agent/proxy: pass proxy ID as an env var

pull/4275/head
Mitchell Hashimoto 2018-05-06 08:41:25 -07:00
parent 37dde6d64a
commit 6e386ba6be
No known key found for this signature in database
GPG Key ID: 744E147AA52F5B0A
5 changed files with 32 additions and 6 deletions

View File

@ -33,6 +33,10 @@ type Daemon struct {
// be a Cmd that isn't yet started. // be a Cmd that isn't yet started.
Command *exec.Cmd Command *exec.Cmd
// ProxyId is the ID of the proxy service. This is required for API
// requests (along with the token) and is passed via env var.
ProxyId string
// ProxyToken is the special local-only ACL token that allows a proxy // ProxyToken is the special local-only ACL token that allows a proxy
// to communicate to the Connect-specific endpoints. // to communicate to the Connect-specific endpoints.
ProxyToken string ProxyToken string
@ -204,7 +208,9 @@ func (p *Daemon) start() (*os.Process, error) {
// reference. We allocate an exactly sized slice. // reference. We allocate an exactly sized slice.
cmd.Env = make([]string, len(p.Command.Env), len(p.Command.Env)+1) cmd.Env = make([]string, len(p.Command.Env), len(p.Command.Env)+1)
copy(cmd.Env, p.Command.Env) copy(cmd.Env, p.Command.Env)
cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", EnvProxyToken, p.ProxyToken)) cmd.Env = append(cmd.Env,
fmt.Sprintf("%s=%s", EnvProxyId, p.ProxyId),
fmt.Sprintf("%s=%s", EnvProxyToken, p.ProxyToken))
// Args must always contain a 0 entry which is usually the executed binary. // Args must always contain a 0 entry which is usually the executed binary.
// To be safe and a bit more robust we default this, but only to prevent // To be safe and a bit more robust we default this, but only to prevent
@ -387,6 +393,9 @@ func (p *Daemon) UnmarshalSnapshot(m map[string]interface{}) error {
} }
// daemonSnapshot is the structure of the marshalled data for snapshotting. // daemonSnapshot is the structure of the marshalled data for snapshotting.
//
// Note we don't have to store the ProxyId because this is stored directly
// within the manager snapshot and is restored automatically.
type daemonSnapshot struct { type daemonSnapshot struct {
// Pid of the process. This is the only value actually required to // Pid of the process. This is the only value actually required to
// regain mangement control. The remainder values are for Equal. // regain mangement control. The remainder values are for Equal.

View File

@ -30,10 +30,12 @@ func TestDaemonStartStop(t *testing.T) {
d := &Daemon{ d := &Daemon{
Command: helperProcess("start-stop", path), Command: helperProcess("start-stop", path),
ProxyId: "tubes",
ProxyToken: uuid, ProxyToken: uuid,
Logger: testLogger, Logger: testLogger,
} }
require.NoError(d.Start()) require.NoError(d.Start())
defer d.Stop()
// Wait for the file to exist // Wait for the file to exist
retry.Run(t, func(r *retry.R) { retry.Run(t, func(r *retry.R) {
@ -49,7 +51,7 @@ func TestDaemonStartStop(t *testing.T) {
// that we properly passed the token as an env var. // that we properly passed the token as an env var.
data, err := ioutil.ReadFile(path) data, err := ioutil.ReadFile(path)
require.NoError(err) require.NoError(err)
require.Equal(uuid, string(data)) require.Equal("tubes:"+uuid, string(data))
// Stop the process // Stop the process
require.NoError(d.Stop()) require.NoError(d.Stop())

View File

@ -411,6 +411,7 @@ func (m *Manager) newProxy(mp *local.ManagedProxy) (Proxy, error) {
// Build the daemon structure // Build the daemon structure
proxy.Command = &cmd proxy.Command = &cmd
proxy.ProxyId = id
proxy.ProxyToken = mp.ProxyToken proxy.ProxyToken = mp.ProxyToken
return proxy, nil return proxy, nil

View File

@ -11,9 +11,16 @@ import (
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
) )
// EnvProxyToken is the name of the environment variable that is passed const (
// to managed proxies containing the proxy token. // EnvProxyId is the name of the environment variable that is set for
const EnvProxyToken = "CONNECT_PROXY_TOKEN" // managed proxies containing the proxy service ID. This is required along
// with the token to make API requests related to the proxy.
EnvProxyId = "CONNECT_PROXY_ID"
// EnvProxyToken is the name of the environment variable that is passed
// to managed proxies containing the proxy token.
EnvProxyToken = "CONNECT_PROXY_TOKEN"
)
// Proxy is the interface implemented by all types of managed proxies. // Proxy is the interface implemented by all types of managed proxies.
// //
@ -51,6 +58,10 @@ type Proxy interface {
// so that Consul can recover the proxy process after a restart. The // so that Consul can recover the proxy process after a restart. The
// result should only contain primitive values and containers (lists/maps). // result should only contain primitive values and containers (lists/maps).
// //
// MarshalSnapshot does NOT need to store the following fields, since they
// are part of the manager snapshot and will be automatically restored
// for any proxies: proxy ID.
//
// UnmarshalSnapshot is called to restore the receiving Proxy from its // UnmarshalSnapshot is called to restore the receiving Proxy from its
// marshalled state. If UnmarshalSnapshot returns an error, the snapshot // marshalled state. If UnmarshalSnapshot returns an error, the snapshot
// is ignored and the marshalled snapshot will be lost. The manager will // is ignored and the marshalled snapshot will be lost. The manager will

View File

@ -78,7 +78,10 @@ func TestHelperProcess(t *testing.T) {
defer signal.Stop(ch) defer signal.Stop(ch)
path := args[0] path := args[0]
data := []byte(os.Getenv(EnvProxyToken)) var data []byte
data = append(data, []byte(os.Getenv(EnvProxyId))...)
data = append(data, ':')
data = append(data, []byte(os.Getenv(EnvProxyToken))...)
if err := ioutil.WriteFile(path, data, 0644); err != nil { if err := ioutil.WriteFile(path, data, 0644); err != nil {
t.Fatalf("err: %s", err) t.Fatalf("err: %s", err)