diff --git a/.changelog/9475.txt b/.changelog/9475.txt new file mode 100644 index 000000000..feee64f8c --- /dev/null +++ b/.changelog/9475.txt @@ -0,0 +1,3 @@ +```release-note:bug +checks: add TLSServerName field to allow setting the TLS server name for HTTPS health checks. +``` diff --git a/agent/agent.go b/agent/agent.go index 00f488a33..237bd3c66 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -2517,7 +2517,7 @@ func (a *Agent) addCheck(check *structs.HealthCheck, chkType *structs.CheckType, chkType.Interval = checks.MinInterval } - tlsClientConfig := a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify) + tlsClientConfig := a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify, chkType.TLSServerName) http := &checks.CheckHTTP{ CheckID: cid, @@ -2589,7 +2589,7 @@ func (a *Agent) addCheck(check *structs.HealthCheck, chkType *structs.CheckType, var tlsClientConfig *tls.Config if chkType.GRPCUseTLS { - tlsClientConfig = a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify) + tlsClientConfig = a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify, chkType.TLSServerName) } grpc := &checks.CheckGRPC{ diff --git a/agent/config/builder.go b/agent/config/builder.go index 843a45266..367048c56 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -1571,6 +1571,7 @@ func (b *builder) checkVal(v *CheckDefinition) *structs.CheckDefinition { Shell: stringVal(v.Shell), GRPC: stringVal(v.GRPC), GRPCUseTLS: boolVal(v.GRPCUseTLS), + TLSServerName: stringVal(v.TLSServerName), TLSSkipVerify: boolVal(v.TLSSkipVerify), AliasNode: stringVal(v.AliasNode), AliasService: stringVal(v.AliasService), diff --git a/agent/config/config.go b/agent/config/config.go index d23dae32f..9bb1ab900 100644 --- a/agent/config/config.go +++ b/agent/config/config.go @@ -405,6 +405,7 @@ type CheckDefinition struct { Shell *string `mapstructure:"shell"` GRPC *string `mapstructure:"grpc"` GRPCUseTLS *bool `mapstructure:"grpc_use_tls"` + TLSServerName *string `mapstructure:"tls_server_name"` TLSSkipVerify *bool `mapstructure:"tls_skip_verify" alias:"tlsskipverify"` AliasNode *string `mapstructure:"alias_node"` AliasService *string `mapstructure:"alias_service"` diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index 8d44da5e3..f1abcc8b3 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -5081,6 +5081,7 @@ func TestLoad_FullConfig(t *testing.T) { OutputMaxSize: checks.DefaultBufSize, DockerContainerID: "ipgdFtjd", Shell: "qAeOYy0M", + TLSServerName: "bdeb5f6a", TLSSkipVerify: true, Timeout: 1813 * time.Second, TTL: 21743 * time.Second, @@ -5106,6 +5107,7 @@ func TestLoad_FullConfig(t *testing.T) { Interval: 28767 * time.Second, DockerContainerID: "THW6u7rL", Shell: "C1Zt3Zwh", + TLSServerName: "6adc3bfb", TLSSkipVerify: true, Timeout: 18506 * time.Second, TTL: 31006 * time.Second, @@ -5131,6 +5133,7 @@ func TestLoad_FullConfig(t *testing.T) { Interval: 18714 * time.Second, DockerContainerID: "qF66POS9", Shell: "sOnDy228", + TLSServerName: "7BdnzBYk", TLSSkipVerify: true, Timeout: 5954 * time.Second, TTL: 30044 * time.Second, @@ -5336,6 +5339,7 @@ func TestLoad_FullConfig(t *testing.T) { Interval: 24392 * time.Second, DockerContainerID: "ZKXr68Yb", Shell: "CEfzx0Fo", + TLSServerName: "4f191d4F", TLSSkipVerify: true, Timeout: 38333 * time.Second, TTL: 57201 * time.Second, @@ -5386,6 +5390,7 @@ func TestLoad_FullConfig(t *testing.T) { Interval: 32718 * time.Second, DockerContainerID: "cU15LMet", Shell: "nEz9qz2l", + TLSServerName: "f43ouY7a", TLSSkipVerify: true, Timeout: 34738 * time.Second, TTL: 22773 * time.Second, @@ -5409,6 +5414,7 @@ func TestLoad_FullConfig(t *testing.T) { Interval: 5656 * time.Second, DockerContainerID: "5tDBWpfA", Shell: "rlTpLM8s", + TLSServerName: "sOv5WTtp", TLSSkipVerify: true, Timeout: 4868 * time.Second, TTL: 11222 * time.Second, @@ -5525,6 +5531,7 @@ func TestLoad_FullConfig(t *testing.T) { Interval: 22224 * time.Second, DockerContainerID: "ipgdFtjd", Shell: "omVZq7Sz", + TLSServerName: "axw5QPL5", TLSSkipVerify: true, Timeout: 18913 * time.Second, TTL: 44743 * time.Second, @@ -5548,6 +5555,7 @@ func TestLoad_FullConfig(t *testing.T) { Interval: 12356 * time.Second, DockerContainerID: "HBndBU6R", Shell: "hVI33JjA", + TLSServerName: "7uwWOnUS", TLSSkipVerify: true, Timeout: 38282 * time.Second, TTL: 1181 * time.Second, @@ -5571,6 +5579,7 @@ func TestLoad_FullConfig(t *testing.T) { Interval: 23926 * time.Second, DockerContainerID: "dO5TtRHk", Shell: "e6q2ttES", + TLSServerName: "ECSHk8WF", TLSSkipVerify: true, Timeout: 38483 * time.Second, TTL: 10943 * time.Second, diff --git a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden index 921d101d1..b792e466f 100644 --- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden +++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden @@ -107,6 +107,7 @@ "Status": "", "SuccessBeforePassing": 0, "TCP": "", + "TLSServerName": "", "TLSSkipVerify": false, "TTL": "0s", "Timeout": "0s", @@ -307,6 +308,7 @@ "Status": "", "SuccessBeforePassing": 0, "TCP": "", + "TLSServerName": "", "TLSSkipVerify": false, "TTL": "0s", "Timeout": "0s" diff --git a/agent/config/testdata/full-config.hcl b/agent/config/testdata/full-config.hcl index f09683270..9dc4b6224 100644 --- a/agent/config/testdata/full-config.hcl +++ b/agent/config/testdata/full-config.hcl @@ -113,6 +113,7 @@ check = { output_max_size = 4096 docker_container_id = "qF66POS9" shell = "sOnDy228" + tls_server_name = "7BdnzBYk" tls_skip_verify = true timeout = "5954s" ttl = "30044s" @@ -139,6 +140,7 @@ checks = [ output_max_size = 4096 docker_container_id = "ipgdFtjd" shell = "qAeOYy0M" + tls_server_name = "bdeb5f6a" tls_skip_verify = true timeout = "1813s" ttl = "21743s" @@ -164,6 +166,7 @@ checks = [ output_max_size = 4096 docker_container_id = "THW6u7rL" shell = "C1Zt3Zwh" + tls_server_name = "6adc3bfb" tls_skip_verify = true timeout = "18506s" ttl = "31006s" @@ -378,6 +381,7 @@ service = { interval = "23926s" docker_container_id = "dO5TtRHk" shell = "e6q2ttES" + tls_server_name = "ECSHk8WF" tls_skip_verify = true timeout = "38483s" ttl = "10943s" @@ -402,6 +406,7 @@ service = { output_max_size = 4096 docker_container_id = "ipgdFtjd" shell = "omVZq7Sz" + tls_server_name = "axw5QPL5" tls_skip_verify = true timeout = "18913s" ttl = "44743s" @@ -425,6 +430,7 @@ service = { output_max_size = 4096 docker_container_id = "HBndBU6R" shell = "hVI33JjA" + tls_server_name = "7uwWOnUS" tls_skip_verify = true timeout = "38282s" ttl = "1181s" @@ -462,6 +468,7 @@ services = [ output_max_size = 4096 docker_container_id = "ZKXr68Yb" shell = "CEfzx0Fo" + tls_server_name = "4f191d4F" tls_skip_verify = true timeout = "38333s" ttl = "57201s" @@ -502,6 +509,7 @@ services = [ output_max_size = 4096 docker_container_id = "cU15LMet" shell = "nEz9qz2l" + tls_server_name = "f43ouY7a" tls_skip_verify = true timeout = "34738s" ttl = "22773s" @@ -525,6 +533,7 @@ services = [ output_max_size = 4096 docker_container_id = "5tDBWpfA" shell = "rlTpLM8s" + tls_server_name = "sOv5WTtp" tls_skip_verify = true timeout = "4868s" ttl = "11222s" diff --git a/agent/config/testdata/full-config.json b/agent/config/testdata/full-config.json index d5e7e41a7..e9b9d47ef 100644 --- a/agent/config/testdata/full-config.json +++ b/agent/config/testdata/full-config.json @@ -114,6 +114,7 @@ "interval": "18714s", "docker_container_id": "qF66POS9", "shell": "sOnDy228", + "tls_server_name": "7BdnzBYk", "tls_skip_verify": true, "timeout": "5954s", "ttl": "30044s", @@ -140,6 +141,7 @@ "output_max_size": 4096, "docker_container_id": "ipgdFtjd", "shell": "qAeOYy0M", + "tls_server_name": "bdeb5f6a", "tls_skip_verify": true, "timeout": "1813s", "ttl": "21743s", @@ -165,6 +167,7 @@ "output_max_size": 4096, "docker_container_id": "THW6u7rL", "shell": "C1Zt3Zwh", + "tls_server_name": "6adc3bfb", "tls_skip_verify": true, "timeout": "18506s", "ttl": "31006s", @@ -375,6 +378,7 @@ "output_max_size": 4096, "docker_container_id": "dO5TtRHk", "shell": "e6q2ttES", + "tls_server_name": "ECSHk8WF", "tls_skip_verify": true, "timeout": "38483s", "ttl": "10943s", @@ -399,6 +403,7 @@ "output_max_size": 4096, "docker_container_id": "ipgdFtjd", "shell": "omVZq7Sz", + "tls_server_name": "axw5QPL5", "tls_skip_verify": true, "timeout": "18913s", "ttl": "44743s", @@ -422,6 +427,7 @@ "output_max_size": 4096, "docker_container_id": "HBndBU6R", "shell": "hVI33JjA", + "tls_server_name": "7uwWOnUS", "tls_skip_verify": true, "timeout": "38282s", "ttl": "1181s", @@ -459,6 +465,7 @@ "output_max_size": 4096, "docker_container_id": "ZKXr68Yb", "shell": "CEfzx0Fo", + "tls_server_name": "4f191d4F", "tls_skip_verify": true, "timeout": "38333s", "ttl": "57201s", @@ -499,6 +506,7 @@ "output_max_size": 4096, "docker_container_id": "cU15LMet", "shell": "nEz9qz2l", + "tls_server_name": "f43ouY7a", "tls_skip_verify": true, "timeout": "34738s", "ttl": "22773s", @@ -522,6 +530,7 @@ "output_max_size": 4096, "docker_container_id": "5tDBWpfA", "shell": "rlTpLM8s", + "tls_server_name": "sOv5WTtp", "tls_skip_verify": true, "timeout": "4868s", "ttl": "11222s", diff --git a/agent/http_decode_test.go b/agent/http_decode_test.go index bbfabc6c3..4b546f630 100644 --- a/agent/http_decode_test.go +++ b/agent/http_decode_test.go @@ -275,6 +275,7 @@ type translateKeyTestCase struct { // "script_args": "ScriptArgs", // "deregister_critical_service_after": "DeregisterCriticalServiceAfter", // "docker_container_id": "DockerContainerID", +// "tls_server_name": "TLSServerName", // "tls_skip_verify": "TLSSkipVerify", // "service_id": "ServiceID", @@ -283,7 +284,8 @@ var translateCheckTypeTCs = [][]translateKeyTestCase{ translateDeregisterTCs, translateDockerTCs, translateGRPCUseTLSTCs, - translateTLSTCs, + translateTLSServerNameTCs, + translateTLSSkipVerifyTCs, translateServiceIDTCs, } @@ -504,8 +506,65 @@ var translateDockerTCs = []translateKeyTestCase{ }, } +// TLSServerName: string +func tlsServerNameEqFn(out interface{}, want interface{}) error { + var got interface{} + switch v := out.(type) { + case structs.CheckDefinition: + got = v.TLSServerName + case *structs.CheckDefinition: + got = v.TLSServerName + case structs.CheckType: + got = v.TLSServerName + case *structs.CheckType: + got = v.TLSServerName + case structs.HealthCheckDefinition: + got = v.TLSServerName + case *structs.HealthCheckDefinition: + got = v.TLSServerName + default: + panic(fmt.Sprintf("unexpected type %T", out)) + } + if got != want { + return fmt.Errorf("expected TLSServerName to be %v, got %v", want, got) + } + return nil +} + +var tlsServerNameFields = []string{`"TLSServerName": %s`, `"tls_server_name": %s`} +var translateTLSServerNameTCs = []translateKeyTestCase{ + { + desc: "tlsServerName: both set", + in: []interface{}{`"server1"`, `"server2"`}, + want: "server1", + jsonFmtStr: "{" + strings.Join(tlsServerNameFields, ",") + "}", + equalityFn: tlsServerNameEqFn, + }, + { + desc: "tlsServerName: first set", + in: []interface{}{`"server1"`}, + want: "server1", + jsonFmtStr: "{" + tlsServerNameFields[0] + "}", + equalityFn: tlsServerNameEqFn, + }, + { + desc: "tlsServerName: second set", + in: []interface{}{`"server2"`}, + want: "server2", + jsonFmtStr: "{" + tlsServerNameFields[1] + "}", + equalityFn: tlsServerNameEqFn, + }, + { + desc: "tlsServerName: neither set", + in: []interface{}{}, + want: "", // zero value + jsonFmtStr: "{}", + equalityFn: tlsServerNameEqFn, + }, +} + // TLSSkipVerify: bool -func tlsEqFn(out interface{}, want interface{}) error { +func tlsSkipVerifyEqFn(out interface{}, want interface{}) error { var got interface{} switch v := out.(type) { case structs.CheckDefinition: @@ -529,35 +588,35 @@ func tlsEqFn(out interface{}, want interface{}) error { return nil } -var tlsFields = []string{`"TLSSkipVerify": %s`, `"tls_skip_verify": %s`} -var translateTLSTCs = []translateKeyTestCase{ +var tlsSkipVerifyFields = []string{`"TLSSkipVerify": %s`, `"tls_skip_verify": %s`} +var translateTLSSkipVerifyTCs = []translateKeyTestCase{ { desc: "tlsSkipVerify: both set", in: []interface{}{`true`, `false`}, want: true, - jsonFmtStr: "{" + strings.Join(tlsFields, ",") + "}", - equalityFn: tlsEqFn, + jsonFmtStr: "{" + strings.Join(tlsSkipVerifyFields, ",") + "}", + equalityFn: tlsSkipVerifyEqFn, }, { desc: "tlsSkipVerify: first set", in: []interface{}{`true`}, want: true, - jsonFmtStr: "{" + tlsFields[0] + "}", - equalityFn: tlsEqFn, + jsonFmtStr: "{" + tlsSkipVerifyFields[0] + "}", + equalityFn: tlsSkipVerifyEqFn, }, { desc: "tlsSkipVerify: second set", in: []interface{}{`true`}, want: true, - jsonFmtStr: "{" + tlsFields[1] + "}", - equalityFn: tlsEqFn, + jsonFmtStr: "{" + tlsSkipVerifyFields[1] + "}", + equalityFn: tlsSkipVerifyEqFn, }, { desc: "tlsSkipVerify: neither set", in: []interface{}{}, want: false, // zero value jsonFmtStr: "{}", - equalityFn: tlsEqFn, + equalityFn: tlsSkipVerifyEqFn, }, } @@ -876,6 +935,7 @@ func TestDecodeACLRoleWrite(t *testing.T) { // Shell string // GRPC string // GRPCUseTLS bool +// TLSServerName string // TLSSkipVerify bool // AliasNode string // AliasService string @@ -988,6 +1048,7 @@ func TestDecodeAgentRegisterCheck(t *testing.T) { // Shell string // GRPC string // GRPCUseTLS bool +// TLSServerName string // TLSSkipVerify bool // Timeout time.Duration // TTL time.Duration @@ -1924,6 +1985,7 @@ func TestDecodeAgentRegisterService(t *testing.T) { // Shell string // GRPC string // GRPCUseTLS bool +// TLSServerName string // TLSSkipVerify bool // Timeout time.Duration // TTL time.Duration @@ -1953,6 +2015,7 @@ func TestDecodeAgentRegisterService(t *testing.T) { // ServiceTags []string // Definition structs.HealthCheckDefinition // HTTP string +// TLSServerName string // TLSSkipVerify bool // Header map[string][]string // Method string @@ -2425,6 +2488,7 @@ func TestDecodeSessionCreate(t *testing.T) { // TCP string // Status string // Notes string +// TLSServerName string // TLSSkipVerify bool // GRPC string // GRPCUseTLS bool @@ -2451,6 +2515,7 @@ func TestDecodeSessionCreate(t *testing.T) { // Header map[string][]string // Method string // Body string +// TLSServerName string // TLSSkipVerify bool // TCP string // IntervalDuration time.Duration diff --git a/agent/structs/check_definition.go b/agent/structs/check_definition.go index 82c36a16d..3a8c2326a 100644 --- a/agent/structs/check_definition.go +++ b/agent/structs/check_definition.go @@ -33,6 +33,7 @@ type CheckDefinition struct { Shell string GRPC string GRPCUseTLS bool + TLSServerName string TLSSkipVerify bool AliasNode string AliasService string @@ -62,6 +63,7 @@ func (t *CheckDefinition) UnmarshalJSON(data []byte) (err error) { ScriptArgsSnake []string `json:"script_args"` DeregisterCriticalServiceAfterSnake interface{} `json:"deregister_critical_service_after"` DockerContainerIDSnake string `json:"docker_container_id"` + TLSServerNameSnake string `json:"tls_server_name"` TLSSkipVerifySnake bool `json:"tls_skip_verify"` GRPCUseTLSSnake bool `json:"grpc_use_tls"` ServiceIDSnake string `json:"service_id"` @@ -87,6 +89,9 @@ func (t *CheckDefinition) UnmarshalJSON(data []byte) (err error) { if t.DockerContainerID == "" { t.DockerContainerID = aux.DockerContainerIDSnake } + if t.TLSServerName == "" { + t.TLSServerName = aux.TLSServerNameSnake + } if aux.TLSSkipVerifySnake { t.TLSSkipVerify = aux.TLSSkipVerifySnake } @@ -182,6 +187,7 @@ func (c *CheckDefinition) CheckType() *CheckType { Interval: c.Interval, DockerContainerID: c.DockerContainerID, Shell: c.Shell, + TLSServerName: c.TLSServerName, TLSSkipVerify: c.TLSSkipVerify, Timeout: c.Timeout, TTL: c.TTL, diff --git a/agent/structs/check_type.go b/agent/structs/check_type.go index 0cf256cc8..4e864d96b 100644 --- a/agent/structs/check_type.go +++ b/agent/structs/check_type.go @@ -43,6 +43,7 @@ type CheckType struct { Shell string GRPC string GRPCUseTLS bool + TLSServerName string TLSSkipVerify bool Timeout time.Duration TTL time.Duration @@ -75,6 +76,7 @@ func (t *CheckType) UnmarshalJSON(data []byte) (err error) { ScriptArgsSnake []string `json:"script_args"` DeregisterCriticalServiceAfterSnake interface{} `json:"deregister_critical_service_after"` DockerContainerIDSnake string `json:"docker_container_id"` + TLSServerNameSnake string `json:"tls_server_name"` TLSSkipVerifySnake bool `json:"tls_skip_verify"` GRPCUseTLSSnake bool `json:"grpc_use_tls"` @@ -102,6 +104,9 @@ func (t *CheckType) UnmarshalJSON(data []byte) (err error) { if t.DockerContainerID == "" { t.DockerContainerID = aux.DockerContainerIDSnake } + if t.TLSServerName == "" { + t.TLSServerName = aux.TLSServerNameSnake + } if aux.TLSSkipVerifySnake { t.TLSSkipVerify = aux.TLSSkipVerifySnake } diff --git a/agent/structs/structs.go b/agent/structs/structs.go index 5a10a36a1..ac153d8a1 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -1429,6 +1429,7 @@ func (hc *HealthCheck) CompoundCheckID() CheckID { type HealthCheckDefinition struct { HTTP string `json:",omitempty"` + TLSServerName string `json:",omitempty"` TLSSkipVerify bool `json:",omitempty"` Header map[string][]string `json:",omitempty"` Method string `json:",omitempty"` @@ -1583,6 +1584,7 @@ func (c *HealthCheck) CheckType() *CheckType { Interval: c.Definition.Interval, DockerContainerID: c.Definition.DockerContainerID, Shell: c.Definition.Shell, + TLSServerName: c.Definition.TLSServerName, TLSSkipVerify: c.Definition.TLSSkipVerify, Timeout: c.Definition.Timeout, TTL: c.Definition.TTL, diff --git a/agent/txn_endpoint.go b/agent/txn_endpoint.go index 01d86a634..d01b23bac 100644 --- a/agent/txn_endpoint.go +++ b/agent/txn_endpoint.go @@ -264,6 +264,7 @@ func (s *HTTPHandlers) convertOps(resp http.ResponseWriter, req *http.Request) ( ServiceTags: check.ServiceTags, Definition: structs.HealthCheckDefinition{ HTTP: check.Definition.HTTP, + TLSServerName: check.Definition.TLSServerName, TLSSkipVerify: check.Definition.TLSSkipVerify, Header: check.Definition.Header, Method: check.Definition.Method, diff --git a/api/agent.go b/api/agent.go index 931cce0a8..43e9b89e2 100644 --- a/api/agent.go +++ b/api/agent.go @@ -313,6 +313,7 @@ type AgentServiceCheck struct { TCP string `json:",omitempty"` Status string `json:",omitempty"` Notes string `json:",omitempty"` + TLSServerName string `json:",omitempty"` TLSSkipVerify bool `json:",omitempty"` GRPC string `json:",omitempty"` GRPCUseTLS bool `json:",omitempty"` diff --git a/api/health.go b/api/health.go index 99b9ac257..a51d41a87 100644 --- a/api/health.go +++ b/api/health.go @@ -58,6 +58,7 @@ type HealthCheckDefinition struct { Header map[string][]string Method string Body string + TLSServerName string TLSSkipVerify bool TCP string IntervalDuration time.Duration `json:"-"` diff --git a/proto/pbservice/healthcheck.gen.go b/proto/pbservice/healthcheck.gen.go index 9b80c4b43..dcf8435bb 100644 --- a/proto/pbservice/healthcheck.gen.go +++ b/proto/pbservice/healthcheck.gen.go @@ -23,6 +23,7 @@ func CheckTypeToStructs(s CheckType) structs.CheckType { t.Shell = s.Shell t.GRPC = s.GRPC t.GRPCUseTLS = s.GRPCUseTLS + t.TLSServerName = s.TLSServerName t.TLSSkipVerify = s.TLSSkipVerify t.Timeout = s.Timeout t.TTL = s.TTL @@ -53,6 +54,7 @@ func NewCheckTypeFromStructs(t structs.CheckType) CheckType { s.Shell = t.Shell s.GRPC = t.GRPC s.GRPCUseTLS = t.GRPCUseTLS + s.TLSServerName = t.TLSServerName s.TLSSkipVerify = t.TLSSkipVerify s.Timeout = t.Timeout s.TTL = t.TTL @@ -101,6 +103,7 @@ func NewHealthCheckFromStructs(t structs.HealthCheck) HealthCheck { func HealthCheckDefinitionToStructs(s HealthCheckDefinition) structs.HealthCheckDefinition { var t structs.HealthCheckDefinition t.HTTP = s.HTTP + t.TLSServerName = s.TLSServerName t.TLSSkipVerify = s.TLSSkipVerify t.Header = MapHeadersToStructs(s.Header) t.Method = s.Method @@ -123,6 +126,7 @@ func HealthCheckDefinitionToStructs(s HealthCheckDefinition) structs.HealthCheck func NewHealthCheckDefinitionFromStructs(t structs.HealthCheckDefinition) HealthCheckDefinition { var s HealthCheckDefinition s.HTTP = t.HTTP + s.TLSServerName = t.TLSServerName s.TLSSkipVerify = t.TLSSkipVerify s.Header = NewMapHeadersFromStructs(t.Header) s.Method = t.Method diff --git a/proto/pbservice/healthcheck.pb.go b/proto/pbservice/healthcheck.pb.go index 9fa10e4d4..ae66511c7 100644 --- a/proto/pbservice/healthcheck.pb.go +++ b/proto/pbservice/healthcheck.pb.go @@ -133,6 +133,7 @@ var xxx_messageInfo_HeaderValue proto.InternalMessageInfo // name=Structs type HealthCheckDefinition struct { HTTP string `protobuf:"bytes,1,opt,name=HTTP,proto3" json:"HTTP,omitempty"` + TLSServerName string `protobuf:"bytes,19,opt,name=TLSServerName,proto3" json:"TLSServerName,omitempty"` TLSSkipVerify bool `protobuf:"varint,2,opt,name=TLSSkipVerify,proto3" json:"TLSSkipVerify,omitempty"` // mog: func-to=MapHeadersToStructs func-from=NewMapHeadersFromStructs Header map[string]HeaderValue `protobuf:"bytes,3,rep,name=Header,proto3" json:"Header" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` @@ -218,6 +219,7 @@ type CheckType struct { Shell string `protobuf:"bytes,13,opt,name=Shell,proto3" json:"Shell,omitempty"` GRPC string `protobuf:"bytes,14,opt,name=GRPC,proto3" json:"GRPC,omitempty"` GRPCUseTLS bool `protobuf:"varint,15,opt,name=GRPCUseTLS,proto3" json:"GRPCUseTLS,omitempty"` + TLSServerName string `protobuf:"bytes,27,opt,name=TLSServerName,proto3" json:"TLSServerName,omitempty"` TLSSkipVerify bool `protobuf:"varint,16,opt,name=TLSSkipVerify,proto3" json:"TLSSkipVerify,omitempty"` Timeout time.Duration `protobuf:"bytes,17,opt,name=Timeout,proto3,stdduration" json:"Timeout"` TTL time.Duration `protobuf:"bytes,18,opt,name=TTL,proto3,stdduration" json:"TTL"` @@ -281,70 +283,71 @@ func init() { func init() { proto.RegisterFile("proto/pbservice/healthcheck.proto", fileDescriptor_8a6f7448747c9fbe) } var fileDescriptor_8a6f7448747c9fbe = []byte{ - // 999 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0x4d, 0x6f, 0xe3, 0x44, - 0x18, 0x8e, 0x9b, 0x8f, 0xc6, 0x93, 0x6d, 0xb7, 0x1d, 0xba, 0x65, 0xb6, 0x20, 0x37, 0x04, 0x0e, - 0x41, 0x14, 0x47, 0x2a, 0x02, 0x01, 0x12, 0xa0, 0x26, 0xd9, 0x8f, 0xa0, 0x76, 0x09, 0x8e, 0xd9, - 0x03, 0x37, 0xd7, 0x99, 0x24, 0x56, 0x1c, 0x4f, 0x34, 0x1e, 0x57, 0x0d, 0x57, 0xfe, 0x00, 0xc7, - 0xfd, 0x49, 0x3d, 0x56, 0x9c, 0x38, 0x15, 0x68, 0xcf, 0xfc, 0x01, 0x4e, 0x68, 0xde, 0xb1, 0x53, - 0x67, 0xe3, 0x25, 0x65, 0xb5, 0x9c, 0xf2, 0x7e, 0xce, 0x78, 0xde, 0xf7, 0x79, 0x9e, 0x16, 0xbd, - 0x37, 0xe5, 0x4c, 0xb0, 0xc6, 0xf4, 0x34, 0xa4, 0xfc, 0xcc, 0x73, 0x69, 0x63, 0x44, 0x1d, 0x5f, - 0x8c, 0xdc, 0x11, 0x75, 0xc7, 0x26, 0xe4, 0xb0, 0x3e, 0x4f, 0xee, 0x19, 0x43, 0xc6, 0x86, 0x3e, - 0x6d, 0x40, 0xe2, 0x34, 0x1a, 0x34, 0xfa, 0x11, 0x77, 0x84, 0xc7, 0x02, 0x55, 0xba, 0xf7, 0x4e, - 0x72, 0x9a, 0xcb, 0x26, 0x13, 0x16, 0x34, 0xd4, 0x4f, 0x9c, 0xdc, 0x19, 0xb2, 0x21, 0x53, 0x05, - 0xd2, 0x52, 0xd1, 0xda, 0xcf, 0x05, 0x54, 0x79, 0x0a, 0x77, 0xb6, 0xe4, 0x9d, 0x18, 0xa3, 0xc2, - 0x33, 0xd6, 0xa7, 0x44, 0xab, 0x6a, 0x75, 0xdd, 0x02, 0x1b, 0x3f, 0x41, 0xeb, 0x90, 0xec, 0xb4, - 0xc9, 0x9a, 0x0c, 0x37, 0x3f, 0xfe, 0xfb, 0x6a, 0xff, 0xc3, 0xa1, 0x27, 0x46, 0xd1, 0xa9, 0xe9, - 0xb2, 0x49, 0x63, 0xe4, 0x84, 0x23, 0xcf, 0x65, 0x7c, 0xda, 0x70, 0x59, 0x10, 0x46, 0x7e, 0x43, - 0xcc, 0xa6, 0x34, 0x34, 0xe3, 0x26, 0x2b, 0xe9, 0x86, 0xc3, 0x9d, 0x09, 0x25, 0xf9, 0xf8, 0x70, - 0x67, 0x42, 0xf1, 0x2e, 0x2a, 0xf5, 0x84, 0x23, 0xa2, 0x90, 0x14, 0x20, 0x1a, 0x7b, 0x78, 0x07, - 0x15, 0x9f, 0x31, 0x41, 0x43, 0x52, 0x84, 0xb0, 0x72, 0x64, 0xf5, 0x77, 0x91, 0x98, 0x46, 0x82, - 0x94, 0x54, 0xb5, 0xf2, 0xf0, 0xbb, 0x48, 0xef, 0xa9, 0x21, 0x75, 0xda, 0x64, 0x1d, 0x52, 0xb7, - 0x01, 0x5c, 0x45, 0x95, 0xd8, 0x81, 0xeb, 0xcb, 0x90, 0x4f, 0x87, 0x52, 0x15, 0xb6, 0x33, 0x0c, - 0x89, 0x5e, 0xcd, 0xa7, 0x2a, 0x64, 0x48, 0x7e, 0xbb, 0x3d, 0x9b, 0x52, 0x72, 0x4f, 0x7d, 0xbb, - 0xb4, 0xf1, 0x63, 0x84, 0xda, 0x74, 0xe0, 0x05, 0x9e, 0xdc, 0x01, 0x41, 0x55, 0xad, 0x5e, 0x39, - 0xac, 0x9a, 0xf3, 0x7d, 0x99, 0xa9, 0xc1, 0xde, 0xd6, 0x35, 0x0b, 0x17, 0x57, 0xfb, 0x39, 0x2b, - 0xd5, 0x89, 0xbf, 0x40, 0xba, 0xe5, 0x0c, 0x44, 0x27, 0xe8, 0xd3, 0x73, 0x52, 0x81, 0x63, 0xb6, - 0xcd, 0x78, 0x79, 0xf3, 0x44, 0xb3, 0x2c, 0xfb, 0x2e, 0xaf, 0xf6, 0x35, 0xeb, 0xb6, 0x1a, 0xb7, - 0xd1, 0xe6, 0xa3, 0x40, 0x50, 0x3e, 0xe5, 0x5e, 0x48, 0x4f, 0xa8, 0x70, 0xc8, 0x06, 0xf4, 0xef, - 0x26, 0xfd, 0x8b, 0xd9, 0xf8, 0xf2, 0x97, 0x7a, 0x6a, 0xef, 0x03, 0x08, 0xfa, 0x94, 0x3f, 0x77, - 0xfc, 0x88, 0xca, 0xd9, 0x83, 0x41, 0x34, 0x98, 0x83, 0x72, 0x6a, 0xbf, 0x96, 0xd0, 0x83, 0xcc, - 0x17, 0xc9, 0xd9, 0x3c, 0xb5, 0xed, 0x6e, 0x02, 0x1a, 0x69, 0xe3, 0x0f, 0xd0, 0x86, 0x7d, 0xdc, - 0xeb, 0x8d, 0xbd, 0xe9, 0x73, 0xca, 0xbd, 0xc1, 0x0c, 0xa0, 0x53, 0xb6, 0x16, 0x83, 0xf8, 0x5b, - 0x54, 0x52, 0x17, 0x93, 0x7c, 0x35, 0x5f, 0xaf, 0x1c, 0x1e, 0xac, 0x9a, 0x9e, 0xa9, 0xca, 0x1f, - 0x05, 0x82, 0xcf, 0xe2, 0xc7, 0xc4, 0x27, 0x48, 0x6c, 0x9c, 0x50, 0x31, 0x62, 0xfd, 0x04, 0x49, - 0xca, 0x93, 0x5f, 0xd7, 0x64, 0xfd, 0x19, 0xc1, 0xea, 0xeb, 0xa4, 0x8d, 0xb7, 0x50, 0xde, 0x6e, - 0x75, 0x63, 0x6c, 0x49, 0x13, 0x7f, 0x83, 0xca, 0x1d, 0x39, 0x94, 0x33, 0xc7, 0x07, 0x6c, 0x55, - 0x0e, 0x1f, 0x9a, 0x8a, 0x6e, 0x66, 0x42, 0x37, 0xb3, 0x1d, 0xd3, 0x4d, 0xad, 0xe2, 0xc5, 0xef, - 0xfb, 0x9a, 0x35, 0x6f, 0x92, 0x0f, 0x56, 0x60, 0x3c, 0x71, 0xce, 0x7b, 0xde, 0x4f, 0x94, 0xe8, - 0x55, 0xad, 0xbe, 0x61, 0x2d, 0x06, 0xf1, 0x57, 0x68, 0xdd, 0xf6, 0x26, 0x94, 0x45, 0x02, 0x60, - 0x7a, 0xc7, 0x5b, 0x92, 0x1e, 0x3c, 0x46, 0x46, 0x9b, 0x72, 0x3a, 0xf4, 0x42, 0x41, 0x79, 0x8b, - 0x7b, 0xc2, 0x73, 0x1d, 0x3f, 0x86, 0xe9, 0xd1, 0x40, 0x50, 0x0e, 0xe0, 0xbe, 0xe3, 0xa9, 0x2b, - 0x8e, 0xc2, 0x06, 0x42, 0x3d, 0x97, 0x7b, 0x53, 0x71, 0xc4, 0x87, 0x21, 0x41, 0x80, 0x85, 0x54, - 0x04, 0x1f, 0xa0, 0xed, 0x36, 0x73, 0xc7, 0x94, 0xb7, 0x58, 0x20, 0x1c, 0x2f, 0xa0, 0xbc, 0xd3, - 0x06, 0xf8, 0xea, 0xd6, 0x72, 0x42, 0x82, 0xaa, 0x37, 0xa2, 0xbe, 0x1f, 0x33, 0x48, 0x39, 0x72, - 0x39, 0x4f, 0xac, 0x6e, 0x0b, 0x50, 0xab, 0x5b, 0x60, 0xcb, 0x7b, 0xe5, 0xef, 0x0f, 0x21, 0xb5, - 0x8f, 0x7b, 0x64, 0x13, 0x70, 0x93, 0x8a, 0x48, 0xb2, 0x1f, 0xf9, 0x9e, 0x13, 0x82, 0x50, 0xdd, - 0x57, 0x64, 0x9f, 0x07, 0x70, 0x0d, 0xdd, 0x03, 0x27, 0x7e, 0x0a, 0xd9, 0x82, 0x82, 0x85, 0x18, - 0xfe, 0x14, 0xe5, 0x6d, 0xfb, 0x98, 0x6c, 0xdf, 0x7d, 0x56, 0xb2, 0x7e, 0xef, 0xfb, 0x84, 0x26, - 0x00, 0x3f, 0x09, 0xa2, 0x31, 0x9d, 0xc5, 0xa8, 0x97, 0x26, 0x3e, 0x40, 0xc5, 0x33, 0x20, 0xce, - 0x5a, 0x4c, 0xc2, 0x05, 0x34, 0x27, 0xfc, 0xb2, 0x54, 0xd1, 0x97, 0x6b, 0x9f, 0x6b, 0xb5, 0xbf, - 0xca, 0x48, 0x07, 0x88, 0x83, 0xa0, 0xa4, 0x94, 0x56, 0x7b, 0x23, 0x4a, 0xbb, 0x96, 0xa9, 0xb4, - 0xf9, 0x6c, 0xa5, 0x2d, 0xa4, 0x95, 0x76, 0x71, 0xf9, 0xc5, 0xa5, 0xe5, 0x27, 0x9c, 0x2f, 0xa5, - 0x38, 0xff, 0xf5, 0x9c, 0xcd, 0x3b, 0xc0, 0xe6, 0xb4, 0x16, 0xce, 0x1f, 0x79, 0x27, 0x06, 0xaf, - 0x67, 0x32, 0x78, 0x6f, 0x99, 0xc1, 0xe5, 0x6c, 0x06, 0xeb, 0xaf, 0xc3, 0xe0, 0x05, 0x5c, 0xa1, - 0x55, 0xb8, 0xaa, 0x64, 0xe0, 0x2a, 0x93, 0x11, 0xf7, 0x56, 0x32, 0x62, 0x23, 0x8b, 0x11, 0x9b, - 0xaf, 0x64, 0xc4, 0xfd, 0x25, 0x46, 0x2c, 0x89, 0xed, 0x56, 0x96, 0xd8, 0xa6, 0xb4, 0x67, 0xfb, - 0x35, 0xb4, 0x27, 0x26, 0x0d, 0xfe, 0x6f, 0xa4, 0xc1, 0x87, 0x68, 0xa7, 0x17, 0xb9, 0x2e, 0x0d, - 0xc3, 0x26, 0x1d, 0x30, 0x4e, 0xbb, 0x4e, 0x18, 0x7a, 0xc1, 0x90, 0x3c, 0xa8, 0x6a, 0xf5, 0xa2, - 0x95, 0x99, 0xc3, 0x9f, 0xa1, 0xdd, 0xc7, 0x8e, 0xe7, 0x47, 0x9c, 0xc6, 0x89, 0x44, 0x9f, 0xc8, - 0x2e, 0x74, 0xbd, 0x22, 0x2b, 0x37, 0xd8, 0xe5, 0xec, 0x7c, 0x06, 0xc8, 0x7c, 0x5b, 0x6d, 0x70, - 0x1e, 0x98, 0x67, 0x61, 0xbc, 0x24, 0x95, 0x85, 0x19, 0xaf, 0x96, 0xd6, 0xb7, 0xde, 0x9c, 0xb4, - 0x2e, 0xfd, 0xb1, 0x78, 0x08, 0xef, 0x5a, 0x0c, 0xfe, 0x0f, 0x7a, 0xd3, 0x3c, 0xb9, 0xf8, 0xd3, - 0xc8, 0x5d, 0x5c, 0x1b, 0xda, 0xe5, 0xb5, 0xa1, 0xfd, 0x71, 0x6d, 0x68, 0xbf, 0xdc, 0x18, 0xb9, - 0x17, 0x37, 0x46, 0xee, 0xf2, 0xc6, 0xc8, 0xfd, 0x76, 0x63, 0xe4, 0x7e, 0xfc, 0xe8, 0xdf, 0xe4, - 0xe6, 0xa5, 0x7f, 0x57, 0x4f, 0x4b, 0x10, 0xf8, 0xe4, 0x9f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x3e, - 0x9a, 0xda, 0xd9, 0xc8, 0x0a, 0x00, 0x00, + // 1016 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0xcf, 0x6f, 0xe3, 0x44, + 0x14, 0x8e, 0x9b, 0x36, 0x8d, 0x27, 0x6d, 0xb7, 0x9d, 0xed, 0x96, 0xd9, 0x2e, 0x72, 0x43, 0xe0, + 0x10, 0x44, 0x71, 0xa4, 0x22, 0x10, 0x20, 0x01, 0x6a, 0x92, 0xfd, 0x11, 0xd4, 0x2e, 0xc1, 0x31, + 0x7b, 0xe0, 0xe6, 0x3a, 0x93, 0xc4, 0x8a, 0xe3, 0x89, 0xc6, 0xe3, 0xaa, 0xe1, 0xca, 0x3f, 0x80, + 0xc4, 0x65, 0xff, 0xa4, 0x1e, 0x7b, 0xe4, 0x54, 0xa0, 0xfd, 0x27, 0x10, 0x27, 0x34, 0x6f, 0xec, + 0xd4, 0xd9, 0x78, 0x49, 0x58, 0x2d, 0xa7, 0xcc, 0x7c, 0xef, 0xbd, 0x19, 0xcf, 0x7b, 0xdf, 0xf7, + 0xb5, 0xe8, 0xbd, 0x31, 0x67, 0x82, 0xd5, 0xc6, 0x67, 0x21, 0xe5, 0xe7, 0x9e, 0x4b, 0x6b, 0x03, + 0xea, 0xf8, 0x62, 0xe0, 0x0e, 0xa8, 0x3b, 0x34, 0x21, 0x86, 0xf5, 0x69, 0x70, 0xdf, 0xe8, 0x33, + 0xd6, 0xf7, 0x69, 0x0d, 0x02, 0x67, 0x51, 0xaf, 0xd6, 0x8d, 0xb8, 0x23, 0x3c, 0x16, 0xa8, 0xd4, + 0xfd, 0x47, 0xc9, 0x69, 0x2e, 0x1b, 0x8d, 0x58, 0x50, 0x53, 0x3f, 0x71, 0x70, 0xb7, 0xcf, 0xfa, + 0x4c, 0x25, 0xc8, 0x95, 0x42, 0x2b, 0x3f, 0xaf, 0xa2, 0xd2, 0x33, 0xb8, 0xb3, 0x21, 0xef, 0xc4, + 0x18, 0xad, 0x3e, 0x67, 0x5d, 0x4a, 0xb4, 0xb2, 0x56, 0xd5, 0x2d, 0x58, 0xe3, 0xa7, 0x68, 0x1d, + 0x82, 0xad, 0x26, 0x59, 0x91, 0x70, 0xfd, 0xe3, 0xbf, 0xaf, 0x0f, 0x3e, 0xec, 0x7b, 0x62, 0x10, + 0x9d, 0x99, 0x2e, 0x1b, 0xd5, 0x06, 0x4e, 0x38, 0xf0, 0x5c, 0xc6, 0xc7, 0x35, 0x97, 0x05, 0x61, + 0xe4, 0xd7, 0xc4, 0x64, 0x4c, 0x43, 0x33, 0x2e, 0xb2, 0x92, 0x6a, 0x38, 0xdc, 0x19, 0x51, 0x92, + 0x8f, 0x0f, 0x77, 0x46, 0x14, 0xef, 0xa1, 0x42, 0x47, 0x38, 0x22, 0x0a, 0xc9, 0x2a, 0xa0, 0xf1, + 0x0e, 0xef, 0xa2, 0xb5, 0xe7, 0x4c, 0xd0, 0x90, 0xac, 0x01, 0xac, 0x36, 0x32, 0xfb, 0xbb, 0x48, + 0x8c, 0x23, 0x41, 0x0a, 0x2a, 0x5b, 0xed, 0xf0, 0xbb, 0x48, 0xef, 0xa8, 0x26, 0xb5, 0x9a, 0x64, + 0x1d, 0x42, 0x77, 0x00, 0x2e, 0xa3, 0x52, 0xbc, 0x81, 0xeb, 0x8b, 0x10, 0x4f, 0x43, 0xa9, 0x0c, + 0xdb, 0xe9, 0x87, 0x44, 0x2f, 0xe7, 0x53, 0x19, 0x12, 0x92, 0xdf, 0x6e, 0x4f, 0xc6, 0x94, 0x6c, + 0xa8, 0x6f, 0x97, 0x6b, 0xfc, 0x04, 0xa1, 0x26, 0xed, 0x79, 0x81, 0x27, 0x67, 0x40, 0x50, 0x59, + 0xab, 0x96, 0x8e, 0xca, 0xe6, 0x74, 0x5e, 0x66, 0xaa, 0xb1, 0x77, 0x79, 0xf5, 0xd5, 0xcb, 0xeb, + 0x83, 0x9c, 0x95, 0xaa, 0xc4, 0x5f, 0x20, 0xdd, 0x72, 0x7a, 0xa2, 0x15, 0x74, 0xe9, 0x05, 0x29, + 0xc1, 0x31, 0x3b, 0x66, 0x3c, 0xbc, 0x69, 0xa0, 0x5e, 0x94, 0x75, 0x57, 0xd7, 0x07, 0x9a, 0x75, + 0x97, 0x8d, 0x9b, 0x68, 0xeb, 0x71, 0x20, 0x28, 0x1f, 0x73, 0x2f, 0xa4, 0xa7, 0x54, 0x38, 0x64, + 0x13, 0xea, 0xf7, 0x92, 0xfa, 0xd9, 0x68, 0x7c, 0xf9, 0x2b, 0x35, 0x95, 0xf7, 0x81, 0x04, 0x5d, + 0xca, 0x5f, 0x38, 0x7e, 0x44, 0x65, 0xef, 0x61, 0x41, 0x34, 0xe8, 0x83, 0xda, 0x54, 0xfe, 0x2a, + 0xa0, 0x07, 0x99, 0x2f, 0x92, 0xbd, 0x79, 0x66, 0xdb, 0xed, 0x84, 0x34, 0x72, 0x8d, 0x3f, 0x40, + 0x9b, 0xf6, 0x49, 0x47, 0x76, 0x90, 0x72, 0xe8, 0xfa, 0x7d, 0x08, 0xce, 0x82, 0x49, 0xd6, 0xd0, + 0x1b, 0xbf, 0xa0, 0xdc, 0xeb, 0x4d, 0x80, 0x60, 0x45, 0x6b, 0x16, 0xc4, 0xdf, 0xa2, 0x82, 0xfa, + 0x3c, 0x92, 0x2f, 0xe7, 0xab, 0xa5, 0xa3, 0xc3, 0x45, 0x3d, 0x36, 0x55, 0xfa, 0xe3, 0x40, 0xf0, + 0x49, 0xfc, 0xe4, 0xf8, 0x04, 0xc9, 0xa0, 0x53, 0x2a, 0x06, 0xac, 0x9b, 0xf0, 0x4d, 0xed, 0xe4, + 0x1b, 0xea, 0xac, 0x3b, 0x21, 0x58, 0xbd, 0x41, 0xae, 0xf1, 0x36, 0xca, 0xdb, 0x8d, 0x76, 0xcc, + 0x40, 0xb9, 0xc4, 0xdf, 0xa0, 0x62, 0x4b, 0xb6, 0xee, 0xdc, 0xf1, 0x81, 0x81, 0xa5, 0xa3, 0x87, + 0xa6, 0x12, 0xa5, 0x99, 0x88, 0xd2, 0x6c, 0xc6, 0xa2, 0x54, 0x03, 0x7b, 0xf9, 0xfb, 0x81, 0x66, + 0x4d, 0x8b, 0xe4, 0x83, 0x15, 0x65, 0x4f, 0x9d, 0x8b, 0x8e, 0xf7, 0x13, 0x25, 0x7a, 0x59, 0xab, + 0x6e, 0x5a, 0xb3, 0x20, 0xfe, 0x0a, 0xad, 0xdb, 0xde, 0x88, 0xb2, 0x48, 0x00, 0x99, 0x97, 0xbc, + 0x25, 0xa9, 0xc1, 0x43, 0x64, 0x34, 0x29, 0xa7, 0x7d, 0x2f, 0x14, 0x94, 0x37, 0xb8, 0x27, 0x3c, + 0xd7, 0xf1, 0x63, 0x32, 0x1f, 0xf7, 0x04, 0xe5, 0x20, 0x81, 0x25, 0x4f, 0x5d, 0x70, 0x14, 0x36, + 0x10, 0xea, 0xb8, 0xdc, 0x1b, 0x8b, 0x63, 0xde, 0x0f, 0x09, 0x02, 0xc6, 0xa4, 0x10, 0x7c, 0x88, + 0x76, 0x9a, 0xcc, 0x1d, 0x52, 0xde, 0x60, 0x81, 0x70, 0xbc, 0x80, 0xf2, 0x56, 0x13, 0x48, 0xae, + 0x5b, 0xf3, 0x01, 0x49, 0xbd, 0xce, 0x80, 0xfa, 0x7e, 0xac, 0x33, 0xb5, 0x91, 0xc3, 0x79, 0x6a, + 0xb5, 0x1b, 0xc0, 0x6d, 0xdd, 0x82, 0xb5, 0xbc, 0x57, 0xfe, 0xfe, 0x10, 0x52, 0xfb, 0xa4, 0x43, + 0xb6, 0x80, 0x37, 0x29, 0x44, 0x5a, 0xc2, 0xb1, 0xef, 0x39, 0x21, 0xd8, 0xd9, 0x3d, 0x65, 0x09, + 0x53, 0x00, 0x57, 0xd0, 0x06, 0x6c, 0xe2, 0xa7, 0x90, 0x6d, 0x48, 0x98, 0xc1, 0xf0, 0xa7, 0x28, + 0x6f, 0xdb, 0x27, 0x64, 0x67, 0xf9, 0x5e, 0xc9, 0xfc, 0xfd, 0xef, 0x13, 0x31, 0x01, 0xfd, 0x24, + 0x89, 0x86, 0x74, 0x12, 0x6b, 0x43, 0x2e, 0xf1, 0x21, 0x5a, 0x3b, 0x07, 0x79, 0xad, 0xc4, 0x52, + 0x9d, 0x61, 0x73, 0xa2, 0x42, 0x4b, 0x25, 0x7d, 0xb9, 0xf2, 0xb9, 0x56, 0xf9, 0x55, 0x47, 0x3a, + 0x50, 0x1c, 0x6c, 0x27, 0xe5, 0xc7, 0xda, 0x5b, 0xf1, 0xe3, 0x95, 0x4c, 0x3f, 0xce, 0x67, 0xfb, + 0xf1, 0x6a, 0xda, 0x8f, 0x67, 0x87, 0xbf, 0x36, 0x37, 0xfc, 0xc4, 0x19, 0x0a, 0x29, 0x67, 0xf8, + 0x7a, 0xaa, 0xe6, 0x5d, 0x50, 0x73, 0xda, 0x31, 0xa7, 0x8f, 0x5c, 0x4a, 0xc1, 0xeb, 0x99, 0x0a, + 0xde, 0x9f, 0x57, 0x70, 0x31, 0x5b, 0xc1, 0xfa, 0x9b, 0x28, 0x78, 0x86, 0x57, 0x68, 0x11, 0xaf, + 0x4a, 0x19, 0xbc, 0xca, 0x54, 0xc4, 0xc6, 0x42, 0x45, 0x6c, 0x66, 0x29, 0x62, 0xeb, 0xb5, 0x8a, + 0xb8, 0x37, 0xa7, 0x88, 0x39, 0x4b, 0x7e, 0xb4, 0x94, 0x25, 0x6f, 0x67, 0x59, 0x72, 0xca, 0xa1, + 0x76, 0xde, 0xc0, 0xa1, 0x62, 0x69, 0xe1, 0xff, 0x26, 0x2d, 0x7c, 0x84, 0x76, 0x3b, 0x91, 0xeb, + 0xd2, 0x30, 0xac, 0xd3, 0x1e, 0xe3, 0xb4, 0xed, 0x84, 0xa1, 0x17, 0xf4, 0xc9, 0x83, 0xb2, 0x56, + 0x5d, 0xb3, 0x32, 0x63, 0xf8, 0x33, 0xb4, 0xf7, 0xc4, 0xf1, 0xfc, 0x88, 0xd3, 0x38, 0x90, 0xb8, + 0x18, 0xd9, 0x83, 0xaa, 0xd7, 0x44, 0xe5, 0x9c, 0xdb, 0x9c, 0x5d, 0x4c, 0x80, 0xbf, 0xef, 0xa8, + 0x39, 0x4f, 0x81, 0x69, 0x14, 0x86, 0x40, 0x52, 0x51, 0x98, 0xc4, 0x62, 0x03, 0xbe, 0xff, 0xf6, + 0x0c, 0x78, 0xee, 0x4f, 0xca, 0x43, 0x78, 0xd7, 0x2c, 0xf8, 0x3f, 0xb8, 0x52, 0xfd, 0xf4, 0xf2, + 0x4f, 0x23, 0x77, 0x79, 0x63, 0x68, 0x57, 0x37, 0x86, 0xf6, 0xc7, 0x8d, 0xa1, 0xfd, 0x72, 0x6b, + 0xe4, 0x5e, 0xde, 0x1a, 0xb9, 0xab, 0x5b, 0x23, 0xf7, 0xdb, 0xad, 0x91, 0xfb, 0xf1, 0xa3, 0x7f, + 0x33, 0xa5, 0x57, 0xfe, 0xf5, 0x3d, 0x2b, 0x00, 0xf0, 0xc9, 0x3f, 0x01, 0x00, 0x00, 0xff, 0xff, + 0xf4, 0xca, 0x84, 0xe7, 0x14, 0x0b, 0x00, 0x00, } func (m *HealthCheck) Marshal() (dAtA []byte, err error) { @@ -524,6 +527,15 @@ func (m *HealthCheckDefinition) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.TLSServerName) > 0 { + i -= len(m.TLSServerName) + copy(dAtA[i:], m.TLSServerName) + i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.TLSServerName))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0x9a + } if len(m.Body) > 0 { i -= len(m.Body) copy(dAtA[i:], m.Body) @@ -706,6 +718,15 @@ func (m *CheckType) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.TLSServerName) > 0 { + i -= len(m.TLSServerName) + copy(dAtA[i:], m.TLSServerName) + i = encodeVarintHealthcheck(dAtA, i, uint64(len(m.TLSServerName))) + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xda + } if len(m.Body) > 0 { i -= len(m.Body) copy(dAtA[i:], m.Body) @@ -1093,6 +1114,10 @@ func (m *HealthCheckDefinition) Size() (n int) { if l > 0 { n += 2 + l + sovHealthcheck(uint64(l)) } + l = len(m.TLSServerName) + if l > 0 { + n += 2 + l + sovHealthcheck(uint64(l)) + } return n } @@ -1200,6 +1225,10 @@ func (m *CheckType) Size() (n int) { if l > 0 { n += 2 + l + sovHealthcheck(uint64(l)) } + l = len(m.TLSServerName) + if l > 0 { + n += 2 + l + sovHealthcheck(uint64(l)) + } return n } @@ -2435,6 +2464,38 @@ func (m *HealthCheckDefinition) Unmarshal(dAtA []byte) error { } m.Body = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 19: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TLSServerName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowHealthcheck + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthHealthcheck + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthHealthcheck + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.TLSServerName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipHealthcheck(dAtA[iNdEx:]) @@ -3358,6 +3419,38 @@ func (m *CheckType) Unmarshal(dAtA []byte) error { } m.Body = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 27: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TLSServerName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowHealthcheck + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthHealthcheck + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthHealthcheck + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.TLSServerName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipHealthcheck(dAtA[iNdEx:]) diff --git a/proto/pbservice/healthcheck.proto b/proto/pbservice/healthcheck.proto index be0e88d67..a5e438633 100644 --- a/proto/pbservice/healthcheck.proto +++ b/proto/pbservice/healthcheck.proto @@ -56,6 +56,7 @@ message HeaderValue { // name=Structs message HealthCheckDefinition { string HTTP = 1; + string TLSServerName = 19; bool TLSSkipVerify = 2; // mog: func-to=MapHeadersToStructs func-from=NewMapHeadersFromStructs @@ -117,6 +118,7 @@ message CheckType { string Shell = 13; string GRPC = 14; bool GRPCUseTLS = 15; + string TLSServerName = 27; bool TLSSkipVerify = 16; google.protobuf.Duration Timeout = 17 [(gogoproto.stdduration) = true, (gogoproto.nullable) = false]; diff --git a/tlsutil/config.go b/tlsutil/config.go index 4042518b3..ab6213cce 100644 --- a/tlsutil/config.go +++ b/tlsutil/config.go @@ -711,21 +711,27 @@ func (c *Configurator) IncomingHTTPSConfig() *tls.Config { return config } -// IncomingTLSConfig generates a *tls.Config for outgoing TLS connections for -// checks. This function is separated because there is an extra flag to +// OutgoingTLSConfigForCheck generates a *tls.Config for outgoing TLS connections +// for checks. This function is separated because there is an extra flag to // consider for checks. EnableAgentTLSForChecks and InsecureSkipVerify has to // be checked for checks. -func (c *Configurator) OutgoingTLSConfigForCheck(skipVerify bool) *tls.Config { +func (c *Configurator) OutgoingTLSConfigForCheck(skipVerify bool, serverName string) *tls.Config { c.log("OutgoingTLSConfigForCheck") + + if serverName == "" { + serverName = c.serverNameOrNodeName() + } + if !c.enableAgentTLSForChecks() { return &tls.Config{ InsecureSkipVerify: skipVerify, + ServerName: serverName, } } config := c.commonTLSConfig(false) config.InsecureSkipVerify = skipVerify - config.ServerName = c.serverNameOrNodeName() + config.ServerName = serverName return config } diff --git a/tlsutil/config_test.go b/tlsutil/config_test.go index 1cfd44d01..7287d8628 100644 --- a/tlsutil/config_test.go +++ b/tlsutil/config_test.go @@ -909,16 +909,21 @@ func TestConfigurator_OutgoingTLSConfigForChecks(t *testing.T) { TLSMinVersion: "tls12", EnableAgentTLSForChecks: false, }, autoTLS: &autoTLS{}} - tlsConf := c.OutgoingTLSConfigForCheck(true) + tlsConf := c.OutgoingTLSConfigForCheck(true, "") require.Equal(t, true, tlsConf.InsecureSkipVerify) require.Equal(t, uint16(0), tlsConf.MinVersion) c.base.EnableAgentTLSForChecks = true c.base.ServerName = "servername" - tlsConf = c.OutgoingTLSConfigForCheck(true) + tlsConf = c.OutgoingTLSConfigForCheck(true, "") require.Equal(t, true, tlsConf.InsecureSkipVerify) require.Equal(t, TLSLookup[c.base.TLSMinVersion], tlsConf.MinVersion) require.Equal(t, c.base.ServerName, tlsConf.ServerName) + + tlsConf = c.OutgoingTLSConfigForCheck(true, "servername2") + require.Equal(t, true, tlsConf.InsecureSkipVerify) + require.Equal(t, TLSLookup[c.base.TLSMinVersion], tlsConf.MinVersion) + require.Equal(t, "servername2", tlsConf.ServerName) } func TestConfigurator_OutgoingRPCConfig(t *testing.T) { diff --git a/website/content/api-docs/agent/check.mdx b/website/content/api-docs/agent/check.mdx index 194df3d7a..196de7fe6 100644 --- a/website/content/api-docs/agent/check.mdx +++ b/website/content/api-docs/agent/check.mdx @@ -188,6 +188,11 @@ The table below shows this endpoint's support for The value can be further limited for all checks of a given agent using the `check_output_max_size` flag in the agent. +- `TLSServerName` `(string: "")` - Specifies an optional string used to set the + SNI host when connecting via TLS. + For an `HTTP` check, this value is set automatically if the URL uses a hostname + (not an IP address). + - `TLSSkipVerify` `(bool: false)` - Specifies if the certificate for an HTTPS check should not be verified. diff --git a/website/content/docs/discovery/checks.mdx b/website/content/docs/discovery/checks.mdx index a8b05851e..4e9b28e37 100644 --- a/website/content/docs/discovery/checks.mdx +++ b/website/content/docs/discovery/checks.mdx @@ -63,7 +63,9 @@ There are several different kinds of checks: check is limited to roughly 4KB. Responses larger than this will be truncated. HTTP checks also support TLS. By default, a valid TLS certificate is expected. Certificate verification can be turned off by setting the `tls_skip_verify` - field to `true` in the check definition. + field to `true` in the check definition. When using TLS, the SNI will be set + automatically from the URL if it uses a hostname (as opposed to an IP address); + the value can be overriden by setting `tls_server_name`. - `TCP + Interval` - These checks make a TCP connection attempt to the specified IP/hostname and port, waiting `interval` amount of time between attempts @@ -153,6 +155,7 @@ A HTTP check: "id": "api", "name": "HTTP API on port 5000", "http": "https://localhost:5000/health", + "tls_server_name": "", "tls_skip_verify": false, "method": "POST", "header": {"Content-Type": ["application/json"]},