Update valkeyrie to v1.0.0
This commit is contained in:
Ludovic Fernandez
GitHub
parent
d578ed7327
commit
d531963f95
18 changed files with 254 additions and 289 deletions
|
|
@ -1,12 +1,16 @@
|
|||
package consul
|
||||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/kvtools/valkeyrie/store"
|
||||
"github.com/kvtools/consul"
|
||||
"github.com/traefik/traefik/v2/pkg/log"
|
||||
"github.com/traefik/traefik/v2/pkg/provider"
|
||||
"github.com/traefik/traefik/v2/pkg/provider/kv"
|
||||
"github.com/traefik/traefik/v2/pkg/types"
|
||||
)
|
||||
|
||||
// providerName is the Consul provider name.
|
||||
|
|
@ -18,6 +22,9 @@ var _ provider.Provider = (*Provider)(nil)
|
|||
type ProviderBuilder struct {
|
||||
kv.Provider `yaml:",inline" export:"true"`
|
||||
|
||||
Token string `description:"Per-request ACL token." json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"`
|
||||
TLS *types.ClientTLS `description:"Enable TLS support." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
|
||||
|
||||
// Deprecated: use Namespaces instead.
|
||||
Namespace string `description:"Sets the namespace used to discover the configuration (Consul Enterprise only)." json:"namespace,omitempty" toml:"namespace,omitempty" yaml:"namespace,omitempty"`
|
||||
Namespaces []string `description:"Sets the namespaces used to discover the configuration (Consul Enterprise only)." json:"namespaces,omitempty" toml:"namespaces,omitempty" yaml:"namespaces,omitempty"`
|
||||
|
|
@ -43,6 +50,8 @@ func (p *ProviderBuilder) BuildProviders() []*Provider {
|
|||
name: providerName,
|
||||
// p.Namespace could very well be empty.
|
||||
namespace: p.Namespace,
|
||||
token: p.Token,
|
||||
tls: p.TLS,
|
||||
}}
|
||||
}
|
||||
|
||||
|
|
@ -52,6 +61,8 @@ func (p *ProviderBuilder) BuildProviders() []*Provider {
|
|||
Provider: p.Provider,
|
||||
name: providerName + "-" + namespace,
|
||||
namespace: namespace,
|
||||
token: p.Token,
|
||||
tls: p.TLS,
|
||||
})
|
||||
}
|
||||
|
||||
|
|
@ -64,6 +75,8 @@ type Provider struct {
|
|||
|
||||
name string
|
||||
namespace string
|
||||
token string
|
||||
tls *types.ClientTLS
|
||||
}
|
||||
|
||||
// Init the provider.
|
||||
|
|
@ -79,5 +92,19 @@ func (p *Provider) Init() error {
|
|||
p.name = providerName
|
||||
}
|
||||
|
||||
return p.Provider.Init(store.CONSUL, p.name, p.namespace)
|
||||
config := &consul.Config{
|
||||
ConnectionTimeout: 3 * time.Second,
|
||||
Token: p.token,
|
||||
Namespace: p.namespace,
|
||||
}
|
||||
|
||||
if p.tls != nil {
|
||||
var err error
|
||||
config.TLS, err = p.tls.CreateTLSConfig(context.Background())
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to create client TLS configuration: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
return p.Provider.Init(consul.StoreName, p.name, config)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,16 +1,25 @@
|
|||
package etcd
|
||||
|
||||
import (
|
||||
"github.com/kvtools/valkeyrie/store"
|
||||
"context"
|
||||
"fmt"
|
||||
"time"
|
||||
|
||||
"github.com/kvtools/etcdv3"
|
||||
"github.com/traefik/traefik/v2/pkg/provider"
|
||||
"github.com/traefik/traefik/v2/pkg/provider/kv"
|
||||
"github.com/traefik/traefik/v2/pkg/types"
|
||||
)
|
||||
|
||||
var _ provider.Provider = (*Provider)(nil)
|
||||
|
||||
// Provider holds configurations of the provider.
|
||||
type Provider struct {
|
||||
kv.Provider `export:"true"`
|
||||
kv.Provider `yaml:",inline" export:"true"`
|
||||
|
||||
TLS *types.ClientTLS `description:"Enable TLS support." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
|
||||
Username string `description:"Username for authentication." json:"username,omitempty" toml:"username,omitempty" yaml:"username,omitempty" loggable:"false"`
|
||||
Password string `description:"Password for authentication." json:"password,omitempty" toml:"password,omitempty" yaml:"password,omitempty" loggable:"false"`
|
||||
}
|
||||
|
||||
// SetDefaults sets the default values.
|
||||
|
|
@ -21,5 +30,19 @@ func (p *Provider) SetDefaults() {
|
|||
|
||||
// Init the provider.
|
||||
func (p *Provider) Init() error {
|
||||
return p.Provider.Init(store.ETCDV3, "etcd", "")
|
||||
config := &etcdv3.Config{
|
||||
ConnectionTimeout: 3 * time.Second,
|
||||
Username: p.Username,
|
||||
Password: p.Password,
|
||||
}
|
||||
|
||||
if p.TLS != nil {
|
||||
var err error
|
||||
config.TLS, err = p.TLS.CreateTLSConfig(context.Background())
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to create client TLS configuration: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
return p.Provider.Init(etcdv3.StoreName, "etcd", config)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,32 +10,21 @@ import (
|
|||
"github.com/cenkalti/backoff/v4"
|
||||
"github.com/kvtools/valkeyrie"
|
||||
"github.com/kvtools/valkeyrie/store"
|
||||
"github.com/kvtools/valkeyrie/store/consul"
|
||||
etcdv3 "github.com/kvtools/valkeyrie/store/etcd/v3"
|
||||
"github.com/kvtools/valkeyrie/store/redis"
|
||||
"github.com/kvtools/valkeyrie/store/zookeeper"
|
||||
"github.com/traefik/traefik/v2/pkg/config/dynamic"
|
||||
"github.com/traefik/traefik/v2/pkg/config/kv"
|
||||
"github.com/traefik/traefik/v2/pkg/job"
|
||||
"github.com/traefik/traefik/v2/pkg/log"
|
||||
"github.com/traefik/traefik/v2/pkg/safe"
|
||||
"github.com/traefik/traefik/v2/pkg/types"
|
||||
)
|
||||
|
||||
// Provider holds configurations of the provider.
|
||||
type Provider struct {
|
||||
RootKey string `description:"Root key used for KV store" json:"rootKey,omitempty" toml:"rootKey,omitempty" yaml:"rootKey,omitempty"`
|
||||
RootKey string `description:"Root key used for KV store." json:"rootKey,omitempty" toml:"rootKey,omitempty" yaml:"rootKey,omitempty"`
|
||||
|
||||
Endpoints []string `description:"KV store endpoints" json:"endpoints,omitempty" toml:"endpoints,omitempty" yaml:"endpoints,omitempty"`
|
||||
Username string `description:"KV Username" json:"username,omitempty" toml:"username,omitempty" yaml:"username,omitempty" loggable:"false"`
|
||||
Password string `description:"KV Password" json:"password,omitempty" toml:"password,omitempty" yaml:"password,omitempty" loggable:"false"`
|
||||
Token string `description:"KV Token" json:"token,omitempty" toml:"token,omitempty" yaml:"token,omitempty" loggable:"false"`
|
||||
TLS *types.ClientTLS `description:"Enable TLS support" json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true" `
|
||||
Endpoints []string `description:"KV store endpoints." json:"endpoints,omitempty" toml:"endpoints,omitempty" yaml:"endpoints,omitempty"`
|
||||
|
||||
name string
|
||||
namespace string
|
||||
storeType store.Backend
|
||||
kvClient store.Store
|
||||
name string
|
||||
kvClient store.Store
|
||||
}
|
||||
|
||||
// SetDefaults sets the default values.
|
||||
|
|
@ -44,14 +33,12 @@ func (p *Provider) SetDefaults() {
|
|||
}
|
||||
|
||||
// Init the provider.
|
||||
func (p *Provider) Init(storeType store.Backend, name, namespace string) error {
|
||||
func (p *Provider) Init(storeType, name string, config valkeyrie.Config) error {
|
||||
ctx := log.With(context.Background(), log.Str(log.ProviderName, name))
|
||||
|
||||
p.name = name
|
||||
p.namespace = namespace
|
||||
p.storeType = storeType
|
||||
|
||||
kvClient, err := p.createKVClient(ctx)
|
||||
kvClient, err := p.createKVClient(ctx, storeType, config)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to Connect to KV store: %w", err)
|
||||
}
|
||||
|
|
@ -161,36 +148,8 @@ func (p *Provider) buildConfiguration(ctx context.Context) (*dynamic.Configurati
|
|||
return cfg, nil
|
||||
}
|
||||
|
||||
func (p *Provider) createKVClient(ctx context.Context) (store.Store, error) {
|
||||
storeConfig := &store.Config{
|
||||
ConnectionTimeout: 3 * time.Second,
|
||||
Bucket: "traefik",
|
||||
Username: p.Username,
|
||||
Password: p.Password,
|
||||
Token: p.Token,
|
||||
Namespace: p.namespace,
|
||||
}
|
||||
|
||||
if p.TLS != nil {
|
||||
var err error
|
||||
storeConfig.TLS, err = p.TLS.CreateTLSConfig(ctx)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("unable to create client TLS configuration: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
switch p.storeType {
|
||||
case store.CONSUL:
|
||||
consul.Register()
|
||||
case store.ETCDV3:
|
||||
etcdv3.Register()
|
||||
case store.ZK:
|
||||
zookeeper.Register()
|
||||
case store.REDIS:
|
||||
redis.Register()
|
||||
}
|
||||
|
||||
kvStore, err := valkeyrie.NewStore(ctx, p.storeType, p.Endpoints, storeConfig)
|
||||
func (p *Provider) createKVClient(ctx context.Context, storeType string, config valkeyrie.Config) (store.Store, error) {
|
||||
kvStore, err := valkeyrie.NewStore(ctx, storeType, p.Endpoints, config)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,16 +1,25 @@
|
|||
package redis
|
||||
|
||||
import (
|
||||
"github.com/kvtools/valkeyrie/store"
|
||||
"context"
|
||||
"fmt"
|
||||
|
||||
"github.com/kvtools/redis"
|
||||
"github.com/traefik/traefik/v2/pkg/provider"
|
||||
"github.com/traefik/traefik/v2/pkg/provider/kv"
|
||||
"github.com/traefik/traefik/v2/pkg/types"
|
||||
)
|
||||
|
||||
var _ provider.Provider = (*Provider)(nil)
|
||||
|
||||
// Provider holds configurations of the provider.
|
||||
type Provider struct {
|
||||
kv.Provider `export:"true"`
|
||||
kv.Provider `yaml:",inline" export:"true"`
|
||||
|
||||
TLS *types.ClientTLS `description:"Enable TLS support." json:"tls,omitempty" toml:"tls,omitempty" yaml:"tls,omitempty" export:"true"`
|
||||
Username string `description:"Username for authentication." json:"username,omitempty" toml:"username,omitempty" yaml:"username,omitempty" loggable:"false"`
|
||||
Password string `description:"Password for authentication." json:"password,omitempty" toml:"password,omitempty" yaml:"password,omitempty" loggable:"false"`
|
||||
DB int `description:"Database to be selected after connecting to the server." json:"db,omitempty" toml:"db,omitempty" yaml:"db,omitempty"`
|
||||
}
|
||||
|
||||
// SetDefaults sets the default values.
|
||||
|
|
@ -21,5 +30,19 @@ func (p *Provider) SetDefaults() {
|
|||
|
||||
// Init the provider.
|
||||
func (p *Provider) Init() error {
|
||||
return p.Provider.Init(store.REDIS, "redis", "")
|
||||
config := redis.Config{
|
||||
Username: p.Username,
|
||||
Password: p.Password,
|
||||
DB: p.DB,
|
||||
}
|
||||
|
||||
if p.TLS != nil {
|
||||
var err error
|
||||
config.TLS, err = p.TLS.CreateTLSConfig(context.Background())
|
||||
if err != nil {
|
||||
return fmt.Errorf("unable to create client TLS configuration: %w", err)
|
||||
}
|
||||
}
|
||||
|
||||
return p.Provider.Init(redis.StoreName, "redis", config)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,7 +1,9 @@
|
|||
package zk
|
||||
|
||||
import (
|
||||
"github.com/kvtools/valkeyrie/store"
|
||||
"time"
|
||||
|
||||
"github.com/kvtools/zookeeper"
|
||||
"github.com/traefik/traefik/v2/pkg/provider"
|
||||
"github.com/traefik/traefik/v2/pkg/provider/kv"
|
||||
)
|
||||
|
|
@ -10,7 +12,10 @@ var _ provider.Provider = (*Provider)(nil)
|
|||
|
||||
// Provider holds configurations of the provider.
|
||||
type Provider struct {
|
||||
kv.Provider `export:"true"`
|
||||
kv.Provider `yaml:",inline" export:"true"`
|
||||
|
||||
Username string `description:"Username for authentication." json:"username,omitempty" toml:"username,omitempty" yaml:"username,omitempty" loggable:"false"`
|
||||
Password string `description:"Password for authentication." json:"password,omitempty" toml:"password,omitempty" yaml:"password,omitempty" loggable:"false"`
|
||||
}
|
||||
|
||||
// SetDefaults sets the default values.
|
||||
|
|
@ -21,5 +26,11 @@ func (p *Provider) SetDefaults() {
|
|||
|
||||
// Init the provider.
|
||||
func (p *Provider) Init() error {
|
||||
return p.Provider.Init(store.ZK, "zookeeper", "")
|
||||
config := &zookeeper.Config{
|
||||
ConnectionTimeout: 3 * time.Second,
|
||||
Username: p.Username,
|
||||
Password: p.Password,
|
||||
}
|
||||
|
||||
return p.Provider.Init(zookeeper.StoreName, "zookeeper", config)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -730,15 +730,14 @@ func TestDo_staticConfiguration(t *testing.T) {
|
|||
Provider: kv.Provider{
|
||||
RootKey: "RootKey",
|
||||
Endpoints: nil,
|
||||
Username: "username",
|
||||
Password: "password",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "myCa",
|
||||
CAOptional: true,
|
||||
Cert: "mycert.pem",
|
||||
Key: "mycert.key",
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
},
|
||||
Token: "secret",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "myCa",
|
||||
CAOptional: true,
|
||||
Cert: "mycert.pem",
|
||||
Key: "mycert.key",
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
Namespace: "ns",
|
||||
Namespaces: []string{"ns1", "ns2"},
|
||||
|
|
@ -748,15 +747,15 @@ func TestDo_staticConfiguration(t *testing.T) {
|
|||
Provider: kv.Provider{
|
||||
RootKey: "RootKey",
|
||||
Endpoints: nil,
|
||||
Username: "username",
|
||||
Password: "password",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "myCa",
|
||||
CAOptional: true,
|
||||
Cert: "mycert.pem",
|
||||
Key: "mycert.key",
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
},
|
||||
Username: "username",
|
||||
Password: "password",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "myCa",
|
||||
CAOptional: true,
|
||||
Cert: "mycert.pem",
|
||||
Key: "mycert.key",
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
}
|
||||
|
||||
|
|
@ -764,31 +763,24 @@ func TestDo_staticConfiguration(t *testing.T) {
|
|||
Provider: kv.Provider{
|
||||
RootKey: "RootKey",
|
||||
Endpoints: nil,
|
||||
Username: "username",
|
||||
Password: "password",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "myCa",
|
||||
CAOptional: true,
|
||||
Cert: "mycert.pem",
|
||||
Key: "mycert.key",
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
},
|
||||
Username: "username",
|
||||
Password: "password",
|
||||
}
|
||||
|
||||
config.Providers.Redis = &redis.Provider{
|
||||
Provider: kv.Provider{
|
||||
RootKey: "RootKey",
|
||||
Endpoints: nil,
|
||||
Username: "username",
|
||||
Password: "password",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "myCa",
|
||||
CAOptional: true,
|
||||
Cert: "mycert.pem",
|
||||
Key: "mycert.key",
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
},
|
||||
Username: "username",
|
||||
Password: "password",
|
||||
TLS: &types.ClientTLS{
|
||||
CA: "myCa",
|
||||
CAOptional: true,
|
||||
Cert: "mycert.pem",
|
||||
Key: "mycert.key",
|
||||
InsecureSkipVerify: true,
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -229,8 +229,7 @@
|
|||
},
|
||||
"consul": {
|
||||
"rootKey": "xxxx",
|
||||
"username": "xxxx",
|
||||
"password": "xxxx",
|
||||
"token": "xxxx",
|
||||
"tls": {
|
||||
"ca": "xxxx",
|
||||
"caOptional": true,
|
||||
|
|
@ -246,39 +245,32 @@
|
|||
},
|
||||
"etcd": {
|
||||
"rootKey": "xxxx",
|
||||
"username": "xxxx",
|
||||
"password": "xxxx",
|
||||
"tls": {
|
||||
"ca": "xxxx",
|
||||
"caOptional": true,
|
||||
"cert": "xxxx",
|
||||
"key": "xxxx",
|
||||
"insecureSkipVerify": true
|
||||
}
|
||||
},
|
||||
"username": "xxxx",
|
||||
"password": "xxxx"
|
||||
},
|
||||
"zooKeeper": {
|
||||
"rootKey": "xxxx",
|
||||
"username": "xxxx",
|
||||
"password": "xxxx",
|
||||
"tls": {
|
||||
"ca": "xxxx",
|
||||
"caOptional": true,
|
||||
"cert": "xxxx",
|
||||
"key": "xxxx",
|
||||
"insecureSkipVerify": true
|
||||
}
|
||||
"password": "xxxx"
|
||||
},
|
||||
"redis": {
|
||||
"rootKey": "xxxx",
|
||||
"username": "xxxx",
|
||||
"password": "xxxx",
|
||||
"tls": {
|
||||
"ca": "xxxx",
|
||||
"caOptional": true,
|
||||
"cert": "xxxx",
|
||||
"key": "xxxx",
|
||||
"insecureSkipVerify": true
|
||||
}
|
||||
},
|
||||
"username": "xxxx",
|
||||
"password": "xxxx"
|
||||
},
|
||||
"http": {
|
||||
"endpoint": "xxxx",
|
||||
|
|
@ -476,4 +468,4 @@
|
|||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -25,29 +25,29 @@ type ClientTLS struct {
|
|||
}
|
||||
|
||||
// CreateTLSConfig creates a TLS config from ClientTLS structures.
|
||||
func (clientTLS *ClientTLS) CreateTLSConfig(ctx context.Context) (*tls.Config, error) {
|
||||
if clientTLS == nil {
|
||||
func (c *ClientTLS) CreateTLSConfig(ctx context.Context) (*tls.Config, error) {
|
||||
if c == nil {
|
||||
log.FromContext(ctx).Warnf("clientTLS is nil")
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
if clientTLS.CAOptional {
|
||||
if c.CAOptional {
|
||||
log.FromContext(ctx).Warn("CAOptional is deprecated, TLS client authentication is a server side option.")
|
||||
}
|
||||
|
||||
// Not initialized, to rely on system bundle.
|
||||
var caPool *x509.CertPool
|
||||
|
||||
if clientTLS.CA != "" {
|
||||
if c.CA != "" {
|
||||
var ca []byte
|
||||
if _, errCA := os.Stat(clientTLS.CA); errCA == nil {
|
||||
if _, errCA := os.Stat(c.CA); errCA == nil {
|
||||
var err error
|
||||
ca, err = os.ReadFile(clientTLS.CA)
|
||||
ca, err = os.ReadFile(c.CA)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed to read CA. %w", err)
|
||||
}
|
||||
} else {
|
||||
ca = []byte(clientTLS.CA)
|
||||
ca = []byte(c.CA)
|
||||
}
|
||||
|
||||
caPool = x509.NewCertPool()
|
||||
|
|
@ -56,8 +56,8 @@ func (clientTLS *ClientTLS) CreateTLSConfig(ctx context.Context) (*tls.Config, e
|
|||
}
|
||||
}
|
||||
|
||||
hasCert := len(clientTLS.Cert) > 0
|
||||
hasKey := len(clientTLS.Key) > 0
|
||||
hasCert := len(c.Cert) > 0
|
||||
hasKey := len(c.Key) > 0
|
||||
|
||||
if hasCert != hasKey {
|
||||
return nil, errors.New("both TLS cert and key must be defined")
|
||||
|
|
@ -66,11 +66,11 @@ func (clientTLS *ClientTLS) CreateTLSConfig(ctx context.Context) (*tls.Config, e
|
|||
if !hasCert || !hasKey {
|
||||
return &tls.Config{
|
||||
RootCAs: caPool,
|
||||
InsecureSkipVerify: clientTLS.InsecureSkipVerify,
|
||||
InsecureSkipVerify: c.InsecureSkipVerify,
|
||||
}, nil
|
||||
}
|
||||
|
||||
cert, err := loadKeyPair(clientTLS.Cert, clientTLS.Key)
|
||||
cert, err := loadKeyPair(c.Cert, c.Key)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -78,7 +78,7 @@ func (clientTLS *ClientTLS) CreateTLSConfig(ctx context.Context) (*tls.Config, e
|
|||
return &tls.Config{
|
||||
Certificates: []tls.Certificate{cert},
|
||||
RootCAs: caPool,
|
||||
InsecureSkipVerify: clientTLS.InsecureSkipVerify,
|
||||
InsecureSkipVerify: c.InsecureSkipVerify,
|
||||
}, nil
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue