mirror of
https://github.com/status-im/consul.git
synced 2025-01-09 21:35:52 +00:00
77ecff3209
This implements permissive mTLS , which allows toggling services into "permissive" mTLS mode. Permissive mTLS mode allows incoming "non Consul-mTLS" traffic to be forward unmodified to the application. * Update service-defaults and proxy-defaults config entries with a MutualTLSMode field * Update the mesh config entry with an AllowEnablingPermissiveMutualTLS field and implement the necessary validation. AllowEnablingPermissiveMutualTLS must be true to allow changing to MutualTLSMode=permissive, but this does not require that all proxy-defaults and service-defaults are currently in strict mode. * Update xDS listener config to add a "permissive filter chain" when MutualTLSMode=permissive for a particular service. The permissive filter chain matches incoming traffic by the destination port. If the destination port matches the service port from the catalog, then no mTLS is required and the traffic sent is forwarded unmodified to the application.
Consul API Client
This package provides the api package which provides programmatic access to the full Consul API.
The full documentation is available on Godoc.
Usage
Below is an example of using the Consul client. To run the example, you must first install Consul and Go.
To run the client API, create a new Go module.
go mod init consul-demo
Copy the example code into a file called main.go in the directory where the module is defined.
As seen in the example, the Consul API is often imported with the alias capi.
package main
import (
"fmt"
capi "github.com/hashicorp/consul/api"
)
func main() {
// Get a new client
client, err := capi.NewClient(capi.DefaultConfig())
if err != nil {
panic(err)
}
// Get a handle to the KV API
kv := client.KV()
// PUT a new KV pair
p := &capi.KVPair{Key: "REDIS_MAXCLIENTS", Value: []byte("1000")}
_, err = kv.Put(p, nil)
if err != nil {
panic(err)
}
// Lookup the pair
pair, _, err := kv.Get("REDIS_MAXCLIENTS", nil)
if err != nil {
panic(err)
}
fmt.Printf("KV: %v %s\n", pair.Key, pair.Value)
}
Install the Consul API dependency with go mod tidy.
In a separate terminal window, start a local Consul server.
consul agent -dev -node machine
Run the example.
go run .
You should get the following result printed to the terminal.
KV: REDIS_MAXCLIENTS 1000
After running the code, you can also view the values in the Consul UI on your local machine at http://localhost:8500/ui/dc1/kv