(t *testing.T) {
|
||||||
func TestHTTPAPIResponseHeaders(t *testing.T) {
|
func TestHTTPAPIResponseHeaders(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
cfg := TestConfig()
|
cfg := TestConfig()
|
||||||
cfg.HTTPAPIResponseHeaders = map[string]string{
|
cfg.HTTPConfig.ResponseHeaders = map[string]string{
|
||||||
"Access-Control-Allow-Origin": "*",
|
"Access-Control-Allow-Origin": "*",
|
||||||
"X-XSS-Protection": "1; mode=block",
|
"X-XSS-Protection": "1; mode=block",
|
||||||
}
|
}
|
||||||
|
|
|
@ -745,6 +745,30 @@ Consul will not enable TLS for the HTTP API unless the `https` port has been ass
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
This has been deprecated in Consul 0.9.0. Setting this value will set `http_config.response_headers`
|
||||||
|
instead for backwards compatibility.
|
||||||
|
|
||||||
|
* <a name="http_config"></a><a href="#http_config">`http_config`</a>
|
||||||
|
This object allows setting options for the HTTP API.
|
||||||
|
<br><br>
|
||||||
|
The following sub-keys are available:
|
||||||
|
|
||||||
|
* <a name="response_headers"></a><a href="#response_headers">`response_headers`</a>
|
||||||
|
This object allows adding headers to the HTTP API responses.
|
||||||
|
For example, the following config can be used to enable
|
||||||
|
[CORS](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) on
|
||||||
|
the HTTP API endpoints:
|
||||||
|
|
||||||
|
```javascript
|
||||||
|
{
|
||||||
|
"http_config": {
|
||||||
|
"response_headers": {
|
||||||
|
"Access-Control-Allow-Origin": "*"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
* <a name="leave_on_terminate"></a><a href="#leave_on_terminate">`leave_on_terminate`</a> If
|
* <a name="leave_on_terminate"></a><a href="#leave_on_terminate">`leave_on_terminate`</a> If
|
||||||
enabled, when the agent receives a TERM signal, it will send a `Leave` message to the rest
|
enabled, when the agent receives a TERM signal, it will send a `Leave` message to the rest
|
||||||
of the cluster and gracefully leave. The default behavior for this feature varies based on
|
of the cluster and gracefully leave. The default behavior for this feature varies based on
|
||||||
|
|
Loading…
Reference in New Issue