2022-04-05 14:26:14 +00:00
|
|
|
package connectca
|
|
|
|
|
|
|
|
|
|
import (
|
2022-04-14 13:26:14 +00:00
|
|
|
"crypto/x509"
|
|
|
|
|
|
2022-04-05 14:26:14 +00:00
|
|
|
"google.golang.org/grpc"
|
2022-04-14 13:26:14 +00:00
|
|
|
"google.golang.org/grpc/codes"
|
|
|
|
|
"google.golang.org/grpc/status"
|
2022-04-05 14:26:14 +00:00
|
|
|
|
|
|
|
|
"github.com/hashicorp/go-hclog"
|
|
|
|
|
"github.com/hashicorp/go-memdb"
|
|
|
|
|
|
|
|
|
|
"github.com/hashicorp/consul/acl"
|
2022-04-12 13:47:42 +00:00
|
|
|
"github.com/hashicorp/consul/agent/consul/stream"
|
2022-04-05 14:26:14 +00:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
|
|
|
"github.com/hashicorp/consul/proto-public/pbconnectca"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type Server struct {
|
|
|
|
|
Config
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type Config struct {
|
2022-04-14 13:26:14 +00:00
|
|
|
Publisher EventPublisher
|
|
|
|
|
GetStore func() StateStore
|
|
|
|
|
Logger hclog.Logger
|
|
|
|
|
ACLResolver ACLResolver
|
|
|
|
|
CAManager CAManager
|
|
|
|
|
ForwardRPC func(structs.RPCInfo, func(*grpc.ClientConn) error) (bool, error)
|
|
|
|
|
ConnectEnabled bool
|
2022-04-05 14:26:14 +00:00
|
|
|
}
|
|
|
|
|
|
2022-04-12 13:47:42 +00:00
|
|
|
type EventPublisher interface {
|
|
|
|
|
Subscribe(*stream.SubscribeRequest) (*stream.Subscription, error)
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-05 14:26:14 +00:00
|
|
|
type StateStore interface {
|
|
|
|
|
CAConfig(memdb.WatchSet) (uint64, *structs.CAConfiguration, error)
|
|
|
|
|
AbandonCh() <-chan struct{}
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-21 14:48:21 +00:00
|
|
|
//go:generate mockery --name ACLResolver --inpackage
|
2022-04-05 14:26:14 +00:00
|
|
|
type ACLResolver interface {
|
2022-04-14 13:26:14 +00:00
|
|
|
ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error)
|
|
|
|
|
}
|
|
|
|
|
|
2022-04-21 14:48:21 +00:00
|
|
|
//go:generate mockery --name CAManager --inpackage
|
2022-04-14 13:26:14 +00:00
|
|
|
type CAManager interface {
|
|
|
|
|
AuthorizeAndSignCertificate(csr *x509.CertificateRequest, authz acl.Authorizer) (*structs.IssuedCert, error)
|
2022-04-05 14:26:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func NewServer(cfg Config) *Server {
|
|
|
|
|
return &Server{cfg}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *Server) Register(grpcServer *grpc.Server) {
|
|
|
|
|
pbconnectca.RegisterConnectCAServiceServer(grpcServer, s)
|
|
|
|
|
}
|
2022-04-14 13:26:14 +00:00
|
|
|
|
|
|
|
|
func (s *Server) requireConnect() error {
|
|
|
|
|
if s.ConnectEnabled {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
return status.Error(codes.FailedPrecondition, "Connect must be enabled in order to use this endpoint")
|
|
|
|
|
}
|
