consul/agent/grpc-external/services/resource/server.go

328 lines
9.9 KiB
Go
Raw Normal View History

// Copyright (c) HashiCorp, Inc.
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-08-11 13:12:13 +00:00
// SPDX-License-Identifier: BUSL-1.1
package resource
import (
"context"
"errors"
"strings"
"time"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/metadata"
"google.golang.org/grpc/status"
2023-04-06 09:40:04 +00:00
"google.golang.org/protobuf/proto"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/acl/resolver"
"github.com/hashicorp/consul/internal/resource"
"github.com/hashicorp/consul/internal/storage"
"github.com/hashicorp/consul/lib/retry"
"github.com/hashicorp/consul/proto-public/pbresource"
)
type Server struct {
Config
}
type Config struct {
2023-04-06 09:40:04 +00:00
Logger hclog.Logger
Registry Registry
2023-04-04 16:30:06 +00:00
// Backend is the storage backend that will be used for resource persistence.
Backend Backend
ACLResolver ACLResolver
// TenancyBridge temporarily allows us to use V1 implementations of
// partitions and namespaces until V2 implementations are available.
TenancyBridge TenancyBridge
// UseV2Tenancy is true if the "v2tenancy" experiement is active, false otherwise.
// Attempts to create v2 tenancy resources (partition or namespace) will fail when the
// flag is false.
UseV2Tenancy bool
}
//go:generate mockery --name Registry --inpackage
type Registry interface {
resource.Registry
}
//go:generate mockery --name Backend --inpackage
type Backend interface {
storage.Backend
}
//go:generate mockery --name ACLResolver --inpackage
type ACLResolver interface {
ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (resolver.Result, error)
}
//go:generate mockery --name TenancyBridge --inpackage
type TenancyBridge interface {
PartitionExists(partition string) (bool, error)
IsPartitionMarkedForDeletion(partition string) (bool, error)
NamespaceExists(partition, namespace string) (bool, error)
IsNamespaceMarkedForDeletion(partition, namespace string) (bool, error)
}
func NewServer(cfg Config) *Server {
return &Server{cfg}
}
var _ pbresource.ResourceServiceServer = (*Server)(nil)
func (s *Server) Register(registrar grpc.ServiceRegistrar) {
pbresource.RegisterResourceServiceServer(registrar, s)
}
// Get token from grpc metadata or AnonymounsTokenId if not found
func tokenFromContext(ctx context.Context) string {
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return acl.AnonymousTokenID
}
vals := md.Get("x-consul-token")
if len(vals) == 0 {
return acl.AnonymousTokenID
}
return vals[0]
}
func (s *Server) resolveType(typ *pbresource.Type) (*resource.Registration, error) {
2023-04-06 09:40:04 +00:00
v, ok := s.Registry.Resolve(typ)
if ok {
return &v, nil
}
return nil, status.Errorf(
codes.InvalidArgument,
"resource type %s not registered", resource.ToGVK(typ),
)
}
func readConsistencyFrom(ctx context.Context) storage.ReadConsistency {
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return storage.EventualConsistency
}
vals := md.Get("x-consul-consistency-mode")
if len(vals) == 0 {
return storage.EventualConsistency
}
if vals[0] == "consistent" {
return storage.StrongConsistency
}
return storage.EventualConsistency
}
2023-04-06 09:40:04 +00:00
func (s *Server) getAuthorizer(token string, entMeta *acl.EnterpriseMeta) (acl.Authorizer, *acl.AuthorizerContext, error) {
authzContext := &acl.AuthorizerContext{}
authz, err := s.ACLResolver.ResolveTokenAndDefaultMeta(token, entMeta, authzContext)
if err != nil {
return nil, nil, status.Errorf(codes.Internal, "failed getting authorizer: %v", err)
}
return authz, authzContext, nil
}
func isGRPCStatusError(err error) bool {
if err == nil {
return false
}
_, ok := status.FromError(err)
return ok
}
func validateId(id *pbresource.ID, errorPrefix string) error {
if id.Type == nil {
return status.Errorf(codes.InvalidArgument, "%s.type is required", errorPrefix)
}
if err := resource.ValidateName(id.Name); err != nil {
return status.Errorf(codes.InvalidArgument, "%s.name invalid: %v", errorPrefix, err)
}
2023-08-31 14:24:09 +00:00
// Better UX: Allow callers to pass in nil tenancy. Defaulting and inheritance of tenancy
// from the request token will take place further down in the call flow.
if id.Tenancy == nil {
id.Tenancy = &pbresource.Tenancy{
Partition: "",
Namespace: "",
}
}
if id.Tenancy.Partition != "" {
if err := resource.ValidateName(id.Tenancy.Partition); err != nil {
return status.Errorf(codes.InvalidArgument, "%s.tenancy.partition invalid: %v", errorPrefix, err)
}
}
if id.Tenancy.Namespace != "" {
if err := resource.ValidateName(id.Tenancy.Namespace); err != nil {
return status.Errorf(codes.InvalidArgument, "%s.tenancy.namespace invalid: %v", errorPrefix, err)
}
}
return nil
}
func validateRef(ref *pbresource.Reference, errorPrefix string) error {
if ref.Type == nil {
return status.Errorf(codes.InvalidArgument, "%s.type is required", errorPrefix)
}
if err := resource.ValidateName(ref.Name); err != nil {
return status.Errorf(codes.InvalidArgument, "%s.name invalid: %v", errorPrefix, err)
}
if err := resource.ValidateName(ref.Tenancy.Partition); err != nil {
return status.Errorf(codes.InvalidArgument, "%s.tenancy.partition invalid: %v", errorPrefix, err)
}
if err := resource.ValidateName(ref.Tenancy.Namespace); err != nil {
return status.Errorf(codes.InvalidArgument, "%s.tenancy.namespace invalid: %v", errorPrefix, err)
}
return nil
}
func validateWildcardTenancy(tenancy *pbresource.Tenancy, namePrefix string) error {
// Partition has to be a valid name if not wildcard or empty
if tenancy.Partition != "" && tenancy.Partition != "*" {
if err := resource.ValidateName(tenancy.Partition); err != nil {
return status.Errorf(codes.InvalidArgument, "tenancy.partition invalid: %v", err)
}
}
// Namespace has to be a valid name if not wildcard or empty
if tenancy.Namespace != "" && tenancy.Namespace != "*" {
if err := resource.ValidateName(tenancy.Namespace); err != nil {
return status.Errorf(codes.InvalidArgument, "tenancy.namespace invalid: %v", err)
}
}
// Not doing a strict resource name validation here because the prefix can be
// something like "foo-" which is a valid prefix but not valid resource name.
// relax validation to just check for lowercasing
if namePrefix != strings.ToLower(namePrefix) {
return status.Errorf(codes.InvalidArgument, "name_prefix invalid: must be lowercase alphanumeric, got: %v", namePrefix)
}
return nil
}
// tenancyExists return an error with the passed in gRPC status code when tenancy partition or namespace do not exist.
func tenancyExists(reg *resource.Registration, tenancyBridge TenancyBridge, tenancy *pbresource.Tenancy, errCode codes.Code) error {
if reg.Scope == resource.ScopePartition || reg.Scope == resource.ScopeNamespace {
exists, err := tenancyBridge.PartitionExists(tenancy.Partition)
switch {
case err != nil:
return err
case !exists:
return status.Errorf(errCode, "partition not found: %v", tenancy.Partition)
}
}
if reg.Scope == resource.ScopeNamespace {
exists, err := tenancyBridge.NamespaceExists(tenancy.Partition, tenancy.Namespace)
switch {
case err != nil:
return err
case !exists:
return status.Errorf(errCode, "namespace not found: %v", tenancy.Namespace)
}
}
return nil
}
func validateScopedTenancy(scope resource.Scope, resourceType *pbresource.Type, tenancy *pbresource.Tenancy, allowWildcards bool) error {
if scope == resource.ScopePartition && tenancy.Namespace != "" && (!allowWildcards || tenancy.Namespace != storage.Wildcard) {
return status.Errorf(
codes.InvalidArgument,
"partition scoped resource %s cannot have a namespace. got: %s",
resource.ToGVK(resourceType),
tenancy.Namespace,
)
}
if scope == resource.ScopeCluster {
if tenancy.Partition != "" && (!allowWildcards || tenancy.Partition != storage.Wildcard) {
return status.Errorf(
codes.InvalidArgument,
"cluster scoped resource %s cannot have a partition: %s",
resource.ToGVK(resourceType),
tenancy.Partition,
)
}
if tenancy.Namespace != "" && (!allowWildcards || tenancy.Namespace != storage.Wildcard) {
return status.Errorf(
codes.InvalidArgument,
"cluster scoped resource %s cannot have a namespace: %s",
resource.ToGVK(resourceType),
tenancy.Namespace,
)
}
}
return nil
}
func isTenancyMarkedForDeletion(reg *resource.Registration, tenancyBridge TenancyBridge, tenancy *pbresource.Tenancy) (bool, error) {
if reg.Scope == resource.ScopePartition || reg.Scope == resource.ScopeNamespace {
marked, err := tenancyBridge.IsPartitionMarkedForDeletion(tenancy.Partition)
if err != nil {
return false, err
}
if marked {
return marked, nil
}
}
if reg.Scope == resource.ScopeNamespace {
marked, err := tenancyBridge.IsNamespaceMarkedForDeletion(tenancy.Partition, tenancy.Namespace)
if err != nil {
return false, err
}
return marked, nil
}
// Cluster scope has no tenancy so always return false
return false, nil
}
// retryCAS retries the given operation with exponential backoff if the user
// didn't provide a version. This is intended to hide failures when the user
// isn't intentionally performing a CAS operation (all writes are, by design,
// CAS operations at the storage backend layer).
func (s *Server) retryCAS(ctx context.Context, vsn string, cas func() error) error {
if vsn != "" {
return cas()
}
const maxAttempts = 5
// These parameters are fairly arbitrary, so if you find better ones then go
// ahead and swap them out! In general, we want to wait long enough to smooth
// over small amounts of storage replication lag, but not so long that we make
// matters worse by holding onto load.
backoff := &retry.Waiter{
MinWait: 50 * time.Millisecond,
MaxWait: 1 * time.Second,
Jitter: retry.NewJitter(50),
Factor: 75 * time.Millisecond,
}
var err error
for i := 1; i <= maxAttempts; i++ {
if err = cas(); !errors.Is(err, storage.ErrCASFailure) {
break
}
if backoff.Wait(ctx) != nil {
break
}
s.Logger.Trace("retrying failed CAS operation", "failure_count", i)
}
return err
}
2023-04-06 09:40:04 +00:00
func clone[T proto.Message](v T) T { return proto.Clone(v).(T) }