// Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: BUSL-1.1 package autoconf import ( "context" "crypto/x509" "net" "time" "github.com/hashicorp/go-hclog" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/config" "github.com/hashicorp/consul/agent/leafcert" "github.com/hashicorp/consul/agent/metadata" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/token" "github.com/hashicorp/consul/lib/retry" ) // DirectRPC is the interface that needs to be satisifed for AutoConfig to be able to perform // direct RPCs against individual servers. This will not be used for any ongoing RPCs as once // the agent gets configured, it can go through the normal RPC means of selecting a available // server automatically. type DirectRPC interface { RPC(dc string, node string, addr net.Addr, method string, args interface{}, reply interface{}) error } // Cache is an interface to represent the methods of the // agent/cache.Cache struct that we care about type Cache interface { Notify(ctx context.Context, t string, r cache.Request, correlationID string, ch chan<- cache.UpdateEvent) error Prepopulate(t string, result cache.FetchResult, dc string, peerName string, token string, key string) error } // LeafCertManager is an interface to represent the methods of the // agent/leafcert.Manager struct that we care about type LeafCertManager interface { Prepopulate( ctx context.Context, key string, index uint64, value *structs.IssuedCert, authorityKeyID string, ) error Notify(ctx context.Context, req *leafcert.ConnectCALeafRequest, correlationID string, ch chan<- cache.UpdateEvent) error } // ServerProvider is an interface that can be used to find one server in the local DC known to // the agent via Gossip type ServerProvider interface { FindLANServer() *metadata.Server } // TLSConfigurator is an interface of the methods on the tlsutil.Configurator that we will require at // runtime. type TLSConfigurator interface { UpdateAutoTLS(manualCAPEMs, connectCAPEMs []string, pub, priv string, verifyServerHostname bool) error UpdateAutoTLSCA([]string) error UpdateAutoTLSCert(pub, priv string) error AutoEncryptCert() *x509.Certificate } // TokenStore is an interface of the methods we will need to use from the token.Store. type TokenStore interface { AgentToken() string UpdateAgentToken(secret string, source token.TokenSource) bool Notify(kind token.TokenKind) token.Notifier StopNotify(notifier token.Notifier) } // Config contains all the tunables for AutoConfig type Config struct { // Logger is any logger that should be utilized. If not provided, // then no logs will be emitted. Logger hclog.Logger // DirectRPC is the interface to be used by AutoConfig to make the // AutoConfig.InitialConfiguration RPCs for generating the bootstrap // configuration. Setting this field is required. DirectRPC DirectRPC // ServerProvider is the interfaced to be used by AutoConfig to find any // known servers during fallback operations. ServerProvider ServerProvider // Waiter is used during retrieval of the initial configuration. // When around of requests fails we will // wait and eventually make another round of requests (1 round // is trying the RPC once against each configured server addr). The // waiting implements some backoff to prevent from retrying these RPCs // too often. This field is not required and if left unset a waiter will // be used that has a max wait duration of 10 minutes and a randomized // jitter of 25% of the wait time. Setting this is mainly useful for // testing purposes to allow testing out the retrying functionality without // having the test take minutes/hours to complete. Waiter *retry.Waiter // Loader merges source with the existing FileSources and returns the complete // RuntimeConfig. Loader func(source config.Source) (config.LoadResult, error) // TLSConfigurator is the shared TLS Configurator. AutoConfig will update the // auto encrypt/auto config certs as they are renewed. TLSConfigurator TLSConfigurator // Cache is an object implementing our Cache interface. The Cache // used at runtime must be able to handle Roots watches Cache Cache // LeafCertManager is an object implementing our LeafCertManager interface. LeafCertManager LeafCertManager // FallbackLeeway is the amount of time after certificate expiration before // invoking the fallback routine. If not set this will default to 10s. FallbackLeeway time.Duration // FallbackRetry is the duration between Fallback invocations when the configured // fallback routine returns an error. If not set this will default to 1m. FallbackRetry time.Duration // Tokens is the shared token store. It is used to retrieve the current // agent token as well as getting notifications when that token is updated. // This field is required. Tokens TokenStore // EnterpriseConfig is the embedded specific enterprise configurations EnterpriseConfig }