mirror of
https://github.com/status-im/consul.git
synced 2025-01-09 21:35:52 +00:00
5fb9df1640
* Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
132 lines
4.9 KiB
Go
132 lines
4.9 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package autoconf
|
|
|
|
import (
|
|
"context"
|
|
"crypto/x509"
|
|
"net"
|
|
"time"
|
|
|
|
"github.com/hashicorp/go-hclog"
|
|
|
|
"github.com/hashicorp/consul/agent/cache"
|
|
"github.com/hashicorp/consul/agent/config"
|
|
"github.com/hashicorp/consul/agent/leafcert"
|
|
"github.com/hashicorp/consul/agent/metadata"
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
"github.com/hashicorp/consul/agent/token"
|
|
"github.com/hashicorp/consul/lib/retry"
|
|
)
|
|
|
|
// DirectRPC is the interface that needs to be satisifed for AutoConfig to be able to perform
|
|
// direct RPCs against individual servers. This will not be used for any ongoing RPCs as once
|
|
// the agent gets configured, it can go through the normal RPC means of selecting a available
|
|
// server automatically.
|
|
type DirectRPC interface {
|
|
RPC(dc string, node string, addr net.Addr, method string, args interface{}, reply interface{}) error
|
|
}
|
|
|
|
// Cache is an interface to represent the methods of the
|
|
// agent/cache.Cache struct that we care about
|
|
type Cache interface {
|
|
Notify(ctx context.Context, t string, r cache.Request, correlationID string, ch chan<- cache.UpdateEvent) error
|
|
Prepopulate(t string, result cache.FetchResult, dc string, peerName string, token string, key string) error
|
|
}
|
|
|
|
// LeafCertManager is an interface to represent the methods of the
|
|
// agent/leafcert.Manager struct that we care about
|
|
type LeafCertManager interface {
|
|
Prepopulate(
|
|
ctx context.Context,
|
|
key string,
|
|
index uint64,
|
|
value *structs.IssuedCert,
|
|
authorityKeyID string,
|
|
) error
|
|
Notify(ctx context.Context, req *leafcert.ConnectCALeafRequest, correlationID string, ch chan<- cache.UpdateEvent) error
|
|
}
|
|
|
|
// ServerProvider is an interface that can be used to find one server in the local DC known to
|
|
// the agent via Gossip
|
|
type ServerProvider interface {
|
|
FindLANServer() *metadata.Server
|
|
}
|
|
|
|
// TLSConfigurator is an interface of the methods on the tlsutil.Configurator that we will require at
|
|
// runtime.
|
|
type TLSConfigurator interface {
|
|
UpdateAutoTLS(manualCAPEMs, connectCAPEMs []string, pub, priv string, verifyServerHostname bool) error
|
|
UpdateAutoTLSCA([]string) error
|
|
UpdateAutoTLSCert(pub, priv string) error
|
|
AutoEncryptCert() *x509.Certificate
|
|
}
|
|
|
|
// TokenStore is an interface of the methods we will need to use from the token.Store.
|
|
type TokenStore interface {
|
|
AgentToken() string
|
|
UpdateAgentToken(secret string, source token.TokenSource) bool
|
|
Notify(kind token.TokenKind) token.Notifier
|
|
StopNotify(notifier token.Notifier)
|
|
}
|
|
|
|
// Config contains all the tunables for AutoConfig
|
|
type Config struct {
|
|
// Logger is any logger that should be utilized. If not provided,
|
|
// then no logs will be emitted.
|
|
Logger hclog.Logger
|
|
|
|
// DirectRPC is the interface to be used by AutoConfig to make the
|
|
// AutoConfig.InitialConfiguration RPCs for generating the bootstrap
|
|
// configuration. Setting this field is required.
|
|
DirectRPC DirectRPC
|
|
|
|
// ServerProvider is the interfaced to be used by AutoConfig to find any
|
|
// known servers during fallback operations.
|
|
ServerProvider ServerProvider
|
|
|
|
// Waiter is used during retrieval of the initial configuration.
|
|
// When around of requests fails we will
|
|
// wait and eventually make another round of requests (1 round
|
|
// is trying the RPC once against each configured server addr). The
|
|
// waiting implements some backoff to prevent from retrying these RPCs
|
|
// too often. This field is not required and if left unset a waiter will
|
|
// be used that has a max wait duration of 10 minutes and a randomized
|
|
// jitter of 25% of the wait time. Setting this is mainly useful for
|
|
// testing purposes to allow testing out the retrying functionality without
|
|
// having the test take minutes/hours to complete.
|
|
Waiter *retry.Waiter
|
|
|
|
// Loader merges source with the existing FileSources and returns the complete
|
|
// RuntimeConfig.
|
|
Loader func(source config.Source) (config.LoadResult, error)
|
|
|
|
// TLSConfigurator is the shared TLS Configurator. AutoConfig will update the
|
|
// auto encrypt/auto config certs as they are renewed.
|
|
TLSConfigurator TLSConfigurator
|
|
|
|
// Cache is an object implementing our Cache interface. The Cache
|
|
// used at runtime must be able to handle Roots watches
|
|
Cache Cache
|
|
|
|
// LeafCertManager is an object implementing our LeafCertManager interface.
|
|
LeafCertManager LeafCertManager
|
|
|
|
// FallbackLeeway is the amount of time after certificate expiration before
|
|
// invoking the fallback routine. If not set this will default to 10s.
|
|
FallbackLeeway time.Duration
|
|
|
|
// FallbackRetry is the duration between Fallback invocations when the configured
|
|
// fallback routine returns an error. If not set this will default to 1m.
|
|
FallbackRetry time.Duration
|
|
|
|
// Tokens is the shared token store. It is used to retrieve the current
|
|
// agent token as well as getting notifications when that token is updated.
|
|
// This field is required.
|
|
Tokens TokenStore
|
|
|
|
// EnterpriseConfig is the embedded specific enterprise configurations
|
|
EnterpriseConfig
|
|
}
|