proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
package state
|
|
|
|
|
|
|
|
import (
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
|
|
|
|
"github.com/hashicorp/consul/acl"
|
|
|
|
"github.com/hashicorp/consul/agent/consul/stream"
|
|
|
|
"github.com/hashicorp/consul/proto/pbsubscribe"
|
|
|
|
)
|
|
|
|
|
2023-01-18 22:14:34 +00:00
|
|
|
// PBToStreamSubscribeRequest takes a protobuf subscribe request and enterprise
|
|
|
|
// metadata to properly generate the matching stream subscribe request.
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
func PBToStreamSubscribeRequest(req *pbsubscribe.SubscribeRequest, entMeta acl.EnterpriseMeta) (*stream.SubscribeRequest, error) {
|
|
|
|
var subject stream.Subject
|
|
|
|
|
|
|
|
if req.GetWildcardSubject() {
|
|
|
|
subject = stream.SubjectWildcard
|
|
|
|
} else {
|
|
|
|
named := req.GetNamedSubject()
|
|
|
|
|
2023-01-18 22:14:34 +00:00
|
|
|
// Support the (deprecated) top-level Key, Partition, Namespace, and PeerName fields.
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
if named == nil {
|
|
|
|
named = &pbsubscribe.NamedSubject{
|
|
|
|
Key: req.Key, // nolint:staticcheck // SA1019 intentional use of deprecated field
|
|
|
|
Partition: req.Partition, // nolint:staticcheck // SA1019 intentional use of deprecated field
|
|
|
|
Namespace: req.Namespace, // nolint:staticcheck // SA1019 intentional use of deprecated field
|
|
|
|
PeerName: req.PeerName, // nolint:staticcheck // SA1019 intentional use of deprecated field
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if named.Key == "" {
|
|
|
|
return nil, errors.New("either WildcardSubject or NamedSubject.Key is required")
|
|
|
|
}
|
|
|
|
|
|
|
|
switch req.Topic {
|
|
|
|
case EventTopicServiceHealth, EventTopicServiceHealthConnect:
|
|
|
|
subject = EventSubjectService{
|
|
|
|
Key: named.Key,
|
|
|
|
EnterpriseMeta: entMeta,
|
|
|
|
PeerName: named.PeerName,
|
|
|
|
}
|
2023-01-18 22:14:34 +00:00
|
|
|
case EventTopicMeshConfig, EventTopicServiceResolver, EventTopicIngressGateway,
|
|
|
|
EventTopicServiceIntentions, EventTopicServiceDefaults, EventTopicAPIGateway,
|
|
|
|
EventTopicTCPRoute, EventTopicHTTPRoute, EventTopicInlineCertificate,
|
|
|
|
EventTopicBoundAPIGateway:
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
subject = EventSubjectConfigEntry{
|
|
|
|
Name: named.Key,
|
|
|
|
EnterpriseMeta: &entMeta,
|
|
|
|
}
|
2022-07-12 10:35:52 +00:00
|
|
|
case EventTopicServiceList:
|
|
|
|
// Events on this topic are published to SubjectNone, but rather than
|
|
|
|
// exposing this in (and further complicating) the streaming API we rely
|
|
|
|
// on consumers passing WildcardSubject instead, which is functionally the
|
|
|
|
// same for this purpose.
|
|
|
|
return nil, fmt.Errorf("topic %s can only be consumed using WildcardSubject", EventTopicServiceList)
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
default:
|
|
|
|
return nil, fmt.Errorf("cannot construct subject for topic %s", req.Topic)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return &stream.SubscribeRequest{
|
|
|
|
Topic: req.Topic,
|
|
|
|
Subject: subject,
|
|
|
|
Token: req.Token,
|
|
|
|
Index: req.Index,
|
|
|
|
}, nil
|
|
|
|
}
|