From 6ea59241d188370f2a52a12b6a2f3ee6b97f4827 Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Wed, 6 Jun 2018 11:44:10 -0700 Subject: [PATCH] website: address feedback --- website/source/docs/connect/native.html.md | 8 +++++++- website/source/docs/connect/native/go.html.md | 11 ++++++----- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/website/source/docs/connect/native.html.md b/website/source/docs/connect/native.html.md index fcb3f75da5..1717cc3389 100644 --- a/website/source/docs/connect/native.html.md +++ b/website/source/docs/connect/native.html.md @@ -19,13 +19,19 @@ can easily integrate with Connect. There is no custom protocol in use; any language that supports TLS can accept and establish Connect-based connections. +We currently provide an easy-to-use [Go integration](/docs/connect/native/go.html) +to assist with the getting the proper certificates, verifying connections, +etc. We plan to add helper libraries for other languages in the future. +However, without library support, it is still possible for any major language +to integrate with Connect. + ## Overview The primary work involved in natively integrating with Connect is [acquiring the proper TLS certificate](/api/agent/connect.html#service-leaf-certificate), [verifying TLS certificates](/api/agent/connect.html#certificate-authority-ca-roots), and [authorizing inbound connections](/api/agent/connect.html#authorize). -All of this is done using Consul's HTTP API using the previously-linked APIs. +All of this is done using the Consul HTTP APIs linked above. An overview of the sequence is shown below. The diagram and the following details may seem complex, but this is a _regular mutual TLS connection_ with diff --git a/website/source/docs/connect/native/go.html.md b/website/source/docs/connect/native/go.html.md index 0f28f9586c..467390699d 100644 --- a/website/source/docs/connect/native/go.html.md +++ b/website/source/docs/connect/native/go.html.md @@ -66,7 +66,8 @@ func main() { The first step is to create a Consul API client. This is almost always the default configuration with an ACL token set, since you want to communicate -to the local agent. The Go library will use this client to request certificates, +to the local agent. The default configuration will also read the ACL token +from environment variables if set. The Go library will use this client to request certificates, authorize connections, and more. Next, `connect.NewService` is called to create a service structure representing @@ -77,8 +78,8 @@ create one service and reuse that one service for all servers and clients. Finally, a standard `*http.Server` is created. The magic line is the `TLSConfig` value. This is set to a TLS configuration returned by the service structure. This TLS configuration is configured to automatically load certificates -in the background, cache them, and authorize inbound connections. This -also automatically handles maintaining blocking queries to update certificates +in the background, cache them, and authorize inbound connections. The service +structure automatically handles maintaining blocking queries to update certificates in the background if they change. Since the service returns a standard `*tls.Config`, _any_ server that supports @@ -151,7 +152,7 @@ Next, we call `svc.HTTPClient()` to return a specially configured `*http.Client`. This client will automatically established Connect-based connections using Consul service discovery. -Finally, we perform an HTTP `GET` request to a hypothetical user service. +Finally, we perform an HTTP `GET` request to a hypothetical userinfo service. The HTTP client configuration automatically sends the correct client certificate, verifies the server certificate, and manages background goroutines for updating our certificates as necessary. @@ -192,7 +193,7 @@ func main() { // Connect to the "userinfo" Consul service. conn, _ := svc.Dial(context.Background(), &connect.ConsulResolver{ Client: client, - Name: "userinfo", + Name: "userinfo", }) } ```