-
Notifications
You must be signed in to change notification settings - Fork 494
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[mesh] enable mTLS #281
[mesh] enable mTLS #281
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
Codecov Report
@@ Coverage Diff @@
## main #281 +/- ##
==========================================
+ Coverage 80.22% 80.23% +0.01%
==========================================
Files 53 53
Lines 5897 6098 +201
==========================================
+ Hits 4731 4893 +162
- Misses 907 943 +36
- Partials 259 262 +3
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test FAILED]megaease/easegress Pull Request 281 Deploy Test failed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test FAILED]megaease/easegress Pull Request 281 Deploy Test failed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
by the way, the unit testing code coverage looks decreased, please make sure we need to meet >80% coverage. |
https://codecov.io/github/megaease/easegress/commit/2e9e0e77e82f5738744a176cd7b42882786f76c4 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
Co-authored-by: Bomin Zhang <[email protected]>
Co-authored-by: Hao Chen <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
} | ||
|
||
// CertProvider is the interface declaring the methods for the Certificate provider, such as | ||
// easemesh-self-sign, Valt, and so on. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// easemesh-self-sign, Valt, and so on. | |
// easemesh-self-sign, Valt, and so on. |
// CertProvider is the interface declaring the methods for the Certificate provider, such as | ||
// easemesh-self-sign, Valt, and so on. | ||
CertProvider interface { | ||
// SignAppCertAndKey signs a cert, key pair for one service's instance |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// SignAppCertAndKey signs a cert, key pair for one service's instance | |
// SignAppCertAndKey signs a cert, key pair for one service's instance |
// easemesh-self-sign, Valt, and so on. | ||
CertProvider interface { | ||
// SignAppCertAndKey signs a cert, key pair for one service's instance | ||
SignAppCertAndKey(serviceName string, HOST, IP string, ttl time.Duration) (cert *spec.Certificate, err error) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SignAppCertAndKey(serviceName string, HOST, IP string, ttl time.Duration) (cert *spec.Certificate, err error) | |
SignAppCertAndKey(serviceName string, host, ip string, ttl time.Duration) (cert *spec.Certificate, err error) |
SignRootCertAndKey(time.Duration) (cert *spec.Certificate, err error) | ||
|
||
// GetAppCertAndKey gets cert and key for one service's instance | ||
GetAppCertAndKey(serviceName, HOST, IP string) (cert *spec.Certificate, err error) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
GetAppCertAndKey(serviceName, HOST, IP string) (cert *spec.Certificate, err error) | |
GetAppCertAndKey(serviceName, host, ip string) (cert *spec.Certificate, err error) |
GetRootCertAndKey() (cert *spec.Certificate, err error) | ||
|
||
// ReleaseAppCertAndKey releases one service instance's cert and key | ||
ReleaseAppCertAndKey(serviceName, HOST, IP string) error |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ReleaseAppCertAndKey(serviceName, HOST, IP string) error | |
ReleaseAppCertAndKey(serviceName, host, ip string) error |
// ReleaseRootCertAndKey releases root CA cert and key | ||
ReleaseRootCertAndKey() error | ||
|
||
// SetRootCertAndKey sets exists app cert |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// SetRootCertAndKey sets exists app cert | |
// SetRootCertAndKey sets existing app cert |
ReleaseRootCertAndKey() error | ||
|
||
// SetRootCertAndKey sets exists app cert | ||
SetAppCertAndKey(serviceName, HOST, IP string, cert *spec.Certificate) error |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SetAppCertAndKey(serviceName, HOST, IP string, cert *spec.Certificate) error | |
SetAppCertAndKey(serviceName, host, ip string, cert *spec.Certificate) error |
} | ||
) | ||
|
||
// NewCertManager creates a initialed certmanager. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// NewCertManager creates a initialed certmanager. | |
// NewCertManager creates a certmanager. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[TASK:easegress-pr-test SUCCESS]megaease/easegress Pull Request 281 Deploy Test Success
mTLS
inside Mesh