github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21342 Commits
1702 Branches
457 Tags
697 MiB
Tree: 5f129ad5b2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5f129ad5b2'
${ noResults }
consul/api/agent.go

1447 lines
47 KiB
Raw Normal View History Unescape

Add copyright headers for acl, api and bench folders (#16706) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files * copyright headers for agent folder * fix merge conflicts * copyright headers for agent folder * Ignore test data files * fix proto files * ignore agent/uiserver folder for now * copyright headers for agent folder * Add copyright headers for acl, api and bench folders
2 years ago
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
api: initial import from armon/consul-api
10 years ago
package api
import (
Add monitor http endpoint
8 years ago
"bufio"
api: Add a context to ServiceRegisterOpts So that operations can timeout instead of hanging forever
4 years ago
"context"
wrap few doRequest calls for error handling (#11158)
3 years ago
"errors"
api: initial import from armon/consul-api
10 years ago
"fmt"
api: fix panic in 'consul acl set-agent-token' (#5533) api: fix panic in 'consul acl set-agent-token' Fixes #5531
6 years ago
"io"
Implement /v1/agent/health/service/<service name> endpoint (#3551) This endpoint aggregates all checks related to <service id> on the agent and return an appropriate http code + the string describing the worst check. This allows to cleanly expose service status to other component, hiding complexity of multiple checks. This is especially useful to use consul to feed a load balancer which would delegate health checking to consul agent. Exposing this endpoint on the agent is necessary to avoid a hit on consul servers and avoid decreasing resiliency (this endpoint will work even if there is no consul leader in the cluster).
6 years ago
"net/http"
api: initial import from armon/consul-api
10 years ago
)
Add Connect agent, catalog and health endpoints to api Client
7 years ago
// ServiceKind is the kind of service being registered.
type ServiceKind string
const (
// ServiceKindTypical is a typical, classic Consul service. This is
// represented by the absence of a value. This was chosen for ease of
// backwards compatibility: existing services in the catalog would
// default to the typical service.
ServiceKindTypical ServiceKind = ""
// ServiceKindConnectProxy is a proxy for the Connect feature. This
// service proxies another service within Consul and speaks the connect
// protocol.
ServiceKindConnectProxy ServiceKind = "connect-proxy"
Implement Mesh Gateways This includes both ingress and egress functionality.
6 years ago
// ServiceKindMeshGateway is a Mesh Gateway for the Connect feature. This
// service will proxy connections based off the SNI header set by other
// connect proxies
ServiceKindMeshGateway ServiceKind = "mesh-gateway"
Enable CLI to register terminating gateways (#7500) * Enable CLI to register terminating gateways * Centralize gateway proxy configuration
5 years ago
// ServiceKindTerminatingGateway is a Terminating Gateway for the Connect
// feature. This service will proxy connections to services outside the mesh.
ServiceKindTerminatingGateway ServiceKind = "terminating-gateway"
Add support for ingress-gateway in CLI command (#7618) * Add support for ingress-gateway in CLI command - Supports -register command - Creates a static Envoy listener that exposes only the /ready API so that we can register a TCP healthcheck against the ingress gateway itself - Updates ServiceAddressValue.String() to be more in line with Value()
5 years ago
// ServiceKindIngressGateway is an Ingress Gateway for the Connect feature.
// This service will ingress connections based of configuration defined in
// the ingress-gateway config entry.
ServiceKindIngressGateway ServiceKind = "ingress-gateway"
Add some fixes to allow for registering via consul connect envoy -gateway api (#16219) * Add some fixes to allow for registering via consul connect envoy -gateway api * Fix infinite recursion --------- Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2 years ago
// ServiceKindAPIGateway is an API Gateway for the Connect feature.
// This service will ingress connections based of configuration defined in
// the api-gateway config entry.
ServiceKindAPIGateway ServiceKind = "api-gateway"
Add Connect agent, catalog and health endpoints to api Client
7 years ago
)
Add Proxy Upstreams to Service Definition (#4639) * Refactor Service Definition ProxyDestination. This includes: - Refactoring all internal structs used - Updated tests for both deprecated and new input for: - Agent Services endpoint response - Agent Service endpoint response - Agent Register endpoint - Unmanaged deprecated field - Unmanaged new fields - Managed deprecated upstreams - Managed new - Catalog Register - Unmanaged deprecated field - Unmanaged new fields - Managed deprecated upstreams - Managed new - Catalog Services endpoint response - Catalog Node endpoint response - Catalog Service endpoint response - Updated API tests for all of the above too (both deprecated and new forms of register) TODO: - config package changes for on-disk service definitions - proxy config endpoint - built-in proxy support for new fields * Agent proxy config endpoint updated with upstreams * Config file changes for upstreams. * Add upstream opaque config and update all tests to ensure it works everywhere. * Built in proxy working with new Upstreams config * Command fixes and deprecations * Fix key translation, upstream type defaults and a spate of other subtele bugs found with ned to end test scripts... TODO: tests still failing on one case that needs a fix. I think it's key translation for upstreams nested in Managed proxy struct. * Fix translated keys in API registration. ≈ * Fixes from docs - omit some empty undocumented fields in API - Bring back ServiceProxyDestination in Catalog responses to not break backwards compat - this was removed assuming it was only used internally. * Documentation updates for Upstreams in service definition * Fixes for tests broken by many refactors. * Enable travis on f-connect branch in this branch too. * Add consistent Deprecation comments to ProxyDestination uses * Update version number on deprecation notices, and correct upstream datacenter field with explanation in docs
6 years ago
// UpstreamDestType is the type of upstream discovery mechanism.
type UpstreamDestType string
const (
// UpstreamDestTypeService discovers instances via healthy service lookup.
UpstreamDestTypeService UpstreamDestType = "service"
// UpstreamDestTypePreparedQuery discovers instances via prepared query
// execution.
UpstreamDestTypePreparedQuery UpstreamDestType = "prepared_query"
)
api: initial import from armon/consul-api
10 years ago
// AgentCheck represents a check known to the agent
type AgentCheck struct {
Update AgentCheck struct in api
7 years ago
Node string
CheckID string
Name string
Status string
Notes string
Output string
ServiceID string
ServiceName string
Store check type in catalog (#6561)
5 years ago
Type string
Save exposed ports in agent's store and expose them via API (#10173) * Save exposed HTTP or GRPC ports to the agent's store * Add those the health checks API so we can retrieve them from the API * Change redirect-traffic command to also exclude those ports from inbound traffic redirection when expose.checks is set to true.
4 years ago
ExposedPort int
Update AgentCheck struct in api
7 years ago
Definition HealthCheckDefinition
Fix Namespace Typo (#7030)
5 years ago
Namespace string `json:",omitempty"`
replumbing a bunch of api and agent structs for partitions (#10681)
3 years ago
Partition string `json:",omitempty"`
api: initial import from armon/consul-api
10 years ago
}
Implementation of Weights Data structures (#4468) * Implementation of Weights Data structures Adding this datastructure will allow us to resolve the issues #1088 and #4198 This new structure defaults to values: ``` { Passing: 1, Warning: 0 } ``` Which means, use weight of 0 for a Service in Warning State while use Weight 1 for a Healthy Service. Thus it remains compatible with previous Consul versions. * Implemented weights for DNS SRV Records * DNS properly support agents with weight support while server does not (backwards compatibility) * Use Warning value of Weights of 1 by default When using DNS interface with only_passing = false, all nodes with non-Critical healthcheck used to have a weight value of 1. While having weight.Warning = 0 as default value, this is probably a bad idea as it breaks ascending compatibility. Thus, we put a default value of 1 to be consistent with existing behaviour. * Added documentation for new weight field in service description * Better documentation about weights as suggested by @banks * Return weight = 1 for unknown Check states as suggested by @banks * Fixed typo (of -> or) in error message as requested by @mkeeler * Fixed unstable unit test TestRetryJoin * Fixed unstable tests * Fixed wrong Fatalf format in `testrpc/wait.go` * Added notes regarding DNS SRV lookup limitations regarding number of instances * Documentation fixes and clarification regarding SRV records with weights as requested by @banks * Rephrase docs
6 years ago
// AgentWeights represent optional weights for a service
type AgentWeights struct {
Passing int
Warning int
}
api: initial import from armon/consul-api
10 years ago
// AgentService represents a service known to the agent
type AgentService struct {
Add Proxy Upstreams to Service Definition (#4639) * Refactor Service Definition ProxyDestination. This includes: - Refactoring all internal structs used - Updated tests for both deprecated and new input for: - Agent Services endpoint response - Agent Service endpoint response - Agent Register endpoint - Unmanaged deprecated field - Unmanaged new fields - Managed deprecated upstreams - Managed new - Catalog Register - Unmanaged deprecated field - Unmanaged new fields - Managed deprecated upstreams - Managed new - Catalog Services endpoint response - Catalog Node endpoint response - Catalog Service endpoint response - Updated API tests for all of the above too (both deprecated and new forms of register) TODO: - config package changes for on-disk service definitions - proxy config endpoint - built-in proxy support for new fields * Agent proxy config endpoint updated with upstreams * Config file changes for upstreams. * Add upstream opaque config and update all tests to ensure it works everywhere. * Built in proxy working with new Upstreams config * Command fixes and deprecations * Fix key translation, upstream type defaults and a spate of other subtele bugs found with ned to end test scripts... TODO: tests still failing on one case that needs a fix. I think it's key translation for upstreams nested in Managed proxy struct. * Fix translated keys in API registration. ≈ * Fixes from docs - omit some empty undocumented fields in API - Bring back ServiceProxyDestination in Catalog responses to not break backwards compat - this was removed assuming it was only used internally. * Documentation updates for Upstreams in service definition * Fixes for tests broken by many refactors. * Enable travis on f-connect branch in this branch too. * Add consistent Deprecation comments to ProxyDestination uses * Update version number on deprecation notices, and correct upstream datacenter field with explanation in docs
6 years ago
Kind ServiceKind `json:",omitempty"`
Adds support for EnableTagOverride to the API client.
9 years ago
ID string
Service string
Tags []string
Added Missing Service Meta synchronization and field
7 years ago
Meta map[string]string
Adds support for EnableTagOverride to the API client.
9 years ago
Port int
Address string
Fix back compat issues with UDS config (#11318) SocketPath needs to be omitted when empty to avoid confusing older versions of Consul Signed-off-by: Mark Anderson <manderson@hashicorp.com>
3 years ago
SocketPath string `json:",omitempty"`
Add tagged addresses for services (#5965) This allows addresses to be tagged at the service level similar to what we allow for nodes already. The address translation that can be enabled with the `translate_wan_addrs` config was updated to take these new addresses into account as well.
6 years ago
TaggedAddresses map[string]ServiceAddress `json:",omitempty"`
Implementation of Weights Data structures (#4468) * Implementation of Weights Data structures Adding this datastructure will allow us to resolve the issues #1088 and #4198 This new structure defaults to values: ``` { Passing: 1, Warning: 0 } ``` Which means, use weight of 0 for a Service in Warning State while use Weight 1 for a Healthy Service. Thus it remains compatible with previous Consul versions. * Implemented weights for DNS SRV Records * DNS properly support agents with weight support while server does not (backwards compatibility) * Use Warning value of Weights of 1 by default When using DNS interface with only_passing = false, all nodes with non-Critical healthcheck used to have a weight value of 1. While having weight.Warning = 0 as default value, this is probably a bad idea as it breaks ascending compatibility. Thus, we put a default value of 1 to be consistent with existing behaviour. * Added documentation for new weight field in service description * Better documentation about weights as suggested by @banks * Return weight = 1 for unknown Check states as suggested by @banks * Fixed typo (of -> or) in error message as requested by @mkeeler * Fixed unstable unit test TestRetryJoin * Fixed unstable tests * Fixed wrong Fatalf format in `testrpc/wait.go` * Added notes regarding DNS SRV lookup limitations regarding number of instances * Documentation fixes and clarification regarding SRV records with weights as requested by @banks * Rephrase docs
6 years ago
Weights AgentWeights
Adds support for EnableTagOverride to the API client.
9 years ago
EnableTagOverride bool
connect: remove managed proxies (#6220) * connect: remove managed proxies implementation and all supporting config options and structs * connect: remove deprecated ProxyDestination * command: remove CONNECT_PROXY_TOKEN env var * agent: remove entire proxyprocess proxy manager * test: remove all managed proxy tests * test: remove irrelevant managed proxy note from TestService_ServerTLSConfig * test: update ContentHash to reflect managed proxy removal * test: remove deprecated ProxyDestination test * telemetry: remove managed proxy note * http: remove /v1/agent/connect/proxy endpoint * ci: remove deprecated test exclusion * website: update managed proxies deprecation page to note removal * website: remove managed proxy configuration API docs * website: remove managed proxy note from built-in proxy config * website: add note on removing proxy subdirectory of data_dir
5 years ago
CreateIndex uint64 `json:",omitempty" bexpr:"-"`
ModifyIndex uint64 `json:",omitempty" bexpr:"-"`
ContentHash string `json:",omitempty" bexpr:"-"`
Proxy *AgentServiceConnectProxyConfig `json:",omitempty"`
Connect *AgentServiceConnect `json:",omitempty"`
peering: initial sync (#12842) - Add endpoints related to peering: read, list, generate token, initiate peering - Update node/service/check table indexing to account for peers - Foundational changes for pushing service updates to a peer - Plumb peer name through Health.ServiceNodes path see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679, ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663, ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634, ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555 Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: freddygv <freddy@hashicorp.com> Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: Evan Culver <eculver@hashicorp.com> Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
3 years ago
PeerName string `json:",omitempty"`
Sync of OSS changes to support namespaces (#6909)
5 years ago
// NOTE: If we ever set the ContentHash outside of singular service lookup then we may need
// to include the Namespace in the hash. When we do, then we are in for lots of fun with tests.
// For now though, ignoring it works well enough.
Namespace string `json:",omitempty" bexpr:"-" hash:"ignore"`
replumbing a bunch of api and agent structs for partitions (#10681)
3 years ago
Partition string `json:",omitempty" bexpr:"-" hash:"ignore"`
command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint (#9229) Fixes #9215
4 years ago
// Datacenter is only ever returned and is ignored if presented.
allow setting locality on services and nodes (#16581)
2 years ago
Datacenter string `json:",omitempty" bexpr:"-" hash:"ignore"`
Locality *Locality `json:",omitempty" bexpr:"-" hash:"ignore"`
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
7 years ago
}
Implement /v1/agent/health/service/<service name> endpoint (#3551) This endpoint aggregates all checks related to <service id> on the agent and return an appropriate http code + the string describing the worst check. This allows to cleanly expose service status to other component, hiding complexity of multiple checks. This is especially useful to use consul to feed a load balancer which would delegate health checking to consul agent. Exposing this endpoint on the agent is necessary to avoid a hit on consul servers and avoid decreasing resiliency (this endpoint will work even if there is no consul leader in the cluster).
6 years ago
// AgentServiceChecksInfo returns information about a Service and its checks
type AgentServiceChecksInfo struct {
AggregatedStatus string
Service *AgentService
Checks HealthChecks
}
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
7 years ago
// AgentServiceConnect represents the Connect configuration of a service.
type AgentServiceConnect struct {
Add SidecarService Syntax sugar to Service Definition (#4686) * Added new Config for SidecarService in ServiceDefinitions. * WIP: all the code needed for SidecarService is written... none of it is tested other than config :). Need API updates too. * Test coverage for the new sidecarServiceFromNodeService method. * Test API registratrion with SidecarService * Recursive Key Translation :facepalm: * Add tests for nested sidecar defintion arrays to ensure they are translated correctly * Use dedicated internal state rather than Service Meta for tracking sidecars for deregistration. Add tests for deregistration. * API struct for agent register. No other endpoint should be affected yet. * Additional test cases to cover updates to API registrations
6 years ago
Native bool `json:",omitempty"`
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
SidecarService *AgentServiceRegistration `json:",omitempty" bexpr:"-"`
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
7 years ago
}
Add Proxy Upstreams to Service Definition (#4639) * Refactor Service Definition ProxyDestination. This includes: - Refactoring all internal structs used - Updated tests for both deprecated and new input for: - Agent Services endpoint response - Agent Service endpoint response - Agent Register endpoint - Unmanaged deprecated field - Unmanaged new fields - Managed deprecated upstreams - Managed new - Catalog Register - Unmanaged deprecated field - Unmanaged new fields - Managed deprecated upstreams - Managed new - Catalog Services endpoint response - Catalog Node endpoint response - Catalog Service endpoint response - Updated API tests for all of the above too (both deprecated and new forms of register) TODO: - config package changes for on-disk service definitions - proxy config endpoint - built-in proxy support for new fields * Agent proxy config endpoint updated with upstreams * Config file changes for upstreams. * Add upstream opaque config and update all tests to ensure it works everywhere. * Built in proxy working with new Upstreams config * Command fixes and deprecations * Fix key translation, upstream type defaults and a spate of other subtele bugs found with ned to end test scripts... TODO: tests still failing on one case that needs a fix. I think it's key translation for upstreams nested in Managed proxy struct. * Fix translated keys in API registration. ≈ * Fixes from docs - omit some empty undocumented fields in API - Bring back ServiceProxyDestination in Catalog responses to not break backwards compat - this was removed assuming it was only used internally. * Documentation updates for Upstreams in service definition * Fixes for tests broken by many refactors. * Enable travis on f-connect branch in this branch too. * Add consistent Deprecation comments to ProxyDestination uses * Update version number on deprecation notices, and correct upstream datacenter field with explanation in docs
6 years ago
// AgentServiceConnectProxyConfig is the proxy configuration in a connect-proxy
// ServiceDefinition or response.
type AgentServiceConnectProxyConfig struct {
add extensions for local service to GetExtensionConfigurations (#15871) This gets the extensions information for the local service into the snapshot and ExtensionConfigurations for a proxy. It grabs the extensions from config entries and puts them in structs.NodeService.Proxy field, which already is copied into the config snapshot. Also: * add EnvoyExtensions to api.AgentService so that it matches structs.NodeService
2 years ago
EnvoyExtensions []EnvoyExtension `json:",omitempty"`
Convert new tproxy structs in api module into ptrs This way we avoid serializing these when empty. Otherwise users of the latest version of the api submodule cannot interact with older versions of Consul, because a new api client would send keys that the older Consul doesn't recognize yet.
4 years ago
DestinationServiceName string `json:",omitempty"`
DestinationServiceID string `json:",omitempty"`
LocalServiceAddress string `json:",omitempty"`
LocalServicePort int `json:",omitempty"`
Add support for downstreams Enhance config by adding SocketPath and LocalSocketPath config values Supports syntax of the form: ``` services { name = "sock_forwarder" id = "sock_forwarder.1" socket_path = "/tmp/downstream_3.sock" connect { sidecar_service { proxy { local_service_socket_path = "/tmp/downstream.sock" } } } } ``` Signed-off-by: Mark Anderson <manderson@hashicorp.com>
4 years ago
LocalServiceSocketPath string `json:",omitempty"`
Convert new tproxy structs in api module into ptrs This way we avoid serializing these when empty. Otherwise users of the latest version of the api submodule cannot interact with older versions of Consul, because a new api client would send keys that the older Consul doesn't recognize yet.
4 years ago
Mode ProxyMode `json:",omitempty"`
TransparentProxy *TransparentProxyConfig `json:",omitempty"`
Config map[string]interface{} `json:",omitempty" bexpr:"-"`
Upstreams []Upstream `json:",omitempty"`
MeshGateway MeshGatewayConfig `json:",omitempty"`
Expose ExposeConfig `json:",omitempty"`
[OSS] feat: access logs for listeners and listener filters (#15864) * feat: access logs for listeners and listener filters * changelog * fix integration test
2 years ago
AccessLogs *AccessLogsConfig `json:",omitempty"`
api: initial import from armon/consul-api
10 years ago
}
Add helpers to the API client to help with getting information from `AgentMember` tags (#8575) Lots of constants were added for various tags that would concern users and are not already parsed out. Additionally two methods on the AgentMember type were added to ask a member what its ACL Mode is and whether its a server or not.
4 years ago
const (
// MemberTagKeyACLMode is the key used to indicate what ACL mode the agent is
// operating in. The values of this key will be one of the MemberACLMode constants
// with the key not being present indicating ACLModeUnknown.
MemberTagKeyACLMode = "acls"
// MemberTagRole is the key used to indicate that the member is a server or not.
MemberTagKeyRole = "role"
// MemberTagValueRoleServer is the value of the MemberTagKeyRole used to indicate
// that the member represents a Consul server.
MemberTagValueRoleServer = "consul"
cli: update consul members output to display partitions and sort the results usefully (#11446)
3 years ago
// MemberTagValueRoleClient is the value of the MemberTagKeyRole used to indicate
// that the member represents a Consul client.
MemberTagValueRoleClient = "node"
// MemberTagKeyDatacenter is the key used to indicate which datacenter this member is in.
MemberTagKeyDatacenter = "dc"
Add helpers to the API client to help with getting information from `AgentMember` tags (#8575) Lots of constants were added for various tags that would concern users and are not already parsed out. Additionally two methods on the AgentMember type were added to ask a member what its ACL Mode is and whether its a server or not.
4 years ago
// MemberTagKeySegment is the key name of the tag used to indicate which network
// segment this member is in.
// Network Segments are a Consul Enterprise feature.
MemberTagKeySegment = "segment"
cli: update consul members output to display partitions and sort the results usefully (#11446)
3 years ago
// MemberTagKeyPartition is the key name of the tag used to indicate which partition
// this member is in.
// Partitions are a Consul Enterprise feature.
MemberTagKeyPartition = "ap"
Add helpers to the API client to help with getting information from `AgentMember` tags (#8575) Lots of constants were added for various tags that would concern users and are not already parsed out. Additionally two methods on the AgentMember type were added to ask a member what its ACL Mode is and whether its a server or not.
4 years ago
// MemberTagKeyBootstrap is the key name of the tag used to indicate whether this
// agent was started with the "bootstrap" configuration enabled
MemberTagKeyBootstrap = "bootstrap"
// MemberTagValueBootstrap is the value of the MemberTagKeyBootstrap key when the
// agent was started with the "bootstrap" configuration enabled.
MemberTagValueBootstrap = "1"
// MemberTagKeyBootstrapExpect is the key name of the tag used to indicate whether
// this agent was started with the "bootstrap_expect" configuration set to a non-zero
// value. The value of this key will be the string for of that configuration value.
MemberTagKeyBootstrapExpect = "expect"
// MemberTagKeyUseTLS is the key name of the tag used to indicate whther this agent
// was configured to use TLS.
MemberTagKeyUseTLS = "use_tls"
// MemberTagValueUseTLS is the value of the MemberTagKeyUseTLS when the agent was
// configured to use TLS. Any other value indicates that it was not setup in
// that manner.
MemberTagValueUseTLS = "1"
Refactor to call non-voting servers read replicas (#9191) Co-authored-by: Kit Patella <kit@jepsen.io>
4 years ago
// MemberTagKeyReadReplica is the key used to indicate that the member is a read
// replica server (will remain a Raft non-voter).
// Read Replicas are a Consul Enterprise feature.
MemberTagKeyReadReplica = "read_replica"
// MemberTagValueReadReplica is the value of the MemberTagKeyReadReplica key when
// the member is in fact a read-replica. Any other value indicates that it is not.
// Read Replicas are a Consul Enterprise feature.
MemberTagValueReadReplica = "1"
Add helpers to the API client to help with getting information from `AgentMember` tags (#8575) Lots of constants were added for various tags that would concern users and are not already parsed out. Additionally two methods on the AgentMember type were added to ask a member what its ACL Mode is and whether its a server or not.
4 years ago
)
type MemberACLMode string
const (
// ACLModeDisables indicates that ACLs are disabled for this agent
ACLModeDisabled MemberACLMode = "0"
// ACLModeEnabled indicates that ACLs are enabled and operating in new ACL
// mode (v1.4.0+ ACLs)
ACLModeEnabled MemberACLMode = "1"
Remove legacy acl policies (#15922) * remove legacy tokens * remove legacy acl policies * flatten test policies to *_prefix * address oss feedback re: phrasing and tests
2 years ago
// ACLModeLegacy has been deprecated, and will be treated as ACLModeUnknown.
ACLModeLegacy MemberACLMode = "2" // DEPRECATED
Add helpers to the API client to help with getting information from `AgentMember` tags (#8575) Lots of constants were added for various tags that would concern users and are not already parsed out. Additionally two methods on the AgentMember type were added to ask a member what its ACL Mode is and whether its a server or not.
4 years ago
// ACLModeUnkown is used to indicate that the AgentMember.Tags didn't advertise
// an ACL mode at all. This is the case for Consul versions before v1.4.0 and
Remove legacy acl policies (#15922) * remove legacy tokens * remove legacy acl policies * flatten test policies to *_prefix * address oss feedback re: phrasing and tests
2 years ago
// should be treated the same as ACLModeLegacy.
Add helpers to the API client to help with getting information from `AgentMember` tags (#8575) Lots of constants were added for various tags that would concern users and are not already parsed out. Additionally two methods on the AgentMember type were added to ask a member what its ACL Mode is and whether its a server or not.
4 years ago
ACLModeUnknown MemberACLMode = "3"
)
api: initial import from armon/consul-api
10 years ago
// AgentMember represents a cluster member known to the agent
type AgentMember struct {
Add AgentMemberStatus const (#8110) * Add AgentMemberStatus const
4 years ago
Name string
Addr string
Port uint16
Tags map[string]string
// Status of the Member which corresponds to github.com/hashicorp/serf/serf.MemberStatus
// Value is one of:
//
// AgentMemberNone = 0
// AgentMemberAlive = 1
// AgentMemberLeaving = 2
// AgentMemberLeft = 3
// AgentMemberFailed = 4
api: initial import from armon/consul-api
10 years ago
Status int
ProtocolMin uint8
ProtocolMax uint8
ProtocolCur uint8
DelegateMin uint8
DelegateMax uint8
DelegateCur uint8
}
Add helpers to the API client to help with getting information from `AgentMember` tags (#8575) Lots of constants were added for various tags that would concern users and are not already parsed out. Additionally two methods on the AgentMember type were added to ask a member what its ACL Mode is and whether its a server or not.
4 years ago
// ACLMode returns the ACL mode this agent is operating in.
func (m *AgentMember) ACLMode() MemberACLMode {
mode := m.Tags[MemberTagKeyACLMode]
// the key may not have existed but then an
// empty string will be returned and we will
// handle that in the default case of the switch
switch MemberACLMode(mode) {
case ACLModeDisabled:
return ACLModeDisabled
case ACLModeEnabled:
return ACLModeEnabled
default:
return ACLModeUnknown
}
}
// IsConsulServer returns true when this member is a Consul server.
func (m *AgentMember) IsConsulServer() bool {
return m.Tags[MemberTagKeyRole] == MemberTagValueRoleServer
}
Makes the all segments query explict, and the default for `consul members`.
7 years ago
// AllSegments is used to select for all segments in MembersOpts.
const AllSegments = "_all"
Update coord display in ui to account for segments
7 years ago
// MembersOpts is used for querying member information.
type MembersOpts struct {
Organize segments for a cleaner split between enterprise and OSS
7 years ago
// WAN is whether to show members from the WAN.
WAN bool
Adds open source side of network segments (feature is Enterprise-only).
7 years ago
Makes the all segments query explict, and the default for `consul members`.
7 years ago
// Segment is the LAN segment to show members for. Setting this to the
// AllSegments value above will show members in all segments.
Adds open source side of network segments (feature is Enterprise-only).
7 years ago
Segment string
member cli: add -filter expression to flags (#18223) * member cli: add -filter expression to flags * changelog * update doc * Add test cases * use quote
1 year ago
Filter string
Adds open source side of network segments (feature is Enterprise-only).
7 years ago
}
api: initial import from armon/consul-api
10 years ago
// AgentServiceRegistration is used to register a new service
type AgentServiceRegistration struct {
Add tagged addresses for services (#5965) This allows addresses to be tagged at the service level similar to what we allow for nodes already. The address translation that can be enabled with the `translate_wan_addrs` config was updated to take these new addresses into account as well.
6 years ago
Kind ServiceKind `json:",omitempty"`
ID string `json:",omitempty"`
Name string `json:",omitempty"`
Tags []string `json:",omitempty"`
Port int `json:",omitempty"`
Address string `json:",omitempty"`
Fixup to support unix domain socket via command line (#10758) Missed the need to add support for unix domain socket config via api/command line. This is a variant of the problems described in it is easy to drop one. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
3 years ago
SocketPath string `json:",omitempty"`
Add tagged addresses for services (#5965) This allows addresses to be tagged at the service level similar to what we allow for nodes already. The address translation that can be enabled with the `translate_wan_addrs` config was updated to take these new addresses into account as well.
6 years ago
TaggedAddresses map[string]ServiceAddress `json:",omitempty"`
EnableTagOverride bool `json:",omitempty"`
Meta map[string]string `json:",omitempty"`
Weights *AgentWeights `json:",omitempty"`
Adds support for EnableTagOverride to the API client.
9 years ago
Check *AgentServiceCheck
Checks AgentServiceChecks
connect: remove managed proxies (#6220) * connect: remove managed proxies implementation and all supporting config options and structs * connect: remove deprecated ProxyDestination * command: remove CONNECT_PROXY_TOKEN env var * agent: remove entire proxyprocess proxy manager * test: remove all managed proxy tests * test: remove irrelevant managed proxy note from TestService_ServerTLSConfig * test: update ContentHash to reflect managed proxy removal * test: remove deprecated ProxyDestination test * telemetry: remove managed proxy note * http: remove /v1/agent/connect/proxy endpoint * ci: remove deprecated test exclusion * website: update managed proxies deprecation page to note removal * website: remove managed proxy configuration API docs * website: remove managed proxy note from built-in proxy config * website: add note on removing proxy subdirectory of data_dir
5 years ago
Proxy *AgentServiceConnectProxyConfig `json:",omitempty"`
Connect *AgentServiceConnect `json:",omitempty"`
Sync of OSS changes to support namespaces (#6909)
5 years ago
Namespace string `json:",omitempty" bexpr:"-" hash:"ignore"`
replumbing a bunch of api and agent structs for partitions (#10681)
3 years ago
Partition string `json:",omitempty" bexpr:"-" hash:"ignore"`
allow setting locality on services and nodes (#16581)
2 years ago
Locality *Locality `json:",omitempty" bexpr:"-" hash:"ignore"`
api: initial import from armon/consul-api
10 years ago
}
api: Add a context to ServiceRegisterOpts So that operations can timeout instead of hanging forever
4 years ago
// ServiceRegisterOpts is used to pass extra options to the service register.
api: add replace-existing-checks param to the api package (#7136)
5 years ago
type ServiceRegisterOpts struct {
oss portion of ent #1069 (#10883)
3 years ago
// Missing healthchecks will be deleted from the agent.
// Using this parameter allows to idempotently register a service and its checks without
// having to manually deregister checks.
api: add replace-existing-checks param to the api package (#7136)
5 years ago
ReplaceExistingChecks bool
api: Add a context to ServiceRegisterOpts So that operations can timeout instead of hanging forever
4 years ago
api: add Token field to ServiceRegisterOpts (#18983) Ongoing work to support Nomad Workload Identity for authenticating with Consul will mean that Nomad's service registration sync with Consul will want to use Consul tokens scoped to individual workloads for registering services and checks. The `ServiceRegisterOpts` type in the API doesn't have an option to pass the token in, which prevent us from sharing the same Consul connection for all workloads. Add a `Token` field to match the behavior of `ServiceDeregisterOpts`.
1 year ago
// Token is used to provide a per-request ACL token
// which overrides the agent's default token.
Token string
api: Add a context to ServiceRegisterOpts So that operations can timeout instead of hanging forever
4 years ago
// ctx is an optional context pass through to the underlying HTTP
// request layer. Use WithContext() to set the context.
ctx context.Context
}
// WithContext sets the context to be used for the request on a new ServiceRegisterOpts,
// and returns the opts.
func (o ServiceRegisterOpts) WithContext(ctx context.Context) ServiceRegisterOpts {
o.ctx = ctx
return o
api: add replace-existing-checks param to the api package (#7136)
5 years ago
}
api: initial import from armon/consul-api
10 years ago
// AgentCheckRegistration is used to register a new check
type AgentCheckRegistration struct {
api: support multiple checks during service/check registration
10 years ago
ID string `json:",omitempty"`
Name string `json:",omitempty"`
Notes string `json:",omitempty"`
ServiceID string `json:",omitempty"`
api: initial import from armon/consul-api
10 years ago
AgentServiceCheck
Sync of OSS changes to support namespaces (#6909)
5 years ago
Namespace string `json:",omitempty"`
replumbing a bunch of api and agent structs for partitions (#10681)
3 years ago
Partition string `json:",omitempty"`
api: initial import from armon/consul-api
10 years ago
}
Adds ability to deregister a service based on critical check state longer than a timeout.
8 years ago
// AgentServiceCheck is used to define a node or service level check
api: initial import from armon/consul-api
10 years ago
type AgentServiceCheck struct {
api/agent: enable setting SuccessBeforePassing and FailuresBeforeCritical in API (#7949) Fixes #7764 Until now these two fields could only be set through on-disk agent configuration. This change adds the fields to the agent API struct definition so that they can be set using the agent HTTP API.
4 years ago
CheckID string `json:",omitempty"`
Name string `json:",omitempty"`
Args []string `json:"ScriptArgs,omitempty"`
DockerContainerID string `json:",omitempty"`
Shell string `json:",omitempty"` // Only supported for Docker.
Interval string `json:",omitempty"`
Timeout string `json:",omitempty"`
TTL string `json:",omitempty"`
HTTP string `json:",omitempty"`
Header map[string][]string `json:",omitempty"`
Method string `json:",omitempty"`
Body string `json:",omitempty"`
TCP string `json:",omitempty"`
Add TCP+TLS Healthchecks (#18381) * Begin adding TCPUseTLS * More TCP with TLS plumbing * Making forward progress * Keep on adding TCP+TLS support for healthchecks * Removed too many lines * Unit tests for TCP+TLS * Update tlsutil/config.go Co-authored-by: Samantha <hello@entropy.cat> * Working on the tcp+tls unit test * Updated the runtime integration tests * Progress * Revert this file back to HEAD * Remove debugging lines * Implement TLS enabled TCP socket server and make a successful TCP+TLS healthcheck on it * Update docs * Update agent/agent_test.go Co-authored-by: Samantha <hello@entropy.cat> * Update website/content/docs/ecs/configuration-reference.mdx Co-authored-by: Samantha <hello@entropy.cat> * Update website/content/docs/ecs/configuration-reference.mdx Co-authored-by: Samantha <hello@entropy.cat> * Update agent/checks/check.go Co-authored-by: Samantha <hello@entropy.cat> * Address comments * Remove extraneous bracket * Update agent/agent_test.go Co-authored-by: Samantha <hello@entropy.cat> * Update agent/agent_test.go Co-authored-by: Samantha <hello@entropy.cat> * Update website/content/docs/ecs/configuration-reference.mdx Co-authored-by: Samantha <hello@entropy.cat> * Update the mockTLSServer * Remove trailing newline * Address comments * Fix merge problem * Add changelog entry --------- Co-authored-by: Samantha <hello@entropy.cat>
1 year ago
TCPUseTLS bool `json:",omitempty"`
UDP check for service stanza #12221 (#12722) * UDP check for service stanza #12221 * add pass status on timeout condition * delete useless files * Update check_test.go improve comment in test * fix test * fix requested changes and update TestRuntimeConfig_Sanitize.golden * add freeport to TestCheckUDPCritical * improve comment for CheckUDP struct * fix requested changes * fix requested changes * fix requested changes * add UDP to proto * add UDP to proto and add a changelog * add requested test on agent_endpoint_test.go * add test for given endpoints * fix failing tests * add documentation for udp healthcheck * regenerate proto using buf * Update website/content/api-docs/agent/check.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/api-docs/agent/check.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/discovery/checks.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/ecs/configuration-reference.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/ecs/configuration-reference.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * add debug echo * add debug circle-ci * add debug circle-ci bash * use echo instead of status_stage * remove debug and status from devtools script and use echo instead * Update website/content/api-docs/agent/check.mdx Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * fix test * replace status_stage with status * replace functions with echo Co-authored-by: Dhia Ayachi <dhia@hashicorp.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
3 years ago
UDP string `json:",omitempty"`
api/agent: enable setting SuccessBeforePassing and FailuresBeforeCritical in API (#7949) Fixes #7764 Until now these two fields could only be set through on-disk agent configuration. This change adds the fields to the agent API struct definition so that they can be set using the agent HTTP API.
4 years ago
Status string `json:",omitempty"`
Notes string `json:",omitempty"`
Add support for configuring TLS ServerName for health checks Some TLS servers require SNI, but the Golang HTTP client doesn't include it in the ClientHello when connecting to an IP address. This change adds a new TLSServerName field to health check definitions to optionally set it. This fixes #9473.
4 years ago
TLSServerName string `json:",omitempty"`
api/agent: enable setting SuccessBeforePassing and FailuresBeforeCritical in API (#7949) Fixes #7764 Until now these two fields could only be set through on-disk agent configuration. This change adds the fields to the agent API struct definition so that they can be set using the agent HTTP API.
4 years ago
TLSSkipVerify bool `json:",omitempty"`
GRPC string `json:",omitempty"`
GRPCUseTLS bool `json:",omitempty"`
add support for h2c in h2 ping health checks
3 years ago
H2PING string `json:",omitempty"`
change config option to H2PingUseTLS
3 years ago
H2PingUseTLS bool `json:",omitempty"`
api/agent: enable setting SuccessBeforePassing and FailuresBeforeCritical in API (#7949) Fixes #7764 Until now these two fields could only be set through on-disk agent configuration. This change adds the fields to the agent API struct definition so that they can be set using the agent HTTP API.
4 years ago
AliasNode string `json:",omitempty"`
AliasService string `json:",omitempty"`
SuccessBeforePassing int `json:",omitempty"`
Add failures_before_warning to checks (#10969) Signed-off-by: Jakub Sokołowski <jakub@status.im> * agent: add failures_before_warning setting The new setting allows users to specify the number of check failures that have to happen before a service status us updated to be `warning`. This allows for more visibility for detected issues without creating alerts and pinging administrators. Unlike the previous behavior, which caused the service status to not update until it reached the configured `failures_before_critical` setting, now Consul updates the Web UI view with the `warning` state and the output of the service check when `failures_before_warning` is breached. The default value of `FailuresBeforeWarning` is the same as the value of `FailuresBeforeCritical`, which allows for retaining the previous default behavior of not triggering a warning. When `FailuresBeforeWarning` is set to a value higher than that of `FailuresBeforeCritical it has no effect as `FailuresBeforeCritical` takes precedence. Resolves: https://github.com/hashicorp/consul/issues/10680 Signed-off-by: Jakub Sokołowski <jakub@status.im> Co-authored-by: Jakub Sokołowski <jakub@status.im>
3 years ago
FailuresBeforeWarning int `json:",omitempty"`
api/agent: enable setting SuccessBeforePassing and FailuresBeforeCritical in API (#7949) Fixes #7764 Until now these two fields could only be set through on-disk agent configuration. This change adds the fields to the agent API struct definition so that they can be set using the agent HTTP API.
4 years ago
FailuresBeforeCritical int `json:",omitempty"`
Adds ability to deregister a service based on critical check state longer than a timeout.
8 years ago
Fixes a typo and adds an admonition about only being in Consul 0.7+.
8 years ago
// In Consul 0.7 and later, checks that are associated with a service
// may also contain this optional DeregisterCriticalServiceAfter field,
// which is a timeout in the same Go time format as Interval and TTL. If
// a check is in the critical state for more than this configured value,
// then its associated service (and all of its associated checks) will
Adds ability to deregister a service based on critical check state longer than a timeout.
8 years ago
// automatically be deregistered.
DeregisterCriticalServiceAfter string `json:",omitempty"`
api: initial import from armon/consul-api
10 years ago
}
api: support multiple checks during service/check registration
10 years ago
type AgentServiceChecks []*AgentServiceCheck
api: initial import from armon/consul-api
10 years ago
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
7 years ago
// AgentToken is used when updating ACL tokens for an agent.
type AgentToken struct {
Token string
}
Add support for labels/filters from go-metrics
7 years ago
// Metrics info is used to store different types of metric values from the agent.
type MetricsInfo struct {
Timestamp string
Update api structs for metrics endpoint
7 years ago
Gauges []GaugeValue
Points []PointValue
Counters []SampledValue
Samples []SampledValue
}
// GaugeValue stores one value that is updated as time goes on, such as
// the amount of memory allocated.
type GaugeValue struct {
Name string
Value float32
Labels map[string]string
}
// PointValue holds a series of points for a metric.
type PointValue struct {
Name string
Points []float32
}
// SampledValue stores info about a metric that is incremented over time,
// such as the number of requests to an HTTP endpoint.
type SampledValue struct {
Name string
Count int
Sum float64
Min float64
Max float64
Mean float64
Stddev float64
Labels map[string]string
Add support for labels/filters from go-metrics
7 years ago
}
api: endpoints for working with CA roots, agent authorize, etc.
7 years ago
// AgentAuthorizeParams are the request parameters for authorizing a request.
type AgentAuthorizeParams struct {
Target string
api: rename Authorize field to ClientCertURI
7 years ago
ClientCertURI string
api: endpoints for working with CA roots, agent authorize, etc.
7 years ago
ClientCertSerial string
}
// AgentAuthorize is the response structure for Connect authorization.
type AgentAuthorize struct {
Authorized bool
Reason string
}
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
7 years ago
// ConnectProxyConfig is the response structure for agent-local proxy
// configuration.
type ConnectProxyConfig struct {
ProxyServiceID string
TargetServiceID string
TargetServiceName string
ContentHash string
connect: remove managed proxies (#6220) * connect: remove managed proxies implementation and all supporting config options and structs * connect: remove deprecated ProxyDestination * command: remove CONNECT_PROXY_TOKEN env var * agent: remove entire proxyprocess proxy manager * test: remove all managed proxy tests * test: remove irrelevant managed proxy note from TestService_ServerTLSConfig * test: update ContentHash to reflect managed proxy removal * test: remove deprecated ProxyDestination test * telemetry: remove managed proxy note * http: remove /v1/agent/connect/proxy endpoint * ci: remove deprecated test exclusion * website: update managed proxies deprecation page to note removal * website: remove managed proxy configuration API docs * website: remove managed proxy note from built-in proxy config * website: add note on removing proxy subdirectory of data_dir
5 years ago
Config map[string]interface{} `bexpr:"-"`
Upstreams []Upstream
Add Proxy Upstreams to Service Definition (#4639) * Refactor Service Definition ProxyDestination. This includes: - Refactoring all internal structs used - Updated tests for both deprecated and new input for: - Agent Services endpoint response - Agent Service endpoint response - Agent Register endpoint - Unmanaged deprecated field - Unmanaged new fields - Managed deprecated upstreams - Managed new - Catalog Register - Unmanaged deprecated field - Unmanaged new fields - Managed deprecated upstreams - Managed new - Catalog Services endpoint response - Catalog Node endpoint response - Catalog Service endpoint response - Updated API tests for all of the above too (both deprecated and new forms of register) TODO: - config package changes for on-disk service definitions - proxy config endpoint - built-in proxy support for new fields * Agent proxy config endpoint updated with upstreams * Config file changes for upstreams. * Add upstream opaque config and update all tests to ensure it works everywhere. * Built in proxy working with new Upstreams config * Command fixes and deprecations * Fix key translation, upstream type defaults and a spate of other subtele bugs found with ned to end test scripts... TODO: tests still failing on one case that needs a fix. I think it's key translation for upstreams nested in Managed proxy struct. * Fix translated keys in API registration. ≈ * Fixes from docs - omit some empty undocumented fields in API - Bring back ServiceProxyDestination in Catalog responses to not break backwards compat - this was removed assuming it was only used internally. * Documentation updates for Upstreams in service definition * Fixes for tests broken by many refactors. * Enable travis on f-connect branch in this branch too. * Add consistent Deprecation comments to ProxyDestination uses * Update version number on deprecation notices, and correct upstream datacenter field with explanation in docs
6 years ago
}
// Upstream is the response structure for a proxy upstream configuration.
type Upstream struct {
oss portion of ent #1069 (#10883)
3 years ago
DestinationType UpstreamDestType `json:",omitempty"`
DestinationPartition string `json:",omitempty"`
DestinationNamespace string `json:",omitempty"`
peering: Make Upstream peer-aware (#12900) Adds DestinationPeer field to Upstream. Adds Peer field to UpstreamID and its string conversion functions.
3 years ago
DestinationPeer string `json:",omitempty"`
Add Proxy Upstreams to Service Definition (#4639) * Refactor Service Definition ProxyDestination. This includes: - Refactoring all internal structs used - Updated tests for both deprecated and new input for: - Agent Services endpoint response - Agent Service endpoint response - Agent Register endpoint - Unmanaged deprecated field - Unmanaged new fields - Managed deprecated upstreams - Managed new - Catalog Register - Unmanaged deprecated field - Unmanaged new fields - Managed deprecated upstreams - Managed new - Catalog Services endpoint response - Catalog Node endpoint response - Catalog Service endpoint response - Updated API tests for all of the above too (both deprecated and new forms of register) TODO: - config package changes for on-disk service definitions - proxy config endpoint - built-in proxy support for new fields * Agent proxy config endpoint updated with upstreams * Config file changes for upstreams. * Add upstream opaque config and update all tests to ensure it works everywhere. * Built in proxy working with new Upstreams config * Command fixes and deprecations * Fix key translation, upstream type defaults and a spate of other subtele bugs found with ned to end test scripts... TODO: tests still failing on one case that needs a fix. I think it's key translation for upstreams nested in Managed proxy struct. * Fix translated keys in API registration. ≈ * Fixes from docs - omit some empty undocumented fields in API - Bring back ServiceProxyDestination in Catalog responses to not break backwards compat - this was removed assuming it was only used internally. * Documentation updates for Upstreams in service definition * Fixes for tests broken by many refactors. * Enable travis on f-connect branch in this branch too. * Add consistent Deprecation comments to ProxyDestination uses * Update version number on deprecation notices, and correct upstream datacenter field with explanation in docs
6 years ago
DestinationName string
Datacenter string `json:",omitempty"`
LocalBindAddress string `json:",omitempty"`
LocalBindPort int `json:",omitempty"`
First changes for unix domain sockets upstreams Start making structure changes to support unix domain socket address for upstreams upstreams = [ { destination_name = "echo-service" local_bind_socket_path = "/tmp/upstream.sock" config { passive_health_check { interval = "10s" max_failures = 42 } } } Signed-off-by: Mark Anderson <manderson@hashicorp.com>
4 years ago
LocalBindSocketPath string `json:",omitempty"`
Convert mode to string representation Signed-off-by: Mark Anderson <manderson@hashicorp.com>
4 years ago
LocalBindSocketMode string `json:",omitempty"`
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
Config map[string]interface{} `json:",omitempty" bexpr:"-"`
Fix some tests that I broke when refactoring the ConfigSnapshot (#6051) * Fix some tests that I broke when refactoring the ConfigSnapshot * Make sure the MeshGateway config is added to all the right api structs * Fix some more tests
5 years ago
MeshGateway MeshGatewayConfig `json:",omitempty"`
PR comments
4 years ago
CentrallyConfigured bool `json:",omitempty" bexpr:"-"`
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
7 years ago
}
api: initial import from armon/consul-api
10 years ago
// Agent can be used to query the Agent endpoints
type Agent struct {
c *Client
// cache the node name
nodeName string
}
// Agent returns a handle to the agent endpoints
func (c *Client) Agent() *Agent {
return &Agent{c: c}
}
// Self is used to query the agent we are speaking to for
// information about itself
func (a *Agent) Self() (map[string]map[string]interface{}, error) {
r := a.c.newRequest("GET", "/v1/agent/self")
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: initial import from armon/consul-api
10 years ago
if err != nil {
return nil, err
}
api: properly close the response body reads resp.Body until EOF, so that the http client is able to re-use the TCP connection.
3 years ago
defer closeResponseBody(resp)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
if err := requireOK(resp); err != nil {
return nil, err
}
api: initial import from armon/consul-api
10 years ago
var out map[string]map[string]interface{}
if err := decodeBody(resp, &out); err != nil {
return nil, err
}
return out, nil
}
New command: consul debug (#4754) * agent/debug: add package for debugging, host info * api: add v1/agent/host endpoint * agent: add v1/agent/host endpoint * command/debug: implementation of static capture * command/debug: tests and only configured targets * agent/debug: add basic test for host metrics * command/debug: add methods for dynamic data capture * api: add debug/pprof endpoints * command/debug: add pprof * command/debug: timing, wg, logs to disk * vendor: add gopsutil/disk * command/debug: add a usage section * website: add docs for consul debug * agent/host: require operator:read * api/host: improve docs and no retry timing * command/debug: fail on extra arguments * command/debug: fixup file permissions to 0644 * command/debug: remove server flags * command/debug: improve clarity of usage section * api/debug: add Trace for profiling, fix profile * command/debug: capture profile and trace at the same time * command/debug: add index document * command/debug: use "clusters" in place of members * command/debug: remove address in output * command/debug: improve comment on metrics sleep * command/debug: clarify usage * agent: always register pprof handlers and protect This will allow us to avoid a restart of a target agent for profiling by always registering the pprof handlers. Given this is a potentially sensitive path, it is protected with an operator:read ACL and enable debug being set to true on the target agent. enable_debug still requires a restart. If ACLs are disabled, enable_debug is sufficient. * command/debug: use trace.out instead of .prof More in line with golang docs. * agent: fix comment wording * agent: wrap table driven tests in t.run()
6 years ago
// Host is used to retrieve information about the host the
// agent is running on such as CPU, memory, and disk. Requires
// a operator:read ACL token.
func (a *Agent) Host() (map[string]interface{}, error) {
r := a.c.newRequest("GET", "/v1/agent/host")
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
New command: consul debug (#4754) * agent/debug: add package for debugging, host info * api: add v1/agent/host endpoint * agent: add v1/agent/host endpoint * command/debug: implementation of static capture * command/debug: tests and only configured targets * agent/debug: add basic test for host metrics * command/debug: add methods for dynamic data capture * api: add debug/pprof endpoints * command/debug: add pprof * command/debug: timing, wg, logs to disk * vendor: add gopsutil/disk * command/debug: add a usage section * website: add docs for consul debug * agent/host: require operator:read * api/host: improve docs and no retry timing * command/debug: fail on extra arguments * command/debug: fixup file permissions to 0644 * command/debug: remove server flags * command/debug: improve clarity of usage section * api/debug: add Trace for profiling, fix profile * command/debug: capture profile and trace at the same time * command/debug: add index document * command/debug: use "clusters" in place of members * command/debug: remove address in output * command/debug: improve comment on metrics sleep * command/debug: clarify usage * agent: always register pprof handlers and protect This will allow us to avoid a restart of a target agent for profiling by always registering the pprof handlers. Given this is a potentially sensitive path, it is protected with an operator:read ACL and enable debug being set to true on the target agent. enable_debug still requires a restart. If ACLs are disabled, enable_debug is sufficient. * command/debug: use trace.out instead of .prof More in line with golang docs. * agent: fix comment wording * agent: wrap table driven tests in t.run()
6 years ago
if err != nil {
return nil, err
}
api: properly close the response body reads resp.Body until EOF, so that the http client is able to re-use the TCP connection.
3 years ago
defer closeResponseBody(resp)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
if err := requireOK(resp); err != nil {
return nil, err
}
New command: consul debug (#4754) * agent/debug: add package for debugging, host info * api: add v1/agent/host endpoint * agent: add v1/agent/host endpoint * command/debug: implementation of static capture * command/debug: tests and only configured targets * agent/debug: add basic test for host metrics * command/debug: add methods for dynamic data capture * api: add debug/pprof endpoints * command/debug: add pprof * command/debug: timing, wg, logs to disk * vendor: add gopsutil/disk * command/debug: add a usage section * website: add docs for consul debug * agent/host: require operator:read * api/host: improve docs and no retry timing * command/debug: fail on extra arguments * command/debug: fixup file permissions to 0644 * command/debug: remove server flags * command/debug: improve clarity of usage section * api/debug: add Trace for profiling, fix profile * command/debug: capture profile and trace at the same time * command/debug: add index document * command/debug: use "clusters" in place of members * command/debug: remove address in output * command/debug: improve comment on metrics sleep * command/debug: clarify usage * agent: always register pprof handlers and protect This will allow us to avoid a restart of a target agent for profiling by always registering the pprof handlers. Given this is a potentially sensitive path, it is protected with an operator:read ACL and enable debug being set to true on the target agent. enable_debug still requires a restart. If ACLs are disabled, enable_debug is sufficient. * command/debug: use trace.out instead of .prof More in line with golang docs. * agent: fix comment wording * agent: wrap table driven tests in t.run()
6 years ago
var out map[string]interface{}
if err := decodeBody(resp, &out); err != nil {
return nil, err
}
return out, nil
}
Add version endpoint (#17506) * add FIPS verison info * separate out feature functionality from build identification * split out ent test * add version endpoint
2 years ago
// Version is used to retrieve information about the running Consul version and build.
func (a *Agent) Version() (map[string]interface{}, error) {
r := a.c.newRequest("GET", "/v1/agent/version")
_, resp, err := a.c.doRequest(r)
if err != nil {
return nil, err
}
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return nil, err
}
var out map[string]interface{}
if err := decodeBody(resp, &out); err != nil {
return nil, err
}
return out, nil
}
Add support for labels/filters from go-metrics
7 years ago
// Metrics is used to query the agent we are speaking to for
// its current internal metric data
func (a *Agent) Metrics() (*MetricsInfo, error) {
r := a.c.newRequest("GET", "/v1/agent/metrics")
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
Add support for labels/filters from go-metrics
7 years ago
if err != nil {
return nil, err
}
api: properly close the response body reads resp.Body until EOF, so that the http client is able to re-use the TCP connection.
3 years ago
defer closeResponseBody(resp)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
if err := requireOK(resp); err != nil {
return nil, err
}
Add support for labels/filters from go-metrics
7 years ago
var out *MetricsInfo
if err := decodeBody(resp, &out); err != nil {
return nil, err
}
return out, nil
}
debug: use the new metrics stream in debug command
3 years ago
// MetricsStream returns an io.ReadCloser which will emit a stream of metrics
// until the context is cancelled. The metrics are json encoded.
// The caller is responsible for closing the returned io.ReadCloser.
func (a *Agent) MetricsStream(ctx context.Context) (io.ReadCloser, error) {
r := a.c.newRequest("GET", "/v1/agent/metrics/stream")
r.ctx = ctx
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
debug: use the new metrics stream in debug command
3 years ago
if err != nil {
return nil, err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
if err := requireOK(resp); err != nil {
return nil, err
}
debug: use the new metrics stream in debug command
3 years ago
return resp.Body, nil
}
Add reload/leave http endpoints (#2516)
8 years ago
// Reload triggers a configuration reload for the agent we are connected to.
func (a *Agent) Reload() error {
r := a.c.newRequest("PUT", "/v1/agent/reload")
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
Add reload/leave http endpoints (#2516)
8 years ago
if err != nil {
return err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return err
}
Add reload/leave http endpoints (#2516)
8 years ago
return nil
}
api: initial import from armon/consul-api
10 years ago
// NodeName is used to get the node name of the agent
func (a *Agent) NodeName() (string, error) {
if a.nodeName != "" {
return a.nodeName, nil
}
info, err := a.Self()
if err != nil {
return "", err
}
name := info["Config"]["NodeName"].(string)
a.nodeName = name
return name, nil
}
// Checks returns the locally registered checks
func (a *Agent) Checks() (map[string]*AgentCheck, error) {
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
return a.ChecksWithFilter("")
}
// ChecksWithFilter returns a subset of the locally registered checks that match
// the given filter expression
func (a *Agent) ChecksWithFilter(filter string) (map[string]*AgentCheck, error) {
api: enable query options on agent endpoints This PR adds support for setting QueryOptions on a few agent API endpoints. Nomad needs to be able to set the Namespace field on these endpoints to: - query for services / checks in a namespace - deregister services / checks in a namespace - update TTL status on checks in a namespace
4 years ago
return a.ChecksWithFilterOpts(filter, nil)
}
// ChecksWithFilterOpts returns a subset of the locally registered checks that match
// the given filter expression and QueryOptions.
func (a *Agent) ChecksWithFilterOpts(filter string, q *QueryOptions) (map[string]*AgentCheck, error) {
api: initial import from armon/consul-api
10 years ago
r := a.c.newRequest("GET", "/v1/agent/checks")
api: enable query options on agent endpoints This PR adds support for setting QueryOptions on a few agent API endpoints. Nomad needs to be able to set the Namespace field on these endpoints to: - query for services / checks in a namespace - deregister services / checks in a namespace - update TTL status on checks in a namespace
4 years ago
r.setQueryOptions(q)
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
r.filterQuery(filter)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: initial import from armon/consul-api
10 years ago
if err != nil {
return nil, err
}
api: properly close the response body reads resp.Body until EOF, so that the http client is able to re-use the TCP connection.
3 years ago
defer closeResponseBody(resp)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
if err := requireOK(resp); err != nil {
return nil, err
}
api: initial import from armon/consul-api
10 years ago
var out map[string]*AgentCheck
if err := decodeBody(resp, &out); err != nil {
return nil, err
}
return out, nil
}
// Services returns the locally registered services
func (a *Agent) Services() (map[string]*AgentService, error) {
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
return a.ServicesWithFilter("")
}
// ServicesWithFilter returns a subset of the locally registered services that match
// the given filter expression
func (a *Agent) ServicesWithFilter(filter string) (map[string]*AgentService, error) {
api: enable query options on agent endpoints This PR adds support for setting QueryOptions on a few agent API endpoints. Nomad needs to be able to set the Namespace field on these endpoints to: - query for services / checks in a namespace - deregister services / checks in a namespace - update TTL status on checks in a namespace
4 years ago
return a.ServicesWithFilterOpts(filter, nil)
}
// ServicesWithFilterOpts returns a subset of the locally registered services that match
// the given filter expression and QueryOptions.
func (a *Agent) ServicesWithFilterOpts(filter string, q *QueryOptions) (map[string]*AgentService, error) {
api: initial import from armon/consul-api
10 years ago
r := a.c.newRequest("GET", "/v1/agent/services")
api: enable query options on agent endpoints This PR adds support for setting QueryOptions on a few agent API endpoints. Nomad needs to be able to set the Namespace field on these endpoints to: - query for services / checks in a namespace - deregister services / checks in a namespace - update TTL status on checks in a namespace
4 years ago
r.setQueryOptions(q)
Implement data filtering of some endpoints (#5579) Fixes: #4222 # Data Filtering This PR will implement filtering for the following endpoints: ## Supported HTTP Endpoints - `/agent/checks` - `/agent/services` - `/catalog/nodes` - `/catalog/service/:service` - `/catalog/connect/:service` - `/catalog/node/:node` - `/health/node/:node` - `/health/checks/:service` - `/health/service/:service` - `/health/connect/:service` - `/health/state/:state` - `/internal/ui/nodes` - `/internal/ui/services` More can be added going forward and any endpoint which is used to list some data is a good candidate. ## Usage When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of: ``` <selector> == <value> <selector> != <value> <value> in <selector> <value> not in <selector> <selector> contains <value> <selector> not contains <value> <selector> is empty <selector> is not empty not <other expression> <expression 1> and <expression 2> <expression 1> or <expression 2> ``` Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library ## Other changes Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
6 years ago
r.filterQuery(filter)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: initial import from armon/consul-api
10 years ago
if err != nil {
return nil, err
}
api: properly close the response body reads resp.Body until EOF, so that the http client is able to re-use the TCP connection.
3 years ago
defer closeResponseBody(resp)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
if err := requireOK(resp); err != nil {
return nil, err
}
api: initial import from armon/consul-api
10 years ago
var out map[string]*AgentService
if err := decodeBody(resp, &out); err != nil {
return nil, err
}
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
7 years ago
api: initial import from armon/consul-api
10 years ago
return out, nil
}
Implement /v1/agent/health/service/<service name> endpoint (#3551) This endpoint aggregates all checks related to <service id> on the agent and return an appropriate http code + the string describing the worst check. This allows to cleanly expose service status to other component, hiding complexity of multiple checks. This is especially useful to use consul to feed a load balancer which would delegate health checking to consul agent. Exposing this endpoint on the agent is necessary to avoid a hit on consul servers and avoid decreasing resiliency (this endpoint will work even if there is no consul leader in the cluster).
6 years ago
// AgentHealthServiceByID returns for a given serviceID: the aggregated health status, the service definition or an error if any
// - If the service is not found, will return status (critical, nil, nil)
// - If the service is found, will return (critical|passing|warning), AgentServiceChecksInfo, nil)
// - In all other cases, will return an error
func (a *Agent) AgentHealthServiceByID(serviceID string) (string, *AgentServiceChecksInfo, error) {
api: Support QueryOptions on additional agent endpoints (#10691) Add support for setting QueryOptions on the following agent API endpoints: - /agent/health/service/name/:name - /agent/health/service/id/:id - /agent/service/maintenance/:id This follows the same pattern used in #9903 to support query options for other agent API endpoints. Resolves #9710
3 years ago
return a.AgentHealthServiceByIDOpts(serviceID, nil)
}
func (a *Agent) AgentHealthServiceByIDOpts(serviceID string, q *QueryOptions) (string, *AgentServiceChecksInfo, error) {
Remove incorrect usage of url.PathEscape (#12184) When r.toHTTP is called, http.Request is built with the path already escaped. This removes all calls to url.PathEscape that would have led to double-escaped URLs.
3 years ago
path := fmt.Sprintf("/v1/agent/health/service/id/%v", serviceID)
Implement /v1/agent/health/service/<service name> endpoint (#3551) This endpoint aggregates all checks related to <service id> on the agent and return an appropriate http code + the string describing the worst check. This allows to cleanly expose service status to other component, hiding complexity of multiple checks. This is especially useful to use consul to feed a load balancer which would delegate health checking to consul agent. Exposing this endpoint on the agent is necessary to avoid a hit on consul servers and avoid decreasing resiliency (this endpoint will work even if there is no consul leader in the cluster).
6 years ago
r := a.c.newRequest("GET", path)
api: Support QueryOptions on additional agent endpoints (#10691) Add support for setting QueryOptions on the following agent API endpoints: - /agent/health/service/name/:name - /agent/health/service/id/:id - /agent/service/maintenance/:id This follows the same pattern used in #9903 to support query options for other agent API endpoints. Resolves #9710
3 years ago
r.setQueryOptions(q)
Implement /v1/agent/health/service/<service name> endpoint (#3551) This endpoint aggregates all checks related to <service id> on the agent and return an appropriate http code + the string describing the worst check. This allows to cleanly expose service status to other component, hiding complexity of multiple checks. This is especially useful to use consul to feed a load balancer which would delegate health checking to consul agent. Exposing this endpoint on the agent is necessary to avoid a hit on consul servers and avoid decreasing resiliency (this endpoint will work even if there is no consul leader in the cluster).
6 years ago
r.params.Add("format", "json")
r.header.Set("Accept", "application/json")
wrap few doRequest calls for error handling (#11158)
3 years ago
// not a lot of value in wrapping the doRequest call in a requireHttpCodes call
// we manipulate the resp body and the require calls "swallow" the content on err
Implement /v1/agent/health/service/<service name> endpoint (#3551) This endpoint aggregates all checks related to <service id> on the agent and return an appropriate http code + the string describing the worst check. This allows to cleanly expose service status to other component, hiding complexity of multiple checks. This is especially useful to use consul to feed a load balancer which would delegate health checking to consul agent. Exposing this endpoint on the agent is necessary to avoid a hit on consul servers and avoid decreasing resiliency (this endpoint will work even if there is no consul leader in the cluster).
6 years ago
_, resp, err := a.c.doRequest(r)
if err != nil {
return "", nil, err
}
api: properly close the response body reads resp.Body until EOF, so that the http client is able to re-use the TCP connection.
3 years ago
defer closeResponseBody(resp)
Implement /v1/agent/health/service/<service name> endpoint (#3551) This endpoint aggregates all checks related to <service id> on the agent and return an appropriate http code + the string describing the worst check. This allows to cleanly expose service status to other component, hiding complexity of multiple checks. This is especially useful to use consul to feed a load balancer which would delegate health checking to consul agent. Exposing this endpoint on the agent is necessary to avoid a hit on consul servers and avoid decreasing resiliency (this endpoint will work even if there is no consul leader in the cluster).
6 years ago
// Service not Found
if resp.StatusCode == http.StatusNotFound {
return HealthCritical, nil, nil
}
var out *AgentServiceChecksInfo
if err := decodeBody(resp, &out); err != nil {
return HealthCritical, out, err
}
switch resp.StatusCode {
case http.StatusOK:
return HealthPassing, out, nil
case http.StatusTooManyRequests:
return HealthWarning, out, nil
case http.StatusServiceUnavailable:
return HealthCritical, out, nil
}
return HealthCritical, out, fmt.Errorf("Unexpected Error Code %v for %s", resp.StatusCode, path)
}
// AgentHealthServiceByName returns for a given service name: the aggregated health status for all services
// having the specified name.
// - If no service is not found, will return status (critical, [], nil)
// - If the service is found, will return (critical|passing|warning), []api.AgentServiceChecksInfo, nil)
// - In all other cases, will return an error
func (a *Agent) AgentHealthServiceByName(service string) (string, []AgentServiceChecksInfo, error) {
api: Support QueryOptions on additional agent endpoints (#10691) Add support for setting QueryOptions on the following agent API endpoints: - /agent/health/service/name/:name - /agent/health/service/id/:id - /agent/service/maintenance/:id This follows the same pattern used in #9903 to support query options for other agent API endpoints. Resolves #9710
3 years ago
return a.AgentHealthServiceByNameOpts(service, nil)
}
func (a *Agent) AgentHealthServiceByNameOpts(service string, q *QueryOptions) (string, []AgentServiceChecksInfo, error) {
Remove incorrect usage of url.PathEscape (#12184) When r.toHTTP is called, http.Request is built with the path already escaped. This removes all calls to url.PathEscape that would have led to double-escaped URLs.
3 years ago
path := fmt.Sprintf("/v1/agent/health/service/name/%v", service)
Implement /v1/agent/health/service/<service name> endpoint (#3551) This endpoint aggregates all checks related to <service id> on the agent and return an appropriate http code + the string describing the worst check. This allows to cleanly expose service status to other component, hiding complexity of multiple checks. This is especially useful to use consul to feed a load balancer which would delegate health checking to consul agent. Exposing this endpoint on the agent is necessary to avoid a hit on consul servers and avoid decreasing resiliency (this endpoint will work even if there is no consul leader in the cluster).
6 years ago
r := a.c.newRequest("GET", path)
api: Support QueryOptions on additional agent endpoints (#10691) Add support for setting QueryOptions on the following agent API endpoints: - /agent/health/service/name/:name - /agent/health/service/id/:id - /agent/service/maintenance/:id This follows the same pattern used in #9903 to support query options for other agent API endpoints. Resolves #9710
3 years ago
r.setQueryOptions(q)
Implement /v1/agent/health/service/<service name> endpoint (#3551) This endpoint aggregates all checks related to <service id> on the agent and return an appropriate http code + the string describing the worst check. This allows to cleanly expose service status to other component, hiding complexity of multiple checks. This is especially useful to use consul to feed a load balancer which would delegate health checking to consul agent. Exposing this endpoint on the agent is necessary to avoid a hit on consul servers and avoid decreasing resiliency (this endpoint will work even if there is no consul leader in the cluster).
6 years ago
r.params.Add("format", "json")
r.header.Set("Accept", "application/json")
wrap few doRequest calls for error handling (#11158)
3 years ago
// not a lot of value in wrapping the doRequest call in a requireHttpCodes call
// we manipulate the resp body and the require calls "swallow" the content on err
Implement /v1/agent/health/service/<service name> endpoint (#3551) This endpoint aggregates all checks related to <service id> on the agent and return an appropriate http code + the string describing the worst check. This allows to cleanly expose service status to other component, hiding complexity of multiple checks. This is especially useful to use consul to feed a load balancer which would delegate health checking to consul agent. Exposing this endpoint on the agent is necessary to avoid a hit on consul servers and avoid decreasing resiliency (this endpoint will work even if there is no consul leader in the cluster).
6 years ago
_, resp, err := a.c.doRequest(r)
if err != nil {
return "", nil, err
}
api: properly close the response body reads resp.Body until EOF, so that the http client is able to re-use the TCP connection.
3 years ago
defer closeResponseBody(resp)
Implement /v1/agent/health/service/<service name> endpoint (#3551) This endpoint aggregates all checks related to <service id> on the agent and return an appropriate http code + the string describing the worst check. This allows to cleanly expose service status to other component, hiding complexity of multiple checks. This is especially useful to use consul to feed a load balancer which would delegate health checking to consul agent. Exposing this endpoint on the agent is necessary to avoid a hit on consul servers and avoid decreasing resiliency (this endpoint will work even if there is no consul leader in the cluster).
6 years ago
// Service not Found
if resp.StatusCode == http.StatusNotFound {
return HealthCritical, nil, nil
}
var out []AgentServiceChecksInfo
if err := decodeBody(resp, &out); err != nil {
return HealthCritical, out, err
}
switch resp.StatusCode {
case http.StatusOK:
return HealthPassing, out, nil
case http.StatusTooManyRequests:
return HealthWarning, out, nil
case http.StatusServiceUnavailable:
return HealthCritical, out, nil
}
return HealthCritical, out, fmt.Errorf("Unexpected Error Code %v for %s", resp.StatusCode, path)
}
Add -sidecar-for and new /agent/service/:service_id endpoint (#4691) - A new endpoint `/v1/agent/service/:service_id` which is a generic way to look up the service for a single instance. The primary value here is that it: - **supports hash-based blocking** and so; - **replaces `/agent/connect/proxy/:proxy_id`** as the mechanism the built-in proxy uses to read its config. - It's not proxy specific and so works for any service. - It has a temporary shim to call through to the existing endpoint to preserve current managed proxy config defaulting behaviour until that is removed entirely (tested). - The built-in proxy now uses the new endpoint exclusively for it's config - The built-in proxy now has a `-sidecar-for` flag that allows the service ID of the _target_ service to be specified, on the condition that there is exactly one "sidecar" proxy (that is one that has `Proxy.DestinationServiceID` set) for the service registered. - Several fixes for edge cases for SidecarService - A fix for `Alias` checks - when running locally they didn't update their state until some external thing updated the target. If the target service has no checks registered as below, then the alias never made it past critical.
6 years ago
// Service returns a locally registered service instance and allows for
// hash-based blocking.
//
// Note that this uses an unconventional blocking mechanism since it's
// agent-local state. That means there is no persistent raft index so we block
// based on object hash instead.
func (a *Agent) Service(serviceID string, q *QueryOptions) (*AgentService, *QueryMeta, error) {
Remove incorrect usage of url.PathEscape (#12184) When r.toHTTP is called, http.Request is built with the path already escaped. This removes all calls to url.PathEscape that would have led to double-escaped URLs.
3 years ago
r := a.c.newRequest("GET", "/v1/agent/service/"+serviceID)
Add -sidecar-for and new /agent/service/:service_id endpoint (#4691) - A new endpoint `/v1/agent/service/:service_id` which is a generic way to look up the service for a single instance. The primary value here is that it: - **supports hash-based blocking** and so; - **replaces `/agent/connect/proxy/:proxy_id`** as the mechanism the built-in proxy uses to read its config. - It's not proxy specific and so works for any service. - It has a temporary shim to call through to the existing endpoint to preserve current managed proxy config defaulting behaviour until that is removed entirely (tested). - The built-in proxy now uses the new endpoint exclusively for it's config - The built-in proxy now has a `-sidecar-for` flag that allows the service ID of the _target_ service to be specified, on the condition that there is exactly one "sidecar" proxy (that is one that has `Proxy.DestinationServiceID` set) for the service registered. - Several fixes for edge cases for SidecarService - A fix for `Alias` checks - when running locally they didn't update their state until some external thing updated the target. If the target service has no checks registered as below, then the alias never made it past critical.
6 years ago
r.setQueryOptions(q)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
rtt, resp, err := a.c.doRequest(r)
Add -sidecar-for and new /agent/service/:service_id endpoint (#4691) - A new endpoint `/v1/agent/service/:service_id` which is a generic way to look up the service for a single instance. The primary value here is that it: - **supports hash-based blocking** and so; - **replaces `/agent/connect/proxy/:proxy_id`** as the mechanism the built-in proxy uses to read its config. - It's not proxy specific and so works for any service. - It has a temporary shim to call through to the existing endpoint to preserve current managed proxy config defaulting behaviour until that is removed entirely (tested). - The built-in proxy now uses the new endpoint exclusively for it's config - The built-in proxy now has a `-sidecar-for` flag that allows the service ID of the _target_ service to be specified, on the condition that there is exactly one "sidecar" proxy (that is one that has `Proxy.DestinationServiceID` set) for the service registered. - Several fixes for edge cases for SidecarService - A fix for `Alias` checks - when running locally they didn't update their state until some external thing updated the target. If the target service has no checks registered as below, then the alias never made it past critical.
6 years ago
if err != nil {
return nil, nil, err
}
api: properly close the response body reads resp.Body until EOF, so that the http client is able to re-use the TCP connection.
3 years ago
defer closeResponseBody(resp)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
if err := requireOK(resp); err != nil {
return nil, nil, err
}
Add -sidecar-for and new /agent/service/:service_id endpoint (#4691) - A new endpoint `/v1/agent/service/:service_id` which is a generic way to look up the service for a single instance. The primary value here is that it: - **supports hash-based blocking** and so; - **replaces `/agent/connect/proxy/:proxy_id`** as the mechanism the built-in proxy uses to read its config. - It's not proxy specific and so works for any service. - It has a temporary shim to call through to the existing endpoint to preserve current managed proxy config defaulting behaviour until that is removed entirely (tested). - The built-in proxy now uses the new endpoint exclusively for it's config - The built-in proxy now has a `-sidecar-for` flag that allows the service ID of the _target_ service to be specified, on the condition that there is exactly one "sidecar" proxy (that is one that has `Proxy.DestinationServiceID` set) for the service registered. - Several fixes for edge cases for SidecarService - A fix for `Alias` checks - when running locally they didn't update their state until some external thing updated the target. If the target service has no checks registered as below, then the alias never made it past critical.
6 years ago
qm := &QueryMeta{}
parseQueryMeta(resp, qm)
qm.RequestTime = rtt
var out *AgentService
if err := decodeBody(resp, &out); err != nil {
return nil, nil, err
}
return out, qm, nil
}
api: initial import from armon/consul-api
10 years ago
// Members returns the known gossip members. The WAN
// flag can be used to query a server for WAN members.
func (a *Agent) Members(wan bool) ([]*AgentMember, error) {
r := a.c.newRequest("GET", "/v1/agent/members")
if wan {
r.params.Set("wan", "1")
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: initial import from armon/consul-api
10 years ago
if err != nil {
return nil, err
}
api: properly close the response body reads resp.Body until EOF, so that the http client is able to re-use the TCP connection.
3 years ago
defer closeResponseBody(resp)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
if err := requireOK(resp); err != nil {
return nil, err
}
api: initial import from armon/consul-api
10 years ago
var out []*AgentMember
if err := decodeBody(resp, &out); err != nil {
return nil, err
}
return out, nil
}
Update coord display in ui to account for segments
7 years ago
// MembersOpts returns the known gossip members and can be passed
// additional options for WAN/segment filtering.
func (a *Agent) MembersOpts(opts MembersOpts) ([]*AgentMember, error) {
Adds open source side of network segments (feature is Enterprise-only).
7 years ago
r := a.c.newRequest("GET", "/v1/agent/members")
Update coord display in ui to account for segments
7 years ago
r.params.Set("segment", opts.Segment)
Organize segments for a cleaner split between enterprise and OSS
7 years ago
if opts.WAN {
Adds open source side of network segments (feature is Enterprise-only).
7 years ago
r.params.Set("wan", "1")
}
member cli: add -filter expression to flags (#18223) * member cli: add -filter expression to flags * changelog * update doc * Add test cases * use quote
1 year ago
if opts.Filter != "" {
r.params.Set("filter", opts.Filter)
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
Adds open source side of network segments (feature is Enterprise-only).
7 years ago
if err != nil {
return nil, err
}
api: properly close the response body reads resp.Body until EOF, so that the http client is able to re-use the TCP connection.
3 years ago
defer closeResponseBody(resp)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
if err := requireOK(resp); err != nil {
return nil, err
}
Adds open source side of network segments (feature is Enterprise-only).
7 years ago
var out []*AgentMember
if err := decodeBody(resp, &out); err != nil {
return nil, err
}
return out, nil
}
api: initial import from armon/consul-api
10 years ago
// ServiceRegister is used to register a new service with
// the local agent
func (a *Agent) ServiceRegister(service *AgentServiceRegistration) error {
api: add replace-existing-checks param to the api package (#7136)
5 years ago
opts := ServiceRegisterOpts{
ReplaceExistingChecks: false,
}
return a.serviceRegister(service, opts)
}
// ServiceRegister is used to register a new service with
// the local agent and can be passed additional options.
func (a *Agent) ServiceRegisterOpts(service *AgentServiceRegistration, opts ServiceRegisterOpts) error {
return a.serviceRegister(service, opts)
}
func (a *Agent) serviceRegister(service *AgentServiceRegistration, opts ServiceRegisterOpts) error {
api: initial import from armon/consul-api
10 years ago
r := a.c.newRequest("PUT", "/v1/agent/service/register")
r.obj = service
api: Add a context to ServiceRegisterOpts So that operations can timeout instead of hanging forever
4 years ago
r.ctx = opts.ctx
api: add replace-existing-checks param to the api package (#7136)
5 years ago
if opts.ReplaceExistingChecks {
r.params.Set("replace-existing-checks", "true")
}
api: add Token field to ServiceRegisterOpts (#18983) Ongoing work to support Nomad Workload Identity for authenticating with Consul will mean that Nomad's service registration sync with Consul will want to use Consul tokens scoped to individual workloads for registering services and checks. The `ServiceRegisterOpts` type in the API doesn't have an option to pass the token in, which prevent us from sharing the same Consul connection for all workloads. Add a `Token` field to match the behavior of `ServiceDeregisterOpts`.
1 year ago
if opts.Token != "" {
r.header.Set("X-Consul-Token", opts.Token)
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: initial import from armon/consul-api
10 years ago
if err != nil {
return err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return err
}
api: initial import from armon/consul-api
10 years ago
return nil
}
// ServiceDeregister is used to deregister a service with
// the local agent
func (a *Agent) ServiceDeregister(serviceID string) error {
Remove incorrect usage of url.PathEscape (#12184) When r.toHTTP is called, http.Request is built with the path already escaped. This removes all calls to url.PathEscape that would have led to double-escaped URLs.
3 years ago
r := a.c.newRequest("PUT", "/v1/agent/service/deregister/"+serviceID)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: initial import from armon/consul-api
10 years ago
if err != nil {
return err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return err
}
api: initial import from armon/consul-api
10 years ago
return nil
}
api: enable query options on agent endpoints This PR adds support for setting QueryOptions on a few agent API endpoints. Nomad needs to be able to set the Namespace field on these endpoints to: - query for services / checks in a namespace - deregister services / checks in a namespace - update TTL status on checks in a namespace
4 years ago
// ServiceDeregisterOpts is used to deregister a service with
// the local agent with QueryOptions.
func (a *Agent) ServiceDeregisterOpts(serviceID string, q *QueryOptions) error {
Remove incorrect usage of url.PathEscape (#12184) When r.toHTTP is called, http.Request is built with the path already escaped. This removes all calls to url.PathEscape that would have led to double-escaped URLs.
3 years ago
r := a.c.newRequest("PUT", "/v1/agent/service/deregister/"+serviceID)
api: enable query options on agent endpoints This PR adds support for setting QueryOptions on a few agent API endpoints. Nomad needs to be able to set the Namespace field on these endpoints to: - query for services / checks in a namespace - deregister services / checks in a namespace - update TTL status on checks in a namespace
4 years ago
r.setQueryOptions(q)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: enable query options on agent endpoints This PR adds support for setting QueryOptions on a few agent API endpoints. Nomad needs to be able to set the Namespace field on these endpoints to: - query for services / checks in a namespace - deregister services / checks in a namespace - update TTL status on checks in a namespace
4 years ago
if err != nil {
return err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return err
}
api: enable query options on agent endpoints This PR adds support for setting QueryOptions on a few agent API endpoints. Nomad needs to be able to set the Namespace field on these endpoints to: - query for services / checks in a namespace - deregister services / checks in a namespace - update TTL status on checks in a namespace
4 years ago
return nil
}
Update Check API to use constants Use constants where appropriate to advocate their use. Also add a deprecation notice re: `updateTTL`.
9 years ago
// PassTTL is used to set a TTL check to the passing state.
//
// DEPRECATION NOTICE: This interface is deprecated in favor of UpdateTTL().
// The client interface will be removed in 0.8 or changed to use
// UpdateTTL()'s endpoint and the server endpoints will be removed in 0.9.
api: initial import from armon/consul-api
10 years ago
func (a *Agent) PassTTL(checkID, note string) error {
Adds support for new PUT API for checks.
9 years ago
return a.updateTTL(checkID, note, "pass")
api: initial import from armon/consul-api
10 years ago
}
Update Check API to use constants Use constants where appropriate to advocate their use. Also add a deprecation notice re: `updateTTL`.
9 years ago
// WarnTTL is used to set a TTL check to the warning state.
//
// DEPRECATION NOTICE: This interface is deprecated in favor of UpdateTTL().
// The client interface will be removed in 0.8 or changed to use
// UpdateTTL()'s endpoint and the server endpoints will be removed in 0.9.
api: initial import from armon/consul-api
10 years ago
func (a *Agent) WarnTTL(checkID, note string) error {
Adds support for new PUT API for checks.
9 years ago
return a.updateTTL(checkID, note, "warn")
api: initial import from armon/consul-api
10 years ago
}
Update Check API to use constants Use constants where appropriate to advocate their use. Also add a deprecation notice re: `updateTTL`.
9 years ago
// FailTTL is used to set a TTL check to the failing state.
//
// DEPRECATION NOTICE: This interface is deprecated in favor of UpdateTTL().
// The client interface will be removed in 0.8 or changed to use
// UpdateTTL()'s endpoint and the server endpoints will be removed in 0.9.
api: initial import from armon/consul-api
10 years ago
func (a *Agent) FailTTL(checkID, note string) error {
Adds support for new PUT API for checks.
9 years ago
return a.updateTTL(checkID, note, "fail")
api: initial import from armon/consul-api
10 years ago
}
Adds support for new PUT API for checks.
9 years ago
// updateTTL is used to update the TTL of a check. This is the internal
Update Check API to use constants Use constants where appropriate to advocate their use. Also add a deprecation notice re: `updateTTL`.
9 years ago
// method that uses the old API that's present in Consul versions prior to
// 0.6.4. Since Consul didn't have an analogous "update" API before it seemed
// ok to break this (former) UpdateTTL in favor of the new UpdateTTL below,
// but keep the old Pass/Warn/Fail methods using the old API under the hood.
//
// DEPRECATION NOTICE: This interface is deprecated in favor of UpdateTTL().
// The client interface will be removed in 0.8 and the server endpoints will
// be removed in 0.9.
Adds support for new PUT API for checks.
9 years ago
func (a *Agent) updateTTL(checkID, note, status string) error {
api: initial import from armon/consul-api
10 years ago
switch status {
case "pass":
case "warn":
case "fail":
default:
return fmt.Errorf("Invalid status: %s", status)
}
Remove incorrect usage of url.PathEscape (#12184) When r.toHTTP is called, http.Request is built with the path already escaped. This removes all calls to url.PathEscape that would have led to double-escaped URLs.
3 years ago
endpoint := fmt.Sprintf("/v1/agent/check/%s/%s", status, checkID)
api: initial import from armon/consul-api
10 years ago
r := a.c.newRequest("PUT", endpoint)
r.params.Set("note", note)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: initial import from armon/consul-api
10 years ago
if err != nil {
return err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return err
}
api: initial import from armon/consul-api
10 years ago
return nil
}
Adds support for new PUT API for checks.
9 years ago
// checkUpdate is the payload for a PUT for a check update.
type checkUpdate struct {
Correct a small typo
9 years ago
// Status is one of the api.Health* states: HealthPassing
Update Check API to use constants Use constants where appropriate to advocate their use. Also add a deprecation notice re: `updateTTL`.
9 years ago
// ("passing"), HealthWarning ("warning"), or HealthCritical
// ("critical").
Adds support for new PUT API for checks.
9 years ago
Status string
// Output is the information to post to the UI for operators as the
// output of the process that decided to hit the TTL check. This is
// different from the note field that's associated with the check
// itself.
Output string
}
// UpdateTTL is used to update the TTL of a check. This uses the newer API
// that was introduced in Consul 0.6.4 and later. We translate the old status
// strings for compatibility (though a newer version of Consul will still be
// required to use this API).
func (a *Agent) UpdateTTL(checkID, output, status string) error {
api: enable query options on agent endpoints This PR adds support for setting QueryOptions on a few agent API endpoints. Nomad needs to be able to set the Namespace field on these endpoints to: - query for services / checks in a namespace - deregister services / checks in a namespace - update TTL status on checks in a namespace
4 years ago
return a.UpdateTTLOpts(checkID, output, status, nil)
}
func (a *Agent) UpdateTTLOpts(checkID, output, status string, q *QueryOptions) error {
Adds support for new PUT API for checks.
9 years ago
switch status {
Added some constants in the api for check health statuses
9 years ago
case "pass", HealthPassing:
status = HealthPassing
case "warn", HealthWarning:
status = HealthWarning
case "fail", HealthCritical:
status = HealthCritical
Adds support for new PUT API for checks.
9 years ago
default:
return fmt.Errorf("Invalid status: %s", status)
}
Remove incorrect usage of url.PathEscape (#12184) When r.toHTTP is called, http.Request is built with the path already escaped. This removes all calls to url.PathEscape that would have led to double-escaped URLs.
3 years ago
endpoint := fmt.Sprintf("/v1/agent/check/update/%s", checkID)
Adds support for new PUT API for checks.
9 years ago
r := a.c.newRequest("PUT", endpoint)
api: enable query options on agent endpoints This PR adds support for setting QueryOptions on a few agent API endpoints. Nomad needs to be able to set the Namespace field on these endpoints to: - query for services / checks in a namespace - deregister services / checks in a namespace - update TTL status on checks in a namespace
4 years ago
r.setQueryOptions(q)
Adds support for new PUT API for checks.
9 years ago
r.obj = &checkUpdate{
Status: status,
Output: output,
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
Adds support for new PUT API for checks.
9 years ago
if err != nil {
return err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return err
}
Adds support for new PUT API for checks.
9 years ago
return nil
}
api: initial import from armon/consul-api
10 years ago
// CheckRegister is used to register a new check with
// the local agent
func (a *Agent) CheckRegister(check *AgentCheckRegistration) error {
api: add `CheckRegisterOpts` method to Agent API (#18943) Ongoing work to support Nomad Workload Identity for authenticating with Consul will mean that Nomad's service registration sync with Consul will want to use Consul tokens scoped to individual workloads for registering services and checks. The `CheckRegister` method in the API doesn't have an option to pass the token in, which prevent us from sharing the same Consul connection for all workloads. Add a `CheckRegisterOpts` to match the behavior of `ServiceRegisterOpts`.
1 year ago
return a.CheckRegisterOpts(check, nil)
}
// CheckRegisterOpts is used to register a new check with
// the local agent using query options
func (a *Agent) CheckRegisterOpts(check *AgentCheckRegistration, q *QueryOptions) error {
api: initial import from armon/consul-api
10 years ago
r := a.c.newRequest("PUT", "/v1/agent/check/register")
api: add `CheckRegisterOpts` method to Agent API (#18943) Ongoing work to support Nomad Workload Identity for authenticating with Consul will mean that Nomad's service registration sync with Consul will want to use Consul tokens scoped to individual workloads for registering services and checks. The `CheckRegister` method in the API doesn't have an option to pass the token in, which prevent us from sharing the same Consul connection for all workloads. Add a `CheckRegisterOpts` to match the behavior of `ServiceRegisterOpts`.
1 year ago
r.setQueryOptions(q)
api: initial import from armon/consul-api
10 years ago
r.obj = check
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: initial import from armon/consul-api
10 years ago
if err != nil {
return err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return err
}
api: initial import from armon/consul-api
10 years ago
return nil
}
// CheckDeregister is used to deregister a check with
// the local agent
func (a *Agent) CheckDeregister(checkID string) error {
api: enable query options on agent endpoints This PR adds support for setting QueryOptions on a few agent API endpoints. Nomad needs to be able to set the Namespace field on these endpoints to: - query for services / checks in a namespace - deregister services / checks in a namespace - update TTL status on checks in a namespace
4 years ago
return a.CheckDeregisterOpts(checkID, nil)
}
// CheckDeregisterOpts is used to deregister a check with
// the local agent using query options
func (a *Agent) CheckDeregisterOpts(checkID string, q *QueryOptions) error {
Remove incorrect usage of url.PathEscape (#12184) When r.toHTTP is called, http.Request is built with the path already escaped. This removes all calls to url.PathEscape that would have led to double-escaped URLs.
3 years ago
r := a.c.newRequest("PUT", "/v1/agent/check/deregister/"+checkID)
api: enable query options on agent endpoints This PR adds support for setting QueryOptions on a few agent API endpoints. Nomad needs to be able to set the Namespace field on these endpoints to: - query for services / checks in a namespace - deregister services / checks in a namespace - update TTL status on checks in a namespace
4 years ago
r.setQueryOptions(q)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: initial import from armon/consul-api
10 years ago
if err != nil {
return err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return err
}
api: initial import from armon/consul-api
10 years ago
return nil
}
// Join is used to instruct the agent to attempt a join to
// another cluster member
func (a *Agent) Join(addr string, wan bool) error {
Remove incorrect usage of url.PathEscape (#12184) When r.toHTTP is called, http.Request is built with the path already escaped. This removes all calls to url.PathEscape that would have led to double-escaped URLs.
3 years ago
r := a.c.newRequest("PUT", "/v1/agent/join/"+addr)
api: initial import from armon/consul-api
10 years ago
if wan {
r.params.Set("wan", "1")
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: initial import from armon/consul-api
10 years ago
if err != nil {
return err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return err
}
api: initial import from armon/consul-api
10 years ago
return nil
}
Add reload/leave http endpoints (#2516)
8 years ago
// Leave is used to have the agent gracefully leave the cluster and shutdown
func (a *Agent) Leave() error {
r := a.c.newRequest("PUT", "/v1/agent/leave")
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
Add reload/leave http endpoints (#2516)
8 years ago
if err != nil {
return err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return err
}
Add reload/leave http endpoints (#2516)
8 years ago
return nil
}
agent: add variation of force-leave that exclusively works on the WAN (#11722) Fixes #6548
3 years ago
type ForceLeaveOpts struct {
// Prune indicates if we should remove a failed agent from the list of
// members in addition to ejecting it.
Prune bool
// WAN indicates that the request should exclusively target the WAN pool.
WAN bool
}
api: initial import from armon/consul-api
10 years ago
// ForceLeave is used to have the agent eject a failed node
func (a *Agent) ForceLeave(node string) error {
agent: add variation of force-leave that exclusively works on the WAN (#11722) Fixes #6548
3 years ago
return a.ForceLeaveOpts(node, ForceLeaveOpts{})
api: initial import from armon/consul-api
10 years ago
}
api: add node/service maintenance mode functions
10 years ago
oss portion of ent #1069 (#10883)
3 years ago
// ForceLeavePrune is used to have an a failed agent removed
// from the list of members
Prune Unhealthy Agents (#6571) * Add -prune flag to ForceLeave
5 years ago
func (a *Agent) ForceLeavePrune(node string) error {
agent: add variation of force-leave that exclusively works on the WAN (#11722) Fixes #6548
3 years ago
return a.ForceLeaveOpts(node, ForceLeaveOpts{Prune: true})
}
// ForceLeaveOpts is used to have the agent eject a failed node or remove it
// completely from the list of members.
api: enable query options on agent force-leave endpoint (#15987)
2 years ago
//
// DEPRECATED - Use ForceLeaveOptions instead.
agent: add variation of force-leave that exclusively works on the WAN (#11722) Fixes #6548
3 years ago
func (a *Agent) ForceLeaveOpts(node string, opts ForceLeaveOpts) error {
api: enable query options on agent force-leave endpoint (#15987)
2 years ago
return a.ForceLeaveOptions(node, opts, nil)
}
// ForceLeaveOptions is used to have the agent eject a failed node or remove it
// completely from the list of members. Allows usage of QueryOptions on-top of ForceLeaveOpts
func (a *Agent) ForceLeaveOptions(node string, opts ForceLeaveOpts, q *QueryOptions) error {
Remove incorrect usage of url.PathEscape (#12184) When r.toHTTP is called, http.Request is built with the path already escaped. This removes all calls to url.PathEscape that would have led to double-escaped URLs.
3 years ago
r := a.c.newRequest("PUT", "/v1/agent/force-leave/"+node)
api: enable query options on agent force-leave endpoint (#15987)
2 years ago
r.setQueryOptions(q)
agent: add variation of force-leave that exclusively works on the WAN (#11722) Fixes #6548
3 years ago
if opts.Prune {
r.params.Set("prune", "1")
}
if opts.WAN {
r.params.Set("wan", "1")
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
Prune Unhealthy Agents (#6571) * Add -prune flag to ForceLeave
5 years ago
if err != nil {
return err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return err
}
Prune Unhealthy Agents (#6571) * Add -prune flag to ForceLeave
5 years ago
return nil
}
api: endpoints for working with CA roots, agent authorize, etc.
7 years ago
// ConnectAuthorize is used to authorize an incoming connection
// to a natively integrated Connect service.
func (a *Agent) ConnectAuthorize(auth *AgentAuthorizeParams) (*AgentAuthorize, error) {
r := a.c.newRequest("POST", "/v1/agent/connect/authorize")
r.obj = auth
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: endpoints for working with CA roots, agent authorize, etc.
7 years ago
if err != nil {
return nil, err
}
api: properly close the response body reads resp.Body until EOF, so that the http client is able to re-use the TCP connection.
3 years ago
defer closeResponseBody(resp)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
if err := requireOK(resp); err != nil {
return nil, err
}
api: endpoints for working with CA roots, agent authorize, etc.
7 years ago
var out AgentAuthorize
if err := decodeBody(resp, &out); err != nil {
return nil, err
}
return &out, nil
}
// ConnectCARoots returns the list of roots.
func (a *Agent) ConnectCARoots(q *QueryOptions) (*CARootList, *QueryMeta, error) {
r := a.c.newRequest("GET", "/v1/agent/connect/ca/roots")
r.setQueryOptions(q)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
rtt, resp, err := a.c.doRequest(r)
api: endpoints for working with CA roots, agent authorize, etc.
7 years ago
if err != nil {
return nil, nil, err
}
api: properly close the response body reads resp.Body until EOF, so that the http client is able to re-use the TCP connection.
3 years ago
defer closeResponseBody(resp)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
if err := requireOK(resp); err != nil {
return nil, nil, err
}
api: endpoints for working with CA roots, agent authorize, etc.
7 years ago
qm := &QueryMeta{}
parseQueryMeta(resp, qm)
qm.RequestTime = rtt
var out CARootList
if err := decodeBody(resp, &out); err != nil {
return nil, nil, err
}
return &out, qm, nil
}
// ConnectCALeaf gets the leaf certificate for the given service ID.
api: fix up some comments and rename IssuedCert to LeafCert
7 years ago
func (a *Agent) ConnectCALeaf(serviceID string, q *QueryOptions) (*LeafCert, *QueryMeta, error) {
Remove incorrect usage of url.PathEscape (#12184) When r.toHTTP is called, http.Request is built with the path already escaped. This removes all calls to url.PathEscape that would have led to double-escaped URLs.
3 years ago
r := a.c.newRequest("GET", "/v1/agent/connect/ca/leaf/"+serviceID)
api: endpoints for working with CA roots, agent authorize, etc.
7 years ago
r.setQueryOptions(q)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
rtt, resp, err := a.c.doRequest(r)
api: endpoints for working with CA roots, agent authorize, etc.
7 years ago
if err != nil {
return nil, nil, err
}
api: properly close the response body reads resp.Body until EOF, so that the http client is able to re-use the TCP connection.
3 years ago
defer closeResponseBody(resp)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
if err := requireOK(resp); err != nil {
return nil, nil, err
}
api: endpoints for working with CA roots, agent authorize, etc.
7 years ago
qm := &QueryMeta{}
parseQueryMeta(resp, qm)
qm.RequestTime = rtt
api: fix up some comments and rename IssuedCert to LeafCert
7 years ago
var out LeafCert
api: endpoints for working with CA roots, agent authorize, etc.
7 years ago
if err := decodeBody(resp, &out); err != nil {
return nil, nil, err
}
return &out, qm, nil
}
api: add node/service maintenance mode functions
10 years ago
// EnableServiceMaintenance toggles service maintenance mode on
// for the given service ID.
api: support reason flag for maintenance mode
10 years ago
func (a *Agent) EnableServiceMaintenance(serviceID, reason string) error {
api: Support QueryOptions on additional agent endpoints (#10691) Add support for setting QueryOptions on the following agent API endpoints: - /agent/health/service/name/:name - /agent/health/service/id/:id - /agent/service/maintenance/:id This follows the same pattern used in #9903 to support query options for other agent API endpoints. Resolves #9710
3 years ago
return a.EnableServiceMaintenanceOpts(serviceID, reason, nil)
}
func (a *Agent) EnableServiceMaintenanceOpts(serviceID, reason string, q *QueryOptions) error {
Remove incorrect usage of url.PathEscape (#12184) When r.toHTTP is called, http.Request is built with the path already escaped. This removes all calls to url.PathEscape that would have led to double-escaped URLs.
3 years ago
r := a.c.newRequest("PUT", "/v1/agent/service/maintenance/"+serviceID)
api: Support QueryOptions on additional agent endpoints (#10691) Add support for setting QueryOptions on the following agent API endpoints: - /agent/health/service/name/:name - /agent/health/service/id/:id - /agent/service/maintenance/:id This follows the same pattern used in #9903 to support query options for other agent API endpoints. Resolves #9710
3 years ago
r.setQueryOptions(q)
api: add node/service maintenance mode functions
10 years ago
r.params.Set("enable", "true")
api: support reason flag for maintenance mode
10 years ago
r.params.Set("reason", reason)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: add node/service maintenance mode functions
10 years ago
if err != nil {
return err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return err
}
api: add node/service maintenance mode functions
10 years ago
return nil
}
// DisableServiceMaintenance toggles service maintenance mode off
// for the given service ID.
func (a *Agent) DisableServiceMaintenance(serviceID string) error {
api: Support QueryOptions on additional agent endpoints (#10691) Add support for setting QueryOptions on the following agent API endpoints: - /agent/health/service/name/:name - /agent/health/service/id/:id - /agent/service/maintenance/:id This follows the same pattern used in #9903 to support query options for other agent API endpoints. Resolves #9710
3 years ago
return a.DisableServiceMaintenanceOpts(serviceID, nil)
}
func (a *Agent) DisableServiceMaintenanceOpts(serviceID string, q *QueryOptions) error {
Remove incorrect usage of url.PathEscape (#12184) When r.toHTTP is called, http.Request is built with the path already escaped. This removes all calls to url.PathEscape that would have led to double-escaped URLs.
3 years ago
r := a.c.newRequest("PUT", "/v1/agent/service/maintenance/"+serviceID)
api: Support QueryOptions on additional agent endpoints (#10691) Add support for setting QueryOptions on the following agent API endpoints: - /agent/health/service/name/:name - /agent/health/service/id/:id - /agent/service/maintenance/:id This follows the same pattern used in #9903 to support query options for other agent API endpoints. Resolves #9710
3 years ago
r.setQueryOptions(q)
api: add node/service maintenance mode functions
10 years ago
r.params.Set("enable", "false")
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: add node/service maintenance mode functions
10 years ago
if err != nil {
return err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return err
}
api: add node/service maintenance mode functions
10 years ago
return nil
}
// EnableNodeMaintenance toggles node maintenance mode on for the
// agent we are connected to.
api: support reason flag for maintenance mode
10 years ago
func (a *Agent) EnableNodeMaintenance(reason string) error {
api: add node/service maintenance mode functions
10 years ago
r := a.c.newRequest("PUT", "/v1/agent/maintenance")
r.params.Set("enable", "true")
api: support reason flag for maintenance mode
10 years ago
r.params.Set("reason", reason)
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: add node/service maintenance mode functions
10 years ago
if err != nil {
return err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return err
}
api: add node/service maintenance mode functions
10 years ago
return nil
}
// DisableNodeMaintenance toggles node maintenance mode off for the
// agent we are connected to.
func (a *Agent) DisableNodeMaintenance() error {
r := a.c.newRequest("PUT", "/v1/agent/maintenance")
r.params.Set("enable", "false")
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
api: add node/service maintenance mode functions
10 years ago
if err != nil {
return err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return err
}
api: add node/service maintenance mode functions
10 years ago
return nil
}
Add monitor http endpoint
8 years ago
// Monitor returns a channel which will receive streaming logs from the agent
// Providing a non-nil stopCh can be used to close the connection and stop the
Adds a guard to make sure that empty log lines don't close consul monitor. Fixes #3253.
7 years ago
// log stream. An empty string will be sent down the given channel when there's
// nothing left to stream, after which the caller should close the stopCh.
accept recv-only channels for cancellations (#3271) Cancellation channels are often derived from a Context, which returns a directional `<-chan struct{}` from Done(). In order to use this with parts of of the consul API, one is required to create a new channel and dispatch a separate goroutine to watch for context cancellation and close the new channel. Changing the signature for the methods that take cancellation channels will allow easier integration with existing uses of Context. Since the cancellation pattern only reads from these channels, there should be no backwards incompatibility with existing codebases, and most of the methods already accept only the correct type.
7 years ago
func (a *Agent) Monitor(loglevel string, stopCh <-chan struct{}, q *QueryOptions) (chan string, error) {
Allow users to configure either unstructured or JSON logging (#7130) * hclog Allow users to choose between unstructured and JSON logging
5 years ago
return a.monitor(loglevel, false, stopCh, q)
}
// MonitorJSON is like Monitor except it returns logs in JSON format.
func (a *Agent) MonitorJSON(loglevel string, stopCh <-chan struct{}, q *QueryOptions) (chan string, error) {
return a.monitor(loglevel, true, stopCh, q)
}
oss portion of ent #1069 (#10883)
3 years ago
Allow users to configure either unstructured or JSON logging (#7130) * hclog Allow users to choose between unstructured and JSON logging
5 years ago
func (a *Agent) monitor(loglevel string, logJSON bool, stopCh <-chan struct{}, q *QueryOptions) (chan string, error) {
Add monitor http endpoint
8 years ago
r := a.c.newRequest("GET", "/v1/agent/monitor")
Add QueryOptions to api package's monitor
8 years ago
r.setQueryOptions(q)
Add monitor http endpoint
8 years ago
if loglevel != "" {
r.params.Add("loglevel", loglevel)
}
Allow users to configure either unstructured or JSON logging (#7130) * hclog Allow users to choose between unstructured and JSON logging
5 years ago
if logJSON {
r.params.Set("logjson", "true")
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
_, resp, err := a.c.doRequest(r)
Add monitor http endpoint
8 years ago
if err != nil {
return nil, err
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
if err := requireOK(resp); err != nil {
return nil, err
}
Add monitor http endpoint
8 years ago
logCh := make(chan string, 64)
go func() {
api: properly close the response body reads resp.Body until EOF, so that the http client is able to re-use the TCP connection.
3 years ago
defer closeResponseBody(resp)
Add monitor http endpoint
8 years ago
scanner := bufio.NewScanner(resp.Body)
for {
select {
case <-stopCh:
close(logCh)
return
default:
}
if scanner.Scan() {
Adds a guard to make sure that empty log lines don't close consul monitor. Fixes #3253.
7 years ago
// An empty string signals to the caller that
// the scan is done, so make sure we only emit
// that when the scanner says it's done, not if
// we happen to ingest an empty line.
if text := scanner.Text(); text != "" {
logCh <- text
} else {
logCh <- " "
}
} else {
logCh <- ""
Add monitor http endpoint
8 years ago
}
}
}()
return logCh, nil
}
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
7 years ago
// UpdateACLToken updates the agent's "acl_token". See updateToken for more
Remove legacy acl tokens (#15947) * remove legacy tokens * Update test comment Co-authored-by: Paul Glass <pglass@hashicorp.com> * fix imports * update docs for additional CLI changes * add test case for anonymous token * set deprecated api fields to json ignore and fix patch errors * update changelog to breaking-change * fix import * update api docs to remove legacy reference * fix docs nav data --------- Co-authored-by: Paul Glass <pglass@hashicorp.com>
2 years ago
// details. Deprecated in Consul 1.4.
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
6 years ago
//
// DEPRECATED (ACL-Legacy-Compat) - Prefer UpdateDefaultACLToken for v1.4.3 and above
remove golint warnings
7 years ago
func (a *Agent) UpdateACLToken(token string, q *WriteOptions) (*WriteMeta, error) {
Remove legacy acl tokens (#15947) * remove legacy tokens * Update test comment Co-authored-by: Paul Glass <pglass@hashicorp.com> * fix imports * update docs for additional CLI changes * add test case for anonymous token * set deprecated api fields to json ignore and fix patch errors * update changelog to breaking-change * fix import * update api docs to remove legacy reference * fix docs nav data --------- Co-authored-by: Paul Glass <pglass@hashicorp.com>
2 years ago
return nil, fmt.Errorf("Legacy ACL Tokens were deprecated in Consul 1.4")
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
7 years ago
}
// UpdateACLAgentToken updates the agent's "acl_agent_token". See updateToken
Remove legacy acl tokens (#15947) * remove legacy tokens * Update test comment Co-authored-by: Paul Glass <pglass@hashicorp.com> * fix imports * update docs for additional CLI changes * add test case for anonymous token * set deprecated api fields to json ignore and fix patch errors * update changelog to breaking-change * fix import * update api docs to remove legacy reference * fix docs nav data --------- Co-authored-by: Paul Glass <pglass@hashicorp.com>
2 years ago
// for more details. Deprecated in Consul 1.4.
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
6 years ago
//
// DEPRECATED (ACL-Legacy-Compat) - Prefer UpdateAgentACLToken for v1.4.3 and above
remove golint warnings
7 years ago
func (a *Agent) UpdateACLAgentToken(token string, q *WriteOptions) (*WriteMeta, error) {
Remove legacy acl tokens (#15947) * remove legacy tokens * Update test comment Co-authored-by: Paul Glass <pglass@hashicorp.com> * fix imports * update docs for additional CLI changes * add test case for anonymous token * set deprecated api fields to json ignore and fix patch errors * update changelog to breaking-change * fix import * update api docs to remove legacy reference * fix docs nav data --------- Co-authored-by: Paul Glass <pglass@hashicorp.com>
2 years ago
return nil, fmt.Errorf("Legacy ACL Tokens were deprecated in Consul 1.4")
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
7 years ago
}
// UpdateACLAgentMasterToken updates the agent's "acl_agent_master_token". See
Remove legacy acl tokens (#15947) * remove legacy tokens * Update test comment Co-authored-by: Paul Glass <pglass@hashicorp.com> * fix imports * update docs for additional CLI changes * add test case for anonymous token * set deprecated api fields to json ignore and fix patch errors * update changelog to breaking-change * fix import * update api docs to remove legacy reference * fix docs nav data --------- Co-authored-by: Paul Glass <pglass@hashicorp.com>
2 years ago
// updateToken for more details. Deprecated in Consul 1.4.
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
6 years ago
//
// DEPRECATED (ACL-Legacy-Compat) - Prefer UpdateAgentMasterACLToken for v1.4.3 and above
remove golint warnings
7 years ago
func (a *Agent) UpdateACLAgentMasterToken(token string, q *WriteOptions) (*WriteMeta, error) {
Remove legacy acl tokens (#15947) * remove legacy tokens * Update test comment Co-authored-by: Paul Glass <pglass@hashicorp.com> * fix imports * update docs for additional CLI changes * add test case for anonymous token * set deprecated api fields to json ignore and fix patch errors * update changelog to breaking-change * fix import * update api docs to remove legacy reference * fix docs nav data --------- Co-authored-by: Paul Glass <pglass@hashicorp.com>
2 years ago
return nil, fmt.Errorf("Legacy ACL Tokens were deprecated in Consul 1.4")
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
7 years ago
}
Adds secure introduction for the ACL replication token. (#3357) Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
7 years ago
// UpdateACLReplicationToken updates the agent's "acl_replication_token". See
Remove legacy acl tokens (#15947) * remove legacy tokens * Update test comment Co-authored-by: Paul Glass <pglass@hashicorp.com> * fix imports * update docs for additional CLI changes * add test case for anonymous token * set deprecated api fields to json ignore and fix patch errors * update changelog to breaking-change * fix import * update api docs to remove legacy reference * fix docs nav data --------- Co-authored-by: Paul Glass <pglass@hashicorp.com>
2 years ago
// updateToken for more details. Deprecated in Consul 1.4.
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
6 years ago
//
// DEPRECATED (ACL-Legacy-Compat) - Prefer UpdateReplicationACLToken for v1.4.3 and above
remove golint warnings
7 years ago
func (a *Agent) UpdateACLReplicationToken(token string, q *WriteOptions) (*WriteMeta, error) {
Remove legacy acl tokens (#15947) * remove legacy tokens * Update test comment Co-authored-by: Paul Glass <pglass@hashicorp.com> * fix imports * update docs for additional CLI changes * add test case for anonymous token * set deprecated api fields to json ignore and fix patch errors * update changelog to breaking-change * fix import * update api docs to remove legacy reference * fix docs nav data --------- Co-authored-by: Paul Glass <pglass@hashicorp.com>
2 years ago
return nil, fmt.Errorf("Legacy ACL Tokens were deprecated in Consul 1.4")
Adds secure introduction for the ACL replication token. (#3357) Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
7 years ago
}
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
6 years ago
// UpdateDefaultACLToken updates the agent's "default" token. See updateToken
// for more details
func (a *Agent) UpdateDefaultACLToken(token string, q *WriteOptions) (*WriteMeta, error) {
Rename `agent_master` ACL token in the API and CLI (#11669)
3 years ago
return a.updateTokenFallback(token, q, "default", "acl_token")
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
6 years ago
}
// UpdateAgentACLToken updates the agent's "agent" token. See updateToken
// for more details
func (a *Agent) UpdateAgentACLToken(token string, q *WriteOptions) (*WriteMeta, error) {
Rename `agent_master` ACL token in the API and CLI (#11669)
3 years ago
return a.updateTokenFallback(token, q, "agent", "acl_agent_token")
}
// UpdateAgentRecoveryACLToken updates the agent's "agent_recovery" token. See updateToken
// for more details.
func (a *Agent) UpdateAgentRecoveryACLToken(token string, q *WriteOptions) (*WriteMeta, error) {
return a.updateTokenFallback(token, q, "agent_recovery", "agent_master", "acl_agent_master_token")
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
6 years ago
}
// UpdateAgentMasterACLToken updates the agent's "agent_master" token. See updateToken
Rename `agent_master` ACL token in the API and CLI (#11669)
3 years ago
// for more details.
//
// DEPRECATED - Prefer UpdateAgentRecoveryACLToken for v1.11 and above.
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
6 years ago
func (a *Agent) UpdateAgentMasterACLToken(token string, q *WriteOptions) (*WriteMeta, error) {
Rename `agent_master` ACL token in the API and CLI (#11669)
3 years ago
return a.updateTokenFallback(token, q, "agent_master", "acl_agent_master_token")
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
6 years ago
}
// UpdateReplicationACLToken updates the agent's "replication" token. See updateToken
// for more details
func (a *Agent) UpdateReplicationACLToken(token string, q *WriteOptions) (*WriteMeta, error) {
Rename `agent_master` ACL token in the API and CLI (#11669)
3 years ago
return a.updateTokenFallback(token, q, "replication", "acl_replication_token")
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
6 years ago
}
Add new config_file_service_registration token (#15828)
2 years ago
// UpdateConfigFileRegistrationToken updates the agent's "replication" token. See updateToken
// for more details
func (a *Agent) UpdateConfigFileRegistrationToken(token string, q *WriteOptions) (*WriteMeta, error) {
return a.updateToken("config_file_service_registration", token, q)
}
dns token (#17936) * dns token fix whitespace for docs and comments fix test cases fix test cases remove tabs in help text Add changelog Peering dns test Peering dns test Partial implementation of Peered DNS test Swap to new topology lib expose dns port for integration tests on client remove partial test implementation remove extra port exposure remove changelog from the ent pr Add dns token to set-agent-token switch Add enterprise golden file Use builtin/dns template in tests Update ent dns policy Update ent dns template test remove local gen certs fix templated policy specs * add changelog * go mod tidy
1 year ago
func (a *Agent) UpdateDNSToken(token string, q *WriteOptions) (*WriteMeta, error) {
return a.updateToken("dns", token, q)
}
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
6 years ago
// updateToken can be used to update one of an agent's ACL tokens after the agent has
// started. The tokens are may not be persisted, so will need to be updated again if
// the agent is restarted unless the agent is configured to persist them.
remove golint warnings
7 years ago
func (a *Agent) updateToken(target, token string, q *WriteOptions) (*WriteMeta, error) {
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
6 years ago
meta, _, err := a.updateTokenOnce(target, token, q)
return meta, err
}
Rename `agent_master` ACL token in the API and CLI (#11669)
3 years ago
func (a *Agent) updateTokenFallback(token string, q *WriteOptions, targets ...string) (*WriteMeta, error) {
if len(targets) == 0 {
panic("targets must not be empty")
}
var (
meta *WriteMeta
err error
)
for _, target := range targets {
var status int
meta, status, err = a.updateTokenOnce(target, token, q)
if err == nil && status != http.StatusNotFound {
return meta, err
}
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
6 years ago
}
return meta, err
}
func (a *Agent) updateTokenOnce(target, token string, q *WriteOptions) (*WriteMeta, int, error) {
Remove incorrect usage of url.PathEscape (#12184) When r.toHTTP is called, http.Request is built with the path already escaped. This removes all calls to url.PathEscape that would have led to double-escaped URLs.
3 years ago
r := a.c.newRequest("PUT", fmt.Sprintf("/v1/agent/token/%s", target))
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
7 years ago
r.setWriteOptions(q)
r.obj = &AgentToken{Token: token}
api: fix panic in 'consul acl set-agent-token' (#5533) api: fix panic in 'consul acl set-agent-token' Fixes #5531
6 years ago
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
rtt, resp, err := a.c.doRequest(r)
wrap few doRequest calls for error handling (#11158)
3 years ago
if err != nil {
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
return nil, 500, err
}
defer closeResponseBody(resp)
wm := &WriteMeta{RequestTime: rtt}
if err := requireOK(resp); err != nil {
wrap few doRequest calls for error handling (#11158)
3 years ago
var statusE StatusError
if errors.As(err, &statusE) {
return wm, statusE.Code, statusE
}
Refactor requireHttpCodes for segregated error handling (#11287)
3 years ago
return nil, 0, err
api: fix panic in 'consul acl set-agent-token' (#5533) api: fix panic in 'consul acl set-agent-token' Fixes #5531
6 years ago
}
ACL Token Persistence and Reloading (#5328) This PR adds two features which will be useful for operators when ACLs are in use. 1. Tokens set in configuration files are now reloadable. 2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload) Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change. Some other secondary changes: * Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly. * Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. * Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents. * Docs updated to reflect the API additions and to show using the new endpoints. * Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
6 years ago
return wm, resp.StatusCode, nil
Adds support for agent-side ACL token management via API instead of config files. (#3324) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.
7 years ago
}