From 6b0e582ff187067dc428dd653e49785a75b922e5 Mon Sep 17 00:00:00 2001
From: Tamnjong Larry Tabeh <122117063+larrytamnjong@users.noreply.github.com>
Date: Fri, 20 Dec 2024 11:03:53 +0100
Subject: [PATCH] Add support for CAGetConfiguration (399) (#404)
---
Consul.Test/ConnectTest.cs | 13 +++++++++
Consul/Connect.cs | 42 +++++++++++++++++++++++++++
Consul/Interfaces/IConnectEndpoint.cs | 2 ++
3 files changed, 57 insertions(+)
diff --git a/Consul.Test/ConnectTest.cs b/Consul.Test/ConnectTest.cs
index 2295f269..853e24cf 100644
--- a/Consul.Test/ConnectTest.cs
+++ b/Consul.Test/ConnectTest.cs
@@ -41,5 +41,18 @@ public async Task Connect_CARoots()
Assert.NotNull(root.RootCert);
Assert.NotNull(root.SigningKeyID);
}
+
+ [Fact]
+ public async Task Connect_GetCAConfigurationTest()
+ {
+ var req = await _client.Connect.CAGetConfig();
+ var result = req.Response;
+
+ Assert.Equal("consul", result.Provider);
+ Assert.NotEmpty(result.Config);
+ Assert.False(result.ForceWithoutCrossSigning);
+ Assert.NotEqual((ulong)0, result.CreateIndex);
+ Assert.NotEqual((ulong)0, result.ModifyIndex);
+ }
}
}
diff --git a/Consul/Connect.cs b/Consul/Connect.cs
index 22433c33..2a04b381 100644
--- a/Consul/Connect.cs
+++ b/Consul/Connect.cs
@@ -26,6 +26,33 @@
namespace Consul
{
+ public class CAConfig
+ { ///
+ /// Provider is the CA provider implementation to use.
+ ///
+ public string Provider { get; set; }
+ ///
+ /// Configuration is arbitrary configuration for the provider. This
+ /// should only contain primitive values and containers (such as lists and maps).
+ ///
+ public Dictionary Config { get; set; }
+ ///
+ /// State is read-only data that the provider might have persisted for use
+ /// after restart or leadership transition. For example this might include
+ /// UUIDs of resources it has created. Setting this when writing a configuration is an error.
+ ///
+ public Dictionary State { get; set; }
+ ///
+ /// ForceWithoutCrossSigning indicates that the CA reconfiguration should go
+ /// ahead even if the current CA is unable to cross sign certificates. This
+ /// risks temporary connection failures during the rollout as new leafs will be
+ /// rejected by proxies that have not yet observed the new root cert but is the
+ /// only option if a CA that doesn't support cross signing needs to be reconfigured or mirated away from.
+ ///
+ public bool ForceWithoutCrossSigning { get; set; }
+ public ulong CreateIndex { get; set; }
+ public ulong ModifyIndex { get; set; }
+ }
public class Connect : IConnectEndpoint
{
private readonly ConsulClient _client;
@@ -48,6 +75,21 @@ public Task> CARoots(QueryOptions q, CancellationToken ct =
{
return _client.Get("/v1/connect/ca/roots", q).Execute(ct);
}
+ ///
+ /// CAGetConfig returns the current CA configuration.
+ ///
+ public Task> CAGetConfig(CancellationToken ct = default)
+ {
+ return CAGetConfig(QueryOptions.Default, ct);
+ }
+
+ ///
+ /// CAGetConfig returns the current CA configuration.
+ ///
+ public Task> CAGetConfig(QueryOptions q, CancellationToken ct = default)
+ {
+ return _client.Get("/v1/connect/ca/configuration", q).Execute(ct);
+ }
}
public partial class ConsulClient : IConsulClient
diff --git a/Consul/Interfaces/IConnectEndpoint.cs b/Consul/Interfaces/IConnectEndpoint.cs
index 647aec53..2a84f63f 100644
--- a/Consul/Interfaces/IConnectEndpoint.cs
+++ b/Consul/Interfaces/IConnectEndpoint.cs
@@ -28,5 +28,7 @@ public interface IConnectEndpoint
{
Task> CARoots(QueryOptions q, CancellationToken ct = default);
Task> CARoots(CancellationToken ct = default);
+ Task> CAGetConfig(QueryOptions q, CancellationToken ct = default);
+ Task> CAGetConfig(CancellationToken ct = default);
}
}