consul/proto/private/pbconnect/connect.gen.go
Nitya Dhanushkodi 78b170ad50
xds controller: setup watches for and compute leaf cert references in ProxyStateTemplate, and wire up leaf cert manager dependency (#18756)
* Refactors the leafcert package to not have a dependency on agent/consul and agent/cache to avoid import cycles. This way the xds controller can just import the leafcert package to use the leafcert manager.

The leaf cert logic in the controller:
* Sets up watches for leaf certs that are referenced in the ProxyStateTemplate (which generates the leaf certs too).
* Gets the leaf cert from the leaf cert cache
* Stores the leaf cert in the ProxyState that's pushed to xds
* For the cert watches, this PR also uses a bimapper + a thin wrapper to map leaf cert events to related ProxyStateTemplates

Since bimapper uses a resource.Reference or resource.ID to map between two resource types, I've created an internal type for a leaf certificate to use for the resource.Reference, since it's not a v2 resource.
The wrapper allows mapping events to resources (as opposed to mapping resources to resources)

The controller tests:
Unit: Ensure that we resolve leaf cert references
Lifecycle: Ensure that when the CA is updated, the leaf cert is as well

Also adds a new spiffe id type, and adds workload identity and workload identity URI to leaf certs. This is so certs are generated with the new workload identity based SPIFFE id.

* Pulls out some leaf cert test helpers into a helpers file so it
can be used in the xds controller tests.
* Wires up leaf cert manager dependency
* Support getting token from proxytracker
* Add workload identity spiffe id type to the authorize and sign functions



---------

Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-09-12 12:56:43 -07:00

127 lines
3.5 KiB
Go

// Code generated by mog. DO NOT EDIT.
package pbconnect
import "github.com/hashicorp/consul/agent/structs"
func CARootToStructsCARoot(s *CARoot, t *structs.CARoot) {
if s == nil {
return
}
t.ID = s.ID
t.Name = s.Name
t.SerialNumber = s.SerialNumber
t.SigningKeyID = s.SigningKeyID
t.ExternalTrustDomain = s.ExternalTrustDomain
t.NotBefore = structs.TimeFromProto(s.NotBefore)
t.NotAfter = structs.TimeFromProto(s.NotAfter)
t.RootCert = s.RootCert
t.IntermediateCerts = s.IntermediateCerts
t.SigningCert = s.SigningCert
t.SigningKey = s.SigningKey
t.Active = s.Active
t.RotatedOutAt = structs.TimeFromProto(s.RotatedOutAt)
t.PrivateKeyType = s.PrivateKeyType
t.PrivateKeyBits = int(s.PrivateKeyBits)
t.RaftIndex = RaftIndexTo(s.RaftIndex)
}
func CARootFromStructsCARoot(t *structs.CARoot, s *CARoot) {
if s == nil {
return
}
s.ID = t.ID
s.Name = t.Name
s.SerialNumber = t.SerialNumber
s.SigningKeyID = t.SigningKeyID
s.ExternalTrustDomain = t.ExternalTrustDomain
s.NotBefore = structs.TimeToProto(t.NotBefore)
s.NotAfter = structs.TimeToProto(t.NotAfter)
s.RootCert = t.RootCert
s.IntermediateCerts = t.IntermediateCerts
s.SigningCert = t.SigningCert
s.SigningKey = t.SigningKey
s.Active = t.Active
s.RotatedOutAt = structs.TimeToProto(t.RotatedOutAt)
s.PrivateKeyType = t.PrivateKeyType
s.PrivateKeyBits = int32(t.PrivateKeyBits)
s.RaftIndex = RaftIndexFrom(t.RaftIndex)
}
func CARootsToStructsIndexedCARoots(s *CARoots, t *structs.IndexedCARoots) {
if s == nil {
return
}
t.ActiveRootID = s.ActiveRootID
t.TrustDomain = s.TrustDomain
{
t.Roots = make([]*structs.CARoot, len(s.Roots))
for i := range s.Roots {
if s.Roots[i] != nil {
var x structs.CARoot
CARootToStructsCARoot(s.Roots[i], &x)
t.Roots[i] = &x
}
}
}
t.QueryMeta = QueryMetaTo(s.QueryMeta)
}
func CARootsFromStructsIndexedCARoots(t *structs.IndexedCARoots, s *CARoots) {
if s == nil {
return
}
s.ActiveRootID = t.ActiveRootID
s.TrustDomain = t.TrustDomain
{
s.Roots = make([]*CARoot, len(t.Roots))
for i := range t.Roots {
if t.Roots[i] != nil {
var x CARoot
CARootFromStructsCARoot(t.Roots[i], &x)
s.Roots[i] = &x
}
}
}
s.QueryMeta = QueryMetaFrom(t.QueryMeta)
}
func IssuedCertToStructsIssuedCert(s *IssuedCert, t *structs.IssuedCert) {
if s == nil {
return
}
t.SerialNumber = s.SerialNumber
t.CertPEM = s.CertPEM
t.PrivateKeyPEM = s.PrivateKeyPEM
t.WorkloadIdentity = s.WorkloadIdentity
t.WorkloadIdentityURI = s.WorkloadIdentityURI
t.Service = s.Service
t.ServiceURI = s.ServiceURI
t.Agent = s.Agent
t.AgentURI = s.AgentURI
t.ServerURI = s.ServerURI
t.Kind = structs.ServiceKind(s.Kind)
t.KindURI = s.KindURI
t.ValidAfter = structs.TimeFromProto(s.ValidAfter)
t.ValidBefore = structs.TimeFromProto(s.ValidBefore)
t.EnterpriseMeta = EnterpriseMetaTo(s.EnterpriseMeta)
t.RaftIndex = RaftIndexTo(s.RaftIndex)
}
func IssuedCertFromStructsIssuedCert(t *structs.IssuedCert, s *IssuedCert) {
if s == nil {
return
}
s.SerialNumber = t.SerialNumber
s.CertPEM = t.CertPEM
s.PrivateKeyPEM = t.PrivateKeyPEM
s.WorkloadIdentity = t.WorkloadIdentity
s.WorkloadIdentityURI = t.WorkloadIdentityURI
s.Service = t.Service
s.ServiceURI = t.ServiceURI
s.Agent = t.Agent
s.AgentURI = t.AgentURI
s.ServerURI = t.ServerURI
s.Kind = string(t.Kind)
s.KindURI = t.KindURI
s.ValidAfter = structs.TimeToProto(t.ValidAfter)
s.ValidBefore = structs.TimeToProto(t.ValidBefore)
s.EnterpriseMeta = EnterpriseMetaFrom(t.EnterpriseMeta)
s.RaftIndex = RaftIndexFrom(t.RaftIndex)
}