mirror of https://github.com/status-im/consul.git
Pass around an API Config object and convert to env vars for the managed proxy
This commit is contained in:
parent
fbc5017d5d
commit
3b6eef8ec6
|
@ -380,6 +380,13 @@ func (a *Agent) Start() error {
|
||||||
a.logger.Printf("[WARN] agent: error restoring proxy state: %s", err)
|
a.logger.Printf("[WARN] agent: error restoring proxy state: %s", err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
acfg, err := a.config.APIConfig(true)
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
a.proxyManager.APIConfig = acfg
|
||||||
|
|
||||||
go a.proxyManager.Run()
|
go a.proxyManager.Run()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,7 @@ import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/hashicorp/consul/agent/structs"
|
"github.com/hashicorp/consul/agent/structs"
|
||||||
|
"github.com/hashicorp/consul/api"
|
||||||
"github.com/hashicorp/consul/lib"
|
"github.com/hashicorp/consul/lib"
|
||||||
"github.com/hashicorp/consul/tlsutil"
|
"github.com/hashicorp/consul/tlsutil"
|
||||||
"github.com/hashicorp/consul/types"
|
"github.com/hashicorp/consul/types"
|
||||||
|
@ -1187,6 +1188,64 @@ func (c *RuntimeConfig) IncomingHTTPSConfig() (*tls.Config, error) {
|
||||||
return tc.IncomingTLSConfig()
|
return tc.IncomingTLSConfig()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *RuntimeConfig) apiAddresses(maxPerType int) (unixAddrs, httpAddrs, httpsAddrs []string) {
|
||||||
|
if len(c.HTTPSAddrs) > 0 {
|
||||||
|
for i, addr := range c.HTTPSAddrs {
|
||||||
|
if i < maxPerType {
|
||||||
|
httpsAddrs = append(httpsAddrs, addr.String())
|
||||||
|
} else {
|
||||||
|
break
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if len(c.HTTPAddrs) > 0 {
|
||||||
|
unix_count := 0
|
||||||
|
http_count := 0
|
||||||
|
for _, addr := range c.HTTPAddrs {
|
||||||
|
net := addr.Network()
|
||||||
|
if net == "unix" && unix_count < maxPerType {
|
||||||
|
unixAddrs = append(unixAddrs, addr.String())
|
||||||
|
unix_count += 1
|
||||||
|
} else if net != "unix" && http_count < maxPerType {
|
||||||
|
httpAddrs = append(httpAddrs, addr.String())
|
||||||
|
http_count += 1
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
func (c *RuntimeConfig) APIConfig(includeClientCerts bool) (*api.Config, error) {
|
||||||
|
cfg := &api.Config{
|
||||||
|
Datacenter: c.Datacenter,
|
||||||
|
TLSConfig: api.TLSConfig{InsecureSkipVerify: true},
|
||||||
|
}
|
||||||
|
|
||||||
|
unixAddrs, httpAddrs, httpsAddrs := c.apiAddresses(1)
|
||||||
|
|
||||||
|
if len(httpsAddrs) > 0 {
|
||||||
|
cfg.Address = httpsAddrs[0]
|
||||||
|
cfg.Scheme = "https"
|
||||||
|
cfg.TLSConfig.CAFile = c.CAFile
|
||||||
|
cfg.TLSConfig.CAPath = c.CAPath
|
||||||
|
if includeClientCerts {
|
||||||
|
cfg.TLSConfig.CertFile = c.CertFile
|
||||||
|
cfg.TLSConfig.KeyFile = c.KeyFile
|
||||||
|
}
|
||||||
|
} else if len(httpAddrs) > 0 {
|
||||||
|
cfg.Address = httpAddrs[0]
|
||||||
|
cfg.Scheme = "http"
|
||||||
|
} else if len(unixAddrs) > 0 {
|
||||||
|
cfg.Address = "unix://" + unixAddrs[0]
|
||||||
|
cfg.Scheme = "http"
|
||||||
|
} else {
|
||||||
|
return nil, fmt.Errorf("No suitable client address can be found")
|
||||||
|
}
|
||||||
|
|
||||||
|
return cfg, nil
|
||||||
|
}
|
||||||
|
|
||||||
// Sanitized returns a JSON/HCL compatible representation of the runtime
|
// Sanitized returns a JSON/HCL compatible representation of the runtime
|
||||||
// configuration where all fields with potential secrets had their
|
// configuration where all fields with potential secrets had their
|
||||||
// values replaced by 'hidden'. In addition, network addresses and
|
// values replaced by 'hidden'. In addition, network addresses and
|
||||||
|
|
|
@ -11,6 +11,7 @@ import (
|
||||||
|
|
||||||
"github.com/hashicorp/consul/agent/local"
|
"github.com/hashicorp/consul/agent/local"
|
||||||
"github.com/hashicorp/consul/agent/structs"
|
"github.com/hashicorp/consul/agent/structs"
|
||||||
|
"github.com/hashicorp/consul/api"
|
||||||
"github.com/hashicorp/go-multierror"
|
"github.com/hashicorp/go-multierror"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -69,6 +70,9 @@ type Manager struct {
|
||||||
//
|
//
|
||||||
DataDir string
|
DataDir string
|
||||||
|
|
||||||
|
// Configuration information to tell the proxy how to talk to us
|
||||||
|
APIConfig *api.Config
|
||||||
|
|
||||||
// SnapshotPeriod is the duration between snapshots. This can be set
|
// SnapshotPeriod is the duration between snapshots. This can be set
|
||||||
// relatively low to ensure accuracy, because if the new snapshot matches
|
// relatively low to ensure accuracy, because if the new snapshot matches
|
||||||
// the last snapshot taken, no file will be written. Therefore, setting
|
// the last snapshot taken, no file will be written. Therefore, setting
|
||||||
|
@ -435,6 +439,9 @@ func (m *Manager) newProxy(mp *local.ManagedProxy) (Proxy, error) {
|
||||||
|
|
||||||
// Pass in the environmental variables for the proxy process
|
// Pass in the environmental variables for the proxy process
|
||||||
cmd.Env = os.Environ()
|
cmd.Env = os.Environ()
|
||||||
|
if m.APIConfig != nil {
|
||||||
|
cmd.Env = append(cmd.Env, m.APIConfig.GenerateEnv()...)
|
||||||
|
}
|
||||||
|
|
||||||
// Build the daemon structure
|
// Build the daemon structure
|
||||||
proxy.Command = &cmd
|
proxy.Command = &cmd
|
||||||
|
|
21
api/api.go
21
api/api.go
|
@ -405,6 +405,27 @@ func SetupTLSConfig(tlsConfig *TLSConfig) (*tls.Config, error) {
|
||||||
return tlsClientConfig, nil
|
return tlsClientConfig, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (c *Config) GenerateEnv() []string {
|
||||||
|
env := make([]string, 10)
|
||||||
|
|
||||||
|
env[0] = fmt.Sprintf("%s=%s", HTTPAddrEnvName, c.Address)
|
||||||
|
env[1] = fmt.Sprintf("%s=%s", HTTPTokenEnvName, c.Token)
|
||||||
|
if c.HttpAuth != nil {
|
||||||
|
env[2] = fmt.Sprintf("%s=%s:%s", HTTPAuthEnvName, c.HttpAuth.Username, c.HttpAuth.Password)
|
||||||
|
} else {
|
||||||
|
env[2] = fmt.Sprintf("%s=", HTTPAuthEnvName)
|
||||||
|
}
|
||||||
|
env[3] = fmt.Sprintf("%s=%t", HTTPSSLEnvName, c.Scheme == "https")
|
||||||
|
env[4] = fmt.Sprintf("%s=%s", HTTPCAFile, c.TLSConfig.CAFile)
|
||||||
|
env[5] = fmt.Sprintf("%s=%s", HTTPCAPath, c.TLSConfig.CAPath)
|
||||||
|
env[6] = fmt.Sprintf("%s=%s", HTTPClientCert, c.TLSConfig.CertFile)
|
||||||
|
env[7] = fmt.Sprintf("%s=%s", HTTPClientKey, c.TLSConfig.KeyFile)
|
||||||
|
env[8] = fmt.Sprintf("%s=%s", HTTPTLSServerName, c.TLSConfig.Address)
|
||||||
|
env[9] = fmt.Sprintf("%s=%t", HTTPSSLVerifyEnvName, !c.TLSConfig.InsecureSkipVerify)
|
||||||
|
|
||||||
|
return env
|
||||||
|
}
|
||||||
|
|
||||||
// Client provides a client to the Consul API
|
// Client provides a client to the Consul API
|
||||||
type Client struct {
|
type Client struct {
|
||||||
config Config
|
config Config
|
||||||
|
|
Loading…
Reference in New Issue