peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
package pbpeering
|
|
|
|
|
2022-05-25 18:43:35 +00:00
|
|
|
import (
|
2022-08-01 14:33:18 +00:00
|
|
|
"crypto/tls"
|
|
|
|
"crypto/x509"
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
2022-05-25 18:43:35 +00:00
|
|
|
"time"
|
|
|
|
|
2022-06-08 22:53:32 +00:00
|
|
|
"github.com/golang/protobuf/ptypes/timestamp"
|
2022-08-01 14:33:18 +00:00
|
|
|
"google.golang.org/grpc"
|
|
|
|
"google.golang.org/grpc/credentials"
|
2022-10-17 15:30:35 +00:00
|
|
|
"google.golang.org/protobuf/proto"
|
2022-08-01 14:33:18 +00:00
|
|
|
|
2022-06-08 22:53:32 +00:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
2022-05-25 18:43:35 +00:00
|
|
|
"github.com/hashicorp/consul/api"
|
2022-06-01 21:53:52 +00:00
|
|
|
"github.com/hashicorp/consul/lib"
|
2022-05-25 18:43:35 +00:00
|
|
|
)
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
|
|
|
|
// RequestDatacenter implements structs.RPCInfo
|
|
|
|
func (req *GenerateTokenRequest) RequestDatacenter() string {
|
2022-07-12 23:18:05 +00:00
|
|
|
// Cross-datacenter requests are not allowed for peering actions because
|
|
|
|
// they rely on WAN-federation.
|
|
|
|
return ""
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
}
|
|
|
|
|
2022-07-12 23:18:05 +00:00
|
|
|
// RequestDatacenter implements structs.RPCInfo
|
|
|
|
func (req *EstablishRequest) RequestDatacenter() string {
|
|
|
|
// Cross-datacenter requests are not allowed for peering actions because
|
|
|
|
// they rely on WAN-federation.
|
|
|
|
return ""
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
}
|
|
|
|
|
2022-07-12 23:18:05 +00:00
|
|
|
// RequestDatacenter implements structs.RPCInfo
|
|
|
|
func (req *PeeringReadRequest) RequestDatacenter() string {
|
|
|
|
// Cross-datacenter requests are not allowed for peering actions because
|
|
|
|
// they rely on WAN-federation.
|
|
|
|
return ""
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
}
|
|
|
|
|
2022-07-12 23:18:05 +00:00
|
|
|
// RequestDatacenter implements structs.RPCInfo
|
|
|
|
func (req *PeeringListRequest) RequestDatacenter() string {
|
|
|
|
// Cross-datacenter requests are not allowed for peering actions because
|
|
|
|
// they rely on WAN-federation.
|
|
|
|
return ""
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
}
|
|
|
|
|
2022-07-12 23:18:05 +00:00
|
|
|
// RequestDatacenter implements structs.RPCInfo
|
|
|
|
func (req *PeeringWriteRequest) RequestDatacenter() string {
|
|
|
|
// Cross-datacenter requests are not allowed for peering actions because
|
|
|
|
// they rely on WAN-federation.
|
|
|
|
return ""
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
}
|
|
|
|
|
2022-07-12 23:18:05 +00:00
|
|
|
// RequestDatacenter implements structs.RPCInfo
|
|
|
|
func (req *PeeringDeleteRequest) RequestDatacenter() string {
|
|
|
|
// Cross-datacenter requests are not allowed for peering actions because
|
|
|
|
// they rely on WAN-federation.
|
|
|
|
return ""
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
}
|
|
|
|
|
2022-07-12 23:18:05 +00:00
|
|
|
// RequestDatacenter implements structs.RPCInfo
|
|
|
|
func (req *TrustBundleReadRequest) RequestDatacenter() string {
|
|
|
|
// Cross-datacenter requests are not allowed for peering actions because
|
|
|
|
// they rely on WAN-federation.
|
|
|
|
return ""
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
}
|
|
|
|
|
2022-07-12 23:18:05 +00:00
|
|
|
// RequestDatacenter implements structs.RPCInfo
|
|
|
|
func (req *TrustBundleListByServiceRequest) RequestDatacenter() string {
|
|
|
|
// Cross-datacenter requests are not allowed for peering actions because
|
|
|
|
// they rely on WAN-federation.
|
|
|
|
return ""
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// ShouldDial returns true when the peering was stored via the peering initiation endpoint,
|
|
|
|
// AND the peering is not marked as terminated by our peer.
|
|
|
|
// If we generated a token for this peer we did not store our server addresses under PeerServerAddresses.
|
|
|
|
// These server addresses are for dialing, and only the peer initiating the peering will do the dialing.
|
|
|
|
func (p *Peering) ShouldDial() bool {
|
2022-06-13 14:22:46 +00:00
|
|
|
return len(p.PeerServerAddresses) > 0
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
}
|
2022-05-19 21:37:52 +00:00
|
|
|
|
2022-06-07 21:29:09 +00:00
|
|
|
func (x PeeringState) GoString() string {
|
|
|
|
return x.String()
|
|
|
|
}
|
|
|
|
|
2022-06-01 21:53:52 +00:00
|
|
|
// ConcatenatedRootPEMs concatenates and returns all PEM-encoded public certificates
|
|
|
|
// in a peer's trust bundle.
|
|
|
|
func (b *PeeringTrustBundle) ConcatenatedRootPEMs() string {
|
|
|
|
if b == nil {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
|
|
|
var rootPEMs string
|
|
|
|
for _, pem := range b.RootPEMs {
|
|
|
|
rootPEMs += lib.EnsureTrailingNewline(pem)
|
|
|
|
}
|
|
|
|
return rootPEMs
|
|
|
|
}
|
|
|
|
|
2022-05-25 18:43:35 +00:00
|
|
|
// enumcover:PeeringState
|
|
|
|
func PeeringStateToAPI(s PeeringState) api.PeeringState {
|
|
|
|
switch s {
|
2022-07-04 14:47:58 +00:00
|
|
|
case PeeringState_PENDING:
|
|
|
|
return api.PeeringStatePending
|
|
|
|
case PeeringState_ESTABLISHING:
|
|
|
|
return api.PeeringStateEstablishing
|
2022-05-25 18:43:35 +00:00
|
|
|
case PeeringState_ACTIVE:
|
|
|
|
return api.PeeringStateActive
|
|
|
|
case PeeringState_FAILING:
|
|
|
|
return api.PeeringStateFailing
|
2022-07-04 14:47:58 +00:00
|
|
|
case PeeringState_DELETING:
|
|
|
|
return api.PeeringStateDeleting
|
2022-05-25 18:43:35 +00:00
|
|
|
case PeeringState_TERMINATED:
|
|
|
|
return api.PeeringStateTerminated
|
|
|
|
case PeeringState_UNDEFINED:
|
|
|
|
fallthrough
|
|
|
|
default:
|
|
|
|
return api.PeeringStateUndefined
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// enumcover:api.PeeringState
|
|
|
|
func PeeringStateFromAPI(t api.PeeringState) PeeringState {
|
|
|
|
switch t {
|
2022-07-04 14:47:58 +00:00
|
|
|
case api.PeeringStatePending:
|
|
|
|
return PeeringState_PENDING
|
|
|
|
case api.PeeringStateEstablishing:
|
|
|
|
return PeeringState_ESTABLISHING
|
2022-05-25 18:43:35 +00:00
|
|
|
case api.PeeringStateActive:
|
|
|
|
return PeeringState_ACTIVE
|
|
|
|
case api.PeeringStateFailing:
|
|
|
|
return PeeringState_FAILING
|
2022-07-04 14:47:58 +00:00
|
|
|
case api.PeeringStateDeleting:
|
|
|
|
return PeeringState_DELETING
|
2022-05-25 18:43:35 +00:00
|
|
|
case api.PeeringStateTerminated:
|
|
|
|
return PeeringState_TERMINATED
|
|
|
|
case api.PeeringStateUndefined:
|
|
|
|
fallthrough
|
|
|
|
default:
|
|
|
|
return PeeringState_UNDEFINED
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-09-23 21:51:41 +00:00
|
|
|
func StreamStatusToAPI(status *StreamStatus) api.PeeringStreamStatus {
|
|
|
|
return api.PeeringStreamStatus{
|
|
|
|
ImportedServices: status.ImportedServices,
|
|
|
|
ExportedServices: status.ExportedServices,
|
2022-11-03 18:51:22 +00:00
|
|
|
LastHeartbeat: TimePtrFromProto(status.LastHeartbeat),
|
|
|
|
LastReceive: TimePtrFromProto(status.LastReceive),
|
|
|
|
LastSend: TimePtrFromProto(status.LastSend),
|
2022-09-23 21:51:41 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func StreamStatusFromAPI(status api.PeeringStreamStatus) *StreamStatus {
|
|
|
|
return &StreamStatus{
|
|
|
|
ImportedServices: status.ImportedServices,
|
|
|
|
ExportedServices: status.ExportedServices,
|
2022-11-03 18:51:22 +00:00
|
|
|
LastHeartbeat: TimePtrToProto(status.LastHeartbeat),
|
|
|
|
LastReceive: TimePtrToProto(status.LastReceive),
|
|
|
|
LastSend: TimePtrToProto(status.LastSend),
|
2022-09-23 21:51:41 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-06-08 22:53:32 +00:00
|
|
|
func (p *Peering) IsActive() bool {
|
2022-08-26 14:27:13 +00:00
|
|
|
if p == nil || p.State == PeeringState_TERMINATED {
|
2022-06-13 14:22:46 +00:00
|
|
|
return false
|
|
|
|
}
|
2022-08-26 14:27:13 +00:00
|
|
|
if p.DeletedAt == nil {
|
2022-06-08 22:53:32 +00:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
|
|
|
// The minimum protobuf timestamp is the Unix epoch rather than go's zero.
|
|
|
|
return structs.IsZeroProtoTime(p.DeletedAt)
|
|
|
|
}
|
|
|
|
|
2022-08-01 14:33:18 +00:00
|
|
|
// Validate is a validation helper that checks whether a secret ID is embedded in the container type.
|
2022-08-08 07:41:00 +00:00
|
|
|
func (s *SecretsWriteRequest) Validate() error {
|
|
|
|
if s.PeerID == "" {
|
2022-08-01 14:33:18 +00:00
|
|
|
return errors.New("missing peer ID")
|
|
|
|
}
|
2022-08-08 07:41:00 +00:00
|
|
|
switch r := s.Request.(type) {
|
|
|
|
case *SecretsWriteRequest_GenerateToken:
|
|
|
|
if r != nil && r.GenerateToken.GetEstablishmentSecret() != "" {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
case *SecretsWriteRequest_Establish:
|
|
|
|
if r != nil && r.Establish.GetActiveStreamSecret() != "" {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
case *SecretsWriteRequest_ExchangeSecret:
|
|
|
|
if r != nil && r.ExchangeSecret.GetPendingStreamSecret() != "" {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
case *SecretsWriteRequest_PromotePending:
|
|
|
|
if r != nil && r.PromotePending.GetActiveStreamSecret() != "" {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
default:
|
|
|
|
return fmt.Errorf("unexpected request type %T", s.Request)
|
2022-08-01 14:33:18 +00:00
|
|
|
}
|
2022-08-08 07:41:00 +00:00
|
|
|
|
|
|
|
return errors.New("missing secret ID")
|
2022-08-01 14:33:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// TLSDialOption returns the gRPC DialOption to secure the transport if CAPems
|
|
|
|
// ara available. If no CAPems were provided in the peering token then the
|
|
|
|
// WithInsecure dial option is returned.
|
|
|
|
func (p *Peering) TLSDialOption() (grpc.DialOption, error) {
|
2022-11-07 16:34:30 +00:00
|
|
|
//nolint:staticcheck
|
2022-08-01 14:33:18 +00:00
|
|
|
tlsOption := grpc.WithInsecure()
|
|
|
|
|
|
|
|
if len(p.PeerCAPems) > 0 {
|
|
|
|
var haveCerts bool
|
|
|
|
pool := x509.NewCertPool()
|
|
|
|
for _, pem := range p.PeerCAPems {
|
|
|
|
if !pool.AppendCertsFromPEM([]byte(pem)) {
|
|
|
|
return nil, fmt.Errorf("failed to parse PEM %s", pem)
|
|
|
|
}
|
|
|
|
if len(pem) > 0 {
|
|
|
|
haveCerts = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if !haveCerts {
|
|
|
|
return nil, fmt.Errorf("failed to build cert pool from peer CA pems")
|
|
|
|
}
|
|
|
|
cfg := tls.Config{
|
|
|
|
ServerName: p.PeerServerName,
|
|
|
|
RootCAs: pool,
|
|
|
|
}
|
|
|
|
tlsOption = grpc.WithTransportCredentials(credentials.NewTLS(&cfg))
|
|
|
|
}
|
|
|
|
return tlsOption, nil
|
|
|
|
}
|
|
|
|
|
2022-05-25 18:43:35 +00:00
|
|
|
func (p *Peering) ToAPI() *api.Peering {
|
|
|
|
var t api.Peering
|
|
|
|
PeeringToAPI(p, &t)
|
|
|
|
return &t
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO consider using mog for this
|
|
|
|
func (resp *PeeringListResponse) ToAPI() []*api.Peering {
|
|
|
|
list := make([]*api.Peering, len(resp.Peerings))
|
|
|
|
for i, p := range resp.Peerings {
|
|
|
|
list[i] = p.ToAPI()
|
|
|
|
}
|
|
|
|
return list
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO consider using mog for this
|
|
|
|
func (resp *GenerateTokenResponse) ToAPI() *api.PeeringGenerateTokenResponse {
|
|
|
|
var t api.PeeringGenerateTokenResponse
|
|
|
|
GenerateTokenResponseToAPI(resp, &t)
|
|
|
|
return &t
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO consider using mog for this
|
2022-06-10 16:10:46 +00:00
|
|
|
func (resp *EstablishResponse) ToAPI() *api.PeeringEstablishResponse {
|
|
|
|
var t api.PeeringEstablishResponse
|
|
|
|
EstablishResponseToAPI(resp, &t)
|
2022-05-25 18:43:35 +00:00
|
|
|
return &t
|
|
|
|
}
|
|
|
|
|
2022-10-05 13:10:19 +00:00
|
|
|
func (r *RemoteInfo) IsEmpty() bool {
|
|
|
|
if r == nil {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
return r.Partition == "" && r.Datacenter == ""
|
|
|
|
}
|
|
|
|
|
2022-05-25 18:43:35 +00:00
|
|
|
// convenience
|
|
|
|
func NewGenerateTokenRequestFromAPI(req *api.PeeringGenerateTokenRequest) *GenerateTokenRequest {
|
|
|
|
if req == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
t := &GenerateTokenRequest{}
|
|
|
|
GenerateTokenRequestFromAPI(req, t)
|
|
|
|
return t
|
|
|
|
}
|
|
|
|
|
|
|
|
// convenience
|
2022-06-10 16:10:46 +00:00
|
|
|
func NewEstablishRequestFromAPI(req *api.PeeringEstablishRequest) *EstablishRequest {
|
2022-05-25 18:43:35 +00:00
|
|
|
if req == nil {
|
|
|
|
return nil
|
|
|
|
}
|
2022-06-10 16:10:46 +00:00
|
|
|
t := &EstablishRequest{}
|
|
|
|
EstablishRequestFromAPI(req, t)
|
2022-05-25 18:43:35 +00:00
|
|
|
return t
|
|
|
|
}
|
2022-05-23 23:57:42 +00:00
|
|
|
|
2022-06-08 22:53:32 +00:00
|
|
|
func TimePtrFromProto(s *timestamp.Timestamp) *time.Time {
|
|
|
|
if s == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
t := structs.TimeFromProto(s)
|
|
|
|
return &t
|
|
|
|
}
|
|
|
|
|
|
|
|
func TimePtrToProto(s *time.Time) *timestamp.Timestamp {
|
|
|
|
if s == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return structs.TimeToProto(*s)
|
|
|
|
}
|
2022-10-17 15:30:35 +00:00
|
|
|
|
|
|
|
// DeepCopy returns a copy of the PeeringTrustBundle that can be passed around
|
|
|
|
// without worrying about the receiver unsafely modifying it. It is used by the
|
|
|
|
// generated DeepCopy methods in proxycfg.
|
|
|
|
func (o *PeeringTrustBundle) DeepCopy() *PeeringTrustBundle {
|
|
|
|
cp, ok := proto.Clone(o).(*PeeringTrustBundle)
|
|
|
|
if !ok {
|
|
|
|
panic(fmt.Sprintf("failed to clone *PeeringTrustBundle, got: %T", cp))
|
|
|
|
}
|
|
|
|
return cp
|
|
|
|
}
|