-
Notifications
You must be signed in to change notification settings - Fork 2k
/
service_identities.go
64 lines (54 loc) · 1.59 KB
/
service_identities.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package structs
import "errors"
// An SIToken is the important bits of a Service Identity token generated by Consul.
type SIToken struct {
TaskName string // the nomad task backing the consul service (native or sidecar)
AccessorID string
SecretID string
}
// An SITokenAccessor is a reference to a created Service Identity token on
// behalf of an allocation's task.
type SITokenAccessor struct {
NodeID string
AllocID string
AccessorID string
TaskName string
// Raft index
CreateIndex uint64
}
// SITokenAccessorsRequest is used to operate on a set of SITokenAccessor, like
// recording a set of accessors for an alloc into raft.
type SITokenAccessorsRequest struct {
Accessors []*SITokenAccessor
}
// DeriveSITokenRequest is used to request Consul Service Identity tokens from
// the Nomad Server for the named tasks in the given allocation.
type DeriveSITokenRequest struct {
NodeID string
SecretID string
AllocID string
Tasks []string
QueryOptions
}
func (r *DeriveSITokenRequest) Validate() error {
switch {
case r.NodeID == "":
return errors.New("missing node ID")
case r.SecretID == "":
return errors.New("missing node SecretID")
case r.AllocID == "":
return errors.New("missing allocation ID")
case len(r.Tasks) == 0:
return errors.New("no tasks specified")
default:
return nil
}
}
type DeriveSITokenResponse struct {
// Tokens maps from Task Name to its associated SI token
Tokens map[string]string
// Error stores any error that occurred. Errors are stored here so we can
// communicate whether it is retryable
Error *RecoverableError
QueryMeta
}