mirror of https://github.com/hashicorp/consul
1b1a97e8f9
* xds: refactor ingress listener SDS configuration * xds: update resolveListenerSDS call args in listeners_test * ingress: add TLS min, max and cipher suites to GatewayTLSConfig * xds: implement envoyTLSVersions and envoyTLSCipherSuites * xds: merge TLS config * xds: configure TLS parameters with ingress TLS context from leaf * xds: nil check in resolveListenerTLSConfig validation * xds: nil check in makeTLSParameters* functions * changelog: add entry for TLS params on ingress config entries * xds: remove indirection for TLS params in TLSConfig structs * xds: return tlsContext, nil instead of ambiguous err Co-authored-by: Chris S. Kim <ckim@hashicorp.com> * xds: switch zero checks to types.TLSVersionUnspecified * ingress: add validation for ingress config entry TLS params * ingress: validate listener TLS config * xds: add basic ingress with TLS params tests * xds: add ingress listeners mixed TLS min version defaults precedence test * xds: add more explicit tests for ingress listeners inheriting gateway defaults * xds: add test for single TLS listener on gateway without TLS defaults * xds: regen golden files for TLSVersionInvalid zero value, add TLSVersionAuto listener test * types/tls: change TLSVersion to string * types/tls: update TLSCipherSuite to string type * types/tls: implement validation functions for TLSVersion and TLSCipherSuites, make some maps private * api: add TLS params to GatewayTLSConfig, add tests * api: add TLSMinVersion to ingress gateway config entry test JSON * xds: switch to Envoy TLS cipher suite encoding from types package * xds: fixup validation for TLSv1_3 min version with cipher suites * add some kitchen sink tests and add a missing struct tag * xds: check if mergedCfg.TLSVersion is in TLSVersionsWithConfigurableCipherSuites * xds: update connectTLSEnabled comment * xds: remove unsued resolveGatewayServiceTLSConfig function * xds: add makeCommonTLSContextFromLeafWithoutParams * types/tls: add LessThan comparator function for concrete values * types/tls: change tlsVersions validation map from string to TLSVersion keys * types/tls: remove unused envoyTLSCipherSuites * types/tls: enable chacha20 cipher suites for Consul agent * types/tls: remove insecure cipher suites from allowed config TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 are both explicitly listed as insecure and disabled in the Go source. Refs https://cs.opensource.google/go/go/+/refs/tags/go1.17.3:src/crypto/tls/cipher_suites.go;l=329-330 * types/tls: add ValidateConsulAgentCipherSuites function, make direct lookup map private * types/tls: return all unmatched cipher suites in validation errors * xds: check that Envoy API value matching TLS version is found when building TlsParameters * types/tls: check that value is found in map before appending to slice in MarshalEnvoyTLSCipherSuiteStrings * types/tls: cast to string rather than fmt.Printf in TLSCihperSuite.String() * xds: add TLSVersionUnspecified to list of configurable cipher suites * structs: update note about config entry warning * xds: remove TLS min version cipher suite unconfigurable test placeholder * types/tls: update tests to remove assumption about private map values Co-authored-by: R.B. Boyer <rb@hashicorp.com> |
||
---|---|---|
.. | ||
watch | ||
.golangci.yml | ||
README.md | ||
acl.go | ||
acl_test.go | ||
agent.go | ||
agent_test.go | ||
api.go | ||
api_test.go | ||
catalog.go | ||
catalog_test.go | ||
config_entry.go | ||
config_entry_discoverychain.go | ||
config_entry_discoverychain_test.go | ||
config_entry_exports.go | ||
config_entry_gateways.go | ||
config_entry_gateways_test.go | ||
config_entry_intentions.go | ||
config_entry_intentions_test.go | ||
config_entry_mesh.go | ||
config_entry_test.go | ||
connect.go | ||
connect_ca.go | ||
connect_ca_test.go | ||
connect_intention.go | ||
connect_intention_test.go | ||
coordinate.go | ||
coordinate_test.go | ||
debug.go | ||
debug_test.go | ||
discovery_chain.go | ||
discovery_chain_test.go | ||
event.go | ||
event_test.go | ||
go.mod | ||
go.sum | ||
health.go | ||
health_test.go | ||
kv.go | ||
kv_test.go | ||
lock.go | ||
lock_test.go | ||
mock_api_test.go | ||
namespace.go | ||
namespace_test.go | ||
operator.go | ||
operator_area.go | ||
operator_autopilot.go | ||
operator_autopilot_test.go | ||
operator_keyring.go | ||
operator_keyring_test.go | ||
operator_license.go | ||
operator_raft.go | ||
operator_raft_test.go | ||
operator_segment.go | ||
oss_test.go | ||
partition.go | ||
prepared_query.go | ||
prepared_query_test.go | ||
raw.go | ||
semaphore.go | ||
semaphore_test.go | ||
session.go | ||
session_test.go | ||
snapshot.go | ||
snapshot_test.go | ||
status.go | ||
status_test.go | ||
txn.go | ||
txn_test.go |
README.md
Consul API client
This package provides the api
package which attempts to
provide programmatic access to the full Consul API.
Currently, all of the Consul APIs included in version 0.6.0 are supported.
Documentation
The full documentation is available on Godoc
Usage
Below is an example of using the Consul client:
package main
import "github.com/hashicorp/consul/api"
import "fmt"
func main() {
// Get a new client
client, err := api.NewClient(api.DefaultConfig())
if err != nil {
panic(err)
}
// Get a handle to the KV API
kv := client.KV()
// PUT a new KV pair
p := &api.KVPair{Key: "REDIS_MAXCLIENTS", Value: []byte("1000")}
_, err = kv.Put(p, nil)
if err != nil {
panic(err)
}
// Lookup the pair
pair, _, err := kv.Get("REDIS_MAXCLIENTS", nil)
if err != nil {
panic(err)
}
fmt.Printf("KV: %v %s\n", pair.Key, pair.Value)
}
To run this example, start a Consul server:
consul agent -dev
Copy the code above into a file such as main.go
.
Install and run. You'll see a key (REDIS_MAXCLIENTS
) and value (1000
) printed.
$ go get
$ go run main.go
KV: REDIS_MAXCLIENTS 1000
After running the code, you can also view the values in the Consul UI on your local machine at http://localhost:8500/ui/dc1/kv