internal: update tenant certificates on outpost refresh
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer
parent
6f32eeea43
commit
87e99625e6
|
|
@ -116,6 +116,9 @@ func attemptProxyStart(ws *web.WebServer, u *url.URL) {
|
||||||
tw := tenant_tls.NewWatcher(ac.Client)
|
tw := tenant_tls.NewWatcher(ac.Client)
|
||||||
go tw.Start()
|
go tw.Start()
|
||||||
ws.TenantTLS = tw
|
ws.TenantTLS = tw
|
||||||
|
ac.AddRefreshHandler(func() {
|
||||||
|
tw.Check()
|
||||||
|
})
|
||||||
|
|
||||||
srv := proxyv2.NewProxyServer(ac, 0)
|
srv := proxyv2.NewProxyServer(ac, 0)
|
||||||
ws.ProxyServer = srv
|
ws.ProxyServer = srv
|
||||||
|
|
|
||||||
|
|
@ -41,6 +41,7 @@ type APIController struct {
|
||||||
lastWsReconnect time.Time
|
lastWsReconnect time.Time
|
||||||
wsIsReconnecting bool
|
wsIsReconnecting bool
|
||||||
wsBackoffMultiplier int
|
wsBackoffMultiplier int
|
||||||
|
refreshHandlers []func()
|
||||||
|
|
||||||
instanceUUID uuid.UUID
|
instanceUUID uuid.UUID
|
||||||
}
|
}
|
||||||
|
|
@ -95,6 +96,7 @@ func NewAPIController(akURL url.URL, token string) *APIController {
|
||||||
instanceUUID: uuid.New(),
|
instanceUUID: uuid.New(),
|
||||||
Outpost: outpost,
|
Outpost: outpost,
|
||||||
wsBackoffMultiplier: 1,
|
wsBackoffMultiplier: 1,
|
||||||
|
refreshHandlers: make([]func(), 0),
|
||||||
}
|
}
|
||||||
ac.logger.WithField("offset", ac.reloadOffset.String()).Debug("HA Reload offset")
|
ac.logger.WithField("offset", ac.reloadOffset.String()).Debug("HA Reload offset")
|
||||||
err = ac.initWS(akURL, outpost.Pk)
|
err = ac.initWS(akURL, outpost.Pk)
|
||||||
|
|
@ -139,6 +141,10 @@ func (a *APIController) configureRefreshSignal() {
|
||||||
a.logger.Debug("Enabled USR1 hook to reload")
|
a.logger.Debug("Enabled USR1 hook to reload")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (a *APIController) AddRefreshHandler(handler func()) {
|
||||||
|
a.refreshHandlers = append(a.refreshHandlers, handler)
|
||||||
|
}
|
||||||
|
|
||||||
func (a *APIController) OnRefresh() error {
|
func (a *APIController) OnRefresh() error {
|
||||||
// Because we don't know the outpost UUID, we simply do a list and pick the first
|
// Because we don't know the outpost UUID, we simply do a list and pick the first
|
||||||
// The service account this token belongs to should only have access to a single outpost
|
// The service account this token belongs to should only have access to a single outpost
|
||||||
|
|
@ -152,7 +158,11 @@ func (a *APIController) OnRefresh() error {
|
||||||
|
|
||||||
a.logger.WithField("name", a.Outpost.Name).Debug("Fetched outpost configuration")
|
a.logger.WithField("name", a.Outpost.Name).Debug("Fetched outpost configuration")
|
||||||
doGlobalSetup(a.Outpost, a.GlobalConfig)
|
doGlobalSetup(a.Outpost, a.GlobalConfig)
|
||||||
return a.Server.Refresh()
|
err = a.Server.Refresh()
|
||||||
|
for _, handler := range a.refreshHandlers {
|
||||||
|
handler()
|
||||||
|
}
|
||||||
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
func (a *APIController) StartBackgorundTasks() error {
|
func (a *APIController) StartBackgorundTasks() error {
|
||||||
|
|
|
||||||
|
|
@ -44,6 +44,7 @@ func (w *Watcher) Start() {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (w *Watcher) Check() {
|
func (w *Watcher) Check() {
|
||||||
|
w.log.Info("updating tenant certificates")
|
||||||
tenants, _, err := w.client.CoreApi.CoreTenantsListExecute(api.ApiCoreTenantsListRequest{})
|
tenants, _, err := w.client.CoreApi.CoreTenantsListExecute(api.ApiCoreTenantsListRequest{})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
w.log.WithError(err).Warning("failed to get tenants")
|
w.log.WithError(err).Warning("failed to get tenants")
|
||||||
|
|
|
||||||
Reference in a new issue