gsadmin/certctl
1
0
Fork 0
mirror of https://github.com/shankar0123/certctl.git synced 2026-06-07 18:41:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(M41): Envoy target connector with SDS support

Browse Source 
File-based deployment for Envoy service mesh — writes cert/key/chain
to watched directory with optional SDS JSON config for xDS bootstrap.
Path traversal prevention, configurable filenames, 15 tests passing.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
shankar0123
2026-04-03 01:23:35 -04:00
parent f51571297d
commit fd05bacb76
8 changed files with 768 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
web/src/pages/TargetsPage.tsx
+9
View File
@@ -16,6 +16,7 @@ const typeLabels: Record<string, string> = {
haproxy: 'HAProxy',
traefik: 'Traefik',
caddy: 'Caddy',
envoy: 'Envoy',
f5_bigip: 'F5 BIG-IP',
iis: 'IIS',
};
@@ -26,6 +27,7 @@ const TARGET_TYPES = [
{ value: 'haproxy', label: 'HAProxy', description: 'Combined PEM file (cert+chain+key), optional validate, reload' },
{ value: 'traefik', label: 'Traefik', description: 'File provider deployment — writes cert/key to watched directory, auto-reload' },
{ value: 'caddy', label: 'Caddy', description: 'Admin API hot-reload or file-based deployment with configurable mode' },
{ value: 'envoy', label: 'Envoy', description: 'File-based deployment — writes cert/key to watched directory. Optional SDS file generation.' },
{ value: 'f5_bigip', label: 'F5 BIG-IP', description: 'iControl REST via proxy agent (V3 implementation)' },
{ value: 'iis', label: 'IIS', description: 'Windows IIS via agent-local PowerShell or remote WinRM proxy agent' },
];
@@ -60,6 +62,13 @@ const CONFIG_FIELDS: Record<string, { key: string; label: string; placeholder: s
{ key: 'cert_file', label: 'Certificate Filename', placeholder: 'cert.pem (default)' },
{ key: 'key_file', label: 'Key Filename', placeholder: 'key.pem (default)' },
],
envoy: [
{ key: 'cert_dir', label: 'Certificate Directory', placeholder: '/etc/envoy/certs', required: true },
{ key: 'cert_filename', label: 'Certificate Filename', placeholder: 'cert.pem (default)' },
{ key: 'key_filename', label: 'Key Filename', placeholder: 'key.pem (default)' },
{ key: 'chain_filename', label: 'Chain Filename (optional)', placeholder: 'chain.pem (leave empty to append to cert)' },
{ key: 'sds_config', label: 'Generate SDS Config', placeholder: 'true or false' },
],
f5_bigip: [
{ key: 'management_ip', label: 'Management IP', placeholder: '192.168.1.100', required: true },
{ key: 'partition', label: 'Partition', placeholder: 'Common' },