mirror of https://github.com/status-im/consul.git
Log a warning when a terminating gateway service has TLS but not SNI configured
This commit is contained in:
parent
706c844423
commit
f8efe9a208
|
@ -89,6 +89,14 @@ func (c *ConfigEntry) Apply(args *structs.ConfigEntryRequest, reply *bool) error
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Log any applicable warnings about the contents of the config entry.
|
||||||
|
if warnEntry, ok := args.Entry.(structs.WarningConfigEntry); ok {
|
||||||
|
warnings := warnEntry.Warnings()
|
||||||
|
for _, warning := range warnings {
|
||||||
|
c.logger.Warn(warning)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if err := args.Entry.CanWrite(authz); err != nil {
|
if err := args.Entry.CanWrite(authz); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
|
@ -82,6 +82,14 @@ type UpdatableConfigEntry interface {
|
||||||
ConfigEntry
|
ConfigEntry
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// WarningConfigEntry is an optional interface implemented by a ConfigEntry
|
||||||
|
// if it wants to be able to emit warnings when it is being upserted.
|
||||||
|
type WarningConfigEntry interface {
|
||||||
|
Warnings() []string
|
||||||
|
|
||||||
|
ConfigEntry
|
||||||
|
}
|
||||||
|
|
||||||
// ServiceConfiguration is the top-level struct for the configuration of a service
|
// ServiceConfiguration is the top-level struct for the configuration of a service
|
||||||
// across the entire cluster.
|
// across the entire cluster.
|
||||||
type ServiceConfigEntry struct {
|
type ServiceConfigEntry struct {
|
||||||
|
|
|
@ -570,6 +570,22 @@ func (e *TerminatingGatewayConfigEntry) GetEnterpriseMeta() *EnterpriseMeta {
|
||||||
return &e.EnterpriseMeta
|
return &e.EnterpriseMeta
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (e *TerminatingGatewayConfigEntry) Warnings() []string {
|
||||||
|
if e == nil {
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
|
warnings := make([]string, 0)
|
||||||
|
for _, svc := range e.Services {
|
||||||
|
if (svc.CAFile != "" || svc.CertFile != "" || svc.KeyFile != "") && svc.SNI == "" {
|
||||||
|
warning := fmt.Sprintf("TLS is configured but SNI is not set for service %q. Enabling SNI is strongly recommended when using TLS.", svc.Name)
|
||||||
|
warnings = append(warnings, warning)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return warnings
|
||||||
|
}
|
||||||
|
|
||||||
// GatewayService is used to associate gateways with their linked services.
|
// GatewayService is used to associate gateways with their linked services.
|
||||||
type GatewayService struct {
|
type GatewayService struct {
|
||||||
Gateway ServiceName
|
Gateway ServiceName
|
||||||
|
|
Loading…
Reference in New Issue