2023-03-28 18:39:22 +00:00
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
2013-12-19 20:03:57 +00:00
package structs
2013-12-11 22:04:44 +00:00
import (
"bytes"
2019-12-10 02:26:41 +00:00
"crypto/md5"
2021-11-04 20:07:54 +00:00
"crypto/sha256"
2018-12-12 17:14:02 +00:00
"encoding/json"
2013-12-11 22:04:44 +00:00
"fmt"
2015-11-07 00:59:32 +00:00
"math/rand"
2015-10-28 21:32:00 +00:00
"reflect"
2017-04-18 12:02:24 +00:00
"regexp"
2019-01-07 21:30:47 +00:00
"sort"
2018-04-08 13:45:55 +00:00
"strconv"
2017-04-18 12:02:24 +00:00
"strings"
2014-02-05 18:21:31 +00:00
"time"
2014-08-08 22:32:43 +00:00
2019-09-26 02:55:52 +00:00
"github.com/hashicorp/go-multierror"
2015-03-28 18:52:04 +00:00
"github.com/hashicorp/serf/coordinate"
2018-04-08 13:45:55 +00:00
"github.com/mitchellh/hashstructure"
2023-01-11 14:39:10 +00:00
"google.golang.org/protobuf/proto"
2022-05-25 01:44:54 +00:00
"google.golang.org/protobuf/types/known/durationpb"
"google.golang.org/protobuf/types/known/timestamppb"
2019-05-01 23:39:31 +00:00
2022-05-04 16:38:45 +00:00
"github.com/hashicorp/consul-net-rpc/go-msgpack/codec"
2020-10-06 23:08:36 +00:00
"github.com/hashicorp/consul/acl"
2019-05-01 23:39:31 +00:00
"github.com/hashicorp/consul/agent/cache"
"github.com/hashicorp/consul/api"
2019-12-06 16:14:56 +00:00
"github.com/hashicorp/consul/lib"
2019-05-01 23:39:31 +00:00
"github.com/hashicorp/consul/types"
2013-12-11 22:04:44 +00:00
)
type MessageType uint8
2015-08-25 01:10:23 +00:00
// RaftIndex is used to track the index used while creating
2015-08-22 19:44:33 +00:00
// or modifying a given struct type.
2015-08-25 01:10:23 +00:00
type RaftIndex struct {
2019-04-16 16:00:15 +00:00
CreateIndex uint64 ` bexpr:"-" `
ModifyIndex uint64 ` bexpr:"-" `
2015-08-22 19:44:33 +00:00
}
2017-08-03 00:05:18 +00:00
// These are serialized between Consul servers and stored in Consul snapshots,
// so entries must only ever be added.
2013-12-11 22:04:44 +00:00
const (
2019-04-26 17:49:28 +00:00
RegisterRequestType MessageType = 0
DeregisterRequestType = 1
KVSRequestType = 2
SessionRequestType = 3
2021-09-22 15:43:13 +00:00
DeprecatedACLRequestType = 4 // Removed with the legacy ACL system
2019-04-26 17:49:28 +00:00
TombstoneRequestType = 5
CoordinateBatchUpdateType = 6
PreparedQueryRequestType = 7
TxnRequestType = 8
AutopilotRequestType = 9
AreaRequestType = 10
ACLBootstrapRequestType = 11
IntentionRequestType = 12
ConnectCARequestType = 13
ConnectCAProviderStateType = 14
ConnectCAConfigType = 15 // FSM snapshots only.
IndexRequestType = 16 // FSM snapshots only.
ACLTokenSetRequestType = 17
ACLTokenDeleteRequestType = 18
ACLPolicySetRequestType = 19
ACLPolicyDeleteRequestType = 20
ConnectCALeafRequestType = 21
ConfigEntryRequestType = 22
ACLRoleSetRequestType = 23
ACLRoleDeleteRequestType = 24
ACLBindingRuleSetRequestType = 25
ACLBindingRuleDeleteRequestType = 26
ACLAuthMethodSetRequestType = 27
ACLAuthMethodDeleteRequestType = 28
2019-07-24 21:06:39 +00:00
ChunkingStateType = 29
2020-03-09 20:59:02 +00:00
FederationStateRequestType = 30
2020-10-06 15:08:37 +00:00
SystemMetadataRequestType = 31
2021-12-02 23:42:47 +00:00
ServiceVirtualIPRequestType = 32
FreeVirtualIPRequestType = 33
2021-12-02 00:44:13 +00:00
KindServiceNamesType = 34
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
PeeringWriteType = 35
PeeringDeleteType = 36
PeeringTerminateByIDType = 37
PeeringTrustBundleWriteType = 38
PeeringTrustBundleDeleteType = 39
2022-08-01 14:33:18 +00:00
PeeringSecretsWriteType = 40
2023-02-08 16:50:22 +00:00
RaftLogVerifierCheckpoint = 41 // Only used for log verifier, no-op on FSM.
2023-04-04 16:30:06 +00:00
ResourceOperationType = 42
2023-04-21 16:19:02 +00:00
UpdateVirtualIPRequestType = 43
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
)
const (
// LocalPeerKeyword is a reserved keyword used for indexing in the state store for objects in the local peer.
2022-07-21 17:51:05 +00:00
LocalPeerKeyword = "~"
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
// DefaultPeerKeyword is the PeerName to use to refer to the local
// cluster's own data, rather than replicated peered data.
//
// This may internally be converted into LocalPeerKeyword, but external
// uses should not use that symbol directly in most cases.
DefaultPeerKeyword = ""
// TODOPeerKeyword is the peer keyword to use if you aren't sure if the
// usage SHOULD be peering-aware yet.
//
// TODO(peering): remove this in the future
TODOPeerKeyword = ""
2013-12-11 22:04:44 +00:00
)
2020-10-09 19:57:29 +00:00
// if a new request type is added above it must be
// added to the map below
// requestTypeStrings is used for snapshot enhance
// any new request types added must be placed here
var requestTypeStrings = map [ MessageType ] string {
RegisterRequestType : "Register" ,
DeregisterRequestType : "Deregister" ,
KVSRequestType : "KVS" ,
SessionRequestType : "Session" ,
2021-09-22 15:43:13 +00:00
DeprecatedACLRequestType : "ACL" , // DEPRECATED (ACL-Legacy-Compat)
2020-10-09 19:57:29 +00:00
TombstoneRequestType : "Tombstone" ,
CoordinateBatchUpdateType : "CoordinateBatchUpdate" ,
PreparedQueryRequestType : "PreparedQuery" ,
TxnRequestType : "Txn" ,
AutopilotRequestType : "Autopilot" ,
AreaRequestType : "Area" ,
ACLBootstrapRequestType : "ACLBootstrap" ,
IntentionRequestType : "Intention" ,
ConnectCARequestType : "ConnectCA" ,
ConnectCAProviderStateType : "ConnectCAProviderState" ,
ConnectCAConfigType : "ConnectCAConfig" , // FSM snapshots only.
IndexRequestType : "Index" , // FSM snapshots only.
ACLTokenSetRequestType : "ACLToken" ,
ACLTokenDeleteRequestType : "ACLTokenDelete" ,
ACLPolicySetRequestType : "ACLPolicy" ,
ACLPolicyDeleteRequestType : "ACLPolicyDelete" ,
ConnectCALeafRequestType : "ConnectCALeaf" ,
ConfigEntryRequestType : "ConfigEntry" ,
ACLRoleSetRequestType : "ACLRole" ,
ACLRoleDeleteRequestType : "ACLRoleDelete" ,
ACLBindingRuleSetRequestType : "ACLBindingRule" ,
ACLBindingRuleDeleteRequestType : "ACLBindingRuleDelete" ,
ACLAuthMethodSetRequestType : "ACLAuthMethod" ,
ACLAuthMethodDeleteRequestType : "ACLAuthMethodDelete" ,
ChunkingStateType : "ChunkingState" ,
FederationStateRequestType : "FederationState" ,
SystemMetadataRequestType : "SystemMetadata" ,
2021-12-02 23:42:47 +00:00
ServiceVirtualIPRequestType : "ServiceVirtualIP" ,
FreeVirtualIPRequestType : "FreeVirtualIP" ,
2021-12-02 00:44:13 +00:00
KindServiceNamesType : "KindServiceName" ,
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
PeeringWriteType : "Peering" ,
PeeringDeleteType : "PeeringDelete" ,
PeeringTrustBundleWriteType : "PeeringTrustBundle" ,
PeeringTrustBundleDeleteType : "PeeringTrustBundleDelete" ,
2022-08-01 14:33:18 +00:00
PeeringSecretsWriteType : "PeeringSecret" ,
2023-02-08 16:50:22 +00:00
RaftLogVerifierCheckpoint : "RaftLogVerifierCheckpoint" ,
2023-04-04 16:30:06 +00:00
ResourceOperationType : "Resource" ,
2023-04-21 16:19:02 +00:00
UpdateVirtualIPRequestType : "UpdateManualVirtualIPRequestType" ,
2020-10-09 19:57:29 +00:00
}
2015-05-06 02:44:21 +00:00
const (
// IgnoreUnknownTypeFlag is set along with a MessageType
// to indicate that the message type can be safely ignored
// if it is not recognized. This is for future proofing, so
// that new commands can be added in a way that won't cause
// old servers to crash when the FSM attempts to process them.
IgnoreUnknownTypeFlag MessageType = 128
2016-11-29 21:15:20 +00:00
// NodeMaint is the special key set by a node in maintenance mode.
NodeMaint = "_node_maintenance"
// ServiceMaintPrefix is the prefix for a service in maintenance mode.
ServiceMaintPrefix = "_service_maintenance:"
2014-01-08 19:21:29 +00:00
2017-01-23 23:53:45 +00:00
// The meta key prefix reserved for Consul's internal use
2021-12-02 23:42:47 +00:00
MetaKeyReservedPrefix = "consul-"
2017-01-23 23:53:45 +00:00
2017-04-21 03:14:10 +00:00
// metaMaxKeyPairs is maximum number of metadata key pairs allowed to be registered
2017-01-23 23:53:45 +00:00
metaMaxKeyPairs = 64
2017-04-21 03:14:10 +00:00
// metaKeyMaxLength is the maximum allowed length of a metadata key
2017-01-23 23:53:45 +00:00
metaKeyMaxLength = 128
2017-04-21 03:14:10 +00:00
// metaValueMaxLength is the maximum allowed length of a metadata value
2017-01-23 23:53:45 +00:00
metaValueMaxLength = 512
2015-04-12 00:53:48 +00:00
2017-08-14 14:36:07 +00:00
// MetaSegmentKey is the node metadata key used to store the node's network segment
MetaSegmentKey = "consul-network-segment"
2020-03-09 20:59:02 +00:00
// MetaWANFederationKey is the mesh gateway metadata key that indicates a
// mesh gateway is usable for wan federation.
MetaWANFederationKey = "consul-wan-federation"
2020-10-08 00:35:34 +00:00
// MetaExternalSource is the metadata key used when a resource is managed by a source outside Consul like nomad/k8s
MetaExternalSource = "external-source"
2021-12-02 23:42:47 +00:00
// TaggedAddressVirtualIP is the key used to store tagged virtual IPs generated by Consul.
TaggedAddressVirtualIP = "consul-virtual"
2014-05-19 19:50:29 +00:00
// MaxLockDelay provides a maximum LockDelay value for
// a session. Any value above this will not be respected.
MaxLockDelay = 60 * time . Second
2019-10-29 18:13:36 +00:00
// lockDelayMinThreshold is used in JSON decoding to convert a
// numeric lockdelay value from nanoseconds to seconds if it is
// below thisthreshold. Users often send a value like 5, which
// they assumeis seconds, but because Go uses nanosecond granularity,
// ends up being very small. If we see a value below this threshold,
// we multiply by time.Second
lockDelayMinThreshold = 1000
2020-01-13 20:51:40 +00:00
2021-05-27 21:29:43 +00:00
// JitterFraction is a the limit to the amount of jitter we apply
// to a user specified MaxQueryTime. We divide the specified time by
// the fraction. So 16 == 6.25% limit of jitter. This same fraction
// is applied to the RPCHoldTimeout
JitterFraction = 16
2020-01-13 20:51:40 +00:00
// WildcardSpecifier is the string which should be used for specifying a wildcard
// The exact semantics of the wildcard is left up to the code where its used.
WildcardSpecifier = "*"
2014-05-19 19:50:29 +00:00
)
2020-06-16 17:19:31 +00:00
var allowedConsulMetaKeysForMeshGateway = map [ string ] struct { } { MetaWANFederationKey : { } }
2020-03-09 20:59:02 +00:00
2019-12-10 02:26:41 +00:00
var (
NodeMaintCheckID = NewCheckID ( NodeMaint , nil )
)
2020-01-17 14:54:17 +00:00
const (
TaggedAddressWAN = "wan"
TaggedAddressWANIPv4 = "wan_ipv4"
TaggedAddressWANIPv6 = "wan_ipv6"
TaggedAddressLAN = "lan"
TaggedAddressLANIPv4 = "lan_ipv4"
TaggedAddressLANIPv6 = "lan_ipv6"
)
2017-04-21 03:14:10 +00:00
// metaKeyFormat checks if a metadata key string is valid
var metaKeyFormat = regexp . MustCompile ( ` ^[a-zA-Z0-9_-]+$ ` ) . MatchString
func ValidStatus ( s string ) bool {
return s == api . HealthPassing || s == api . HealthWarning || s == api . HealthCritical
}
2014-04-19 00:14:00 +00:00
// RPCInfo is used to describe common information about query
type RPCInfo interface {
RequestDatacenter ( ) string
IsRead ( ) bool
AllowStaleRead ( ) bool
2018-10-19 16:04:07 +00:00
TokenSecret ( ) string
2020-03-10 16:15:22 +00:00
SetTokenSecret ( string )
2022-03-16 16:12:29 +00:00
HasTimedOut ( since time . Time , rpcHoldTimeout , maxQueryTime , defaultQueryTime time . Duration ) ( bool , error )
2014-04-19 00:14:00 +00:00
}
2014-04-21 18:31:15 +00:00
// QueryOptions is used to specify various flags for read queries
type QueryOptions struct {
2014-08-05 22:48:28 +00:00
// Token is the ACL token ID. If not provided, the 'anonymous'
// token is assumed for backwards compatibility.
2022-09-28 16:56:59 +00:00
Token string ` mapstructure:"x-consul-token,omitempty" `
2014-08-05 22:48:28 +00:00
2014-04-21 18:31:15 +00:00
// If set, wait until query exceeds given index. Must be provided
// with MaxQueryTime.
2022-09-28 16:56:59 +00:00
MinQueryIndex uint64 ` mapstructure:"min-query-index,omitempty" `
2014-02-05 18:21:31 +00:00
2014-04-21 18:31:15 +00:00
// Provided with MinQueryIndex to wait for change.
2022-09-28 16:56:59 +00:00
MaxQueryTime time . Duration ` mapstructure:"max-query-time,omitempty" `
2014-02-05 18:21:31 +00:00
2014-04-18 23:46:51 +00:00
// If set, any follower can service the request. Results
// may be arbitrarily stale.
2022-09-28 16:56:59 +00:00
AllowStale bool ` mapstructure:"allow-stale,omitempty" `
2014-04-18 23:46:51 +00:00
// If set, the leader must verify leadership prior to
// servicing the request. Prevents a stale read.
2022-09-28 16:56:59 +00:00
RequireConsistent bool ` mapstructure:"require-consistent,omitempty" `
2018-03-30 15:14:44 +00:00
2018-09-06 10:34:28 +00:00
// If set, the local agent may respond with an arbitrarily stale locally
// cached response. The semantics differ from AllowStale since the agent may
// be entirely partitioned from the servers and still considered "healthy" by
// operators. Stale responses from Servers are also arbitrarily stale, but can
// provide additional bounds on the last contact time from the leader. It's
// expected that servers that are partitioned are noticed and replaced in a
// timely way by operators while the same may not be true for client agents.
2022-09-28 16:56:59 +00:00
UseCache bool ` mapstructure:"use-cache,omitempty" `
2018-09-06 10:34:28 +00:00
2018-03-30 15:14:44 +00:00
// If set and AllowStale is true, will try first a stale
// read, and then will perform a consistent read if stale
2018-09-06 10:34:28 +00:00
// read is older than value.
2022-09-28 16:56:59 +00:00
MaxStaleDuration time . Duration ` mapstructure:"max-stale-duration,omitempty" `
2018-09-06 10:34:28 +00:00
// MaxAge limits how old a cached value will be returned if UseCache is true.
// If there is a cached response that is older than the MaxAge, it is treated
// as a cache miss and a new fetch invoked. If the fetch fails, the error is
// returned. Clients that wish to allow for stale results on error can set
2019-03-06 17:13:28 +00:00
// StaleIfError to a longer duration to change this behavior. It is ignored
2018-09-06 10:34:28 +00:00
// if the endpoint supports background refresh caching. See
// https://www.consul.io/api/index.html#agent-caching for more details.
2022-09-28 16:56:59 +00:00
MaxAge time . Duration ` mapstructure:"max-age,omitempty" `
2018-09-06 10:34:28 +00:00
// MustRevalidate forces the agent to fetch a fresh version of a cached
// resource or at least validate that the cached version is still fresh. It is
// implied by either max-age=0 or must-revalidate Cache-Control headers. It
// only makes sense when UseCache is true. We store it since MaxAge = 0 is the
// default unset value.
2022-09-28 16:56:59 +00:00
MustRevalidate bool ` mapstructure:"must-revalidate,omitempty" `
2018-09-06 10:34:28 +00:00
// StaleIfError specifies how stale the client will accept a cached response
// if the servers are unavailable to fetch a fresh one. Only makes sense when
// UseCache is true and MaxAge is set to a lower, non-zero value. It is
// ignored if the endpoint supports background refresh caching. See
// https://www.consul.io/api/index.html#agent-caching for more details.
2022-09-28 16:56:59 +00:00
StaleIfError time . Duration ` mapstructure:"stale-if-error,omitempty" `
2019-04-16 16:00:15 +00:00
// Filter specifies the go-bexpr filter expression to be used for
// filtering the data prior to returning a response
2022-09-28 16:56:59 +00:00
Filter string ` mapstructure:"filter,omitempty" `
2020-06-30 18:11:43 +00:00
// AllowNotModifiedResponse indicates that if the MinIndex matches the
// QueryMeta.Index, the response can be left empty and QueryMeta.NotModified
// will be set to true to indicate the result of the query has not changed.
2022-09-28 16:56:59 +00:00
AllowNotModifiedResponse bool ` mapstructure:"allow-not-modified-response,omitempty" `
2014-04-18 23:46:51 +00:00
}
2017-04-21 03:14:10 +00:00
// IsRead is always true for QueryOption.
2014-04-19 00:14:00 +00:00
func ( q QueryOptions ) IsRead ( ) bool {
return true
}
2018-03-30 15:14:44 +00:00
// ConsistencyLevel display the consistency required by a request
func ( q QueryOptions ) ConsistencyLevel ( ) string {
if q . RequireConsistent {
return "consistent"
} else if q . AllowStale {
return "stale"
} else {
return "leader"
}
}
2014-04-19 00:14:00 +00:00
func ( q QueryOptions ) AllowStaleRead ( ) bool {
return q . AllowStale
}
2018-10-19 16:04:07 +00:00
func ( q QueryOptions ) TokenSecret ( ) string {
2014-08-05 22:48:28 +00:00
return q . Token
}
2020-03-10 16:15:22 +00:00
func ( q * QueryOptions ) SetTokenSecret ( s string ) {
q . Token = s
}
2022-10-18 19:05:09 +00:00
// BlockingTimeout implements pool.BlockableQuery
func ( q QueryOptions ) BlockingTimeout ( maxQueryTime , defaultQueryTime time . Duration ) time . Duration {
2022-04-21 20:21:35 +00:00
// Match logic in Server.blockingQuery.
2021-05-27 21:29:43 +00:00
if q . MinQueryIndex > 0 {
if q . MaxQueryTime > maxQueryTime {
q . MaxQueryTime = maxQueryTime
} else if q . MaxQueryTime <= 0 {
q . MaxQueryTime = defaultQueryTime
}
2022-04-21 20:21:35 +00:00
// Timeout after maximum jitter has elapsed.
2022-08-16 20:54:01 +00:00
q . MaxQueryTime += q . MaxQueryTime / JitterFraction
2021-05-27 21:29:43 +00:00
2022-10-18 19:05:09 +00:00
return q . MaxQueryTime
2021-05-27 21:29:43 +00:00
}
2022-10-18 19:05:09 +00:00
return 0
2022-04-21 20:21:35 +00:00
}
func ( q QueryOptions ) HasTimedOut ( start time . Time , rpcHoldTimeout , maxQueryTime , defaultQueryTime time . Duration ) ( bool , error ) {
2022-10-18 19:05:09 +00:00
// In addition to BlockingTimeout, allow for an additional rpcHoldTimeout buffer
// in case we need to wait for a leader election.
return time . Since ( start ) > rpcHoldTimeout + q . BlockingTimeout ( maxQueryTime , defaultQueryTime ) , nil
2021-05-27 21:29:43 +00:00
}
2014-08-05 22:48:28 +00:00
type WriteRequest struct {
// Token is the ACL token ID. If not provided, the 'anonymous'
// token is assumed for backwards compatibility.
Token string
}
2014-04-19 00:14:00 +00:00
// WriteRequest only applies to writes, always false
func ( w WriteRequest ) IsRead ( ) bool {
return false
}
func ( w WriteRequest ) AllowStaleRead ( ) bool {
return false
}
2018-10-19 16:04:07 +00:00
func ( w WriteRequest ) TokenSecret ( ) string {
2014-08-05 22:48:28 +00:00
return w . Token
}
2020-03-10 16:15:22 +00:00
func ( w * WriteRequest ) SetTokenSecret ( s string ) {
w . Token = s
}
2022-10-18 19:05:09 +00:00
func ( w WriteRequest ) HasTimedOut ( start time . Time , rpcHoldTimeout , _ , _ time . Duration ) ( bool , error ) {
return time . Since ( start ) > rpcHoldTimeout , nil
2021-05-27 21:29:43 +00:00
}
2021-06-28 20:25:49 +00:00
type QueryBackend int
const (
QueryBackendBlocking QueryBackend = iota
QueryBackendStreaming
)
2022-04-27 15:39:45 +00:00
func ( q QueryBackend ) GoString ( ) string { return q . String ( ) }
2021-06-28 20:25:49 +00:00
func ( q QueryBackend ) String ( ) string {
switch q {
case QueryBackendBlocking :
return "blocking-query"
case QueryBackendStreaming :
return "streaming"
default :
return ""
}
}
2023-05-23 21:29:10 +00:00
func QueryBackendFromString ( s string ) QueryBackend {
switch s {
case "blocking-query" :
return QueryBackendBlocking
case "streaming" :
return QueryBackendStreaming
default :
return QueryBackendBlocking
}
}
2014-04-18 23:46:51 +00:00
// QueryMeta allows a query response to include potentially
// useful metadata about a query
type QueryMeta struct {
2022-01-17 20:09:08 +00:00
// Index in the raft log of the latest item returned by the query. If the
// query did not return any results the Index will be a value that will
// change when a new item is added.
2014-04-21 18:13:36 +00:00
Index uint64
2014-04-18 23:46:51 +00:00
// If AllowStale is used, this is time elapsed since
// last contact between the follower and leader. This
// can be used to gauge staleness.
LastContact time . Duration
// Used to indicate if there is a known leader node
KnownLeader bool
2018-03-30 15:14:44 +00:00
// Consistencylevel returns the consistency used to serve the query
// Having `discovery_max_stale` on the agent can affect whether
// the request was served by a leader.
ConsistencyLevel string
2020-06-30 18:11:43 +00:00
// NotModified is true when the Index of the query is the same value as the
// requested MinIndex. It indicates that the entity has not been modified.
// When NotModified is true, the response will not contain the result of
// the query.
NotModified bool
2021-06-28 20:25:49 +00:00
// Backend used to handle this query, either blocking-query or streaming.
Backend QueryBackend
2021-12-03 17:11:26 +00:00
// ResultsFilteredByACLs is true when some of the query's results were
// filtered out by enforcing ACLs. It may be false because nothing was
// removed, or because the endpoint does not yet support this flag.
ResultsFilteredByACLs bool
2014-04-18 23:46:51 +00:00
}
2019-09-20 18:37:22 +00:00
2013-12-11 22:04:44 +00:00
// RegisterRequest is used for the Catalog.Register endpoint
// to register a node as providing a service. If no service
// is provided, the node is registered.
type RegisterRequest struct {
2016-02-07 18:37:34 +00:00
Datacenter string
2017-01-18 22:26:42 +00:00
ID types . NodeID
2016-02-07 18:37:34 +00:00
Node string
Address string
TaggedAddresses map [ string ] string
2017-01-05 22:10:26 +00:00
NodeMeta map [ string ] string
2016-02-07 18:37:34 +00:00
Service * NodeService
Check * HealthCheck
Checks HealthChecks
2023-03-10 14:36:15 +00:00
Locality * Locality
2017-03-23 22:01:46 +00:00
// SkipNodeUpdate can be used when a register request is intended for
// updating a service and/or checks, but doesn't want to overwrite any
// node information if the node is already registered. If the node
// doesn't exist, it will still be created, but if the node exists, any
// node portion of this update will not apply.
SkipNodeUpdate bool
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
PeerName string
2019-12-10 02:26:41 +00:00
// EnterpriseMeta is the embedded enterprise metadata
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta ` hcl:",squash" mapstructure:",squash" `
2019-12-10 02:26:41 +00:00
2014-04-19 00:14:00 +00:00
WriteRequest
2020-08-11 05:52:36 +00:00
RaftIndex ` bexpr:"-" `
2014-04-19 00:14:00 +00:00
}
func ( r * RegisterRequest ) RequestDatacenter ( ) string {
return r . Datacenter
2013-12-11 22:04:44 +00:00
}
2016-12-09 00:01:01 +00:00
// ChangesNode returns true if the given register request changes the given
// node, which can be nil. This only looks for changes to the node record itself,
// not any of the health checks.
func ( r * RegisterRequest ) ChangesNode ( node * Node ) bool {
// This means it's creating the node.
if node == nil {
return true
}
2017-03-23 22:01:46 +00:00
// If we've been asked to skip the node update, then say there are no
// changes.
if r . SkipNodeUpdate {
return false
}
2016-12-09 00:01:01 +00:00
// Check if any of the node-level fields are being changed.
2017-01-18 22:26:42 +00:00
if r . ID != node . ID ||
2022-02-24 22:54:47 +00:00
! strings . EqualFold ( r . Node , node . Node ) ||
2021-08-17 18:29:39 +00:00
r . PartitionOrDefault ( ) != node . PartitionOrDefault ( ) ||
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
r . PeerName != node . PeerName ||
2016-12-09 00:01:01 +00:00
r . Address != node . Address ||
2017-04-18 12:02:24 +00:00
r . Datacenter != node . Datacenter ||
2017-01-05 22:10:26 +00:00
! reflect . DeepEqual ( r . TaggedAddresses , node . TaggedAddresses ) ||
2023-03-10 14:36:15 +00:00
! reflect . DeepEqual ( r . NodeMeta , node . Meta ) ||
! reflect . DeepEqual ( r . Locality , node . Locality ) {
2016-12-09 00:01:01 +00:00
return true
}
return false
}
2021-12-07 15:18:28 +00:00
// DeregisterRequest is used for the Catalog.Deregister endpoint to
// deregister a service, check, or node (only one should be provided).
// If ServiceID or CheckID are not provided, the entire node is deregistered.
// If a ServiceID is provided, any associated Checks with that service
// are also deregistered.
2013-12-11 22:04:44 +00:00
type DeregisterRequest struct {
2022-03-13 03:55:53 +00:00
Datacenter string
Node string
ServiceID string
CheckID types . CheckID
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
PeerName string
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta ` hcl:",squash" mapstructure:",squash" `
2014-04-19 00:14:00 +00:00
WriteRequest
}
func ( r * DeregisterRequest ) RequestDatacenter ( ) string {
return r . Datacenter
2013-12-11 22:04:44 +00:00
}
2019-12-06 20:47:41 +00:00
func ( r * DeregisterRequest ) UnmarshalJSON ( data [ ] byte ) error {
type Alias DeregisterRequest
aux := & struct {
Address string // obsolete field - but we want to explicitly allow it
* Alias
} {
Alias : ( * Alias ) ( r ) ,
}
2019-12-09 01:30:46 +00:00
2019-12-06 20:47:41 +00:00
if err := lib . UnmarshalJSON ( data , & aux ) ; err != nil {
return err
}
return nil
}
2015-06-30 21:25:40 +00:00
// QuerySource is used to pass along information about the source node
// in queries so that we can adjust the response based on its network
// coordinates.
type QuerySource struct {
2021-07-22 19:33:22 +00:00
Datacenter string
Segment string
Node string
NodePartition string ` json:",omitempty" `
Ip string
}
2022-03-13 03:55:53 +00:00
func ( s QuerySource ) NodeEnterpriseMeta ( ) * acl . EnterpriseMeta {
2021-07-22 19:33:22 +00:00
return NodeEnterpriseMetaInPartition ( s . NodePartition )
}
func ( s QuerySource ) NodePartitionOrDefault ( ) string {
2022-03-13 03:55:53 +00:00
return acl . PartitionOrDefault ( s . NodePartition )
2015-06-30 21:25:40 +00:00
}
2019-06-24 18:11:34 +00:00
type DatacentersRequest struct {
QueryOptions
}
func ( r * DatacentersRequest ) CacheInfo ( ) cache . RequestInfo {
return cache . RequestInfo {
Token : "" ,
Datacenter : "" ,
MinIndex : 0 ,
Timeout : r . MaxQueryTime ,
MaxAge : r . MaxAge ,
MustRevalidate : r . MustRevalidate ,
Key : "catalog-datacenters" , // must not be empty for cache to work
}
}
2014-02-05 18:21:31 +00:00
// DCSpecificRequest is used to query about a specific DC
type DCSpecificRequest struct {
2022-03-13 03:55:53 +00:00
Datacenter string
NodeMetaFilters map [ string ] string
Source QuerySource
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
PeerName string
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta ` hcl:",squash" mapstructure:",squash" `
2014-04-18 23:46:51 +00:00
QueryOptions
2014-02-05 18:21:31 +00:00
}
2014-04-19 00:14:00 +00:00
func ( r * DCSpecificRequest ) RequestDatacenter ( ) string {
return r . Datacenter
}
2018-04-08 14:08:34 +00:00
func ( r * DCSpecificRequest ) CacheInfo ( ) cache . RequestInfo {
info := cache . RequestInfo {
2018-09-06 10:34:28 +00:00
Token : r . Token ,
Datacenter : r . Datacenter ,
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
PeerName : r . PeerName ,
2018-09-06 10:34:28 +00:00
MinIndex : r . MinQueryIndex ,
Timeout : r . MaxQueryTime ,
MaxAge : r . MaxAge ,
MustRevalidate : r . MustRevalidate ,
2018-04-08 14:08:34 +00:00
}
2019-04-16 16:00:15 +00:00
// To calculate the cache key we only hash the node meta filters and the bexpr filter.
// The datacenter is handled by the cache framework. The other fields are
2018-04-08 13:45:55 +00:00
// not, but should not be used in any cache types.
2019-04-16 16:00:15 +00:00
v , err := hashstructure . Hash ( [ ] interface { } {
r . NodeMetaFilters ,
r . Filter ,
2019-12-10 02:26:41 +00:00
r . EnterpriseMeta ,
2019-04-16 16:00:15 +00:00
} , nil )
2018-04-08 14:08:34 +00:00
if err == nil {
// If there is an error, we don't set the key. A blank key forces
// no cache for this request so the request is forwarded directly
// to the server.
info . Key = strconv . FormatUint ( v , 10 )
2018-04-08 13:45:55 +00:00
}
2018-04-08 14:08:34 +00:00
return info
2018-04-08 13:45:55 +00:00
}
func ( r * DCSpecificRequest ) CacheMinIndex ( ) uint64 {
return r . QueryOptions . MinQueryIndex
}
2023-02-08 20:07:21 +00:00
type OperatorUsageRequest struct {
DCSpecificRequest
Global bool
}
2019-06-20 19:04:39 +00:00
type ServiceDumpRequest struct {
2022-03-13 03:55:53 +00:00
Datacenter string
ServiceKind ServiceKind
UseServiceKind bool
Source QuerySource
acl . EnterpriseMeta ` hcl:",squash" mapstructure:",squash" `
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
PeerName string
2019-06-20 19:04:39 +00:00
QueryOptions
}
func ( r * ServiceDumpRequest ) RequestDatacenter ( ) string {
return r . Datacenter
}
func ( r * ServiceDumpRequest ) CacheInfo ( ) cache . RequestInfo {
info := cache . RequestInfo {
Token : r . Token ,
Datacenter : r . Datacenter ,
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
PeerName : r . PeerName ,
2019-06-20 19:04:39 +00:00
MinIndex : r . MinQueryIndex ,
Timeout : r . MaxQueryTime ,
MaxAge : r . MaxAge ,
MustRevalidate : r . MustRevalidate ,
}
// When we are not using the service kind we want to normalize the ServiceKind
keyKind := ServiceKindTypical
if r . UseServiceKind {
keyKind = r . ServiceKind
}
// To calculate the cache key we only hash the node meta filters and the bexpr filter.
// The datacenter is handled by the cache framework. The other fields are
// not, but should not be used in any cache types.
v , err := hashstructure . Hash ( [ ] interface { } {
keyKind ,
r . UseServiceKind ,
r . Filter ,
2019-12-10 02:26:41 +00:00
r . EnterpriseMeta ,
2019-06-20 19:04:39 +00:00
} , nil )
if err == nil {
// If there is an error, we don't set the key. A blank key forces
// no cache for this request so the request is forwarded directly
// to the server.
info . Key = strconv . FormatUint ( v , 10 )
}
return info
}
func ( r * ServiceDumpRequest ) CacheMinIndex ( ) uint64 {
return r . QueryOptions . MinQueryIndex
}
2022-06-29 20:34:58 +00:00
// PartitionSpecificRequest is used to query about a specific partition.
type PartitionSpecificRequest struct {
Datacenter string
acl . EnterpriseMeta
QueryOptions
}
func ( r * PartitionSpecificRequest ) RequestDatacenter ( ) string {
return r . Datacenter
}
func ( r * PartitionSpecificRequest ) CacheInfo ( ) cache . RequestInfo {
return cache . RequestInfo {
Token : r . Token ,
Datacenter : r . Datacenter ,
MinIndex : r . MinQueryIndex ,
Timeout : r . MaxQueryTime ,
MaxAge : r . MaxAge ,
MustRevalidate : r . MustRevalidate ,
Key : r . EnterpriseMeta . PartitionOrDefault ( ) ,
}
}
2015-07-27 21:41:46 +00:00
// ServiceSpecificRequest is used to query about a specific service
2014-01-08 22:43:36 +00:00
type ServiceSpecificRequest struct {
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
Datacenter string
// The name of the peer that the requested service was imported from.
PeerName string
2017-01-14 01:08:43 +00:00
NodeMetaFilters map [ string ] string
ServiceName string
2020-10-08 23:31:54 +00:00
ServiceKind ServiceKind
2019-01-07 21:30:47 +00:00
// DEPRECATED (singular-service-tag) - remove this when backwards RPC compat
// with 1.2.x is not required.
ServiceTag string
ServiceTags [ ] string
ServiceAddress string
TagFilter bool // Controls tag filtering
Source QuerySource
2018-03-09 16:34:55 +00:00
// Connect if true will only search for Connect-compatible services.
Connect bool
2020-04-16 21:00:48 +00:00
// Ingress if true will only search for Ingress gateways for the given service.
Ingress bool
2022-05-25 20:20:17 +00:00
// MergeCentralConfig when set to true returns a service definition merged with
// the proxy-defaults/global and service-defaults/:service config entries.
// This can be used to ensure a full service definition is returned in the response
// especially when the service might not be written into the catalog that way.
MergeCentralConfig bool
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta ` hcl:",squash" mapstructure:",squash" `
2014-04-18 23:46:51 +00:00
QueryOptions
2014-01-08 22:43:36 +00:00
}
2014-04-19 00:14:00 +00:00
func ( r * ServiceSpecificRequest ) RequestDatacenter ( ) string {
return r . Datacenter
}
2018-09-06 10:34:28 +00:00
func ( r * ServiceSpecificRequest ) CacheInfo ( ) cache . RequestInfo {
info := cache . RequestInfo {
Token : r . Token ,
Datacenter : r . Datacenter ,
MinIndex : r . MinQueryIndex ,
Timeout : r . MaxQueryTime ,
MaxAge : r . MaxAge ,
MustRevalidate : r . MustRevalidate ,
}
// To calculate the cache key we hash over all the fields that affect the
// output other than Datacenter and Token which are dealt with in the cache
// framework already. Note the order here is important for the outcome - if we
// ever care about cache-invalidation on updates e.g. because we persist
// cached results, we need to be careful we maintain the same order of fields
// here. We could alternatively use `hash:set` struct tag on an anonymous
// struct to make it more robust if it becomes significant.
2019-01-07 21:30:47 +00:00
sort . Strings ( r . ServiceTags )
2018-09-06 10:34:28 +00:00
v , err := hashstructure . Hash ( [ ] interface { } {
r . NodeMetaFilters ,
2021-02-09 18:19:40 +00:00
strings . ToLower ( r . ServiceName ) ,
2019-01-07 21:30:47 +00:00
// DEPRECATED (singular-service-tag) - remove this when upgrade RPC compat
// with 1.2.x is not required. We still need this in because <1.3 agents
// might still send RPCs with singular tag set. In fact the only place we
// use this method is in agent cache so if the agent is new enough to have
// this code this should never be set, but it's safer to include it until we
// completely remove this field just in case it's erroneously used anywhere
// (e.g. until this change DNS still used it).
2018-09-06 10:34:28 +00:00
r . ServiceTag ,
2019-01-07 21:30:47 +00:00
r . ServiceTags ,
2018-09-06 10:34:28 +00:00
r . ServiceAddress ,
r . TagFilter ,
r . Connect ,
2019-04-16 16:00:15 +00:00
r . Filter ,
2019-12-10 02:26:41 +00:00
r . EnterpriseMeta ,
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
r . PeerName ,
2020-12-18 17:43:16 +00:00
r . Ingress ,
2021-05-31 21:22:16 +00:00
r . ServiceKind ,
2022-05-25 20:20:17 +00:00
r . MergeCentralConfig ,
2018-09-06 10:34:28 +00:00
} , nil )
if err == nil {
// If there is an error, we don't set the key. A blank key forces
// no cache for this request so the request is forwarded directly
// to the server.
info . Key = strconv . FormatUint ( v , 10 )
}
return info
}
func ( r * ServiceSpecificRequest ) CacheMinIndex ( ) uint64 {
return r . QueryOptions . MinQueryIndex
}
2014-01-08 22:43:36 +00:00
// NodeSpecificRequest is used to request the information about a single node
type NodeSpecificRequest struct {
2022-06-15 15:30:31 +00:00
Datacenter string
Node string
PeerName string
// MergeCentralConfig when set to true returns a service definition merged with
// the proxy-defaults/global and service-defaults/:service config entries.
// This can be used to ensure a full service definition is returned in the response
// especially when the service might not be written into the catalog that way.
MergeCentralConfig bool
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta ` hcl:",squash" mapstructure:",squash" `
2014-04-18 23:46:51 +00:00
QueryOptions
2014-01-08 22:43:36 +00:00
}
2014-04-19 00:14:00 +00:00
func ( r * NodeSpecificRequest ) RequestDatacenter ( ) string {
return r . Datacenter
}
2019-02-25 19:06:01 +00:00
func ( r * NodeSpecificRequest ) CacheInfo ( ) cache . RequestInfo {
info := cache . RequestInfo {
Token : r . Token ,
Datacenter : r . Datacenter ,
MinIndex : r . MinQueryIndex ,
Timeout : r . MaxQueryTime ,
MaxAge : r . MaxAge ,
MustRevalidate : r . MustRevalidate ,
}
v , err := hashstructure . Hash ( [ ] interface { } {
r . Node ,
2019-04-16 16:00:15 +00:00
r . Filter ,
2019-12-10 02:26:41 +00:00
r . EnterpriseMeta ,
2022-06-15 15:30:31 +00:00
r . MergeCentralConfig ,
2019-02-25 19:06:01 +00:00
} , nil )
if err == nil {
// If there is an error, we don't set the key. A blank key forces
// no cache for this request so the request is forwarded directly
// to the server.
info . Key = strconv . FormatUint ( v , 10 )
}
return info
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
// ChecksInStateRequest is used to query for checks in a state
2014-01-08 22:43:36 +00:00
type ChecksInStateRequest struct {
2017-01-14 01:08:43 +00:00
Datacenter string
NodeMetaFilters map [ string ] string
State string
Source QuerySource
2019-12-10 02:26:41 +00:00
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
PeerName string
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta ` mapstructure:",squash" `
2014-04-18 23:46:51 +00:00
QueryOptions
2014-01-08 22:43:36 +00:00
}
2014-04-19 00:14:00 +00:00
func ( r * ChecksInStateRequest ) RequestDatacenter ( ) string {
return r . Datacenter
}
2013-12-12 18:48:36 +00:00
// Used to return information about a node
type Node struct {
2017-01-18 22:26:42 +00:00
ID types . NodeID
2016-02-07 18:37:34 +00:00
Node string
Address string
2017-04-18 12:02:24 +00:00
Datacenter string
2021-07-22 19:33:22 +00:00
Partition string ` json:",omitempty" `
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
PeerName string ` json:",omitempty" `
2016-02-07 18:37:34 +00:00
TaggedAddresses map [ string ] string
2017-01-05 22:10:26 +00:00
Meta map [ string ] string
2023-03-10 14:36:15 +00:00
Locality * Locality ` json:",omitempty" bexpr:"-" `
2015-08-22 19:44:33 +00:00
2019-04-16 16:00:15 +00:00
RaftIndex ` bexpr:"-" `
2013-12-12 18:48:36 +00:00
}
2019-06-18 00:52:01 +00:00
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
func ( n * Node ) PeerOrEmpty ( ) string {
return n . PeerName
}
2022-03-13 03:55:53 +00:00
func ( n * Node ) GetEnterpriseMeta ( ) * acl . EnterpriseMeta {
2021-07-22 19:33:22 +00:00
return NodeEnterpriseMetaInPartition ( n . Partition )
}
func ( n * Node ) PartitionOrDefault ( ) string {
2022-03-13 03:55:53 +00:00
return acl . PartitionOrDefault ( n . Partition )
2021-07-22 19:33:22 +00:00
}
2019-06-18 00:52:01 +00:00
func ( n * Node ) BestAddress ( wan bool ) string {
if wan {
2020-01-17 14:54:17 +00:00
if addr , ok := n . TaggedAddresses [ TaggedAddressWAN ] ; ok {
2019-06-18 00:52:01 +00:00
return addr
}
}
return n . Address
}
2022-05-12 21:04:44 +00:00
func ( n * Node ) ToRegisterRequest ( ) RegisterRequest {
return RegisterRequest {
ID : n . ID ,
Node : n . Node ,
Datacenter : n . Datacenter ,
Address : n . Address ,
TaggedAddresses : n . TaggedAddresses ,
NodeMeta : n . Meta ,
RaftIndex : n . RaftIndex ,
EnterpriseMeta : * n . GetEnterpriseMeta ( ) ,
PeerName : n . PeerName ,
}
}
2015-08-25 01:10:23 +00:00
type Nodes [ ] * Node
2013-12-12 18:48:36 +00:00
2018-10-11 11:42:39 +00:00
// IsSame return whether nodes are similar without taking into account
// RaftIndex fields.
func ( n * Node ) IsSame ( other * Node ) bool {
return n . ID == other . ID &&
2022-02-24 22:54:47 +00:00
strings . EqualFold ( n . Node , other . Node ) &&
2021-07-22 19:33:22 +00:00
n . PartitionOrDefault ( ) == other . PartitionOrDefault ( ) &&
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
strings . EqualFold ( n . PeerName , other . PeerName ) &&
2018-10-11 11:42:39 +00:00
n . Address == other . Address &&
n . Datacenter == other . Datacenter &&
reflect . DeepEqual ( n . TaggedAddresses , other . TaggedAddresses ) &&
reflect . DeepEqual ( n . Meta , other . Meta )
}
2020-03-09 20:59:02 +00:00
// ValidateNodeMetadata validates a set of key/value pairs from the agent
// config for use on a Node.
func ValidateNodeMetadata ( meta map [ string ] string , allowConsulPrefix bool ) error {
return validateMetadata ( meta , allowConsulPrefix , nil )
}
// ValidateServiceMetadata validates a set of key/value pairs from the agent config for use on a Service.
2017-01-23 23:53:45 +00:00
// ValidateMeta validates a set of key/value pairs from the agent config
2020-03-09 20:59:02 +00:00
func ValidateServiceMetadata ( kind ServiceKind , meta map [ string ] string , allowConsulPrefix bool ) error {
switch kind {
case ServiceKindMeshGateway :
return validateMetadata ( meta , allowConsulPrefix , allowedConsulMetaKeysForMeshGateway )
default :
return validateMetadata ( meta , allowConsulPrefix , nil )
}
}
2022-05-09 20:47:37 +00:00
// ValidateMetaTags validates arbitrary key/value pairs from the agent_endpoints
func ValidateMetaTags ( metaTags map [ string ] string ) error {
return validateMetadata ( metaTags , false , nil )
}
2020-03-09 20:59:02 +00:00
func validateMetadata ( meta map [ string ] string , allowConsulPrefix bool , allowedConsulKeys map [ string ] struct { } ) error {
2017-01-23 23:53:45 +00:00
if len ( meta ) > metaMaxKeyPairs {
return fmt . Errorf ( "Node metadata cannot contain more than %d key/value pairs" , metaMaxKeyPairs )
}
for key , value := range meta {
2020-03-09 20:59:02 +00:00
if err := validateMetaPair ( key , value , allowConsulPrefix , allowedConsulKeys ) ; err != nil {
2017-01-23 23:53:45 +00:00
return fmt . Errorf ( "Couldn't load metadata pair ('%s', '%s'): %s" , key , value , err )
}
}
return nil
}
2018-09-07 14:30:47 +00:00
// ValidateWeights checks the definition of DNS weight is valid
func ValidateWeights ( weights * Weights ) error {
if weights == nil {
return nil
}
if weights . Passing < 1 {
return fmt . Errorf ( "Passing must be greater than 0" )
}
if weights . Warning < 0 {
return fmt . Errorf ( "Warning must be greater or equal than 0" )
}
if weights . Passing > 65535 || weights . Warning > 65535 {
return fmt . Errorf ( "DNS Weight must be between 0 and 65535" )
}
return nil
}
2017-01-23 23:53:45 +00:00
// validateMetaPair checks that the given key/value pair is in a valid format
2020-03-09 20:59:02 +00:00
func validateMetaPair ( key , value string , allowConsulPrefix bool , allowedConsulKeys map [ string ] struct { } ) error {
2017-01-23 23:53:45 +00:00
if key == "" {
return fmt . Errorf ( "Key cannot be blank" )
}
if ! metaKeyFormat ( key ) {
return fmt . Errorf ( "Key contains invalid characters" )
}
if len ( key ) > metaKeyMaxLength {
return fmt . Errorf ( "Key is too long (limit: %d characters)" , metaKeyMaxLength )
}
2021-12-02 23:42:47 +00:00
if strings . HasPrefix ( key , MetaKeyReservedPrefix ) {
2020-03-09 20:59:02 +00:00
if _ , ok := allowedConsulKeys [ key ] ; ! allowConsulPrefix && ! ok {
2021-12-02 23:42:47 +00:00
return fmt . Errorf ( "Key prefix '%s' is reserved for internal use" , MetaKeyReservedPrefix )
2020-03-09 20:59:02 +00:00
}
2017-01-23 23:53:45 +00:00
}
if len ( value ) > metaValueMaxLength {
return fmt . Errorf ( "Value is too long (limit: %d characters)" , metaValueMaxLength )
}
return nil
}
2017-01-18 00:20:29 +00:00
// SatisfiesMetaFilters returns true if the metadata map contains the given filters
2017-01-14 01:08:43 +00:00
func SatisfiesMetaFilters ( meta map [ string ] string , filters map [ string ] string ) bool {
for key , value := range filters {
if v , ok := meta [ key ] ; ! ok || v != value {
return false
}
}
return true
}
2013-12-12 19:07:14 +00:00
// Used to return information about a provided services.
// Maps service name to available tags
type Services map [ string ] [ ] string
2017-01-18 22:26:42 +00:00
// ServiceNode represents a node that is part of a service. ID, Address,
// TaggedAddresses, and NodeMeta are node-related fields that are always empty
// in the state store and are filled in on the way out by parseServiceNodes().
// This is also why PartialClone() skips them, because we know they are blank
// already so it would be a waste of time to copy them.
2021-05-04 04:43:55 +00:00
// This is somewhat complicated when the address is really a unix domain socket; technically that
// will override the address field, but in practice the two use cases should not overlap.
2013-12-12 19:37:19 +00:00
type ServiceNode struct {
2017-01-18 22:26:42 +00:00
ID types . NodeID
2015-10-19 20:55:35 +00:00
Node string
2021-05-04 04:43:55 +00:00
Address string
2017-04-18 12:02:24 +00:00
Datacenter string
2016-06-15 18:02:51 +00:00
TaggedAddresses map [ string ] string
2017-01-05 22:10:26 +00:00
NodeMeta map [ string ] string
2018-03-06 03:56:52 +00:00
ServiceKind ServiceKind
2015-10-19 20:55:35 +00:00
ServiceID string
ServiceName string
ServiceTags [ ] string
ServiceAddress string
2019-06-17 14:51:50 +00:00
ServiceTaggedAddresses map [ string ] ServiceAddress ` json:",omitempty" `
2018-09-07 14:30:47 +00:00
ServiceWeights Weights
2018-02-07 00:54:42 +00:00
ServiceMeta map [ string ] string
2015-10-19 20:55:35 +00:00
ServicePort int
2021-05-04 04:43:55 +00:00
ServiceSocketPath string
2015-10-19 20:55:35 +00:00
ServiceEnableTagOverride bool
2019-08-09 19:19:30 +00:00
ServiceProxy ConnectProxyConfig
ServiceConnect ServiceConnect
2023-03-10 14:36:15 +00:00
ServiceLocality * Locality ` bexpr:"-" `
2015-08-23 21:17:48 +00:00
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
// If not empty, PeerName represents the peer that this ServiceNode was imported from.
PeerName string ` json:",omitempty" `
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta ` hcl:",squash" mapstructure:",squash" bexpr:"-" `
2019-12-10 02:26:41 +00:00
2019-04-16 16:00:15 +00:00
RaftIndex ` bexpr:"-" `
2013-12-12 19:37:19 +00:00
}
2015-10-14 06:38:07 +00:00
2022-11-14 18:36:27 +00:00
func ( s * ServiceNode ) FillAuthzContext ( ctx * acl . AuthorizerContext ) {
if ctx == nil {
return
}
ctx . Peer = s . PeerName
s . EnterpriseMeta . FillAuthzContext ( ctx )
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
func ( s * ServiceNode ) PeerOrEmpty ( ) string {
return s . PeerName
}
2016-08-12 23:28:56 +00:00
// PartialClone() returns a clone of the given service node, minus the node-
// related fields that get filled in later, Address and TaggedAddresses.
func ( s * ServiceNode ) PartialClone ( ) * ServiceNode {
2015-10-14 06:38:07 +00:00
tags := make ( [ ] string , len ( s . ServiceTags ) )
copy ( tags , s . ServiceTags )
2018-02-09 00:37:45 +00:00
nsmeta := make ( map [ string ] string )
for k , v := range s . ServiceMeta {
nsmeta [ k ] = v
}
2015-10-14 06:38:07 +00:00
2019-06-17 14:51:50 +00:00
var svcTaggedAddrs map [ string ] ServiceAddress
if len ( s . ServiceTaggedAddresses ) > 0 {
svcTaggedAddrs = make ( map [ string ] ServiceAddress )
for k , v := range s . ServiceTaggedAddresses {
svcTaggedAddrs [ k ] = v
}
}
2015-10-14 06:38:07 +00:00
return & ServiceNode {
2017-01-18 22:26:42 +00:00
// Skip ID, see above.
2016-08-12 23:28:56 +00:00
Node : s . Node ,
// Skip Address, see above.
// Skip TaggedAddresses, see above.
2018-03-07 01:32:41 +00:00
ServiceKind : s . ServiceKind ,
2015-10-19 20:55:35 +00:00
ServiceID : s . ServiceID ,
ServiceName : s . ServiceName ,
ServiceTags : tags ,
ServiceAddress : s . ServiceAddress ,
2021-05-04 04:43:55 +00:00
ServiceSocketPath : s . ServiceSocketPath ,
2019-06-17 14:51:50 +00:00
ServiceTaggedAddresses : svcTaggedAddrs ,
2015-10-19 20:55:35 +00:00
ServicePort : s . ServicePort ,
2018-02-09 00:37:45 +00:00
ServiceMeta : nsmeta ,
2018-09-07 14:30:47 +00:00
ServiceWeights : s . ServiceWeights ,
2015-10-19 20:55:35 +00:00
ServiceEnableTagOverride : s . ServiceEnableTagOverride ,
2019-08-09 19:19:30 +00:00
ServiceProxy : s . ServiceProxy ,
ServiceConnect : s . ServiceConnect ,
2023-03-10 14:36:15 +00:00
ServiceLocality : s . ServiceLocality ,
2015-10-19 20:55:35 +00:00
RaftIndex : RaftIndex {
CreateIndex : s . CreateIndex ,
ModifyIndex : s . ModifyIndex ,
} ,
2019-12-10 02:26:41 +00:00
EnterpriseMeta : s . EnterpriseMeta ,
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
PeerName : s . PeerName ,
2015-10-19 20:55:35 +00:00
}
}
// ToNodeService converts the given service node to a node service.
func ( s * ServiceNode ) ToNodeService ( ) * NodeService {
return & NodeService {
2018-03-06 03:56:52 +00:00
Kind : s . ServiceKind ,
2015-10-19 20:55:35 +00:00
ID : s . ServiceID ,
Service : s . ServiceName ,
Tags : s . ServiceTags ,
Address : s . ServiceAddress ,
2019-06-17 14:51:50 +00:00
TaggedAddresses : s . ServiceTaggedAddresses ,
2015-10-19 20:55:35 +00:00
Port : s . ServicePort ,
2021-05-04 04:43:55 +00:00
SocketPath : s . ServiceSocketPath ,
2018-03-28 14:04:50 +00:00
Meta : s . ServiceMeta ,
2018-09-07 14:30:47 +00:00
Weights : & s . ServiceWeights ,
2015-10-19 20:55:35 +00:00
EnableTagOverride : s . ServiceEnableTagOverride ,
2018-09-12 16:07:47 +00:00
Proxy : s . ServiceProxy ,
2018-06-05 17:51:05 +00:00
Connect : s . ServiceConnect ,
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
PeerName : s . PeerName ,
2019-12-10 02:26:41 +00:00
EnterpriseMeta : s . EnterpriseMeta ,
2023-03-10 14:36:15 +00:00
Locality : s . ServiceLocality ,
2015-10-14 06:38:07 +00:00
RaftIndex : RaftIndex {
CreateIndex : s . CreateIndex ,
ModifyIndex : s . ModifyIndex ,
} ,
}
}
2020-06-12 14:57:41 +00:00
func ( sn * ServiceNode ) CompoundServiceID ( ) ServiceID {
id := sn . ServiceID
if id == "" {
2020-01-24 15:04:58 +00:00
id = sn . ServiceName
2019-12-10 02:26:41 +00:00
}
2020-01-24 15:04:58 +00:00
// copy the ent meta and normalize it
entMeta := sn . EnterpriseMeta
2019-12-10 02:26:41 +00:00
entMeta . Normalize ( )
return ServiceID {
ID : id ,
EnterpriseMeta : entMeta ,
}
}
2023-03-08 16:24:03 +00:00
func ( sn * ServiceNode ) CompoundServiceName ( ) PeeredServiceName {
2020-06-12 14:57:41 +00:00
name := sn . ServiceName
if name == "" {
name = sn . ServiceID
}
2020-01-24 15:04:58 +00:00
2020-06-12 14:57:41 +00:00
// copy the ent meta and normalize it
entMeta := sn . EnterpriseMeta
entMeta . Normalize ( )
2023-03-08 16:24:03 +00:00
return PeeredServiceName {
ServiceName : ServiceName {
Name : name ,
EnterpriseMeta : entMeta ,
} ,
Peer : sn . PeerName ,
2020-06-12 14:57:41 +00:00
}
2023-03-08 16:24:03 +00:00
2020-01-24 15:04:58 +00:00
}
2018-09-07 14:30:47 +00:00
// Weights represent the weight used by DNS for a given status
type Weights struct {
Passing int
Warning int
}
2015-08-25 01:10:23 +00:00
type ServiceNodes [ ] * ServiceNode
2013-12-12 19:37:19 +00:00
2018-03-06 03:56:52 +00:00
// ServiceKind is the kind of service being registered.
type ServiceKind string
2021-12-02 00:44:13 +00:00
func ( k ServiceKind ) Normalized ( ) string {
if k == ServiceKindTypical {
return "typical"
}
return string ( k )
}
2022-05-27 11:38:52 +00:00
// IsProxy returns whether the ServiceKind is a connect proxy or gateway.
func ( k ServiceKind ) IsProxy ( ) bool {
switch k {
case ServiceKindConnectProxy ,
ServiceKindMeshGateway ,
ServiceKindTerminatingGateway ,
2023-02-08 21:52:12 +00:00
ServiceKindIngressGateway ,
ServiceKindAPIGateway :
2022-05-27 11:38:52 +00:00
return true
}
return false
}
2018-03-06 03:56:52 +00:00
const (
2018-03-11 16:11:10 +00:00
// ServiceKindTypical is a typical, classic Consul service. This is
2018-03-26 15:51:43 +00:00
// represented by the absence of a value. This was chosen for ease of
2018-03-11 16:11:10 +00:00
// backwards compatibility: existing services in the catalog would
// default to the typical service.
ServiceKindTypical ServiceKind = ""
2018-03-06 03:56:52 +00:00
2023-02-08 21:52:12 +00:00
// ServiceKindConnectProxy is a proxy for the Consul Service Mesh. This
2018-03-06 03:56:52 +00:00
// service proxies another service within Consul and speaks the connect
// protocol.
ServiceKindConnectProxy ServiceKind = "connect-proxy"
2019-06-18 00:52:01 +00:00
2023-02-08 21:52:12 +00:00
// ServiceKindMeshGateway is a Mesh Gateway for the Consul Service Mesh.
// This service will proxy connections based off the SNI header set by other
2019-06-18 00:52:01 +00:00
// connect proxies
ServiceKindMeshGateway ServiceKind = "mesh-gateway"
2018-03-06 03:56:52 +00:00
2023-02-08 21:52:12 +00:00
// ServiceKindTerminatingGateway is a Terminating Gateway for the Consul Service
// Mesh feature. This service will proxy connections to services outside the mesh.
2020-03-26 16:20:56 +00:00
ServiceKindTerminatingGateway ServiceKind = "terminating-gateway"
2020-03-31 16:59:10 +00:00
2023-02-08 21:52:12 +00:00
// ServiceKindIngressGateway is an Ingress Gateway for the Consul Service Mesh.
2020-03-31 16:59:10 +00:00
// This service allows external traffic to enter the mesh based on
// centralized configuration.
ServiceKindIngressGateway ServiceKind = "ingress-gateway"
2022-06-07 19:03:59 +00:00
2023-02-08 21:52:12 +00:00
// ServiceKindAPIGateway is an API Gateway for the Consul Service Mesh.
// This service allows external traffic to enter the mesh based on
// centralized configuration.
ServiceKindAPIGateway ServiceKind = "api-gateway"
// ServiceKindDestination is a Destination for the Consul Service Mesh feature.
2022-06-07 19:03:59 +00:00
// This service allows external traffic to exit the mesh through a terminating gateway
2022-06-08 17:24:10 +00:00
// based on centralized configuration.
2022-06-07 19:03:59 +00:00
ServiceKindDestination ServiceKind = "destination"
2023-02-21 19:59:36 +00:00
// ServiceKindConnectEnabled is used to indicate whether a service is either
// connect-native or if the service has a corresponding sidecar. It is used for
// internal query purposes and should not be exposed to users as a valid Kind
// option.
ServiceKindConnectEnabled ServiceKind = "connect-enabled"
2020-03-26 16:20:56 +00:00
)
2019-06-20 19:04:39 +00:00
2019-06-17 14:51:50 +00:00
// Type to hold a address and port of a service
type ServiceAddress struct {
Address string
Port int
}
func ( a ServiceAddress ) ToAPIServiceAddress ( ) api . ServiceAddress {
return api . ServiceAddress { Address : a . Address , Port : a . Port }
}
2023-05-12 20:49:42 +00:00
const SidecarProxySuffix = "-sidecar-proxy"
2013-12-12 19:46:25 +00:00
// NodeService is a service provided by a node
type NodeService struct {
2018-03-06 03:56:52 +00:00
// Kind is the kind of service this is. Different kinds of services may
// have differing validation, DNS behavior, etc. An empty kind will default
// to the Default kind. See ServiceKind for the full list of kinds.
2018-06-21 15:17:17 +00:00
Kind ServiceKind ` json:",omitempty" `
2018-03-06 03:56:52 +00:00
2015-09-11 15:35:29 +00:00
ID string
Service string
Tags [ ] string
Address string
2019-06-17 14:51:50 +00:00
TaggedAddresses map [ string ] ServiceAddress ` json:",omitempty" `
2018-03-28 14:04:50 +00:00
Meta map [ string ] string
2021-05-04 04:43:55 +00:00
Port int ` json:",omitempty" `
SocketPath string ` json:",omitempty" ` // TODO This might be integrated into Address somehow, but not sure about the ergonomics. Only one of (address,port) or socketpath can be defined.
2018-09-07 14:30:47 +00:00
Weights * Weights
2015-09-11 15:35:29 +00:00
EnableTagOverride bool
2023-03-10 14:36:15 +00:00
Locality * Locality ` json:",omitempty" bexpr:"-" `
2015-08-22 20:21:38 +00:00
2018-09-12 16:07:47 +00:00
// Proxy is the configuration set for Kind = connect-proxy. It is mandatory in
// that case and an error to be set for any other kind. This config is part of
2019-08-09 19:19:30 +00:00
// a proxy service definition. ProxyConfig may be a more natural name here, but
// it's confusing for the UX because one of the fields in ConnectProxyConfig is
2018-09-12 16:07:47 +00:00
// also called just "Config"
Proxy ConnectProxyConfig
2018-06-05 17:51:05 +00:00
// Connect are the Connect settings for a service. This is purposely NOT
// a pointer so that we never have to nil-check this.
Connect ServiceConnect
2018-06-04 05:14:01 +00:00
2022-09-07 00:35:31 +00:00
// TODO: rename to reflect that this is used to express future intent to register.
2018-09-27 13:33:12 +00:00
// LocallyRegisteredAsSidecar is private as it is only used by a local agent
2022-09-07 00:35:31 +00:00
// state to track if the service was or will be registered from a nested sidecar_service
2018-09-27 13:33:12 +00:00
// block. We need to track that so we can know whether we need to deregister
// it automatically too if it's removed from the service definition or if the
// parent service is deregistered. Relying only on ID would cause us to
// deregister regular services if they happen to be registered using the same
// ID scheme as our sidecars do by default. We could use meta but that gets
// unpleasant because we can't use the consul- prefix from an agent (reserved
// for use internally but in practice that means within the state store or in
2018-10-09 16:57:26 +00:00
// responses only), and it leaks the detail publicly which people might rely
2018-09-27 13:33:12 +00:00
// on which is a bit unpleasant for something that is meant to be config-file
// syntax sugar. Note this is not translated to ServiceNode and friends and
// may not be set on a NodeService that isn't the one the agent registered and
// keeps in it's local state. We never want this rendered in JSON as it's
// internal only. Right now our agent endpoints return api structs which don't
// include it but this is a safety net incase we change that or there is
// somewhere this is used in API output.
2019-04-16 16:00:15 +00:00
LocallyRegisteredAsSidecar bool ` json:"-" bexpr:"-" `
2018-09-27 13:33:12 +00:00
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta ` hcl:",squash" mapstructure:",squash" bexpr:"-" `
2019-12-10 02:26:41 +00:00
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
// If not empty, PeerName represents the peer that the NodeService was imported from.
PeerName string
2019-04-16 16:00:15 +00:00
RaftIndex ` bexpr:"-" `
2013-12-12 19:46:25 +00:00
}
2015-08-22 20:21:38 +00:00
2022-05-25 17:37:44 +00:00
// PeeringServiceMeta is read-only information provided from an exported peer.
type PeeringServiceMeta struct {
SNI [ ] string ` json:",omitempty" `
SpiffeID [ ] string ` json:",omitempty" `
Protocol string ` json:",omitempty" `
}
2022-06-03 21:42:50 +00:00
func ( m * PeeringServiceMeta ) PrimarySNI ( ) string {
if m == nil || len ( m . SNI ) == 0 {
return ""
}
return m . SNI [ 0 ]
}
2022-11-14 18:36:27 +00:00
func ( ns * NodeService ) FillAuthzContext ( ctx * acl . AuthorizerContext ) {
if ctx == nil {
return
}
ctx . Peer = ns . PeerName
ns . EnterpriseMeta . FillAuthzContext ( ctx )
}
2019-06-18 00:52:01 +00:00
func ( ns * NodeService ) BestAddress ( wan bool ) ( string , int ) {
addr := ns . Address
port := ns . Port
if wan {
2020-01-17 14:54:17 +00:00
if wan , ok := ns . TaggedAddresses [ TaggedAddressWAN ] ; ok {
2019-06-18 00:52:01 +00:00
addr = wan . Address
if wan . Port != 0 {
port = wan . Port
}
}
}
return addr , port
}
2020-01-24 15:04:58 +00:00
func ( ns * NodeService ) CompoundServiceID ( ) ServiceID {
2020-06-12 14:57:41 +00:00
id := ns . ID
if id == "" {
id = ns . Service
}
// copy the ent meta and normalize it
entMeta := ns . EnterpriseMeta
entMeta . Normalize ( )
return ServiceID {
ID : id ,
EnterpriseMeta : entMeta ,
}
2020-01-24 15:04:58 +00:00
}
2020-06-12 14:57:41 +00:00
func ( ns * NodeService ) CompoundServiceName ( ) ServiceName {
name := ns . Service
if name == "" {
name = ns . ID
}
// copy the ent meta and normalize it
entMeta := ns . EnterpriseMeta
entMeta . Normalize ( )
return ServiceName {
Name : name ,
EnterpriseMeta : entMeta ,
}
2020-01-24 15:04:58 +00:00
}
2020-09-27 18:38:32 +00:00
// UniqueID is a unique identifier for a service instance within a datacenter by encoding:
// node/namespace/service_id
2020-10-02 00:10:49 +00:00
//
// Note: We do not have strict character restrictions in all node names, so this should NOT be split on / to retrieve components.
2020-09-27 18:38:32 +00:00
func UniqueID ( node string , compoundID string ) string {
2021-07-22 19:33:22 +00:00
// TODO(partitions)
2020-09-27 18:38:32 +00:00
return fmt . Sprintf ( "%s/%s" , node , compoundID )
}
2018-06-05 17:51:05 +00:00
// ServiceConnect are the shared Connect settings between all service
// definitions from the agent to the state store.
type ServiceConnect struct {
// Native is true when this service can natively understand Connect.
2018-09-27 13:33:12 +00:00
Native bool ` json:",omitempty" `
2018-06-05 17:51:05 +00:00
2018-09-27 13:33:12 +00:00
// SidecarService is a nested Service Definition to register at the same time.
// It's purely a convenience mechanism to allow specifying a sidecar service
// along with the application service definition. It's nested nature allows
// all of the fields to be defaulted which can reduce the amount of
// boilerplate needed to register a sidecar service separately, but the end
// result is identical to just making a second service registration via any
// other means.
2019-04-16 16:00:15 +00:00
SidecarService * ServiceDefinition ` json:",omitempty" bexpr:"-" `
2022-05-25 17:37:44 +00:00
PeerMeta * PeeringServiceMeta ` json:",omitempty" bexpr:"-" `
2018-06-05 17:51:05 +00:00
}
2019-10-29 18:13:36 +00:00
func ( t * ServiceConnect ) UnmarshalJSON ( data [ ] byte ) ( err error ) {
type Alias ServiceConnect
aux := & struct {
SidecarServiceSnake * ServiceDefinition ` json:"sidecar_service" `
* Alias
} {
Alias : ( * Alias ) ( t ) ,
}
2020-08-18 22:48:05 +00:00
2019-12-10 02:26:41 +00:00
if err = json . Unmarshal ( data , & aux ) ; err != nil {
2019-10-29 18:13:36 +00:00
return err
}
2020-08-18 22:48:05 +00:00
if t . SidecarService == nil && aux != nil {
2019-10-29 18:13:36 +00:00
t . SidecarService = aux . SidecarServiceSnake
}
return nil
}
2019-05-01 23:39:31 +00:00
// IsSidecarProxy returns true if the NodeService is a sidecar proxy.
func ( s * NodeService ) IsSidecarProxy ( ) bool {
2022-05-25 20:20:17 +00:00
return s . Kind == ServiceKindConnectProxy &&
( s . Proxy . DestinationServiceID != "" || s . Proxy . DestinationServiceName != "" )
2019-04-23 06:39:02 +00:00
}
2020-03-26 16:20:56 +00:00
func ( s * NodeService ) IsGateway ( ) bool {
2020-03-31 16:59:10 +00:00
return s . Kind == ServiceKindMeshGateway ||
s . Kind == ServiceKindTerminatingGateway ||
2023-02-08 21:52:12 +00:00
s . Kind == ServiceKindIngressGateway ||
s . Kind == ServiceKindAPIGateway
2019-06-18 00:52:01 +00:00
}
2018-03-09 06:13:35 +00:00
// Validate validates the node service configuration.
//
// NOTE(mitchellh): This currently only validates fields for a ConnectProxy.
// Historically validation has been directly in the Catalog.Register RPC.
// ConnectProxy validation was moved here for easier table testing, but
// other validation still exists in Catalog.Register.
func ( s * NodeService ) Validate ( ) error {
var result error
2023-06-15 14:01:04 +00:00
if err := s . Locality . Validate ( ) ; err != nil {
result = multierror . Append ( result , err )
}
2022-07-26 18:31:06 +00:00
if s . Kind == ServiceKindConnectProxy {
if s . Port == 0 && s . SocketPath == "" {
result = multierror . Append ( result , fmt . Errorf ( "Port or SocketPath must be set for a %s" , s . Kind ) )
}
}
commonValidation := s . ValidateForAgent ( )
if commonValidation != nil {
result = multierror . Append ( result , commonValidation )
}
return result
}
// ValidateForAgent does a subset validation, with the assumption that a local agent can assist with missing values.
//
// I.e. in the catalog case, a local agent cannot be assumed to facilitate auto-assignment of port or socket path,
// so additional checks are needed.
func ( s * NodeService ) ValidateForAgent ( ) error {
var result error
2021-07-22 19:33:22 +00:00
// TODO(partitions): remember to double check that this doesn't cross partition boundaries
2018-03-09 06:13:35 +00:00
// ConnectProxy validation
if s . Kind == ServiceKindConnectProxy {
2018-09-12 16:07:47 +00:00
if strings . TrimSpace ( s . Proxy . DestinationServiceName ) == "" {
2018-03-09 06:13:35 +00:00
result = multierror . Append ( result , fmt . Errorf (
2018-09-12 16:07:47 +00:00
"Proxy.DestinationServiceName must be non-empty for Connect proxy " +
"services" ) )
2018-03-09 06:13:35 +00:00
}
2021-04-08 17:16:03 +00:00
if s . Proxy . DestinationServiceName == WildcardSpecifier {
2021-03-20 02:56:02 +00:00
result = multierror . Append ( result , fmt . Errorf (
"Proxy.DestinationServiceName must not be a wildcard for Connect proxy " +
"services" ) )
}
2018-03-09 06:13:35 +00:00
2018-06-05 17:51:05 +00:00
if s . Connect . Native {
2018-06-05 03:04:45 +00:00
result = multierror . Append ( result , fmt . Errorf (
2018-09-12 16:07:47 +00:00
"A Proxy cannot also be Connect Native, only typical services" ) )
2018-06-05 03:04:45 +00:00
}
2019-08-01 18:26:02 +00:00
2023-05-09 18:20:26 +00:00
if err := validateOpaqueProxyConfig ( s . Proxy . Config ) ; err != nil {
result = multierror . Append ( result , fmt . Errorf ( "Proxy.Config: %w" , err ) )
}
2019-08-01 18:26:02 +00:00
// ensure we don't have multiple upstreams for the same service
var (
upstreamKeys = make ( map [ UpstreamKey ] struct { } )
bindAddrs = make ( map [ string ] struct { } )
)
for _ , u := range s . Proxy . Upstreams {
2022-04-29 22:12:51 +00:00
2021-09-07 20:29:32 +00:00
destinationPartition := u . DestinationPartition
if destinationPartition == "" {
2022-04-29 22:12:51 +00:00
// If we have a set DestinationPeer, then DestinationPartition
// must match the NodeService's Partition
if u . DestinationPeer != "" {
destinationPartition = s . PartitionOrDefault ( )
} else {
destinationPartition = acl . DefaultPartitionName
}
2021-09-07 20:29:32 +00:00
}
2022-04-29 22:12:51 +00:00
if u . DestinationPeer == "" {
// cross DC Upstreams are only allowed for non "default" partitions
if u . Datacenter != "" && ( destinationPartition != acl . DefaultPartitionName || s . PartitionOrDefault ( ) != "default" ) {
result = multierror . Append ( result , fmt . Errorf (
"upstreams cannot target another datacenter in non default partition" ) )
continue
}
} else {
if destinationPartition != s . PartitionOrDefault ( ) {
result = multierror . Append ( result , fmt . Errorf (
"upstreams must target peers in the same partition as the service" ) )
continue
}
2021-09-07 20:29:32 +00:00
}
2022-04-29 22:12:51 +00:00
2019-08-01 18:26:02 +00:00
if err := u . Validate ( ) ; err != nil {
result = multierror . Append ( result , err )
continue
}
uk := u . ToKey ( )
if _ , ok := upstreamKeys [ uk ] ; ok {
result = multierror . Append ( result , fmt . Errorf (
"upstreams cannot contain duplicates of %s" , uk ) )
continue
}
upstreamKeys [ uk ] = struct { } { }
2021-03-26 20:00:44 +00:00
addr := u . UpstreamAddressToString ( )
2019-08-01 18:26:02 +00:00
2021-03-20 01:57:23 +00:00
// Centrally configured upstreams will fail this check if there are multiple because they do not have an address/port.
// Only consider non-centrally configured upstreams in this check since those are the ones we create listeners for.
if _ , ok := bindAddrs [ addr ] ; ok && ! u . CentrallyConfigured {
2019-08-01 18:26:02 +00:00
result = multierror . Append ( result , fmt . Errorf (
2021-03-26 20:00:44 +00:00
"upstreams cannot contain duplicates by local bind address and port or unix path; %q is specified twice" , addr ) )
2019-08-01 18:26:02 +00:00
continue
}
bindAddrs [ addr ] = struct { } { }
}
2021-06-14 20:04:11 +00:00
2019-09-26 02:55:52 +00:00
var knownListeners = make ( map [ int ] bool )
for _ , path := range s . Proxy . Expose . Paths {
if path . Path == "" {
result = multierror . Append ( result , fmt . Errorf ( "expose.paths: empty path exposed" ) )
}
if seen := knownListeners [ path . ListenerPort ] ; seen {
result = multierror . Append ( result , fmt . Errorf ( "expose.paths: duplicate listener ports exposed" ) )
}
knownListeners [ path . ListenerPort ] = true
if path . ListenerPort <= 0 || path . ListenerPort > 65535 {
result = multierror . Append ( result , fmt . Errorf ( "expose.paths: invalid listener port: %d" , path . ListenerPort ) )
}
path . Protocol = strings . ToLower ( path . Protocol )
if ok := allowedExposeProtocols [ path . Protocol ] ; ! ok && path . Protocol != "" {
protocols := make ( [ ] string , 0 )
2020-06-16 17:19:31 +00:00
for p := range allowedExposeProtocols {
2019-09-26 02:55:52 +00:00
protocols = append ( protocols , p )
}
result = multierror . Append ( result ,
fmt . Errorf ( "protocol '%s' not supported for path: %s, must be in: %v" ,
path . Protocol , path . Path , protocols ) )
}
}
2018-03-09 06:13:35 +00:00
}
2020-03-26 16:20:56 +00:00
// Gateway validation
if s . IsGateway ( ) {
2020-03-31 16:59:10 +00:00
// Non-ingress gateways must have a port
2023-02-09 16:32:10 +00:00
if s . Port == 0 && s . Kind != ServiceKindIngressGateway && s . Kind != ServiceKindAPIGateway {
2020-03-26 16:20:56 +00:00
result = multierror . Append ( result , fmt . Errorf ( "Port must be non-zero for a %s" , s . Kind ) )
2019-06-18 00:52:01 +00:00
}
// Gateways cannot have sidecars
if s . Connect . SidecarService != nil {
2020-03-26 16:20:56 +00:00
result = multierror . Append ( result , fmt . Errorf ( "A %s cannot have a sidecar service defined" , s . Kind ) )
2019-06-18 00:52:01 +00:00
}
if s . Proxy . DestinationServiceName != "" {
2020-03-26 16:20:56 +00:00
result = multierror . Append ( result , fmt . Errorf ( "The Proxy.DestinationServiceName configuration is invalid for a %s" , s . Kind ) )
2019-06-18 00:52:01 +00:00
}
if s . Proxy . DestinationServiceID != "" {
2020-03-26 16:20:56 +00:00
result = multierror . Append ( result , fmt . Errorf ( "The Proxy.DestinationServiceID configuration is invalid for a %s" , s . Kind ) )
2019-06-18 00:52:01 +00:00
}
if s . Proxy . LocalServiceAddress != "" {
2020-03-26 16:20:56 +00:00
result = multierror . Append ( result , fmt . Errorf ( "The Proxy.LocalServiceAddress configuration is invalid for a %s" , s . Kind ) )
2019-06-18 00:52:01 +00:00
}
if s . Proxy . LocalServicePort != 0 {
2020-03-26 16:20:56 +00:00
result = multierror . Append ( result , fmt . Errorf ( "The Proxy.LocalServicePort configuration is invalid for a %s" , s . Kind ) )
2019-06-18 00:52:01 +00:00
}
2021-05-04 04:43:55 +00:00
if s . Proxy . LocalServiceSocketPath != "" {
result = multierror . Append ( result , fmt . Errorf ( "The Proxy.LocalServiceSocketPath configuration is invalid for a %s" , s . Kind ) )
}
2019-06-18 00:52:01 +00:00
if len ( s . Proxy . Upstreams ) != 0 {
2020-03-26 16:20:56 +00:00
result = multierror . Append ( result , fmt . Errorf ( "The Proxy.Upstreams configuration is invalid for a %s" , s . Kind ) )
2019-06-18 00:52:01 +00:00
}
}
2018-09-27 13:33:12 +00:00
// Nested sidecar validation
if s . Connect . SidecarService != nil {
if s . Connect . SidecarService . ID != "" {
result = multierror . Append ( result , fmt . Errorf (
"A SidecarService cannot specify an ID as this is managed by the " +
"agent" ) )
}
if s . Connect . SidecarService . Connect != nil {
if s . Connect . SidecarService . Connect . SidecarService != nil {
result = multierror . Append ( result , fmt . Errorf (
"A SidecarService cannot have a nested SidecarService" ) )
}
}
}
2022-05-05 16:13:30 +00:00
if s . Connect . Native && s . Port == 0 && s . SocketPath == "" {
result = multierror . Append ( result , fmt . Errorf (
"Port or SocketPath must be set for a Connect native service." ) )
}
2018-03-09 06:13:35 +00:00
return result
}
2015-10-28 21:32:00 +00:00
// IsSame checks if one NodeService is the same as another, without looking
// at the Raft information (that's why we didn't call it IsEqual). This is
// useful for seeing if an update would be idempotent for all the functional
// parts of the structure.
func ( s * NodeService ) IsSame ( other * NodeService ) bool {
if s . ID != other . ID ||
s . Service != other . Service ||
! reflect . DeepEqual ( s . Tags , other . Tags ) ||
s . Address != other . Address ||
s . Port != other . Port ||
2021-05-04 04:43:55 +00:00
s . SocketPath != other . SocketPath ||
2019-06-17 14:51:50 +00:00
! reflect . DeepEqual ( s . TaggedAddresses , other . TaggedAddresses ) ||
2018-09-07 14:30:47 +00:00
! reflect . DeepEqual ( s . Weights , other . Weights ) ||
2018-03-28 14:04:50 +00:00
! reflect . DeepEqual ( s . Meta , other . Meta ) ||
2023-03-10 14:36:15 +00:00
! reflect . DeepEqual ( s . Locality , other . Locality ) ||
2018-03-10 01:21:26 +00:00
s . EnableTagOverride != other . EnableTagOverride ||
s . Kind != other . Kind ||
2018-09-12 16:07:47 +00:00
! reflect . DeepEqual ( s . Proxy , other . Proxy ) ||
2019-12-10 02:26:41 +00:00
s . Connect != other . Connect ||
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
s . PeerName != other . PeerName ||
2019-12-10 02:26:41 +00:00
! s . EnterpriseMeta . IsSame ( & other . EnterpriseMeta ) {
2015-10-28 21:32:00 +00:00
return false
}
return true
}
2018-10-11 11:42:39 +00:00
// IsSameService checks if one Service of a ServiceNode is the same as another,
// without looking at the Raft information or Node information (that's why we
// didn't call it IsEqual).
// This is useful for seeing if an update would be idempotent for all the functional
// parts of the structure.
// In a similar fashion as ToNodeService(), fields related to Node are ignored
// see ServiceNode for more information.
func ( s * ServiceNode ) IsSameService ( other * ServiceNode ) bool {
// Skip the following fields, see ServiceNode definition
// Address string
// Datacenter string
// TaggedAddresses map[string]string
// NodeMeta map[string]string
if s . ID != other . ID ||
2022-02-24 22:54:47 +00:00
! strings . EqualFold ( s . Node , other . Node ) ||
2018-10-11 11:42:39 +00:00
s . ServiceKind != other . ServiceKind ||
s . ServiceID != other . ServiceID ||
s . ServiceName != other . ServiceName ||
! reflect . DeepEqual ( s . ServiceTags , other . ServiceTags ) ||
s . ServiceAddress != other . ServiceAddress ||
2019-06-17 14:51:50 +00:00
! reflect . DeepEqual ( s . ServiceTaggedAddresses , other . ServiceTaggedAddresses ) ||
2018-10-11 11:42:39 +00:00
s . ServicePort != other . ServicePort ||
! reflect . DeepEqual ( s . ServiceMeta , other . ServiceMeta ) ||
! reflect . DeepEqual ( s . ServiceWeights , other . ServiceWeights ) ||
s . ServiceEnableTagOverride != other . ServiceEnableTagOverride ||
! reflect . DeepEqual ( s . ServiceProxy , other . ServiceProxy ) ||
2019-12-10 02:26:41 +00:00
! reflect . DeepEqual ( s . ServiceConnect , other . ServiceConnect ) ||
! s . EnterpriseMeta . IsSame ( & other . EnterpriseMeta ) {
2018-10-11 11:42:39 +00:00
return false
}
return true
}
2015-10-19 20:55:35 +00:00
// ToServiceNode converts the given node service to a service node.
2016-08-12 23:28:56 +00:00
func ( s * NodeService ) ToServiceNode ( node string ) * ServiceNode {
2018-09-07 14:30:47 +00:00
theWeights := Weights {
Passing : 1 ,
Warning : 1 ,
}
if s . Weights != nil {
if err := ValidateWeights ( s . Weights ) ; err == nil {
theWeights = * s . Weights
}
}
2015-10-19 20:55:35 +00:00
return & ServiceNode {
2017-01-18 22:26:42 +00:00
// Skip ID, see ServiceNode definition.
2016-08-12 23:28:56 +00:00
Node : node ,
// Skip Address, see ServiceNode definition.
// Skip TaggedAddresses, see ServiceNode definition.
2018-03-06 03:56:52 +00:00
ServiceKind : s . Kind ,
2015-10-19 20:55:35 +00:00
ServiceID : s . ID ,
ServiceName : s . Service ,
ServiceTags : s . Tags ,
ServiceAddress : s . Address ,
2019-06-17 14:51:50 +00:00
ServiceTaggedAddresses : s . TaggedAddresses ,
2015-10-19 20:55:35 +00:00
ServicePort : s . Port ,
2021-05-04 04:43:55 +00:00
ServiceSocketPath : s . SocketPath ,
2018-03-28 14:04:50 +00:00
ServiceMeta : s . Meta ,
2018-09-07 14:30:47 +00:00
ServiceWeights : theWeights ,
2015-10-19 20:55:35 +00:00
ServiceEnableTagOverride : s . EnableTagOverride ,
2018-09-12 16:07:47 +00:00
ServiceProxy : s . Proxy ,
2018-06-05 17:51:05 +00:00
ServiceConnect : s . Connect ,
2023-03-10 14:36:15 +00:00
ServiceLocality : s . Locality ,
2019-12-10 02:26:41 +00:00
EnterpriseMeta : s . EnterpriseMeta ,
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
PeerName : s . PeerName ,
2015-10-19 20:55:35 +00:00
RaftIndex : RaftIndex {
CreateIndex : s . CreateIndex ,
ModifyIndex : s . ModifyIndex ,
} ,
}
}
2021-12-07 15:18:28 +00:00
// NodeServices represents services provided by Node.
// Services is a map of service IDs to services.
2014-01-03 01:29:39 +00:00
type NodeServices struct {
2015-08-25 01:10:23 +00:00
Node * Node
2014-01-08 18:29:29 +00:00
Services map [ string ] * NodeService
2014-01-03 01:29:39 +00:00
}
2013-12-12 19:46:25 +00:00
2021-12-07 15:18:28 +00:00
// NodeServiceList represents services provided by Node.
// Services is a list of services.
2019-12-10 02:26:41 +00:00
type NodeServiceList struct {
Node * Node
Services [ ] * NodeService
}
2021-05-12 20:51:39 +00:00
// HealthCheck represents a single check on a given node.
2014-01-08 19:21:29 +00:00
type HealthCheck struct {
Node string
2016-06-06 20:19:31 +00:00
CheckID types . CheckID // Unique per-node ID
Name string // Check name
Status string // The current check status
Notes string // Additional notes with the status
Output string // Holds output of script runs
ServiceID string // optional associated service
ServiceName string // optional service name
2017-04-27 23:03:05 +00:00
ServiceTags [ ] string // optional service tags
2022-06-06 19:13:19 +00:00
Type string // Check type: http/ttl/tcp/udp/etc
2015-08-25 05:32:18 +00:00
2021-08-03 22:26:49 +00:00
Interval string // from definition
Timeout string // from definition
2021-05-12 20:51:39 +00:00
// ExposedPort is the port of the exposed Envoy listener representing the
// HTTP or GRPC health check of the service.
ExposedPort int
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
// PeerName is the name of the peer the check was imported from.
// It is empty if the check was registered locally.
PeerName string ` json:",omitempty" `
2019-04-16 16:00:15 +00:00
Definition HealthCheckDefinition ` bexpr:"-" `
2017-11-01 21:25:46 +00:00
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta ` hcl:",squash" mapstructure:",squash" bexpr:"-" `
2019-12-10 02:26:41 +00:00
2019-04-16 16:00:15 +00:00
RaftIndex ` bexpr:"-" `
2017-11-01 21:25:46 +00:00
}
2022-11-14 18:36:27 +00:00
func ( hc * HealthCheck ) FillAuthzContext ( ctx * acl . AuthorizerContext ) {
if ctx == nil {
return
}
ctx . Peer = hc . PeerName
hc . EnterpriseMeta . FillAuthzContext ( ctx )
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
func ( hc * HealthCheck ) PeerOrEmpty ( ) string {
return hc . PeerName
}
2021-02-12 22:31:02 +00:00
func ( hc * HealthCheck ) NodeIdentity ( ) Identity {
2021-07-22 19:33:22 +00:00
return Identity {
ID : hc . Node ,
2021-09-17 23:19:42 +00:00
EnterpriseMeta : * NodeEnterpriseMetaInPartition ( hc . PartitionOrDefault ( ) ) ,
2021-07-22 19:33:22 +00:00
}
2021-02-12 22:31:02 +00:00
}
2019-12-10 02:26:41 +00:00
func ( hc * HealthCheck ) CompoundServiceID ( ) ServiceID {
id := hc . ServiceID
if id == "" {
id = hc . ServiceName
}
entMeta := hc . EnterpriseMeta
entMeta . Normalize ( )
return ServiceID {
ID : id ,
EnterpriseMeta : entMeta ,
}
}
func ( hc * HealthCheck ) CompoundCheckID ( ) CheckID {
entMeta := hc . EnterpriseMeta
entMeta . Normalize ( )
return CheckID {
ID : hc . CheckID ,
EnterpriseMeta : entMeta ,
}
}
2017-11-01 21:25:46 +00:00
type HealthCheckDefinition struct {
2018-12-12 17:14:02 +00:00
HTTP string ` json:",omitempty" `
2021-02-25 06:35:34 +00:00
TLSServerName string ` json:",omitempty" `
2018-12-12 17:14:02 +00:00
TLSSkipVerify bool ` json:",omitempty" `
Header map [ string ] [ ] string ` json:",omitempty" `
Method string ` json:",omitempty" `
2020-02-10 16:27:12 +00:00
Body string ` json:",omitempty" `
2022-04-01 21:31:15 +00:00
DisableRedirects bool ` json:",omitempty" `
2018-12-12 17:14:02 +00:00
TCP string ` json:",omitempty" `
2022-06-06 19:13:19 +00:00
UDP string ` json:",omitempty" `
2021-04-09 19:12:10 +00:00
H2PING string ` json:",omitempty" `
2022-09-21 12:10:21 +00:00
OSService string ` json:",omitempty" `
2021-10-05 01:36:18 +00:00
H2PingUseTLS bool ` json:",omitempty" `
2018-12-12 17:14:02 +00:00
Interval time . Duration ` json:",omitempty" `
2019-06-26 15:43:25 +00:00
OutputMaxSize uint ` json:",omitempty" `
2018-12-12 17:14:02 +00:00
Timeout time . Duration ` json:",omitempty" `
DeregisterCriticalServiceAfter time . Duration ` json:",omitempty" `
2019-09-26 02:55:52 +00:00
ScriptArgs [ ] string ` json:",omitempty" `
DockerContainerID string ` json:",omitempty" `
Shell string ` json:",omitempty" `
GRPC string ` json:",omitempty" `
GRPCUseTLS bool ` json:",omitempty" `
AliasNode string ` json:",omitempty" `
AliasService string ` json:",omitempty" `
TTL time . Duration ` json:",omitempty" `
2018-12-12 17:14:02 +00:00
}
func ( d * HealthCheckDefinition ) MarshalJSON ( ) ( [ ] byte , error ) {
2019-01-24 16:12:08 +00:00
type Alias HealthCheckDefinition
exported := & struct {
Interval string ` json:",omitempty" `
2019-06-26 15:43:25 +00:00
OutputMaxSize uint ` json:",omitempty" `
2019-01-24 16:12:08 +00:00
Timeout string ` json:",omitempty" `
DeregisterCriticalServiceAfter string ` json:",omitempty" `
* Alias
} {
Interval : d . Interval . String ( ) ,
2019-06-26 15:43:25 +00:00
OutputMaxSize : d . OutputMaxSize ,
2019-01-24 16:12:08 +00:00
Timeout : d . Timeout . String ( ) ,
DeregisterCriticalServiceAfter : d . DeregisterCriticalServiceAfter . String ( ) ,
Alias : ( * Alias ) ( d ) ,
2019-01-16 00:54:07 +00:00
}
2019-01-24 16:12:08 +00:00
if d . Interval == 0 {
exported . Interval = ""
2019-01-16 00:54:07 +00:00
}
2019-01-24 16:12:08 +00:00
if d . Timeout == 0 {
exported . Timeout = ""
2019-01-16 00:54:07 +00:00
}
2019-01-24 16:12:08 +00:00
if d . DeregisterCriticalServiceAfter == 0 {
exported . DeregisterCriticalServiceAfter = ""
2019-01-16 00:54:07 +00:00
}
return json . Marshal ( exported )
2018-12-12 17:14:02 +00:00
}
2019-10-29 18:13:36 +00:00
func ( t * HealthCheckDefinition ) UnmarshalJSON ( data [ ] byte ) ( err error ) {
2018-12-12 17:14:02 +00:00
type Alias HealthCheckDefinition
aux := & struct {
2019-10-29 18:13:36 +00:00
Interval interface { }
Timeout interface { }
DeregisterCriticalServiceAfter interface { }
TTL interface { }
2018-12-12 17:14:02 +00:00
* Alias
} {
2019-10-29 18:13:36 +00:00
Alias : ( * Alias ) ( t ) ,
2018-12-12 17:14:02 +00:00
}
2019-12-10 02:26:41 +00:00
if err := json . Unmarshal ( data , & aux ) ; err != nil {
2018-12-12 17:14:02 +00:00
return err
}
2019-10-29 18:13:36 +00:00
if aux . Interval != nil {
switch v := aux . Interval . ( type ) {
case string :
if t . Interval , err = time . ParseDuration ( v ) ; err != nil {
return err
}
case float64 :
t . Interval = time . Duration ( v )
2018-12-12 17:14:02 +00:00
}
}
2019-10-29 18:13:36 +00:00
if aux . Timeout != nil {
switch v := aux . Timeout . ( type ) {
case string :
if t . Timeout , err = time . ParseDuration ( v ) ; err != nil {
return err
}
case float64 :
t . Timeout = time . Duration ( v )
2018-12-12 17:14:02 +00:00
}
}
2019-10-29 18:13:36 +00:00
if aux . DeregisterCriticalServiceAfter != nil {
switch v := aux . DeregisterCriticalServiceAfter . ( type ) {
case string :
if t . DeregisterCriticalServiceAfter , err = time . ParseDuration ( v ) ; err != nil {
return err
}
case float64 :
t . DeregisterCriticalServiceAfter = time . Duration ( v )
}
}
if aux . TTL != nil {
switch v := aux . TTL . ( type ) {
case string :
if t . TTL , err = time . ParseDuration ( v ) ; err != nil {
return err
}
case float64 :
t . TTL = time . Duration ( v )
2018-12-12 17:14:02 +00:00
}
}
return nil
2014-01-08 19:21:29 +00:00
}
2015-10-28 21:32:00 +00:00
// IsSame checks if one HealthCheck is the same as another, without looking
// at the Raft information (that's why we didn't call it IsEqual). This is
// useful for seeing if an update would be idempotent for all the functional
// parts of the structure.
func ( c * HealthCheck ) IsSame ( other * HealthCheck ) bool {
2022-02-24 22:54:47 +00:00
if ! strings . EqualFold ( c . Node , other . Node ) ||
2015-10-28 21:32:00 +00:00
c . CheckID != other . CheckID ||
c . Name != other . Name ||
c . Status != other . Status ||
c . Notes != other . Notes ||
c . Output != other . Output ||
c . ServiceID != other . ServiceID ||
2017-04-27 23:03:05 +00:00
c . ServiceName != other . ServiceName ||
2018-10-29 18:41:42 +00:00
! reflect . DeepEqual ( c . ServiceTags , other . ServiceTags ) ||
2019-12-10 02:26:41 +00:00
! reflect . DeepEqual ( c . Definition , other . Definition ) ||
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
c . PeerName != other . PeerName ||
2019-12-10 02:26:41 +00:00
! c . EnterpriseMeta . IsSame ( & other . EnterpriseMeta ) {
2015-10-28 21:32:00 +00:00
return false
}
return true
}
2019-05-24 18:36:56 +00:00
// Clone returns a distinct clone of the HealthCheck. Note that the
// "ServiceTags" and "Definition.Header" field are not deep copied.
2016-04-11 07:05:39 +00:00
func ( c * HealthCheck ) Clone ( ) * HealthCheck {
clone := new ( HealthCheck )
* clone = * c
return clone
}
2019-10-17 18:33:11 +00:00
func ( c * HealthCheck ) CheckType ( ) * CheckType {
return & CheckType {
CheckID : c . CheckID ,
Name : c . Name ,
Status : c . Status ,
Notes : c . Notes ,
ScriptArgs : c . Definition . ScriptArgs ,
AliasNode : c . Definition . AliasNode ,
AliasService : c . Definition . AliasService ,
HTTP : c . Definition . HTTP ,
GRPC : c . Definition . GRPC ,
GRPCUseTLS : c . Definition . GRPCUseTLS ,
Header : c . Definition . Header ,
Method : c . Definition . Method ,
2020-02-10 16:27:12 +00:00
Body : c . Definition . Body ,
2022-04-01 21:31:15 +00:00
DisableRedirects : c . Definition . DisableRedirects ,
2019-10-17 18:33:11 +00:00
TCP : c . Definition . TCP ,
2022-06-06 19:13:19 +00:00
UDP : c . Definition . UDP ,
2021-04-09 19:12:10 +00:00
H2PING : c . Definition . H2PING ,
2022-09-21 12:10:21 +00:00
OSService : c . Definition . OSService ,
2021-10-05 01:36:18 +00:00
H2PingUseTLS : c . Definition . H2PingUseTLS ,
2019-10-17 18:33:11 +00:00
Interval : c . Definition . Interval ,
DockerContainerID : c . Definition . DockerContainerID ,
Shell : c . Definition . Shell ,
2021-02-25 06:35:34 +00:00
TLSServerName : c . Definition . TLSServerName ,
2019-10-17 18:33:11 +00:00
TLSSkipVerify : c . Definition . TLSSkipVerify ,
Timeout : c . Definition . Timeout ,
TTL : c . Definition . TTL ,
DeregisterCriticalServiceAfter : c . Definition . DeregisterCriticalServiceAfter ,
}
}
2016-11-29 21:15:20 +00:00
// HealthChecks is a collection of HealthCheck structs.
2014-01-08 19:35:27 +00:00
type HealthChecks [ ] * HealthCheck
2014-01-08 19:21:29 +00:00
2015-09-10 21:40:11 +00:00
// CheckServiceNode is used to provide the node, its service
2015-07-27 21:41:46 +00:00
// definition, as well as a HealthCheck that is associated.
2014-01-08 22:58:53 +00:00
type CheckServiceNode struct {
2015-09-01 04:04:25 +00:00
Node * Node
Service * NodeService
2014-01-08 22:58:53 +00:00
Checks HealthChecks
2014-01-08 21:52:09 +00:00
}
2019-06-18 00:52:01 +00:00
2022-01-28 06:49:06 +00:00
func ( csn * CheckServiceNode ) BestAddress ( wan bool ) ( uint64 , string , int ) {
2019-06-18 00:52:01 +00:00
// TODO (mesh-gateway) needs a test
// best address
// wan
// wan svc addr
// svc addr
// wan node addr
// node addr
// lan
// svc addr
// node addr
addr , port := csn . Service . BestAddress ( wan )
2022-01-28 06:49:06 +00:00
idx := csn . Service . ModifyIndex
2019-06-18 00:52:01 +00:00
if addr == "" {
addr = csn . Node . BestAddress ( wan )
2022-01-28 06:49:06 +00:00
idx = csn . Node . ModifyIndex
2019-06-18 00:52:01 +00:00
}
2022-01-28 06:49:06 +00:00
return idx , addr , port
2019-06-18 00:52:01 +00:00
}
2020-10-06 23:08:36 +00:00
func ( csn * CheckServiceNode ) CanRead ( authz acl . Authorizer ) acl . EnforcementDecision {
if csn . Node == nil || csn . Service == nil {
return acl . Deny
}
2022-11-14 18:36:27 +00:00
var authzContext acl . AuthorizerContext
csn . Service . FillAuthzContext ( & authzContext )
2022-11-09 21:02:58 +00:00
2022-11-14 18:36:27 +00:00
if authz . NodeRead ( csn . Node . Node , & authzContext ) != acl . Allow {
2020-10-06 23:08:36 +00:00
return acl . Deny
}
2022-11-14 18:36:27 +00:00
if authz . ServiceRead ( csn . Service . Service , & authzContext ) != acl . Allow {
2020-10-06 23:08:36 +00:00
return acl . Deny
}
return acl . Allow
}
2014-01-08 22:58:53 +00:00
type CheckServiceNodes [ ] CheckServiceNode
2014-01-08 21:52:09 +00:00
2022-10-14 09:26:42 +00:00
func ( csns CheckServiceNodes ) DeepCopy ( ) CheckServiceNodes {
dup := make ( CheckServiceNodes , len ( csns ) )
for idx , v := range csns {
dup [ idx ] = * v . DeepCopy ( )
}
return dup
}
2015-11-07 00:59:32 +00:00
// Shuffle does an in-place random shuffle using the Fisher-Yates algorithm.
func ( nodes CheckServiceNodes ) Shuffle ( ) {
for i := len ( nodes ) - 1 ; i > 0 ; i -- {
2016-02-18 23:17:42 +00:00
j := rand . Int31n ( int32 ( i + 1 ) )
2015-11-07 00:59:32 +00:00
nodes [ i ] , nodes [ j ] = nodes [ j ] , nodes [ i ]
}
}
2020-05-11 17:35:17 +00:00
func ( nodes CheckServiceNodes ) ToServiceDump ( ) ServiceDump {
var ret ServiceDump
for i := range nodes {
svc := ServiceInfo {
Node : nodes [ i ] . Node ,
Service : nodes [ i ] . Service ,
Checks : nodes [ i ] . Checks ,
GatewayService : nil ,
}
ret = append ( ret , & svc )
}
return ret
}
2020-03-09 20:59:02 +00:00
// ShallowClone duplicates the slice and underlying array.
func ( nodes CheckServiceNodes ) ShallowClone ( ) CheckServiceNodes {
dup := make ( CheckServiceNodes , len ( nodes ) )
copy ( dup , nodes )
return dup
}
2015-11-07 00:59:32 +00:00
// Filter removes nodes that are failing health checks (and any non-passing
// check if that option is selected). Note that this returns the filtered
// results AND modifies the receiver for performance.
func ( nodes CheckServiceNodes ) Filter ( onlyPassing bool ) CheckServiceNodes {
2018-04-10 12:28:27 +00:00
return nodes . FilterIgnore ( onlyPassing , nil )
}
// FilterIgnore removes nodes that are failing health checks just like Filter.
// It also ignores the status of any check with an ID present in ignoreCheckIDs
// as if that check didn't exist. Note that this returns the filtered results
// AND modifies the receiver for performance.
func ( nodes CheckServiceNodes ) FilterIgnore ( onlyPassing bool ,
ignoreCheckIDs [ ] types . CheckID ) CheckServiceNodes {
2015-11-07 00:59:32 +00:00
n := len ( nodes )
OUTER :
for i := 0 ; i < n ; i ++ {
node := nodes [ i ]
2018-04-10 12:28:27 +00:00
INNER :
2015-11-07 00:59:32 +00:00
for _ , check := range node . Checks {
2018-04-10 12:28:27 +00:00
for _ , ignore := range ignoreCheckIDs {
if check . CheckID == ignore {
// Skip this _check_ but keep looking at other checks for this node.
continue INNER
}
}
2017-04-19 23:00:11 +00:00
if check . Status == api . HealthCritical ||
( onlyPassing && check . Status != api . HealthPassing ) {
2015-11-07 00:59:32 +00:00
nodes [ i ] , nodes [ n - 1 ] = nodes [ n - 1 ] , CheckServiceNode { }
n --
i --
2018-04-10 12:28:27 +00:00
// Skip this _node_ now we've swapped it off the end of the list.
2015-11-07 00:59:32 +00:00
continue OUTER
}
}
}
return nodes [ : n ]
}
2014-04-27 19:49:20 +00:00
// NodeInfo is used to dump all associated information about
// a node. This is currently used for the UI only, as it is
// rather expensive to generate.
type NodeInfo struct {
2017-01-18 22:26:42 +00:00
ID types . NodeID
2016-02-07 18:37:34 +00:00
Node string
2021-07-22 19:33:22 +00:00
Partition string ` json:",omitempty" `
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
PeerName string ` json:",omitempty" `
2016-02-07 18:37:34 +00:00
Address string
TaggedAddresses map [ string ] string
2017-01-05 22:10:26 +00:00
Meta map [ string ] string
2016-02-07 18:37:34 +00:00
Services [ ] * NodeService
2016-11-29 21:15:20 +00:00
Checks HealthChecks
2014-04-27 19:49:20 +00:00
}
2022-03-13 03:55:53 +00:00
func ( n * NodeInfo ) GetEnterpriseMeta ( ) * acl . EnterpriseMeta {
2021-08-25 18:43:11 +00:00
return NodeEnterpriseMetaInPartition ( n . Partition )
}
func ( n * NodeInfo ) PartitionOrDefault ( ) string {
2022-03-13 03:55:53 +00:00
return acl . PartitionOrDefault ( n . Partition )
2021-08-25 18:43:11 +00:00
}
2014-04-27 19:49:20 +00:00
// NodeDump is used to dump all the nodes with all their
// associated data. This is currently used for the UI only,
// as it is rather expensive to generate.
type NodeDump [ ] * NodeInfo
2020-05-11 17:35:17 +00:00
type ServiceInfo struct {
Node * Node
Service * NodeService
Checks HealthChecks
GatewayService * GatewayService
}
type ServiceDump [ ] * ServiceInfo
2019-12-10 02:26:41 +00:00
type CheckID struct {
ID types . CheckID
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta
2019-12-10 02:26:41 +00:00
}
2022-03-12 03:51:24 +00:00
// NamespaceOrDefault exists because acl.EnterpriseMeta uses a pointer
2021-11-24 14:10:38 +00:00
// receiver for this method. Remove once that is fixed.
func ( c CheckID ) NamespaceOrDefault ( ) string {
return c . EnterpriseMeta . NamespaceOrDefault ( )
}
2022-03-12 03:51:24 +00:00
// PartitionOrDefault exists because acl.EnterpriseMeta uses a pointer
2021-11-24 14:10:38 +00:00
// receiver for this method. Remove once that is fixed.
func ( c CheckID ) PartitionOrDefault ( ) string {
return c . EnterpriseMeta . PartitionOrDefault ( )
}
2022-03-13 03:55:53 +00:00
func NewCheckID ( id types . CheckID , entMeta * acl . EnterpriseMeta ) CheckID {
2019-12-10 02:26:41 +00:00
var cid CheckID
cid . ID = id
if entMeta == nil {
2021-07-22 18:20:45 +00:00
entMeta = DefaultEnterpriseMetaInDefaultPartition ( )
2019-12-10 02:26:41 +00:00
}
cid . EnterpriseMeta = * entMeta
cid . EnterpriseMeta . Normalize ( )
2020-04-15 16:03:29 +00:00
return cid
2019-12-10 02:26:41 +00:00
}
2021-11-04 20:07:54 +00:00
// StringHashMD5 is used mainly to populate part of the filename of a check
// definition persisted on the local agent (deprecated in favor of StringHashSHA256)
// Kept around for backwards compatibility
func ( cid CheckID ) StringHashMD5 ( ) string {
2019-12-10 02:26:41 +00:00
hasher := md5 . New ( )
hasher . Write ( [ ] byte ( cid . ID ) )
2022-03-13 03:55:53 +00:00
cid . EnterpriseMeta . AddToHash ( hasher , true )
2019-12-10 02:26:41 +00:00
return fmt . Sprintf ( "%x" , hasher . Sum ( nil ) )
}
2021-11-04 20:07:54 +00:00
// StringHashSHA256 is used mainly to populate part of the filename of a check
// definition persisted on the local agent
func ( cid CheckID ) StringHashSHA256 ( ) string {
hasher := sha256 . New ( )
hasher . Write ( [ ] byte ( cid . ID ) )
2022-03-13 03:55:53 +00:00
cid . EnterpriseMeta . AddToHash ( hasher , true )
2021-11-04 20:07:54 +00:00
return fmt . Sprintf ( "%x" , hasher . Sum ( nil ) )
}
2019-12-10 02:26:41 +00:00
type ServiceID struct {
ID string
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta
2019-12-10 02:26:41 +00:00
}
2022-03-13 03:55:53 +00:00
func NewServiceID ( id string , entMeta * acl . EnterpriseMeta ) ServiceID {
2019-12-10 02:26:41 +00:00
var sid ServiceID
sid . ID = id
if entMeta == nil {
2021-07-22 18:20:45 +00:00
entMeta = DefaultEnterpriseMetaInDefaultPartition ( )
2019-12-10 02:26:41 +00:00
}
sid . EnterpriseMeta = * entMeta
sid . EnterpriseMeta . Normalize ( )
2020-04-15 16:03:29 +00:00
return sid
2019-12-10 02:26:41 +00:00
}
2020-12-11 21:10:00 +00:00
func ( sid ServiceID ) Matches ( other ServiceID ) bool {
return sid . ID == other . ID && sid . EnterpriseMeta . Matches ( & other . EnterpriseMeta )
2019-12-10 02:26:41 +00:00
}
2021-11-04 20:07:54 +00:00
// StringHashSHA256 is used mainly to populate part of the filename of a service
2019-12-10 02:26:41 +00:00
// definition persisted on the local agent
2021-11-04 20:07:54 +00:00
func ( sid ServiceID ) StringHashSHA256 ( ) string {
hasher := sha256 . New ( )
2019-12-10 02:26:41 +00:00
hasher . Write ( [ ] byte ( sid . ID ) )
2022-03-13 03:55:53 +00:00
sid . EnterpriseMeta . AddToHash ( hasher , true )
2019-12-10 02:26:41 +00:00
return fmt . Sprintf ( "%x" , hasher . Sum ( nil ) )
}
2014-02-05 18:44:28 +00:00
type IndexedNodes struct {
Nodes Nodes
2014-04-18 23:46:51 +00:00
QueryMeta
2014-02-05 18:44:28 +00:00
}
type IndexedServices struct {
2014-02-05 22:27:24 +00:00
Services Services
2019-12-10 02:26:41 +00:00
// In various situations we need to know the meta that the services are for - in particular
// this is needed to be able to properly filter the list based on ACLs
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta
2014-04-18 23:46:51 +00:00
QueryMeta
2014-02-05 18:44:28 +00:00
}
2023-02-08 20:07:21 +00:00
type Usage struct {
Usage map [ string ] ServiceUsage
QueryMeta
}
// ServiceUsage contains all of the usage data related to services
type ServiceUsage struct {
Services int
ServiceInstances int
ConnectServiceInstances map [ string ] int
BillableServiceInstances int
EnterpriseServiceUsage
}
2022-06-08 17:24:10 +00:00
// PeeredServiceName is a basic tuple of ServiceName and peer
type PeeredServiceName struct {
ServiceName ServiceName
Peer string
}
2023-02-03 15:51:53 +00:00
func ( psn PeeredServiceName ) String ( ) string {
return fmt . Sprintf ( "%v:%v" , psn . ServiceName . String ( ) , psn . Peer )
}
2023-05-25 16:18:55 +00:00
type ServiceNameWithSamenessGroup struct {
SamenessGroup string
ServiceName
}
2020-05-11 17:35:17 +00:00
type ServiceName struct {
2022-08-11 18:47:10 +00:00
Name string
acl . EnterpriseMeta ` mapstructure:",squash" `
2020-01-24 15:04:58 +00:00
}
2022-03-13 03:55:53 +00:00
func NewServiceName ( name string , entMeta * acl . EnterpriseMeta ) ServiceName {
2020-06-12 14:57:41 +00:00
var ret ServiceName
ret . Name = name
if entMeta == nil {
2021-07-22 18:20:45 +00:00
entMeta = DefaultEnterpriseMetaInDefaultPartition ( )
2020-06-12 14:57:41 +00:00
}
ret . EnterpriseMeta = * entMeta
ret . EnterpriseMeta . Normalize ( )
return ret
}
2020-12-11 21:10:00 +00:00
func ( n ServiceName ) Matches ( o ServiceName ) bool {
return n . Name == o . Name && n . EnterpriseMeta . Matches ( & o . EnterpriseMeta )
2020-06-12 14:57:41 +00:00
}
2020-12-11 21:10:00 +00:00
func ( n ServiceName ) ToServiceID ( ) ServiceID {
2020-07-30 16:21:11 +00:00
return ServiceID { ID : n . Name , EnterpriseMeta : n . EnterpriseMeta }
}
2022-01-12 20:08:49 +00:00
func ServiceGatewayVirtualIPTag ( sn ServiceName ) string {
return fmt . Sprintf ( "%s:%s" , TaggedAddressVirtualIP , sn . String ( ) )
}
2020-05-11 17:35:17 +00:00
type ServiceList [ ] ServiceName
2020-01-24 15:04:58 +00:00
2022-05-12 15:08:50 +00:00
// Len implements sort.Interface.
func ( s ServiceList ) Len ( ) int { return len ( s ) }
// Swap implements sort.Interface.
func ( s ServiceList ) Swap ( i , j int ) { s [ i ] , s [ j ] = s [ j ] , s [ i ] }
func ( s ServiceList ) Sort ( ) { sort . Sort ( s ) }
2020-01-24 15:04:58 +00:00
type IndexedServiceList struct {
Services ServiceList
QueryMeta
}
2022-06-29 20:34:58 +00:00
type IndexedPeeredServiceList struct {
Services [ ] PeeredServiceName
QueryMeta
}
2014-02-05 18:44:28 +00:00
type IndexedServiceNodes struct {
ServiceNodes ServiceNodes
2014-04-18 23:46:51 +00:00
QueryMeta
2014-02-05 18:44:28 +00:00
}
type IndexedNodeServices struct {
2018-02-07 15:02:10 +00:00
// TODO: This should not be a pointer, see comments in
// agent/catalog_endpoint.go.
2014-02-05 18:44:28 +00:00
NodeServices * NodeServices
2014-04-18 23:46:51 +00:00
QueryMeta
2014-02-05 18:44:28 +00:00
}
2019-12-10 02:26:41 +00:00
type IndexedNodeServiceList struct {
NodeServices NodeServiceList
QueryMeta
}
2014-02-05 18:44:28 +00:00
type IndexedHealthChecks struct {
HealthChecks HealthChecks
2014-04-18 23:46:51 +00:00
QueryMeta
2014-02-05 18:44:28 +00:00
}
2014-02-05 21:30:18 +00:00
type IndexedCheckServiceNodes struct {
Nodes CheckServiceNodes
2014-04-18 23:46:51 +00:00
QueryMeta
2014-02-05 21:30:18 +00:00
}
2020-07-30 16:21:11 +00:00
type IndexedNodesWithGateways struct {
2022-06-24 22:17:35 +00:00
ImportedNodes CheckServiceNodes
Nodes CheckServiceNodes
Gateways GatewayServices
2020-07-30 16:21:11 +00:00
QueryMeta
}
2020-03-09 20:59:02 +00:00
type DatacenterIndexedCheckServiceNodes struct {
DatacenterNodes map [ string ] CheckServiceNodes
QueryMeta
}
2014-04-27 19:56:06 +00:00
type IndexedNodeDump struct {
2022-06-24 22:17:35 +00:00
ImportedDump NodeDump
Dump NodeDump
2014-04-27 19:56:06 +00:00
QueryMeta
}
2020-05-11 17:35:17 +00:00
type IndexedServiceDump struct {
Dump ServiceDump
QueryMeta
}
2020-04-08 18:37:24 +00:00
type IndexedGatewayServices struct {
Services GatewayServices
QueryMeta
}
2020-09-29 01:41:24 +00:00
type IndexedServiceTopology struct {
ServiceTopology * ServiceTopology
FilteredByACLs bool
QueryMeta
}
type ServiceTopology struct {
Upstreams CheckServiceNodes
Downstreams CheckServiceNodes
2020-10-08 00:35:34 +00:00
UpstreamDecisions map [ string ] IntentionDecisionSummary
DownstreamDecisions map [ string ] IntentionDecisionSummary
2020-10-08 23:31:54 +00:00
// MetricsProtocol is the protocol of the service being queried
MetricsProtocol string
2021-04-13 16:12:13 +00:00
// TransparentProxy describes whether all instances of the proxy
// service are in transparent mode.
TransparentProxy bool
// (Up|Down)streamSources are maps with labels for why each service is being
// returned. Services can be upstreams or downstreams due to
// explicit upstream definition or various types of intention policies:
// specific, wildcard, or default allow.
UpstreamSources map [ string ] string
DownstreamSources map [ string ] string
2020-09-29 01:41:24 +00:00
}
2019-04-07 06:38:08 +00:00
// IndexedConfigEntries has its own encoding logic which differs from
// ConfigEntryRequest as it has to send a slice of ConfigEntry.
type IndexedConfigEntries struct {
2019-04-10 21:27:28 +00:00
Kind string
2019-04-07 06:38:08 +00:00
Entries [ ] ConfigEntry
QueryMeta
}
func ( c * IndexedConfigEntries ) MarshalBinary ( ) ( data [ ] byte , err error ) {
// bs will grow if needed but allocate enough to avoid reallocation in common
// case.
bs := make ( [ ] byte , 128 )
2020-02-07 21:50:24 +00:00
enc := codec . NewEncoderBytes ( & bs , MsgpackHandle )
2019-04-07 06:38:08 +00:00
2019-04-10 21:27:28 +00:00
// Encode length.
2019-04-07 06:38:08 +00:00
err = enc . Encode ( len ( c . Entries ) )
if err != nil {
return nil , err
}
2019-04-10 21:27:28 +00:00
// Encode kind.
err = enc . Encode ( c . Kind )
if err != nil {
return nil , err
2019-04-07 06:38:08 +00:00
}
// Then actual value using alias trick to avoid infinite recursion
type Alias IndexedConfigEntries
err = enc . Encode ( struct {
* Alias
} {
Alias : ( * Alias ) ( c ) ,
} )
if err != nil {
return nil , err
}
return bs , nil
}
func ( c * IndexedConfigEntries ) UnmarshalBinary ( data [ ] byte ) error {
2019-04-10 21:27:28 +00:00
// First decode the number of entries.
2019-04-07 06:38:08 +00:00
var numEntries int
2020-02-07 21:50:24 +00:00
dec := codec . NewDecoderBytes ( data , MsgpackHandle )
2019-04-07 06:38:08 +00:00
if err := dec . Decode ( & numEntries ) ; err != nil {
return err
}
2019-04-10 21:27:28 +00:00
// Next decode the kind.
var kind string
if err := dec . Decode ( & kind ) ; err != nil {
return err
}
// Then decode the slice of ConfigEntries
2019-04-07 06:38:08 +00:00
c . Entries = make ( [ ] ConfigEntry , numEntries )
for i := 0 ; i < numEntries ; i ++ {
2019-04-10 21:27:28 +00:00
entry , err := MakeConfigEntry ( kind , "" )
2019-04-07 06:38:08 +00:00
if err != nil {
return err
}
c . Entries [ i ] = entry
}
// Alias juggling to prevent infinite recursive calls back to this decode
// method.
type Alias IndexedConfigEntries
as := struct {
* Alias
} {
Alias : ( * Alias ) ( c ) ,
}
if err := dec . Decode ( & as ) ; err != nil {
return err
}
return nil
}
2019-04-26 17:38:39 +00:00
type IndexedGenericConfigEntries struct {
Entries [ ] ConfigEntry
QueryMeta
}
func ( c * IndexedGenericConfigEntries ) MarshalBinary ( ) ( data [ ] byte , err error ) {
// bs will grow if needed but allocate enough to avoid reallocation in common
// case.
bs := make ( [ ] byte , 128 )
2020-02-07 21:50:24 +00:00
enc := codec . NewEncoderBytes ( & bs , MsgpackHandle )
2019-04-26 17:38:39 +00:00
if err := enc . Encode ( len ( c . Entries ) ) ; err != nil {
return nil , err
}
for _ , entry := range c . Entries {
if err := enc . Encode ( entry . GetKind ( ) ) ; err != nil {
return nil , err
}
if err := enc . Encode ( entry ) ; err != nil {
return nil , err
}
}
if err := enc . Encode ( c . QueryMeta ) ; err != nil {
return nil , err
}
return bs , nil
}
func ( c * IndexedGenericConfigEntries ) UnmarshalBinary ( data [ ] byte ) error {
// First decode the number of entries.
var numEntries int
2020-02-07 21:50:24 +00:00
dec := codec . NewDecoderBytes ( data , MsgpackHandle )
2019-04-26 17:38:39 +00:00
if err := dec . Decode ( & numEntries ) ; err != nil {
return err
}
// Then decode the slice of ConfigEntries
c . Entries = make ( [ ] ConfigEntry , numEntries )
for i := 0 ; i < numEntries ; i ++ {
var kind string
if err := dec . Decode ( & kind ) ; err != nil {
return err
}
entry , err := MakeConfigEntry ( kind , "" )
if err != nil {
return err
}
if err := dec . Decode ( entry ) ; err != nil {
return err
}
c . Entries [ i ] = entry
}
if err := dec . Decode ( & c . QueryMeta ) ; err != nil {
return err
}
return nil
}
2014-03-31 18:47:10 +00:00
// DirEntry is used to represent a directory entry. This is
// used for values in our Key-Value store.
type DirEntry struct {
2015-09-01 23:33:52 +00:00
LockIndex uint64
Key string
Flags uint64
Value [ ] byte
Session string ` json:",omitempty" `
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta ` bexpr:"-" `
2015-09-01 23:33:52 +00:00
RaftIndex
2014-03-31 18:47:10 +00:00
}
2015-09-25 19:01:46 +00:00
// Returns a clone of the given directory entry.
func ( d * DirEntry ) Clone ( ) * DirEntry {
return & DirEntry {
LockIndex : d . LockIndex ,
Key : d . Key ,
Flags : d . Flags ,
Value : d . Value ,
Session : d . Session ,
RaftIndex : RaftIndex {
CreateIndex : d . CreateIndex ,
ModifyIndex : d . ModifyIndex ,
} ,
2019-11-25 17:57:35 +00:00
EnterpriseMeta : d . EnterpriseMeta ,
2015-09-25 19:01:46 +00:00
}
}
2019-06-18 13:06:29 +00:00
func ( d * DirEntry ) Equal ( o * DirEntry ) bool {
return d . LockIndex == o . LockIndex &&
d . Key == o . Key &&
d . Flags == o . Flags &&
bytes . Equal ( d . Value , o . Value ) &&
d . Session == o . Session
}
2021-11-08 14:35:56 +00:00
// IDValue implements the state.singleValueID interface for indexing.
func ( d * DirEntry ) IDValue ( ) string {
return d . Key
}
2014-03-31 18:47:10 +00:00
type DirEntries [ ] * DirEntry
// KVSRequest is used to operate on the Key-Value store
type KVSRequest struct {
2014-03-31 21:13:03 +00:00
Datacenter string
2017-04-19 23:00:11 +00:00
Op api . KVOp // Which operation are we performing
2014-03-31 21:13:03 +00:00
DirEnt DirEntry // Which directory entry
2014-04-19 00:14:00 +00:00
WriteRequest
}
func ( r * KVSRequest ) RequestDatacenter ( ) string {
return r . Datacenter
2014-03-31 18:47:10 +00:00
}
2014-03-31 23:00:23 +00:00
// KeyRequest is used to request a key, or key prefix
type KeyRequest struct {
Datacenter string
Key string
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta
2014-04-18 23:46:51 +00:00
QueryOptions
2014-03-31 23:00:23 +00:00
}
2014-04-19 00:14:00 +00:00
func ( r * KeyRequest ) RequestDatacenter ( ) string {
return r . Datacenter
}
2014-04-28 23:33:54 +00:00
// KeyListRequest is used to list keys
type KeyListRequest struct {
Datacenter string
Prefix string
Seperator string
QueryOptions
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta
2014-04-28 23:33:54 +00:00
}
func ( r * KeyListRequest ) RequestDatacenter ( ) string {
return r . Datacenter
}
2014-03-31 23:00:23 +00:00
type IndexedDirEntries struct {
Entries DirEntries
2014-04-18 23:46:51 +00:00
QueryMeta
2014-03-31 23:00:23 +00:00
}
2014-04-28 23:33:54 +00:00
type IndexedKeyList struct {
Keys [ ] string
QueryMeta
}
2014-11-20 02:11:41 +00:00
type SessionBehavior string
const (
SessionKeysRelease SessionBehavior = "release"
SessionKeysDelete = "delete"
)
2014-11-25 16:06:14 +00:00
const (
2015-11-14 23:30:53 +00:00
SessionTTLMax = 24 * time . Hour
2014-11-25 16:06:14 +00:00
SessionTTLMultiplier = 2
)
2019-10-29 18:13:36 +00:00
type Sessions [ ] * Session
2014-05-08 22:01:02 +00:00
// Session is used to represent an open session in the KV store.
// This issued to associate node checks with acquired locks.
type Session struct {
2019-12-10 02:26:41 +00:00
ID string
Name string
2021-07-22 19:33:22 +00:00
Node string // TODO(partitions): ensure that the entmeta interacts with this node field properly
2019-12-10 02:26:41 +00:00
LockDelay time . Duration
Behavior SessionBehavior // What to do when session is invalidated
TTL string
NodeChecks [ ] string
ServiceChecks [ ] ServiceCheck
// Deprecated v1.7.0.
Checks [ ] types . CheckID ` json:",omitempty" `
2015-09-04 02:11:12 +00:00
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta
2015-09-04 02:11:12 +00:00
RaftIndex
2014-05-08 22:01:02 +00:00
}
2019-10-29 18:13:36 +00:00
2019-12-10 02:26:41 +00:00
type ServiceCheck struct {
ID string
Namespace string
}
2021-11-08 21:20:50 +00:00
// IDValue implements the state.singleValueID interface for indexing.
func ( s * Session ) IDValue ( ) string {
return s . ID
}
2019-12-10 02:26:41 +00:00
func ( s * Session ) UnmarshalJSON ( data [ ] byte ) ( err error ) {
2019-10-29 18:13:36 +00:00
type Alias Session
aux := & struct {
LockDelay interface { }
* Alias
} {
2019-12-10 02:26:41 +00:00
Alias : ( * Alias ) ( s ) ,
2019-10-29 18:13:36 +00:00
}
2019-12-10 02:26:41 +00:00
if err = json . Unmarshal ( data , & aux ) ; err != nil {
2019-10-29 18:13:36 +00:00
return err
}
if aux . LockDelay != nil {
var dur time . Duration
switch v := aux . LockDelay . ( type ) {
case string :
if dur , err = time . ParseDuration ( v ) ; err != nil {
return err
}
case float64 :
dur = time . Duration ( v )
}
// Convert low value integers into seconds
if dur < lockDelayMinThreshold {
dur = dur * time . Second
}
2019-12-10 02:26:41 +00:00
s . LockDelay = dur
2019-10-29 18:13:36 +00:00
}
return nil
}
2014-05-08 22:01:02 +00:00
2014-05-16 02:22:31 +00:00
type SessionOp string
const (
SessionCreate SessionOp = "create"
SessionDestroy = "destroy"
)
// SessionRequest is used to operate on sessions
type SessionRequest struct {
Datacenter string
Op SessionOp // Which operation are we performing
Session Session // Which session
WriteRequest
}
func ( r * SessionRequest ) RequestDatacenter ( ) string {
return r . Datacenter
}
2014-05-16 22:49:17 +00:00
// SessionSpecificRequest is used to request a session by ID
type SessionSpecificRequest struct {
2014-05-16 21:36:14 +00:00
Datacenter string
2019-11-25 17:07:04 +00:00
SessionID string
2020-03-05 16:06:09 +00:00
// DEPRECATED in 1.7.0
Session string
2022-03-13 03:55:53 +00:00
acl . EnterpriseMeta
2014-05-16 21:36:14 +00:00
QueryOptions
}
2014-05-16 22:49:17 +00:00
func ( r * SessionSpecificRequest ) RequestDatacenter ( ) string {
2014-05-16 21:36:14 +00:00
return r . Datacenter
}
type IndexedSessions struct {
Sessions Sessions
QueryMeta
}
2015-06-19 15:26:56 +00:00
// Coordinate stores a node name with its associated network coordinate.
2015-03-28 18:52:04 +00:00
type Coordinate struct {
2021-07-22 19:33:22 +00:00
Node string
Segment string
Partition string ` json:",omitempty" ` // TODO(partitions): fully thread this needle
Coord * coordinate . Coordinate
}
2022-03-13 03:55:53 +00:00
func ( c * Coordinate ) GetEnterpriseMeta ( ) * acl . EnterpriseMeta {
2021-07-22 19:33:22 +00:00
return NodeEnterpriseMetaInPartition ( c . Partition )
}
func ( c * Coordinate ) PartitionOrDefault ( ) string {
2022-03-13 03:55:53 +00:00
return acl . PartitionOrDefault ( c . Partition )
2015-03-28 18:52:04 +00:00
}
2015-10-23 22:19:14 +00:00
type Coordinates [ ] * Coordinate
2015-06-06 03:31:33 +00:00
// IndexedCoordinate is used to represent a single node's coordinate from the state
2015-07-29 23:33:25 +00:00
// store.
2015-04-18 21:05:29 +00:00
type IndexedCoordinate struct {
Coord * coordinate . Coordinate
QueryMeta
}
2015-07-29 23:33:25 +00:00
// IndexedCoordinates is used to represent a list of nodes and their
// corresponding raw coordinates.
type IndexedCoordinates struct {
2015-10-23 22:19:14 +00:00
Coordinates Coordinates
2015-07-29 23:33:25 +00:00
QueryMeta
}
// DatacenterMap is used to represent a list of nodes with their raw coordinates,
2017-03-14 01:54:34 +00:00
// associated with a datacenter. Coordinates are only compatible between nodes in
// the same area.
2015-07-29 23:33:25 +00:00
type DatacenterMap struct {
Datacenter string
2017-03-14 01:54:34 +00:00
AreaID types . AreaID
2015-10-23 22:19:14 +00:00
Coordinates Coordinates
2015-07-29 23:33:25 +00:00
}
2015-06-06 03:31:33 +00:00
// CoordinateUpdateRequest is used to update the network coordinate of a given
// node.
2015-03-28 18:52:04 +00:00
type CoordinateUpdateRequest struct {
2022-03-13 03:55:53 +00:00
Datacenter string
Node string
Segment string
Coord * coordinate . Coordinate
acl . EnterpriseMeta ` hcl:",squash" mapstructure:",squash" `
2015-04-09 20:23:14 +00:00
WriteRequest
2015-03-28 18:52:04 +00:00
}
2015-06-06 03:31:33 +00:00
// RequestDatacenter returns the datacenter for a given update request.
2015-04-18 21:05:29 +00:00
func ( c * CoordinateUpdateRequest ) RequestDatacenter ( ) string {
return c . Datacenter
}
2014-08-28 22:00:49 +00:00
// EventFireRequest is used to ask a server to fire
// a Serf event. It is a bit odd, since it doesn't depend on
// the catalog or leader. Any node can respond, so it's not quite
// like a standard write request. This is used only internally.
type EventFireRequest struct {
Datacenter string
Name string
Payload [ ] byte
// Not using WriteRequest so that any server can process
// the request. It is a bit unusual...
QueryOptions
}
func ( r * EventFireRequest ) RequestDatacenter ( ) string {
return r . Datacenter
}
// EventFireResponse is used to respond to a fire request.
type EventFireResponse struct {
QueryMeta
}
2014-12-15 23:26:46 +00:00
type TombstoneOp string
const (
TombstoneReap TombstoneOp = "reap"
)
// TombstoneRequest is used to trigger a reaping of the tombstones
type TombstoneRequest struct {
2014-12-15 23:01:04 +00:00
Datacenter string
2014-12-15 23:26:46 +00:00
Op TombstoneOp
2014-12-15 23:01:04 +00:00
ReapIndex uint64
WriteRequest
}
2014-12-15 23:26:46 +00:00
func ( r * TombstoneRequest ) RequestDatacenter ( ) string {
2014-12-15 23:01:04 +00:00
return r . Datacenter
}
2020-02-07 21:50:24 +00:00
// MsgpackHandle is a shared handle for encoding/decoding msgpack payloads
var MsgpackHandle = & codec . MsgpackHandle {
RawToString : true ,
BasicHandle : codec . BasicHandle {
DecodeOptions : codec . DecodeOptions {
MapType : reflect . TypeOf ( map [ string ] interface { } { } ) ,
} ,
} ,
}
2014-06-07 07:59:27 +00:00
2013-12-11 22:04:44 +00:00
// Decode is used to decode a MsgPack encoded object
func Decode ( buf [ ] byte , out interface { } ) error {
2020-02-07 21:50:24 +00:00
return codec . NewDecoder ( bytes . NewReader ( buf ) , MsgpackHandle ) . Decode ( out )
2013-12-11 22:04:44 +00:00
}
// Encode is used to encode a MsgPack object with type prefix
func Encode ( t MessageType , msg interface { } ) ( [ ] byte , error ) {
2014-06-08 21:02:42 +00:00
var buf bytes . Buffer
2013-12-11 22:04:44 +00:00
buf . WriteByte ( uint8 ( t ) )
2020-02-07 21:50:24 +00:00
err := codec . NewEncoder ( & buf , MsgpackHandle ) . Encode ( msg )
2013-12-11 22:04:44 +00:00
return buf . Bytes ( ) , err
}
2014-09-24 23:39:14 +00:00
2019-10-24 18:38:09 +00:00
func EncodeProtoInterface ( t MessageType , message interface { } ) ( [ ] byte , error ) {
2022-03-25 13:30:30 +00:00
if marshaller , ok := message . ( proto . Message ) ; ok {
2019-10-24 18:38:09 +00:00
return EncodeProto ( t , marshaller )
}
2022-03-30 16:51:56 +00:00
return nil , fmt . Errorf ( "message does not implement proto.Message: %T" , message )
2019-10-24 18:38:09 +00:00
}
2022-03-25 13:30:30 +00:00
func EncodeProto ( t MessageType , pb proto . Message ) ( [ ] byte , error ) {
2023-01-11 14:39:10 +00:00
data := make ( [ ] byte , 0 , proto . Size ( pb ) + 1 )
data = append ( data , uint8 ( t ) )
2022-03-25 13:30:30 +00:00
2023-01-11 14:39:10 +00:00
var err error
data , err = proto . MarshalOptions { } . MarshalAppend ( data , pb )
if err != nil {
2022-03-25 13:30:30 +00:00
return nil , err
}
return data , nil
}
func DecodeProto ( buf [ ] byte , pb proto . Message ) error {
// Note that this assumes the leading byte indicating the type as already been stripped off.
return proto . Unmarshal ( buf , pb )
}
2014-10-02 06:09:00 +00:00
// CompoundResponse is an interface for gathering multiple responses. It is
// used in cross-datacenter RPC calls where more than 1 datacenter is
// expected to reply.
type CompoundResponse interface {
// Add adds a new response to the compound response
Add ( interface { } )
// New returns an empty response object which can be passed around by
// reference, and then passed to Add() later on.
New ( ) interface { }
}
2014-10-03 00:10:54 +00:00
type KeyringOp string
const (
KeyringList KeyringOp = "list"
KeyringInstall = "install"
KeyringUse = "use"
KeyringRemove = "remove"
)
2014-09-24 23:39:14 +00:00
// KeyringRequest encapsulates a request to modify an encryption keyring.
// It can be used for install, remove, or use key type operations.
type KeyringRequest struct {
2017-02-02 02:42:41 +00:00
Operation KeyringOp
Key string
Datacenter string
Forwarded bool
RelayFactor uint8
2019-08-12 18:11:11 +00:00
LocalOnly bool
2014-09-24 23:39:14 +00:00
QueryOptions
}
2014-10-02 06:09:00 +00:00
func ( r * KeyringRequest ) RequestDatacenter ( ) string {
return r . Datacenter
}
2014-09-24 23:39:14 +00:00
// KeyringResponse is a unified key response and can be used for install,
// remove, use, as well as listing key queries.
type KeyringResponse struct {
add primary keys to list keyring (#8522)
During gossip encryption key rotation it would be nice to be able to see if all nodes are using the same key. This PR adds another field to the json response from `GET v1/operator/keyring` which lists the primary keys in use per dc. That way an operator can tell when a key was successfully setup as primary key.
Based on https://github.com/hashicorp/serf/pull/611 to add primary key to list keyring output:
```json
[
{
"WAN": true,
"Datacenter": "dc2",
"Segment": "",
"Keys": {
"0OuM4oC3Os18OblWiBbZUaHA7Hk+tNs/6nhNYtaNduM=": 6,
"SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 6
},
"PrimaryKeys": {
"SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 6
},
"NumNodes": 6
},
{
"WAN": false,
"Datacenter": "dc2",
"Segment": "",
"Keys": {
"0OuM4oC3Os18OblWiBbZUaHA7Hk+tNs/6nhNYtaNduM=": 8,
"SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
},
"PrimaryKeys": {
"SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
},
"NumNodes": 8
},
{
"WAN": false,
"Datacenter": "dc1",
"Segment": "",
"Keys": {
"0OuM4oC3Os18OblWiBbZUaHA7Hk+tNs/6nhNYtaNduM=": 3,
"SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
},
"PrimaryKeys": {
"SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
},
"NumNodes": 8
}
]
```
I intentionally did not change the CLI output because I didn't find a good way of displaying this information. There are a couple of options that we could implement later:
* add a flag to show the primary keys
* add a flag to show json output
Fixes #3393.
2020-08-18 07:50:24 +00:00
WAN bool
Datacenter string
Segment string
2021-11-15 15:51:14 +00:00
Partition string ` json:",omitempty" `
add primary keys to list keyring (#8522)
During gossip encryption key rotation it would be nice to be able to see if all nodes are using the same key. This PR adds another field to the json response from `GET v1/operator/keyring` which lists the primary keys in use per dc. That way an operator can tell when a key was successfully setup as primary key.
Based on https://github.com/hashicorp/serf/pull/611 to add primary key to list keyring output:
```json
[
{
"WAN": true,
"Datacenter": "dc2",
"Segment": "",
"Keys": {
"0OuM4oC3Os18OblWiBbZUaHA7Hk+tNs/6nhNYtaNduM=": 6,
"SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 6
},
"PrimaryKeys": {
"SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 6
},
"NumNodes": 6
},
{
"WAN": false,
"Datacenter": "dc2",
"Segment": "",
"Keys": {
"0OuM4oC3Os18OblWiBbZUaHA7Hk+tNs/6nhNYtaNduM=": 8,
"SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
},
"PrimaryKeys": {
"SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
},
"NumNodes": 8
},
{
"WAN": false,
"Datacenter": "dc1",
"Segment": "",
"Keys": {
"0OuM4oC3Os18OblWiBbZUaHA7Hk+tNs/6nhNYtaNduM=": 3,
"SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
},
"PrimaryKeys": {
"SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
},
"NumNodes": 8
}
]
```
I intentionally did not change the CLI output because I didn't find a good way of displaying this information. There are a couple of options that we could implement later:
* add a flag to show the primary keys
* add a flag to show json output
Fixes #3393.
2020-08-18 07:50:24 +00:00
Messages map [ string ] string ` json:",omitempty" `
Keys map [ string ] int
PrimaryKeys map [ string ] int
NumNodes int
Error string ` json:",omitempty" `
2014-09-25 01:30:34 +00:00
}
2021-11-15 15:51:14 +00:00
func ( r * KeyringResponse ) PartitionOrDefault ( ) string {
2022-03-13 03:55:53 +00:00
return acl . PartitionOrDefault ( r . Partition )
2021-11-15 15:51:14 +00:00
}
2014-09-30 22:31:07 +00:00
// KeyringResponses holds multiple responses to keyring queries. Each
// datacenter replies independently, and KeyringResponses is used as a
// container for the set of all responses.
2014-09-25 01:30:34 +00:00
type KeyringResponses struct {
Responses [ ] * KeyringResponse
2014-09-28 19:35:51 +00:00
QueryMeta
2014-09-24 23:39:14 +00:00
}
2014-10-02 06:09:00 +00:00
func ( r * KeyringResponses ) Add ( v interface { } ) {
val := v . ( * KeyringResponses )
r . Responses = append ( r . Responses , val . Responses ... )
}
func ( r * KeyringResponses ) New ( ) interface { } {
return new ( KeyringResponses )
}
2020-09-27 18:38:32 +00:00
2020-10-09 19:57:29 +00:00
// String converts message type int to string
func ( m MessageType ) String ( ) string {
s , ok := requestTypeStrings [ m ]
if ok {
return s
}
s , ok = enterpriseRequestType ( m )
if ok {
return s
}
return "Unknown(" + strconv . Itoa ( int ( m ) ) + ")"
}
2022-03-22 20:30:00 +00:00
2023-01-11 14:39:10 +00:00
// This should only be used for conversions generated by MOG
func DurationToProto ( d time . Duration ) * durationpb . Duration {
2022-05-25 01:44:54 +00:00
return durationpb . New ( d )
2022-03-22 20:30:00 +00:00
}
2023-01-11 14:39:10 +00:00
// This should only be used for conversions generated by MOG
func DurationFromProto ( d * durationpb . Duration ) time . Duration {
2022-05-25 01:44:54 +00:00
return d . AsDuration ( )
2022-03-22 20:30:00 +00:00
}
2023-04-26 22:59:48 +00:00
// This should only be used for conversions generated by MOG
func DurationPointerToProto ( d * time . Duration ) * durationpb . Duration {
if d == nil {
return nil
}
return durationpb . New ( * d )
}
// This should only be used for conversions generated by MOG
func DurationPointerFromProto ( d * durationpb . Duration ) * time . Duration {
if d == nil {
return nil
}
return DurationPointer ( d . AsDuration ( ) )
}
func DurationPointer ( d time . Duration ) * time . Duration {
return & d
}
2023-01-11 14:39:10 +00:00
// This should only be used for conversions generated by MOG
func TimeFromProto ( s * timestamppb . Timestamp ) time . Time {
2022-05-25 01:44:54 +00:00
return s . AsTime ( )
2022-03-22 20:30:00 +00:00
}
2023-01-11 14:39:10 +00:00
// This should only be used for conversions generated by MOG
func TimeToProto ( s time . Time ) * timestamppb . Timestamp {
2022-05-25 01:44:54 +00:00
return timestamppb . New ( s )
2022-03-22 20:30:00 +00:00
}
2022-03-25 13:30:30 +00:00
// IsZeroProtoTime returns true if the time is the minimum protobuf timestamp
// (the Unix epoch).
2023-01-11 14:39:10 +00:00
func IsZeroProtoTime ( t * timestamppb . Timestamp ) bool {
2022-03-25 13:30:30 +00:00
return t . Seconds == 0 && t . Nanos == 0
}
2023-03-07 19:05:23 +00:00
// Locality identifies where a given entity is running.
type Locality struct {
// Region is region the zone belongs to.
Region string ` json:",omitempty" `
// Zone is the zone the entity is running in.
Zone string ` json:",omitempty" `
}
2023-03-10 14:36:15 +00:00
// ToAPI converts a struct Locality to an API Locality.
func ( l * Locality ) ToAPI ( ) * api . Locality {
if l == nil {
return nil
}
return & api . Locality {
Region : l . Region ,
Zone : l . Zone ,
}
}
2023-03-30 14:08:38 +00:00
func ( l * Locality ) GetRegion ( ) string {
if l == nil {
return ""
}
return l . Region
}
2023-06-15 14:01:04 +00:00
func ( l * Locality ) Validate ( ) error {
if l == nil {
return nil
}
if l . Region == "" && l . Zone != "" {
return fmt . Errorf ( "zone cannot be set without region" )
}
return nil
}