Add changelog; Add API package support for new fields.

This commit is contained in:
Paul Banks 2021-08-25 17:29:06 +01:00
parent 15969327c0
commit aa3240483f
3 changed files with 40 additions and 0 deletions

3
.changelog/10903.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
connect: Add low-level feature to allow an Ingress to retrieve TLS certificates from SDS.
```

View File

@ -40,6 +40,19 @@ type IngressGatewayConfigEntry struct {
type GatewayTLSConfig struct { type GatewayTLSConfig struct {
// Indicates that TLS should be enabled for this gateway service. // Indicates that TLS should be enabled for this gateway service.
Enabled bool Enabled bool
// SDS allows configuring TLS certificate from an SDS service.
SDS *GatewayTLSSDSConfig `json:",omitempty"`
}
type GatewayServiceTLSConfig struct {
// SDS allows configuring TLS certificate from an SDS service.
SDS *GatewayTLSSDSConfig `json:",omitempty"`
}
type GatewayTLSSDSConfig struct {
ClusterName string `json:",omitempty" alias:"cluster_name"`
CertResource string `json:",omitempty" alias:"cert_resource"`
} }
// IngressListener manages the configuration for a listener on a specific port. // IngressListener manages the configuration for a listener on a specific port.
@ -59,6 +72,9 @@ type IngressListener struct {
// For "tcp" protocol listeners, only a single service is allowed. // For "tcp" protocol listeners, only a single service is allowed.
// For "http" listeners, multiple services can be declared. // For "http" listeners, multiple services can be declared.
Services []IngressService Services []IngressService
// TLS allows specifying some TLS configuration per listener.
TLS *GatewayTLSConfig
} }
// IngressService manages configuration for services that are exposed to // IngressService manages configuration for services that are exposed to
@ -93,6 +109,9 @@ type IngressService struct {
// Namespacing is a Consul Enterprise feature. // Namespacing is a Consul Enterprise feature.
Namespace string `json:",omitempty"` Namespace string `json:",omitempty"`
// TLS allows specifying some TLS configuration per listener.
TLS *GatewayServiceTLSConfig
// Allow HTTP header manipulation to be configured. // Allow HTTP header manipulation to be configured.
RequestHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"request_headers"` RequestHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"request_headers"`
ResponseHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"response_headers"` ResponseHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"response_headers"`

View File

@ -86,8 +86,26 @@ func TestAPI_ConfigEntries_IngressGateway(t *testing.T) {
ResponseHeaders: &HTTPHeaderModifiers{ ResponseHeaders: &HTTPHeaderModifiers{
Remove: []string{"x-foo"}, Remove: []string{"x-foo"},
}, },
TLS: &GatewayServiceTLSConfig{
SDS: &GatewayTLSSDSConfig{
ClusterName: "foo",
CertResource: "bar",
},
},
}, },
}, },
TLS: &GatewayTLSConfig{
SDS: &GatewayTLSSDSConfig{
ClusterName: "baz",
CertResource: "qux",
},
},
},
}
ingress1.TLS = GatewayTLSConfig{
SDS: &GatewayTLSSDSConfig{
ClusterName: "qux",
CertResource: "bug",
}, },
} }