mirror of
https://github.com/status-im/consul.git
synced 2025-01-10 13:55:55 +00:00
5fb9df1640
* Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
107 lines
2.7 KiB
Go
107 lines
2.7 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package leafcert
|
|
|
|
import (
|
|
"fmt"
|
|
"net"
|
|
"time"
|
|
|
|
"github.com/mitchellh/hashstructure"
|
|
|
|
"github.com/hashicorp/consul/acl"
|
|
"github.com/hashicorp/consul/agent/cache"
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
)
|
|
|
|
// ConnectCALeafRequest is the cache.Request implementation for the
|
|
// ConnectCALeaf cache type. This is implemented here and not in structs
|
|
// since this is only used for cache-related requests and not forwarded
|
|
// directly to any Consul servers.
|
|
type ConnectCALeafRequest struct {
|
|
Token string
|
|
Datacenter string
|
|
DNSSAN []string
|
|
IPSAN []net.IP
|
|
MinQueryIndex uint64
|
|
MaxQueryTime time.Duration
|
|
acl.EnterpriseMeta
|
|
MustRevalidate bool
|
|
|
|
// The following flags indicate the entity we are requesting a cert for.
|
|
// Only one of these must be specified.
|
|
Service string // Given a Service name, not ID, the request is for a SpiffeIDService.
|
|
Agent string // Given an Agent name, not ID, the request is for a SpiffeIDAgent.
|
|
Kind structs.ServiceKind // Given "mesh-gateway", the request is for a SpiffeIDMeshGateway. No other kinds supported.
|
|
Server bool // If true, the request is for a SpiffeIDServer.
|
|
}
|
|
|
|
func (r *ConnectCALeafRequest) Key() string {
|
|
r.EnterpriseMeta.Normalize()
|
|
|
|
switch {
|
|
case r.Agent != "":
|
|
v, err := hashstructure.Hash([]any{
|
|
r.Agent,
|
|
r.PartitionOrDefault(),
|
|
}, nil)
|
|
if err == nil {
|
|
return fmt.Sprintf("agent:%d", v)
|
|
}
|
|
case r.Kind == structs.ServiceKindMeshGateway:
|
|
v, err := hashstructure.Hash([]any{
|
|
r.PartitionOrDefault(),
|
|
r.DNSSAN,
|
|
r.IPSAN,
|
|
}, nil)
|
|
if err == nil {
|
|
return fmt.Sprintf("kind:%d", v)
|
|
}
|
|
case r.Kind != "":
|
|
// this is not valid
|
|
case r.Server:
|
|
v, err := hashstructure.Hash([]any{
|
|
"server",
|
|
r.Datacenter,
|
|
}, nil)
|
|
if err == nil {
|
|
return fmt.Sprintf("server:%d", v)
|
|
}
|
|
default:
|
|
v, err := hashstructure.Hash([]any{
|
|
r.Service,
|
|
r.EnterpriseMeta,
|
|
r.DNSSAN,
|
|
r.IPSAN,
|
|
}, nil)
|
|
if err == nil {
|
|
return fmt.Sprintf("service:%d", v)
|
|
}
|
|
}
|
|
|
|
// If there is an error, we don't set the key. A blank key forces
|
|
// no cache for this request so the request is forwarded directly
|
|
// to the server.
|
|
return ""
|
|
}
|
|
|
|
func (req *ConnectCALeafRequest) TargetNamespace() string {
|
|
return req.NamespaceOrDefault()
|
|
}
|
|
|
|
func (req *ConnectCALeafRequest) TargetPartition() string {
|
|
return req.PartitionOrDefault()
|
|
}
|
|
|
|
func (r *ConnectCALeafRequest) CacheInfo() cache.RequestInfo {
|
|
return cache.RequestInfo{
|
|
Token: r.Token,
|
|
Key: r.Key(),
|
|
Datacenter: r.Datacenter,
|
|
MinIndex: r.MinQueryIndex,
|
|
Timeout: r.MaxQueryTime,
|
|
MustRevalidate: r.MustRevalidate,
|
|
}
|
|
}
|