2015-01-06 18:40:00 +00:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
2017-02-11 02:11:21 +00:00
|
|
|
"context"
|
2015-03-18 14:41:00 +00:00
|
|
|
"crypto/tls"
|
2015-01-06 18:40:00 +00:00
|
|
|
"encoding/json"
|
|
|
|
"fmt"
|
|
|
|
"io"
|
2017-05-26 03:51:27 +00:00
|
|
|
"io/ioutil"
|
2015-03-18 14:41:00 +00:00
|
|
|
"log"
|
2015-01-08 16:38:09 +00:00
|
|
|
"net"
|
2015-01-06 18:40:00 +00:00
|
|
|
"net/http"
|
|
|
|
"net/url"
|
2015-01-08 16:38:09 +00:00
|
|
|
"os"
|
2015-01-06 18:40:00 +00:00
|
|
|
"strconv"
|
2015-01-08 16:38:09 +00:00
|
|
|
"strings"
|
2015-01-06 18:40:00 +00:00
|
|
|
"time"
|
2015-10-22 14:47:50 +00:00
|
|
|
|
2015-10-22 18:14:22 +00:00
|
|
|
"github.com/hashicorp/go-cleanhttp"
|
2017-04-14 20:37:29 +00:00
|
|
|
"github.com/hashicorp/go-rootcerts"
|
2015-01-06 18:40:00 +00:00
|
|
|
)
|
|
|
|
|
2016-08-03 06:10:11 +00:00
|
|
|
const (
|
|
|
|
// HTTPAddrEnvName defines an environment variable name which sets
|
|
|
|
// the HTTP address if there is no -http-addr specified.
|
|
|
|
HTTPAddrEnvName = "CONSUL_HTTP_ADDR"
|
2016-08-03 06:11:04 +00:00
|
|
|
|
|
|
|
// HTTPTokenEnvName defines an environment variable name which sets
|
|
|
|
// the HTTP token.
|
|
|
|
HTTPTokenEnvName = "CONSUL_HTTP_TOKEN"
|
|
|
|
|
|
|
|
// HTTPAuthEnvName defines an environment variable name which sets
|
|
|
|
// the HTTP authentication header.
|
|
|
|
HTTPAuthEnvName = "CONSUL_HTTP_AUTH"
|
|
|
|
|
|
|
|
// HTTPSSLEnvName defines an environment variable name which sets
|
|
|
|
// whether or not to use HTTPS.
|
|
|
|
HTTPSSLEnvName = "CONSUL_HTTP_SSL"
|
|
|
|
|
2017-04-14 20:37:29 +00:00
|
|
|
// HTTPCAFile defines an environment variable name which sets the
|
|
|
|
// CA file to use for talking to Consul over TLS.
|
|
|
|
HTTPCAFile = "CONSUL_CACERT"
|
|
|
|
|
|
|
|
// HTTPCAPath defines an environment variable name which sets the
|
|
|
|
// path to a directory of CA certs to use for talking to Consul over TLS.
|
|
|
|
HTTPCAPath = "CONSUL_CAPATH"
|
|
|
|
|
|
|
|
// HTTPClientCert defines an environment variable name which sets the
|
|
|
|
// client cert file to use for talking to Consul over TLS.
|
|
|
|
HTTPClientCert = "CONSUL_CLIENT_CERT"
|
|
|
|
|
|
|
|
// HTTPClientKey defines an environment variable name which sets the
|
|
|
|
// client key file to use for talking to Consul over TLS.
|
|
|
|
HTTPClientKey = "CONSUL_CLIENT_KEY"
|
|
|
|
|
|
|
|
// HTTPTLSServerName defines an environment variable name which sets the
|
|
|
|
// server name to use as the SNI host when connecting via TLS
|
|
|
|
HTTPTLSServerName = "CONSUL_TLS_SERVER_NAME"
|
|
|
|
|
2016-08-03 06:11:04 +00:00
|
|
|
// HTTPSSLVerifyEnvName defines an environment variable name which sets
|
|
|
|
// whether or not to disable certificate checking.
|
|
|
|
HTTPSSLVerifyEnvName = "CONSUL_HTTP_SSL_VERIFY"
|
2016-08-03 06:10:11 +00:00
|
|
|
)
|
|
|
|
|
2015-01-06 18:40:00 +00:00
|
|
|
// QueryOptions are used to parameterize a query
|
|
|
|
type QueryOptions struct {
|
|
|
|
// Providing a datacenter overwrites the DC provided
|
|
|
|
// by the Config
|
|
|
|
Datacenter string
|
|
|
|
|
|
|
|
// AllowStale allows any Consul server (non-leader) to service
|
|
|
|
// a read. This allows for lower latency and higher throughput
|
|
|
|
AllowStale bool
|
|
|
|
|
|
|
|
// RequireConsistent forces the read to be fully consistent.
|
|
|
|
// This is more expensive but prevents ever performing a stale
|
|
|
|
// read.
|
|
|
|
RequireConsistent bool
|
|
|
|
|
|
|
|
// WaitIndex is used to enable a blocking query. Waits
|
|
|
|
// until the timeout or the next index is reached
|
|
|
|
WaitIndex uint64
|
|
|
|
|
2018-04-20 13:24:24 +00:00
|
|
|
// WaitHash is used by some endpoints instead of WaitIndex to perform blocking
|
|
|
|
// on state based on a hash of the response rather than a monotonic index.
|
|
|
|
// This is required when the state being blocked on is not stored in Raft, for
|
|
|
|
// example agent-local proxy configuration.
|
|
|
|
WaitHash string
|
|
|
|
|
2015-01-06 18:40:00 +00:00
|
|
|
// WaitTime is used to bound the duration of a wait.
|
2015-09-15 12:22:08 +00:00
|
|
|
// Defaults to that of the Config, but can be overridden.
|
2015-01-06 18:40:00 +00:00
|
|
|
WaitTime time.Duration
|
|
|
|
|
|
|
|
// Token is used to provide a per-request ACL token
|
|
|
|
// which overrides the agent's default token.
|
|
|
|
Token string
|
2015-10-16 04:42:09 +00:00
|
|
|
|
|
|
|
// Near is used to provide a node name that will sort the results
|
|
|
|
// in ascending order based on the estimated round trip time from
|
|
|
|
// that node. Setting this to "_agent" will use the agent's node
|
|
|
|
// for the sort.
|
|
|
|
Near string
|
2017-01-11 23:44:13 +00:00
|
|
|
|
|
|
|
// NodeMeta is used to filter results by nodes with the given
|
|
|
|
// metadata key/value pairs. Currently, only one key/value pair can
|
|
|
|
// be provided for filtering.
|
|
|
|
NodeMeta map[string]string
|
2017-02-08 23:25:47 +00:00
|
|
|
|
2018-02-19 07:13:57 +00:00
|
|
|
// RelayFactor is used in keyring operations to cause responses to be
|
2017-02-08 23:25:47 +00:00
|
|
|
// relayed back to the sender through N other random nodes. Must be
|
|
|
|
// a value from 0 to 5 (inclusive).
|
|
|
|
RelayFactor uint8
|
2017-06-26 20:52:03 +00:00
|
|
|
|
2018-06-06 18:50:23 +00:00
|
|
|
// Connect filters prepared query execution to only include Connect-capable
|
|
|
|
// services. This currently affects prepared query execution.
|
|
|
|
Connect bool
|
|
|
|
|
2017-07-15 00:30:08 +00:00
|
|
|
// ctx is an optional context pass through to the underlying HTTP
|
|
|
|
// request layer. Use Context() and WithContext() to manage this.
|
|
|
|
ctx context.Context
|
|
|
|
}
|
|
|
|
|
|
|
|
func (o *QueryOptions) Context() context.Context {
|
|
|
|
if o != nil && o.ctx != nil {
|
|
|
|
return o.ctx
|
|
|
|
}
|
|
|
|
return context.Background()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (o *QueryOptions) WithContext(ctx context.Context) *QueryOptions {
|
|
|
|
o2 := new(QueryOptions)
|
|
|
|
if o != nil {
|
|
|
|
*o2 = *o
|
|
|
|
}
|
|
|
|
o2.ctx = ctx
|
|
|
|
return o2
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// WriteOptions are used to parameterize a write
|
|
|
|
type WriteOptions struct {
|
|
|
|
// Providing a datacenter overwrites the DC provided
|
|
|
|
// by the Config
|
|
|
|
Datacenter string
|
|
|
|
|
|
|
|
// Token is used to provide a per-request ACL token
|
|
|
|
// which overrides the agent's default token.
|
|
|
|
Token string
|
2017-02-08 23:25:47 +00:00
|
|
|
|
2018-03-19 16:56:00 +00:00
|
|
|
// RelayFactor is used in keyring operations to cause responses to be
|
2017-02-08 23:25:47 +00:00
|
|
|
// relayed back to the sender through N other random nodes. Must be
|
|
|
|
// a value from 0 to 5 (inclusive).
|
|
|
|
RelayFactor uint8
|
2017-07-15 00:30:08 +00:00
|
|
|
|
|
|
|
// ctx is an optional context pass through to the underlying HTTP
|
|
|
|
// request layer. Use Context() and WithContext() to manage this.
|
|
|
|
ctx context.Context
|
|
|
|
}
|
|
|
|
|
|
|
|
func (o *WriteOptions) Context() context.Context {
|
|
|
|
if o != nil && o.ctx != nil {
|
|
|
|
return o.ctx
|
|
|
|
}
|
|
|
|
return context.Background()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (o *WriteOptions) WithContext(ctx context.Context) *WriteOptions {
|
|
|
|
o2 := new(WriteOptions)
|
|
|
|
if o != nil {
|
|
|
|
*o2 = *o
|
|
|
|
}
|
|
|
|
o2.ctx = ctx
|
|
|
|
return o2
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// QueryMeta is used to return meta data about a query
|
|
|
|
type QueryMeta struct {
|
|
|
|
// LastIndex. This can be used as a WaitIndex to perform
|
|
|
|
// a blocking query
|
|
|
|
LastIndex uint64
|
|
|
|
|
2018-04-05 16:15:43 +00:00
|
|
|
// LastContentHash. This can be used as a WaitHash to perform a blocking query
|
|
|
|
// for endpoints that support hash-based blocking. Endpoints that do not
|
|
|
|
// support it will return an empty hash.
|
|
|
|
LastContentHash string
|
|
|
|
|
2015-01-06 18:40:00 +00:00
|
|
|
// Time of last contact from the leader for the
|
|
|
|
// server servicing the request
|
|
|
|
LastContact time.Duration
|
|
|
|
|
|
|
|
// Is there a known leader
|
|
|
|
KnownLeader bool
|
|
|
|
|
|
|
|
// How long did the request take
|
|
|
|
RequestTime time.Duration
|
2016-08-16 18:31:41 +00:00
|
|
|
|
|
|
|
// Is address translation enabled for HTTP responses on this agent
|
|
|
|
AddressTranslationEnabled bool
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// WriteMeta is used to return meta data about a write
|
|
|
|
type WriteMeta struct {
|
|
|
|
// How long did the request take
|
|
|
|
RequestTime time.Duration
|
|
|
|
}
|
|
|
|
|
2015-01-07 21:01:44 +00:00
|
|
|
// HttpBasicAuth is used to authenticate http client with HTTP Basic Authentication
|
|
|
|
type HttpBasicAuth struct {
|
|
|
|
// Username to use for HTTP Basic Authentication
|
|
|
|
Username string
|
|
|
|
|
|
|
|
// Password to use for HTTP Basic Authentication
|
|
|
|
Password string
|
|
|
|
}
|
|
|
|
|
2015-01-06 18:40:00 +00:00
|
|
|
// Config is used to configure the creation of a client
|
|
|
|
type Config struct {
|
|
|
|
// Address is the address of the Consul server
|
|
|
|
Address string
|
|
|
|
|
|
|
|
// Scheme is the URI scheme for the Consul server
|
|
|
|
Scheme string
|
|
|
|
|
|
|
|
// Datacenter to use. If not provided, the default agent datacenter is used.
|
|
|
|
Datacenter string
|
|
|
|
|
2017-04-18 23:39:23 +00:00
|
|
|
// Transport is the Transport to use for the http client.
|
|
|
|
Transport *http.Transport
|
|
|
|
|
2015-01-06 18:40:00 +00:00
|
|
|
// HttpClient is the client to use. Default will be
|
|
|
|
// used if not provided.
|
|
|
|
HttpClient *http.Client
|
|
|
|
|
2015-01-07 21:01:44 +00:00
|
|
|
// HttpAuth is the auth info to use for http access.
|
|
|
|
HttpAuth *HttpBasicAuth
|
|
|
|
|
2015-01-06 18:40:00 +00:00
|
|
|
// WaitTime limits how long a Watch will block. If not provided,
|
|
|
|
// the agent default values will be used.
|
|
|
|
WaitTime time.Duration
|
|
|
|
|
|
|
|
// Token is used to provide a per-request ACL token
|
|
|
|
// which overrides the agent's default token.
|
|
|
|
Token string
|
2017-04-14 20:37:29 +00:00
|
|
|
|
|
|
|
TLSConfig TLSConfig
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
|
|
|
|
2016-03-24 18:24:18 +00:00
|
|
|
// TLSConfig is used to generate a TLSClientConfig that's useful for talking to
|
|
|
|
// Consul using TLS.
|
|
|
|
type TLSConfig struct {
|
2016-03-24 18:33:44 +00:00
|
|
|
// Address is the optional address of the Consul server. The port, if any
|
|
|
|
// will be removed from here and this will be set to the ServerName of the
|
|
|
|
// resulting config.
|
2016-03-24 18:24:18 +00:00
|
|
|
Address string
|
|
|
|
|
|
|
|
// CAFile is the optional path to the CA certificate used for Consul
|
|
|
|
// communication, defaults to the system bundle if not specified.
|
|
|
|
CAFile string
|
|
|
|
|
2017-04-14 20:37:29 +00:00
|
|
|
// CAPath is the optional path to a directory of CA certificates to use for
|
|
|
|
// Consul communication, defaults to the system bundle if not specified.
|
|
|
|
CAPath string
|
|
|
|
|
2016-03-24 18:24:18 +00:00
|
|
|
// CertFile is the optional path to the certificate for Consul
|
|
|
|
// communication. If this is set then you need to also set KeyFile.
|
|
|
|
CertFile string
|
|
|
|
|
|
|
|
// KeyFile is the optional path to the private key for Consul communication.
|
|
|
|
// If this is set then you need to also set CertFile.
|
|
|
|
KeyFile string
|
|
|
|
|
|
|
|
// InsecureSkipVerify if set to true will disable TLS host verification.
|
|
|
|
InsecureSkipVerify bool
|
|
|
|
}
|
|
|
|
|
2016-03-10 20:29:50 +00:00
|
|
|
// DefaultConfig returns a default configuration for the client. By default this
|
|
|
|
// will pool and reuse idle connections to Consul. If you have a long-lived
|
|
|
|
// client object, this is the desired behavior and should make the most efficient
|
|
|
|
// use of the connections to Consul. If you don't reuse a client object , which
|
|
|
|
// is not recommended, then you may notice idle connections building up over
|
|
|
|
// time. To avoid this, use the DefaultNonPooledConfig() instead.
|
2015-01-06 18:40:00 +00:00
|
|
|
func DefaultConfig() *Config {
|
2016-03-10 20:29:50 +00:00
|
|
|
return defaultConfig(cleanhttp.DefaultPooledTransport)
|
|
|
|
}
|
|
|
|
|
|
|
|
// DefaultNonPooledConfig returns a default configuration for the client which
|
|
|
|
// does not pool connections. This isn't a recommended configuration because it
|
|
|
|
// will reconnect to Consul on every request, but this is useful to avoid the
|
|
|
|
// accumulation of idle connections if you make many client objects during the
|
|
|
|
// lifetime of your application.
|
|
|
|
func DefaultNonPooledConfig() *Config {
|
|
|
|
return defaultConfig(cleanhttp.DefaultTransport)
|
|
|
|
}
|
|
|
|
|
|
|
|
// defaultConfig returns the default configuration for the client, using the
|
|
|
|
// given function to make the transport.
|
|
|
|
func defaultConfig(transportFn func() *http.Transport) *Config {
|
2015-01-08 16:38:09 +00:00
|
|
|
config := &Config{
|
2017-04-21 01:59:42 +00:00
|
|
|
Address: "127.0.0.1:8500",
|
|
|
|
Scheme: "http",
|
2017-04-18 23:39:23 +00:00
|
|
|
Transport: transportFn(),
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
2015-01-08 16:38:09 +00:00
|
|
|
|
2016-08-03 06:10:11 +00:00
|
|
|
if addr := os.Getenv(HTTPAddrEnvName); addr != "" {
|
2015-01-16 01:24:15 +00:00
|
|
|
config.Address = addr
|
2015-01-08 16:38:09 +00:00
|
|
|
}
|
|
|
|
|
2016-08-03 06:11:04 +00:00
|
|
|
if token := os.Getenv(HTTPTokenEnvName); token != "" {
|
2015-03-18 14:41:00 +00:00
|
|
|
config.Token = token
|
|
|
|
}
|
|
|
|
|
2016-08-03 06:11:04 +00:00
|
|
|
if auth := os.Getenv(HTTPAuthEnvName); auth != "" {
|
2015-03-18 14:41:00 +00:00
|
|
|
var username, password string
|
|
|
|
if strings.Contains(auth, ":") {
|
|
|
|
split := strings.SplitN(auth, ":", 2)
|
|
|
|
username = split[0]
|
|
|
|
password = split[1]
|
|
|
|
} else {
|
|
|
|
username = auth
|
|
|
|
}
|
|
|
|
|
|
|
|
config.HttpAuth = &HttpBasicAuth{
|
|
|
|
Username: username,
|
|
|
|
Password: password,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-08-03 06:11:04 +00:00
|
|
|
if ssl := os.Getenv(HTTPSSLEnvName); ssl != "" {
|
2015-03-18 14:41:00 +00:00
|
|
|
enabled, err := strconv.ParseBool(ssl)
|
|
|
|
if err != nil {
|
2016-08-03 06:11:04 +00:00
|
|
|
log.Printf("[WARN] client: could not parse %s: %s", HTTPSSLEnvName, err)
|
2015-03-18 14:41:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if enabled {
|
|
|
|
config.Scheme = "https"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-04-14 20:37:29 +00:00
|
|
|
if v := os.Getenv(HTTPTLSServerName); v != "" {
|
|
|
|
config.TLSConfig.Address = v
|
|
|
|
}
|
|
|
|
if v := os.Getenv(HTTPCAFile); v != "" {
|
|
|
|
config.TLSConfig.CAFile = v
|
|
|
|
}
|
|
|
|
if v := os.Getenv(HTTPCAPath); v != "" {
|
|
|
|
config.TLSConfig.CAPath = v
|
|
|
|
}
|
|
|
|
if v := os.Getenv(HTTPClientCert); v != "" {
|
|
|
|
config.TLSConfig.CertFile = v
|
|
|
|
}
|
|
|
|
if v := os.Getenv(HTTPClientKey); v != "" {
|
|
|
|
config.TLSConfig.KeyFile = v
|
|
|
|
}
|
|
|
|
if v := os.Getenv(HTTPSSLVerifyEnvName); v != "" {
|
|
|
|
doVerify, err := strconv.ParseBool(v)
|
2015-03-18 14:41:00 +00:00
|
|
|
if err != nil {
|
2016-08-03 06:11:04 +00:00
|
|
|
log.Printf("[WARN] client: could not parse %s: %s", HTTPSSLVerifyEnvName, err)
|
2015-03-18 14:41:00 +00:00
|
|
|
}
|
|
|
|
if !doVerify {
|
2017-04-14 20:37:29 +00:00
|
|
|
config.TLSConfig.InsecureSkipVerify = true
|
2015-03-18 14:41:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-01-08 16:38:09 +00:00
|
|
|
return config
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
|
|
|
|
2016-03-24 18:24:18 +00:00
|
|
|
// TLSConfig is used to generate a TLSClientConfig that's useful for talking to
|
|
|
|
// Consul using TLS.
|
|
|
|
func SetupTLSConfig(tlsConfig *TLSConfig) (*tls.Config, error) {
|
|
|
|
tlsClientConfig := &tls.Config{
|
|
|
|
InsecureSkipVerify: tlsConfig.InsecureSkipVerify,
|
|
|
|
}
|
|
|
|
|
|
|
|
if tlsConfig.Address != "" {
|
|
|
|
server := tlsConfig.Address
|
|
|
|
hasPort := strings.LastIndex(server, ":") > strings.LastIndex(server, "]")
|
|
|
|
if hasPort {
|
|
|
|
var err error
|
|
|
|
server, _, err = net.SplitHostPort(server)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
tlsClientConfig.ServerName = server
|
|
|
|
}
|
|
|
|
|
|
|
|
if tlsConfig.CertFile != "" && tlsConfig.KeyFile != "" {
|
|
|
|
tlsCert, err := tls.LoadX509KeyPair(tlsConfig.CertFile, tlsConfig.KeyFile)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
tlsClientConfig.Certificates = []tls.Certificate{tlsCert}
|
|
|
|
}
|
|
|
|
|
2017-11-08 02:22:09 +00:00
|
|
|
if tlsConfig.CAFile != "" || tlsConfig.CAPath != "" {
|
|
|
|
rootConfig := &rootcerts.Config{
|
|
|
|
CAFile: tlsConfig.CAFile,
|
|
|
|
CAPath: tlsConfig.CAPath,
|
|
|
|
}
|
|
|
|
if err := rootcerts.ConfigureTLS(tlsClientConfig, rootConfig); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2016-03-24 18:24:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return tlsClientConfig, nil
|
|
|
|
}
|
|
|
|
|
2018-07-10 16:13:51 +00:00
|
|
|
func (c *Config) GenerateEnv() []string {
|
2018-07-11 13:22:47 +00:00
|
|
|
env := make([]string, 0, 10)
|
|
|
|
|
|
|
|
env = append(env,
|
|
|
|
fmt.Sprintf("%s=%s", HTTPAddrEnvName, c.Address),
|
|
|
|
fmt.Sprintf("%s=%s", HTTPTokenEnvName, c.Token),
|
|
|
|
fmt.Sprintf("%s=%t", HTTPSSLEnvName, c.Scheme == "https"),
|
|
|
|
fmt.Sprintf("%s=%s", HTTPCAFile, c.TLSConfig.CAFile),
|
|
|
|
fmt.Sprintf("%s=%s", HTTPCAPath, c.TLSConfig.CAPath),
|
|
|
|
fmt.Sprintf("%s=%s", HTTPClientCert, c.TLSConfig.CertFile),
|
|
|
|
fmt.Sprintf("%s=%s", HTTPClientKey, c.TLSConfig.KeyFile),
|
|
|
|
fmt.Sprintf("%s=%s", HTTPTLSServerName, c.TLSConfig.Address),
|
|
|
|
fmt.Sprintf("%s=%t", HTTPSSLVerifyEnvName, !c.TLSConfig.InsecureSkipVerify))
|
2018-07-10 16:13:51 +00:00
|
|
|
|
|
|
|
if c.HttpAuth != nil {
|
2018-07-11 13:22:47 +00:00
|
|
|
env = append(env, fmt.Sprintf("%s=%s:%s", HTTPAuthEnvName, c.HttpAuth.Username, c.HttpAuth.Password))
|
2018-07-10 16:13:51 +00:00
|
|
|
} else {
|
2018-07-11 13:22:47 +00:00
|
|
|
env = append(env, fmt.Sprintf("%s=", HTTPAuthEnvName))
|
2018-07-10 16:13:51 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return env
|
|
|
|
}
|
|
|
|
|
2015-01-06 18:40:00 +00:00
|
|
|
// Client provides a client to the Consul API
|
|
|
|
type Client struct {
|
|
|
|
config Config
|
|
|
|
}
|
|
|
|
|
|
|
|
// NewClient returns a new client
|
|
|
|
func NewClient(config *Config) (*Client, error) {
|
|
|
|
// bootstrap the config
|
|
|
|
defConfig := DefaultConfig()
|
|
|
|
|
2015-01-16 01:24:15 +00:00
|
|
|
if len(config.Address) == 0 {
|
2015-01-06 18:40:00 +00:00
|
|
|
config.Address = defConfig.Address
|
|
|
|
}
|
|
|
|
|
|
|
|
if len(config.Scheme) == 0 {
|
|
|
|
config.Scheme = defConfig.Scheme
|
|
|
|
}
|
|
|
|
|
2017-04-18 23:39:23 +00:00
|
|
|
if config.Transport == nil {
|
|
|
|
config.Transport = defConfig.Transport
|
|
|
|
}
|
|
|
|
|
2017-04-14 20:37:29 +00:00
|
|
|
if config.TLSConfig.Address == "" {
|
|
|
|
config.TLSConfig.Address = defConfig.TLSConfig.Address
|
|
|
|
}
|
|
|
|
|
|
|
|
if config.TLSConfig.CAFile == "" {
|
|
|
|
config.TLSConfig.CAFile = defConfig.TLSConfig.CAFile
|
|
|
|
}
|
|
|
|
|
|
|
|
if config.TLSConfig.CAPath == "" {
|
|
|
|
config.TLSConfig.CAPath = defConfig.TLSConfig.CAPath
|
|
|
|
}
|
|
|
|
|
|
|
|
if config.TLSConfig.CertFile == "" {
|
|
|
|
config.TLSConfig.CertFile = defConfig.TLSConfig.CertFile
|
|
|
|
}
|
|
|
|
|
|
|
|
if config.TLSConfig.KeyFile == "" {
|
|
|
|
config.TLSConfig.KeyFile = defConfig.TLSConfig.KeyFile
|
|
|
|
}
|
|
|
|
|
|
|
|
if !config.TLSConfig.InsecureSkipVerify {
|
|
|
|
config.TLSConfig.InsecureSkipVerify = defConfig.TLSConfig.InsecureSkipVerify
|
|
|
|
}
|
|
|
|
|
2017-04-18 23:39:23 +00:00
|
|
|
if config.HttpClient == nil {
|
|
|
|
var err error
|
|
|
|
config.HttpClient, err = NewHttpClient(config.Transport, config.TLSConfig)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2017-04-14 20:37:29 +00:00
|
|
|
}
|
|
|
|
|
2017-02-10 23:08:39 +00:00
|
|
|
parts := strings.SplitN(config.Address, "://", 2)
|
|
|
|
if len(parts) == 2 {
|
2017-02-11 00:55:54 +00:00
|
|
|
switch parts[0] {
|
|
|
|
case "http":
|
2017-09-25 18:40:42 +00:00
|
|
|
config.Scheme = "http"
|
2017-02-11 00:55:54 +00:00
|
|
|
case "https":
|
2017-02-10 23:08:39 +00:00
|
|
|
config.Scheme = "https"
|
2017-02-11 00:55:54 +00:00
|
|
|
case "unix":
|
2017-02-10 23:08:39 +00:00
|
|
|
trans := cleanhttp.DefaultTransport()
|
2017-02-11 02:11:21 +00:00
|
|
|
trans.DialContext = func(_ context.Context, _, _ string) (net.Conn, error) {
|
2017-02-10 23:08:39 +00:00
|
|
|
return net.Dial("unix", parts[1])
|
|
|
|
}
|
|
|
|
config.HttpClient = &http.Client{
|
|
|
|
Transport: trans,
|
|
|
|
}
|
2017-02-11 00:55:54 +00:00
|
|
|
default:
|
|
|
|
return nil, fmt.Errorf("Unknown protocol scheme: %s", parts[0])
|
2015-12-17 06:27:07 +00:00
|
|
|
}
|
2015-12-17 15:56:50 +00:00
|
|
|
config.Address = parts[1]
|
2015-01-08 16:38:09 +00:00
|
|
|
}
|
|
|
|
|
2017-08-15 22:51:18 +00:00
|
|
|
if config.Token == "" {
|
|
|
|
config.Token = defConfig.Token
|
|
|
|
}
|
2017-08-29 00:58:22 +00:00
|
|
|
|
2017-09-25 18:40:42 +00:00
|
|
|
return &Client{config: *config}, nil
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
|
|
|
|
2017-04-18 23:39:23 +00:00
|
|
|
// NewHttpClient returns an http client configured with the given Transport and TLS
|
|
|
|
// config.
|
|
|
|
func NewHttpClient(transport *http.Transport, tlsConf TLSConfig) (*http.Client, error) {
|
|
|
|
client := &http.Client{
|
|
|
|
Transport: transport,
|
|
|
|
}
|
|
|
|
|
2017-11-07 23:06:59 +00:00
|
|
|
// TODO (slackpad) - Once we get some run time on the HTTP/2 support we
|
|
|
|
// should turn it on by default if TLS is enabled. We would basically
|
|
|
|
// just need to call http2.ConfigureTransport(transport) here. We also
|
|
|
|
// don't want to introduce another external dependency on
|
|
|
|
// golang.org/x/net/http2 at this time. For a complete recipe for how
|
|
|
|
// to enable HTTP/2 support on a transport suitable for the API client
|
|
|
|
// library see agent/http_test.go:TestHTTPServer_H2.
|
|
|
|
|
2017-05-24 20:45:19 +00:00
|
|
|
if transport.TLSClientConfig == nil {
|
|
|
|
tlsClientConfig, err := SetupTLSConfig(&tlsConf)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
transport.TLSClientConfig = tlsClientConfig
|
|
|
|
}
|
|
|
|
|
2017-04-18 23:39:23 +00:00
|
|
|
return client, nil
|
|
|
|
}
|
|
|
|
|
2015-01-06 18:40:00 +00:00
|
|
|
// request is used to help build up a request
|
|
|
|
type request struct {
|
|
|
|
config *Config
|
|
|
|
method string
|
|
|
|
url *url.URL
|
|
|
|
params url.Values
|
|
|
|
body io.Reader
|
2016-08-02 20:54:59 +00:00
|
|
|
header http.Header
|
2015-01-06 18:40:00 +00:00
|
|
|
obj interface{}
|
2017-06-26 20:52:03 +00:00
|
|
|
ctx context.Context
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// setQueryOptions is used to annotate the request with
|
|
|
|
// additional query options
|
|
|
|
func (r *request) setQueryOptions(q *QueryOptions) {
|
|
|
|
if q == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if q.Datacenter != "" {
|
|
|
|
r.params.Set("dc", q.Datacenter)
|
|
|
|
}
|
|
|
|
if q.AllowStale {
|
|
|
|
r.params.Set("stale", "")
|
|
|
|
}
|
|
|
|
if q.RequireConsistent {
|
|
|
|
r.params.Set("consistent", "")
|
|
|
|
}
|
|
|
|
if q.WaitIndex != 0 {
|
|
|
|
r.params.Set("index", strconv.FormatUint(q.WaitIndex, 10))
|
|
|
|
}
|
|
|
|
if q.WaitTime != 0 {
|
|
|
|
r.params.Set("wait", durToMsec(q.WaitTime))
|
|
|
|
}
|
2018-04-20 13:24:24 +00:00
|
|
|
if q.WaitHash != "" {
|
|
|
|
r.params.Set("hash", q.WaitHash)
|
|
|
|
}
|
2015-01-06 18:40:00 +00:00
|
|
|
if q.Token != "" {
|
2016-08-02 20:54:59 +00:00
|
|
|
r.header.Set("X-Consul-Token", q.Token)
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
2015-10-16 04:42:09 +00:00
|
|
|
if q.Near != "" {
|
|
|
|
r.params.Set("near", q.Near)
|
|
|
|
}
|
2017-01-11 23:44:13 +00:00
|
|
|
if len(q.NodeMeta) > 0 {
|
|
|
|
for key, value := range q.NodeMeta {
|
|
|
|
r.params.Add("node-meta", key+":"+value)
|
|
|
|
}
|
|
|
|
}
|
2017-02-08 23:25:47 +00:00
|
|
|
if q.RelayFactor != 0 {
|
|
|
|
r.params.Set("relay-factor", strconv.Itoa(int(q.RelayFactor)))
|
|
|
|
}
|
2018-06-06 18:50:23 +00:00
|
|
|
if q.Connect {
|
|
|
|
r.params.Set("connect", "true")
|
|
|
|
}
|
2017-07-15 00:30:08 +00:00
|
|
|
r.ctx = q.ctx
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
|
|
|
|
2016-01-06 19:05:11 +00:00
|
|
|
// durToMsec converts a duration to a millisecond specified string. If the
|
|
|
|
// user selected a positive value that rounds to 0 ms, then we will use 1 ms
|
|
|
|
// so they get a short delay, otherwise Consul will translate the 0 ms into
|
|
|
|
// a huge default delay.
|
2015-01-06 18:40:00 +00:00
|
|
|
func durToMsec(dur time.Duration) string {
|
2016-01-06 19:05:11 +00:00
|
|
|
ms := dur / time.Millisecond
|
|
|
|
if dur > 0 && ms == 0 {
|
|
|
|
ms = 1
|
|
|
|
}
|
|
|
|
return fmt.Sprintf("%dms", ms)
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
|
|
|
|
2016-01-06 19:35:16 +00:00
|
|
|
// serverError is a string we look for to detect 500 errors.
|
|
|
|
const serverError = "Unexpected response code: 500"
|
|
|
|
|
2017-10-11 14:42:10 +00:00
|
|
|
// IsRetryableError returns true for 500 errors from the Consul servers, and
|
|
|
|
// network connection errors. These are usually retryable at a later time.
|
|
|
|
// This applies to reads but NOT to writes. This may return true for errors
|
|
|
|
// on writes that may have still gone through, so do not use this to retry
|
|
|
|
// any write operations.
|
|
|
|
func IsRetryableError(err error) bool {
|
2016-01-06 19:35:16 +00:00
|
|
|
if err == nil {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2017-10-11 14:42:10 +00:00
|
|
|
if _, ok := err.(net.Error); ok {
|
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2016-01-06 19:35:16 +00:00
|
|
|
// TODO (slackpad) - Make a real error type here instead of using
|
|
|
|
// a string check.
|
|
|
|
return strings.Contains(err.Error(), serverError)
|
|
|
|
}
|
|
|
|
|
2015-01-06 18:40:00 +00:00
|
|
|
// setWriteOptions is used to annotate the request with
|
|
|
|
// additional write options
|
|
|
|
func (r *request) setWriteOptions(q *WriteOptions) {
|
|
|
|
if q == nil {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
if q.Datacenter != "" {
|
|
|
|
r.params.Set("dc", q.Datacenter)
|
|
|
|
}
|
|
|
|
if q.Token != "" {
|
2016-08-02 20:54:59 +00:00
|
|
|
r.header.Set("X-Consul-Token", q.Token)
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
2017-02-08 23:25:47 +00:00
|
|
|
if q.RelayFactor != 0 {
|
2017-02-10 01:49:17 +00:00
|
|
|
r.params.Set("relay-factor", strconv.Itoa(int(q.RelayFactor)))
|
2017-02-08 23:25:47 +00:00
|
|
|
}
|
2017-07-15 00:30:08 +00:00
|
|
|
r.ctx = q.ctx
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// toHTTP converts the request to an HTTP request
|
|
|
|
func (r *request) toHTTP() (*http.Request, error) {
|
|
|
|
// Encode the query parameters
|
|
|
|
r.url.RawQuery = r.params.Encode()
|
|
|
|
|
|
|
|
// Check if we should encode the body
|
|
|
|
if r.body == nil && r.obj != nil {
|
2017-04-21 01:59:42 +00:00
|
|
|
b, err := encodeBody(r.obj)
|
|
|
|
if err != nil {
|
2015-01-06 18:40:00 +00:00
|
|
|
return nil, err
|
|
|
|
}
|
2017-04-21 01:59:42 +00:00
|
|
|
r.body = b
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Create the HTTP request
|
2015-01-08 16:38:09 +00:00
|
|
|
req, err := http.NewRequest(r.method, r.url.RequestURI(), r.body)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
req.URL.Host = r.url.Host
|
|
|
|
req.URL.Scheme = r.url.Scheme
|
|
|
|
req.Host = r.url.Host
|
2016-08-02 20:54:59 +00:00
|
|
|
req.Header = r.header
|
2015-01-07 21:01:44 +00:00
|
|
|
|
|
|
|
// Setup auth
|
2015-01-14 21:25:12 +00:00
|
|
|
if r.config.HttpAuth != nil {
|
2015-01-07 21:01:44 +00:00
|
|
|
req.SetBasicAuth(r.config.HttpAuth.Username, r.config.HttpAuth.Password)
|
|
|
|
}
|
2017-06-26 20:52:03 +00:00
|
|
|
if r.ctx != nil {
|
|
|
|
return req.WithContext(r.ctx), nil
|
|
|
|
}
|
2018-01-28 18:40:13 +00:00
|
|
|
|
|
|
|
return req, nil
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// newRequest is used to create a new request
|
|
|
|
func (c *Client) newRequest(method, path string) *request {
|
|
|
|
r := &request{
|
|
|
|
config: &c.config,
|
|
|
|
method: method,
|
|
|
|
url: &url.URL{
|
|
|
|
Scheme: c.config.Scheme,
|
|
|
|
Host: c.config.Address,
|
|
|
|
Path: path,
|
|
|
|
},
|
|
|
|
params: make(map[string][]string),
|
2016-08-02 20:54:59 +00:00
|
|
|
header: make(http.Header),
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
|
|
|
if c.config.Datacenter != "" {
|
|
|
|
r.params.Set("dc", c.config.Datacenter)
|
|
|
|
}
|
|
|
|
if c.config.WaitTime != 0 {
|
|
|
|
r.params.Set("wait", durToMsec(r.config.WaitTime))
|
|
|
|
}
|
|
|
|
if c.config.Token != "" {
|
2016-08-02 20:54:59 +00:00
|
|
|
r.header.Set("X-Consul-Token", r.config.Token)
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
|
|
|
return r
|
|
|
|
}
|
|
|
|
|
|
|
|
// doRequest runs a request with our client
|
|
|
|
func (c *Client) doRequest(r *request) (time.Duration, *http.Response, error) {
|
|
|
|
req, err := r.toHTTP()
|
|
|
|
if err != nil {
|
|
|
|
return 0, nil, err
|
|
|
|
}
|
|
|
|
start := time.Now()
|
|
|
|
resp, err := c.config.HttpClient.Do(req)
|
2017-10-17 18:38:24 +00:00
|
|
|
diff := time.Since(start)
|
2015-01-06 18:40:00 +00:00
|
|
|
return diff, resp, err
|
|
|
|
}
|
|
|
|
|
2015-02-11 21:53:33 +00:00
|
|
|
// Query is used to do a GET request against an endpoint
|
|
|
|
// and deserialize the response into an interface using
|
|
|
|
// standard Consul conventions.
|
|
|
|
func (c *Client) query(endpoint string, out interface{}, q *QueryOptions) (*QueryMeta, error) {
|
|
|
|
r := c.newRequest("GET", endpoint)
|
|
|
|
r.setQueryOptions(q)
|
|
|
|
rtt, resp, err := requireOK(c.doRequest(r))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
|
|
|
qm := &QueryMeta{}
|
|
|
|
parseQueryMeta(resp, qm)
|
|
|
|
qm.RequestTime = rtt
|
|
|
|
|
|
|
|
if err := decodeBody(resp, out); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return qm, nil
|
|
|
|
}
|
|
|
|
|
2015-02-11 22:01:29 +00:00
|
|
|
// write is used to do a PUT request against an endpoint
|
|
|
|
// and serialize/deserialized using the standard Consul conventions.
|
|
|
|
func (c *Client) write(endpoint string, in, out interface{}, q *WriteOptions) (*WriteMeta, error) {
|
|
|
|
r := c.newRequest("PUT", endpoint)
|
|
|
|
r.setWriteOptions(q)
|
|
|
|
r.obj = in
|
|
|
|
rtt, resp, err := requireOK(c.doRequest(r))
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
defer resp.Body.Close()
|
|
|
|
|
|
|
|
wm := &WriteMeta{RequestTime: rtt}
|
|
|
|
if out != nil {
|
|
|
|
if err := decodeBody(resp, &out); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2017-05-26 03:51:27 +00:00
|
|
|
} else if _, err := ioutil.ReadAll(resp.Body); err != nil {
|
|
|
|
return nil, err
|
2015-02-11 22:01:29 +00:00
|
|
|
}
|
|
|
|
return wm, nil
|
|
|
|
}
|
|
|
|
|
2015-01-06 18:40:00 +00:00
|
|
|
// parseQueryMeta is used to help parse query meta-data
|
|
|
|
func parseQueryMeta(resp *http.Response, q *QueryMeta) error {
|
|
|
|
header := resp.Header
|
|
|
|
|
2018-04-05 16:15:43 +00:00
|
|
|
// Parse the X-Consul-Index (if it's set - hash based blocking queries don't
|
|
|
|
// set this)
|
|
|
|
if indexStr := header.Get("X-Consul-Index"); indexStr != "" {
|
|
|
|
index, err := strconv.ParseUint(indexStr, 10, 64)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Failed to parse X-Consul-Index: %v", err)
|
|
|
|
}
|
|
|
|
q.LastIndex = index
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
2018-04-05 16:15:43 +00:00
|
|
|
q.LastContentHash = header.Get("X-Consul-ContentHash")
|
2015-01-06 18:40:00 +00:00
|
|
|
|
|
|
|
// Parse the X-Consul-LastContact
|
|
|
|
last, err := strconv.ParseUint(header.Get("X-Consul-LastContact"), 10, 64)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Failed to parse X-Consul-LastContact: %v", err)
|
|
|
|
}
|
|
|
|
q.LastContact = time.Duration(last) * time.Millisecond
|
|
|
|
|
|
|
|
// Parse the X-Consul-KnownLeader
|
|
|
|
switch header.Get("X-Consul-KnownLeader") {
|
|
|
|
case "true":
|
|
|
|
q.KnownLeader = true
|
|
|
|
default:
|
|
|
|
q.KnownLeader = false
|
|
|
|
}
|
2016-08-16 18:31:41 +00:00
|
|
|
|
|
|
|
// Parse X-Consul-Translate-Addresses
|
|
|
|
switch header.Get("X-Consul-Translate-Addresses") {
|
|
|
|
case "true":
|
|
|
|
q.AddressTranslationEnabled = true
|
|
|
|
default:
|
|
|
|
q.AddressTranslationEnabled = false
|
|
|
|
}
|
|
|
|
|
2015-01-06 18:40:00 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// decodeBody is used to JSON decode a body
|
|
|
|
func decodeBody(resp *http.Response, out interface{}) error {
|
|
|
|
dec := json.NewDecoder(resp.Body)
|
|
|
|
return dec.Decode(out)
|
|
|
|
}
|
|
|
|
|
|
|
|
// encodeBody is used to encode a request body
|
|
|
|
func encodeBody(obj interface{}) (io.Reader, error) {
|
|
|
|
buf := bytes.NewBuffer(nil)
|
|
|
|
enc := json.NewEncoder(buf)
|
|
|
|
if err := enc.Encode(obj); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return buf, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// requireOK is used to wrap doRequest and check for a 200
|
|
|
|
func requireOK(d time.Duration, resp *http.Response, e error) (time.Duration, *http.Response, error) {
|
|
|
|
if e != nil {
|
2015-01-19 02:53:21 +00:00
|
|
|
if resp != nil {
|
|
|
|
resp.Body.Close()
|
|
|
|
}
|
|
|
|
return d, nil, e
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
|
|
|
if resp.StatusCode != 200 {
|
|
|
|
var buf bytes.Buffer
|
|
|
|
io.Copy(&buf, resp.Body)
|
2015-01-19 02:53:21 +00:00
|
|
|
resp.Body.Close()
|
|
|
|
return d, nil, fmt.Errorf("Unexpected response code: %d (%s)", resp.StatusCode, buf.Bytes())
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|
2015-01-19 02:53:21 +00:00
|
|
|
return d, resp, nil
|
2015-01-06 18:40:00 +00:00
|
|
|
}
|