consul/troubleshoot/proxy/troubleshoot_proxy.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1

package troubleshoot

import (
	"fmt"
	"net"

	envoy_admin_v3 "github.com/envoyproxy/go-control-plane/envoy/admin/v3"

	"github.com/hashicorp/consul/api"
	"github.com/hashicorp/consul/troubleshoot/validate"
)

type Troubleshoot struct {
	client         *api.Client
	envoyAddr      net.IPAddr
	envoyAdminPort string

	TroubleshootInfo
}

type TroubleshootInfo struct {
	envoyClusters   *envoy_admin_v3.Clusters
	envoyConfigDump *envoy_admin_v3.ConfigDump
	envoyCerts      *envoy_admin_v3.Certificates
	envoyStats      []*envoy_admin_v3.SimpleMetric
}

func NewTroubleshoot(envoyIP *net.IPAddr, envoyPort string) (*Troubleshoot, error) {
	cfg := api.DefaultConfig()
	c, err := api.NewClient(cfg)
	if err != nil {
		return nil, err
	}

	if envoyIP == nil {
		return nil, fmt.Errorf("envoy address is empty")
	}

	return &Troubleshoot{
		client:         c,
		envoyAddr:      *envoyIP,
		envoyAdminPort: envoyPort,
	}, nil
}

func (t *Troubleshoot) RunAllTests(upstreamEnvoyID, upstreamIP string) (validate.Messages, error) {
	var allTestMessages validate.Messages

	// Get all info from proxy to set up validations.
	err := t.GetEnvoyConfigDump()
	if err != nil {
		return nil, fmt.Errorf("unable to get Envoy config dump: cannot connect to Envoy: %w", err)
	}
	err = t.getEnvoyClusters()
	if err != nil {
		return nil, fmt.Errorf("unable to get Envoy clusters: cannot connect to Envoy: %w", err)
	}
	certs, err := t.getEnvoyCerts()
	if err != nil {
		return nil, fmt.Errorf("unable to get Envoy certificates: cannot connect to Envoy: %w", err)
	}
	indexedResources, err := ProxyConfigDumpToIndexedResources(t.envoyConfigDump)
	if err != nil {
		return nil, fmt.Errorf("unable to index Envoy resources: %w", err)
	}

	// Validate certs.
	messages := t.validateCerts(certs)
	allTestMessages = append(allTestMessages, messages...)
	if errors := messages.Errors(); len(errors) == 0 {
		msg := validate.Message{
			Success: true,
			Message: "Certificates are valid",
		}
		allTestMessages = append(allTestMessages, msg)
	}

	// getStats usage example
	messages, err = t.troubleshootStats()
	if err != nil {
		return nil, fmt.Errorf("unable to get stats: %w", err)
	}
	allTestMessages = append(allTestMessages, messages...)

	// Validate listeners, routes, clusters, endpoints.
	messages = Validate(indexedResources, upstreamEnvoyID, upstreamIP, true, t.envoyClusters)
	allTestMessages = append(allTestMessages, messages...)
	if errors := messages.Errors(); len(errors) == 0 {
		msg := validate.Message{
			Success: true,
			Message: "Upstream resources are valid",
		}
		allTestMessages = append(allTestMessages, msg)
	}

	return allTestMessages, nil
}
Copyright headers for missing files/folders (#16708) * copyright headers for agent folder 2 years ago			`// Copyright (c) HashiCorp, Inc.`
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> 1 year ago			`// SPDX-License-Identifier: BUSL-1.1`
Copyright headers for missing files/folders (#16708) * copyright headers for agent folder 2 years ago
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com> 2 years ago			`package troubleshoot`

			`import (`
			`"fmt"`
			`"net"`

			`envoy_admin_v3 "github.com/envoyproxy/go-control-plane/envoy/admin/v3"`
get upstream IPs (#16197) * get upstream IPs * separate test data * fix lint issue * fix lint issue 2 years ago
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com> 2 years ago			`"github.com/hashicorp/consul/api"`
troubleshoot: output messages for the troubleshoot proxy command (#16208) 2 years ago			`"github.com/hashicorp/consul/troubleshoot/validate"`
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com> 2 years ago			`)`

			`type Troubleshoot struct {`
			`client *api.Client`
			`envoyAddr net.IPAddr`
			`envoyAdminPort string`

			`TroubleshootInfo`
			`}`

			`type TroubleshootInfo struct {`
			`envoyClusters *envoy_admin_v3.Clusters`
			`envoyConfigDump *envoy_admin_v3.ConfigDump`
			`envoyCerts *envoy_admin_v3.Certificates`
			`envoyStats []*envoy_admin_v3.SimpleMetric`
			`}`

			`func NewTroubleshoot(envoyIP net.IPAddr, envoyPort string) (Troubleshoot, error) {`
			`cfg := api.DefaultConfig()`
			`c, err := api.NewClient(cfg)`
			`if err != nil {`
			`return nil, err`
			`}`
add cert tests (#16192) 2 years ago
			`if envoyIP == nil {`
			`return nil, fmt.Errorf("envoy address is empty")`
			`}`

refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com> 2 years ago			`return &Troubleshoot{`
			`client: c,`
			`envoyAddr: *envoyIP,`
			`envoyAdminPort: envoyPort,`
			`}, nil`
			`}`

update troubleshoot CLI, update flags and upstreams output (#16211) * update troubleshoot CLI, update flags and upstreams output * update troubleshoot upstreams output 2 years ago			`func (t *Troubleshoot) RunAllTests(upstreamEnvoyID, upstreamIP string) (validate.Messages, error) {`
troubleshoot: output messages for the troubleshoot proxy command (#16208) 2 years ago			`var allTestMessages validate.Messages`
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com> 2 years ago
troubleshoot: output messages for the troubleshoot proxy command (#16208) 2 years ago			`// Get all info from proxy to set up validations.`
			`err := t.GetEnvoyConfigDump()`
			`if err != nil {`
			`return nil, fmt.Errorf("unable to get Envoy config dump: cannot connect to Envoy: %w", err)`
			`}`
			`err = t.getEnvoyClusters()`
			`if err != nil {`
			`return nil, fmt.Errorf("unable to get Envoy clusters: cannot connect to Envoy: %w", err)`
			`}`
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com> 2 years ago			`certs, err := t.getEnvoyCerts()`
			`if err != nil {`
troubleshoot: output messages for the troubleshoot proxy command (#16208) 2 years ago			`return nil, fmt.Errorf("unable to get Envoy certificates: cannot connect to Envoy: %w", err)`
			`}`
			`indexedResources, err := ProxyConfigDumpToIndexedResources(t.envoyConfigDump)`
			`if err != nil {`
			`return nil, fmt.Errorf("unable to index Envoy resources: %w", err)`
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com> 2 years ago			`}`

troubleshoot: output messages for the troubleshoot proxy command (#16208) 2 years ago			`// Validate certs.`
			`messages := t.validateCerts(certs)`
			`allTestMessages = append(allTestMessages, messages...)`
			`if errors := messages.Errors(); len(errors) == 0 {`
			`msg := validate.Message{`
			`Success: true,`
troubleshoot: fixes and updated messages (#16294) 2 years ago			`Message: "Certificates are valid",`
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com> 2 years ago			`}`
troubleshoot: output messages for the troubleshoot proxy command (#16208) 2 years ago			`allTestMessages = append(allTestMessages, msg)`
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com> 2 years ago			`}`

			`// getStats usage example`
troubleshoot basic envoy stats for an upstream (#16215) * troubleshoot basic envoy stats for an upstream * remove envoyID arg 2 years ago			`messages, err = t.troubleshootStats()`
			`if err != nil {`
			`return nil, fmt.Errorf("unable to get stats: %w", err)`
			`}`
			`allTestMessages = append(allTestMessages, messages...)`
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com> 2 years ago
troubleshoot: output messages for the troubleshoot proxy command (#16208) 2 years ago			`// Validate listeners, routes, clusters, endpoints.`
update troubleshoot CLI, update flags and upstreams output (#16211) * update troubleshoot CLI, update flags and upstreams output * update troubleshoot upstreams output 2 years ago			`messages = Validate(indexedResources, upstreamEnvoyID, upstreamIP, true, t.envoyClusters)`
troubleshoot: output messages for the troubleshoot proxy command (#16208) 2 years ago			`allTestMessages = append(allTestMessages, messages...)`
			`if errors := messages.Errors(); len(errors) == 0 {`
			`msg := validate.Message{`
			`Success: true,`
troubleshoot: fixes and updated messages (#16294) 2 years ago			`Message: "Upstream resources are valid",`
troubleshoot: output messages for the troubleshoot proxy command (#16208) 2 years ago			`}`
			`allTestMessages = append(allTestMessages, msg)`
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com> 2 years ago			`}`

troubleshoot: output messages for the troubleshoot proxy command (#16208) 2 years ago			`return allTestMessages, nil`
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com> 2 years ago			`}`