auxiliaryfiles

package
v0.1.0-alpha.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 28, 2025 License: Apache-2.0 Imports: 11 Imported by: 0

README

pkg/dataplane/auxiliaryfiles

Auxiliary file handling for HAProxy (SSL certificates, map files, general files).

Overview

Manages auxiliary files that accompany HAProxy configuration (SSL certs, maps, error pages).

Types

  • SSL Certificates: TLS certificates for HTTPS frontends
  • Map Files: HAProxy map files for routing
  • General Files: Custom error pages, Lua scripts, etc.

License

See main repository for license information.

Documentation

Overview

Package auxiliaryfiles provides functionality for synchronizing auxiliary files (general files, SSL certificates, map files, crt-lists) with the HAProxy Dataplane API.

Auxiliary files are supplementary files that HAProxy needs but are not part of the main configuration file, such as:

  • General files: Error pages, custom response files, ACL files
  • SSL certificates: TLS/SSL certificate and key files
  • Map files: Dynamic key-value mappings
  • CRT-list files: SSL certificate lists with per-certificate options

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Sync 

func Sync[T FileItem](
	ctx context.Context,
	ops FileOperations[T],
	diff *FileDiffGeneric[T],
) ([]string, error)

Sync synchronizes files to the desired state by applying the provided diff.

This function should be called in two phases:

  • Phase 1 (pre-config): Call with diff containing ToCreate and ToUpdate
  • Phase 2 (post-config): Call with diff containing ToDelete

The caller is responsible for splitting the diff into these phases.

Type Parameters:

  • T: The file item type (must implement FileItem interface)

Parameters:

  • ctx: Context for cancellation
  • ops: File operations adapter for the specific file type
  • diff: The diff to apply (may contain create, update, and/or delete operations)

Returns:

  • []string: Reload IDs from create/update operations that triggered reloads
  • error: Any error encountered during synchronization

func SyncCRTLists 

func SyncCRTLists(ctx context.Context, c *client.DataplaneClient, diff *CRTListDiff) ([]string, error)

SyncCRTLists synchronizes crt-list files to the desired state by applying the provided diff. This function should be called in two phases:

  • Phase 1 (pre-config): Call with diff containing ToCreate and ToUpdate
  • Phase 2 (post-config): Call with diff containing ToDelete

The caller is responsible for splitting the diff into these phases. Returns reload IDs from create/update operations that triggered reloads.

Version compatibility: CRT-list storage is only available in HAProxy DataPlane API v3.2+. On older versions (3.0, 3.1), this function automatically falls back to general file storage.

func SyncGeneralFiles 

func SyncGeneralFiles(ctx context.Context, c *client.DataplaneClient, diff *FileDiff) ([]string, error)

SyncGeneralFiles synchronizes general files to the desired state by applying the provided diff. This function should be called in two phases:

  • Phase 1 (pre-config): Call with diff containing ToCreate and ToUpdate
  • Phase 2 (post-config): Call with diff containing ToDelete

The caller is responsible for splitting the diff into these phases. Returns reload IDs from create/update operations that triggered reloads.

func SyncMapFiles 

func SyncMapFiles(ctx context.Context, c *client.DataplaneClient, diff *MapFileDiff) ([]string, error)

SyncMapFiles synchronizes map files to the desired state by applying the provided diff. This function should be called in two phases:

  • Phase 1 (pre-config): Call with diff containing ToCreate and ToUpdate
  • Phase 2 (post-config): Call with diff containing ToDelete

The caller is responsible for splitting the diff into these phases. Returns reload IDs from create/update operations that triggered reloads.

func SyncSSLCaFiles 

func SyncSSLCaFiles(ctx context.Context, c *client.DataplaneClient, diff *SSLCaFileDiff) ([]string, error)

SyncSSLCaFiles synchronizes SSL CA files to the desired state by applying the provided diff. This function should be called in two phases:

  • Phase 1 (pre-config): Call with diff containing ToCreate and ToUpdate
  • Phase 2 (post-config): Call with diff containing ToDelete

SSL CA file storage is only available in HAProxy DataPlane API v3.2+. If the API version doesn't support CA file storage, operations are skipped with a warning.

The caller is responsible for splitting the diff into these phases. Returns reload IDs from create/update operations that triggered reloads.

func SyncSSLCertificates 

func SyncSSLCertificates(ctx context.Context, c *client.DataplaneClient, diff *SSLCertificateDiff) ([]string, error)

SyncSSLCertificates synchronizes SSL certificates to the desired state by applying the provided diff. This function should be called in two phases:

  • Phase 1 (pre-config): Call with diff containing ToCreate and ToUpdate
  • Phase 2 (post-config): Call with diff containing ToDelete

The caller is responsible for splitting the diff into these phases. Returns reload IDs from create/update operations that triggered reloads.

func SyncSSLCrlFiles 

func SyncSSLCrlFiles(ctx context.Context, c *client.DataplaneClient, diff *SSLCrlFileDiff) ([]string, error)

SyncSSLCrlFiles synchronizes SSL CRL files to the desired state by applying the provided diff. This function should be called in two phases:

  • Phase 1 (pre-config): Call with diff containing ToCreate and ToUpdate
  • Phase 2 (post-config): Call with diff containing ToDelete

SSL CRL file storage is only available in HAProxy DataPlane API v3.2+. If the API version doesn't support CRL file storage, operations are skipped with a warning.

The caller is responsible for splitting the diff into these phases. Returns reload IDs from create/update operations that triggered reloads.

Types

type CRTListDiff 

type CRTListDiff struct {
	// ToCreate contains crt-list files that exist in the desired state but not in the current state.
	ToCreate []CRTListFile

	// ToUpdate contains crt-list files that exist in both states but have different content.
	ToUpdate []CRTListFile

	// ToDelete contains crt-list file paths that exist in the current state but not in the desired state.
	// These are file paths (not full CRTListFile structs) since we only need the path to delete.
	ToDelete []string
}

CRTListDiff represents the differences between current and desired crt-list file states. It contains lists of crt-list files that need to be created, updated, or deleted.

func CompareCRTLists 

func CompareCRTLists(ctx context.Context, c *client.DataplaneClient, desired []CRTListFile) (*CRTListDiff, error)

CompareCRTLists compares the current state of crt-list files in HAProxy storage with the desired state, and returns a diff describing what needs to be created, updated, or deleted.

This function:

  1. Fetches all current crt-list file names from the Dataplane API
  2. Downloads content for each current crt-list file
  3. Compares with the desired crt-list files list
  4. Returns a CRTListDiff with operations needed to reach desired state

Path normalization: The API returns filenames only (e.g., "certificate-list.txt"), but CRTListFile.Path may contain full paths (e.g., "/etc/haproxy/certs/certificate-list.txt"). We normalize using filepath.Base() for comparison.

Version compatibility: CRT-list storage is only available in HAProxy DataPlane API v3.2+. On older versions (3.0, 3.1), this function automatically falls back to general file storage.

func (*CRTListDiff) HasChanges 

func (d *CRTListDiff) HasChanges() bool

HasChanges returns true if there are any changes to crt-list files.

type CRTListFile 

type CRTListFile struct {
	// Path is the absolute file path to the crt-list file.
	// Example: "/etc/haproxy/crt-lists/crt-list.txt"
	Path string

	// Content is the crt-list file contents (one certificate entry per line).
	// Format: <cert-path> [ssl-options] [sni-filter]
	// Example: "/etc/haproxy/ssl/cert.pem [ocsp-update on] example.com"
	Content string
}

CRTListFile represents a HAProxy crt-list file for SSL certificate lists with per-certificate options. CRT-list files allow specifying multiple certificates with individual SSL options and SNI filters.

func (CRTListFile) GetContent 

func (c CRTListFile) GetContent() string

GetContent implements the FileItem interface.

func (CRTListFile) GetIdentifier 

func (c CRTListFile) GetIdentifier() string

GetIdentifier implements the FileItem interface.

type FileDiff 

type FileDiff struct {
	// ToCreate contains files that exist in the desired state but not in the current state.
	ToCreate []GeneralFile

	// ToUpdate contains files that exist in both states but have different content.
	ToUpdate []GeneralFile

	// ToDelete contains paths of files that exist in the current state but not in the desired state.
	// These are file paths (not full GeneralFile structs) since we only need the path to delete.
	ToDelete []string
}

FileDiff represents the differences between current and desired file states. It contains lists of files that need to be created, updated, or deleted.

func CompareGeneralFiles 

func CompareGeneralFiles(ctx context.Context, c *client.DataplaneClient, desired []GeneralFile) (*FileDiff, error)

CompareGeneralFiles compares the current state of general files in HAProxy storage with the desired state, and returns a diff describing what needs to be created, updated, or deleted.

This function:

  1. Fetches all current file paths from the Dataplane API
  2. Downloads content for each current file
  3. Compares with the desired files list
  4. Returns a FileDiff with operations needed to reach desired state

func (*FileDiff) HasChanges 

func (d *FileDiff) HasChanges() bool

HasChanges returns true if there are any changes to general files.

type FileDiffGeneric 

type FileDiffGeneric[T FileItem] struct {
	// ToCreate contains files that exist in the desired state but not in the current state.
	ToCreate []T

	// ToUpdate contains files that exist in both states but have different content.
	ToUpdate []T

	// ToDelete contains identifiers of files that exist in the current state but not in the desired state.
	ToDelete []string
}

FileDiffGeneric represents the differences between current and desired file states.

This is a generic version of FileDiff/SSLCertificateDiff/MapFileDiff that works with any FileItem type.

func Compare 

func Compare[T FileItem](
	ctx context.Context,
	ops FileOperations[T],
	desired []T,
	newFile func(id, content string) T,
) (*FileDiffGeneric[T], error)

Compare compares the current state of files with the desired state using generic operations.

This function:

  1. Fetches all current file identifiers from the API
  2. Downloads content for each current file
  3. Compares with the desired files list
  4. Returns a FileDiffGeneric with operations needed to reach desired state

Type Parameters:

  • T: The file item type (must implement FileItem interface)

Parameters:

  • ctx: Context for cancellation
  • ops: File operations adapter for the specific file type
  • desired: Desired file state
  • newFile: Constructor function to create a new file item from identifier and content

Returns:

  • *FileDiffGeneric[T]: Diff containing create, update, and delete operations
  • error: Any error encountered during comparison

type FileItem 

type FileItem interface {
	// GetIdentifier returns the unique identifier for this file (filename or path).
	GetIdentifier() string

	// GetContent returns the file content.
	GetContent() string
}

FileItem represents any auxiliary file type (GeneralFile, SSLCertificate, MapFile).

All auxiliary file types must implement this interface to work with the generic Compare and Sync functions.

type FileOperations 

type FileOperations[T FileItem] interface {
	// GetAll returns all file identifiers (filenames/paths) currently stored.
	GetAll(ctx context.Context) ([]string, error)

	// GetContent retrieves the content for a specific file by identifier.
	GetContent(ctx context.Context, id string) (string, error)

	// Create creates a new file with the given identifier and content.
	// Returns the reload ID if a reload was triggered (empty string if not).
	Create(ctx context.Context, id, content string) (string, error)

	// Update updates an existing file with new content.
	// Returns the reload ID if a reload was triggered (empty string if not).
	Update(ctx context.Context, id, content string) (string, error)

	// Delete removes a file by identifier.
	Delete(ctx context.Context, id string) error
}

FileOperations defines CRUD operations for a specific auxiliary file type.

Implementations wrap the DataplaneClient methods for general files, SSL certificates, or map files.

type GeneralFile 

type GeneralFile struct {
	// Filename is the file name (used as API 'id'). Files are stored in
	// /usr/local/etc/haproxy/general/ regardless of the filename provided.
	// Example: "400.http"
	Filename string

	// Content is the file contents as a string. This maps to the 'file' field in
	// multipart form uploads to the Dataplane API.
	Content string
}

GeneralFile represents a general-purpose file (error files, custom response files, etc.). These files are uploaded to the Dataplane API storage and can be referenced in the HAProxy configuration (e.g., in http-errors sections).

func (GeneralFile) GetContent 

func (g GeneralFile) GetContent() string

GetContent implements the FileItem interface.

func (GeneralFile) GetIdentifier 

func (g GeneralFile) GetIdentifier() string

GetIdentifier implements the FileItem interface.

type MapFile 

type MapFile struct {
	// Path is the absolute file path to the map file.
	// Example: "/etc/haproxy/maps/domains.map"
	Path string

	// Content is the map file contents (one key-value pair per line).
	Content string
}

MapFile represents a HAProxy map file for dynamic key-value lookups. Map files enable runtime configuration changes without reloading HAProxy.

func (MapFile) GetContent 

func (m MapFile) GetContent() string

GetContent implements the FileItem interface.

func (MapFile) GetIdentifier 

func (m MapFile) GetIdentifier() string

GetIdentifier implements the FileItem interface.

type MapFileDiff 

type MapFileDiff struct {
	// ToCreate contains map files that exist in the desired state but not in the current state.
	ToCreate []MapFile

	// ToUpdate contains map files that exist in both states but have different content.
	ToUpdate []MapFile

	// ToDelete contains map file paths that exist in the current state but not in the desired state.
	// These are file paths (not full MapFile structs) since we only need the path to delete.
	ToDelete []string
}

MapFileDiff represents the differences between current and desired map file states. It contains lists of map files that need to be created, updated, or deleted.

func CompareMapFiles 

func CompareMapFiles(ctx context.Context, c *client.DataplaneClient, desired []MapFile) (*MapFileDiff, error)

CompareMapFiles compares the current state of map files in HAProxy storage with the desired state, and returns a diff describing what needs to be created, updated, or deleted.

This function:

  1. Fetches all current map file names from the Dataplane API
  2. Downloads content for each current map file
  3. Compares with the desired map files list
  4. Returns a MapFileDiff with operations needed to reach desired state

func (*MapFileDiff) HasChanges 

func (d *MapFileDiff) HasChanges() bool

HasChanges returns true if there are any changes to map files.

type SSLCaFile 

type SSLCaFile struct {
	// Path is the file path or name of the CA file.
	// Example: "ca-bundle.pem" or "/etc/haproxy/ssl/ca/trusted-cas.pem"
	Path string

	// Content is the PEM-encoded CA certificate data.
	// Can contain multiple CA certificates concatenated together.
	Content string
}

SSLCaFile represents an SSL CA certificate file containing trusted CA certificates. These files are used for client certificate verification and SSL chain validation. SSL CA file storage is only available in HAProxy DataPlane API v3.2+.

func (SSLCaFile) GetContent 

func (s SSLCaFile) GetContent() string

GetContent implements the FileItem interface.

func (SSLCaFile) GetIdentifier 

func (s SSLCaFile) GetIdentifier() string

GetIdentifier implements the FileItem interface.

type SSLCaFileDiff 

type SSLCaFileDiff struct {
	// ToCreate contains CA files that exist in the desired state but not in the current state.
	ToCreate []SSLCaFile

	// ToUpdate contains CA files that exist in both states but have different content.
	ToUpdate []SSLCaFile

	// ToDelete contains CA file names that exist in the current state but not in the desired state.
	ToDelete []string
}

SSLCaFileDiff represents the differences between current and desired SSL CA file states. It contains lists of CA files that need to be created, updated, or deleted.

func CompareSSLCaFiles 

func CompareSSLCaFiles(ctx context.Context, c *client.DataplaneClient, desired []SSLCaFile) (*SSLCaFileDiff, error)

CompareSSLCaFiles compares the current state of SSL CA files in HAProxy storage with the desired state, and returns a diff describing what needs to be created, updated, or deleted.

SSL CA file storage is only available in HAProxy DataPlane API v3.2+. If the API version doesn't support CA file storage, returns an empty diff.

Strategy:

  1. Check if SSL CA file storage is supported
  2. Fetch current CA file names from the Dataplane API
  3. Download content for each current CA file
  4. Compare content with desired CA files
  5. Return diff with create, update, and delete operations

Path normalization: The API returns filenames only (e.g., "ca-bundle.pem"), but SSLCaFile.Path may contain full paths (e.g., "/etc/haproxy/ssl/ca/ca-bundle.pem"). We normalize using filepath.Base() for comparison.

func (*SSLCaFileDiff) HasChanges 

func (d *SSLCaFileDiff) HasChanges() bool

HasChanges returns true if there are any changes to SSL CA files.

type SSLCertificate 

type SSLCertificate struct {
	// Path is the absolute file path to the certificate.
	// Example: "/etc/haproxy/certs/example.com.pem"
	Path string

	// Content is the PEM-encoded certificate and key data.
	Content string

	// Description is an optional human-readable description of the certificate.
	Description string
}

SSLCertificate represents an SSL/TLS certificate file containing certificates and keys. These files are used for HTTPS termination and client certificate authentication.

func (SSLCertificate) GetContent 

func (s SSLCertificate) GetContent() string

GetContent implements the FileItem interface.

func (SSLCertificate) GetIdentifier 

func (s SSLCertificate) GetIdentifier() string

GetIdentifier implements the FileItem interface.

type SSLCertificateDiff 

type SSLCertificateDiff struct {
	// ToCreate contains certificates that exist in the desired state but not in the current state.
	ToCreate []SSLCertificate

	// ToUpdate contains certificates that exist in both states but have different content.
	ToUpdate []SSLCertificate

	// ToDelete contains certificate names that exist in the current state but not in the desired state.
	// These are certificate names (not full SSLCertificate structs) since we only need the name to delete.
	ToDelete []string
}

SSLCertificateDiff represents the differences between current and desired SSL certificate states. It contains lists of certificates that need to be created, updated, or deleted.

func CompareSSLCertificates 

func CompareSSLCertificates(ctx context.Context, c *client.DataplaneClient, desired []SSLCertificate) (*SSLCertificateDiff, error)

CompareSSLCertificates compares the current state of SSL certificates in HAProxy storage with the desired state, and returns a diff describing what needs to be created, updated, or deleted.

This function uses identifier-based comparison. When the HAProxy Dataplane API returns sha256_finger_print, that is used for comparison. Otherwise, it falls back to comparing certificate serial+issuer (a workaround for https://github.com/haproxytech/dataplaneapi/pull/396).

Strategy:

  1. Fetch current certificate names from the Dataplane API
  2. Fetch identifiers for all current certificates (fingerprint or serial+issuer fallback)
  3. Compare identifiers with desired certificates
  4. Return diff with create, update, and delete operations

Path normalization: The API returns filenames only (e.g., "cert.pem"), but SSLCertificate.Path may contain full paths (e.g., "/etc/haproxy/ssl/cert.pem"). We normalize using filepath.Base() for comparison.

func (*SSLCertificateDiff) HasChanges 

func (d *SSLCertificateDiff) HasChanges() bool

HasChanges returns true if there are any changes to SSL certificates.

type SSLCrlFile 

type SSLCrlFile struct {
	// Path is the file path or name of the CRL file.
	// Example: "revoked.crl" or "/etc/haproxy/ssl/crl/revoked.crl"
	Path string

	// Content is the PEM or DER-encoded CRL data.
	Content string
}

SSLCrlFile represents an SSL Certificate Revocation List (CRL) file. These files contain lists of revoked certificates and are used to validate that client certificates have not been revoked. SSL CRL file storage is only available in HAProxy DataPlane API v3.2+.

func (SSLCrlFile) GetContent 

func (s SSLCrlFile) GetContent() string

GetContent implements the FileItem interface.

func (SSLCrlFile) GetIdentifier 

func (s SSLCrlFile) GetIdentifier() string

GetIdentifier implements the FileItem interface.

type SSLCrlFileDiff 

type SSLCrlFileDiff struct {
	// ToCreate contains CRL files that exist in the desired state but not in the current state.
	ToCreate []SSLCrlFile

	// ToUpdate contains CRL files that exist in both states but have different content.
	ToUpdate []SSLCrlFile

	// ToDelete contains CRL file names that exist in the current state but not in the desired state.
	ToDelete []string
}

SSLCrlFileDiff represents the differences between current and desired SSL CRL file states. It contains lists of CRL files that need to be created, updated, or deleted.

func CompareSSLCrlFiles 

func CompareSSLCrlFiles(ctx context.Context, c *client.DataplaneClient, desired []SSLCrlFile) (*SSLCrlFileDiff, error)

CompareSSLCrlFiles compares the current state of SSL CRL files in HAProxy storage with the desired state, and returns a diff describing what needs to be created, updated, or deleted.

SSL CRL file storage is only available in HAProxy DataPlane API v3.2+. If the API version doesn't support CRL file storage, returns an empty diff.

Strategy:

  1. Check if SSL CRL file storage is supported
  2. Fetch current CRL file names from the Dataplane API
  3. Download content for each current CRL file
  4. Compare content with desired CRL files
  5. Return diff with create, update, and delete operations

Path normalization: The API returns filenames only (e.g., "revoked.crl"), but SSLCrlFile.Path may contain full paths (e.g., "/etc/haproxy/ssl/crl/revoked.crl"). We normalize using filepath.Base() for comparison.

func (*SSLCrlFileDiff) HasChanges 

func (d *SSLCrlFileDiff) HasChanges() bool

HasChanges returns true if there are any changes to SSL CRL files.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.