mirror of https://github.com/hashicorp/consul
agent: Passthrough of TLS configurations
parent
f94dfa4efc
commit
592953309e
|
@ -169,6 +169,13 @@ func (a *Agent) consulConfig() *consul.Config {
|
|||
base.ProtocolVersion = uint8(a.config.Protocol)
|
||||
}
|
||||
|
||||
// Copy the TLS configuration
|
||||
base.VerifyIncoming = a.config.VerifyIncoming
|
||||
base.VerifyOutgoing = a.config.VerifyOutgoing
|
||||
base.CAFile = a.config.CAFile
|
||||
base.CertFile = a.config.CertFile
|
||||
base.KeyFile = a.config.KeyFile
|
||||
|
||||
// Setup the ServerUp callback
|
||||
base.ServerUp = a.state.ConsulServerUp
|
||||
|
||||
|
|
|
@ -103,6 +103,28 @@ type Config struct {
|
|||
// EnableDebug is used to enable various debugging features
|
||||
EnableDebug bool `mapstructure:"enable_debug"`
|
||||
|
||||
// VerifyIncoming is used to verify the authenticity of incoming connections.
|
||||
// This means that TCP requests are forbidden, only allowing for TLS. TLS connections
|
||||
// must match a provided certificate authority. This can be used to force client auth.
|
||||
VerifyIncoming bool `mapstructure:"verify_incoming"`
|
||||
|
||||
// VerifyOutgoing is used to verify the authenticity of outgoing connections.
|
||||
// This means that TLS requests are used. TLS connections must match a provided
|
||||
// certificate authority. This is used to verify authenticity of server nodes.
|
||||
VerifyOutgoing bool `mapstructure:"verify_outgoing"`
|
||||
|
||||
// CAFile is a path to a certificate authority file. This is used with VerifyIncoming
|
||||
// or VerifyOutgoing to verify the TLS connection.
|
||||
CAFile string `mapstructure:"ca_file"`
|
||||
|
||||
// CertFile is used to provide a TLS certificate that is used for serving TLS connections.
|
||||
// Must be provided to serve TLS connections.
|
||||
CertFile string `mapstructure:"cert_file"`
|
||||
|
||||
// KeyFile is used to provide a TLS key that is used for serving TLS connections.
|
||||
// Must be provided to serve TLS connections.
|
||||
KeyFile string `mapstructure:"key_file"`
|
||||
|
||||
// Checks holds the provided check definitions
|
||||
Checks []*CheckDefinition `mapstructure:"-"`
|
||||
|
||||
|
@ -335,6 +357,21 @@ func MergeConfig(a, b *Config) *Config {
|
|||
if b.EnableDebug {
|
||||
result.EnableDebug = true
|
||||
}
|
||||
if b.VerifyIncoming {
|
||||
result.VerifyIncoming = true
|
||||
}
|
||||
if b.VerifyOutgoing {
|
||||
result.VerifyOutgoing = true
|
||||
}
|
||||
if b.CAFile != "" {
|
||||
result.CAFile = b.CAFile
|
||||
}
|
||||
if b.CertFile != "" {
|
||||
result.CertFile = b.CertFile
|
||||
}
|
||||
if b.KeyFile != "" {
|
||||
result.KeyFile = b.KeyFile
|
||||
}
|
||||
if b.Checks != nil {
|
||||
result.Checks = append(result.Checks, b.Checks...)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue