github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16880 Commits
1703 Branches
457 Tags
697 MiB
Tree: 58f30a3c30
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '58f30a3c30'
${ noResults }
consul/agent/ui_endpoint.go

739 lines
22 KiB
Raw Normal View History Unescape

agent: Adding endpoint to serve the UI
11 years ago
package agent
agent: Adding nodes UI endpoint
11 years ago
import (
Use fmt.Fprint/Fprintf/Fprintln Used the following rewrite rules: gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
8 years ago
"fmt"
agent: Adding nodes UI endpoint
11 years ago
"net/http"
Add /v1/internal/ui/metrics-proxy API endpoint that proxies to a configured metrics provider backend.
4 years ago
"net/http/httputil"
"net/url"
"path"
agent: Adding UI services endpoint
11 years ago
"sort"
agent: Adding nodes UI endpoint
11 years ago
"strings"
agent: Fixing blocking queries on internal endpoints
10 years ago
acl: Remove the remaining authz == nil checks These checks were a bit more involved. They were previously skipping some code paths when the authorizer was nil. After looking through these it seems correct to remove the authz == nil check, since it will never evaluate to true.
3 years ago
"github.com/hashicorp/go-hclog"
agent: protect the ui metrics proxy endpoint behind ACLs (#9099) This ensures the metrics proxy endpoint is ACL protected behind a wildcard `service:read` and `node:read` set of rules. For Consul Enterprise these will need to span all namespaces: ``` service_prefix "" { policy = "read" } node_prefix "" { policy = "read" } namespace_prefix "" { service_prefix "" { policy = "read" } node_prefix "" { policy = "read" } } ``` This PR contains just the backend changes. The frontend changes to actually pass the consul token header to the proxy through the JS plugin will come in another PR.
4 years ago
"github.com/hashicorp/consul/acl"
Update gateway-services-nodes API endpoint to allow multiple addresses Previously, we were only returning a single ListenerPort for a single service. However, we actually allow a single service to be serviced over multiple ports, as well as allow users to define what hostnames they expect their services to be contacted over. When no hosts are defined, we return the default ingress domain for any configured DNS domain. To show this in the UI, we modify the gateway-services-nodes API to return a GatewayConfig.Addresses field, which is a list of addresses over which the specific service can be contacted.
4 years ago
"github.com/hashicorp/consul/agent/config"
agent: move agent/consul/structs to agent/structs
7 years ago
"github.com/hashicorp/consul/agent/structs"
Remove duplicate constants This patch removes duplicate internal copies of constants in the structs package which are also defined in the api package. The api.KVOp type with all its values for the TXN endpoint and the api.HealthXXX constants are now used throughout the codebase. This resulted in some circular dependencies in the testutil package which have been resolved by copying code and constants and moving the WaitForLeader function into a separate testrpc package.
8 years ago
"github.com/hashicorp/consul/api"
Add /v1/internal/ui/metrics-proxy API endpoint that proxies to a configured metrics provider backend.
4 years ago
"github.com/hashicorp/consul/logging"
agent: Adding nodes UI endpoint
11 years ago
)
Add topology HTTP endpoint
4 years ago
// ServiceSummary is used to summarize a service
type ServiceSummary struct {
Update viz endpoint to include topology from intentions
4 years ago
Kind structs.ServiceKind `json:",omitempty"`
Name string
Datacenter string
Tags []string
Nodes []string
ExternalSources []string
externalSourceSet map[string]struct{} // internal to track uniqueness
checks map[string]*structs.HealthCheck
InstanceCount int
ChecksPassing int
ChecksWarning int
ChecksCritical int
GatewayConfig GatewayConfig
TransparentProxy bool
transparentProxySet bool
Support for connect native services in topology view. (#12098)
3 years ago
ConnectNative bool
Add topology HTTP endpoint
4 years ago
structs.EnterpriseMeta
}
func (s *ServiceSummary) LessThan(other *ServiceSummary) bool {
if s.EnterpriseMeta.LessThan(&other.EnterpriseMeta) {
return true
}
return s.Name < other.Name
}
Return intention info in svc topology endpoint (#8853)
4 years ago
type GatewayConfig struct {
AssociatedServiceCount int `json:",omitempty"`
Addresses []string `json:",omitempty"`
// internal to track uniqueness
addressesSet map[string]struct{}
}
Add topology HTTP endpoint
4 years ago
type ServiceListingSummary struct {
ServiceSummary
ConnectedWithProxy bool
ConnectedWithGateway bool
}
Return intention info in svc topology endpoint (#8853)
4 years ago
type ServiceTopologySummary struct {
ServiceSummary
Add topology HTTP endpoint
4 years ago
Update viz endpoint to include topology from intentions
4 years ago
Source string
Return intention info in svc topology endpoint (#8853)
4 years ago
Intention structs.IntentionDecisionSummary
Gateway Services Nodes UI Endpoint (#7685) The endpoint supports queries for both Ingress Gateways and Terminating Gateways. Used to display a gateway's linked services in the UI.
5 years ago
}
Add topology HTTP endpoint
4 years ago
type ServiceTopology struct {
Update viz endpoint to include topology from intentions
4 years ago
Protocol string
TransparentProxy bool
Upstreams []*ServiceTopologySummary
Downstreams []*ServiceTopologySummary
FilteredByACLs bool
agent: Adding UI services endpoint
11 years ago
}
agent: Adding nodes UI endpoint
11 years ago
// UINodes is used to list the nodes in a given datacenter. We return a
agent: Adding node UI endpoint
11 years ago
// NodeDump which provides overview information for all the nodes
api: rename HTTPServer to HTTPHandlers Resolves a TODO about naming. This type is a set of handlers for an http.Server, it is not itself a Server. It provides http.Handler functions.
4 years ago
func (s *HTTPHandlers) UINodes(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
agent: Fixing blocking queries on internal endpoints
10 years ago
// Parse arguments
args := structs.DCSpecificRequest{}
if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
return nil, nil
}
Sync of OSS changes to support namespaces (#6909)
5 years ago
if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
return nil, err
}
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
s.parseFilter(req, &args.Filter)
agent: Adding nodes UI endpoint
11 years ago
agent: Fixing blocking queries on internal endpoints
10 years ago
// Make the RPC request
var out structs.IndexedNodeDump
defer setMeta(resp, &out.QueryMeta)
RPC:
if err := s.agent.RPC("Internal.NodeDump", &args, &out); err != nil {
// Retry the request allowing stale data if no leader
if strings.Contains(err.Error(), structs.ErrNoLeader.Error()) && !args.AllowStale {
args.AllowStale = true
goto RPC
}
agent: Adding nodes UI endpoint
11 years ago
return nil, err
}
Fixes nil slices from HTTP endpoints. These would manifest in the HTTP output as Javascript nulls instead of empty lists, so we had unintentionally changed the interface while porting to the new state store. We added code to each HTTP endpoint to convert nil slices to empty ones so they JSON-ify properly, and we added tests to catch this in the future.
9 years ago
// Use empty list instead of nil
for _, info := range out.Dump {
if info.Services == nil {
info.Services = make([]*structs.NodeService, 0)
}
if info.Checks == nil {
info.Checks = make([]*structs.HealthCheck, 0)
}
}
if out.Dump == nil {
out.Dump = make(structs.NodeDump, 0)
}
agent: Fixing blocking queries on internal endpoints
10 years ago
return out.Dump, nil
agent: Adding nodes UI endpoint
11 years ago
}
agent: Adding node UI endpoint
11 years ago
// UINodeInfo is used to get info on a single node in a given datacenter. We return a
// NodeInfo which provides overview information for the node
api: rename HTTPServer to HTTPHandlers Resolves a TODO about naming. This type is a set of handlers for an http.Server, it is not itself a Server. It provides http.Handler functions.
4 years ago
func (s *HTTPHandlers) UINodeInfo(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
agent: Fixing blocking queries on internal endpoints
10 years ago
// Parse arguments
args := structs.NodeSpecificRequest{}
if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
return nil, nil
}
agent: Adding node UI endpoint
11 years ago
Sync of OSS changes to support namespaces (#6909)
5 years ago
if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
return nil, err
}
agent: Adding node UI endpoint
11 years ago
// Verify we have some DC, or use the default
URL-encode/decode resource names for HTTP API part 4 (#12190)
3 years ago
var err error
args.Node, err = getPathSuffixUnescaped(req.URL.Path, "/v1/internal/ui/node/")
if err != nil {
return nil, err
}
agent: Fixing blocking queries on internal endpoints
10 years ago
if args.Node == "" {
Change error-handling across handlers. (#12225)
3 years ago
return nil, BadRequestError{Reason: "Missing node name"}
agent: Adding node UI endpoint
11 years ago
}
agent: Fixing blocking queries on internal endpoints
10 years ago
// Make the RPC request
var out structs.IndexedNodeDump
defer setMeta(resp, &out.QueryMeta)
RPC:
if err := s.agent.RPC("Internal.NodeInfo", &args, &out); err != nil {
// Retry the request allowing stale data if no leader
if strings.Contains(err.Error(), structs.ErrNoLeader.Error()) && !args.AllowStale {
args.AllowStale = true
goto RPC
}
agent: Adding node UI endpoint
11 years ago
return nil, err
}
// Return only the first entry
agent: Fixing blocking queries on internal endpoints
10 years ago
if len(out.Dump) > 0 {
Fixes nil slices from HTTP endpoints. These would manifest in the HTTP output as Javascript nulls instead of empty lists, so we had unintentionally changed the interface while porting to the new state store. We added code to each HTTP endpoint to convert nil slices to empty ones so they JSON-ify properly, and we added tests to catch this in the future.
9 years ago
info := out.Dump[0]
if info.Services == nil {
info.Services = make([]*structs.NodeService, 0)
}
if info.Checks == nil {
info.Checks = make([]*structs.HealthCheck, 0)
}
return info, nil
agent: Adding node UI endpoint
11 years ago
}
UI cleanup follow up from #3245. (#3251) * Removes unnecessary set for model component which will be null. * Returns a 404 for a missing node, not a 200 with an empty response. * Updates built-in web assets.
7 years ago
agent: fix go vet issue
7 years ago
resp.WriteHeader(http.StatusNotFound)
agent: Adding node UI endpoint
11 years ago
return nil, nil
}
agent: Adding UI services endpoint
11 years ago
// UIServices is used to list the services in a given datacenter. We return a
// ServiceSummary which provides overview information for the service
api: rename HTTPServer to HTTPHandlers Resolves a TODO about naming. This type is a set of handlers for an http.Server, it is not itself a Server. It provides http.Handler functions.
4 years ago
func (s *HTTPHandlers) UIServices(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
agent: Fixing blocking queries on internal endpoints
10 years ago
// Parse arguments
Implement Kind based ServiceDump and caching of the ServiceDump RPC
6 years ago
args := structs.ServiceDumpRequest{}
agent: Fixing blocking queries on internal endpoints
10 years ago
if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
return nil, nil
}
agent: Adding UI services endpoint
11 years ago
Sync of OSS changes to support namespaces (#6909)
5 years ago
if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
return nil, err
}
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
s.parseFilter(req, &args.Filter)
agent: Fixing blocking queries on internal endpoints
10 years ago
// Make the RPC request
end to end changes to pass gatewayservices to /ui/services/
4 years ago
var out structs.IndexedNodesWithGateways
agent: Fixing blocking queries on internal endpoints
10 years ago
defer setMeta(resp, &out.QueryMeta)
RPC:
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
if err := s.agent.RPC("Internal.ServiceDump", &args, &out); err != nil {
agent: Fixing blocking queries on internal endpoints
10 years ago
// Retry the request allowing stale data if no leader
if strings.Contains(err.Error(), structs.ErrNoLeader.Error()) && !args.AllowStale {
args.AllowStale = true
goto RPC
}
agent: Adding UI services endpoint
11 years ago
return nil, err
}
Add topology HTTP endpoint
4 years ago
// Store the names of the gateways associated with each service
var (
serviceGateways = make(map[structs.ServiceName][]structs.ServiceName)
numLinkedServices = make(map[structs.ServiceName]int)
)
for _, gs := range out.Gateways {
serviceGateways[gs.Service] = append(serviceGateways[gs.Service], gs.Gateway)
numLinkedServices[gs.Gateway] += 1
}
summaries, hasProxy := summarizeServices(out.Nodes.ToServiceDump(), nil, "")
sorted := prepSummaryOutput(summaries, false)
api: Ensure the internal/ui/service endpoint responds with an array (#9397) In some circumstances this endpoint will have no results in it (dues to ACLs, Namespaces or filtering). This ensures that the response is at least an empty array (`[]`) rather than `null`
4 years ago
// Ensure at least a zero length slice
result := make([]*ServiceListingSummary, 0)
Add topology HTTP endpoint
4 years ago
for _, svc := range sorted {
sum := ServiceListingSummary{ServiceSummary: *svc}
sn := structs.NewServiceName(svc.Name, &svc.EnterpriseMeta)
if hasProxy[sn] {
sum.ConnectedWithProxy = true
}
// Verify that at least one of the gateways linked by config entry has an instance registered in the catalog
for _, gw := range serviceGateways[sn] {
if s := summaries[gw]; s != nil && sum.InstanceCount > 0 {
sum.ConnectedWithGateway = true
}
}
sum.GatewayConfig.AssociatedServiceCount = numLinkedServices[sn]
result = append(result, &sum)
}
return result, nil
agent: Adding UI services endpoint
11 years ago
}
Gateway Services Nodes UI Endpoint (#7685) The endpoint supports queries for both Ingress Gateways and Terminating Gateways. Used to display a gateway's linked services in the UI.
5 years ago
// UIGatewayServices is used to query all the nodes for services associated with a gateway along with their gateway config
api: rename HTTPServer to HTTPHandlers Resolves a TODO about naming. This type is a set of handlers for an http.Server, it is not itself a Server. It provides http.Handler functions.
4 years ago
func (s *HTTPHandlers) UIGatewayServicesNodes(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
Gateway Services Nodes UI Endpoint (#7685) The endpoint supports queries for both Ingress Gateways and Terminating Gateways. Used to display a gateway's linked services in the UI.
5 years ago
// Parse arguments
args := structs.ServiceSpecificRequest{}
if err := s.parseEntMetaNoWildcard(req, &args.EnterpriseMeta); err != nil {
return nil, err
}
if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
return nil, nil
}
// Pull out the service name
URL-encode/decode resource names for HTTP API part 4 (#12190)
3 years ago
var err error
args.ServiceName, err = getPathSuffixUnescaped(req.URL.Path, "/v1/internal/ui/gateway-services-nodes/")
if err != nil {
return nil, err
}
Gateway Services Nodes UI Endpoint (#7685) The endpoint supports queries for both Ingress Gateways and Terminating Gateways. Used to display a gateway's linked services in the UI.
5 years ago
if args.ServiceName == "" {
Change error-handling across handlers. (#12225)
3 years ago
return nil, BadRequestError{Reason: "Missing gateway name"}
Gateway Services Nodes UI Endpoint (#7685) The endpoint supports queries for both Ingress Gateways and Terminating Gateways. Used to display a gateway's linked services in the UI.
5 years ago
}
// Make the RPC request
var out structs.IndexedServiceDump
defer setMeta(resp, &out.QueryMeta)
RPC:
if err := s.agent.RPC("Internal.GatewayServiceDump", &args, &out); err != nil {
// Retry the request allowing stale data if no leader
if strings.Contains(err.Error(), structs.ErrNoLeader.Error()) && !args.AllowStale {
args.AllowStale = true
goto RPC
}
return nil, err
}
Update gateway-services-nodes API endpoint to allow multiple addresses Previously, we were only returning a single ListenerPort for a single service. However, we actually allow a single service to be serviced over multiple ports, as well as allow users to define what hostnames they expect their services to be contacted over. When no hosts are defined, we return the default ingress domain for any configured DNS domain. To show this in the UI, we modify the gateway-services-nodes API to return a GatewayConfig.Addresses field, which is a list of addresses over which the specific service can be contacted.
4 years ago
Add topology HTTP endpoint
4 years ago
summaries, _ := summarizeServices(out.Dump, s.agent.config, args.Datacenter)
api: Ensure the internal/ui/gateway-service-nodes endpoint responds with an array (#9593) In some circumstances this endpoint will have no results in it (dues to ACLs, Namespaces, filtering or missing configuration). This ensures that the response is at least an empty array (`[]`) rather than `null`
4 years ago
prepped := prepSummaryOutput(summaries, false)
if prepped == nil {
prepped = make([]*ServiceSummary, 0)
}
return prepped, nil
Gateway Services Nodes UI Endpoint (#7685) The endpoint supports queries for both Ingress Gateways and Terminating Gateways. Used to display a gateway's linked services in the UI.
5 years ago
}
Single DB txn for ServiceTopology and other PR comments
4 years ago
// UIServiceTopology returns the list of upstreams and downstreams for a Connect enabled service.
Do not evaluate discovery chain for topology upstreams
4 years ago
// - Downstreams are services that list the given service as an upstream
// - Upstreams are the upstreams defined in the given service's proxy registrations
Add topology HTTP endpoint
4 years ago
func (s *HTTPHandlers) UIServiceTopology(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
// Parse arguments
args := structs.ServiceSpecificRequest{}
if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
return nil, nil
}
if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
return nil, err
}
Support ConnectedWithProxy
4 years ago
URL-encode/decode resource names for HTTP API part 4 (#12190)
3 years ago
var err error
args.ServiceName, err = getPathSuffixUnescaped(req.URL.Path, "/v1/internal/ui/service-topology/")
if err != nil {
return nil, err
}
Add topology HTTP endpoint
4 years ago
if args.ServiceName == "" {
Change error-handling across handlers. (#12225)
3 years ago
return nil, BadRequestError{Reason: "Missing service name"}
Add topology HTTP endpoint
4 years ago
}
Add protocol to the topology endpoint response (#8868)
4 years ago
kind, ok := req.URL.Query()["kind"]
if !ok {
Change error-handling across handlers. (#12225)
3 years ago
return nil, BadRequestError{Reason: "Missing service kind"}
Add protocol to the topology endpoint response (#8868)
4 years ago
}
args.ServiceKind = structs.ServiceKind(kind[0])
switch args.ServiceKind {
case structs.ServiceKindTypical, structs.ServiceKindIngressGateway:
// allowed
default:
Change error-handling across handlers. (#12225)
3 years ago
return nil, BadRequestError{Reason: fmt.Sprintf("Unsupported service kind %q", args.ServiceKind)}
Add protocol to the topology endpoint response (#8868)
4 years ago
}
Add topology HTTP endpoint
4 years ago
// Make the RPC request
var out structs.IndexedServiceTopology
defer setMeta(resp, &out.QueryMeta)
RPC:
if err := s.agent.RPC("Internal.ServiceTopology", &args, &out); err != nil {
// Retry the request allowing stale data if no leader
if strings.Contains(err.Error(), structs.ErrNoLeader.Error()) && !args.AllowStale {
args.AllowStale = true
goto RPC
}
return nil, err
}
upstreams, _ := summarizeServices(out.ServiceTopology.Upstreams.ToServiceDump(), nil, "")
downstreams, _ := summarizeServices(out.ServiceTopology.Downstreams.ToServiceDump(), nil, "")
Return intention info in svc topology endpoint (#8853)
4 years ago
var (
Add HasExact to topology endpoint (#9010)
4 years ago
upstreamResp = make([]*ServiceTopologySummary, 0)
downstreamResp = make([]*ServiceTopologySummary, 0)
Return intention info in svc topology endpoint (#8853)
4 years ago
)
// Sort and attach intention data for upstreams and downstreams
sortedUpstreams := prepSummaryOutput(upstreams, true)
for _, svc := range sortedUpstreams {
sn := structs.NewServiceName(svc.Name, &svc.EnterpriseMeta)
sum := ServiceTopologySummary{
ServiceSummary: *svc,
Intention: out.ServiceTopology.UpstreamDecisions[sn.String()],
Update viz endpoint to include topology from intentions
4 years ago
Source: out.ServiceTopology.UpstreamSources[sn.String()],
Return intention info in svc topology endpoint (#8853)
4 years ago
}
upstreamResp = append(upstreamResp, &sum)
}
api: expose upstream routing configurations in topology view (#10811) Some users are defining routing configurations that do not have associated services. This commit surfaces these configs in the topology visualization. Also fixes a minor internal bug with non-transparent proxy upstream/downstream references.
3 years ago
for k, v := range out.ServiceTopology.UpstreamSources {
if v == structs.TopologySourceRoutingConfig {
sn := structs.ServiceNameFromString(k)
sum := ServiceTopologySummary{
ServiceSummary: ServiceSummary{
Datacenter: args.Datacenter,
Name: sn.Name,
EnterpriseMeta: sn.EnterpriseMeta,
},
Intention: out.ServiceTopology.UpstreamDecisions[sn.String()],
Source: out.ServiceTopology.UpstreamSources[sn.String()],
}
upstreamResp = append(upstreamResp, &sum)
}
}
Return intention info in svc topology endpoint (#8853)
4 years ago
sortedDownstreams := prepSummaryOutput(downstreams, true)
for _, svc := range sortedDownstreams {
sn := structs.NewServiceName(svc.Name, &svc.EnterpriseMeta)
sum := ServiceTopologySummary{
ServiceSummary: *svc,
Intention: out.ServiceTopology.DownstreamDecisions[sn.String()],
Update viz endpoint to include topology from intentions
4 years ago
Source: out.ServiceTopology.DownstreamSources[sn.String()],
Return intention info in svc topology endpoint (#8853)
4 years ago
}
downstreamResp = append(downstreamResp, &sum)
}
topo := ServiceTopology{
Update viz endpoint to include topology from intentions
4 years ago
TransparentProxy: out.ServiceTopology.TransparentProxy,
Protocol: out.ServiceTopology.MetricsProtocol,
Upstreams: upstreamResp,
Downstreams: downstreamResp,
FilteredByACLs: out.FilteredByACLs,
Add topology HTTP endpoint
4 years ago
}
Return intention info in svc topology endpoint (#8853)
4 years ago
return topo, nil
Add topology HTTP endpoint
4 years ago
}
func summarizeServices(dump structs.ServiceDump, cfg *config.RuntimeConfig, dc string) (map[structs.ServiceName]*ServiceSummary, map[structs.ServiceName]bool) {
var (
summary = make(map[structs.ServiceName]*ServiceSummary)
hasProxy = make(map[structs.ServiceName]bool)
)
Support ConnectedWithProxy
4 years ago
end to end changes to pass gatewayservices to /ui/services/
4 years ago
getService := func(service structs.ServiceName) *ServiceSummary {
agent: Adding UI services endpoint
11 years ago
serv, ok := summary[service]
if !ok {
Sync of OSS changes to support namespaces (#6909)
5 years ago
serv = &ServiceSummary{
end to end changes to pass gatewayservices to /ui/services/
4 years ago
Name: service.Name,
Sync of OSS changes to support namespaces (#6909)
5 years ago
EnterpriseMeta: service.EnterpriseMeta,
Gather instance counts of aggregated services (#7415)
5 years ago
// the other code will increment this unconditionally so we
// shouldn't initialize it to 1
InstanceCount: 0,
Sync of OSS changes to support namespaces (#6909)
5 years ago
}
agent: Adding UI services endpoint
11 years ago
summary[service] = serv
}
return serv
}
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
for _, csn := range dump {
Add topology HTTP endpoint
4 years ago
if cfg != nil && csn.GatewayService != nil {
Update gateway-services-nodes API endpoint to allow multiple addresses Previously, we were only returning a single ListenerPort for a single service. However, we actually allow a single service to be serviced over multiple ports, as well as allow users to define what hostnames they expect their services to be contacted over. When no hosts are defined, we return the default ingress domain for any configured DNS domain. To show this in the UI, we modify the gateway-services-nodes API to return a GatewayConfig.Addresses field, which is a list of addresses over which the specific service can be contacted.
4 years ago
gwsvc := csn.GatewayService
end to end changes to pass gatewayservices to /ui/services/
4 years ago
sum := getService(gwsvc.Service)
Resolve conflicts
4 years ago
modifySummaryForGatewayService(cfg, dc, sum, gwsvc)
Gateway Services Nodes UI Endpoint (#7685) The endpoint supports queries for both Ingress Gateways and Terminating Gateways. Used to display a gateway's linked services in the UI.
5 years ago
}
// Will happen in cases where we only have the GatewayServices mapping
if csn.Service == nil {
continue
}
Add topology HTTP endpoint
4 years ago
sn := structs.NewServiceName(csn.Service.Service, &csn.Service.EnterpriseMeta)
sum := getService(sn)
Gateway Services Nodes UI Endpoint (#7685) The endpoint supports queries for both Ingress Gateways and Terminating Gateways. Used to display a gateway's linked services in the UI.
5 years ago
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
svc := csn.Service
sum.Nodes = append(sum.Nodes, csn.Node.Node)
sum.Kind = svc.Kind
Add topology HTTP endpoint
4 years ago
sum.Datacenter = csn.Node.Datacenter
Gather instance counts of aggregated services (#7415)
5 years ago
sum.InstanceCount += 1
Support for connect native services in topology view. (#12098)
3 years ago
sum.ConnectNative = svc.Connect.Native
Add information about which services are proxied to ui services… (#7417)
5 years ago
if svc.Kind == structs.ServiceKindConnectProxy {
Add topology HTTP endpoint
4 years ago
sn := structs.NewServiceName(svc.Proxy.DestinationServiceName, &svc.EnterpriseMeta)
hasProxy[sn] = true
destination := getService(sn)
for _, check := range csn.Checks {
cid := structs.NewCheckID(check.CheckID, &check.EnterpriseMeta)
uid := structs.UniqueID(csn.Node.Node, cid.String())
if destination.checks == nil {
destination.checks = make(map[string]*structs.HealthCheck)
}
destination.checks[uid] = check
}
Update viz endpoint to include topology from intentions
4 years ago
// Only consider the target service to be transparent when all its proxy instances are in that mode.
// This is done because the flag is used to display warnings about proxies needing to enable
// transparent proxy mode. If ANY instance isn't in the right mode then the warming applies.
if svc.Proxy.Mode == structs.ProxyModeTransparent && !destination.transparentProxySet {
destination.TransparentProxy = true
}
if svc.Proxy.Mode != structs.ProxyModeTransparent {
destination.TransparentProxy = false
}
destination.transparentProxySet = true
Add information about which services are proxied to ui services… (#7417)
5 years ago
}
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
for _, tag := range svc.Tags {
found := false
for _, existing := range sum.Tags {
if existing == tag {
found = true
break
agent: aggregate service instance meta for UI purposes
6 years ago
}
}
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
if !found {
sum.Tags = append(sum.Tags, tag)
}
agent: Adding UI services endpoint
11 years ago
}
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
// If there is an external source, add it to the list of external
// sources. We only want to add unique sources so there is extra
// accounting here with an unexported field to maintain the set
// of sources.
Return intention info in svc topology endpoint (#8853)
4 years ago
if len(svc.Meta) > 0 && svc.Meta[structs.MetaExternalSource] != "" {
source := svc.Meta[structs.MetaExternalSource]
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
if sum.externalSourceSet == nil {
sum.externalSourceSet = make(map[string]struct{})
agent: Adding UI services endpoint
11 years ago
}
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
if _, ok := sum.externalSourceSet[source]; !ok {
sum.externalSourceSet[source] = struct{}{}
sum.ExternalSources = append(sum.ExternalSources, source)
}
}
for _, check := range csn.Checks {
Add topology HTTP endpoint
4 years ago
cid := structs.NewCheckID(check.CheckID, &check.EnterpriseMeta)
uid := structs.UniqueID(csn.Node.Node, cid.String())
if sum.checks == nil {
sum.checks = make(map[string]*structs.HealthCheck)
}
sum.checks[uid] = check
}
}
return summary, hasProxy
}
func prepSummaryOutput(summaries map[structs.ServiceName]*ServiceSummary, excludeSidecars bool) []*ServiceSummary {
var resp []*ServiceSummary
api: Ensure the internal/ui/gateway-service-nodes endpoint responds with an array (#9593) In some circumstances this endpoint will have no results in it (dues to ACLs, Namespaces, filtering or missing configuration). This ensures that the response is at least an empty array (`[]`) rather than `null`
4 years ago
// Ensure at least a zero length slice
resp = make([]*ServiceSummary, 0)
Add topology HTTP endpoint
4 years ago
// Collect and sort resp for display
for _, sum := range summaries {
sort.Strings(sum.Nodes)
sort.Strings(sum.Tags)
for _, chk := range sum.checks {
switch chk.Status {
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
case api.HealthPassing:
sum.ChecksPassing++
case api.HealthWarning:
sum.ChecksWarning++
case api.HealthCritical:
sum.ChecksCritical++
agent: Adding UI services endpoint
11 years ago
}
}
Support ingress gateways in mesh viz endpoint (#8864) Co-authored-by: R.B. Boyer <rb@hashicorp.com>
4 years ago
if excludeSidecars && sum.Kind != structs.ServiceKindTypical && sum.Kind != structs.ServiceKindIngressGateway {
Add topology HTTP endpoint
4 years ago
continue
Support ConnectedWithProxy
4 years ago
}
Add topology HTTP endpoint
4 years ago
resp = append(resp, sum)
agent: Adding UI services endpoint
11 years ago
}
Add topology HTTP endpoint
4 years ago
sort.Slice(resp, func(i, j int) bool {
return resp[i].LessThan(resp[j])
})
return resp
agent: Adding UI services endpoint
11 years ago
}
Update gateway-services-nodes API endpoint to allow multiple addresses Previously, we were only returning a single ListenerPort for a single service. However, we actually allow a single service to be serviced over multiple ports, as well as allow users to define what hostnames they expect their services to be contacted over. When no hosts are defined, we return the default ingress domain for any configured DNS domain. To show this in the UI, we modify the gateway-services-nodes API to return a GatewayConfig.Addresses field, which is a list of addresses over which the specific service can be contacted.
4 years ago
func modifySummaryForGatewayService(
cfg *config.RuntimeConfig,
use service datacenter for dns name (#8704) * Use args.Datacenter instead of configured datacenter
4 years ago
datacenter string,
Update gateway-services-nodes API endpoint to allow multiple addresses Previously, we were only returning a single ListenerPort for a single service. However, we actually allow a single service to be serviced over multiple ports, as well as allow users to define what hostnames they expect their services to be contacted over. When no hosts are defined, we return the default ingress domain for any configured DNS domain. To show this in the UI, we modify the gateway-services-nodes API to return a GatewayConfig.Addresses field, which is a list of addresses over which the specific service can be contacted.
4 years ago
sum *ServiceSummary,
gwsvc *structs.GatewayService,
) {
var dnsAddresses []string
for _, domain := range []string{cfg.DNSDomain, cfg.DNSAltDomain} {
// If the domain is empty, do not use it to construct a valid DNS
// address
if domain == "" {
continue
}
dnsAddresses = append(dnsAddresses, serviceIngressDNSName(
gwsvc.Service.Name,
use service datacenter for dns name (#8704) * Use args.Datacenter instead of configured datacenter
4 years ago
datacenter,
Update gateway-services-nodes API endpoint to allow multiple addresses Previously, we were only returning a single ListenerPort for a single service. However, we actually allow a single service to be serviced over multiple ports, as well as allow users to define what hostnames they expect their services to be contacted over. When no hosts are defined, we return the default ingress domain for any configured DNS domain. To show this in the UI, we modify the gateway-services-nodes API to return a GatewayConfig.Addresses field, which is a list of addresses over which the specific service can be contacted.
4 years ago
domain,
&gwsvc.Service.EnterpriseMeta,
))
}
for _, addr := range gwsvc.Addresses(dnsAddresses) {
// check for duplicates, a service will have a ServiceInfo struct for
// every instance that is registered.
if _, ok := sum.GatewayConfig.addressesSet[addr]; !ok {
if sum.GatewayConfig.addressesSet == nil {
sum.GatewayConfig.addressesSet = make(map[string]struct{})
}
sum.GatewayConfig.addressesSet[addr] = struct{}{}
sum.GatewayConfig.Addresses = append(
sum.GatewayConfig.Addresses, addr,
)
}
}
}
Internal endpoint to query intentions associated with a gateway (#8400)
4 years ago
// GET /v1/internal/ui/gateway-intentions/:gateway
api: rename HTTPServer to HTTPHandlers Resolves a TODO about naming. This type is a set of handlers for an http.Server, it is not itself a Server. It provides http.Handler functions.
4 years ago
func (s *HTTPHandlers) UIGatewayIntentions(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
Internal endpoint to query intentions associated with a gateway (#8400)
4 years ago
var args structs.IntentionQueryRequest
if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
return nil, nil
}
var entMeta structs.EnterpriseMeta
if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil {
return nil, err
}
// Pull out the service name
URL-encode/decode resource names for HTTP API part 4 (#12190)
3 years ago
var err error
name, err := getPathSuffixUnescaped(req.URL.Path, "/v1/internal/ui/gateway-intentions/")
if err != nil {
return nil, err
}
Internal endpoint to query intentions associated with a gateway (#8400)
4 years ago
if name == "" {
Change error-handling across handlers. (#12225)
3 years ago
return nil, BadRequestError{Reason: "Missing gateway name"}
Internal endpoint to query intentions associated with a gateway (#8400)
4 years ago
}
args.Match = &structs.IntentionQueryMatch{
Type: structs.IntentionMatchDestination,
Entries: []structs.IntentionMatchEntry{
{
Namespace: entMeta.NamespaceOrEmpty(),
Account for partitions in ixn match/decision
3 years ago
Partition: entMeta.PartitionOrDefault(),
Internal endpoint to query intentions associated with a gateway (#8400)
4 years ago
Name: name,
},
},
}
var reply structs.IndexedIntentions
defer setMeta(resp, &reply.QueryMeta)
if err := s.agent.RPC("Internal.GatewayIntentions", args, &reply); err != nil {
return nil, err
}
return reply.Intentions, nil
}
Add /v1/internal/ui/metrics-proxy API endpoint that proxies to a configured metrics provider backend.
4 years ago
// UIMetricsProxy handles the /v1/internal/ui/metrics-proxy/ endpoint which, if
// configured, provides a simple read-only HTTP proxy to a single metrics
// backend to expose it to the UI.
func (s *HTTPHandlers) UIMetricsProxy(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
// Check the UI was enabled at agent startup (note this is not reloadable
// currently).
if !s.IsUIEnabled() {
return nil, NotFoundError{Reason: "UI is not enabled"}
}
// Load reloadable proxy config
cfg, ok := s.metricsProxyCfg.Load().(config.UIMetricsProxy)
if !ok || cfg.BaseURL == "" {
// Proxy not configured
return nil, NotFoundError{Reason: "Metrics proxy is not enabled"}
}
agent: protect the ui metrics proxy endpoint behind ACLs (#9099) This ensures the metrics proxy endpoint is ACL protected behind a wildcard `service:read` and `node:read` set of rules. For Consul Enterprise these will need to span all namespaces: ``` service_prefix "" { policy = "read" } node_prefix "" { policy = "read" } namespace_prefix "" { service_prefix "" { policy = "read" } node_prefix "" { policy = "read" } } ``` This PR contains just the backend changes. The frontend changes to actually pass the consul token header to the proxy through the JS plugin will come in another PR.
4 years ago
// Fetch the ACL token, if provided, but ONLY from headers since other
// metrics proxies might use a ?token query string parameter for something.
var token string
s.parseTokenFromHeaders(req, &token)
// Clear the token from the headers so we don't end up proxying it.
s.clearTokenFromHeaders(req)
var entMeta structs.EnterpriseMeta
try to infer command partition from node partition (#10981)
3 years ago
if err := s.parseEntMetaPartition(req, &entMeta); err != nil {
agent: ensure that most agent behavior correctly respects partition configuration (#10880)
3 years ago
return nil, err
}
Move static token resolution into the ACLResolver (#10013)
4 years ago
authz, err := s.agent.delegate.ResolveTokenAndDefaultMeta(token, &entMeta, nil)
agent: protect the ui metrics proxy endpoint behind ACLs (#9099) This ensures the metrics proxy endpoint is ACL protected behind a wildcard `service:read` and `node:read` set of rules. For Consul Enterprise these will need to span all namespaces: ``` service_prefix "" { policy = "read" } node_prefix "" { policy = "read" } namespace_prefix "" { service_prefix "" { policy = "read" } node_prefix "" { policy = "read" } } ``` This PR contains just the backend changes. The frontend changes to actually pass the consul token header to the proxy through the JS plugin will come in another PR.
4 years ago
if err != nil {
return nil, err
}
acl: Remove the remaining authz == nil checks These checks were a bit more involved. They were previously skipping some code paths when the authorizer was nil. After looking through these it seems correct to remove the authz == nil check, since it will never evaluate to true.
3 years ago
// This endpoint requires wildcard read on all services and all nodes.
//
// In enterprise it requires this _in all namespaces_ too.
acl: some acl authz refactors for nodes (#10909)
3 years ago
//
acl: use wildcard partition in metrics proxy ui endpoint
3 years ago
// In enterprise it requires this _in all namespaces and partitions_ too.
acl: Remove the remaining authz == nil checks These checks were a bit more involved. They were previously skipping some code paths when the authorizer was nil. After looking through these it seems correct to remove the authz == nil check, since it will never evaluate to true.
3 years ago
var authzContext acl.AuthorizerContext
acl: use wildcard partition in metrics proxy ui endpoint
3 years ago
wildcardEntMeta := structs.WildcardEnterpriseMetaInPartition(structs.WildcardSpecifier)
wildcardEntMeta.FillAuthzContext(&authzContext)
agent: protect the ui metrics proxy endpoint behind ACLs (#9099) This ensures the metrics proxy endpoint is ACL protected behind a wildcard `service:read` and `node:read` set of rules. For Consul Enterprise these will need to span all namespaces: ``` service_prefix "" { policy = "read" } node_prefix "" { policy = "read" } namespace_prefix "" { service_prefix "" { policy = "read" } node_prefix "" { policy = "read" } } ``` This PR contains just the backend changes. The frontend changes to actually pass the consul token header to the proxy through the JS plugin will come in another PR.
4 years ago
acl: Remove the remaining authz == nil checks These checks were a bit more involved. They were previously skipping some code paths when the authorizer was nil. After looking through these it seems correct to remove the authz == nil check, since it will never evaluate to true.
3 years ago
if authz.NodeReadAll(&authzContext) != acl.Allow || authz.ServiceReadAll(&authzContext) != acl.Allow {
return nil, acl.ErrPermissionDenied
agent: protect the ui metrics proxy endpoint behind ACLs (#9099) This ensures the metrics proxy endpoint is ACL protected behind a wildcard `service:read` and `node:read` set of rules. For Consul Enterprise these will need to span all namespaces: ``` service_prefix "" { policy = "read" } node_prefix "" { policy = "read" } namespace_prefix "" { service_prefix "" { policy = "read" } node_prefix "" { policy = "read" } } ``` This PR contains just the backend changes. The frontend changes to actually pass the consul token header to the proxy through the JS plugin will come in another PR.
4 years ago
}
Add /v1/internal/ui/metrics-proxy API endpoint that proxies to a configured metrics provider backend.
4 years ago
log := s.agent.logger.Named(logging.UIMetricsProxy)
// Construct the new URL from the path and the base path. Note we do this here
// not in the Director function below because we can handle any errors cleanly
// here.
// Replace prefix in the path
URL-encode/decode resource names for HTTP API part 4 (#12190)
3 years ago
subPath, err := getPathSuffixUnescaped(req.URL.Path, "/v1/internal/ui/metrics-proxy")
if err != nil {
return nil, err
}
Add /v1/internal/ui/metrics-proxy API endpoint that proxies to a configured metrics provider backend.
4 years ago
// Append that to the BaseURL (which might contain a path prefix component)
newURL := cfg.BaseURL + subPath
// Parse it into a new URL
u, err := url.Parse(newURL)
if err != nil {
log.Error("couldn't parse target URL", "base_url", cfg.BaseURL, "path", subPath)
return nil, BadRequestError{Reason: "Invalid path."}
}
// Clean the new URL path to prevent path traversal attacks and remove any
// double slashes etc.
u.Path = path.Clean(u.Path)
agent: introduce path allow list for requests going through the metrics proxy (#9059) Added a new option `ui_config.metrics_proxy.path_allowlist`. This defaults to `["/api/v1/query", "/api/v1/query_range"]` when the metrics provider is set to `prometheus`. Requests that do not use one of the allow-listed paths (via exact match) get a 403 Forbidden response instead.
4 years ago
if len(cfg.PathAllowlist) > 0 {
// This could be done better with a map, but for the prometheus default
// integration this list has two items in it, so the straight iteration
// isn't awful.
denied := true
for _, allowedPath := range cfg.PathAllowlist {
if u.Path == allowedPath {
denied = false
break
}
}
if denied {
log.Error("target URL path is not allowed",
"base_url", cfg.BaseURL,
"path", subPath,
"target_url", u.String(),
"path_allowlist", cfg.PathAllowlist,
)
resp.WriteHeader(http.StatusForbidden)
return nil, nil
}
}
Actually proxy the query string too
4 years ago
// Pass through query params
u.RawQuery = req.URL.RawQuery
Add /v1/internal/ui/metrics-proxy API endpoint that proxies to a configured metrics provider backend.
4 years ago
// Validate that the full BaseURL is still a prefix - if there was a path
// prefix on the BaseURL but an attacker tried to circumvent it with path
// traversal then the Clean above would have resolve the /../ components back
// to the actual path which means part of the prefix will now be missing.
//
// Note that in practice this is not currently possible since any /../ in the
// path would have already been resolved by the API server mux and so not even
// hit this handler. Any /../ that are far enough into the path to hit this
// handler, can't backtrack far enough to eat into the BaseURL either. But we
// leave this in anyway in case something changes in the future.
if !strings.HasPrefix(u.String(), cfg.BaseURL) {
log.Error("target URL escaped from base path",
"base_url", cfg.BaseURL,
"path", subPath,
"target_url", u.String(),
)
return nil, BadRequestError{Reason: "Invalid path."}
}
// Add any configured headers
for _, h := range cfg.AddHeaders {
req.Header.Set(h.Name, h.Value)
}
Actually proxy the query string too
4 years ago
log.Debug("proxying request", "to", u.String())
Add /v1/internal/ui/metrics-proxy API endpoint that proxies to a configured metrics provider backend.
4 years ago
proxy := httputil.ReverseProxy{
Director: func(r *http.Request) {
r.URL = u
},
ErrorLog: log.StandardLogger(&hclog.StandardLoggerOptions{
InferLevels: true,
}),
}
proxy.ServeHTTP(resp, req)
return nil, nil
}