Documentation
¶
Index ¶
Constants ¶
const DefaultPollingInterval = 10 * time.Second
Variables ¶
This section is empty.
Functions ¶
func UpsertConsulClientToken ¶
func UpsertConsulClientToken(consulClient *api.Client, smClient secretsmanageriface.SecretsManagerAPI, secretARN, secretPrefix string, log hclog.Logger) error
UpsertConsulClientToken creates or updates ACL policy and token for the Consul client in Consul. It then saves the created token in AWS Secrets Manager in the secret provided by secretARN.
Types ¶
type Controller ¶
type Controller struct {
// Resources lists resources for Controller to reconcile.
Resources ResourceLister
// PollingInterval is an interval that Controller will use to reconcile all Resources.
PollingInterval time.Duration
// Log is the logger used by the Controller.
Log hclog.Logger
}
Controller is a generic controller implementation. It periodically polls for Resources and reconciles them by calling Resource's Upsert or Delete function accordingly.
func (*Controller) Run ¶
func (c *Controller) Run(ctx context.Context)
Run starts the Controller loop. The loop will exit when ctx is canceled.
type Resource ¶
type Resource interface {
Reconcile() error
}
Resource is a generic type that needs to be reconciled by the Controller. It offers Upsert and Delete functions to reconcile itself with an external state.
type ResourceLister ¶
ResourceLister is an interface for listing Resources.
type ServiceInfo ¶
type ServiceInfo struct {
SecretsManagerClient secretsmanageriface.SecretsManagerAPI
ConsulClient *api.Client
Cluster string
SecretPrefix string
ServiceName string
ServiceState ServiceState
Log hclog.Logger
}
func (*ServiceInfo) Delete ¶
func (s *ServiceInfo) Delete() error
Delete removes the token for the given ServiceInfo.
func (*ServiceInfo) Reconcile ¶
func (s *ServiceInfo) Reconcile() error
Reconcile inserts or deletes ACL tokens based on their ServiceState.
func (*ServiceInfo) Upsert ¶
func (s *ServiceInfo) Upsert() error
Upsert creates a token for the task if one doesn't already exist and updates the secret with the contents of the token.
type ServiceState ¶
type ServiceState struct {
ConsulECSTasks bool
ACLTokens []*api.ACLTokenListEntry
}
ServiceState contains all of the information needed to determine if an ACL token should be created for a Consul service or if an ACL token should be deleted.
type ServiceStateLister ¶
type ServiceStateLister struct {
// ECSClient is the AWS ECS client to be used by the ServiceStateLister.
ECSClient ecsiface.ECSAPI
// SecretsManagerClient is the AWS Secrets Manager client to be used by the ServiceStateLister.
SecretsManagerClient secretsmanageriface.SecretsManagerAPI
// ConsulClient is the Consul client to be used by the ServiceStateLister.
ConsulClient *api.Client
// Cluster is the name or the ARN of the ECS cluster.
Cluster string
// SecretPrefix is the prefix to determine names of resources in Consul or AWS.
SecretPrefix string
// Log is the logger for the ServiceStateLister.
Log hclog.Logger
}
ServiceStateLister is an implementation of ResourceLister that constructs ServiceInfo
func (ServiceStateLister) List ¶
func (s ServiceStateLister) List() ([]Resource, error)
List returns a mapping from inferred service names to the ACL tokens, ECS tasks and existence of a Consul service.
Source Files
Directories