open-consul/agent/proxycfg-glue/gateway_services.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package proxycfgglue

import (
	"context"

	"github.com/hashicorp/go-memdb"

	"github.com/hashicorp/consul/acl"
	"github.com/hashicorp/consul/agent/cache"
	cachetype "github.com/hashicorp/consul/agent/cache-types"
	"github.com/hashicorp/consul/agent/consul/watch"
	"github.com/hashicorp/consul/agent/proxycfg"
	"github.com/hashicorp/consul/agent/structs"
	"github.com/hashicorp/consul/agent/structs/aclfilter"
)

// CacheGatewayServices satisfies the proxycfg.GatewayServices interface by
// sourcing data from the agent cache.
func CacheGatewayServices(c *cache.Cache) proxycfg.GatewayServices {
	return &cacheProxyDataSource[*structs.ServiceSpecificRequest]{c, cachetype.GatewayServicesName}
}

// ServerGatewayServices satisfies the proxycfg.GatewayServices interface by
// sourcing data from a blocking query against the server's state store.
func ServerGatewayServices(deps ServerDataSourceDeps) proxycfg.GatewayServices {
	return &serverGatewayServices{deps}
}

type serverGatewayServices struct {
	deps ServerDataSourceDeps
}

func (s *serverGatewayServices) Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- proxycfg.UpdateEvent) error {
	return watch.ServerLocalNotify(ctx, correlationID, s.deps.GetStore,
		func(ws memdb.WatchSet, store Store) (uint64, *structs.IndexedGatewayServices, error) {
			var authzContext acl.AuthorizerContext
			authz, err := s.deps.ACLResolver.ResolveTokenAndDefaultMeta(req.Token, &req.EnterpriseMeta, &authzContext)
			if err != nil {
				return 0, nil, err
			}
			if err := authz.ToAllowAuthorizer().ServiceReadAllowed(req.ServiceName, &authzContext); err != nil {
				return 0, nil, err
			}

			index, services, err := store.GatewayServices(ws, req.ServiceName, &req.EnterpriseMeta)
			if err != nil {
				return 0, nil, err
			}

			response := &structs.IndexedGatewayServices{
				Services: services,
				QueryMeta: structs.QueryMeta{
					Backend: structs.QueryBackendBlocking,
					Index:   index,
				},
			}
			aclfilter.New(authz, s.deps.Logger).Filter(response)

			return index, response, nil
		},
		dispatchBlockingQueryUpdate[*structs.IndexedGatewayServices](ch),
	)
}
copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files 2023-03-28 18:39:22 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

proxycfg-glue: server-local implementation of `GatewayServices` This is the OSS portion of enterprise PR 2259. This PR provides a server-local implementation of the proxycfg.GatewayServices interface based on blocking queries. 2022-07-12 10:41:29 +00:00			`package proxycfgglue`

			`import (`
			`"context"`

			`"github.com/hashicorp/go-memdb"`

			`"github.com/hashicorp/consul/acl"`
			`"github.com/hashicorp/consul/agent/cache"`
			`cachetype "github.com/hashicorp/consul/agent/cache-types"`
			`"github.com/hashicorp/consul/agent/consul/watch"`
			`"github.com/hashicorp/consul/agent/proxycfg"`
			`"github.com/hashicorp/consul/agent/structs"`
			`"github.com/hashicorp/consul/agent/structs/aclfilter"`
			`)`

			`// CacheGatewayServices satisfies the proxycfg.GatewayServices interface by`
			`// sourcing data from the agent cache.`
			`func CacheGatewayServices(c *cache.Cache) proxycfg.GatewayServices {`
			`return &cacheProxyDataSource[*structs.ServiceSpecificRequest]{c, cachetype.GatewayServicesName}`
			`}`

			`// ServerGatewayServices satisfies the proxycfg.GatewayServices interface by`
			`// sourcing data from a blocking query against the server's state store.`
			`func ServerGatewayServices(deps ServerDataSourceDeps) proxycfg.GatewayServices {`
			`return &serverGatewayServices{deps}`
			`}`

			`type serverGatewayServices struct {`
			`deps ServerDataSourceDeps`
			`}`

			`func (s serverGatewayServices) Notify(ctx context.Context, req structs.ServiceSpecificRequest, correlationID string, ch chan<- proxycfg.UpdateEvent) error {`
			`return watch.ServerLocalNotify(ctx, correlationID, s.deps.GetStore,`
			`func(ws memdb.WatchSet, store Store) (uint64, *structs.IndexedGatewayServices, error) {`
			`var authzContext acl.AuthorizerContext`
			`authz, err := s.deps.ACLResolver.ResolveTokenAndDefaultMeta(req.Token, &req.EnterpriseMeta, &authzContext)`
			`if err != nil {`
			`return 0, nil, err`
			`}`
			`if err := authz.ToAllowAuthorizer().ServiceReadAllowed(req.ServiceName, &authzContext); err != nil {`
			`return 0, nil, err`
			`}`

			`index, services, err := store.GatewayServices(ws, req.ServiceName, &req.EnterpriseMeta)`
			`if err != nil {`
			`return 0, nil, err`
			`}`

			`response := &structs.IndexedGatewayServices{`
			`Services: services,`
			`QueryMeta: structs.QueryMeta{`
			`Backend: structs.QueryBackendBlocking,`
			`Index: index,`
			`},`
			`}`
			`aclfilter.New(authz, s.deps.Logger).Filter(response)`

			`return index, response, nil`
			`},`
			`dispatchBlockingQueryUpdate[*structs.IndexedGatewayServices](ch),`
			`)`
			`}`