github.com/hernad/nomad@v1.6.112/nomad/structs/service_identities.go (about) 1 // Copyright (c) HashiCorp, Inc. 2 // SPDX-License-Identifier: MPL-2.0 3 4 package structs 5 6 import "errors" 7 8 // An SIToken is the important bits of a Service Identity token generated by Consul. 9 type SIToken struct { 10 ConsulNamespace string 11 TaskName string // the nomad task backing the consul service (native or sidecar) 12 AccessorID string 13 SecretID string 14 } 15 16 // An SITokenAccessor is a reference to a created Consul Service Identity token on 17 // behalf of an allocation's task. 18 type SITokenAccessor struct { 19 ConsulNamespace string 20 NodeID string 21 AllocID string 22 AccessorID string 23 TaskName string 24 25 // Raft index 26 CreateIndex uint64 27 } 28 29 // SITokenAccessorsRequest is used to operate on a set of SITokenAccessor, like 30 // recording a set of accessors for an alloc into raft. 31 type SITokenAccessorsRequest struct { 32 Accessors []*SITokenAccessor 33 } 34 35 // DeriveSITokenRequest is used to request Consul Service Identity tokens from 36 // the Nomad Server for the named tasks in the given allocation. 37 type DeriveSITokenRequest struct { 38 NodeID string 39 SecretID string 40 AllocID string 41 Tasks []string 42 QueryOptions 43 } 44 45 func (r *DeriveSITokenRequest) Validate() error { 46 switch { 47 case r.NodeID == "": 48 return errors.New("missing node ID") 49 case r.SecretID == "": 50 return errors.New("missing node SecretID") 51 case r.AllocID == "": 52 return errors.New("missing allocation ID") 53 case len(r.Tasks) == 0: 54 return errors.New("no tasks specified") 55 default: 56 return nil 57 } 58 } 59 60 type DeriveSITokenResponse struct { 61 // Tokens maps from Task Name to its associated SI token 62 Tokens map[string]string 63 64 // Error stores any error that occurred. Errors are stored here so we can 65 // communicate whether it is retryable 66 Error *RecoverableError 67 68 QueryMeta 69 }