luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/api
History
Paul Glass d8d89d4b59
Permissive mTLS (#17035) 
This implements permissive mTLS , which allows toggling services into "permissive" mTLS mode.
Permissive mTLS mode allows incoming "non Consul-mTLS" traffic to be forward unmodified to the application.

* Update service-defaults and proxy-defaults config entries with a MutualTLSMode field
* Update the mesh config entry with an AllowEnablingPermissiveMutualTLS field and implement the necessary validation. AllowEnablingPermissiveMutualTLS must be true to allow changing to MutualTLSMode=permissive, but this does not require that all proxy-defaults and service-defaults are currently in strict mode.
* Update xDS listener config to add a "permissive filter chain" when MutualTLSMode=permissive for a particular service. The permissive filter chain matches incoming traffic by the destination port. If the destination port matches the service port from the catalog, then no mTLS is required and the traffic sent is forwarded unmodified to the application.
 		2023-04-19 14:45:00 -05:00
..
watch Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
.golangci.yml ci: Use golangci-lint for linting 2020-03-17 13:43:40 -04:00
README.md Update the README for the Consul API (#15936) 2023-01-06 21:10:56 +00:00
acl.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
acl_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
agent.go api: enable query options on agent force-leave endpoint (#15987) 2023-04-18 11:31:48 -05:00
agent_test.go api: enable query options on agent force-leave endpoint (#15987) 2023-04-18 11:31:48 -05:00
api.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
api_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
catalog.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
catalog_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
config_entry.go Permissive mTLS (#17035) 2023-04-19 14:45:00 -05:00
config_entry_discoverychain.go Add PrioritizeByLocality to config entries. (#17007) 2023-04-14 15:42:54 -05:00
config_entry_discoverychain_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
config_entry_exports.go add sameness to exported services structs in the api package (#16984) 2023-04-12 16:49:28 -04:00
config_entry_exports_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
config_entry_gateways.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
config_entry_gateways_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
config_entry_inline_certificate.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
config_entry_inline_certificate_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
config_entry_intentions.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
config_entry_intentions_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
config_entry_mesh.go Permissive mTLS (#17035) 2023-04-19 14:45:00 -05:00
config_entry_rate_limit_ip.go fix: export ReadWriteRatesConfig struct as it needs to referenced from consul-k8s (#16766) 2023-03-29 09:54:59 -04:00
config_entry_routes.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
config_entry_sameness_group.go Add default resolvers to disco chains based on the default sameness group (#16837) 2023-03-31 14:35:56 -04:00
config_entry_status.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
config_entry_test.go Permissive mTLS (#17035) 2023-04-19 14:45:00 -05:00
connect.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
connect_ca.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
connect_ca_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
connect_intention.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
connect_intention_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
coordinate.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
coordinate_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
debug.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
debug_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
discovery_chain.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
discovery_chain_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
event.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
event_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
go.mod Bump submodules from latest 1.15.1 patch release (#16578) 2023-03-08 14:37:50 -06:00
go.sum Fix SDK to support older versions of Consul. (#15423) 2022-11-18 10:32:01 -06:00
health.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
health_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
kv.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
kv_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
lock.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
lock_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
mock_api_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
namespace.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
namespace_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_area.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_autopilot.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_autopilot_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_keyring.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_keyring_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_license.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_raft.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_raft_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_segment.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_usage.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_usage_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
oss_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
partition.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
peering.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
peering_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
prepared_query.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
prepared_query_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
raw.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
semaphore.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
semaphore_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
session.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
session_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
snapshot.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
snapshot_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
status.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
status_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
txn.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
txn_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00

README.md

Consul API Client

This package provides the api package which provides programmatic access to the full Consul API.

The full documentation is available on Godoc.

Usage

Below is an example of using the Consul client. To run the example, you must first install Consul and Go.

To run the client API, create a new Go module.

go mod init consul-demo

Copy the example code into a file called main.go in the directory where the module is defined. As seen in the example, the Consul API is often imported with the alias capi.

package main

import (
	"fmt"

	capi "github.com/hashicorp/consul/api"
)

func main() {
	// Get a new client
	client, err := capi.NewClient(capi.DefaultConfig())
	if err != nil {
		panic(err)
	}

	// Get a handle to the KV API
	kv := client.KV()

	// PUT a new KV pair
	p := &capi.KVPair{Key: "REDIS_MAXCLIENTS", Value: []byte("1000")}
	_, err = kv.Put(p, nil)
	if err != nil {
		panic(err)
	}

	// Lookup the pair
	pair, _, err := kv.Get("REDIS_MAXCLIENTS", nil)
	if err != nil {
		panic(err)
	}
	fmt.Printf("KV: %v %s\n", pair.Key, pair.Value)
}

Install the Consul API dependency with go mod tidy.

In a separate terminal window, start a local Consul server.

consul agent -dev -node machine

Run the example.

go run .

You should get the following result printed to the terminal.

KV: REDIS_MAXCLIENTS 1000

After running the code, you can also view the values in the Consul UI on your local machine at http://localhost:8500/ui/dc1/kv