mirror of
https://github.com/status-im/consul.git
synced 2025-01-11 06:16:08 +00:00
Merge pull request #9475 from cbroglie/tls-server-name
Add support for configuring TLS ServerName for health checks
This commit is contained in:
commit
cacd7ccca2
3
.changelog/9475.txt
Normal file
3
.changelog/9475.txt
Normal file
@ -0,0 +1,3 @@
|
||||
```release-note:bug
|
||||
checks: add TLSServerName field to allow setting the TLS server name for HTTPS health checks.
|
||||
```
|
@ -2517,7 +2517,7 @@ func (a *Agent) addCheck(check *structs.HealthCheck, chkType *structs.CheckType,
|
||||
chkType.Interval = checks.MinInterval
|
||||
}
|
||||
|
||||
tlsClientConfig := a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify)
|
||||
tlsClientConfig := a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify, chkType.TLSServerName)
|
||||
|
||||
http := &checks.CheckHTTP{
|
||||
CheckID: cid,
|
||||
@ -2589,7 +2589,7 @@ func (a *Agent) addCheck(check *structs.HealthCheck, chkType *structs.CheckType,
|
||||
|
||||
var tlsClientConfig *tls.Config
|
||||
if chkType.GRPCUseTLS {
|
||||
tlsClientConfig = a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify)
|
||||
tlsClientConfig = a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify, chkType.TLSServerName)
|
||||
}
|
||||
|
||||
grpc := &checks.CheckGRPC{
|
||||
|
@ -1571,6 +1571,7 @@ func (b *builder) checkVal(v *CheckDefinition) *structs.CheckDefinition {
|
||||
Shell: stringVal(v.Shell),
|
||||
GRPC: stringVal(v.GRPC),
|
||||
GRPCUseTLS: boolVal(v.GRPCUseTLS),
|
||||
TLSServerName: stringVal(v.TLSServerName),
|
||||
TLSSkipVerify: boolVal(v.TLSSkipVerify),
|
||||
AliasNode: stringVal(v.AliasNode),
|
||||
AliasService: stringVal(v.AliasService),
|
||||
|
@ -405,6 +405,7 @@ type CheckDefinition struct {
|
||||
Shell *string `mapstructure:"shell"`
|
||||
GRPC *string `mapstructure:"grpc"`
|
||||
GRPCUseTLS *bool `mapstructure:"grpc_use_tls"`
|
||||
TLSServerName *string `mapstructure:"tls_server_name"`
|
||||
TLSSkipVerify *bool `mapstructure:"tls_skip_verify" alias:"tlsskipverify"`
|
||||
AliasNode *string `mapstructure:"alias_node"`
|
||||
AliasService *string `mapstructure:"alias_service"`
|
||||
|
@ -5081,6 +5081,7 @@ func TestLoad_FullConfig(t *testing.T) {
|
||||
OutputMaxSize: checks.DefaultBufSize,
|
||||
DockerContainerID: "ipgdFtjd",
|
||||
Shell: "qAeOYy0M",
|
||||
TLSServerName: "bdeb5f6a",
|
||||
TLSSkipVerify: true,
|
||||
Timeout: 1813 * time.Second,
|
||||
TTL: 21743 * time.Second,
|
||||
@ -5106,6 +5107,7 @@ func TestLoad_FullConfig(t *testing.T) {
|
||||
Interval: 28767 * time.Second,
|
||||
DockerContainerID: "THW6u7rL",
|
||||
Shell: "C1Zt3Zwh",
|
||||
TLSServerName: "6adc3bfb",
|
||||
TLSSkipVerify: true,
|
||||
Timeout: 18506 * time.Second,
|
||||
TTL: 31006 * time.Second,
|
||||
@ -5131,6 +5133,7 @@ func TestLoad_FullConfig(t *testing.T) {
|
||||
Interval: 18714 * time.Second,
|
||||
DockerContainerID: "qF66POS9",
|
||||
Shell: "sOnDy228",
|
||||
TLSServerName: "7BdnzBYk",
|
||||
TLSSkipVerify: true,
|
||||
Timeout: 5954 * time.Second,
|
||||
TTL: 30044 * time.Second,
|
||||
@ -5336,6 +5339,7 @@ func TestLoad_FullConfig(t *testing.T) {
|
||||
Interval: 24392 * time.Second,
|
||||
DockerContainerID: "ZKXr68Yb",
|
||||
Shell: "CEfzx0Fo",
|
||||
TLSServerName: "4f191d4F",
|
||||
TLSSkipVerify: true,
|
||||
Timeout: 38333 * time.Second,
|
||||
TTL: 57201 * time.Second,
|
||||
@ -5386,6 +5390,7 @@ func TestLoad_FullConfig(t *testing.T) {
|
||||
Interval: 32718 * time.Second,
|
||||
DockerContainerID: "cU15LMet",
|
||||
Shell: "nEz9qz2l",
|
||||
TLSServerName: "f43ouY7a",
|
||||
TLSSkipVerify: true,
|
||||
Timeout: 34738 * time.Second,
|
||||
TTL: 22773 * time.Second,
|
||||
@ -5409,6 +5414,7 @@ func TestLoad_FullConfig(t *testing.T) {
|
||||
Interval: 5656 * time.Second,
|
||||
DockerContainerID: "5tDBWpfA",
|
||||
Shell: "rlTpLM8s",
|
||||
TLSServerName: "sOv5WTtp",
|
||||
TLSSkipVerify: true,
|
||||
Timeout: 4868 * time.Second,
|
||||
TTL: 11222 * time.Second,
|
||||
@ -5525,6 +5531,7 @@ func TestLoad_FullConfig(t *testing.T) {
|
||||
Interval: 22224 * time.Second,
|
||||
DockerContainerID: "ipgdFtjd",
|
||||
Shell: "omVZq7Sz",
|
||||
TLSServerName: "axw5QPL5",
|
||||
TLSSkipVerify: true,
|
||||
Timeout: 18913 * time.Second,
|
||||
TTL: 44743 * time.Second,
|
||||
@ -5548,6 +5555,7 @@ func TestLoad_FullConfig(t *testing.T) {
|
||||
Interval: 12356 * time.Second,
|
||||
DockerContainerID: "HBndBU6R",
|
||||
Shell: "hVI33JjA",
|
||||
TLSServerName: "7uwWOnUS",
|
||||
TLSSkipVerify: true,
|
||||
Timeout: 38282 * time.Second,
|
||||
TTL: 1181 * time.Second,
|
||||
@ -5571,6 +5579,7 @@ func TestLoad_FullConfig(t *testing.T) {
|
||||
Interval: 23926 * time.Second,
|
||||
DockerContainerID: "dO5TtRHk",
|
||||
Shell: "e6q2ttES",
|
||||
TLSServerName: "ECSHk8WF",
|
||||
TLSSkipVerify: true,
|
||||
Timeout: 38483 * time.Second,
|
||||
TTL: 10943 * time.Second,
|
||||
|
@ -107,6 +107,7 @@
|
||||
"Status": "",
|
||||
"SuccessBeforePassing": 0,
|
||||
"TCP": "",
|
||||
"TLSServerName": "",
|
||||
"TLSSkipVerify": false,
|
||||
"TTL": "0s",
|
||||
"Timeout": "0s",
|
||||
@ -307,6 +308,7 @@
|
||||
"Status": "",
|
||||
"SuccessBeforePassing": 0,
|
||||
"TCP": "",
|
||||
"TLSServerName": "",
|
||||
"TLSSkipVerify": false,
|
||||
"TTL": "0s",
|
||||
"Timeout": "0s"
|
||||
|
9
agent/config/testdata/full-config.hcl
vendored
9
agent/config/testdata/full-config.hcl
vendored
@ -113,6 +113,7 @@ check = {
|
||||
output_max_size = 4096
|
||||
docker_container_id = "qF66POS9"
|
||||
shell = "sOnDy228"
|
||||
tls_server_name = "7BdnzBYk"
|
||||
tls_skip_verify = true
|
||||
timeout = "5954s"
|
||||
ttl = "30044s"
|
||||
@ -139,6 +140,7 @@ checks = [
|
||||
output_max_size = 4096
|
||||
docker_container_id = "ipgdFtjd"
|
||||
shell = "qAeOYy0M"
|
||||
tls_server_name = "bdeb5f6a"
|
||||
tls_skip_verify = true
|
||||
timeout = "1813s"
|
||||
ttl = "21743s"
|
||||
@ -164,6 +166,7 @@ checks = [
|
||||
output_max_size = 4096
|
||||
docker_container_id = "THW6u7rL"
|
||||
shell = "C1Zt3Zwh"
|
||||
tls_server_name = "6adc3bfb"
|
||||
tls_skip_verify = true
|
||||
timeout = "18506s"
|
||||
ttl = "31006s"
|
||||
@ -378,6 +381,7 @@ service = {
|
||||
interval = "23926s"
|
||||
docker_container_id = "dO5TtRHk"
|
||||
shell = "e6q2ttES"
|
||||
tls_server_name = "ECSHk8WF"
|
||||
tls_skip_verify = true
|
||||
timeout = "38483s"
|
||||
ttl = "10943s"
|
||||
@ -402,6 +406,7 @@ service = {
|
||||
output_max_size = 4096
|
||||
docker_container_id = "ipgdFtjd"
|
||||
shell = "omVZq7Sz"
|
||||
tls_server_name = "axw5QPL5"
|
||||
tls_skip_verify = true
|
||||
timeout = "18913s"
|
||||
ttl = "44743s"
|
||||
@ -425,6 +430,7 @@ service = {
|
||||
output_max_size = 4096
|
||||
docker_container_id = "HBndBU6R"
|
||||
shell = "hVI33JjA"
|
||||
tls_server_name = "7uwWOnUS"
|
||||
tls_skip_verify = true
|
||||
timeout = "38282s"
|
||||
ttl = "1181s"
|
||||
@ -462,6 +468,7 @@ services = [
|
||||
output_max_size = 4096
|
||||
docker_container_id = "ZKXr68Yb"
|
||||
shell = "CEfzx0Fo"
|
||||
tls_server_name = "4f191d4F"
|
||||
tls_skip_verify = true
|
||||
timeout = "38333s"
|
||||
ttl = "57201s"
|
||||
@ -502,6 +509,7 @@ services = [
|
||||
output_max_size = 4096
|
||||
docker_container_id = "cU15LMet"
|
||||
shell = "nEz9qz2l"
|
||||
tls_server_name = "f43ouY7a"
|
||||
tls_skip_verify = true
|
||||
timeout = "34738s"
|
||||
ttl = "22773s"
|
||||
@ -525,6 +533,7 @@ services = [
|
||||
output_max_size = 4096
|
||||
docker_container_id = "5tDBWpfA"
|
||||
shell = "rlTpLM8s"
|
||||
tls_server_name = "sOv5WTtp"
|
||||
tls_skip_verify = true
|
||||
timeout = "4868s"
|
||||
ttl = "11222s"
|
||||
|
9
agent/config/testdata/full-config.json
vendored
9
agent/config/testdata/full-config.json
vendored
@ -114,6 +114,7 @@
|
||||
"interval": "18714s",
|
||||
"docker_container_id": "qF66POS9",
|
||||
"shell": "sOnDy228",
|
||||
"tls_server_name": "7BdnzBYk",
|
||||
"tls_skip_verify": true,
|
||||
"timeout": "5954s",
|
||||
"ttl": "30044s",
|
||||
@ -140,6 +141,7 @@
|
||||
"output_max_size": 4096,
|
||||
"docker_container_id": "ipgdFtjd",
|
||||
"shell": "qAeOYy0M",
|
||||
"tls_server_name": "bdeb5f6a",
|
||||
"tls_skip_verify": true,
|
||||
"timeout": "1813s",
|
||||
"ttl": "21743s",
|
||||
@ -165,6 +167,7 @@
|
||||
"output_max_size": 4096,
|
||||
"docker_container_id": "THW6u7rL",
|
||||
"shell": "C1Zt3Zwh",
|
||||
"tls_server_name": "6adc3bfb",
|
||||
"tls_skip_verify": true,
|
||||
"timeout": "18506s",
|
||||
"ttl": "31006s",
|
||||
@ -375,6 +378,7 @@
|
||||
"output_max_size": 4096,
|
||||
"docker_container_id": "dO5TtRHk",
|
||||
"shell": "e6q2ttES",
|
||||
"tls_server_name": "ECSHk8WF",
|
||||
"tls_skip_verify": true,
|
||||
"timeout": "38483s",
|
||||
"ttl": "10943s",
|
||||
@ -399,6 +403,7 @@
|
||||
"output_max_size": 4096,
|
||||
"docker_container_id": "ipgdFtjd",
|
||||
"shell": "omVZq7Sz",
|
||||
"tls_server_name": "axw5QPL5",
|
||||
"tls_skip_verify": true,
|
||||
"timeout": "18913s",
|
||||
"ttl": "44743s",
|
||||
@ -422,6 +427,7 @@
|
||||
"output_max_size": 4096,
|
||||
"docker_container_id": "HBndBU6R",
|
||||
"shell": "hVI33JjA",
|
||||
"tls_server_name": "7uwWOnUS",
|
||||
"tls_skip_verify": true,
|
||||
"timeout": "38282s",
|
||||
"ttl": "1181s",
|
||||
@ -459,6 +465,7 @@
|
||||
"output_max_size": 4096,
|
||||
"docker_container_id": "ZKXr68Yb",
|
||||
"shell": "CEfzx0Fo",
|
||||
"tls_server_name": "4f191d4F",
|
||||
"tls_skip_verify": true,
|
||||
"timeout": "38333s",
|
||||
"ttl": "57201s",
|
||||
@ -499,6 +506,7 @@
|
||||
"output_max_size": 4096,
|
||||
"docker_container_id": "cU15LMet",
|
||||
"shell": "nEz9qz2l",
|
||||
"tls_server_name": "f43ouY7a",
|
||||
"tls_skip_verify": true,
|
||||
"timeout": "34738s",
|
||||
"ttl": "22773s",
|
||||
@ -522,6 +530,7 @@
|
||||
"output_max_size": 4096,
|
||||
"docker_container_id": "5tDBWpfA",
|
||||
"shell": "rlTpLM8s",
|
||||
"tls_server_name": "sOv5WTtp",
|
||||
"tls_skip_verify": true,
|
||||
"timeout": "4868s",
|
||||
"ttl": "11222s",
|
||||
|
@ -275,6 +275,7 @@ type translateKeyTestCase struct {
|
||||
// "script_args": "ScriptArgs",
|
||||
// "deregister_critical_service_after": "DeregisterCriticalServiceAfter",
|
||||
// "docker_container_id": "DockerContainerID",
|
||||
// "tls_server_name": "TLSServerName",
|
||||
// "tls_skip_verify": "TLSSkipVerify",
|
||||
// "service_id": "ServiceID",
|
||||
|
||||
@ -283,7 +284,8 @@ var translateCheckTypeTCs = [][]translateKeyTestCase{
|
||||
translateDeregisterTCs,
|
||||
translateDockerTCs,
|
||||
translateGRPCUseTLSTCs,
|
||||
translateTLSTCs,
|
||||
translateTLSServerNameTCs,
|
||||
translateTLSSkipVerifyTCs,
|
||||
translateServiceIDTCs,
|
||||
}
|
||||
|
||||
@ -504,8 +506,65 @@ var translateDockerTCs = []translateKeyTestCase{
|
||||
},
|
||||
}
|
||||
|
||||
// TLSServerName: string
|
||||
func tlsServerNameEqFn(out interface{}, want interface{}) error {
|
||||
var got interface{}
|
||||
switch v := out.(type) {
|
||||
case structs.CheckDefinition:
|
||||
got = v.TLSServerName
|
||||
case *structs.CheckDefinition:
|
||||
got = v.TLSServerName
|
||||
case structs.CheckType:
|
||||
got = v.TLSServerName
|
||||
case *structs.CheckType:
|
||||
got = v.TLSServerName
|
||||
case structs.HealthCheckDefinition:
|
||||
got = v.TLSServerName
|
||||
case *structs.HealthCheckDefinition:
|
||||
got = v.TLSServerName
|
||||
default:
|
||||
panic(fmt.Sprintf("unexpected type %T", out))
|
||||
}
|
||||
if got != want {
|
||||
return fmt.Errorf("expected TLSServerName to be %v, got %v", want, got)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
var tlsServerNameFields = []string{`"TLSServerName": %s`, `"tls_server_name": %s`}
|
||||
var translateTLSServerNameTCs = []translateKeyTestCase{
|
||||
{
|
||||
desc: "tlsServerName: both set",
|
||||
in: []interface{}{`"server1"`, `"server2"`},
|
||||
want: "server1",
|
||||
jsonFmtStr: "{" + strings.Join(tlsServerNameFields, ",") + "}",
|
||||
equalityFn: tlsServerNameEqFn,
|
||||
},
|
||||
{
|
||||
desc: "tlsServerName: first set",
|
||||
in: []interface{}{`"server1"`},
|
||||
want: "server1",
|
||||
jsonFmtStr: "{" + tlsServerNameFields[0] + "}",
|
||||
equalityFn: tlsServerNameEqFn,
|
||||
},
|
||||
{
|
||||
desc: "tlsServerName: second set",
|
||||
in: []interface{}{`"server2"`},
|
||||
want: "server2",
|
||||
jsonFmtStr: "{" + tlsServerNameFields[1] + "}",
|
||||
equalityFn: tlsServerNameEqFn,
|
||||
},
|
||||
{
|
||||
desc: "tlsServerName: neither set",
|
||||
in: []interface{}{},
|
||||
want: "", // zero value
|
||||
jsonFmtStr: "{}",
|
||||
equalityFn: tlsServerNameEqFn,
|
||||
},
|
||||
}
|
||||
|
||||
// TLSSkipVerify: bool
|
||||
func tlsEqFn(out interface{}, want interface{}) error {
|
||||
func tlsSkipVerifyEqFn(out interface{}, want interface{}) error {
|
||||
var got interface{}
|
||||
switch v := out.(type) {
|
||||
case structs.CheckDefinition:
|
||||
@ -529,35 +588,35 @@ func tlsEqFn(out interface{}, want interface{}) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
var tlsFields = []string{`"TLSSkipVerify": %s`, `"tls_skip_verify": %s`}
|
||||
var translateTLSTCs = []translateKeyTestCase{
|
||||
var tlsSkipVerifyFields = []string{`"TLSSkipVerify": %s`, `"tls_skip_verify": %s`}
|
||||
var translateTLSSkipVerifyTCs = []translateKeyTestCase{
|
||||
{
|
||||
desc: "tlsSkipVerify: both set",
|
||||
in: []interface{}{`true`, `false`},
|
||||
want: true,
|
||||
jsonFmtStr: "{" + strings.Join(tlsFields, ",") + "}",
|
||||
equalityFn: tlsEqFn,
|
||||
jsonFmtStr: "{" + strings.Join(tlsSkipVerifyFields, ",") + "}",
|
||||
equalityFn: tlsSkipVerifyEqFn,
|
||||
},
|
||||
{
|
||||
desc: "tlsSkipVerify: first set",
|
||||
in: []interface{}{`true`},
|
||||
want: true,
|
||||
jsonFmtStr: "{" + tlsFields[0] + "}",
|
||||
equalityFn: tlsEqFn,
|
||||
jsonFmtStr: "{" + tlsSkipVerifyFields[0] + "}",
|
||||
equalityFn: tlsSkipVerifyEqFn,
|
||||
},
|
||||
{
|
||||
desc: "tlsSkipVerify: second set",
|
||||
in: []interface{}{`true`},
|
||||
want: true,
|
||||
jsonFmtStr: "{" + tlsFields[1] + "}",
|
||||
equalityFn: tlsEqFn,
|
||||
jsonFmtStr: "{" + tlsSkipVerifyFields[1] + "}",
|
||||
equalityFn: tlsSkipVerifyEqFn,
|
||||
},
|
||||
{
|
||||
desc: "tlsSkipVerify: neither set",
|
||||
in: []interface{}{},
|
||||
want: false, // zero value
|
||||
jsonFmtStr: "{}",
|
||||
equalityFn: tlsEqFn,
|
||||
equalityFn: tlsSkipVerifyEqFn,
|
||||
},
|
||||
}
|
||||
|
||||
@ -876,6 +935,7 @@ func TestDecodeACLRoleWrite(t *testing.T) {
|
||||
// Shell string
|
||||
// GRPC string
|
||||
// GRPCUseTLS bool
|
||||
// TLSServerName string
|
||||
// TLSSkipVerify bool
|
||||
// AliasNode string
|
||||
// AliasService string
|
||||
@ -988,6 +1048,7 @@ func TestDecodeAgentRegisterCheck(t *testing.T) {
|
||||
// Shell string
|
||||
// GRPC string
|
||||
// GRPCUseTLS bool
|
||||
// TLSServerName string
|
||||
// TLSSkipVerify bool
|
||||
// Timeout time.Duration
|
||||
// TTL time.Duration
|
||||
@ -1924,6 +1985,7 @@ func TestDecodeAgentRegisterService(t *testing.T) {
|
||||
// Shell string
|
||||
// GRPC string
|
||||
// GRPCUseTLS bool
|
||||
// TLSServerName string
|
||||
// TLSSkipVerify bool
|
||||
// Timeout time.Duration
|
||||
// TTL time.Duration
|
||||
@ -1953,6 +2015,7 @@ func TestDecodeAgentRegisterService(t *testing.T) {
|
||||
// ServiceTags []string
|
||||
// Definition structs.HealthCheckDefinition
|
||||
// HTTP string
|
||||
// TLSServerName string
|
||||
// TLSSkipVerify bool
|
||||
// Header map[string][]string
|
||||
// Method string
|
||||
@ -2425,6 +2488,7 @@ func TestDecodeSessionCreate(t *testing.T) {
|
||||
// TCP string
|
||||
// Status string
|
||||
// Notes string
|
||||
// TLSServerName string
|
||||
// TLSSkipVerify bool
|
||||
// GRPC string
|
||||
// GRPCUseTLS bool
|
||||
@ -2451,6 +2515,7 @@ func TestDecodeSessionCreate(t *testing.T) {
|
||||
// Header map[string][]string
|
||||
// Method string
|
||||
// Body string
|
||||
// TLSServerName string
|
||||
// TLSSkipVerify bool
|
||||
// TCP string
|
||||
// IntervalDuration time.Duration
|
||||
|
@ -33,6 +33,7 @@ type CheckDefinition struct {
|
||||
Shell string
|
||||
GRPC string
|
||||
GRPCUseTLS bool
|
||||
TLSServerName string
|
||||
TLSSkipVerify bool
|
||||
AliasNode string
|
||||
AliasService string
|
||||
@ -62,6 +63,7 @@ func (t *CheckDefinition) UnmarshalJSON(data []byte) (err error) {
|
||||
ScriptArgsSnake []string `json:"script_args"`
|
||||
DeregisterCriticalServiceAfterSnake interface{} `json:"deregister_critical_service_after"`
|
||||
DockerContainerIDSnake string `json:"docker_container_id"`
|
||||
TLSServerNameSnake string `json:"tls_server_name"`
|
||||
TLSSkipVerifySnake bool `json:"tls_skip_verify"`
|
||||
GRPCUseTLSSnake bool `json:"grpc_use_tls"`
|
||||
ServiceIDSnake string `json:"service_id"`
|
||||
@ -87,6 +89,9 @@ func (t *CheckDefinition) UnmarshalJSON(data []byte) (err error) {
|
||||
if t.DockerContainerID == "" {
|
||||
t.DockerContainerID = aux.DockerContainerIDSnake
|
||||
}
|
||||
if t.TLSServerName == "" {
|
||||
t.TLSServerName = aux.TLSServerNameSnake
|
||||
}
|
||||
if aux.TLSSkipVerifySnake {
|
||||
t.TLSSkipVerify = aux.TLSSkipVerifySnake
|
||||
}
|
||||
@ -182,6 +187,7 @@ func (c *CheckDefinition) CheckType() *CheckType {
|
||||
Interval: c.Interval,
|
||||
DockerContainerID: c.DockerContainerID,
|
||||
Shell: c.Shell,
|
||||
TLSServerName: c.TLSServerName,
|
||||
TLSSkipVerify: c.TLSSkipVerify,
|
||||
Timeout: c.Timeout,
|
||||
TTL: c.TTL,
|
||||
|
@ -43,6 +43,7 @@ type CheckType struct {
|
||||
Shell string
|
||||
GRPC string
|
||||
GRPCUseTLS bool
|
||||
TLSServerName string
|
||||
TLSSkipVerify bool
|
||||
Timeout time.Duration
|
||||
TTL time.Duration
|
||||
@ -75,6 +76,7 @@ func (t *CheckType) UnmarshalJSON(data []byte) (err error) {
|
||||
ScriptArgsSnake []string `json:"script_args"`
|
||||
DeregisterCriticalServiceAfterSnake interface{} `json:"deregister_critical_service_after"`
|
||||
DockerContainerIDSnake string `json:"docker_container_id"`
|
||||
TLSServerNameSnake string `json:"tls_server_name"`
|
||||
TLSSkipVerifySnake bool `json:"tls_skip_verify"`
|
||||
GRPCUseTLSSnake bool `json:"grpc_use_tls"`
|
||||
|
||||
@ -102,6 +104,9 @@ func (t *CheckType) UnmarshalJSON(data []byte) (err error) {
|
||||
if t.DockerContainerID == "" {
|
||||
t.DockerContainerID = aux.DockerContainerIDSnake
|
||||
}
|
||||
if t.TLSServerName == "" {
|
||||
t.TLSServerName = aux.TLSServerNameSnake
|
||||
}
|
||||
if aux.TLSSkipVerifySnake {
|
||||
t.TLSSkipVerify = aux.TLSSkipVerifySnake
|
||||
}
|
||||
|
@ -1429,6 +1429,7 @@ func (hc *HealthCheck) CompoundCheckID() CheckID {
|
||||
|
||||
type HealthCheckDefinition struct {
|
||||
HTTP string `json:",omitempty"`
|
||||
TLSServerName string `json:",omitempty"`
|
||||
TLSSkipVerify bool `json:",omitempty"`
|
||||
Header map[string][]string `json:",omitempty"`
|
||||
Method string `json:",omitempty"`
|
||||
@ -1583,6 +1584,7 @@ func (c *HealthCheck) CheckType() *CheckType {
|
||||
Interval: c.Definition.Interval,
|
||||
DockerContainerID: c.Definition.DockerContainerID,
|
||||
Shell: c.Definition.Shell,
|
||||
TLSServerName: c.Definition.TLSServerName,
|
||||
TLSSkipVerify: c.Definition.TLSSkipVerify,
|
||||
Timeout: c.Definition.Timeout,
|
||||
TTL: c.Definition.TTL,
|
||||
|
@ -264,6 +264,7 @@ func (s *HTTPHandlers) convertOps(resp http.ResponseWriter, req *http.Request) (
|
||||
ServiceTags: check.ServiceTags,
|
||||
Definition: structs.HealthCheckDefinition{
|
||||
HTTP: check.Definition.HTTP,
|
||||
TLSServerName: check.Definition.TLSServerName,
|
||||
TLSSkipVerify: check.Definition.TLSSkipVerify,
|
||||
Header: check.Definition.Header,
|
||||
Method: check.Definition.Method,
|
||||
|
@ -313,6 +313,7 @@ type AgentServiceCheck struct {
|
||||
TCP string `json:",omitempty"`
|
||||
Status string `json:",omitempty"`
|
||||
Notes string `json:",omitempty"`
|
||||
TLSServerName string `json:",omitempty"`
|
||||
TLSSkipVerify bool `json:",omitempty"`
|
||||
GRPC string `json:",omitempty"`
|
||||
GRPCUseTLS bool `json:",omitempty"`
|
||||
|
@ -58,6 +58,7 @@ type HealthCheckDefinition struct {
|
||||
Header map[string][]string
|
||||
Method string
|
||||
Body string
|
||||
TLSServerName string
|
||||
TLSSkipVerify bool
|
||||
TCP string
|
||||
IntervalDuration time.Duration `json:"-"`
|
||||
|
@ -23,6 +23,7 @@ func CheckTypeToStructs(s CheckType) structs.CheckType {
|
||||
t.Shell = s.Shell
|
||||
t.GRPC = s.GRPC
|
||||
t.GRPCUseTLS = s.GRPCUseTLS
|
||||
t.TLSServerName = s.TLSServerName
|
||||
t.TLSSkipVerify = s.TLSSkipVerify
|
||||
t.Timeout = s.Timeout
|
||||
t.TTL = s.TTL
|
||||
@ -53,6 +54,7 @@ func NewCheckTypeFromStructs(t structs.CheckType) CheckType {
|
||||
s.Shell = t.Shell
|
||||
s.GRPC = t.GRPC
|
||||
s.GRPCUseTLS = t.GRPCUseTLS
|
||||
s.TLSServerName = t.TLSServerName
|
||||
s.TLSSkipVerify = t.TLSSkipVerify
|
||||
s.Timeout = t.Timeout
|
||||
s.TTL = t.TTL
|
||||
@ -101,6 +103,7 @@ func NewHealthCheckFromStructs(t structs.HealthCheck) HealthCheck {
|
||||
func HealthCheckDefinitionToStructs(s HealthCheckDefinition) structs.HealthCheckDefinition {
|
||||
var t structs.HealthCheckDefinition
|
||||
t.HTTP = s.HTTP
|
||||
t.TLSServerName = s.TLSServerName
|
||||
t.TLSSkipVerify = s.TLSSkipVerify
|
||||
t.Header = MapHeadersToStructs(s.Header)
|
||||
t.Method = s.Method
|
||||
@ -123,6 +126,7 @@ func HealthCheckDefinitionToStructs(s HealthCheckDefinition) structs.HealthCheck
|
||||
func NewHealthCheckDefinitionFromStructs(t structs.HealthCheckDefinition) HealthCheckDefinition {
|
||||
var s HealthCheckDefinition
|
||||
s.HTTP = t.HTTP
|
||||
s.TLSServerName = t.TLSServerName
|
||||
s.TLSSkipVerify = t.TLSSkipVerify
|
||||
s.Header = NewMapHeadersFromStructs(t.Header)
|
||||
s.Method = t.Method
|
||||
|
@ -133,6 +133,7 @@ var xxx_messageInfo_HeaderValue proto.InternalMessageInfo
|
||||
// name=Structs
|
||||
type HealthCheckDefinition struct {
|
||||
HTTP string `protobuf:"bytes,1,opt,name=HTTP,proto3" json:"HTTP,omitempty"`
|
||||
TLSServerName string `protobuf:"bytes,19,opt,name=TLSServerName,proto3" json:"TLSServerName,omitempty"`
|
||||
TLSSkipVerify bool `protobuf:"varint,2,opt,name=TLSSkipVerify,proto3" json:"TLSSkipVerify,omitempty"`
|
||||
// mog: func-to=MapHeadersToStructs func-from=NewMapHeadersFromStructs
|
||||
Header map[string]HeaderValue `protobuf:"bytes,3,rep,name=Header,proto3" json:"Header" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
|
||||
@ -218,6 +219,7 @@ type CheckType struct {
|
||||
Shell string `protobuf:"bytes,13,opt,name=Shell,proto3" json:"Shell,omitempty"`
|
||||
GRPC string `protobuf:"bytes,14,opt,name=GRPC,proto3" json:"GRPC,omitempty"`
|
||||
GRPCUseTLS bool `protobuf:"varint,15,opt,name=GRPCUseTLS,proto3" json:"GRPCUseTLS,omitempty"`
|
||||
TLSServerName string `protobuf:"bytes,27,opt,name=TLSServerName,proto3" json:"TLSServerName,omitempty"`
|
||||
TLSSkipVerify bool `protobuf:"varint,16,opt,name=TLSSkipVerify,proto3" json:"TLSSkipVerify,omitempty"`
|
||||
Timeout time.Duration `protobuf:"bytes,17,opt,name=Timeout,proto3,stdduration" json:"Timeout"`
|
||||
TTL time.Duration `protobuf:"bytes,18,opt,name=TTL,proto3,stdduration" json:"TTL"`
|
||||
@ -281,70 +283,71 @@ func init() {
|
||||
func init() { proto.RegisterFile("proto/pbservice/healthcheck.proto", fileDescriptor_8a6f7448747c9fbe) }
|
||||
|
||||
var fileDescriptor_8a6f7448747c9fbe = []byte{
|
||||
// 999 bytes of a gzipped FileDescriptorProto
|
||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0x4d, 0x6f, 0xe3, 0x44,
|
||||
0x18, 0x8e, 0x9b, 0x8f, 0xc6, 0x93, 0x6d, 0xb7, 0x1d, 0xba, 0x65, 0xb6, 0x20, 0x37, 0x04, 0x0e,
|
||||
0x41, 0x14, 0x47, 0x2a, 0x02, 0x01, 0x12, 0xa0, 0x26, 0xd9, 0x8f, 0xa0, 0x76, 0x09, 0x8e, 0xd9,
|
||||
0x03, 0x37, 0xd7, 0x99, 0x24, 0x56, 0x1c, 0x4f, 0x34, 0x1e, 0x57, 0x0d, 0x57, 0xfe, 0x00, 0xc7,
|
||||
0xfd, 0x49, 0x3d, 0x56, 0x9c, 0x38, 0x15, 0x68, 0xcf, 0xfc, 0x01, 0x4e, 0x68, 0xde, 0xb1, 0x53,
|
||||
0x67, 0xe3, 0x25, 0x65, 0xb5, 0x9c, 0xf2, 0x7e, 0xce, 0x78, 0xde, 0xf7, 0x79, 0x9e, 0x16, 0xbd,
|
||||
0x37, 0xe5, 0x4c, 0xb0, 0xc6, 0xf4, 0x34, 0xa4, 0xfc, 0xcc, 0x73, 0x69, 0x63, 0x44, 0x1d, 0x5f,
|
||||
0x8c, 0xdc, 0x11, 0x75, 0xc7, 0x26, 0xe4, 0xb0, 0x3e, 0x4f, 0xee, 0x19, 0x43, 0xc6, 0x86, 0x3e,
|
||||
0x6d, 0x40, 0xe2, 0x34, 0x1a, 0x34, 0xfa, 0x11, 0x77, 0x84, 0xc7, 0x02, 0x55, 0xba, 0xf7, 0x4e,
|
||||
0x72, 0x9a, 0xcb, 0x26, 0x13, 0x16, 0x34, 0xd4, 0x4f, 0x9c, 0xdc, 0x19, 0xb2, 0x21, 0x53, 0x05,
|
||||
0xd2, 0x52, 0xd1, 0xda, 0xcf, 0x05, 0x54, 0x79, 0x0a, 0x77, 0xb6, 0xe4, 0x9d, 0x18, 0xa3, 0xc2,
|
||||
0x33, 0xd6, 0xa7, 0x44, 0xab, 0x6a, 0x75, 0xdd, 0x02, 0x1b, 0x3f, 0x41, 0xeb, 0x90, 0xec, 0xb4,
|
||||
0xc9, 0x9a, 0x0c, 0x37, 0x3f, 0xfe, 0xfb, 0x6a, 0xff, 0xc3, 0xa1, 0x27, 0x46, 0xd1, 0xa9, 0xe9,
|
||||
0xb2, 0x49, 0x63, 0xe4, 0x84, 0x23, 0xcf, 0x65, 0x7c, 0xda, 0x70, 0x59, 0x10, 0x46, 0x7e, 0x43,
|
||||
0xcc, 0xa6, 0x34, 0x34, 0xe3, 0x26, 0x2b, 0xe9, 0x86, 0xc3, 0x9d, 0x09, 0x25, 0xf9, 0xf8, 0x70,
|
||||
0x67, 0x42, 0xf1, 0x2e, 0x2a, 0xf5, 0x84, 0x23, 0xa2, 0x90, 0x14, 0x20, 0x1a, 0x7b, 0x78, 0x07,
|
||||
0x15, 0x9f, 0x31, 0x41, 0x43, 0x52, 0x84, 0xb0, 0x72, 0x64, 0xf5, 0x77, 0x91, 0x98, 0x46, 0x82,
|
||||
0x94, 0x54, 0xb5, 0xf2, 0xf0, 0xbb, 0x48, 0xef, 0xa9, 0x21, 0x75, 0xda, 0x64, 0x1d, 0x52, 0xb7,
|
||||
0x01, 0x5c, 0x45, 0x95, 0xd8, 0x81, 0xeb, 0xcb, 0x90, 0x4f, 0x87, 0x52, 0x15, 0xb6, 0x33, 0x0c,
|
||||
0x89, 0x5e, 0xcd, 0xa7, 0x2a, 0x64, 0x48, 0x7e, 0xbb, 0x3d, 0x9b, 0x52, 0x72, 0x4f, 0x7d, 0xbb,
|
||||
0xb4, 0xf1, 0x63, 0x84, 0xda, 0x74, 0xe0, 0x05, 0x9e, 0xdc, 0x01, 0x41, 0x55, 0xad, 0x5e, 0x39,
|
||||
0xac, 0x9a, 0xf3, 0x7d, 0x99, 0xa9, 0xc1, 0xde, 0xd6, 0x35, 0x0b, 0x17, 0x57, 0xfb, 0x39, 0x2b,
|
||||
0xd5, 0x89, 0xbf, 0x40, 0xba, 0xe5, 0x0c, 0x44, 0x27, 0xe8, 0xd3, 0x73, 0x52, 0x81, 0x63, 0xb6,
|
||||
0xcd, 0x78, 0x79, 0xf3, 0x44, 0xb3, 0x2c, 0xfb, 0x2e, 0xaf, 0xf6, 0x35, 0xeb, 0xb6, 0x1a, 0xb7,
|
||||
0xd1, 0xe6, 0xa3, 0x40, 0x50, 0x3e, 0xe5, 0x5e, 0x48, 0x4f, 0xa8, 0x70, 0xc8, 0x06, 0xf4, 0xef,
|
||||
0x26, 0xfd, 0x8b, 0xd9, 0xf8, 0xf2, 0x97, 0x7a, 0x6a, 0xef, 0x03, 0x08, 0xfa, 0x94, 0x3f, 0x77,
|
||||
0xfc, 0x88, 0xca, 0xd9, 0x83, 0x41, 0x34, 0x98, 0x83, 0x72, 0x6a, 0xbf, 0x96, 0xd0, 0x83, 0xcc,
|
||||
0x17, 0xc9, 0xd9, 0x3c, 0xb5, 0xed, 0x6e, 0x02, 0x1a, 0x69, 0xe3, 0x0f, 0xd0, 0x86, 0x7d, 0xdc,
|
||||
0xeb, 0x8d, 0xbd, 0xe9, 0x73, 0xca, 0xbd, 0xc1, 0x0c, 0xa0, 0x53, 0xb6, 0x16, 0x83, 0xf8, 0x5b,
|
||||
0x54, 0x52, 0x17, 0x93, 0x7c, 0x35, 0x5f, 0xaf, 0x1c, 0x1e, 0xac, 0x9a, 0x9e, 0xa9, 0xca, 0x1f,
|
||||
0x05, 0x82, 0xcf, 0xe2, 0xc7, 0xc4, 0x27, 0x48, 0x6c, 0x9c, 0x50, 0x31, 0x62, 0xfd, 0x04, 0x49,
|
||||
0xca, 0x93, 0x5f, 0xd7, 0x64, 0xfd, 0x19, 0xc1, 0xea, 0xeb, 0xa4, 0x8d, 0xb7, 0x50, 0xde, 0x6e,
|
||||
0x75, 0x63, 0x6c, 0x49, 0x13, 0x7f, 0x83, 0xca, 0x1d, 0x39, 0x94, 0x33, 0xc7, 0x07, 0x6c, 0x55,
|
||||
0x0e, 0x1f, 0x9a, 0x8a, 0x6e, 0x66, 0x42, 0x37, 0xb3, 0x1d, 0xd3, 0x4d, 0xad, 0xe2, 0xc5, 0xef,
|
||||
0xfb, 0x9a, 0x35, 0x6f, 0x92, 0x0f, 0x56, 0x60, 0x3c, 0x71, 0xce, 0x7b, 0xde, 0x4f, 0x94, 0xe8,
|
||||
0x55, 0xad, 0xbe, 0x61, 0x2d, 0x06, 0xf1, 0x57, 0x68, 0xdd, 0xf6, 0x26, 0x94, 0x45, 0x02, 0x60,
|
||||
0x7a, 0xc7, 0x5b, 0x92, 0x1e, 0x3c, 0x46, 0x46, 0x9b, 0x72, 0x3a, 0xf4, 0x42, 0x41, 0x79, 0x8b,
|
||||
0x7b, 0xc2, 0x73, 0x1d, 0x3f, 0x86, 0xe9, 0xd1, 0x40, 0x50, 0x0e, 0xe0, 0xbe, 0xe3, 0xa9, 0x2b,
|
||||
0x8e, 0xc2, 0x06, 0x42, 0x3d, 0x97, 0x7b, 0x53, 0x71, 0xc4, 0x87, 0x21, 0x41, 0x80, 0x85, 0x54,
|
||||
0x04, 0x1f, 0xa0, 0xed, 0x36, 0x73, 0xc7, 0x94, 0xb7, 0x58, 0x20, 0x1c, 0x2f, 0xa0, 0xbc, 0xd3,
|
||||
0x06, 0xf8, 0xea, 0xd6, 0x72, 0x42, 0x82, 0xaa, 0x37, 0xa2, 0xbe, 0x1f, 0x33, 0x48, 0x39, 0x72,
|
||||
0x39, 0x4f, 0xac, 0x6e, 0x0b, 0x50, 0xab, 0x5b, 0x60, 0xcb, 0x7b, 0xe5, 0xef, 0x0f, 0x21, 0xb5,
|
||||
0x8f, 0x7b, 0x64, 0x13, 0x70, 0x93, 0x8a, 0x48, 0xb2, 0x1f, 0xf9, 0x9e, 0x13, 0x82, 0x50, 0xdd,
|
||||
0x57, 0x64, 0x9f, 0x07, 0x70, 0x0d, 0xdd, 0x03, 0x27, 0x7e, 0x0a, 0xd9, 0x82, 0x82, 0x85, 0x18,
|
||||
0xfe, 0x14, 0xe5, 0x6d, 0xfb, 0x98, 0x6c, 0xdf, 0x7d, 0x56, 0xb2, 0x7e, 0xef, 0xfb, 0x84, 0x26,
|
||||
0x00, 0x3f, 0x09, 0xa2, 0x31, 0x9d, 0xc5, 0xa8, 0x97, 0x26, 0x3e, 0x40, 0xc5, 0x33, 0x20, 0xce,
|
||||
0x5a, 0x4c, 0xc2, 0x05, 0x34, 0x27, 0xfc, 0xb2, 0x54, 0xd1, 0x97, 0x6b, 0x9f, 0x6b, 0xb5, 0xbf,
|
||||
0xca, 0x48, 0x07, 0x88, 0x83, 0xa0, 0xa4, 0x94, 0x56, 0x7b, 0x23, 0x4a, 0xbb, 0x96, 0xa9, 0xb4,
|
||||
0xf9, 0x6c, 0xa5, 0x2d, 0xa4, 0x95, 0x76, 0x71, 0xf9, 0xc5, 0xa5, 0xe5, 0x27, 0x9c, 0x2f, 0xa5,
|
||||
0x38, 0xff, 0xf5, 0x9c, 0xcd, 0x3b, 0xc0, 0xe6, 0xb4, 0x16, 0xce, 0x1f, 0x79, 0x27, 0x06, 0xaf,
|
||||
0x67, 0x32, 0x78, 0x6f, 0x99, 0xc1, 0xe5, 0x6c, 0x06, 0xeb, 0xaf, 0xc3, 0xe0, 0x05, 0x5c, 0xa1,
|
||||
0x55, 0xb8, 0xaa, 0x64, 0xe0, 0x2a, 0x93, 0x11, 0xf7, 0x56, 0x32, 0x62, 0x23, 0x8b, 0x11, 0x9b,
|
||||
0xaf, 0x64, 0xc4, 0xfd, 0x25, 0x46, 0x2c, 0x89, 0xed, 0x56, 0x96, 0xd8, 0xa6, 0xb4, 0x67, 0xfb,
|
||||
0x35, 0xb4, 0x27, 0x26, 0x0d, 0xfe, 0x6f, 0xa4, 0xc1, 0x87, 0x68, 0xa7, 0x17, 0xb9, 0x2e, 0x0d,
|
||||
0xc3, 0x26, 0x1d, 0x30, 0x4e, 0xbb, 0x4e, 0x18, 0x7a, 0xc1, 0x90, 0x3c, 0xa8, 0x6a, 0xf5, 0xa2,
|
||||
0x95, 0x99, 0xc3, 0x9f, 0xa1, 0xdd, 0xc7, 0x8e, 0xe7, 0x47, 0x9c, 0xc6, 0x89, 0x44, 0x9f, 0xc8,
|
||||
0x2e, 0x74, 0xbd, 0x22, 0x2b, 0x37, 0xd8, 0xe5, 0xec, 0x7c, 0x06, 0xc8, 0x7c, 0x5b, 0x6d, 0x70,
|
||||
0x1e, 0x98, 0x67, 0x61, 0xbc, 0x24, 0x95, 0x85, 0x19, 0xaf, 0x96, 0xd6, 0xb7, 0xde, 0x9c, 0xb4,
|
||||
0x2e, 0xfd, 0xb1, 0x78, 0x08, 0xef, 0x5a, 0x0c, 0xfe, 0x0f, 0x7a, 0xd3, 0x3c, 0xb9, 0xf8, 0xd3,
|
||||
0xc8, 0x5d, 0x5c, 0x1b, 0xda, 0xe5, 0xb5, 0xa1, 0xfd, 0x71, 0x6d, 0x68, 0xbf, 0xdc, 0x18, 0xb9,
|
||||
0x17, 0x37, 0x46, 0xee, 0xf2, 0xc6, 0xc8, 0xfd, 0x76, 0x63, 0xe4, 0x7e, 0xfc, 0xe8, 0xdf, 0xe4,
|
||||
0xe6, 0xa5, 0x7f, 0x57, 0x4f, 0x4b, 0x10, 0xf8, 0xe4, 0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x3e,
|
||||
0x9a, 0xda, 0xd9, 0xc8, 0x0a, 0x00, 0x00,
|
||||
// 1016 bytes of a gzipped FileDescriptorProto
|
||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0xcf, 0x6f, 0xe3, 0x44,
|
||||
0x14, 0x8e, 0x9b, 0x36, 0x8d, 0x27, 0x6d, 0xb7, 0x9d, 0xed, 0x96, 0xd9, 0x2e, 0x72, 0x43, 0xe0,
|
||||
0x10, 0x44, 0x71, 0xa4, 0x22, 0x10, 0x20, 0x01, 0x6a, 0x92, 0xfd, 0x11, 0xd4, 0x2e, 0xc1, 0x31,
|
||||
0x7b, 0xe0, 0xe6, 0x3a, 0x93, 0xc4, 0x8a, 0xe3, 0x89, 0xc6, 0xe3, 0xaa, 0xe1, 0xca, 0x3f, 0x80,
|
||||
0xc4, 0x65, 0xff, 0xa4, 0x1e, 0x7b, 0xe4, 0x54, 0xa0, 0xfd, 0x27, 0x10, 0x27, 0x34, 0x6f, 0xec,
|
||||
0xd4, 0xd9, 0x78, 0x49, 0x58, 0x2d, 0xa7, 0xcc, 0x7c, 0xef, 0xbd, 0x19, 0xcf, 0x7b, 0xdf, 0xf7,
|
||||
0xb5, 0xe8, 0xbd, 0x31, 0x67, 0x82, 0xd5, 0xc6, 0x67, 0x21, 0xe5, 0xe7, 0x9e, 0x4b, 0x6b, 0x03,
|
||||
0xea, 0xf8, 0x62, 0xe0, 0x0e, 0xa8, 0x3b, 0x34, 0x21, 0x86, 0xf5, 0x69, 0x70, 0xdf, 0xe8, 0x33,
|
||||
0xd6, 0xf7, 0x69, 0x0d, 0x02, 0x67, 0x51, 0xaf, 0xd6, 0x8d, 0xb8, 0x23, 0x3c, 0x16, 0xa8, 0xd4,
|
||||
0xfd, 0x47, 0xc9, 0x69, 0x2e, 0x1b, 0x8d, 0x58, 0x50, 0x53, 0x3f, 0x71, 0x70, 0xb7, 0xcf, 0xfa,
|
||||
0x4c, 0x25, 0xc8, 0x95, 0x42, 0x2b, 0x3f, 0xaf, 0xa2, 0xd2, 0x33, 0xb8, 0xb3, 0x21, 0xef, 0xc4,
|
||||
0x18, 0xad, 0x3e, 0x67, 0x5d, 0x4a, 0xb4, 0xb2, 0x56, 0xd5, 0x2d, 0x58, 0xe3, 0xa7, 0x68, 0x1d,
|
||||
0x82, 0xad, 0x26, 0x59, 0x91, 0x70, 0xfd, 0xe3, 0xbf, 0xaf, 0x0f, 0x3e, 0xec, 0x7b, 0x62, 0x10,
|
||||
0x9d, 0x99, 0x2e, 0x1b, 0xd5, 0x06, 0x4e, 0x38, 0xf0, 0x5c, 0xc6, 0xc7, 0x35, 0x97, 0x05, 0x61,
|
||||
0xe4, 0xd7, 0xc4, 0x64, 0x4c, 0x43, 0x33, 0x2e, 0xb2, 0x92, 0x6a, 0x38, 0xdc, 0x19, 0x51, 0x92,
|
||||
0x8f, 0x0f, 0x77, 0x46, 0x14, 0xef, 0xa1, 0x42, 0x47, 0x38, 0x22, 0x0a, 0xc9, 0x2a, 0xa0, 0xf1,
|
||||
0x0e, 0xef, 0xa2, 0xb5, 0xe7, 0x4c, 0xd0, 0x90, 0xac, 0x01, 0xac, 0x36, 0x32, 0xfb, 0xbb, 0x48,
|
||||
0x8c, 0x23, 0x41, 0x0a, 0x2a, 0x5b, 0xed, 0xf0, 0xbb, 0x48, 0xef, 0xa8, 0x26, 0xb5, 0x9a, 0x64,
|
||||
0x1d, 0x42, 0x77, 0x00, 0x2e, 0xa3, 0x52, 0xbc, 0x81, 0xeb, 0x8b, 0x10, 0x4f, 0x43, 0xa9, 0x0c,
|
||||
0xdb, 0xe9, 0x87, 0x44, 0x2f, 0xe7, 0x53, 0x19, 0x12, 0x92, 0xdf, 0x6e, 0x4f, 0xc6, 0x94, 0x6c,
|
||||
0xa8, 0x6f, 0x97, 0x6b, 0xfc, 0x04, 0xa1, 0x26, 0xed, 0x79, 0x81, 0x27, 0x67, 0x40, 0x50, 0x59,
|
||||
0xab, 0x96, 0x8e, 0xca, 0xe6, 0x74, 0x5e, 0x66, 0xaa, 0xb1, 0x77, 0x79, 0xf5, 0xd5, 0xcb, 0xeb,
|
||||
0x83, 0x9c, 0x95, 0xaa, 0xc4, 0x5f, 0x20, 0xdd, 0x72, 0x7a, 0xa2, 0x15, 0x74, 0xe9, 0x05, 0x29,
|
||||
0xc1, 0x31, 0x3b, 0x66, 0x3c, 0xbc, 0x69, 0xa0, 0x5e, 0x94, 0x75, 0x57, 0xd7, 0x07, 0x9a, 0x75,
|
||||
0x97, 0x8d, 0x9b, 0x68, 0xeb, 0x71, 0x20, 0x28, 0x1f, 0x73, 0x2f, 0xa4, 0xa7, 0x54, 0x38, 0x64,
|
||||
0x13, 0xea, 0xf7, 0x92, 0xfa, 0xd9, 0x68, 0x7c, 0xf9, 0x2b, 0x35, 0x95, 0xf7, 0x81, 0x04, 0x5d,
|
||||
0xca, 0x5f, 0x38, 0x7e, 0x44, 0x65, 0xef, 0x61, 0x41, 0x34, 0xe8, 0x83, 0xda, 0x54, 0xfe, 0x2a,
|
||||
0xa0, 0x07, 0x99, 0x2f, 0x92, 0xbd, 0x79, 0x66, 0xdb, 0xed, 0x84, 0x34, 0x72, 0x8d, 0x3f, 0x40,
|
||||
0x9b, 0xf6, 0x49, 0x47, 0x76, 0x90, 0x72, 0xe8, 0xfa, 0x7d, 0x08, 0xce, 0x82, 0x49, 0xd6, 0xd0,
|
||||
0x1b, 0xbf, 0xa0, 0xdc, 0xeb, 0x4d, 0x80, 0x60, 0x45, 0x6b, 0x16, 0xc4, 0xdf, 0xa2, 0x82, 0xfa,
|
||||
0x3c, 0x92, 0x2f, 0xe7, 0xab, 0xa5, 0xa3, 0xc3, 0x45, 0x3d, 0x36, 0x55, 0xfa, 0xe3, 0x40, 0xf0,
|
||||
0x49, 0xfc, 0xe4, 0xf8, 0x04, 0xc9, 0xa0, 0x53, 0x2a, 0x06, 0xac, 0x9b, 0xf0, 0x4d, 0xed, 0xe4,
|
||||
0x1b, 0xea, 0xac, 0x3b, 0x21, 0x58, 0xbd, 0x41, 0xae, 0xf1, 0x36, 0xca, 0xdb, 0x8d, 0x76, 0xcc,
|
||||
0x40, 0xb9, 0xc4, 0xdf, 0xa0, 0x62, 0x4b, 0xb6, 0xee, 0xdc, 0xf1, 0x81, 0x81, 0xa5, 0xa3, 0x87,
|
||||
0xa6, 0x12, 0xa5, 0x99, 0x88, 0xd2, 0x6c, 0xc6, 0xa2, 0x54, 0x03, 0x7b, 0xf9, 0xfb, 0x81, 0x66,
|
||||
0x4d, 0x8b, 0xe4, 0x83, 0x15, 0x65, 0x4f, 0x9d, 0x8b, 0x8e, 0xf7, 0x13, 0x25, 0x7a, 0x59, 0xab,
|
||||
0x6e, 0x5a, 0xb3, 0x20, 0xfe, 0x0a, 0xad, 0xdb, 0xde, 0x88, 0xb2, 0x48, 0x00, 0x99, 0x97, 0xbc,
|
||||
0x25, 0xa9, 0xc1, 0x43, 0x64, 0x34, 0x29, 0xa7, 0x7d, 0x2f, 0x14, 0x94, 0x37, 0xb8, 0x27, 0x3c,
|
||||
0xd7, 0xf1, 0x63, 0x32, 0x1f, 0xf7, 0x04, 0xe5, 0x20, 0x81, 0x25, 0x4f, 0x5d, 0x70, 0x14, 0x36,
|
||||
0x10, 0xea, 0xb8, 0xdc, 0x1b, 0x8b, 0x63, 0xde, 0x0f, 0x09, 0x02, 0xc6, 0xa4, 0x10, 0x7c, 0x88,
|
||||
0x76, 0x9a, 0xcc, 0x1d, 0x52, 0xde, 0x60, 0x81, 0x70, 0xbc, 0x80, 0xf2, 0x56, 0x13, 0x48, 0xae,
|
||||
0x5b, 0xf3, 0x01, 0x49, 0xbd, 0xce, 0x80, 0xfa, 0x7e, 0xac, 0x33, 0xb5, 0x91, 0xc3, 0x79, 0x6a,
|
||||
0xb5, 0x1b, 0xc0, 0x6d, 0xdd, 0x82, 0xb5, 0xbc, 0x57, 0xfe, 0xfe, 0x10, 0x52, 0xfb, 0xa4, 0x43,
|
||||
0xb6, 0x80, 0x37, 0x29, 0x44, 0x5a, 0xc2, 0xb1, 0xef, 0x39, 0x21, 0xd8, 0xd9, 0x3d, 0x65, 0x09,
|
||||
0x53, 0x00, 0x57, 0xd0, 0x06, 0x6c, 0xe2, 0xa7, 0x90, 0x6d, 0x48, 0x98, 0xc1, 0xf0, 0xa7, 0x28,
|
||||
0x6f, 0xdb, 0x27, 0x64, 0x67, 0xf9, 0x5e, 0xc9, 0xfc, 0xfd, 0xef, 0x13, 0x31, 0x01, 0xfd, 0x24,
|
||||
0x89, 0x86, 0x74, 0x12, 0x6b, 0x43, 0x2e, 0xf1, 0x21, 0x5a, 0x3b, 0x07, 0x79, 0xad, 0xc4, 0x52,
|
||||
0x9d, 0x61, 0x73, 0xa2, 0x42, 0x4b, 0x25, 0x7d, 0xb9, 0xf2, 0xb9, 0x56, 0xf9, 0x55, 0x47, 0x3a,
|
||||
0x50, 0x1c, 0x6c, 0x27, 0xe5, 0xc7, 0xda, 0x5b, 0xf1, 0xe3, 0x95, 0x4c, 0x3f, 0xce, 0x67, 0xfb,
|
||||
0xf1, 0x6a, 0xda, 0x8f, 0x67, 0x87, 0xbf, 0x36, 0x37, 0xfc, 0xc4, 0x19, 0x0a, 0x29, 0x67, 0xf8,
|
||||
0x7a, 0xaa, 0xe6, 0x5d, 0x50, 0x73, 0xda, 0x31, 0xa7, 0x8f, 0x5c, 0x4a, 0xc1, 0xeb, 0x99, 0x0a,
|
||||
0xde, 0x9f, 0x57, 0x70, 0x31, 0x5b, 0xc1, 0xfa, 0x9b, 0x28, 0x78, 0x86, 0x57, 0x68, 0x11, 0xaf,
|
||||
0x4a, 0x19, 0xbc, 0xca, 0x54, 0xc4, 0xc6, 0x42, 0x45, 0x6c, 0x66, 0x29, 0x62, 0xeb, 0xb5, 0x8a,
|
||||
0xb8, 0x37, 0xa7, 0x88, 0x39, 0x4b, 0x7e, 0xb4, 0x94, 0x25, 0x6f, 0x67, 0x59, 0x72, 0xca, 0xa1,
|
||||
0x76, 0xde, 0xc0, 0xa1, 0x62, 0x69, 0xe1, 0xff, 0x26, 0x2d, 0x7c, 0x84, 0x76, 0x3b, 0x91, 0xeb,
|
||||
0xd2, 0x30, 0xac, 0xd3, 0x1e, 0xe3, 0xb4, 0xed, 0x84, 0xa1, 0x17, 0xf4, 0xc9, 0x83, 0xb2, 0x56,
|
||||
0x5d, 0xb3, 0x32, 0x63, 0xf8, 0x33, 0xb4, 0xf7, 0xc4, 0xf1, 0xfc, 0x88, 0xd3, 0x38, 0x90, 0xb8,
|
||||
0x18, 0xd9, 0x83, 0xaa, 0xd7, 0x44, 0xe5, 0x9c, 0xdb, 0x9c, 0x5d, 0x4c, 0x80, 0xbf, 0xef, 0xa8,
|
||||
0x39, 0x4f, 0x81, 0x69, 0x14, 0x86, 0x40, 0x52, 0x51, 0x98, 0xc4, 0x62, 0x03, 0xbe, 0xff, 0xf6,
|
||||
0x0c, 0x78, 0xee, 0x4f, 0xca, 0x43, 0x78, 0xd7, 0x2c, 0xf8, 0x3f, 0xb8, 0x52, 0xfd, 0xf4, 0xf2,
|
||||
0x4f, 0x23, 0x77, 0x79, 0x63, 0x68, 0x57, 0x37, 0x86, 0xf6, 0xc7, 0x8d, 0xa1, 0xfd, 0x72, 0x6b,
|
||||
0xe4, 0x5e, 0xde, 0x1a, 0xb9, 0xab, 0x5b, 0x23, 0xf7, 0xdb, 0xad, 0x91, 0xfb, 0xf1, 0xa3, 0x7f,
|
||||
0x33, 0xa5, 0x57, 0xfe, 0xf5, 0x3d, 0x2b, 0x00, 0xf0, 0xc9, 0x3f, 0x01, 0x00, 0x00, 0xff, 0xff,
|
||||
0xf4, 0xca, 0x84, 0xe7, 0x14, 0x0b, 0x00, 0x00,
|
||||
}
|
||||
|
||||
func (m *HealthCheck) Marshal() (dAtA []byte, err error) {
|
||||
@ -524,6 +527,15 @@ func (m *HealthCheckDefinition) MarshalToSizedBuffer(dAtA []byte) (int, error) {
|
||||
_ = i
|
||||
var l int
|
||||
_ = l
|
||||
if len(m.TLSServerName) > 0 {
|
||||
i -= len(m.TLSServerName)
|
||||
copy(dAtA[i:], m.TLSServerName)
|
||||
i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.TLSServerName)))
|
||||
i--
|
||||
dAtA[i] = 0x1
|
||||
i--
|
||||
dAtA[i] = 0x9a
|
||||
}
|
||||
if len(m.Body) > 0 {
|
||||
i -= len(m.Body)
|
||||
copy(dAtA[i:], m.Body)
|
||||
@ -706,6 +718,15 @@ func (m *CheckType) MarshalToSizedBuffer(dAtA []byte) (int, error) {
|
||||
_ = i
|
||||
var l int
|
||||
_ = l
|
||||
if len(m.TLSServerName) > 0 {
|
||||
i -= len(m.TLSServerName)
|
||||
copy(dAtA[i:], m.TLSServerName)
|
||||
i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.TLSServerName)))
|
||||
i--
|
||||
dAtA[i] = 0x1
|
||||
i--
|
||||
dAtA[i] = 0xda
|
||||
}
|
||||
if len(m.Body) > 0 {
|
||||
i -= len(m.Body)
|
||||
copy(dAtA[i:], m.Body)
|
||||
@ -1093,6 +1114,10 @@ func (m *HealthCheckDefinition) Size() (n int) {
|
||||
if l > 0 {
|
||||
n += 2 + l + sovHealthcheck(uint64(l))
|
||||
}
|
||||
l = len(m.TLSServerName)
|
||||
if l > 0 {
|
||||
n += 2 + l + sovHealthcheck(uint64(l))
|
||||
}
|
||||
return n
|
||||
}
|
||||
|
||||
@ -1200,6 +1225,10 @@ func (m *CheckType) Size() (n int) {
|
||||
if l > 0 {
|
||||
n += 2 + l + sovHealthcheck(uint64(l))
|
||||
}
|
||||
l = len(m.TLSServerName)
|
||||
if l > 0 {
|
||||
n += 2 + l + sovHealthcheck(uint64(l))
|
||||
}
|
||||
return n
|
||||
}
|
||||
|
||||
@ -2435,6 +2464,38 @@ func (m *HealthCheckDefinition) Unmarshal(dAtA []byte) error {
|
||||
}
|
||||
m.Body = string(dAtA[iNdEx:postIndex])
|
||||
iNdEx = postIndex
|
||||
case 19:
|
||||
if wireType != 2 {
|
||||
return fmt.Errorf("proto: wrong wireType = %d for field TLSServerName", wireType)
|
||||
}
|
||||
var stringLen uint64
|
||||
for shift := uint(0); ; shift += 7 {
|
||||
if shift >= 64 {
|
||||
return ErrIntOverflowHealthcheck
|
||||
}
|
||||
if iNdEx >= l {
|
||||
return io.ErrUnexpectedEOF
|
||||
}
|
||||
b := dAtA[iNdEx]
|
||||
iNdEx++
|
||||
stringLen |= uint64(b&0x7F) << shift
|
||||
if b < 0x80 {
|
||||
break
|
||||
}
|
||||
}
|
||||
intStringLen := int(stringLen)
|
||||
if intStringLen < 0 {
|
||||
return ErrInvalidLengthHealthcheck
|
||||
}
|
||||
postIndex := iNdEx + intStringLen
|
||||
if postIndex < 0 {
|
||||
return ErrInvalidLengthHealthcheck
|
||||
}
|
||||
if postIndex > l {
|
||||
return io.ErrUnexpectedEOF
|
||||
}
|
||||
m.TLSServerName = string(dAtA[iNdEx:postIndex])
|
||||
iNdEx = postIndex
|
||||
default:
|
||||
iNdEx = preIndex
|
||||
skippy, err := skipHealthcheck(dAtA[iNdEx:])
|
||||
@ -3358,6 +3419,38 @@ func (m *CheckType) Unmarshal(dAtA []byte) error {
|
||||
}
|
||||
m.Body = string(dAtA[iNdEx:postIndex])
|
||||
iNdEx = postIndex
|
||||
case 27:
|
||||
if wireType != 2 {
|
||||
return fmt.Errorf("proto: wrong wireType = %d for field TLSServerName", wireType)
|
||||
}
|
||||
var stringLen uint64
|
||||
for shift := uint(0); ; shift += 7 {
|
||||
if shift >= 64 {
|
||||
return ErrIntOverflowHealthcheck
|
||||
}
|
||||
if iNdEx >= l {
|
||||
return io.ErrUnexpectedEOF
|
||||
}
|
||||
b := dAtA[iNdEx]
|
||||
iNdEx++
|
||||
stringLen |= uint64(b&0x7F) << shift
|
||||
if b < 0x80 {
|
||||
break
|
||||
}
|
||||
}
|
||||
intStringLen := int(stringLen)
|
||||
if intStringLen < 0 {
|
||||
return ErrInvalidLengthHealthcheck
|
||||
}
|
||||
postIndex := iNdEx + intStringLen
|
||||
if postIndex < 0 {
|
||||
return ErrInvalidLengthHealthcheck
|
||||
}
|
||||
if postIndex > l {
|
||||
return io.ErrUnexpectedEOF
|
||||
}
|
||||
m.TLSServerName = string(dAtA[iNdEx:postIndex])
|
||||
iNdEx = postIndex
|
||||
default:
|
||||
iNdEx = preIndex
|
||||
skippy, err := skipHealthcheck(dAtA[iNdEx:])
|
||||
|
@ -56,6 +56,7 @@ message HeaderValue {
|
||||
// name=Structs
|
||||
message HealthCheckDefinition {
|
||||
string HTTP = 1;
|
||||
string TLSServerName = 19;
|
||||
bool TLSSkipVerify = 2;
|
||||
|
||||
// mog: func-to=MapHeadersToStructs func-from=NewMapHeadersFromStructs
|
||||
@ -117,6 +118,7 @@ message CheckType {
|
||||
string Shell = 13;
|
||||
string GRPC = 14;
|
||||
bool GRPCUseTLS = 15;
|
||||
string TLSServerName = 27;
|
||||
bool TLSSkipVerify = 16;
|
||||
google.protobuf.Duration Timeout = 17
|
||||
[(gogoproto.stdduration) = true, (gogoproto.nullable) = false];
|
||||
|
@ -711,21 +711,27 @@ func (c *Configurator) IncomingHTTPSConfig() *tls.Config {
|
||||
return config
|
||||
}
|
||||
|
||||
// IncomingTLSConfig generates a *tls.Config for outgoing TLS connections for
|
||||
// checks. This function is separated because there is an extra flag to
|
||||
// OutgoingTLSConfigForCheck generates a *tls.Config for outgoing TLS connections
|
||||
// for checks. This function is separated because there is an extra flag to
|
||||
// consider for checks. EnableAgentTLSForChecks and InsecureSkipVerify has to
|
||||
// be checked for checks.
|
||||
func (c *Configurator) OutgoingTLSConfigForCheck(skipVerify bool) *tls.Config {
|
||||
func (c *Configurator) OutgoingTLSConfigForCheck(skipVerify bool, serverName string) *tls.Config {
|
||||
c.log("OutgoingTLSConfigForCheck")
|
||||
|
||||
if serverName == "" {
|
||||
serverName = c.serverNameOrNodeName()
|
||||
}
|
||||
|
||||
if !c.enableAgentTLSForChecks() {
|
||||
return &tls.Config{
|
||||
InsecureSkipVerify: skipVerify,
|
||||
ServerName: serverName,
|
||||
}
|
||||
}
|
||||
|
||||
config := c.commonTLSConfig(false)
|
||||
config.InsecureSkipVerify = skipVerify
|
||||
config.ServerName = c.serverNameOrNodeName()
|
||||
config.ServerName = serverName
|
||||
|
||||
return config
|
||||
}
|
||||
|
@ -909,16 +909,21 @@ func TestConfigurator_OutgoingTLSConfigForChecks(t *testing.T) {
|
||||
TLSMinVersion: "tls12",
|
||||
EnableAgentTLSForChecks: false,
|
||||
}, autoTLS: &autoTLS{}}
|
||||
tlsConf := c.OutgoingTLSConfigForCheck(true)
|
||||
tlsConf := c.OutgoingTLSConfigForCheck(true, "")
|
||||
require.Equal(t, true, tlsConf.InsecureSkipVerify)
|
||||
require.Equal(t, uint16(0), tlsConf.MinVersion)
|
||||
|
||||
c.base.EnableAgentTLSForChecks = true
|
||||
c.base.ServerName = "servername"
|
||||
tlsConf = c.OutgoingTLSConfigForCheck(true)
|
||||
tlsConf = c.OutgoingTLSConfigForCheck(true, "")
|
||||
require.Equal(t, true, tlsConf.InsecureSkipVerify)
|
||||
require.Equal(t, TLSLookup[c.base.TLSMinVersion], tlsConf.MinVersion)
|
||||
require.Equal(t, c.base.ServerName, tlsConf.ServerName)
|
||||
|
||||
tlsConf = c.OutgoingTLSConfigForCheck(true, "servername2")
|
||||
require.Equal(t, true, tlsConf.InsecureSkipVerify)
|
||||
require.Equal(t, TLSLookup[c.base.TLSMinVersion], tlsConf.MinVersion)
|
||||
require.Equal(t, "servername2", tlsConf.ServerName)
|
||||
}
|
||||
|
||||
func TestConfigurator_OutgoingRPCConfig(t *testing.T) {
|
||||
|
@ -188,6 +188,11 @@ The table below shows this endpoint's support for
|
||||
The value can be further limited for all checks of a given agent using the
|
||||
`check_output_max_size` flag in the agent.
|
||||
|
||||
- `TLSServerName` `(string: "")` - Specifies an optional string used to set the
|
||||
SNI host when connecting via TLS.
|
||||
For an `HTTP` check, this value is set automatically if the URL uses a hostname
|
||||
(not an IP address).
|
||||
|
||||
- `TLSSkipVerify` `(bool: false)` - Specifies if the certificate for an HTTPS
|
||||
check should not be verified.
|
||||
|
||||
|
@ -63,7 +63,9 @@ There are several different kinds of checks:
|
||||
check is limited to roughly 4KB. Responses larger than this will be truncated.
|
||||
HTTP checks also support TLS. By default, a valid TLS certificate is expected.
|
||||
Certificate verification can be turned off by setting the `tls_skip_verify`
|
||||
field to `true` in the check definition.
|
||||
field to `true` in the check definition. When using TLS, the SNI will be set
|
||||
automatically from the URL if it uses a hostname (as opposed to an IP address);
|
||||
the value can be overriden by setting `tls_server_name`.
|
||||
|
||||
- `TCP + Interval` - These checks make a TCP connection attempt to the specified
|
||||
IP/hostname and port, waiting `interval` amount of time between attempts
|
||||
@ -153,6 +155,7 @@ A HTTP check:
|
||||
"id": "api",
|
||||
"name": "HTTP API on port 5000",
|
||||
"http": "https://localhost:5000/health",
|
||||
"tls_server_name": "",
|
||||
"tls_skip_verify": false,
|
||||
"method": "POST",
|
||||
"header": {"Content-Type": ["application/json"]},
|
||||
|
Loading…
x
Reference in New Issue
Block a user