internal: update tenant certificates on outpost refresh

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-12-23 00:38:49 +01:00
parent 6f32eeea43
commit 87e99625e6
3 changed files with 15 additions and 1 deletions

View file

@ -116,6 +116,9 @@ func attemptProxyStart(ws *web.WebServer, u *url.URL) {
tw := tenant_tls.NewWatcher(ac.Client)
go tw.Start()
ws.TenantTLS = tw
ac.AddRefreshHandler(func() {
tw.Check()
})
srv := proxyv2.NewProxyServer(ac, 0)
ws.ProxyServer = srv

View file

@ -41,6 +41,7 @@ type APIController struct {
lastWsReconnect time.Time
wsIsReconnecting bool
wsBackoffMultiplier int
refreshHandlers []func()
instanceUUID uuid.UUID
}
@ -95,6 +96,7 @@ func NewAPIController(akURL url.URL, token string) *APIController {
instanceUUID: uuid.New(),
Outpost: outpost,
wsBackoffMultiplier: 1,
refreshHandlers: make([]func(), 0),
}
ac.logger.WithField("offset", ac.reloadOffset.String()).Debug("HA Reload offset")
err = ac.initWS(akURL, outpost.Pk)
@ -139,6 +141,10 @@ func (a *APIController) configureRefreshSignal() {
a.logger.Debug("Enabled USR1 hook to reload")
}
func (a *APIController) AddRefreshHandler(handler func()) {
a.refreshHandlers = append(a.refreshHandlers, handler)
}
func (a *APIController) OnRefresh() error {
// Because we don't know the outpost UUID, we simply do a list and pick the first
// The service account this token belongs to should only have access to a single outpost
@ -152,7 +158,11 @@ func (a *APIController) OnRefresh() error {
a.logger.WithField("name", a.Outpost.Name).Debug("Fetched outpost configuration")
doGlobalSetup(a.Outpost, a.GlobalConfig)
return a.Server.Refresh()
err = a.Server.Refresh()
for _, handler := range a.refreshHandlers {
handler()
}
return err
}
func (a *APIController) StartBackgorundTasks() error {

View file

@ -44,6 +44,7 @@ func (w *Watcher) Start() {
}
func (w *Watcher) Check() {
w.log.Info("updating tenant certificates")
tenants, _, err := w.client.CoreApi.CoreTenantsListExecute(api.ApiCoreTenantsListRequest{})
if err != nil {
w.log.WithError(err).Warning("failed to get tenants")