mirror of
https://github.com/status-im/consul.git
synced 2025-01-09 13:26:07 +00:00
5e9f02d4be
* Define file-system-certificate config entry * Collect file-system-certificate(s) referenced by api-gateway onto snapshot * Add file-system-certificate to config entry kind allow lists * Remove inapplicable validation This validation makes sense for inline certificates since Consul server is holding the certificate; however, for file system certificates, Consul server never actually sees the certificate. * Support file-system-certificate as source for listener TLS certificate * Add more required mappings for the new config entry type * Construct proper TLS context based on certificate kind * Add support or SDS in xdscommon * Remove unused param * Adds back verification of certs for inline-certificates * Undo tangential changes to TLS config consumption * Remove stray curly braces * Undo some more tangential changes * Improve function name for generating API gateway secrets * Add changelog entry * Update .changelog/20873.txt Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Add some nil-checking, remove outdated TODO * Update test assertions to include file-system-certificate * Add documentation for file-system-certificate config entry Add new doc to nav * Fix grammar mistake * Rename watchmaps, remove outdated TODO --------- Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
45 lines
1.8 KiB
Go
45 lines
1.8 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package api
|
|
|
|
type FileSystemCertificateConfigEntry struct {
|
|
// Kind of the config entry. This should be set to api.FileSystemCertificate.
|
|
Kind string
|
|
|
|
Name string
|
|
|
|
// Certificate is the path to a client certificate to use for TLS connections.
|
|
Certificate string `json:",omitempty" alias:"certificate"`
|
|
|
|
// PrivateKey is the path to a private key to use for TLS connections.
|
|
PrivateKey string `json:",omitempty" alias:"private_key"`
|
|
|
|
Meta map[string]string `json:",omitempty"`
|
|
|
|
// CreateIndex is the Raft index this entry was created at. This is a
|
|
// read-only field.
|
|
CreateIndex uint64
|
|
|
|
// ModifyIndex is used for the Check-And-Set operations and can also be fed
|
|
// back into the WaitIndex of the QueryOptions in order to perform blocking
|
|
// queries.
|
|
ModifyIndex uint64
|
|
|
|
// Partition is the partition the config entry is associated with.
|
|
// Partitioning is a Consul Enterprise feature.
|
|
Partition string `json:",omitempty"`
|
|
|
|
// Namespace is the namespace the config entry is associated with.
|
|
// Namespacing is a Consul Enterprise feature.
|
|
Namespace string `json:",omitempty"`
|
|
}
|
|
|
|
func (a *FileSystemCertificateConfigEntry) GetKind() string { return FileSystemCertificate }
|
|
func (a *FileSystemCertificateConfigEntry) GetName() string { return a.Name }
|
|
func (a *FileSystemCertificateConfigEntry) GetPartition() string { return a.Partition }
|
|
func (a *FileSystemCertificateConfigEntry) GetNamespace() string { return a.Namespace }
|
|
func (a *FileSystemCertificateConfigEntry) GetMeta() map[string]string { return a.Meta }
|
|
func (a *FileSystemCertificateConfigEntry) GetCreateIndex() uint64 { return a.CreateIndex }
|
|
func (a *FileSystemCertificateConfigEntry) GetModifyIndex() uint64 { return a.ModifyIndex }
|