raft

package
v1.4.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 26, 2020 License: MPL-2.0 Imports: 46 Imported by: 15

Documentation

Index

Constants

View Source 
const EnvVaultRaftNodeID = "VAULT_RAFT_NODE_ID"

EnvVaultRaftNodeID is used to fetch the Raft node ID from the environment.

View Source 
const EnvVaultRaftPath = "VAULT_RAFT_PATH"

EnvVaultRaftPath is used to fetch the path where Raft data is stored from the environment.

Variables

This section is empty.

Functions

func EnsurePath 

func EnsurePath(path string, dir bool) error

EnsurePath is used to make sure a path exists

func NewRaftBackend 

func NewRaftBackend(conf map[string]string, logger log.Logger) (physical.Backend, error)

NewRaftBackend constructs a RaftBackend using the given directory

func NewRaftLayer 

func NewRaftLayer(logger log.Logger, raftTLSKeyring *TLSKeyring, clusterListener cluster.ClusterHook) (*raftLayer, error)

NewRaftLayer creates a new raftLayer object. It parses the TLS information from the network config.

Types

type BoltSnapshotSink 

type BoltSnapshotSink struct {
	// contains filtered or unexported fields
}

BoltSnapshotSink implements SnapshotSink optionally choosing to write to a file.

func (*BoltSnapshotSink) Cancel 

func (s *BoltSnapshotSink) Cancel() error

Cancel is used to indicate an unsuccessful end.

func (*BoltSnapshotSink) Close 

func (s *BoltSnapshotSink) Close() error

Close is used to indicate a successful end.

func (*BoltSnapshotSink) ID 

func (s *BoltSnapshotSink) ID() string

ID returns the ID of the snapshot, can be used with Open() after the snapshot is finalized.

func (*BoltSnapshotSink) Write 

func (s *BoltSnapshotSink) Write(b []byte) (int, error)

Write is used to append to the state file. We write to the buffered IO object to reduce the amount of context switches.

type BoltSnapshotStore 

type BoltSnapshotStore struct {
	// contains filtered or unexported fields
}

BoltSnapshotStore implements the SnapshotStore interface and allows snapshots to be made on the local disk. The main difference between this store and the file store is we make the distinction between snapshots that have been written by the FSM and by internal Raft operations. The former are treated as noop snapshots on Persist and are read in full from the FSM on Open. The latter are treated like normal file snapshots and are able to be opened and applied as usual.

func NewBoltSnapshotStore 

func NewBoltSnapshotStore(base string, retain int, logger log.Logger, fsm *FSM) (*BoltSnapshotStore, error)

NewBoltSnapshotStore creates a new BoltSnapshotStore based on a base directory. The `retain` parameter controls how many snapshots are retained. Must be at least 1.

func (*BoltSnapshotStore) Create 

func (f *BoltSnapshotStore) Create(version raft.SnapshotVersion, index, term uint64,
	configuration raft.Configuration, configurationIndex uint64, trans raft.Transport) (raft.SnapshotSink, error)

Create is used to start a new snapshot

func (*BoltSnapshotStore) List 

func (f *BoltSnapshotStore) List() ([]*raft.SnapshotMeta, error)

List returns available snapshots in the store. It only returns bolt snapshots. No snapshot will be returned if there are no indexes in the FSM.

func (*BoltSnapshotStore) Open 

func (f *BoltSnapshotStore) Open(id string) (*raft.SnapshotMeta, io.ReadCloser, error)

Open takes a snapshot ID and returns a ReadCloser for that snapshot.

func (*BoltSnapshotStore) ReapSnapshots 

func (f *BoltSnapshotStore) ReapSnapshots() error

ReapSnapshots reaps any snapshots beyond the retain count.

type ConfigurationValue 

type ConfigurationValue struct {
	Index                uint64    `protobuf:"varint,1,opt,name=index,proto3" json:"index,omitempty"`
	Servers              []*Server `protobuf:"bytes,2,rep,name=servers,proto3" json:"servers,omitempty"`
	XXX_NoUnkeyedLiteral struct{}  `json:"-"`
	XXX_unrecognized     []byte    `json:"-"`
	XXX_sizecache        int32     `json:"-"`
}

func (*ConfigurationValue) Descriptor 

func (*ConfigurationValue) Descriptor() ([]byte, []int)

func (*ConfigurationValue) GetIndex 

func (m *ConfigurationValue) GetIndex() uint64

func (*ConfigurationValue) GetServers 

func (m *ConfigurationValue) GetServers() []*Server

func (*ConfigurationValue) ProtoMessage 

func (*ConfigurationValue) ProtoMessage()

func (*ConfigurationValue) Reset 

func (m *ConfigurationValue) Reset()

func (*ConfigurationValue) String 

func (m *ConfigurationValue) String() string

func (*ConfigurationValue) XXX_DiscardUnknown 

func (m *ConfigurationValue) XXX_DiscardUnknown()

func (*ConfigurationValue) XXX_Marshal 

func (m *ConfigurationValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*ConfigurationValue) XXX_Merge 

func (m *ConfigurationValue) XXX_Merge(src proto.Message)

func (*ConfigurationValue) XXX_Size 

func (m *ConfigurationValue) XXX_Size() int

func (*ConfigurationValue) XXX_Unmarshal 

func (m *ConfigurationValue) XXX_Unmarshal(b []byte) error

type FSM 

type FSM struct {
	// contains filtered or unexported fields
}

FSM is Vault's primary state storage. It writes updates to an bolt db file that lives on local disk. FSM implements raft.FSM and physical.Backend interfaces.

func NewFSM 

func NewFSM(conf map[string]string, logger log.Logger) (*FSM, error)

NewFSM constructs a FSM using the given directory

func (*FSM) Apply 

func (f *FSM) Apply(log *raft.Log) interface{}

Apply will apply a log value to the FSM. This is called from the raft library.

func (*FSM) ApplyBatch added in v1.3.0 

func (f *FSM) ApplyBatch(logs []*raft.Log) []interface{}

ApplyBatch will apply a set of logs to the FSM. This is called from the raft library.

func (*FSM) Delete 

func (f *FSM) Delete(ctx context.Context, path string) error

Delete deletes the given key from the bolt file.

func (*FSM) DeletePrefix 

func (f *FSM) DeletePrefix(ctx context.Context, prefix string) error

Delete deletes the given key from the bolt file.

func (*FSM) Get 

func (f *FSM) Get(ctx context.Context, path string) (*physical.Entry, error)

Get retrieves the value at the given path from the bolt file.

func (*FSM) LatestState 

func (f *FSM) LatestState() (*IndexValue, *ConfigurationValue)

LatestState returns the latest index and configuration values we have seen on this FSM.

func (*FSM) List 

func (f *FSM) List(ctx context.Context, prefix string) ([]string, error)

List retrieves the set of keys with the given prefix from the bolt file.

func (*FSM) Put 

func (f *FSM) Put(ctx context.Context, entry *physical.Entry) error

Put writes the given entry to the bolt file.

func (*FSM) Restore 

func (f *FSM) Restore(r io.ReadCloser) error

Restore reads data from the provided reader and writes it into the FSM. It first deletes the existing bucket to clear all existing data, then recreates it so we can copy in the snapshot.

func (*FSM) SetNoopRestore 

func (f *FSM) SetNoopRestore(enabled bool)

SetNoopRestore is used to disable restore operations on raft startup. Because we are using persistent storage in our FSM we do not need to issue a restore on startup.

func (*FSM) Snapshot 

func (f *FSM) Snapshot() (raft.FSMSnapshot, error)

Snapshot implements the FSM interface. It returns a noop snapshot object.

func (*FSM) Transaction 

func (f *FSM) Transaction(ctx context.Context, txns []*physical.TxnEntry) error

Transaction writes all the operations in the provided transaction to the bolt file.

type FSMApplyResponse 

type FSMApplyResponse struct {
	Success bool
}

FSMApplyResponse is returned from an FSM apply. It indicates if the apply was successful or not.

type FSMChunkStorage 

type FSMChunkStorage struct {
	// contains filtered or unexported fields
}

func (*FSMChunkStorage) FinalizeOp 

func (f *FSMChunkStorage) FinalizeOp(opNum uint64) ([]*raftchunking.ChunkInfo, error)

func (*FSMChunkStorage) GetChunks 

func (f *FSMChunkStorage) GetChunks() (raftchunking.ChunkMap, error)

func (*FSMChunkStorage) RestoreChunks 

func (f *FSMChunkStorage) RestoreChunks(chunks raftchunking.ChunkMap) error

func (*FSMChunkStorage) StoreChunk 

func (f *FSMChunkStorage) StoreChunk(chunk *raftchunking.ChunkInfo) (bool, error)

type IndexValue 

type IndexValue struct {
	Term                 uint64   `protobuf:"varint,1,opt,name=term,proto3" json:"term,omitempty"`
	Index                uint64   `protobuf:"varint,2,opt,name=index,proto3" json:"index,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*IndexValue) Descriptor 

func (*IndexValue) Descriptor() ([]byte, []int)

func (*IndexValue) GetIndex 

func (m *IndexValue) GetIndex() uint64

func (*IndexValue) GetTerm 

func (m *IndexValue) GetTerm() uint64

func (*IndexValue) ProtoMessage 

func (*IndexValue) ProtoMessage()

func (*IndexValue) Reset 

func (m *IndexValue) Reset()

func (*IndexValue) String 

func (m *IndexValue) String() string

func (*IndexValue) XXX_DiscardUnknown 

func (m *IndexValue) XXX_DiscardUnknown()

func (*IndexValue) XXX_Marshal 

func (m *IndexValue) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*IndexValue) XXX_Merge 

func (m *IndexValue) XXX_Merge(src proto.Message)

func (*IndexValue) XXX_Size 

func (m *IndexValue) XXX_Size() int

func (*IndexValue) XXX_Unmarshal 

func (m *IndexValue) XXX_Unmarshal(b []byte) error

type LeaderJoinInfo added in v1.4.0 

type LeaderJoinInfo struct {
	// LeaderAPIAddr is the address of the leader node to connect to
	LeaderAPIAddr string `json:"leader_api_addr"`

	// LeaderCACert is the CA cert of the leader node
	LeaderCACert string `json:"leader_ca_cert"`

	// LeaderClientCert is the client certificate for the follower node to
	// establish client authentication during TLS
	LeaderClientCert string `json:"leader_client_cert"`

	// LeaderClientKey is the client key for the follower node to establish
	// client authentication during TLS.
	LeaderClientKey string `json:"leader_client_key"`

	// LeaderCACertFile is the path on disk to the the CA cert file of the
	// leader node. This should only be provided via Vault's configuration file.
	LeaderCACertFile string `json:"leader_ca_cert_file"`

	// LeaderClientCertFile is the path on disk to the client certificate file
	// for the follower node to establish client authentication during TLS. This
	// should only be provided via Vault's configuration file.
	LeaderClientCertFile string `json:"leader_client_cert_file"`

	// LeaderClientKeyFile is the path on disk to the client key file for the
	// follower node to establish client authentication during TLS. This should
	// only be provided via Vault's configuration file.
	LeaderClientKeyFile string `json:"leader_client_key_file"`

	// Retry indicates if the join process should automatically be retried
	Retry bool `json:"-"`

	// TLSConfig for the API client to use when communicating with the leader node
	TLSConfig *tls.Config `json:"-"`
}

LeaderJoinInfo contains information required by a node to join itself as a follower to an existing raft cluster

type LogData 

type LogData struct {
	Operations           []*LogOperation `protobuf:"bytes,1,rep,name=operations,proto3" json:"operations,omitempty"`
	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
	XXX_unrecognized     []byte          `json:"-"`
	XXX_sizecache        int32           `json:"-"`
}

func (*LogData) Descriptor 

func (*LogData) Descriptor() ([]byte, []int)

func (*LogData) GetOperations 

func (m *LogData) GetOperations() []*LogOperation

func (*LogData) ProtoMessage 

func (*LogData) ProtoMessage()

func (*LogData) Reset 

func (m *LogData) Reset()

func (*LogData) String 

func (m *LogData) String() string

func (*LogData) XXX_DiscardUnknown 

func (m *LogData) XXX_DiscardUnknown()

func (*LogData) XXX_Marshal 

func (m *LogData) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*LogData) XXX_Merge 

func (m *LogData) XXX_Merge(src proto.Message)

func (*LogData) XXX_Size 

func (m *LogData) XXX_Size() int

func (*LogData) XXX_Unmarshal 

func (m *LogData) XXX_Unmarshal(b []byte) error

type LogOperation 

type LogOperation struct {
	// OpType is the Operation type
	OpType uint32 `protobuf:"varint,1,opt,name=op_type,json=opType,proto3" json:"op_type,omitempty"`
	// Flags is an opaque value, currently unused. Reserved.
	Flags uint64 `protobuf:"varint,2,opt,name=flags,proto3" json:"flags,omitempty"`
	// Key that is being affected
	Key string `protobuf:"bytes,3,opt,name=key,proto3" json:"key,omitempty"`
	// Value is optional, corresponds to the key
	Value                []byte   `protobuf:"bytes,4,opt,name=value,proto3" json:"value,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*LogOperation) Descriptor 

func (*LogOperation) Descriptor() ([]byte, []int)

func (*LogOperation) GetFlags 

func (m *LogOperation) GetFlags() uint64

func (*LogOperation) GetKey 

func (m *LogOperation) GetKey() string

func (*LogOperation) GetOpType 

func (m *LogOperation) GetOpType() uint32

func (*LogOperation) GetValue 

func (m *LogOperation) GetValue() []byte

func (*LogOperation) ProtoMessage 

func (*LogOperation) ProtoMessage()

func (*LogOperation) Reset 

func (m *LogOperation) Reset()

func (*LogOperation) String 

func (m *LogOperation) String() string

func (*LogOperation) XXX_DiscardUnknown 

func (m *LogOperation) XXX_DiscardUnknown()

func (*LogOperation) XXX_Marshal 

func (m *LogOperation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*LogOperation) XXX_Merge 

func (m *LogOperation) XXX_Merge(src proto.Message)

func (*LogOperation) XXX_Size 

func (m *LogOperation) XXX_Size() int

func (*LogOperation) XXX_Unmarshal 

func (m *LogOperation) XXX_Unmarshal(b []byte) error

type Peer 

type Peer struct {
	ID      string `json:"id"`
	Address string `json:"address"`
}

Peer defines the ID and Address for a given member of the raft cluster.

type RaftBackend 

type RaftBackend struct {
	// contains filtered or unexported fields
}

RaftBackend implements the backend interfaces and uses the raft protocol to persist writes to the FSM.

func (*RaftBackend) AddNonVotingPeer added in v1.3.0 

func (b *RaftBackend) AddNonVotingPeer(ctx context.Context, peerID, clusterAddr string) error

AddPeer adds a new server to the raft cluster

func (*RaftBackend) AddPeer 

func (b *RaftBackend) AddPeer(ctx context.Context, peerID, clusterAddr string) error

AddPeer adds a new server to the raft cluster

func (*RaftBackend) AppliedIndex 

func (b *RaftBackend) AppliedIndex() uint64

AppliedIndex returns the latest index applied to the FSM

func (*RaftBackend) Bootstrap 

func (b *RaftBackend) Bootstrap(ctx context.Context, peers []Peer) error

Bootstrap prepares the given peers to be part of the raft cluster

func (*RaftBackend) CommittedIndex added in v1.4.2 

func (b *RaftBackend) CommittedIndex() uint64

CommittedIndex returns the latest index committed to stable storage

func (*RaftBackend) Delete 

func (b *RaftBackend) Delete(ctx context.Context, path string) error

Delete inserts an entry in the log to delete the given path

func (*RaftBackend) Get 

func (b *RaftBackend) Get(ctx context.Context, path string) (*physical.Entry, error)

Get returns the value corresponding to the given path from the fsm

func (*RaftBackend) GetConfiguration 

func (b *RaftBackend) GetConfiguration(ctx context.Context) (*RaftConfigurationResponse, error)

func (*RaftBackend) HAEnabled 

func (b *RaftBackend) HAEnabled() bool

HAEnabled is the implemention of the HABackend interface

func (*RaftBackend) Initialized 

func (b *RaftBackend) Initialized() bool

Initialized tells if raft is running or not

func (*RaftBackend) JoinConfig added in v1.4.0 

func (b *RaftBackend) JoinConfig() ([]*LeaderJoinInfo, error)

JoinConfig returns a list of information about possible leader nodes that this node can join as a follower

func (*RaftBackend) List 

func (b *RaftBackend) List(ctx context.Context, prefix string) ([]string, error)

List enumerates all the items under the prefix from the fsm

func (*RaftBackend) LockWith 

func (b *RaftBackend) LockWith(key, value string) (physical.Lock, error)

HAEnabled is the implemention of the HABackend interface

func (*RaftBackend) NodeID 

func (b *RaftBackend) NodeID() string

NodeID returns the identifier of the node

func (*RaftBackend) Peers 

func (b *RaftBackend) Peers(ctx context.Context) ([]Peer, error)

Peers returns all the servers present in the raft cluster

func (*RaftBackend) Put 

func (b *RaftBackend) Put(ctx context.Context, entry *physical.Entry) error

Put inserts an entry in the log for the put operation

func (*RaftBackend) RemovePeer 

func (b *RaftBackend) RemovePeer(ctx context.Context, peerID string) error

RemovePeer removes the given peer ID from the raft cluster. If the node is ourselves we will give up leadership.

func (*RaftBackend) RestoreSnapshot 

func (b *RaftBackend) RestoreSnapshot(ctx context.Context, metadata raft.SnapshotMeta, snap io.Reader) error

RestoreSnapshot applies the provided snapshot metadata and snapshot data to raft.

func (*RaftBackend) SetRestoreCallback 

func (b *RaftBackend) SetRestoreCallback(restoreCb restoreCallback)

SetRestoreCallback sets the callback to be used when a restoreCallbackOp is processed through the FSM.

func (*RaftBackend) SetServerAddressProvider 

func (b *RaftBackend) SetServerAddressProvider(provider raft.ServerAddressProvider)

SetServerAddressProvider sets a the address provider for determining the raft node addresses. This is currently only used in tests.

func (*RaftBackend) SetTLSKeyring 

func (b *RaftBackend) SetTLSKeyring(keyring *TLSKeyring) error

SetTLSKeyring is used to install a new keyring. If the active key has changed it will also close any network connections or streams forcing a reconnect with the new key.

func (*RaftBackend) SetupCluster 

func (b *RaftBackend) SetupCluster(ctx context.Context, opts SetupOpts) error

SetupCluster starts the raft cluster and enables the networking needed for the raft nodes to communicate.

func (*RaftBackend) Snapshot 

func (b *RaftBackend) Snapshot(out *logical.HTTPResponseWriter, access *seal.Access) error

Snapshot takes a raft snapshot, packages it into a archive file and writes it to the provided writer. Seal access is used to encrypt the SHASUM file so we can validate the snapshot was taken using the same master keys or not.

func (*RaftBackend) StartRecoveryCluster added in v1.3.0 

func (b *RaftBackend) StartRecoveryCluster(ctx context.Context, peer Peer) error

func (*RaftBackend) TeardownCluster 

func (b *RaftBackend) TeardownCluster(clusterListener cluster.ClusterHook) error

TeardownCluster shuts down the raft cluster

func (*RaftBackend) Transaction 

func (b *RaftBackend) Transaction(ctx context.Context, txns []*physical.TxnEntry) error

Transaction applies all the given operations into a single log and applies it.

func (*RaftBackend) WriteSnapshotToTemp 

func (b *RaftBackend) WriteSnapshotToTemp(in io.ReadCloser, access *seal.Access) (*os.File, func(), raft.SnapshotMeta, error)

WriteSnapshotToTemp reads a snapshot archive off the provided reader, extracts the data and writes the snapshot to a temporary file. The seal access is used to decrypt the SHASUM file in the archive to ensure this snapshot has the same master key as the running instance. If the provided access is nil then it will skip that validation.

type RaftConfigurationResponse 

type RaftConfigurationResponse struct {
	// Servers has the list of servers in the Raft configuration.
	Servers []*RaftServer `json:"servers"`

	// Index has the Raft index of this configuration.
	Index uint64 `json:"index"`
}

RaftConfigurationResponse is returned when querying for the current Raft configuration.

type RaftLock 

type RaftLock struct {
	// contains filtered or unexported fields
}

RaftLock implements the physical Lock interface and enables HA for this backend. The Lock uses the raftNotifyCh for receiving leadership edge triggers. Vault's active duty matches raft's leadership.

func (*RaftLock) Lock 

func (l *RaftLock) Lock(stopCh <-chan struct{}) (<-chan struct{}, error)

Lock blocks until we become leader or are shutdown. It returns a channel that is closed when we detect a loss of leadership.

func (*RaftLock) Unlock 

func (l *RaftLock) Unlock() error

Unlock gives up leadership.

func (*RaftLock) Value 

func (l *RaftLock) Value() (bool, string, error)

Value reads the value of the lock. This informs us who is currently leader.

type RaftServer 

type RaftServer struct {
	// NodeID is the name of the server
	NodeID string `json:"node_id"`

	// Address is the IP:port of the server, used for Raft communications
	Address string `json:"address"`

	// Leader is true if this server is the current cluster leader
	Leader bool `json:"leader"`

	// Protocol version is the raft protocol version used by the server
	ProtocolVersion string `json:"protocol_version"`

	// Voter is true if this server has a vote in the cluster. This might
	// be false if the server is staging and still coming online.
	Voter bool `json:"voter"`
}

RaftServer has information about a server in the Raft configuration

type Server 

type Server struct {
	Suffrage             int32    `protobuf:"varint,1,opt,name=suffrage,proto3" json:"suffrage,omitempty"`
	Id                   string   `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
	Address              string   `protobuf:"bytes,3,opt,name=address,proto3" json:"address,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (*Server) Descriptor 

func (*Server) Descriptor() ([]byte, []int)

func (*Server) GetAddress 

func (m *Server) GetAddress() string

func (*Server) GetId 

func (m *Server) GetId() string

func (*Server) GetSuffrage 

func (m *Server) GetSuffrage() int32

func (*Server) ProtoMessage 

func (*Server) ProtoMessage()

func (*Server) Reset 

func (m *Server) Reset()

func (*Server) String 

func (m *Server) String() string

func (*Server) XXX_DiscardUnknown 

func (m *Server) XXX_DiscardUnknown()

func (*Server) XXX_Marshal 

func (m *Server) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Server) XXX_Merge 

func (m *Server) XXX_Merge(src proto.Message)

func (*Server) XXX_Size 

func (m *Server) XXX_Size() int

func (*Server) XXX_Unmarshal 

func (m *Server) XXX_Unmarshal(b []byte) error

type SetupOpts 

type SetupOpts struct {
	// TLSKeyring is the keyring to use for the cluster traffic.
	TLSKeyring *TLSKeyring

	// ClusterListener is the cluster hook used to register the raft handler and
	// client with core's cluster listeners.
	ClusterListener cluster.ClusterHook

	// StartAsLeader is used to specify this node should start as leader and
	// bypass the leader election. This should be used with caution.
	StartAsLeader bool

	// RecoveryModeConfig is the configuration for the raft cluster in recovery
	// mode.
	RecoveryModeConfig *raft.Configuration
}

SetupOpts are used to pass options to the raft setup function.

type TLSKey 

type TLSKey struct {
	// ID is a unique identifier for this Key
	ID string `json:"id"`

	// KeyType defines the algorighm used to generate the private keys
	KeyType string `json:"key_type"`

	// AppliedIndex is the earliest known raft index that safely contains this
	// key.
	AppliedIndex uint64 `json:"applied_index"`

	// CertBytes is the marshaled certificate.
	CertBytes []byte `json:"cluster_cert"`

	// KeyParams is the marshaled private key.
	KeyParams *certutil.ClusterKeyParams `json:"cluster_key_params"`

	// CreatedTime is the time this key was generated. This value is useful in
	// determining when the next rotation should be.
	CreatedTime time.Time `json:"created_time"`
	// contains filtered or unexported fields
}

TLSKey is a single TLS keypair in the Keyring

func GenerateTLSKey 

func GenerateTLSKey(reader io.Reader) (*TLSKey, error)

type TLSKeyring 

type TLSKeyring struct {
	// Keys is the set of available key pairs
	Keys []*TLSKey `json:"keys"`

	// AppliedIndex is the earliest known raft index that safely contains the
	// latest key in the keyring.
	AppliedIndex uint64 `json:"applied_index"`

	// Term is an incrementing identifier value used to quickly determine if two
	// states of the keyring are different.
	Term uint64 `json:"term"`

	// ActiveKeyID is the key ID to track the active key in the keyring. Only
	// the active key is used for dialing.
	ActiveKeyID string `json:"active_key_id"`
}

TLSKeyring is the set of keys that raft uses for network communication. Only one key is used to dial at a time but both keys will be used to accept connections.

func (*TLSKeyring) GetActive 

func (k *TLSKeyring) GetActive() *TLSKey

GetActive returns the active key.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.