servercert

type CertManager ¶

type CertManager struct {
	// contains filtered or unexported fields
}

CertManager is responsible for requesting and renewing the leaf cert for server agents. The server certificate is managed internally and used for peering control-plane traffic to the TLS-enabled external gRPC port.

func NewCertManager(deps Deps) *CertManager

func (m *CertManager) Start(ctx context.Context) error

type Config ¶

type Config struct {
	// Datacenter is the datacenter name the server is configured with.
	Datacenter string

	// ACLsEnabled indicates whether the ACL system is enabled on this server.
	ACLsEnabled bool
}

type Deps ¶

type Deps struct {
	Config          Config
	Logger          hclog.Logger
	LeafCertManager LeafCertManager
	GetStore        func() Store
	TLSConfigurator TLSConfigurator
	// contains filtered or unexported fields
}

type LeafCertManager ¶

type LeafCertManager interface {
	Notify(ctx context.Context, req *leafcert.ConnectCALeafRequest, correlationID string, ch chan<- cache.UpdateEvent) error
}

LeafCertManager is an interface to represent the necessary methods of the agent/leafcert.Manager. It is used to request and renew the server leaf certificate.

type Store ¶

type Store interface {
	CAConfig(ws memdb.WatchSet) (uint64, *structs.CAConfiguration, error)
	SystemMetadataGet(ws memdb.WatchSet, key string) (uint64, *structs.SystemMetadataEntry, error)
	AbandonCh() <-chan struct{}
}

Store is an interface to represent the necessary methods of the state.Store. It is used to fetch the CA Config to getStore the trust domain in the TLSConfigurator.

type TLSConfigurator ¶

type TLSConfigurator interface {
	UpdateAutoTLSCert(pub, priv string) error
	UpdateAutoTLSPeeringServerName(name string)
}

TLSConfigurator is an interface to represent the necessary methods of the tlsutil.Configurator. It is used to apply the server leaf certificate and server name.