Documentation
¶
Index ¶
Constants ¶
View Source
const ( // TODO(pglass): These warnings can go away when the UI provides visibility into // permissive mTLS settings (expected 1.17). WarningServiceDefaultsPermissiveMTLS = "MutualTLSMode=permissive is insecure. " + "Set to `strict` when your service no longer needs to accept non-mTLS " + "traffic. Check `tcp.permissive_public_listener` metrics in Envoy for " + "non-mTLS traffic. Refer to Consul documentation for more information." WarningProxyDefaultsPermissiveMTLS = "MutualTLSMode=permissive is insecure. " + "To keep your services secure, set MutualTLSMode to `strict` whenever possible " + "and override with service-defaults only if necessary. To check which " + "service-defaults are currently in permissive mode, run `consul config list " + "-kind service-defaults -filter 'MutualTLSMode = \"permissive\"'`." WarningMeshAllowEnablingPermissiveMutualTLS = "AllowEnablingPermissiveMutualTLS=true " + "allows insecure MutualTLSMode=permissive configurations in the proxy-defaults " + "and service-defaults config entries. You can set " + "AllowEnablingPermissiveMutualTLS=false at any time to disallow additional " + "permissive configurations. To list services in permissive mode, run `consul " + "config list -kind service-defaults -filter 'MutualTLSMode = \"permissive\"'`." )
Variables ¶
This section is empty.
Functions ¶
func KindSpecificWriteWarning ¶
func KindSpecificWriteWarning(reqEntry api.ConfigEntry) string
KindSpecificWriteWarning returns a warning message for the given config entry write. Use this to inform the user of (un)recommended settings when they read or write config entries with the CLI.
Do not return a warning on default/zero values. Because the config entry is parsed, we cannot distinguish between an absent field in the user-provided content and a zero value, so we'd end up warning on every invocation.
Types ¶
This section is empty.
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.