github.com/anth0d/nomad@v0.0.0-20221214183521-ae3a0a2cad06/nomad/structs/service_identities.go (about) 1 package structs 2 3 import "errors" 4 5 // An SIToken is the important bits of a Service Identity token generated by Consul. 6 type SIToken struct { 7 ConsulNamespace string 8 TaskName string // the nomad task backing the consul service (native or sidecar) 9 AccessorID string 10 SecretID string 11 } 12 13 // An SITokenAccessor is a reference to a created Consul Service Identity token on 14 // behalf of an allocation's task. 15 type SITokenAccessor struct { 16 ConsulNamespace string 17 NodeID string 18 AllocID string 19 AccessorID string 20 TaskName string 21 22 // Raft index 23 CreateIndex uint64 24 } 25 26 // SITokenAccessorsRequest is used to operate on a set of SITokenAccessor, like 27 // recording a set of accessors for an alloc into raft. 28 type SITokenAccessorsRequest struct { 29 Accessors []*SITokenAccessor 30 } 31 32 // DeriveSITokenRequest is used to request Consul Service Identity tokens from 33 // the Nomad Server for the named tasks in the given allocation. 34 type DeriveSITokenRequest struct { 35 NodeID string 36 SecretID string 37 AllocID string 38 Tasks []string 39 QueryOptions 40 } 41 42 func (r *DeriveSITokenRequest) Validate() error { 43 switch { 44 case r.NodeID == "": 45 return errors.New("missing node ID") 46 case r.SecretID == "": 47 return errors.New("missing node SecretID") 48 case r.AllocID == "": 49 return errors.New("missing allocation ID") 50 case len(r.Tasks) == 0: 51 return errors.New("no tasks specified") 52 default: 53 return nil 54 } 55 } 56 57 type DeriveSITokenResponse struct { 58 // Tokens maps from Task Name to its associated SI token 59 Tokens map[string]string 60 61 // Error stores any error that occurred. Errors are stored here so we can 62 // communicate whether it is retryable 63 Error *RecoverableError 64 65 QueryMeta 66 }