Skip to content

Commit

Permalink
Merge pull request #9475 from cbroglie/tls-server-name
Browse files Browse the repository at this point in the history 
Add support for configuring TLS ServerName for health checks
  • Loading branch information
@dnephin
dnephin authored Mar 17, 2021
2 parents 931023f + 99eda98 commit cacd7cc
Show file tree
Hide file tree
Showing 22 changed files with 317 additions and 84 deletions.
3 changes: 3 additions & 0 deletions .changelog/9475.txt
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
checks: add TLSServerName field to allow setting the TLS server name for HTTPS health checks.
```
4 changes: 2 additions & 2 deletions agent/agent.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2517,7 +2517,7 @@ func (a *Agent) addCheck(check *structs.HealthCheck, chkType *structs.CheckType,
chkType.Interval = checks.MinInterval
}

tlsClientConfig := a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify)
tlsClientConfig := a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify, chkType.TLSServerName)

http := &checks.CheckHTTP{
CheckID: cid,
Expand Down Expand Up @@ -2589,7 +2589,7 @@ func (a *Agent) addCheck(check *structs.HealthCheck, chkType *structs.CheckType,

var tlsClientConfig *tls.Config
if chkType.GRPCUseTLS {
tlsClientConfig = a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify)
tlsClientConfig = a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify, chkType.TLSServerName)
}

grpc := &checks.CheckGRPC{
Expand Down
1 change: 1 addition & 0 deletions agent/config/builder.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1571,6 +1571,7 @@ func (b *builder) checkVal(v *CheckDefinition) *structs.CheckDefinition {
Shell: stringVal(v.Shell),
GRPC: stringVal(v.GRPC),
GRPCUseTLS: boolVal(v.GRPCUseTLS),
TLSServerName: stringVal(v.TLSServerName),
TLSSkipVerify: boolVal(v.TLSSkipVerify),
AliasNode: stringVal(v.AliasNode),
AliasService: stringVal(v.AliasService),
Expand Down
1 change: 1 addition & 0 deletions agent/config/config.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -405,6 +405,7 @@ type CheckDefinition struct {
Shell *string `mapstructure:"shell"`
GRPC *string `mapstructure:"grpc"`
GRPCUseTLS *bool `mapstructure:"grpc_use_tls"`
TLSServerName *string `mapstructure:"tls_server_name"`
TLSSkipVerify *bool `mapstructure:"tls_skip_verify" alias:"tlsskipverify"`
AliasNode *string `mapstructure:"alias_node"`
AliasService *string `mapstructure:"alias_service"`
Expand Down
9 changes: 9 additions & 0 deletions agent/config/runtime_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5081,6 +5081,7 @@ func TestLoad_FullConfig(t *testing.T) {
OutputMaxSize: checks.DefaultBufSize,
DockerContainerID: "ipgdFtjd",
Shell: "qAeOYy0M",
TLSServerName: "bdeb5f6a",
TLSSkipVerify: true,
Timeout: 1813 * time.Second,
TTL: 21743 * time.Second,
Expand All @@ -5106,6 +5107,7 @@ func TestLoad_FullConfig(t *testing.T) {
Interval: 28767 * time.Second,
DockerContainerID: "THW6u7rL",
Shell: "C1Zt3Zwh",
TLSServerName: "6adc3bfb",
TLSSkipVerify: true,
Timeout: 18506 * time.Second,
TTL: 31006 * time.Second,
Expand All @@ -5131,6 +5133,7 @@ func TestLoad_FullConfig(t *testing.T) {
Interval: 18714 * time.Second,
DockerContainerID: "qF66POS9",
Shell: "sOnDy228",
TLSServerName: "7BdnzBYk",
TLSSkipVerify: true,
Timeout: 5954 * time.Second,
TTL: 30044 * time.Second,
Expand Down Expand Up @@ -5336,6 +5339,7 @@ func TestLoad_FullConfig(t *testing.T) {
Interval: 24392 * time.Second,
DockerContainerID: "ZKXr68Yb",
Shell: "CEfzx0Fo",
TLSServerName: "4f191d4F",
TLSSkipVerify: true,
Timeout: 38333 * time.Second,
TTL: 57201 * time.Second,
Expand Down Expand Up @@ -5386,6 +5390,7 @@ func TestLoad_FullConfig(t *testing.T) {
Interval: 32718 * time.Second,
DockerContainerID: "cU15LMet",
Shell: "nEz9qz2l",
TLSServerName: "f43ouY7a",
TLSSkipVerify: true,
Timeout: 34738 * time.Second,
TTL: 22773 * time.Second,
Expand All @@ -5409,6 +5414,7 @@ func TestLoad_FullConfig(t *testing.T) {
Interval: 5656 * time.Second,
DockerContainerID: "5tDBWpfA",
Shell: "rlTpLM8s",
TLSServerName: "sOv5WTtp",
TLSSkipVerify: true,
Timeout: 4868 * time.Second,
TTL: 11222 * time.Second,
Expand Down Expand Up @@ -5525,6 +5531,7 @@ func TestLoad_FullConfig(t *testing.T) {
Interval: 22224 * time.Second,
DockerContainerID: "ipgdFtjd",
Shell: "omVZq7Sz",
TLSServerName: "axw5QPL5",
TLSSkipVerify: true,
Timeout: 18913 * time.Second,
TTL: 44743 * time.Second,
Expand All @@ -5548,6 +5555,7 @@ func TestLoad_FullConfig(t *testing.T) {
Interval: 12356 * time.Second,
DockerContainerID: "HBndBU6R",
Shell: "hVI33JjA",
TLSServerName: "7uwWOnUS",
TLSSkipVerify: true,
Timeout: 38282 * time.Second,
TTL: 1181 * time.Second,
Expand All @@ -5571,6 +5579,7 @@ func TestLoad_FullConfig(t *testing.T) {
Interval: 23926 * time.Second,
DockerContainerID: "dO5TtRHk",
Shell: "e6q2ttES",
TLSServerName: "ECSHk8WF",
TLSSkipVerify: true,
Timeout: 38483 * time.Second,
TTL: 10943 * time.Second,
Expand Down
2 changes: 2 additions & 0 deletions agent/config/testdata/TestRuntimeConfig_Sanitize.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,6 +107,7 @@
"Status": "",
"SuccessBeforePassing": 0,
"TCP": "",
"TLSServerName": "",
"TLSSkipVerify": false,
"TTL": "0s",
"Timeout": "0s",
Expand Down Expand Up @@ -307,6 +308,7 @@
"Status": "",
"SuccessBeforePassing": 0,
"TCP": "",
"TLSServerName": "",
"TLSSkipVerify": false,
"TTL": "0s",
"Timeout": "0s"
Expand Down
9 changes: 9 additions & 0 deletions agent/config/testdata/full-config.hcl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,6 +113,7 @@ check = {
output_max_size = 4096
docker_container_id = "qF66POS9"
shell = "sOnDy228"
tls_server_name = "7BdnzBYk"
tls_skip_verify = true
timeout = "5954s"
ttl = "30044s"
Expand All @@ -139,6 +140,7 @@ checks = [
output_max_size = 4096
docker_container_id = "ipgdFtjd"
shell = "qAeOYy0M"
tls_server_name = "bdeb5f6a"
tls_skip_verify = true
timeout = "1813s"
ttl = "21743s"
Expand All @@ -164,6 +166,7 @@ checks = [
output_max_size = 4096
docker_container_id = "THW6u7rL"
shell = "C1Zt3Zwh"
tls_server_name = "6adc3bfb"
tls_skip_verify = true
timeout = "18506s"
ttl = "31006s"
Expand Down Expand Up @@ -378,6 +381,7 @@ service = {
interval = "23926s"
docker_container_id = "dO5TtRHk"
shell = "e6q2ttES"
tls_server_name = "ECSHk8WF"
tls_skip_verify = true
timeout = "38483s"
ttl = "10943s"
Expand All @@ -402,6 +406,7 @@ service = {
output_max_size = 4096
docker_container_id = "ipgdFtjd"
shell = "omVZq7Sz"
tls_server_name = "axw5QPL5"
tls_skip_verify = true
timeout = "18913s"
ttl = "44743s"
Expand All @@ -425,6 +430,7 @@ service = {
output_max_size = 4096
docker_container_id = "HBndBU6R"
shell = "hVI33JjA"
tls_server_name = "7uwWOnUS"
tls_skip_verify = true
timeout = "38282s"
ttl = "1181s"
Expand Down Expand Up @@ -462,6 +468,7 @@ services = [
output_max_size = 4096
docker_container_id = "ZKXr68Yb"
shell = "CEfzx0Fo"
tls_server_name = "4f191d4F"
tls_skip_verify = true
timeout = "38333s"
ttl = "57201s"
Expand Down Expand Up @@ -502,6 +509,7 @@ services = [
output_max_size = 4096
docker_container_id = "cU15LMet"
shell = "nEz9qz2l"
tls_server_name = "f43ouY7a"
tls_skip_verify = true
timeout = "34738s"
ttl = "22773s"
Expand All @@ -525,6 +533,7 @@ services = [
output_max_size = 4096
docker_container_id = "5tDBWpfA"
shell = "rlTpLM8s"
tls_server_name = "sOv5WTtp"
tls_skip_verify = true
timeout = "4868s"
ttl = "11222s"
Expand Down
9 changes: 9 additions & 0 deletions agent/config/testdata/full-config.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,7 @@
"interval": "18714s",
"docker_container_id": "qF66POS9",
"shell": "sOnDy228",
"tls_server_name": "7BdnzBYk",
"tls_skip_verify": true,
"timeout": "5954s",
"ttl": "30044s",
Expand All @@ -140,6 +141,7 @@
"output_max_size": 4096,
"docker_container_id": "ipgdFtjd",
"shell": "qAeOYy0M",
"tls_server_name": "bdeb5f6a",
"tls_skip_verify": true,
"timeout": "1813s",
"ttl": "21743s",
Expand All @@ -165,6 +167,7 @@
"output_max_size": 4096,
"docker_container_id": "THW6u7rL",
"shell": "C1Zt3Zwh",
"tls_server_name": "6adc3bfb",
"tls_skip_verify": true,
"timeout": "18506s",
"ttl": "31006s",
Expand Down Expand Up @@ -375,6 +378,7 @@
"output_max_size": 4096,
"docker_container_id": "dO5TtRHk",
"shell": "e6q2ttES",
"tls_server_name": "ECSHk8WF",
"tls_skip_verify": true,
"timeout": "38483s",
"ttl": "10943s",
Expand All @@ -399,6 +403,7 @@
"output_max_size": 4096,
"docker_container_id": "ipgdFtjd",
"shell": "omVZq7Sz",
"tls_server_name": "axw5QPL5",
"tls_skip_verify": true,
"timeout": "18913s",
"ttl": "44743s",
Expand All @@ -422,6 +427,7 @@
"output_max_size": 4096,
"docker_container_id": "HBndBU6R",
"shell": "hVI33JjA",
"tls_server_name": "7uwWOnUS",
"tls_skip_verify": true,
"timeout": "38282s",
"ttl": "1181s",
Expand Down Expand Up @@ -459,6 +465,7 @@
"output_max_size": 4096,
"docker_container_id": "ZKXr68Yb",
"shell": "CEfzx0Fo",
"tls_server_name": "4f191d4F",
"tls_skip_verify": true,
"timeout": "38333s",
"ttl": "57201s",
Expand Down Expand Up @@ -499,6 +506,7 @@
"output_max_size": 4096,
"docker_container_id": "cU15LMet",
"shell": "nEz9qz2l",
"tls_server_name": "f43ouY7a",
"tls_skip_verify": true,
"timeout": "34738s",
"ttl": "22773s",
Expand All @@ -522,6 +530,7 @@
"output_max_size": 4096,
"docker_container_id": "5tDBWpfA",
"shell": "rlTpLM8s",
"tls_server_name": "sOv5WTtp",
"tls_skip_verify": true,
"timeout": "4868s",
"ttl": "11222s",
Expand Down
Loading

0 comments on commit cacd7cc

Please sign in to comment.