open-consul/agent/consul/state/config_entry_ce.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

//go:build !consulent
// +build !consulent

package state

import (
	"fmt"
	"strings"

	"github.com/hashicorp/go-memdb"

	"github.com/hashicorp/consul/acl"
	"github.com/hashicorp/consul/agent/configentry"
	"github.com/hashicorp/consul/agent/structs"
)

func indexFromConfigEntryKindName(arg interface{}) ([]byte, error) {
	var b indexBuilder

	switch n := arg.(type) {
	case *acl.EnterpriseMeta:
		return nil, nil
	case acl.EnterpriseMeta:
		return b.Bytes(), nil
	case ConfigEntryKindQuery:
		b.String(strings.ToLower(n.Kind))
		return b.Bytes(), nil
	case configentry.KindName:
		b.String(strings.ToLower(n.Kind))
		b.String(strings.ToLower(n.Name))
		return b.Bytes(), nil
	}

	return nil, fmt.Errorf("invalid type for ConfigEntryKindName query: %T", arg)
}

func validateConfigEntryEnterprise(_ ReadTxn, _ structs.ConfigEntry) error {
	return nil
}

func getAllConfigEntriesWithTxn(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
	return tx.Get(tableConfigEntries, indexID)
}

func getAllConfigEntriesByKindWithTxn(tx ReadTxn, kind string) (memdb.ResultIterator, error) {
	return getConfigEntryKindsWithTxn(tx, kind, nil)
}

func getConfigEntryKindsWithTxn(tx ReadTxn, kind string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
	return tx.Get(tableConfigEntries, indexID+"_prefix", ConfigEntryKindQuery{Kind: kind})
}

func configIntentionsConvertToList(iter memdb.ResultIterator, _ *acl.EnterpriseMeta) structs.Intentions {
	var results structs.Intentions
	for v := iter.Next(); v != nil; v = iter.Next() {
		entry := v.(*structs.ServiceIntentionsConfigEntry)
		for _, src := range entry.Sources {
			results = append(results, entry.ToIntention(src))
		}
	}
	return results
}

// getExportedServicesMatchServicesNames returns a list of service names that are considered matches when
// found in a list of exported-services config entries. For CE, namespace is not considered, so a match is one of:
//   - the service name matches
//   - the service name is a wildcard
//
// This value can be used to filter exported-services config entries for a given service name.
func getExportedServicesMatchServiceNames(serviceName string, entMeta *acl.EnterpriseMeta) []structs.ServiceName {
	return []structs.ServiceName{
		structs.NewServiceName(serviceName, entMeta),
		structs.NewServiceName(structs.WildcardSpecifier, entMeta),
	}
}

func readSourceSamenessIntentionsFromConfigEntriesForServiceTxn(
	tx ReadTxn,
	ws memdb.WatchSet,
	serviceName string,
	sourceEntMeta *acl.EnterpriseMeta,
	results structs.Intentions,
	targetType structs.IntentionTargetType,
) (structs.Intentions, error) {
	return results, nil
}
copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files 2023-03-28 18:39:22 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

re-run gofmt on 1.17 (#11579) This should let freshly recompiled golangci-lint binaries using Go 1.17 pass 'make lint' 2021-11-16 18:04:01 +00:00			`//go:build !consulent`
Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 15:04:58 +00:00			`// +build !consulent`

			`package state`

			`import (`
state: convert config-entries table to new indexer pattern Using functional indexes to isolate enterprise differentiation and remove reflection. 2021-02-09 17:37:57 +00:00			`"fmt"`
			`"strings"`

Regenerate files according to 1.19.2 formatter 2022-10-21 19:58:06 +00:00			`"github.com/hashicorp/go-memdb"`
Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 15:04:58 +00:00
Fixup acl.EnterpriseMeta Signed-off-by: Mark Anderson <manderson@hashicorp.com> 2022-04-05 21:10:06 +00:00			`"github.com/hashicorp/consul/acl"`
configentry: make a new package to hold shared config entry structs that aren't used for RPC or the FSM (#12384) First two candidates are ConfigEntryKindName and DiscoveryChainConfigEntries. 2022-02-22 16:36:36 +00:00			`"github.com/hashicorp/consul/agent/configentry"`
state: move config-entries table to new pattern 2021-01-29 01:34:15 +00:00			`"github.com/hashicorp/consul/agent/structs"`
			`)`
Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 15:04:58 +00:00
state: convert config-entries table to new indexer pattern Using functional indexes to isolate enterprise differentiation and remove reflection. 2021-02-09 17:37:57 +00:00			`func indexFromConfigEntryKindName(arg interface{}) ([]byte, error) {`
state: remove unnecessary kind index The query can be performed using a prefix query on the ID index. Also backport some enterprise changes to prevent conflicts. 2021-03-31 20:21:21 +00:00			`var b indexBuilder`

			`switch n := arg.(type) {`
Fixup acl.EnterpriseMeta Signed-off-by: Mark Anderson <manderson@hashicorp.com> 2022-04-05 21:10:06 +00:00			`case *acl.EnterpriseMeta:`
state: remove unnecessary kind index The query can be performed using a prefix query on the ID index. Also backport some enterprise changes to prevent conflicts. 2021-03-31 20:21:21 +00:00			`return nil, nil`
Fixup acl.EnterpriseMeta Signed-off-by: Mark Anderson <manderson@hashicorp.com> 2022-04-05 21:10:06 +00:00			`case acl.EnterpriseMeta:`
state: remove unnecessary kind index The query can be performed using a prefix query on the ID index. Also backport some enterprise changes to prevent conflicts. 2021-03-31 20:21:21 +00:00			`return b.Bytes(), nil`
			`case ConfigEntryKindQuery:`
			`b.String(strings.ToLower(n.Kind))`
			`return b.Bytes(), nil`
configentry: make a new package to hold shared config entry structs that aren't used for RPC or the FSM (#12384) First two candidates are ConfigEntryKindName and DiscoveryChainConfigEntries. 2022-02-22 16:36:36 +00:00			`case configentry.KindName:`
state: remove unnecessary kind index The query can be performed using a prefix query on the ID index. Also backport some enterprise changes to prevent conflicts. 2021-03-31 20:21:21 +00:00			`b.String(strings.ToLower(n.Kind))`
			`b.String(strings.ToLower(n.Name))`
			`return b.Bytes(), nil`
state: convert config-entries table to new indexer pattern Using functional indexes to isolate enterprise differentiation and remove reflection. 2021-02-09 17:37:57 +00:00			`}`

state: remove unnecessary kind index The query can be performed using a prefix query on the ID index. Also backport some enterprise changes to prevent conflicts. 2021-03-31 20:21:21 +00:00			`return nil, fmt.Errorf("invalid type for ConfigEntryKindName query: %T", arg)`
Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 15:04:58 +00:00			`}`

state: remove unused Store method receiver And use ReadTxn interface where appropriate. 2020-08-11 20:31:23 +00:00			`func validateConfigEntryEnterprise(_ ReadTxn, _ structs.ConfigEntry) error {`
Restoring config entries updates the gateway-services table (#7811) - Adds a new validateConfigEntryEnterprise function - Also fixes some state store tests that were failing in enterprise 2020-05-08 18:24:33 +00:00			`return nil`
Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 15:04:58 +00:00			`}`

Fixup acl.EnterpriseMeta Signed-off-by: Mark Anderson <manderson@hashicorp.com> 2022-04-05 21:10:06 +00:00			`func getAllConfigEntriesWithTxn(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {`
state: remove config-entries namespace index Use a prefix of the ID index instead. 2021-03-10 18:37:17 +00:00			`return tx.Get(tableConfigEntries, indexID)`
Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 15:04:58 +00:00			`}`

Update Intentions.List with partitions (#11299) 2021-10-13 14:47:12 +00:00			`func getAllConfigEntriesByKindWithTxn(tx ReadTxn, kind string) (memdb.ResultIterator, error) {`
			`return getConfigEntryKindsWithTxn(tx, kind, nil)`
			`}`

Fixup acl.EnterpriseMeta Signed-off-by: Mark Anderson <manderson@hashicorp.com> 2022-04-05 21:10:06 +00:00			`func getConfigEntryKindsWithTxn(tx ReadTxn, kind string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {`
state: remove unnecessary kind index The query can be performed using a prefix query on the ID index. Also backport some enterprise changes to prevent conflicts. 2021-03-31 20:21:21 +00:00			`return tx.Get(tableConfigEntries, indexID+"_prefix", ConfigEntryKindQuery{Kind: kind})`
Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 15:04:58 +00:00			`}`
connect: intentions are now managed as a new config entry kind "service-intentions" (#8834) - Upgrade the ConfigEntry.ListAll RPC to be kind-aware so that older copies of consul will not see new config entries it doesn't understand replicate down. - Add shim conversion code so that the old API/CLI method of interacting with intentions will continue to work so long as none of these are edited via config entry endpoints. Almost all of the read-only APIs will continue to function indefinitely. - Add new APIs that operate on individual intentions without IDs so that the UI doesn't need to implement CAS operations. - Add a new serf feature flag indicating support for intentions-as-config-entries. - The old line-item intentions way of interacting with the state store will transparently flip between the legacy memdb table and the config entry representations so that readers will never see a hiccup during migration where the results are incomplete. It uses a piece of system metadata to control the flip. - The primary datacenter will begin migrating intentions into config entries on startup once all servers in the datacenter are on a version of Consul with the intentions-as-config-entries feature flag. When it is complete the old state store representations will be cleared. We also record a piece of system metadata indicating this has occurred. We use this metadata to skip ALL of this code the next time the leader starts up. - The secondary datacenters continue to run the old intentions replicator until all servers in the secondary DC and primary DC support intentions-as-config-entries (via serf flag). Once this condition it met the old intentions replicator ceases. - The secondary datacenters replicate the new config entries as they are migrated in the primary. When they detect that the primary has zeroed it's old state store table it waits until all config entries up to that point are replicated and then zeroes its own copy of the old state store table. We also record a piece of system metadata indicating this has occurred. We use this metadata to skip ALL of this code the next time the leader starts up. 2020-10-06 18:24:05 +00:00
Fixup acl.EnterpriseMeta Signed-off-by: Mark Anderson <manderson@hashicorp.com> 2022-04-05 21:10:06 +00:00			`func configIntentionsConvertToList(iter memdb.ResultIterator, _ *acl.EnterpriseMeta) structs.Intentions {`
connect: intentions are now managed as a new config entry kind "service-intentions" (#8834) - Upgrade the ConfigEntry.ListAll RPC to be kind-aware so that older copies of consul will not see new config entries it doesn't understand replicate down. - Add shim conversion code so that the old API/CLI method of interacting with intentions will continue to work so long as none of these are edited via config entry endpoints. Almost all of the read-only APIs will continue to function indefinitely. - Add new APIs that operate on individual intentions without IDs so that the UI doesn't need to implement CAS operations. - Add a new serf feature flag indicating support for intentions-as-config-entries. - The old line-item intentions way of interacting with the state store will transparently flip between the legacy memdb table and the config entry representations so that readers will never see a hiccup during migration where the results are incomplete. It uses a piece of system metadata to control the flip. - The primary datacenter will begin migrating intentions into config entries on startup once all servers in the datacenter are on a version of Consul with the intentions-as-config-entries feature flag. When it is complete the old state store representations will be cleared. We also record a piece of system metadata indicating this has occurred. We use this metadata to skip ALL of this code the next time the leader starts up. - The secondary datacenters continue to run the old intentions replicator until all servers in the secondary DC and primary DC support intentions-as-config-entries (via serf flag). Once this condition it met the old intentions replicator ceases. - The secondary datacenters replicate the new config entries as they are migrated in the primary. When they detect that the primary has zeroed it's old state store table it waits until all config entries up to that point are replicated and then zeroes its own copy of the old state store table. We also record a piece of system metadata indicating this has occurred. We use this metadata to skip ALL of this code the next time the leader starts up. 2020-10-06 18:24:05 +00:00			`var results structs.Intentions`
			`for v := iter.Next(); v != nil; v = iter.Next() {`
			`entry := v.(*structs.ServiceIntentionsConfigEntry)`
			`for _, src := range entry.Sources {`
			`results = append(results, entry.ToIntention(src))`
			`}`
			`}`
			`return results`
			`}`
peering: add store.PeeringsForService implementation (#12957) 2022-05-06 19:35:31 +00:00
			`// getExportedServicesMatchServicesNames returns a list of service names that are considered matches when`
[BACKPORT] 1.16.x manual backport of OSS->CE branch (#18549) 2023-08-23 16:53:44 +00:00			`// found in a list of exported-services config entries. For CE, namespace is not considered, so a match is one of:`
peering: add store.PeeringsForService implementation (#12957) 2022-05-06 19:35:31 +00:00			`// - the service name matches`
			`// - the service name is a wildcard`
Regenerate files according to 1.19.2 formatter 2022-10-21 19:58:06 +00:00			`//`
peering: add store.PeeringsForService implementation (#12957) 2022-05-06 19:35:31 +00:00			`// This value can be used to filter exported-services config entries for a given service name.`
			`func getExportedServicesMatchServiceNames(serviceName string, entMeta *acl.EnterpriseMeta) []structs.ServiceName {`
			`return []structs.ServiceName{`
			`structs.NewServiceName(serviceName, entMeta),`
			`structs.NewServiceName(structs.WildcardSpecifier, entMeta),`
			`}`
			`}`
fix tproxy sameness groups (#17468) 2023-05-25 16:18:55 +00:00
			`func readSourceSamenessIntentionsFromConfigEntriesForServiceTxn(`
			`tx ReadTxn,`
			`ws memdb.WatchSet,`
			`serviceName string,`
			`sourceEntMeta *acl.EnterpriseMeta,`
			`results structs.Intentions,`
			`targetType structs.IntentionTargetType,`
			`) (structs.Intentions, error) {`
			`return results, nil`
			`}`