You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
consul/agent/watch_handler.go

246 lines
6.0 KiB

// Copyright (c) HashiCorp, Inc.
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
1 year ago
// SPDX-License-Identifier: BUSL-1.1
package agent
import (
"bytes"
"crypto/tls"
"encoding/json"
"fmt"
"io"
"net/http"
"os"
osexec "os/exec"
"strconv"
"github.com/armon/circbuf"
"github.com/hashicorp/consul/agent/exec"
"github.com/hashicorp/consul/api/watch"
"github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/go-hclog"
"golang.org/x/net/context"
)
const (
// Limit the size of a watch handlers's output to the
// last WatchBufSize. Prevents an enormous buffer
// from being captured
WatchBufSize = 4 * 1024 // 4KB
)
// makeWatchHandler returns a handler for the given watch
func makeWatchHandler(logger hclog.Logger, handler interface{}) watch.HandlerFunc {
var args []string
var script string
// Figure out whether to run in shell or raw subprocess mode
switch h := handler.(type) {
case string:
script = h
case []string:
args = h
default:
panic(fmt.Errorf("unknown handler type %T", handler))
}
fn := func(idx uint64, data interface{}) {
// Create the command
var cmd *osexec.Cmd
var err error
if len(args) > 0 {
cmd, err = exec.Subprocess(args)
} else {
cmd, err = exec.Script(script)
}
if err != nil {
logger.Error("Failed to setup watch", "error", err)
return
}
cmd.Env = append(os.Environ(),
"CONSUL_INDEX="+strconv.FormatUint(idx, 10),
)
// Collect the output
output, _ := circbuf.NewBuffer(WatchBufSize)
cmd.Stdout = output
cmd.Stderr = output
// Setup the input
var inp bytes.Buffer
enc := json.NewEncoder(&inp)
if err := enc.Encode(data); err != nil {
logger.Error("Failed to encode data for watch",
"watch", handler,
"error", err,
)
return
}
cmd.Stdin = &inp
// Run the handler
if err := cmd.Run(); err != nil {
logger.Error("Failed to run watch handler",
"watch_handler", handler,
"error", err,
)
}
// Get the output, add a message about truncation
outputStr := string(output.Bytes())
if output.TotalWritten() > output.Size() {
outputStr = fmt.Sprintf("Captured %d of %d bytes\n...\n%s",
output.Size(), output.TotalWritten(), outputStr)
}
// Log the output
logger.Debug("watch handler output",
"watch_handler", handler,
"output", outputStr,
)
}
return fn
}
func makeHTTPWatchHandler(logger hclog.Logger, config *watch.HttpHandlerConfig) watch.HandlerFunc {
fn := func(idx uint64, data interface{}) {
trans := cleanhttp.DefaultTransport()
// Skip SSL certificate verification if TLSSkipVerify is true
if trans.TLSClientConfig == nil {
trans.TLSClientConfig = &tls.Config{
InsecureSkipVerify: config.TLSSkipVerify,
}
} else {
trans.TLSClientConfig.InsecureSkipVerify = config.TLSSkipVerify
}
ctx := context.Background()
ctx, cancel := context.WithTimeout(ctx, config.Timeout)
defer cancel()
// Create the HTTP client.
httpClient := &http.Client{
Transport: trans,
}
// Setup the input
var inp bytes.Buffer
enc := json.NewEncoder(&inp)
if err := enc.Encode(data); err != nil {
logger.Error("Failed to encode data for http watch",
"watch", config.Path,
"error", err,
)
return
}
req, err := http.NewRequest(config.Method, config.Path, &inp)
if err != nil {
logger.Error("Failed to setup http watch", "error", err)
return
}
req = req.WithContext(ctx)
req.Header.Add("Content-Type", "application/json")
req.Header.Add("X-Consul-Index", strconv.FormatUint(idx, 10))
for key, values := range config.Header {
for _, val := range values {
req.Header.Add(key, val)
}
}
resp, err := httpClient.Do(req)
if err != nil {
logger.Error("Failed to invoke http watch handler",
"watch", config.Path,
"error", err,
)
return
}
defer resp.Body.Close()
// Collect the output
output, _ := circbuf.NewBuffer(WatchBufSize)
io.Copy(output, resp.Body)
// Get the output, add a message about truncation
outputStr := string(output.Bytes())
if output.TotalWritten() > output.Size() {
outputStr = fmt.Sprintf("Captured %d of %d bytes\n...\n%s",
output.Size(), output.TotalWritten(), outputStr)
}
if resp.StatusCode >= 200 && resp.StatusCode <= 299 {
// Log the output
logger.Trace("http watch handler output",
"watch", config.Path,
"output", outputStr,
)
} else {
logger.Error("http watch handler failed with output",
"watch", config.Path,
"status", resp.Status,
"output", outputStr,
)
}
}
return fn
}
// TODO: return a fully constructed watch.Plan with a Plan.Handler, so that Exempt
// can be ignored by the caller.
func makeWatchPlan(logger hclog.Logger, params map[string]interface{}) (*watch.Plan, error) {
wp, err := watch.ParseExempt(params, []string{"handler", "args"})
if err != nil {
return nil, fmt.Errorf("Failed to parse watch (%#v): %v", params, err)
}
handler, hasHandler := wp.Exempt["handler"]
if hasHandler {
logger.Warn("The 'handler' field in watches has been deprecated " +
"and replaced with the 'args' field. See https://www.consul.io/docs/agent/watches.html")
}
if _, ok := handler.(string); hasHandler && !ok {
return nil, fmt.Errorf("Watch handler must be a string")
}
args, hasArgs := wp.Exempt["args"]
if hasArgs {
wp.Exempt["args"], err = parseWatchArgs(args)
if err != nil {
return nil, err
}
}
if hasHandler && hasArgs || hasHandler && wp.HandlerType == "http" || hasArgs && wp.HandlerType == "http" {
return nil, fmt.Errorf("Only one watch handler allowed")
}
if !hasHandler && !hasArgs && wp.HandlerType != "http" {
return nil, fmt.Errorf("Must define a watch handler")
}
return wp, nil
}
func parseWatchArgs(args interface{}) ([]string, error) {
switch args := args.(type) {
case string:
return []string{args}, nil
case []string:
return args, nil
case []interface{}:
result := make([]string, 0, len(args))
for _, arg := range args {
v, ok := arg.(string)
if !ok {
return nil, fmt.Errorf("Watch args must be a list of strings")
}
result = append(result, v)
}
return result, nil
default:
return nil, fmt.Errorf("Watch args must be a list of strings")
}
}