Add changelog; Add API package support for new fields.

2021-08-25 17:29:06 +01:00 · 2021-08-25 17:29:06 +01:00 · aa3240483f
parent 15969327c0
commit aa3240483f
3 changed files with 40 additions and 0 deletions
--- a/.changelog/10903.txt
+++ b/.changelog/10903.txt
@ -0,0 +1,3 @@
+```release-note:improvement
+connect: Add low-level feature to allow an Ingress to retrieve TLS certificates from SDS.
+```
--- a/api/config_entry_gateways.go
+++ b/api/config_entry_gateways.go
@ -40,6 +40,19 @@ type IngressGatewayConfigEntry struct {
 type GatewayTLSConfig struct {
 	// Indicates that TLS should be enabled for this gateway service.
 	Enabled bool
+
+	// SDS allows configuring TLS certificate from an SDS service.
+	SDS *GatewayTLSSDSConfig `json:",omitempty"`
+}
+
+type GatewayServiceTLSConfig struct {
+	// SDS allows configuring TLS certificate from an SDS service.
+	SDS *GatewayTLSSDSConfig `json:",omitempty"`
+}
+
+type GatewayTLSSDSConfig struct {
+	ClusterName  string `json:",omitempty" alias:"cluster_name"`
+	CertResource string `json:",omitempty" alias:"cert_resource"`
 }

 // IngressListener manages the configuration for a listener on a specific port.
@ -59,6 +72,9 @@ type IngressListener struct {
 	// For "tcp" protocol listeners, only a single service is allowed.
 	// For "http" listeners, multiple services can be declared.
 	Services []IngressService
+
+	// TLS allows specifying some TLS configuration per listener.
+	TLS *GatewayTLSConfig
 }

 // IngressService manages configuration for services that are exposed to
@ -93,6 +109,9 @@ type IngressService struct {
 	// Namespacing is a Consul Enterprise feature.
 	Namespace string `json:",omitempty"`

+	// TLS allows specifying some TLS configuration per listener.
+	TLS *GatewayServiceTLSConfig
+
 	// Allow HTTP header manipulation to be configured.
 	RequestHeaders  *HTTPHeaderModifiers `json:",omitempty" alias:"request_headers"`
 	ResponseHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"response_headers"`
--- a/api/config_entry_gateways_test.go
+++ b/api/config_entry_gateways_test.go
@ -86,8 +86,26 @@ func TestAPI_ConfigEntries_IngressGateway(t *testing.T) {
 					ResponseHeaders: &HTTPHeaderModifiers{
 						Remove: []string{"x-foo"},
 					},
+					TLS: &GatewayServiceTLSConfig{
+						SDS: &GatewayTLSSDSConfig{
+							ClusterName:  "foo",
+							CertResource: "bar",
+						},
+					},
 				},
 			},
+			TLS: &GatewayTLSConfig{
+				SDS: &GatewayTLSSDSConfig{
+					ClusterName:  "baz",
+					CertResource: "qux",
+				},
+			},
+		},
+	}
+	ingress1.TLS = GatewayTLSConfig{
+		SDS: &GatewayTLSSDSConfig{
+			ClusterName:  "qux",
+			CertResource: "bug",
 		},
 	}