github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '888e302f6e'
${ noResults }
consul/internal/resource/mappers/bimapper/bimapper.go

324 lines
9.2 KiB
Raw Normal View History Unescape

resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
// Copyright (c) HashiCorp, Inc.
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
1 year ago
// SPDX-License-Identifier: BUSL-1.1
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
package bimapper
import (
"context"
"fmt"
"sync"
"github.com/hashicorp/consul/internal/controller"
"github.com/hashicorp/consul/internal/resource"
"github.com/hashicorp/consul/proto-public/pbresource"
)
mesh: store bound reference pointers on a ComputedRoutes resource and use during reconcile (#18965) xRoute resource types contain a slice of parentRefs to services that they manipulate traffic for. All xRoutes that have a parentRef to given Service will be merged together to generate a ComputedRoutes resource name-aligned with that Service. This means that a write of an xRoute with 2 parent ref pointers will cause at most 2 reconciles for ComputedRoutes. If that xRoute's list of parentRefs were ever to be reduced, or otherwise lose an item, that subsequent map event will only emit events for the current set of refs. The removed ref will not cause the generated ComputedRoutes related to that service to be re-reconciled to omit the influence of that xRoute. To combat this, we will store on the ComputedRoutes resource a BoundResources []*pbresource.Reference field with references to all resources that were used to influence the generated output. When the routes controller reconciles, it will use a bimapper to index this influence, and the dependency mappers for the xRoutes will look themselves up in that index to discover additional (former) ComputedRoutes that need to be notified as well.
1 year ago
var wildcardType = &pbresource.Type{
Group: "@@any@@",
GroupVersion: "@@any@@",
Kind: "@@any@@",
}
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
// Mapper tracks bidirectional lookup for an item that contains references to
// other items. For example: an HTTPRoute has many references to Services.
//
// The primary object is called the "item" and an item has many "links".
// Tracking is done on items.
type Mapper struct {
itemType, linkType *pbresource.Type
mesh: store bound reference pointers on a ComputedRoutes resource and use during reconcile (#18965) xRoute resource types contain a slice of parentRefs to services that they manipulate traffic for. All xRoutes that have a parentRef to given Service will be merged together to generate a ComputedRoutes resource name-aligned with that Service. This means that a write of an xRoute with 2 parent ref pointers will cause at most 2 reconciles for ComputedRoutes. If that xRoute's list of parentRefs were ever to be reduced, or otherwise lose an item, that subsequent map event will only emit events for the current set of refs. The removed ref will not cause the generated ComputedRoutes related to that service to be re-reconciled to omit the influence of that xRoute. To combat this, we will store on the ComputedRoutes resource a BoundResources []*pbresource.Reference field with references to all resources that were used to influence the generated output. When the routes controller reconciles, it will use a bimapper to index this influence, and the dependency mappers for the xRoutes will look themselves up in that index to discover additional (former) ComputedRoutes that need to be notified as well.
1 year ago
wildcardLink bool
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
lock sync.Mutex
itemToLink map[resource.ReferenceKey]map[resource.ReferenceKey]struct{}
linkToItem map[resource.ReferenceKey]map[resource.ReferenceKey]struct{}
}
// New creates a bimapper between the two required provided types.
func New(itemType, linkType *pbresource.Type) *Mapper {
if itemType == nil {
panic("itemType is required")
}
if linkType == nil {
panic("linkType is required")
}
return &Mapper{
itemType: itemType,
linkType: linkType,
itemToLink: make(map[resource.ReferenceKey]map[resource.ReferenceKey]struct{}),
linkToItem: make(map[resource.ReferenceKey]map[resource.ReferenceKey]struct{}),
}
}
mesh: store bound reference pointers on a ComputedRoutes resource and use during reconcile (#18965) xRoute resource types contain a slice of parentRefs to services that they manipulate traffic for. All xRoutes that have a parentRef to given Service will be merged together to generate a ComputedRoutes resource name-aligned with that Service. This means that a write of an xRoute with 2 parent ref pointers will cause at most 2 reconciles for ComputedRoutes. If that xRoute's list of parentRefs were ever to be reduced, or otherwise lose an item, that subsequent map event will only emit events for the current set of refs. The removed ref will not cause the generated ComputedRoutes related to that service to be re-reconciled to omit the influence of that xRoute. To combat this, we will store on the ComputedRoutes resource a BoundResources []*pbresource.Reference field with references to all resources that were used to influence the generated output. When the routes controller reconciles, it will use a bimapper to index this influence, and the dependency mappers for the xRoutes will look themselves up in that index to discover additional (former) ComputedRoutes that need to be notified as well.
1 year ago
// NewWithWildcardLinkType creates a bimapper between the provided item type
// and can have a mixed set of link types.
func NewWithWildcardLinkType(itemType *pbresource.Type) *Mapper {
m := New(itemType, wildcardType)
m.wildcardLink = true
return m
}
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
// Reset clears the internal mappings.
func (m *Mapper) Reset() {
m.lock.Lock()
defer m.lock.Unlock()
m.itemToLink = make(map[resource.ReferenceKey]map[resource.ReferenceKey]struct{})
m.linkToItem = make(map[resource.ReferenceKey]map[resource.ReferenceKey]struct{})
}
// IsEmpty returns true if the internal structures are empty.
func (m *Mapper) IsEmpty() bool {
m.lock.Lock()
defer m.lock.Unlock()
return len(m.itemToLink) == 0 && len(m.linkToItem) == 0
}
// UntrackItem removes tracking for the provided item. The item type MUST match
// the type configured for the item.
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
func (m *Mapper) UntrackItem(item resource.ReferenceOrID) {
if !resource.EqualType(item.GetType(), m.itemType) {
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
panic(fmt.Sprintf("expected item type %q got %q",
resource.TypeToString(m.itemType),
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
resource.TypeToString(item.GetType()),
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
))
}
m.untrackItem(resource.NewReferenceKey(item))
}
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
// UntrackLink removes tracking for the provided link. The link type MUST match
// the type configured for the link.
func (m *Mapper) UntrackLink(link resource.ReferenceOrID) {
mesh: store bound reference pointers on a ComputedRoutes resource and use during reconcile (#18965) xRoute resource types contain a slice of parentRefs to services that they manipulate traffic for. All xRoutes that have a parentRef to given Service will be merged together to generate a ComputedRoutes resource name-aligned with that Service. This means that a write of an xRoute with 2 parent ref pointers will cause at most 2 reconciles for ComputedRoutes. If that xRoute's list of parentRefs were ever to be reduced, or otherwise lose an item, that subsequent map event will only emit events for the current set of refs. The removed ref will not cause the generated ComputedRoutes related to that service to be re-reconciled to omit the influence of that xRoute. To combat this, we will store on the ComputedRoutes resource a BoundResources []*pbresource.Reference field with references to all resources that were used to influence the generated output. When the routes controller reconciles, it will use a bimapper to index this influence, and the dependency mappers for the xRoutes will look themselves up in that index to discover additional (former) ComputedRoutes that need to be notified as well.
1 year ago
if !m.wildcardLink && !resource.EqualType(link.GetType(), m.linkType) {
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
panic(fmt.Sprintf("expected link type %q got %q",
resource.TypeToString(m.linkType),
resource.TypeToString(link.GetType()),
))
}
m.untrackLink(resource.NewReferenceKey(link))
}
func (m *Mapper) untrackLink(link resource.ReferenceKey) {
m.lock.Lock()
defer m.lock.Unlock()
m.removeLinkLocked(link)
}
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
func (m *Mapper) untrackItem(item resource.ReferenceKey) {
m.lock.Lock()
defer m.lock.Unlock()
m.removeItemLocked(item)
}
// TrackItem adds tracking for the provided item. The item and link types MUST
// match the types configured for the items and links.
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
func (m *Mapper) TrackItem(item resource.ReferenceOrID, links []resource.ReferenceOrID) {
if !resource.EqualType(item.GetType(), m.itemType) {
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
panic(fmt.Sprintf("expected item type %q got %q",
resource.TypeToString(m.itemType),
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
resource.TypeToString(item.GetType()),
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
))
}
linksAsKeys := make([]resource.ReferenceKey, 0, len(links))
for _, link := range links {
mesh: store bound reference pointers on a ComputedRoutes resource and use during reconcile (#18965) xRoute resource types contain a slice of parentRefs to services that they manipulate traffic for. All xRoutes that have a parentRef to given Service will be merged together to generate a ComputedRoutes resource name-aligned with that Service. This means that a write of an xRoute with 2 parent ref pointers will cause at most 2 reconciles for ComputedRoutes. If that xRoute's list of parentRefs were ever to be reduced, or otherwise lose an item, that subsequent map event will only emit events for the current set of refs. The removed ref will not cause the generated ComputedRoutes related to that service to be re-reconciled to omit the influence of that xRoute. To combat this, we will store on the ComputedRoutes resource a BoundResources []*pbresource.Reference field with references to all resources that were used to influence the generated output. When the routes controller reconciles, it will use a bimapper to index this influence, and the dependency mappers for the xRoutes will look themselves up in that index to discover additional (former) ComputedRoutes that need to be notified as well.
1 year ago
if !m.wildcardLink && !resource.EqualType(link.GetType(), m.linkType) {
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
panic(fmt.Sprintf("expected link type %q got %q",
resource.TypeToString(m.linkType),
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
resource.TypeToString(link.GetType()),
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
))
}
linksAsKeys = append(linksAsKeys, resource.NewReferenceKey(link))
}
m.trackItem(resource.NewReferenceKey(item), linksAsKeys)
}
func (m *Mapper) trackItem(item resource.ReferenceKey, links []resource.ReferenceKey) {
m.lock.Lock()
defer m.lock.Unlock()
m.removeItemLocked(item)
m.addItemLocked(item, links)
}
// you must hold the lock before calling this function
func (m *Mapper) removeItemLocked(item resource.ReferenceKey) {
for link := range m.itemToLink[item] {
delete(m.linkToItem[link], item)
if len(m.linkToItem[link]) == 0 {
delete(m.linkToItem, link)
}
}
delete(m.itemToLink, item)
}
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
func (m *Mapper) removeLinkLocked(link resource.ReferenceKey) {
for item := range m.linkToItem[link] {
delete(m.itemToLink[item], link)
if len(m.itemToLink[item]) == 0 {
delete(m.itemToLink, item)
}
}
delete(m.linkToItem, link)
}
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
// you must hold the lock before calling this function
func (m *Mapper) addItemLocked(item resource.ReferenceKey, links []resource.ReferenceKey) {
if m.itemToLink[item] == nil {
m.itemToLink[item] = make(map[resource.ReferenceKey]struct{})
}
for _, link := range links {
m.itemToLink[item][link] = struct{}{}
if m.linkToItem[link] == nil {
m.linkToItem[link] = make(map[resource.ReferenceKey]struct{})
}
m.linkToItem[link][item] = struct{}{}
}
}
// LinksForItem returns references to links related to the requested item.
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
// Deprecated: use LinksRefs
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
func (m *Mapper) LinksForItem(item *pbresource.ID) []*pbresource.Reference {
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
return m.LinkRefsForItem(item)
}
// LinkRefsForItem returns references to links related to the requested item.
func (m *Mapper) LinkRefsForItem(item *pbresource.ID) []*pbresource.Reference {
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
if !resource.EqualType(item.Type, m.itemType) {
panic(fmt.Sprintf("expected item type %q got %q",
resource.TypeToString(m.itemType),
resource.TypeToString(item.Type),
))
}
m.lock.Lock()
defer m.lock.Unlock()
bimapper: fix a bug and add some more test coverage (#18387)
1 year ago
links, ok := m.itemToLink[resource.NewReferenceKey(item)]
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
if !ok {
return nil
}
bimapper: fix a bug and add some more test coverage (#18387)
1 year ago
out := make([]*pbresource.Reference, 0, len(links))
for link := range links {
out = append(out, link.ToReference())
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
}
return out
}
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
// LinkIDsForItem returns IDs to links related to the requested item.
func (m *Mapper) LinkIDsForItem(item *pbresource.ID) []*pbresource.ID {
if !resource.EqualType(item.Type, m.itemType) {
panic(fmt.Sprintf("expected item type %q got %q",
resource.TypeToString(m.itemType),
resource.TypeToString(item.Type),
))
}
m.lock.Lock()
defer m.lock.Unlock()
links, ok := m.itemToLink[resource.NewReferenceKey(item)]
if !ok {
return nil
}
out := make([]*pbresource.ID, 0, len(links))
for l := range links {
out = append(out, l.ToID())
}
return out
}
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
// ItemsForLink returns item ids for items related to the provided link.
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
// Deprecated: use ItemIDsForLink
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
func (m *Mapper) ItemsForLink(link *pbresource.ID) []*pbresource.ID {
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
return m.ItemIDsForLink(link)
}
// ItemIDsForLink returns item ids for items related to the provided link.
xds controller: setup watches for and compute leaf cert references in ProxyStateTemplate, and wire up leaf cert manager dependency (#18756) * Refactors the leafcert package to not have a dependency on agent/consul and agent/cache to avoid import cycles. This way the xds controller can just import the leafcert package to use the leafcert manager. The leaf cert logic in the controller: * Sets up watches for leaf certs that are referenced in the ProxyStateTemplate (which generates the leaf certs too). * Gets the leaf cert from the leaf cert cache * Stores the leaf cert in the ProxyState that's pushed to xds * For the cert watches, this PR also uses a bimapper + a thin wrapper to map leaf cert events to related ProxyStateTemplates Since bimapper uses a resource.Reference or resource.ID to map between two resource types, I've created an internal type for a leaf certificate to use for the resource.Reference, since it's not a v2 resource. The wrapper allows mapping events to resources (as opposed to mapping resources to resources) The controller tests: Unit: Ensure that we resolve leaf cert references Lifecycle: Ensure that when the CA is updated, the leaf cert is as well Also adds a new spiffe id type, and adds workload identity and workload identity URI to leaf certs. This is so certs are generated with the new workload identity based SPIFFE id. * Pulls out some leaf cert test helpers into a helpers file so it can be used in the xds controller tests. * Wires up leaf cert manager dependency * Support getting token from proxytracker * Add workload identity spiffe id type to the authorize and sign functions --------- Co-authored-by: John Murret <john.murret@hashicorp.com>
1 year ago
func (m *Mapper) ItemIDsForLink(link resource.ReferenceOrID) []*pbresource.ID {
mesh: store bound reference pointers on a ComputedRoutes resource and use during reconcile (#18965) xRoute resource types contain a slice of parentRefs to services that they manipulate traffic for. All xRoutes that have a parentRef to given Service will be merged together to generate a ComputedRoutes resource name-aligned with that Service. This means that a write of an xRoute with 2 parent ref pointers will cause at most 2 reconciles for ComputedRoutes. If that xRoute's list of parentRefs were ever to be reduced, or otherwise lose an item, that subsequent map event will only emit events for the current set of refs. The removed ref will not cause the generated ComputedRoutes related to that service to be re-reconciled to omit the influence of that xRoute. To combat this, we will store on the ComputedRoutes resource a BoundResources []*pbresource.Reference field with references to all resources that were used to influence the generated output. When the routes controller reconciles, it will use a bimapper to index this influence, and the dependency mappers for the xRoutes will look themselves up in that index to discover additional (former) ComputedRoutes that need to be notified as well.
1 year ago
if !m.wildcardLink && !resource.EqualType(link.GetType(), m.linkType) {
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
panic(fmt.Sprintf("expected link type %q got %q",
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
resource.TypeToString(m.linkType),
xds controller: setup watches for and compute leaf cert references in ProxyStateTemplate, and wire up leaf cert manager dependency (#18756) * Refactors the leafcert package to not have a dependency on agent/consul and agent/cache to avoid import cycles. This way the xds controller can just import the leafcert package to use the leafcert manager. The leaf cert logic in the controller: * Sets up watches for leaf certs that are referenced in the ProxyStateTemplate (which generates the leaf certs too). * Gets the leaf cert from the leaf cert cache * Stores the leaf cert in the ProxyState that's pushed to xds * For the cert watches, this PR also uses a bimapper + a thin wrapper to map leaf cert events to related ProxyStateTemplates Since bimapper uses a resource.Reference or resource.ID to map between two resource types, I've created an internal type for a leaf certificate to use for the resource.Reference, since it's not a v2 resource. The wrapper allows mapping events to resources (as opposed to mapping resources to resources) The controller tests: Unit: Ensure that we resolve leaf cert references Lifecycle: Ensure that when the CA is updated, the leaf cert is as well Also adds a new spiffe id type, and adds workload identity and workload identity URI to leaf certs. This is so certs are generated with the new workload identity based SPIFFE id. * Pulls out some leaf cert test helpers into a helpers file so it can be used in the xds controller tests. * Wires up leaf cert manager dependency * Support getting token from proxytracker * Add workload identity spiffe id type to the authorize and sign functions --------- Co-authored-by: John Murret <john.murret@hashicorp.com>
1 year ago
resource.TypeToString(link.GetType()),
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
))
}
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
return m.itemIDsByLink(resource.NewReferenceKey(link))
}
// ItemRefsForLink returns item references for items related to the provided link.
xds controller: setup watches for and compute leaf cert references in ProxyStateTemplate, and wire up leaf cert manager dependency (#18756) * Refactors the leafcert package to not have a dependency on agent/consul and agent/cache to avoid import cycles. This way the xds controller can just import the leafcert package to use the leafcert manager. The leaf cert logic in the controller: * Sets up watches for leaf certs that are referenced in the ProxyStateTemplate (which generates the leaf certs too). * Gets the leaf cert from the leaf cert cache * Stores the leaf cert in the ProxyState that's pushed to xds * For the cert watches, this PR also uses a bimapper + a thin wrapper to map leaf cert events to related ProxyStateTemplates Since bimapper uses a resource.Reference or resource.ID to map between two resource types, I've created an internal type for a leaf certificate to use for the resource.Reference, since it's not a v2 resource. The wrapper allows mapping events to resources (as opposed to mapping resources to resources) The controller tests: Unit: Ensure that we resolve leaf cert references Lifecycle: Ensure that when the CA is updated, the leaf cert is as well Also adds a new spiffe id type, and adds workload identity and workload identity URI to leaf certs. This is so certs are generated with the new workload identity based SPIFFE id. * Pulls out some leaf cert test helpers into a helpers file so it can be used in the xds controller tests. * Wires up leaf cert manager dependency * Support getting token from proxytracker * Add workload identity spiffe id type to the authorize and sign functions --------- Co-authored-by: John Murret <john.murret@hashicorp.com>
1 year ago
func (m *Mapper) ItemRefsForLink(link resource.ReferenceOrID) []*pbresource.Reference {
mesh: store bound reference pointers on a ComputedRoutes resource and use during reconcile (#18965) xRoute resource types contain a slice of parentRefs to services that they manipulate traffic for. All xRoutes that have a parentRef to given Service will be merged together to generate a ComputedRoutes resource name-aligned with that Service. This means that a write of an xRoute with 2 parent ref pointers will cause at most 2 reconciles for ComputedRoutes. If that xRoute's list of parentRefs were ever to be reduced, or otherwise lose an item, that subsequent map event will only emit events for the current set of refs. The removed ref will not cause the generated ComputedRoutes related to that service to be re-reconciled to omit the influence of that xRoute. To combat this, we will store on the ComputedRoutes resource a BoundResources []*pbresource.Reference field with references to all resources that were used to influence the generated output. When the routes controller reconciles, it will use a bimapper to index this influence, and the dependency mappers for the xRoutes will look themselves up in that index to discover additional (former) ComputedRoutes that need to be notified as well.
1 year ago
if !m.wildcardLink && !resource.EqualType(link.GetType(), m.linkType) {
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
panic(fmt.Sprintf("expected link type %q got %q",
resource.TypeToString(m.linkType),
xds controller: setup watches for and compute leaf cert references in ProxyStateTemplate, and wire up leaf cert manager dependency (#18756) * Refactors the leafcert package to not have a dependency on agent/consul and agent/cache to avoid import cycles. This way the xds controller can just import the leafcert package to use the leafcert manager. The leaf cert logic in the controller: * Sets up watches for leaf certs that are referenced in the ProxyStateTemplate (which generates the leaf certs too). * Gets the leaf cert from the leaf cert cache * Stores the leaf cert in the ProxyState that's pushed to xds * For the cert watches, this PR also uses a bimapper + a thin wrapper to map leaf cert events to related ProxyStateTemplates Since bimapper uses a resource.Reference or resource.ID to map between two resource types, I've created an internal type for a leaf certificate to use for the resource.Reference, since it's not a v2 resource. The wrapper allows mapping events to resources (as opposed to mapping resources to resources) The controller tests: Unit: Ensure that we resolve leaf cert references Lifecycle: Ensure that when the CA is updated, the leaf cert is as well Also adds a new spiffe id type, and adds workload identity and workload identity URI to leaf certs. This is so certs are generated with the new workload identity based SPIFFE id. * Pulls out some leaf cert test helpers into a helpers file so it can be used in the xds controller tests. * Wires up leaf cert manager dependency * Support getting token from proxytracker * Add workload identity spiffe id type to the authorize and sign functions --------- Co-authored-by: John Murret <john.murret@hashicorp.com>
1 year ago
resource.TypeToString(link.GetType()),
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
))
}
return m.itemRefsByLink(resource.NewReferenceKey(link))
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
}
// MapLink is suitable as a DependencyMapper to map the provided link event to its item.
func (m *Mapper) MapLink(_ context.Context, _ controller.Runtime, res *pbresource.Resource) ([]controller.Request, error) {
link := res.Id
mesh: store bound reference pointers on a ComputedRoutes resource and use during reconcile (#18965) xRoute resource types contain a slice of parentRefs to services that they manipulate traffic for. All xRoutes that have a parentRef to given Service will be merged together to generate a ComputedRoutes resource name-aligned with that Service. This means that a write of an xRoute with 2 parent ref pointers will cause at most 2 reconciles for ComputedRoutes. If that xRoute's list of parentRefs were ever to be reduced, or otherwise lose an item, that subsequent map event will only emit events for the current set of refs. The removed ref will not cause the generated ComputedRoutes related to that service to be re-reconciled to omit the influence of that xRoute. To combat this, we will store on the ComputedRoutes resource a BoundResources []*pbresource.Reference field with references to all resources that were used to influence the generated output. When the routes controller reconciles, it will use a bimapper to index this influence, and the dependency mappers for the xRoutes will look themselves up in that index to discover additional (former) ComputedRoutes that need to be notified as well.
1 year ago
if !m.wildcardLink && !resource.EqualType(link.Type, m.linkType) {
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
return nil, fmt.Errorf("expected type %q got %q",
resource.TypeToString(m.linkType),
resource.TypeToString(link.Type),
)
}
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
itemIDs := m.itemIDsByLink(resource.NewReferenceKey(link))
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
out := make([]controller.Request, 0, len(itemIDs))
for _, item := range itemIDs {
if !resource.EqualType(item.Type, m.itemType) {
return nil, fmt.Errorf("expected type %q got %q",
resource.TypeToString(m.itemType),
resource.TypeToString(item.Type),
)
}
out = append(out, controller.Request{ID: item})
}
return out, nil
}
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
func (m *Mapper) itemIDsByLink(link resource.ReferenceKey) []*pbresource.ID {
sidecar-proxy controller: L4 controller with explicit upstreams (NET-3988) (#18352) * This controller generates and saves ProxyStateTemplate for sidecar proxies. * It currently supports single-port L4 ports only. * It keeps a cache of all destinations to make it easier to compute and retrieve destinations. * It will update the status of the pbmesh.Upstreams resource if anything is invalid. * This commit also changes service endpoints to include workload identity. This made the implementation a bit easier as we don't need to look up as many workloads and instead rely on endpoints data.
1 year ago
// a lock must be held both to read item from the map and to read the
// the returned items.
bimapper: fix data race (#18519)
1 year ago
m.lock.Lock()
defer m.lock.Unlock()
items, ok := m.linkToItem[link]
resource: adding various helpers for working with resources (#18342) This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
1 year ago
if !ok {
return nil
}
out := make([]*pbresource.ID, 0, len(items))
for item := range items {
out = append(out, item.ToID())
}
return out
}
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
func (m *Mapper) itemRefsByLink(link resource.ReferenceKey) []*pbresource.Reference {
sidecar-proxy controller: L4 controller with explicit upstreams (NET-3988) (#18352) * This controller generates and saves ProxyStateTemplate for sidecar proxies. * It currently supports single-port L4 ports only. * It keeps a cache of all destinations to make it easier to compute and retrieve destinations. * It will update the status of the pbmesh.Upstreams resource if anything is invalid. * This commit also changes service endpoints to include workload identity. This made the implementation a bit easier as we don't need to look up as many workloads and instead rely on endpoints data.
1 year ago
// a lock must be held both to read item from the map and to read the
// the returned items.
bimapper: fix data race (#18519)
1 year ago
m.lock.Lock()
defer m.lock.Unlock()
items, ok := m.linkToItem[link]
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
if !ok {
return nil
}
out := make([]*pbresource.Reference, 0, len(items))
for item := range items {
out = append(out, item.ToReference())
}
return out
}