mirror of https://github.com/hashicorp/consul
ca: reduce consul provider backend interface a bit
This makes it easier to fake, which will allow me to use the ConsulProvider as an 'external PKI' to test a customer setup where the actual root CA is not the root we use for the Consul CA. Replaces a call to the state store to fetch the clusterID with the clusterID field already available on the built-in provider.pull/11660/head
parent
f7b8df281b
commit
b92084b8e8
|
@ -17,7 +17,6 @@ import (
|
|||
"github.com/hashicorp/go-hclog"
|
||||
|
||||
"github.com/hashicorp/consul/agent/connect"
|
||||
"github.com/hashicorp/consul/agent/consul/state"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
|
@ -56,7 +55,7 @@ func NewConsulProvider(delegate ConsulProviderStateDelegate, logger hclog.Logger
|
|||
}
|
||||
|
||||
type ConsulProviderStateDelegate interface {
|
||||
State() *state.Store
|
||||
ProviderState(id string) (*structs.CAConsulProviderState, error)
|
||||
ApplyCARequest(*structs.CARequest) (interface{}, error)
|
||||
}
|
||||
|
||||
|
@ -82,7 +81,7 @@ func (c *ConsulProvider) Configure(cfg ProviderConfig) error {
|
|||
c.parseTestState(cfg.RawConfig, cfg.State)
|
||||
|
||||
// Exit early if the state store has an entry for this provider's config.
|
||||
_, providerState, err := c.Delegate.State().CAProviderState(c.id)
|
||||
providerState, err := c.Delegate.ProviderState(c.id)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -98,7 +97,7 @@ func (c *ConsulProvider) Configure(cfg ProviderConfig) error {
|
|||
|
||||
// Check if there are any entries with old ID schemes.
|
||||
for _, oldID := range oldIDs {
|
||||
_, providerState, err = c.Delegate.State().CAProviderState(oldID)
|
||||
providerState, err = c.Delegate.ProviderState(oldID)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -589,8 +588,7 @@ func (c *ConsulProvider) SupportsCrossSigning() (bool, error) {
|
|||
// getState returns the current provider state from the state delegate, and returns
|
||||
// ErrNotInitialized if no entry is found.
|
||||
func (c *ConsulProvider) getState() (*structs.CAConsulProviderState, error) {
|
||||
stateStore := c.Delegate.State()
|
||||
_, providerState, err := stateStore.CAProviderState(c.id)
|
||||
providerState, err := c.Delegate.ProviderState(c.id)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -17,8 +17,9 @@ type consulCAMockDelegate struct {
|
|||
state *state.Store
|
||||
}
|
||||
|
||||
func (c *consulCAMockDelegate) State() *state.Store {
|
||||
return c.state
|
||||
func (c *consulCAMockDelegate) ProviderState(id string) (*structs.CAConsulProviderState, error) {
|
||||
_, s, err := c.state.CAProviderState(id)
|
||||
return s, err
|
||||
}
|
||||
|
||||
func (c *consulCAMockDelegate) ApplyCARequest(req *structs.CARequest) (interface{}, error) {
|
||||
|
|
|
@ -246,7 +246,6 @@ func (v *VaultProvider) GenerateRoot() error {
|
|||
DefaultLeaseTTL: v.config.RootCertTTL.String(),
|
||||
},
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
@ -168,8 +168,11 @@ func runTestVault(t testing.T) (*TestVaultServer, error) {
|
|||
returnPortsFn: returnPortsFn,
|
||||
}
|
||||
t.Cleanup(func() {
|
||||
testVault.Stop()
|
||||
if err := testVault.Stop(); err != nil {
|
||||
t.Log("failed to stop vault server: %w", err)
|
||||
}
|
||||
})
|
||||
|
||||
return testVault, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -38,6 +38,8 @@ const (
|
|||
// easier testing.
|
||||
type caServerDelegate interface {
|
||||
ca.ConsulProviderStateDelegate
|
||||
|
||||
State() *state.Store
|
||||
IsLeader() bool
|
||||
ApplyCALeafRequest() (uint64, error)
|
||||
|
||||
|
@ -138,6 +140,11 @@ func (c *caDelegateWithState) ServersSupportMultiDCConnectCA() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (c *caDelegateWithState) ProviderState(id string) (*structs.CAConsulProviderState, error) {
|
||||
_, s, err := c.fsm.State().CAProviderState(id)
|
||||
return s, err
|
||||
}
|
||||
|
||||
func NewCAManager(delegate caServerDelegate, leaderRoutineManager *routine.Manager, logger hclog.Logger, config *Config) *CAManager {
|
||||
return &CAManager{
|
||||
delegate: delegate,
|
||||
|
|
|
@ -53,6 +53,11 @@ func (m *mockCAServerDelegate) State() *state.Store {
|
|||
return m.store
|
||||
}
|
||||
|
||||
func (m *mockCAServerDelegate) ProviderState(id string) (*structs.CAConsulProviderState, error) {
|
||||
_, s, err := m.store.CAProviderState(id)
|
||||
return s, err
|
||||
}
|
||||
|
||||
func (m *mockCAServerDelegate) IsLeader() bool {
|
||||
return true
|
||||
}
|
||||
|
|
|
@ -472,7 +472,7 @@ func NewServer(config *Config, flat Deps) (*Server, error) {
|
|||
return nil, fmt.Errorf("Failed to start Raft: %v", err)
|
||||
}
|
||||
|
||||
s.caManager = NewCAManager(&caDelegateWithState{s}, s.leaderRoutineManager, s.logger.ResetNamed("connect.ca"), s.config)
|
||||
s.caManager = NewCAManager(&caDelegateWithState{Server: s}, s.leaderRoutineManager, s.logger.ResetNamed("connect.ca"), s.config)
|
||||
if s.config.ConnectEnabled && (s.config.AutoEncryptAllowTLS || s.config.AutoConfigAuthzEnabled) {
|
||||
go s.connectCARootsMonitor(&lib.StopChannelContext{StopCh: s.shutdownCh})
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue