mirror of https://github.com/hashicorp/consul
Pass the Config and TLS Configurator into the AutoConfig constructor
This is instead of having the AutoConfigBackend interface provide functions for retrieving them. NOTE: the config is not reloadable. For now this is fine as we don’t look at any reloadable fields. If that changes then we should provide a way to make it reloadable.pull/8253/head
parent
f2f32735ce
commit
4fb535ba48
|
@ -80,27 +80,34 @@ func (a *jwtAuthorizer) Authorize(req *agentpb.AutoConfigRequest) (AutoConfigOpt
|
||||||
}
|
}
|
||||||
|
|
||||||
type AutoConfigBackend interface {
|
type AutoConfigBackend interface {
|
||||||
GetConfig() *Config
|
|
||||||
CreateACLToken(template *structs.ACLToken) (*structs.ACLToken, error)
|
CreateACLToken(template *structs.ACLToken) (*structs.ACLToken, error)
|
||||||
DatacenterJoinAddresses(segment string) ([]string, error)
|
DatacenterJoinAddresses(segment string) ([]string, error)
|
||||||
TLSConfigurator() *tlsutil.Configurator
|
|
||||||
ForwardRPC(method string, info structs.RPCInfo, args, reply interface{}) (bool, error)
|
ForwardRPC(method string, info structs.RPCInfo, args, reply interface{}) (bool, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
// AutoConfig endpoint is used for cluster auto configuration operations
|
// AutoConfig endpoint is used for cluster auto configuration operations
|
||||||
type AutoConfig struct {
|
type AutoConfig struct {
|
||||||
|
// currently AutoConfig does not support pushing down any configuration that would be reloadable on the servers
|
||||||
|
// (outside of some TLS settings such as the configured CA certs which are retrieved via the TLS configurator)
|
||||||
|
// If that changes then we will need to change this to use an atomic.Value and provide means of reloading it.
|
||||||
|
config *Config
|
||||||
|
tlsConfigurator *tlsutil.Configurator
|
||||||
|
|
||||||
backend AutoConfigBackend
|
backend AutoConfigBackend
|
||||||
authorizer AutoConfigAuthorizer
|
authorizer AutoConfigAuthorizer
|
||||||
}
|
}
|
||||||
|
|
||||||
// getBackendConfig is a small wrapper around the backend's GetConfig to ensure
|
func NewAutoConfig(conf *Config, tlsConfigurator *tlsutil.Configurator, backend AutoConfigBackend, authz AutoConfigAuthorizer) *AutoConfig {
|
||||||
// that all helper functions have a non-nil configuration to operate on.
|
if conf == nil {
|
||||||
func (ac *AutoConfig) getBackendConfig() *Config {
|
conf = DefaultConfig()
|
||||||
if conf := ac.backend.GetConfig(); conf != nil {
|
|
||||||
return conf
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return DefaultConfig()
|
return &AutoConfig{
|
||||||
|
config: conf,
|
||||||
|
tlsConfigurator: tlsConfigurator,
|
||||||
|
backend: backend,
|
||||||
|
authorizer: authz,
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// updateTLSCertificatesInConfig will ensure that the TLS settings regarding how an agent is
|
// updateTLSCertificatesInConfig will ensure that the TLS settings regarding how an agent is
|
||||||
|
@ -108,28 +115,26 @@ func (ac *AutoConfig) getBackendConfig() *Config {
|
||||||
// in some cases only if auto_encrypt is enabled on the servers. This endpoint has the option
|
// in some cases only if auto_encrypt is enabled on the servers. This endpoint has the option
|
||||||
// to configure auto_encrypt or potentially in the future to generate the certificates inline.
|
// to configure auto_encrypt or potentially in the future to generate the certificates inline.
|
||||||
func (ac *AutoConfig) updateTLSCertificatesInConfig(opts AutoConfigOptions, conf *config.Config) error {
|
func (ac *AutoConfig) updateTLSCertificatesInConfig(opts AutoConfigOptions, conf *config.Config) error {
|
||||||
conf.AutoEncrypt = &config.AutoEncrypt{TLS: ac.getBackendConfig().AutoEncryptAllowTLS}
|
conf.AutoEncrypt = &config.AutoEncrypt{TLS: ac.config.AutoEncryptAllowTLS}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// updateACLtokensInConfig will configure all of the agents ACL settings and will populate
|
// updateACLtokensInConfig will configure all of the agents ACL settings and will populate
|
||||||
// the configuration with an agent token usable for all default agent operations.
|
// the configuration with an agent token usable for all default agent operations.
|
||||||
func (ac *AutoConfig) updateACLsInConfig(opts AutoConfigOptions, conf *config.Config) error {
|
func (ac *AutoConfig) updateACLsInConfig(opts AutoConfigOptions, conf *config.Config) error {
|
||||||
backendConf := ac.getBackendConfig()
|
|
||||||
|
|
||||||
acl := &config.ACL{
|
acl := &config.ACL{
|
||||||
Enabled: backendConf.ACLsEnabled,
|
Enabled: ac.config.ACLsEnabled,
|
||||||
PolicyTTL: backendConf.ACLPolicyTTL.String(),
|
PolicyTTL: ac.config.ACLPolicyTTL.String(),
|
||||||
RoleTTL: backendConf.ACLRoleTTL.String(),
|
RoleTTL: ac.config.ACLRoleTTL.String(),
|
||||||
TokenTTL: backendConf.ACLTokenTTL.String(),
|
TokenTTL: ac.config.ACLTokenTTL.String(),
|
||||||
DisabledTTL: backendConf.ACLDisabledTTL.String(),
|
DisabledTTL: ac.config.ACLDisabledTTL.String(),
|
||||||
DownPolicy: backendConf.ACLDownPolicy,
|
DownPolicy: ac.config.ACLDownPolicy,
|
||||||
DefaultPolicy: backendConf.ACLDefaultPolicy,
|
DefaultPolicy: ac.config.ACLDefaultPolicy,
|
||||||
EnableKeyListPolicy: backendConf.ACLEnableKeyListPolicy,
|
EnableKeyListPolicy: ac.config.ACLEnableKeyListPolicy,
|
||||||
}
|
}
|
||||||
|
|
||||||
// when ACLs are enabled we want to create a local token with a node identity
|
// when ACLs are enabled we want to create a local token with a node identity
|
||||||
if backendConf.ACLsEnabled {
|
if ac.config.ACLsEnabled {
|
||||||
// set up the token template - the ids and create
|
// set up the token template - the ids and create
|
||||||
template := structs.ACLToken{
|
template := structs.ACLToken{
|
||||||
Description: fmt.Sprintf("Auto Config Token for Node %q", opts.NodeName),
|
Description: fmt.Sprintf("Auto Config Token for Node %q", opts.NodeName),
|
||||||
|
@ -137,7 +142,7 @@ func (ac *AutoConfig) updateACLsInConfig(opts AutoConfigOptions, conf *config.Co
|
||||||
NodeIdentities: []*structs.ACLNodeIdentity{
|
NodeIdentities: []*structs.ACLNodeIdentity{
|
||||||
{
|
{
|
||||||
NodeName: opts.NodeName,
|
NodeName: opts.NodeName,
|
||||||
Datacenter: backendConf.Datacenter,
|
Datacenter: ac.config.Datacenter,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
||||||
|
@ -148,16 +153,6 @@ func (ac *AutoConfig) updateACLsInConfig(opts AutoConfigOptions, conf *config.Co
|
||||||
return fmt.Errorf("Failed to generate an ACL token for node %q - %w", opts.NodeName, err)
|
return fmt.Errorf("Failed to generate an ACL token for node %q - %w", opts.NodeName, err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// req := structs.ACLTokenBatchSetRequest{
|
|
||||||
// Tokens: structs.ACLTokens{&token},
|
|
||||||
// CAS: false,
|
|
||||||
// }
|
|
||||||
|
|
||||||
// // perform the request to mint the new token
|
|
||||||
// if _, err := c.srv.raftApplyMsgpack(structs.ACLTokenSetRequestType, &req); err != nil {
|
|
||||||
// return err
|
|
||||||
// }
|
|
||||||
|
|
||||||
acl.Tokens = &config.ACLTokens{Agent: token.SecretID}
|
acl.Tokens = &config.ACLTokens{Agent: token.SecretID}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -173,14 +168,6 @@ func (ac *AutoConfig) updateJoinAddressesInConfig(opts AutoConfigOptions, conf *
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// var joinAddrs []string
|
|
||||||
// for _, m := range members {
|
|
||||||
// if ok, _ := metadata.IsConsulServer(m); ok {
|
|
||||||
// serfAddr := net.TCPAddr{IP: m.Addr, Port: int(m.Port)}
|
|
||||||
// joinAddrs = append(joinAddrs, serfAddr.String())
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
|
|
||||||
if conf.Gossip == nil {
|
if conf.Gossip == nil {
|
||||||
conf.Gossip = &config.Gossip{}
|
conf.Gossip = &config.Gossip{}
|
||||||
}
|
}
|
||||||
|
@ -192,7 +179,7 @@ func (ac *AutoConfig) updateJoinAddressesInConfig(opts AutoConfigOptions, conf *
|
||||||
// updateGossipEncryptionInConfig will populate the gossip encryption configuration settings
|
// updateGossipEncryptionInConfig will populate the gossip encryption configuration settings
|
||||||
func (ac *AutoConfig) updateGossipEncryptionInConfig(_ AutoConfigOptions, conf *config.Config) error {
|
func (ac *AutoConfig) updateGossipEncryptionInConfig(_ AutoConfigOptions, conf *config.Config) error {
|
||||||
// Add gossip encryption settings if there is any key loaded
|
// Add gossip encryption settings if there is any key loaded
|
||||||
memberlistConfig := ac.getBackendConfig().SerfLANConfig.MemberlistConfig
|
memberlistConfig := ac.config.SerfLANConfig.MemberlistConfig
|
||||||
if lanKeyring := memberlistConfig.Keyring; lanKeyring != nil {
|
if lanKeyring := memberlistConfig.Keyring; lanKeyring != nil {
|
||||||
if conf.Gossip == nil {
|
if conf.Gossip == nil {
|
||||||
conf.Gossip = &config.Gossip{}
|
conf.Gossip = &config.Gossip{}
|
||||||
|
@ -216,8 +203,7 @@ func (ac *AutoConfig) updateGossipEncryptionInConfig(_ AutoConfigOptions, conf *
|
||||||
// updateTLSSettingsInConfig will populate the TLS configuration settings but will not
|
// updateTLSSettingsInConfig will populate the TLS configuration settings but will not
|
||||||
// populate leaf or ca certficiates.
|
// populate leaf or ca certficiates.
|
||||||
func (ac *AutoConfig) updateTLSSettingsInConfig(_ AutoConfigOptions, conf *config.Config) error {
|
func (ac *AutoConfig) updateTLSSettingsInConfig(_ AutoConfigOptions, conf *config.Config) error {
|
||||||
tlsConfigurator := ac.backend.TLSConfigurator()
|
if ac.tlsConfigurator == nil {
|
||||||
if tlsConfigurator == nil {
|
|
||||||
// TLS is not enabled?
|
// TLS is not enabled?
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -227,8 +213,8 @@ func (ac *AutoConfig) updateTLSSettingsInConfig(_ AutoConfigOptions, conf *confi
|
||||||
conf.TLS = &config.TLS{}
|
conf.TLS = &config.TLS{}
|
||||||
}
|
}
|
||||||
|
|
||||||
conf.TLS.VerifyServerHostname = tlsConfigurator.VerifyServerHostname()
|
conf.TLS.VerifyServerHostname = ac.tlsConfigurator.VerifyServerHostname()
|
||||||
base := tlsConfigurator.Base()
|
base := ac.tlsConfigurator.Base()
|
||||||
conf.TLS.VerifyOutgoing = base.VerifyOutgoing
|
conf.TLS.VerifyOutgoing = base.VerifyOutgoing
|
||||||
conf.TLS.MinVersion = base.TLSMinVersion
|
conf.TLS.MinVersion = base.TLSMinVersion
|
||||||
conf.TLS.PreferServerCipherSuites = base.PreferServerCipherSuites
|
conf.TLS.PreferServerCipherSuites = base.PreferServerCipherSuites
|
||||||
|
@ -241,14 +227,12 @@ func (ac *AutoConfig) updateTLSSettingsInConfig(_ AutoConfigOptions, conf *confi
|
||||||
// baseConfig will populate the configuration with some base settings such as the
|
// baseConfig will populate the configuration with some base settings such as the
|
||||||
// datacenter names, node name etc.
|
// datacenter names, node name etc.
|
||||||
func (ac *AutoConfig) baseConfig(opts AutoConfigOptions, conf *config.Config) error {
|
func (ac *AutoConfig) baseConfig(opts AutoConfigOptions, conf *config.Config) error {
|
||||||
backendConf := ac.getBackendConfig()
|
|
||||||
|
|
||||||
if opts.NodeName == "" {
|
if opts.NodeName == "" {
|
||||||
return fmt.Errorf("Cannot generate auto config response without a node name")
|
return fmt.Errorf("Cannot generate auto config response without a node name")
|
||||||
}
|
}
|
||||||
|
|
||||||
conf.Datacenter = backendConf.Datacenter
|
conf.Datacenter = ac.config.Datacenter
|
||||||
conf.PrimaryDatacenter = backendConf.PrimaryDatacenter
|
conf.PrimaryDatacenter = ac.config.PrimaryDatacenter
|
||||||
conf.NodeName = opts.NodeName
|
conf.NodeName = opts.NodeName
|
||||||
conf.SegmentName = opts.SegmentName
|
conf.SegmentName = opts.SegmentName
|
||||||
|
|
||||||
|
@ -274,19 +258,22 @@ var (
|
||||||
// AgentAutoConfig will authorize the incoming request and then generate the configuration
|
// AgentAutoConfig will authorize the incoming request and then generate the configuration
|
||||||
// to push down to the client
|
// to push down to the client
|
||||||
func (ac *AutoConfig) InitialConfiguration(req *agentpb.AutoConfigRequest, resp *agentpb.AutoConfigResponse) error {
|
func (ac *AutoConfig) InitialConfiguration(req *agentpb.AutoConfigRequest, resp *agentpb.AutoConfigResponse) error {
|
||||||
backendConf := ac.getBackendConfig()
|
|
||||||
|
|
||||||
// default the datacenter to our datacenter - agents do not have to specify this as they may not
|
// default the datacenter to our datacenter - agents do not have to specify this as they may not
|
||||||
// yet know the datacenter name they are going to be in.
|
// yet know the datacenter name they are going to be in.
|
||||||
if req.Datacenter == "" {
|
if req.Datacenter == "" {
|
||||||
req.Datacenter = backendConf.Datacenter
|
req.Datacenter = ac.config.Datacenter
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO (autoconf) Is performing auto configuration over the WAN really a bad idea?
|
// TODO (autoconf) Is performing auto configuration over the WAN really a bad idea?
|
||||||
if req.Datacenter != backendConf.Datacenter {
|
if req.Datacenter != ac.config.Datacenter {
|
||||||
return fmt.Errorf("invalid datacenter %q - agent auto configuration cannot target a remote datacenter", req.Datacenter)
|
return fmt.Errorf("invalid datacenter %q - agent auto configuration cannot target a remote datacenter", req.Datacenter)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TODO (autoconf) maybe panic instead?
|
||||||
|
if ac.backend == nil {
|
||||||
|
return fmt.Errorf("No Auto Config backend is configured")
|
||||||
|
}
|
||||||
|
|
||||||
// forward to the leader
|
// forward to the leader
|
||||||
if done, err := ac.backend.ForwardRPC("AutoConfig.InitialConfiguration", req, req, resp); done {
|
if done, err := ac.backend.ForwardRPC("AutoConfig.InitialConfiguration", req, req, resp); done {
|
||||||
return err
|
return err
|
||||||
|
|
|
@ -29,13 +29,6 @@ type mockAutoConfigBackend struct {
|
||||||
mock.Mock
|
mock.Mock
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *mockAutoConfigBackend) GetConfig() *Config {
|
|
||||||
ret := m.Called()
|
|
||||||
// this handles converting an untyped nil to a typed nil
|
|
||||||
cfg, _ := ret.Get(0).(*Config)
|
|
||||||
return cfg
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *mockAutoConfigBackend) CreateACLToken(template *structs.ACLToken) (*structs.ACLToken, error) {
|
func (m *mockAutoConfigBackend) CreateACLToken(template *structs.ACLToken) (*structs.ACLToken, error) {
|
||||||
ret := m.Called(template)
|
ret := m.Called(template)
|
||||||
// this handles converting an untyped nil to a typed nil
|
// this handles converting an untyped nil to a typed nil
|
||||||
|
@ -50,13 +43,6 @@ func (m *mockAutoConfigBackend) DatacenterJoinAddresses(segment string) ([]strin
|
||||||
return addrs, ret.Error(1)
|
return addrs, ret.Error(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *mockAutoConfigBackend) TLSConfigurator() *tlsutil.Configurator {
|
|
||||||
ret := m.Called()
|
|
||||||
// this handles converting an untyped nil to a typed nil
|
|
||||||
cfg, _ := ret.Get(0).(*tlsutil.Configurator)
|
|
||||||
return cfg
|
|
||||||
}
|
|
||||||
|
|
||||||
func (m *mockAutoConfigBackend) ForwardRPC(method string, info structs.RPCInfo, args, reply interface{}) (bool, error) {
|
func (m *mockAutoConfigBackend) ForwardRPC(method string, info structs.RPCInfo, args, reply interface{}) (bool, error) {
|
||||||
ret := m.Called(method, info, args, reply)
|
ret := m.Called(method, info, args, reply)
|
||||||
return ret.Bool(0), ret.Error(1)
|
return ret.Bool(0), ret.Error(1)
|
||||||
|
@ -315,11 +301,8 @@ func TestAutoConfig_baseConfig(t *testing.T) {
|
||||||
|
|
||||||
for name, tcase := range cases {
|
for name, tcase := range cases {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
backend := &mockAutoConfigBackend{}
|
|
||||||
backend.On("GetConfig").Return(&tcase.serverConfig).Once()
|
|
||||||
|
|
||||||
ac := AutoConfig{
|
ac := AutoConfig{
|
||||||
backend: backend,
|
config: &tcase.serverConfig,
|
||||||
}
|
}
|
||||||
|
|
||||||
var actual config.Config
|
var actual config.Config
|
||||||
|
@ -330,8 +313,6 @@ func TestAutoConfig_baseConfig(t *testing.T) {
|
||||||
} else {
|
} else {
|
||||||
testutil.RequireErrorContains(t, err, tcase.err)
|
testutil.RequireErrorContains(t, err, tcase.err)
|
||||||
}
|
}
|
||||||
|
|
||||||
backend.AssertExpectations(t)
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -406,19 +387,14 @@ func TestAutoConfig_updateTLSSettingsInConfig(t *testing.T) {
|
||||||
configurator, err := tlsutil.NewConfigurator(tcase.tlsConfig, logger)
|
configurator, err := tlsutil.NewConfigurator(tcase.tlsConfig, logger)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
backend := &mockAutoConfigBackend{}
|
|
||||||
backend.On("TLSConfigurator").Return(configurator).Once()
|
|
||||||
|
|
||||||
ac := &AutoConfig{
|
ac := &AutoConfig{
|
||||||
backend: backend,
|
tlsConfigurator: configurator,
|
||||||
}
|
}
|
||||||
|
|
||||||
var actual config.Config
|
var actual config.Config
|
||||||
err = ac.updateTLSSettingsInConfig(AutoConfigOptions{}, &actual)
|
err = ac.updateTLSSettingsInConfig(AutoConfigOptions{}, &actual)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.Equal(t, tcase.expected, actual)
|
require.Equal(t, tcase.expected, actual)
|
||||||
|
|
||||||
backend.AssertExpectations(t)
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -483,19 +459,14 @@ func TestAutoConfig_updateGossipEncryptionInConfig(t *testing.T) {
|
||||||
cfg := DefaultConfig()
|
cfg := DefaultConfig()
|
||||||
cfg.SerfLANConfig.MemberlistConfig = &tcase.conf
|
cfg.SerfLANConfig.MemberlistConfig = &tcase.conf
|
||||||
|
|
||||||
backend := &mockAutoConfigBackend{}
|
|
||||||
backend.On("GetConfig").Return(cfg).Once()
|
|
||||||
|
|
||||||
ac := AutoConfig{
|
ac := AutoConfig{
|
||||||
backend: backend,
|
config: cfg,
|
||||||
}
|
}
|
||||||
|
|
||||||
var actual config.Config
|
var actual config.Config
|
||||||
err := ac.updateGossipEncryptionInConfig(AutoConfigOptions{}, &actual)
|
err := ac.updateGossipEncryptionInConfig(AutoConfigOptions{}, &actual)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.Equal(t, tcase.expected, actual)
|
require.Equal(t, tcase.expected, actual)
|
||||||
|
|
||||||
backend.AssertExpectations(t)
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -529,19 +500,14 @@ func TestAutoConfig_updateTLSCertificatesInConfig(t *testing.T) {
|
||||||
|
|
||||||
for name, tcase := range cases {
|
for name, tcase := range cases {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
backend := &mockAutoConfigBackend{}
|
|
||||||
backend.On("GetConfig").Return(&tcase.serverConfig).Once()
|
|
||||||
|
|
||||||
ac := AutoConfig{
|
ac := AutoConfig{
|
||||||
backend: backend,
|
config: &tcase.serverConfig,
|
||||||
}
|
}
|
||||||
|
|
||||||
var actual config.Config
|
var actual config.Config
|
||||||
err := ac.updateTLSCertificatesInConfig(AutoConfigOptions{}, &actual)
|
err := ac.updateTLSCertificatesInConfig(AutoConfigOptions{}, &actual)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.Equal(t, tcase.expected, actual)
|
require.Equal(t, tcase.expected, actual)
|
||||||
|
|
||||||
backend.AssertExpectations(t)
|
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -632,8 +598,6 @@ func TestAutoConfig_updateACLsInConfig(t *testing.T) {
|
||||||
for name, tcase := range cases {
|
for name, tcase := range cases {
|
||||||
t.Run(name, func(t *testing.T) {
|
t.Run(name, func(t *testing.T) {
|
||||||
backend := &mockAutoConfigBackend{}
|
backend := &mockAutoConfigBackend{}
|
||||||
backend.On("GetConfig").Return(&tcase.config).Once()
|
|
||||||
|
|
||||||
expectedTemplate := &structs.ACLToken{
|
expectedTemplate := &structs.ACLToken{
|
||||||
Description: `Auto Config Token for Node "something"`,
|
Description: `Auto Config Token for Node "something"`,
|
||||||
Local: true,
|
Local: true,
|
||||||
|
@ -664,7 +628,7 @@ func TestAutoConfig_updateACLsInConfig(t *testing.T) {
|
||||||
backend.On("CreateACLToken", expectedTemplate).Return(testToken, tcase.err).Once()
|
backend.On("CreateACLToken", expectedTemplate).Return(testToken, tcase.err).Once()
|
||||||
}
|
}
|
||||||
|
|
||||||
ac := AutoConfig{backend: backend}
|
ac := AutoConfig{config: &tcase.config, backend: backend}
|
||||||
|
|
||||||
var actual config.Config
|
var actual config.Config
|
||||||
err := ac.updateACLsInConfig(AutoConfigOptions{NodeName: "something"}, &actual)
|
err := ac.updateACLsInConfig(AutoConfigOptions{NodeName: "something"}, &actual)
|
||||||
|
|
|
@ -876,7 +876,7 @@ func (s *Server) setupRPC() error {
|
||||||
authz = &disabledAuthorizer{}
|
authz = &disabledAuthorizer{}
|
||||||
}
|
}
|
||||||
// now register with the insecure RPC server
|
// now register with the insecure RPC server
|
||||||
s.insecureRPCServer.Register(&AutoConfig{backend: s, authorizer: authz})
|
s.insecureRPCServer.Register(NewAutoConfig(s.config, s.tlsConfigurator, s, authz))
|
||||||
|
|
||||||
ln, err := net.ListenTCP("tcp", s.config.RPCAddr)
|
ln, err := net.ListenTCP("tcp", s.config.RPCAddr)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -1502,18 +1502,6 @@ func (s *Server) DatacenterJoinAddresses(segment string) ([]string, error) {
|
||||||
return joinAddrs, nil
|
return joinAddrs, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// GetConfig will return the servers configuration - this is needed to satisfy
|
|
||||||
// interfaces: AutoConfigDelegate
|
|
||||||
func (s *Server) GetConfig() *Config {
|
|
||||||
return s.config
|
|
||||||
}
|
|
||||||
|
|
||||||
// TLSConfigurator just returns the servers TLS Configurator - this is needed to satisfy
|
|
||||||
// interfaces: AutoConfigDelegate
|
|
||||||
func (s *Server) TLSConfigurator() *tlsutil.Configurator {
|
|
||||||
return s.tlsConfigurator
|
|
||||||
}
|
|
||||||
|
|
||||||
// peersInfoContent is used to help operators understand what happened to the
|
// peersInfoContent is used to help operators understand what happened to the
|
||||||
// peers.json file. This is written to a file called peers.info in the same
|
// peers.json file. This is written to a file called peers.info in the same
|
||||||
// location.
|
// location.
|
||||||
|
|
Loading…
Reference in New Issue