1package structs 2 3import "errors" 4 5// An SIToken is the important bits of a Service Identity token generated by Consul. 6type SIToken struct { 7 ConsulNamespace string 8 TaskName string // the nomad task backing the consul service (native or sidecar) 9 AccessorID string 10 SecretID string 11} 12 13// An SITokenAccessor is a reference to a created Consul Service Identity token on 14// behalf of an allocation's task. 15type SITokenAccessor struct { 16 ConsulNamespace string 17 NodeID string 18 AllocID string 19 AccessorID string 20 TaskName string 21 22 // Raft index 23 CreateIndex uint64 24} 25 26// SITokenAccessorsRequest is used to operate on a set of SITokenAccessor, like 27// recording a set of accessors for an alloc into raft. 28type SITokenAccessorsRequest struct { 29 Accessors []*SITokenAccessor 30} 31 32// DeriveSITokenRequest is used to request Consul Service Identity tokens from 33// the Nomad Server for the named tasks in the given allocation. 34type DeriveSITokenRequest struct { 35 NodeID string 36 SecretID string 37 AllocID string 38 Tasks []string 39 QueryOptions 40} 41 42func (r *DeriveSITokenRequest) Validate() error { 43 switch { 44 case r.NodeID == "": 45 return errors.New("missing node ID") 46 case r.SecretID == "": 47 return errors.New("missing node SecretID") 48 case r.AllocID == "": 49 return errors.New("missing allocation ID") 50 case len(r.Tasks) == 0: 51 return errors.New("no tasks specified") 52 default: 53 return nil 54 } 55} 56 57type DeriveSITokenResponse struct { 58 // Tokens maps from Task Name to its associated SI token 59 Tokens map[string]string 60 61 // Error stores any error that occurred. Errors are stored here so we can 62 // communicate whether it is retryable 63 Error *RecoverableError 64 65 QueryMeta 66} 67