2019-03-19 17:06:46 +00:00
|
|
|
package structs
|
|
|
|
|
|
2019-03-27 23:52:38 +00:00
|
|
|
import (
|
2022-05-19 22:15:57 +00:00
|
|
|
"errors"
|
2019-03-27 23:52:38 +00:00
|
|
|
"fmt"
|
2022-05-19 22:15:57 +00:00
|
|
|
"net"
|
2019-04-18 04:35:19 +00:00
|
|
|
"strconv"
|
2019-03-27 23:52:38 +00:00
|
|
|
"strings"
|
2020-10-06 18:24:05 +00:00
|
|
|
"time"
|
2019-03-28 06:56:35 +00:00
|
|
|
|
2022-08-31 20:03:38 +00:00
|
|
|
"github.com/miekg/dns"
|
|
|
|
|
|
2020-09-02 19:10:25 +00:00
|
|
|
"github.com/hashicorp/go-multierror"
|
2019-04-18 04:35:19 +00:00
|
|
|
"github.com/mitchellh/hashstructure"
|
2019-04-29 22:08:09 +00:00
|
|
|
"github.com/mitchellh/mapstructure"
|
2020-12-11 21:10:00 +00:00
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
"github.com/hashicorp/consul-net-rpc/go-msgpack/codec"
|
|
|
|
|
|
2020-12-11 21:10:00 +00:00
|
|
|
"github.com/hashicorp/consul/acl"
|
|
|
|
|
"github.com/hashicorp/consul/agent/cache"
|
2023-01-30 21:35:26 +00:00
|
|
|
"github.com/hashicorp/consul/agent/envoyextensions"
|
2020-12-11 21:10:00 +00:00
|
|
|
"github.com/hashicorp/consul/lib"
|
|
|
|
|
"github.com/hashicorp/consul/lib/decode"
|
2019-03-27 23:52:38 +00:00
|
|
|
)
|
2019-03-22 16:25:37 +00:00
|
|
|
|
2019-03-19 17:06:46 +00:00
|
|
|
const (
|
2020-03-31 19:27:32 +00:00
|
|
|
ServiceDefaults string = "service-defaults"
|
|
|
|
|
ProxyDefaults string = "proxy-defaults"
|
|
|
|
|
ServiceRouter string = "service-router"
|
|
|
|
|
ServiceSplitter string = "service-splitter"
|
|
|
|
|
ServiceResolver string = "service-resolver"
|
|
|
|
|
IngressGateway string = "ingress-gateway"
|
|
|
|
|
TerminatingGateway string = "terminating-gateway"
|
2020-10-06 18:24:05 +00:00
|
|
|
ServiceIntentions string = "service-intentions"
|
2021-04-28 22:13:29 +00:00
|
|
|
MeshConfig string = "mesh"
|
2021-12-03 06:50:38 +00:00
|
|
|
ExportedServices string = "exported-services"
|
2023-01-18 22:14:34 +00:00
|
|
|
APIGateway string = "api-gateway"
|
|
|
|
|
BoundAPIGateway string = "bound-api-gateway"
|
|
|
|
|
InlineCertificate string = "inline-certificate"
|
|
|
|
|
HTTPRoute string = "http-route"
|
|
|
|
|
TCPRoute string = "tcp-route"
|
2019-03-22 16:25:37 +00:00
|
|
|
|
2021-04-28 22:13:29 +00:00
|
|
|
ProxyConfigGlobal string = "global"
|
|
|
|
|
MeshConfigMesh string = "mesh"
|
2019-03-27 23:52:38 +00:00
|
|
|
|
|
|
|
|
DefaultServiceProtocol = "tcp"
|
2022-09-26 16:29:06 +00:00
|
|
|
|
|
|
|
|
ConnectionExactBalance = "exact_balance"
|
2019-03-19 17:06:46 +00:00
|
|
|
)
|
|
|
|
|
|
2020-10-06 18:24:05 +00:00
|
|
|
var AllConfigEntryKinds = []string{
|
|
|
|
|
ServiceDefaults,
|
|
|
|
|
ProxyDefaults,
|
|
|
|
|
ServiceRouter,
|
|
|
|
|
ServiceSplitter,
|
|
|
|
|
ServiceResolver,
|
|
|
|
|
IngressGateway,
|
|
|
|
|
TerminatingGateway,
|
|
|
|
|
ServiceIntentions,
|
2021-04-28 22:13:29 +00:00
|
|
|
MeshConfig,
|
2021-12-03 06:50:38 +00:00
|
|
|
ExportedServices,
|
2023-01-18 22:14:34 +00:00
|
|
|
APIGateway,
|
|
|
|
|
BoundAPIGateway,
|
|
|
|
|
HTTPRoute,
|
|
|
|
|
TCPRoute,
|
|
|
|
|
InlineCertificate,
|
2020-10-06 18:24:05 +00:00
|
|
|
}
|
|
|
|
|
|
2019-04-29 22:08:09 +00:00
|
|
|
// ConfigEntry is the interface for centralized configuration stored in Raft.
|
|
|
|
|
// Currently only service-defaults and proxy-defaults are supported.
|
2019-03-19 22:56:17 +00:00
|
|
|
type ConfigEntry interface {
|
|
|
|
|
GetKind() string
|
2019-03-19 17:06:46 +00:00
|
|
|
GetName() string
|
2019-03-19 22:56:17 +00:00
|
|
|
|
2019-03-27 23:52:38 +00:00
|
|
|
// This is called in the RPC endpoint and can apply defaults or limits.
|
2019-03-19 22:56:17 +00:00
|
|
|
Normalize() error
|
2019-03-19 17:06:46 +00:00
|
|
|
Validate() error
|
2019-03-19 22:56:17 +00:00
|
|
|
|
2019-04-23 06:55:11 +00:00
|
|
|
// CanRead and CanWrite return whether or not the given Authorizer
|
2019-04-10 21:27:28 +00:00
|
|
|
// has permission to read or write to the config entry, respectively.
|
2022-06-17 09:24:43 +00:00
|
|
|
// TODO(acl-error-enhancements) This should be resolver.Result or similar but we have to wait until we move things to the acl package
|
2022-03-11 21:45:51 +00:00
|
|
|
CanRead(acl.Authorizer) error
|
|
|
|
|
CanWrite(acl.Authorizer) error
|
2019-04-10 21:27:28 +00:00
|
|
|
|
2020-09-02 19:10:25 +00:00
|
|
|
GetMeta() map[string]string
|
2022-03-13 03:55:53 +00:00
|
|
|
GetEnterpriseMeta() *acl.EnterpriseMeta
|
2019-03-19 22:56:17 +00:00
|
|
|
GetRaftIndex() *RaftIndex
|
2019-03-19 17:06:46 +00:00
|
|
|
}
|
|
|
|
|
|
2023-01-27 19:34:11 +00:00
|
|
|
// ControlledConfigEntry is an optional interface implemented by a ConfigEntry
|
|
|
|
|
// if it is reconciled via a controller and needs to respond with Status values.
|
|
|
|
|
type ControlledConfigEntry interface {
|
|
|
|
|
DefaultStatus() Status
|
|
|
|
|
GetStatus() Status
|
|
|
|
|
SetStatus(status Status)
|
|
|
|
|
ConfigEntry
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-06 18:24:05 +00:00
|
|
|
// UpdatableConfigEntry is the optional interface implemented by a ConfigEntry
|
|
|
|
|
// if it wants more control over how the update part of upsert works
|
|
|
|
|
// differently than a straight create. By default without this implementation
|
|
|
|
|
// all upsert operations are replacements.
|
|
|
|
|
type UpdatableConfigEntry interface {
|
|
|
|
|
// UpdateOver is called from the state machine when an identically named
|
|
|
|
|
// config entry already exists. This lets the config entry optionally
|
|
|
|
|
// choose to use existing information from a config entry (such as
|
|
|
|
|
// CreateTime) to slightly adjust how the update actually happens.
|
|
|
|
|
UpdateOver(prev ConfigEntry) error
|
|
|
|
|
ConfigEntry
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-31 19:18:40 +00:00
|
|
|
// WarningConfigEntry is an optional interface implemented by a ConfigEntry
|
|
|
|
|
// if it wants to be able to emit warnings when it is being upserted.
|
|
|
|
|
type WarningConfigEntry interface {
|
|
|
|
|
Warnings() []string
|
|
|
|
|
|
|
|
|
|
ConfigEntry
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-19 17:06:46 +00:00
|
|
|
// ServiceConfiguration is the top-level struct for the configuration of a service
|
|
|
|
|
// across the entire cluster.
|
2019-03-19 22:56:17 +00:00
|
|
|
type ServiceConfigEntry struct {
|
2022-09-26 16:29:06 +00:00
|
|
|
Kind string
|
|
|
|
|
Name string
|
|
|
|
|
Protocol string
|
|
|
|
|
Mode ProxyMode `json:",omitempty"`
|
|
|
|
|
TransparentProxy TransparentProxyConfig `json:",omitempty" alias:"transparent_proxy"`
|
|
|
|
|
MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"`
|
|
|
|
|
Expose ExposeConfig `json:",omitempty"`
|
|
|
|
|
ExternalSNI string `json:",omitempty" alias:"external_sni"`
|
|
|
|
|
UpstreamConfig *UpstreamConfiguration `json:",omitempty" alias:"upstream_config"`
|
|
|
|
|
Destination *DestinationConfig `json:",omitempty"`
|
|
|
|
|
MaxInboundConnections int `json:",omitempty" alias:"max_inbound_connections"`
|
|
|
|
|
LocalConnectTimeoutMs int `json:",omitempty" alias:"local_connect_timeout_ms"`
|
|
|
|
|
LocalRequestTimeoutMs int `json:",omitempty" alias:"local_request_timeout_ms"`
|
|
|
|
|
BalanceInboundConnections string `json:",omitempty" alias:"balance_inbound_connections"`
|
2023-01-30 21:35:26 +00:00
|
|
|
EnvoyExtensions EnvoyExtensions `json:",omitempty" alias:"envoy_extensions"`
|
2019-03-19 17:06:46 +00:00
|
|
|
|
2022-03-13 03:55:53 +00:00
|
|
|
Meta map[string]string `json:",omitempty"`
|
|
|
|
|
acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
|
2019-03-19 17:06:46 +00:00
|
|
|
RaftIndex
|
|
|
|
|
}
|
|
|
|
|
|
server: config entry replication now correctly uses namespaces in comparisons (#9024)
Previously config entries sharing a kind & name but in different
namespaces could occasionally cause "stuck states" in replication
because the namespace fields were ignored during the differential
comparison phase.
Example:
Two config entries written to the primary:
kind=A,name=web,namespace=bar
kind=A,name=web,namespace=foo
Under the covers these both get saved to memdb, so they are sorted by
all 3 components (kind,name,namespace) during natural iteration. This
means that before the replication code does it's own incomplete sort,
the underlying data IS sorted by namespace ascending (bar comes before
foo).
After one pass of replication the primary and secondary datacenters have
the same set of config entries present. If
"kind=A,name=web,namespace=bar" were to be deleted, then things get
weird. Before replication the two sides look like:
primary: [
kind=A,name=web,namespace=foo
]
secondary: [
kind=A,name=web,namespace=bar
kind=A,name=web,namespace=foo
]
The differential comparison phase walks these two lists in sorted order
and first compares "kind=A,name=web,namespace=foo" vs
"kind=A,name=web,namespace=bar" and falsely determines they are the SAME
and are thus cause an update of "kind=A,name=web,namespace=foo". Then it
compares "<nothing>" with "kind=A,name=web,namespace=foo" and falsely
determines that the latter should be DELETED.
During reconciliation the deletes are processed before updates, and so
for a brief moment in the secondary "kind=A,name=web,namespace=foo" is
erroneously deleted and then immediately restored.
Unfortunately after this replication phase the final state is identical
to the initial state, so when it loops around again (rate limited) it
repeats the same set of operations indefinitely.
2020-10-23 18:41:54 +00:00
|
|
|
func (e *ServiceConfigEntry) Clone() *ServiceConfigEntry {
|
|
|
|
|
e2 := *e
|
|
|
|
|
e2.Expose = e.Expose.Clone()
|
2021-04-15 19:21:44 +00:00
|
|
|
e2.UpstreamConfig = e.UpstreamConfig.Clone()
|
server: config entry replication now correctly uses namespaces in comparisons (#9024)
Previously config entries sharing a kind & name but in different
namespaces could occasionally cause "stuck states" in replication
because the namespace fields were ignored during the differential
comparison phase.
Example:
Two config entries written to the primary:
kind=A,name=web,namespace=bar
kind=A,name=web,namespace=foo
Under the covers these both get saved to memdb, so they are sorted by
all 3 components (kind,name,namespace) during natural iteration. This
means that before the replication code does it's own incomplete sort,
the underlying data IS sorted by namespace ascending (bar comes before
foo).
After one pass of replication the primary and secondary datacenters have
the same set of config entries present. If
"kind=A,name=web,namespace=bar" were to be deleted, then things get
weird. Before replication the two sides look like:
primary: [
kind=A,name=web,namespace=foo
]
secondary: [
kind=A,name=web,namespace=bar
kind=A,name=web,namespace=foo
]
The differential comparison phase walks these two lists in sorted order
and first compares "kind=A,name=web,namespace=foo" vs
"kind=A,name=web,namespace=bar" and falsely determines they are the SAME
and are thus cause an update of "kind=A,name=web,namespace=foo". Then it
compares "<nothing>" with "kind=A,name=web,namespace=foo" and falsely
determines that the latter should be DELETED.
During reconciliation the deletes are processed before updates, and so
for a brief moment in the secondary "kind=A,name=web,namespace=foo" is
erroneously deleted and then immediately restored.
Unfortunately after this replication phase the final state is identical
to the initial state, so when it loops around again (rate limited) it
repeats the same set of operations indefinitely.
2020-10-23 18:41:54 +00:00
|
|
|
return &e2
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-20 23:13:13 +00:00
|
|
|
func (e *ServiceConfigEntry) GetKind() string {
|
2019-03-19 17:06:46 +00:00
|
|
|
return ServiceDefaults
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-20 23:13:13 +00:00
|
|
|
func (e *ServiceConfigEntry) GetName() string {
|
2019-03-22 16:25:37 +00:00
|
|
|
if e == nil {
|
|
|
|
|
return ""
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-20 23:13:13 +00:00
|
|
|
return e.Name
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-02 19:10:25 +00:00
|
|
|
func (e *ServiceConfigEntry) GetMeta() map[string]string {
|
|
|
|
|
if e == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
return e.Meta
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-20 23:13:13 +00:00
|
|
|
func (e *ServiceConfigEntry) Normalize() error {
|
2019-03-22 16:25:37 +00:00
|
|
|
if e == nil {
|
|
|
|
|
return fmt.Errorf("config entry is nil")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
e.Kind = ServiceDefaults
|
2019-08-19 15:44:06 +00:00
|
|
|
e.Protocol = strings.ToLower(e.Protocol)
|
2020-01-24 15:04:58 +00:00
|
|
|
e.EnterpriseMeta.Normalize()
|
|
|
|
|
|
2021-04-15 19:21:44 +00:00
|
|
|
var validationErr error
|
|
|
|
|
|
|
|
|
|
if e.UpstreamConfig != nil {
|
|
|
|
|
for _, override := range e.UpstreamConfig.Overrides {
|
|
|
|
|
err := override.NormalizeWithName(&e.EnterpriseMeta)
|
|
|
|
|
if err != nil {
|
|
|
|
|
validationErr = multierror.Append(validationErr, fmt.Errorf("error in upstream override for %s: %v", override.ServiceName(), err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if e.UpstreamConfig.Defaults != nil {
|
|
|
|
|
err := e.UpstreamConfig.Defaults.NormalizeWithoutName()
|
|
|
|
|
if err != nil {
|
|
|
|
|
validationErr = multierror.Append(validationErr, fmt.Errorf("error in upstream defaults: %v", err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return validationErr
|
2019-03-20 23:13:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e *ServiceConfigEntry) Validate() error {
|
2021-04-15 19:21:44 +00:00
|
|
|
if e.Name == "" {
|
|
|
|
|
return fmt.Errorf("Name is required")
|
|
|
|
|
}
|
2021-04-19 20:23:01 +00:00
|
|
|
if e.Name == WildcardSpecifier {
|
|
|
|
|
return fmt.Errorf("service-defaults name must be the name of a service, and not a wildcard")
|
|
|
|
|
}
|
2021-04-15 19:21:44 +00:00
|
|
|
|
2021-03-09 05:10:27 +00:00
|
|
|
validationErr := validateConfigEntryMeta(e.Meta)
|
|
|
|
|
|
2022-09-26 16:29:06 +00:00
|
|
|
if !isValidConnectionBalance(e.BalanceInboundConnections) {
|
|
|
|
|
validationErr = multierror.Append(validationErr, fmt.Errorf("invalid value for balance_inbound_connections: %v", e.BalanceInboundConnections))
|
|
|
|
|
}
|
|
|
|
|
|
2022-05-19 22:15:57 +00:00
|
|
|
// External endpoints are invalid with an existing service's upstream configuration
|
2022-05-31 20:20:12 +00:00
|
|
|
if e.UpstreamConfig != nil && e.Destination != nil {
|
|
|
|
|
validationErr = multierror.Append(validationErr, errors.New("UpstreamConfig and Destination are mutually exclusive for service defaults"))
|
2022-05-19 22:15:57 +00:00
|
|
|
return validationErr
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-15 19:21:44 +00:00
|
|
|
if e.UpstreamConfig != nil {
|
|
|
|
|
for _, override := range e.UpstreamConfig.Overrides {
|
|
|
|
|
err := override.ValidateWithName()
|
|
|
|
|
if err != nil {
|
|
|
|
|
validationErr = multierror.Append(validationErr, fmt.Errorf("error in upstream override for %s: %v", override.ServiceName(), err))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if e.UpstreamConfig.Defaults != nil {
|
|
|
|
|
if err := e.UpstreamConfig.Defaults.ValidateWithoutName(); err != nil {
|
|
|
|
|
validationErr = multierror.Append(validationErr, fmt.Errorf("error in upstream defaults: %v", err))
|
|
|
|
|
}
|
2021-03-11 04:04:13 +00:00
|
|
|
}
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
|
|
|
|
|
2022-05-31 20:20:12 +00:00
|
|
|
if e.Destination != nil {
|
2022-07-18 21:10:06 +00:00
|
|
|
if e.Destination.Addresses == nil || len(e.Destination.Addresses) == 0 {
|
|
|
|
|
validationErr = multierror.Append(validationErr, errors.New("Destination must contain at least one valid address"))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
seen := make(map[string]bool, len(e.Destination.Addresses))
|
|
|
|
|
for _, address := range e.Destination.Addresses {
|
|
|
|
|
if _, ok := seen[address]; ok {
|
|
|
|
|
validationErr = multierror.Append(validationErr, fmt.Errorf("Duplicate address '%s' is not allowed", address))
|
|
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
seen[address] = true
|
|
|
|
|
|
|
|
|
|
if err := validateEndpointAddress(address); err != nil {
|
|
|
|
|
validationErr = multierror.Append(validationErr, fmt.Errorf("Destination address '%s' is invalid %w", address, err))
|
|
|
|
|
}
|
2022-05-19 22:15:57 +00:00
|
|
|
}
|
|
|
|
|
|
2022-05-31 20:20:12 +00:00
|
|
|
if e.Destination.Port < 1 || e.Destination.Port > 65535 {
|
|
|
|
|
validationErr = multierror.Append(validationErr, fmt.Errorf("Invalid Port number %d", e.Destination.Port))
|
2022-05-19 22:15:57 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-30 21:35:26 +00:00
|
|
|
if err := envoyextensions.ValidateExtensions(e.EnvoyExtensions.ToAPI()); err != nil {
|
2022-12-19 20:19:37 +00:00
|
|
|
validationErr = multierror.Append(validationErr, err)
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-09 05:10:27 +00:00
|
|
|
return validationErr
|
2019-03-20 23:13:13 +00:00
|
|
|
}
|
|
|
|
|
|
2022-05-19 22:15:57 +00:00
|
|
|
func validateEndpointAddress(address string) error {
|
|
|
|
|
var valid bool
|
|
|
|
|
|
|
|
|
|
ip := net.ParseIP(address)
|
|
|
|
|
valid = ip != nil
|
|
|
|
|
|
2022-07-18 21:10:06 +00:00
|
|
|
hasWildcard := strings.Contains(address, "*")
|
|
|
|
|
_, ok := dns.IsDomainName(address)
|
|
|
|
|
valid = valid || (ok && !hasWildcard)
|
2022-05-19 22:15:57 +00:00
|
|
|
|
|
|
|
|
if !valid {
|
2022-07-18 21:10:06 +00:00
|
|
|
return fmt.Errorf("Could not validate address %s as an IP or Hostname", address)
|
2022-05-19 22:15:57 +00:00
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-11 21:45:51 +00:00
|
|
|
func (e *ServiceConfigEntry) CanRead(authz acl.Authorizer) error {
|
2020-01-24 15:04:58 +00:00
|
|
|
var authzContext acl.AuthorizerContext
|
|
|
|
|
e.FillAuthzContext(&authzContext)
|
2022-03-11 21:45:51 +00:00
|
|
|
return authz.ToAllowAuthorizer().ServiceReadAllowed(e.Name, &authzContext)
|
2019-04-10 21:27:28 +00:00
|
|
|
}
|
|
|
|
|
|
2022-03-11 21:45:51 +00:00
|
|
|
func (e *ServiceConfigEntry) CanWrite(authz acl.Authorizer) error {
|
2020-01-24 15:04:58 +00:00
|
|
|
var authzContext acl.AuthorizerContext
|
|
|
|
|
e.FillAuthzContext(&authzContext)
|
2022-03-11 21:45:51 +00:00
|
|
|
return authz.ToAllowAuthorizer().ServiceWriteAllowed(e.Name, &authzContext)
|
2019-04-10 21:27:28 +00:00
|
|
|
}
|
|
|
|
|
|
2019-03-20 23:13:13 +00:00
|
|
|
func (e *ServiceConfigEntry) GetRaftIndex() *RaftIndex {
|
2019-03-22 16:25:37 +00:00
|
|
|
if e == nil {
|
|
|
|
|
return &RaftIndex{}
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-20 23:13:13 +00:00
|
|
|
return &e.RaftIndex
|
|
|
|
|
}
|
|
|
|
|
|
2022-03-13 03:55:53 +00:00
|
|
|
func (e *ServiceConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta {
|
2020-01-24 15:04:58 +00:00
|
|
|
if e == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return &e.EnterpriseMeta
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-15 19:21:44 +00:00
|
|
|
type UpstreamConfiguration struct {
|
|
|
|
|
// Overrides is a slice of per-service configuration. The name field is
|
|
|
|
|
// required.
|
|
|
|
|
Overrides []*UpstreamConfig `json:",omitempty"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
2021-04-15 19:21:44 +00:00
|
|
|
// Defaults contains default configuration for all upstreams of a given
|
|
|
|
|
// service. The name field must be empty.
|
|
|
|
|
Defaults *UpstreamConfig `json:",omitempty"`
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
|
|
|
|
|
2021-04-15 19:21:44 +00:00
|
|
|
func (c *UpstreamConfiguration) Clone() *UpstreamConfiguration {
|
2021-04-15 21:46:21 +00:00
|
|
|
if c == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-15 19:21:44 +00:00
|
|
|
var c2 UpstreamConfiguration
|
|
|
|
|
if len(c.Overrides) > 0 {
|
|
|
|
|
c2.Overrides = make([]*UpstreamConfig, 0, len(c.Overrides))
|
|
|
|
|
for _, o := range c.Overrides {
|
|
|
|
|
dup := o.Clone()
|
|
|
|
|
c2.Overrides = append(c2.Overrides, &dup)
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-15 19:21:44 +00:00
|
|
|
if c.Defaults != nil {
|
|
|
|
|
def2 := c.Defaults.Clone()
|
|
|
|
|
c2.Defaults = &def2
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
|
|
|
|
|
2021-04-15 19:21:44 +00:00
|
|
|
return &c2
|
2019-03-19 17:06:46 +00:00
|
|
|
}
|
|
|
|
|
|
2022-05-31 20:20:12 +00:00
|
|
|
// DestinationConfig represents a virtual service, i.e. one that is external to Consul
|
|
|
|
|
type DestinationConfig struct {
|
2022-07-18 21:10:06 +00:00
|
|
|
// Addresses of the endpoint; hostname or IP
|
|
|
|
|
Addresses []string `json:",omitempty"`
|
2022-05-19 22:15:57 +00:00
|
|
|
|
|
|
|
|
// Port allowed within this endpoint
|
|
|
|
|
Port int `json:",omitempty"`
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-18 21:10:06 +00:00
|
|
|
func IsHostname(address string) bool {
|
|
|
|
|
ip := net.ParseIP(address)
|
2022-05-24 16:51:52 +00:00
|
|
|
return ip == nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-07-18 21:10:06 +00:00
|
|
|
func IsIP(address string) bool {
|
|
|
|
|
ip := net.ParseIP(address)
|
2022-05-24 16:51:52 +00:00
|
|
|
return ip != nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-19 22:56:17 +00:00
|
|
|
// ProxyConfigEntry is the top-level struct for global proxy configuration defaults.
|
|
|
|
|
type ProxyConfigEntry struct {
|
2021-03-11 06:08:41 +00:00
|
|
|
Kind string
|
|
|
|
|
Name string
|
|
|
|
|
Config map[string]interface{}
|
2021-04-12 15:35:14 +00:00
|
|
|
Mode ProxyMode `json:",omitempty"`
|
|
|
|
|
TransparentProxy TransparentProxyConfig `json:",omitempty" alias:"transparent_proxy"`
|
|
|
|
|
MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"`
|
|
|
|
|
Expose ExposeConfig `json:",omitempty"`
|
2022-12-13 19:52:18 +00:00
|
|
|
AccessLogs AccessLogsConfig `json:",omitempty" alias:"access_logs"`
|
2023-01-30 21:35:26 +00:00
|
|
|
EnvoyExtensions EnvoyExtensions `json:",omitempty" alias:"envoy_extensions"`
|
2019-03-19 22:56:17 +00:00
|
|
|
|
2022-03-13 03:55:53 +00:00
|
|
|
Meta map[string]string `json:",omitempty"`
|
|
|
|
|
acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
|
2019-03-19 22:56:17 +00:00
|
|
|
RaftIndex
|
2019-03-19 17:06:46 +00:00
|
|
|
}
|
|
|
|
|
|
2019-03-20 23:13:13 +00:00
|
|
|
func (e *ProxyConfigEntry) GetKind() string {
|
2019-03-19 17:06:46 +00:00
|
|
|
return ProxyDefaults
|
|
|
|
|
}
|
2019-03-19 22:56:17 +00:00
|
|
|
|
2019-03-20 23:13:13 +00:00
|
|
|
func (e *ProxyConfigEntry) GetName() string {
|
2019-03-22 16:25:37 +00:00
|
|
|
if e == nil {
|
|
|
|
|
return ""
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-20 23:13:13 +00:00
|
|
|
return e.Name
|
2019-03-19 22:56:17 +00:00
|
|
|
}
|
|
|
|
|
|
2020-09-02 19:10:25 +00:00
|
|
|
func (e *ProxyConfigEntry) GetMeta() map[string]string {
|
|
|
|
|
if e == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
return e.Meta
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-20 23:13:13 +00:00
|
|
|
func (e *ProxyConfigEntry) Normalize() error {
|
2019-03-22 16:25:37 +00:00
|
|
|
if e == nil {
|
|
|
|
|
return fmt.Errorf("config entry is nil")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
e.Kind = ProxyDefaults
|
2022-08-31 20:03:38 +00:00
|
|
|
|
|
|
|
|
// proxy default config only accepts global configs
|
|
|
|
|
// this check is replicated in normalize() and validate(),
|
|
|
|
|
// since validate is not called by all the endpoints (e.g., delete)
|
|
|
|
|
if e.Name != "" && e.Name != ProxyConfigGlobal {
|
|
|
|
|
return fmt.Errorf("invalid name (%q), only %q is supported", e.Name, ProxyConfigGlobal)
|
|
|
|
|
}
|
2019-04-07 06:38:08 +00:00
|
|
|
e.Name = ProxyConfigGlobal
|
2019-03-22 16:25:37 +00:00
|
|
|
|
2020-01-24 15:04:58 +00:00
|
|
|
e.EnterpriseMeta.Normalize()
|
|
|
|
|
|
2019-03-19 22:56:17 +00:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-20 23:13:13 +00:00
|
|
|
func (e *ProxyConfigEntry) Validate() error {
|
2019-03-22 16:25:37 +00:00
|
|
|
if e == nil {
|
|
|
|
|
return fmt.Errorf("config entry is nil")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if e.Name != ProxyConfigGlobal {
|
|
|
|
|
return fmt.Errorf("invalid name (%q), only %q is supported", e.Name, ProxyConfigGlobal)
|
|
|
|
|
}
|
|
|
|
|
|
2022-12-22 20:18:15 +00:00
|
|
|
if err := e.AccessLogs.Validate(); err != nil {
|
|
|
|
|
return err
|
2022-12-13 19:52:18 +00:00
|
|
|
}
|
|
|
|
|
|
2020-09-02 19:10:25 +00:00
|
|
|
if err := validateConfigEntryMeta(e.Meta); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-30 21:35:26 +00:00
|
|
|
if err := envoyextensions.ValidateExtensions(e.EnvoyExtensions.ToAPI()); err != nil {
|
2022-12-19 20:19:37 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-24 15:04:58 +00:00
|
|
|
return e.validateEnterpriseMeta()
|
2019-03-19 22:56:17 +00:00
|
|
|
}
|
|
|
|
|
|
2022-03-11 21:45:51 +00:00
|
|
|
func (e *ProxyConfigEntry) CanRead(authz acl.Authorizer) error {
|
|
|
|
|
return nil
|
2019-04-10 21:27:28 +00:00
|
|
|
}
|
|
|
|
|
|
2022-03-11 21:45:51 +00:00
|
|
|
func (e *ProxyConfigEntry) CanWrite(authz acl.Authorizer) error {
|
2020-01-24 15:04:58 +00:00
|
|
|
var authzContext acl.AuthorizerContext
|
|
|
|
|
e.FillAuthzContext(&authzContext)
|
2022-03-11 21:45:51 +00:00
|
|
|
return authz.ToAllowAuthorizer().MeshWriteAllowed(&authzContext)
|
2019-04-10 21:27:28 +00:00
|
|
|
}
|
|
|
|
|
|
2019-03-20 23:13:13 +00:00
|
|
|
func (e *ProxyConfigEntry) GetRaftIndex() *RaftIndex {
|
2019-03-22 16:25:37 +00:00
|
|
|
if e == nil {
|
|
|
|
|
return &RaftIndex{}
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-20 23:13:13 +00:00
|
|
|
return &e.RaftIndex
|
2019-03-19 22:56:17 +00:00
|
|
|
}
|
|
|
|
|
|
2022-03-13 03:55:53 +00:00
|
|
|
func (e *ProxyConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta {
|
2020-01-24 15:04:58 +00:00
|
|
|
if e == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return &e.EnterpriseMeta
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-29 22:08:09 +00:00
|
|
|
func (e *ProxyConfigEntry) MarshalBinary() (data []byte, err error) {
|
|
|
|
|
// We mainly want to implement the BinaryMarshaller interface so that
|
|
|
|
|
// we can fixup some msgpack types to coerce them into JSON compatible
|
|
|
|
|
// values. No special encoding needs to be done - we just simply msgpack
|
|
|
|
|
// encode the struct which requires a type alias to prevent recursively
|
|
|
|
|
// calling this function.
|
|
|
|
|
|
|
|
|
|
type alias ProxyConfigEntry
|
|
|
|
|
|
|
|
|
|
a := alias(*e)
|
|
|
|
|
|
|
|
|
|
// bs will grow if needed but allocate enough to avoid reallocation in common
|
|
|
|
|
// case.
|
|
|
|
|
bs := make([]byte, 128)
|
2020-02-07 21:50:24 +00:00
|
|
|
enc := codec.NewEncoderBytes(&bs, MsgpackHandle)
|
2019-04-29 22:08:09 +00:00
|
|
|
err = enc.Encode(a)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return bs, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (e *ProxyConfigEntry) UnmarshalBinary(data []byte) error {
|
|
|
|
|
// The goal here is to add a post-decoding operation to
|
|
|
|
|
// decoding of a ProxyConfigEntry. The cleanest way I could
|
|
|
|
|
// find to do so was to implement the BinaryMarshaller interface
|
|
|
|
|
// and use a type alias to do the original round of decoding,
|
|
|
|
|
// followed by a MapWalk of the Config to coerce everything
|
|
|
|
|
// into JSON compatible types.
|
|
|
|
|
type alias ProxyConfigEntry
|
|
|
|
|
|
|
|
|
|
var a alias
|
2020-02-07 21:50:24 +00:00
|
|
|
dec := codec.NewDecoderBytes(data, MsgpackHandle)
|
2019-04-29 22:08:09 +00:00
|
|
|
if err := dec.Decode(&a); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*e = ProxyConfigEntry(a)
|
|
|
|
|
|
|
|
|
|
config, err := lib.MapWalk(e.Config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
e.Config = config
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// DecodeConfigEntry can be used to decode a ConfigEntry from a raw map value.
|
|
|
|
|
// Currently its used in the HTTP API to decode ConfigEntry structs coming from
|
|
|
|
|
// JSON. Unlike some of our custom binary encodings we don't have a preamble including
|
|
|
|
|
// the kind so we will not have a concrete type to decode into. In those cases we must
|
|
|
|
|
// first decode into a map[string]interface{} and then call this function to decode
|
|
|
|
|
// into a concrete type.
|
2019-07-12 17:20:30 +00:00
|
|
|
//
|
|
|
|
|
// There is an 'api' variation of this in
|
|
|
|
|
// command/config/write/config_write.go:newDecodeConfigEntry
|
2019-04-29 22:08:09 +00:00
|
|
|
func DecodeConfigEntry(raw map[string]interface{}) (ConfigEntry, error) {
|
|
|
|
|
var entry ConfigEntry
|
|
|
|
|
|
|
|
|
|
kindVal, ok := raw["Kind"]
|
|
|
|
|
if !ok {
|
2019-07-12 17:20:30 +00:00
|
|
|
kindVal, ok = raw["kind"]
|
|
|
|
|
}
|
|
|
|
|
if !ok {
|
|
|
|
|
return nil, fmt.Errorf("Payload does not contain a kind/Kind key at the top level")
|
2019-04-29 22:08:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if kindStr, ok := kindVal.(string); ok {
|
|
|
|
|
newEntry, err := MakeConfigEntry(kindStr, "")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
entry = newEntry
|
|
|
|
|
} else {
|
|
|
|
|
return nil, fmt.Errorf("Kind value in payload is not a string")
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-12 17:20:30 +00:00
|
|
|
var md mapstructure.Metadata
|
2019-04-29 22:08:09 +00:00
|
|
|
decodeConf := &mapstructure.DecoderConfig{
|
2020-05-27 18:42:01 +00:00
|
|
|
DecodeHook: mapstructure.ComposeDecodeHookFunc(
|
2020-05-27 17:02:22 +00:00
|
|
|
decode.HookWeakDecodeFromSlice,
|
2020-05-27 18:42:01 +00:00
|
|
|
decode.HookTranslateKeys,
|
|
|
|
|
mapstructure.StringToTimeDurationHookFunc(),
|
2020-10-06 18:24:05 +00:00
|
|
|
mapstructure.StringToTimeHookFunc(time.RFC3339),
|
2020-05-27 18:42:01 +00:00
|
|
|
),
|
2019-07-12 17:20:30 +00:00
|
|
|
Metadata: &md,
|
|
|
|
|
Result: &entry,
|
|
|
|
|
WeaklyTypedInput: true,
|
2019-04-29 22:08:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
decoder, err := mapstructure.NewDecoder(decodeConf)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-12 17:20:30 +00:00
|
|
|
if err := decoder.Decode(raw); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2020-06-25 19:58:29 +00:00
|
|
|
if err := validateUnusedKeys(md.Unused); err != nil {
|
2019-07-12 17:20:30 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return entry, nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-03-19 22:56:17 +00:00
|
|
|
type ConfigEntryOp string
|
|
|
|
|
|
|
|
|
|
const (
|
2023-01-27 19:34:11 +00:00
|
|
|
ConfigEntryUpsert ConfigEntryOp = "upsert"
|
|
|
|
|
ConfigEntryUpsertCAS ConfigEntryOp = "upsert-cas"
|
|
|
|
|
ConfigEntryUpsertWithStatusCAS ConfigEntryOp = "upsert-with-status-cas"
|
|
|
|
|
ConfigEntryDelete ConfigEntryOp = "delete"
|
|
|
|
|
ConfigEntryDeleteCAS ConfigEntryOp = "delete-cas"
|
2019-03-19 22:56:17 +00:00
|
|
|
)
|
|
|
|
|
|
2019-04-07 06:38:08 +00:00
|
|
|
// ConfigEntryRequest is used when creating/updating/deleting a ConfigEntry.
|
2019-03-19 22:56:17 +00:00
|
|
|
type ConfigEntryRequest struct {
|
2019-04-07 06:38:08 +00:00
|
|
|
Op ConfigEntryOp
|
|
|
|
|
Datacenter string
|
|
|
|
|
Entry ConfigEntry
|
|
|
|
|
|
|
|
|
|
WriteRequest
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *ConfigEntryRequest) RequestDatacenter() string {
|
|
|
|
|
return c.Datacenter
|
2019-03-19 22:56:17 +00:00
|
|
|
}
|
2019-03-28 06:56:35 +00:00
|
|
|
|
2019-04-07 06:38:08 +00:00
|
|
|
func (c *ConfigEntryRequest) MarshalBinary() (data []byte, err error) {
|
2019-03-28 06:56:35 +00:00
|
|
|
// bs will grow if needed but allocate enough to avoid reallocation in common
|
|
|
|
|
// case.
|
|
|
|
|
bs := make([]byte, 128)
|
2020-02-07 21:50:24 +00:00
|
|
|
enc := codec.NewEncoderBytes(&bs, MsgpackHandle)
|
2019-03-28 06:56:35 +00:00
|
|
|
// Encode kind first
|
2019-04-07 06:38:08 +00:00
|
|
|
err = enc.Encode(c.Entry.GetKind())
|
2019-03-28 06:56:35 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
// Then actual value using alias trick to avoid infinite recursion
|
|
|
|
|
type Alias ConfigEntryRequest
|
|
|
|
|
err = enc.Encode(struct {
|
|
|
|
|
*Alias
|
|
|
|
|
}{
|
2019-04-07 06:38:08 +00:00
|
|
|
Alias: (*Alias)(c),
|
2019-03-28 06:56:35 +00:00
|
|
|
})
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return bs, nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-07 06:38:08 +00:00
|
|
|
func (c *ConfigEntryRequest) UnmarshalBinary(data []byte) error {
|
2019-03-28 06:56:35 +00:00
|
|
|
// First decode the kind prefix
|
|
|
|
|
var kind string
|
2020-02-07 21:50:24 +00:00
|
|
|
dec := codec.NewDecoderBytes(data, MsgpackHandle)
|
2019-03-28 06:56:35 +00:00
|
|
|
if err := dec.Decode(&kind); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Then decode the real thing with appropriate kind of ConfigEntry
|
2019-04-10 21:27:28 +00:00
|
|
|
entry, err := MakeConfigEntry(kind, "")
|
2019-04-02 22:42:12 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2019-04-07 06:38:08 +00:00
|
|
|
c.Entry = entry
|
2019-03-28 06:56:35 +00:00
|
|
|
|
|
|
|
|
// Alias juggling to prevent infinite recursive calls back to this decode
|
|
|
|
|
// method.
|
|
|
|
|
type Alias ConfigEntryRequest
|
|
|
|
|
as := struct {
|
|
|
|
|
*Alias
|
|
|
|
|
}{
|
2019-04-07 06:38:08 +00:00
|
|
|
Alias: (*Alias)(c),
|
2019-03-28 06:56:35 +00:00
|
|
|
}
|
|
|
|
|
if err := dec.Decode(&as); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-10 21:27:28 +00:00
|
|
|
func MakeConfigEntry(kind, name string) (ConfigEntry, error) {
|
2019-03-28 06:56:35 +00:00
|
|
|
switch kind {
|
|
|
|
|
case ServiceDefaults:
|
2019-04-10 21:27:28 +00:00
|
|
|
return &ServiceConfigEntry{Name: name}, nil
|
2019-03-28 06:56:35 +00:00
|
|
|
case ProxyDefaults:
|
2019-04-10 21:27:28 +00:00
|
|
|
return &ProxyConfigEntry{Name: name}, nil
|
2019-06-27 17:37:43 +00:00
|
|
|
case ServiceRouter:
|
|
|
|
|
return &ServiceRouterConfigEntry{Name: name}, nil
|
|
|
|
|
case ServiceSplitter:
|
|
|
|
|
return &ServiceSplitterConfigEntry{Name: name}, nil
|
|
|
|
|
case ServiceResolver:
|
|
|
|
|
return &ServiceResolverConfigEntry{Name: name}, nil
|
2020-03-31 16:59:10 +00:00
|
|
|
case IngressGateway:
|
|
|
|
|
return &IngressGatewayConfigEntry{Name: name}, nil
|
2020-03-31 19:27:32 +00:00
|
|
|
case TerminatingGateway:
|
|
|
|
|
return &TerminatingGatewayConfigEntry{Name: name}, nil
|
2020-10-06 18:24:05 +00:00
|
|
|
case ServiceIntentions:
|
|
|
|
|
return &ServiceIntentionsConfigEntry{Name: name}, nil
|
2021-04-28 22:13:29 +00:00
|
|
|
case MeshConfig:
|
2021-04-29 19:54:27 +00:00
|
|
|
return &MeshConfigEntry{}, nil
|
2021-12-03 06:50:38 +00:00
|
|
|
case ExportedServices:
|
|
|
|
|
return &ExportedServicesConfigEntry{Name: name}, nil
|
2023-01-18 22:14:34 +00:00
|
|
|
case APIGateway:
|
|
|
|
|
return &APIGatewayConfigEntry{Name: name}, nil
|
|
|
|
|
case BoundAPIGateway:
|
|
|
|
|
return &BoundAPIGatewayConfigEntry{Name: name}, nil
|
|
|
|
|
case InlineCertificate:
|
|
|
|
|
return &InlineCertificateConfigEntry{Name: name}, nil
|
|
|
|
|
case HTTPRoute:
|
|
|
|
|
return &HTTPRouteConfigEntry{Name: name}, nil
|
|
|
|
|
case TCPRoute:
|
|
|
|
|
return &TCPRouteConfigEntry{Name: name}, nil
|
2019-03-28 06:56:35 +00:00
|
|
|
default:
|
2019-04-02 22:42:12 +00:00
|
|
|
return nil, fmt.Errorf("invalid config entry kind: %s", kind)
|
2019-03-28 06:56:35 +00:00
|
|
|
}
|
|
|
|
|
}
|
2019-04-07 06:38:08 +00:00
|
|
|
|
|
|
|
|
// ConfigEntryQuery is used when requesting info about a config entry.
|
|
|
|
|
type ConfigEntryQuery struct {
|
|
|
|
|
Kind string
|
|
|
|
|
Name string
|
|
|
|
|
Datacenter string
|
|
|
|
|
|
2022-03-13 03:55:53 +00:00
|
|
|
acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
|
2019-04-07 06:38:08 +00:00
|
|
|
QueryOptions
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *ConfigEntryQuery) RequestDatacenter() string {
|
|
|
|
|
return c.Datacenter
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-02 00:45:42 +00:00
|
|
|
func (r *ConfigEntryQuery) CacheInfo() cache.RequestInfo {
|
|
|
|
|
info := cache.RequestInfo{
|
|
|
|
|
Token: r.Token,
|
|
|
|
|
Datacenter: r.Datacenter,
|
|
|
|
|
MinIndex: r.MinQueryIndex,
|
|
|
|
|
Timeout: r.MaxQueryTime,
|
|
|
|
|
MaxAge: r.MaxAge,
|
|
|
|
|
MustRevalidate: r.MustRevalidate,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
v, err := hashstructure.Hash([]interface{}{
|
|
|
|
|
r.Kind,
|
|
|
|
|
r.Name,
|
|
|
|
|
r.Filter,
|
2020-02-11 00:26:01 +00:00
|
|
|
r.EnterpriseMeta,
|
2019-07-02 00:45:42 +00:00
|
|
|
}, nil)
|
|
|
|
|
if err == nil {
|
|
|
|
|
// If there is an error, we don't set the key. A blank key forces
|
|
|
|
|
// no cache for this request so the request is forwarded directly
|
|
|
|
|
// to the server.
|
|
|
|
|
info.Key = strconv.FormatUint(v, 10)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return info
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-06 18:24:05 +00:00
|
|
|
// ConfigEntryListAllRequest is used when requesting to list all config entries
|
|
|
|
|
// of a set of kinds.
|
|
|
|
|
type ConfigEntryListAllRequest struct {
|
|
|
|
|
// Kinds should always be set. For backwards compatibility with versions
|
|
|
|
|
// prior to 1.9.0, if this is omitted or left empty it is assumed to mean
|
|
|
|
|
// the subset of config entry kinds that were present in 1.8.0:
|
|
|
|
|
//
|
|
|
|
|
// proxy-defaults, service-defaults, service-resolver, service-splitter,
|
|
|
|
|
// service-router, terminating-gateway, and ingress-gateway.
|
|
|
|
|
Kinds []string
|
|
|
|
|
Datacenter string
|
|
|
|
|
|
2022-03-13 03:55:53 +00:00
|
|
|
acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
|
2020-10-06 18:24:05 +00:00
|
|
|
QueryOptions
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (r *ConfigEntryListAllRequest) RequestDatacenter() string {
|
|
|
|
|
return r.Datacenter
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-07 06:38:08 +00:00
|
|
|
// ServiceConfigRequest is used when requesting the resolved configuration
|
|
|
|
|
// for a service.
|
|
|
|
|
type ServiceConfigRequest struct {
|
|
|
|
|
Name string
|
|
|
|
|
Datacenter string
|
2021-03-11 04:05:11 +00:00
|
|
|
|
2021-03-15 20:32:13 +00:00
|
|
|
// MeshGateway contains the mesh gateway configuration from the requesting proxy's registration
|
|
|
|
|
MeshGateway MeshGatewayConfig
|
|
|
|
|
|
2021-04-12 15:35:14 +00:00
|
|
|
// Mode indicates how the requesting proxy's listeners are dialed
|
|
|
|
|
Mode ProxyMode
|
2021-03-20 04:03:17 +00:00
|
|
|
|
2021-03-11 04:05:11 +00:00
|
|
|
UpstreamIDs []ServiceID
|
|
|
|
|
|
2020-01-24 15:04:58 +00:00
|
|
|
// DEPRECATED
|
|
|
|
|
// Upstreams is a list of upstream service names to use for resolving the service config
|
|
|
|
|
// UpstreamIDs should be used instead which can encode more than just the name to
|
|
|
|
|
// uniquely identify a service.
|
2021-03-11 04:05:11 +00:00
|
|
|
Upstreams []string
|
2019-04-07 06:38:08 +00:00
|
|
|
|
2022-03-13 03:55:53 +00:00
|
|
|
acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
|
2019-04-07 06:38:08 +00:00
|
|
|
QueryOptions
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (s *ServiceConfigRequest) RequestDatacenter() string {
|
|
|
|
|
return s.Datacenter
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-18 04:35:19 +00:00
|
|
|
func (r *ServiceConfigRequest) CacheInfo() cache.RequestInfo {
|
|
|
|
|
info := cache.RequestInfo{
|
|
|
|
|
Token: r.Token,
|
|
|
|
|
Datacenter: r.Datacenter,
|
|
|
|
|
MinIndex: r.MinQueryIndex,
|
|
|
|
|
Timeout: r.MaxQueryTime,
|
|
|
|
|
MaxAge: r.MaxAge,
|
|
|
|
|
MustRevalidate: r.MustRevalidate,
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-01 23:39:31 +00:00
|
|
|
// To calculate the cache key we only hash the service name and upstream set.
|
|
|
|
|
// We don't want ordering of the upstreams to affect the outcome so use an
|
|
|
|
|
// anonymous struct field with hash:set behavior. Note the order of fields in
|
|
|
|
|
// the slice would affect cache keys if we ever persist between agent restarts
|
|
|
|
|
// and change it.
|
|
|
|
|
v, err := hashstructure.Hash(struct {
|
2021-05-31 21:22:16 +00:00
|
|
|
Name string
|
2022-03-13 03:55:53 +00:00
|
|
|
EnterpriseMeta acl.EnterpriseMeta
|
2021-05-31 21:22:16 +00:00
|
|
|
Upstreams []string `hash:"set"`
|
|
|
|
|
UpstreamIDs []ServiceID `hash:"set"`
|
|
|
|
|
MeshGatewayConfig MeshGatewayConfig
|
|
|
|
|
ProxyMode ProxyMode
|
|
|
|
|
Filter string
|
2019-05-01 23:39:31 +00:00
|
|
|
}{
|
2021-05-31 21:22:16 +00:00
|
|
|
Name: r.Name,
|
|
|
|
|
EnterpriseMeta: r.EnterpriseMeta,
|
|
|
|
|
Upstreams: r.Upstreams,
|
|
|
|
|
UpstreamIDs: r.UpstreamIDs,
|
|
|
|
|
ProxyMode: r.Mode,
|
|
|
|
|
MeshGatewayConfig: r.MeshGateway,
|
|
|
|
|
Filter: r.QueryOptions.Filter,
|
2019-05-01 23:39:31 +00:00
|
|
|
}, nil)
|
2019-04-18 04:35:19 +00:00
|
|
|
if err == nil {
|
|
|
|
|
// If there is an error, we don't set the key. A blank key forces
|
|
|
|
|
// no cache for this request so the request is forwarded directly
|
|
|
|
|
// to the server.
|
|
|
|
|
info.Key = strconv.FormatUint(v, 10)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return info
|
|
|
|
|
}
|
|
|
|
|
|
2020-01-24 15:04:58 +00:00
|
|
|
type UpstreamConfig struct {
|
2021-04-15 19:21:44 +00:00
|
|
|
// Name is only accepted within a service-defaults config entry.
|
|
|
|
|
Name string `json:",omitempty"`
|
|
|
|
|
// EnterpriseMeta is only accepted within a service-defaults config entry.
|
2022-03-13 03:55:53 +00:00
|
|
|
acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
|
2021-04-15 19:21:44 +00:00
|
|
|
|
2021-03-15 20:12:57 +00:00
|
|
|
// EnvoyListenerJSON is a complete override ("escape hatch") for the upstream's
|
2021-03-09 05:10:27 +00:00
|
|
|
// listener.
|
|
|
|
|
//
|
|
|
|
|
// Note: This escape hatch is NOT compatible with the discovery chain and
|
|
|
|
|
// will be ignored if a discovery chain is active.
|
2021-03-15 20:12:57 +00:00
|
|
|
EnvoyListenerJSON string `json:",omitempty" alias:"envoy_listener_json"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
2021-03-15 20:12:57 +00:00
|
|
|
// EnvoyClusterJSON is a complete override ("escape hatch") for the upstream's
|
2021-03-09 05:10:27 +00:00
|
|
|
// cluster. The Connect client TLS certificate and context will be injected
|
|
|
|
|
// overriding any TLS settings present.
|
|
|
|
|
//
|
|
|
|
|
// Note: This escape hatch is NOT compatible with the discovery chain and
|
|
|
|
|
// will be ignored if a discovery chain is active.
|
2021-03-15 20:12:57 +00:00
|
|
|
EnvoyClusterJSON string `json:",omitempty" alias:"envoy_cluster_json"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
|
// Protocol describes the upstream's service protocol. Valid values are "tcp",
|
|
|
|
|
// "http" and "grpc". Anything else is treated as tcp. The enables protocol
|
|
|
|
|
// aware features like per-request metrics and connection pooling, tracing,
|
|
|
|
|
// routing etc.
|
2021-03-15 19:23:18 +00:00
|
|
|
Protocol string `json:",omitempty"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
|
// ConnectTimeoutMs is the number of milliseconds to timeout making a new
|
|
|
|
|
// connection to this upstream. Defaults to 5000 (5 seconds) if not set.
|
2021-03-15 19:23:18 +00:00
|
|
|
ConnectTimeoutMs int `json:",omitempty" alias:"connect_timeout_ms"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
|
// Limits are the set of limits that are applied to the proxy for a specific upstream of a
|
|
|
|
|
// service instance.
|
2021-03-11 18:04:40 +00:00
|
|
|
Limits *UpstreamLimits `json:",omitempty"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
|
// PassiveHealthCheck configuration determines how upstream proxy instances will
|
|
|
|
|
// be monitored for removal from the load balancing pool.
|
2021-03-11 18:04:40 +00:00
|
|
|
PassiveHealthCheck *PassiveHealthCheck `json:",omitempty" alias:"passive_health_check"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
|
// MeshGatewayConfig controls how Mesh Gateways are configured and used
|
|
|
|
|
MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway" `
|
2022-09-26 16:29:06 +00:00
|
|
|
|
|
|
|
|
// BalanceOutboundConnections indicates how the proxy should attempt to distribute
|
|
|
|
|
// connections across worker threads. Only used by envoy proxies.
|
|
|
|
|
BalanceOutboundConnections string `json:",omitempty" alias:"balance_outbound_connections"`
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
|
|
|
|
|
2021-04-15 19:21:44 +00:00
|
|
|
func (cfg UpstreamConfig) Clone() UpstreamConfig {
|
|
|
|
|
cfg2 := cfg
|
|
|
|
|
|
|
|
|
|
cfg2.Limits = cfg.Limits.Clone()
|
|
|
|
|
cfg2.PassiveHealthCheck = cfg.PassiveHealthCheck.Clone()
|
|
|
|
|
|
|
|
|
|
return cfg2
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (cfg *UpstreamConfig) ServiceID() ServiceID {
|
|
|
|
|
if cfg.Name == "" {
|
|
|
|
|
return ServiceID{}
|
|
|
|
|
}
|
|
|
|
|
return NewServiceID(cfg.Name, &cfg.EnterpriseMeta)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (cfg *UpstreamConfig) ServiceName() ServiceName {
|
|
|
|
|
if cfg.Name == "" {
|
|
|
|
|
return ServiceName{}
|
|
|
|
|
}
|
|
|
|
|
return NewServiceName(cfg.Name, &cfg.EnterpriseMeta)
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-15 20:12:57 +00:00
|
|
|
func (cfg UpstreamConfig) MergeInto(dst map[string]interface{}) {
|
2021-03-11 04:04:13 +00:00
|
|
|
// Avoid storing empty values in the map, since these can act as overrides
|
2021-03-15 20:12:57 +00:00
|
|
|
if cfg.EnvoyListenerJSON != "" {
|
|
|
|
|
dst["envoy_listener_json"] = cfg.EnvoyListenerJSON
|
2021-03-11 04:04:13 +00:00
|
|
|
}
|
2021-03-15 20:12:57 +00:00
|
|
|
if cfg.EnvoyClusterJSON != "" {
|
|
|
|
|
dst["envoy_cluster_json"] = cfg.EnvoyClusterJSON
|
2021-03-11 04:04:13 +00:00
|
|
|
}
|
|
|
|
|
if cfg.Protocol != "" {
|
|
|
|
|
dst["protocol"] = cfg.Protocol
|
|
|
|
|
}
|
|
|
|
|
if cfg.ConnectTimeoutMs != 0 {
|
|
|
|
|
dst["connect_timeout_ms"] = cfg.ConnectTimeoutMs
|
|
|
|
|
}
|
|
|
|
|
if !cfg.MeshGateway.IsZero() {
|
|
|
|
|
dst["mesh_gateway"] = cfg.MeshGateway
|
|
|
|
|
}
|
2021-03-11 18:04:40 +00:00
|
|
|
if cfg.Limits != nil {
|
2021-03-11 04:04:13 +00:00
|
|
|
dst["limits"] = cfg.Limits
|
|
|
|
|
}
|
2021-03-11 18:04:40 +00:00
|
|
|
if cfg.PassiveHealthCheck != nil {
|
2021-03-11 04:04:13 +00:00
|
|
|
dst["passive_health_check"] = cfg.PassiveHealthCheck
|
|
|
|
|
}
|
2022-09-26 16:29:06 +00:00
|
|
|
if cfg.BalanceOutboundConnections != "" {
|
|
|
|
|
dst["balance_outbound_connections"] = cfg.BalanceOutboundConnections
|
|
|
|
|
}
|
2021-03-11 04:04:13 +00:00
|
|
|
}
|
|
|
|
|
|
2021-04-15 19:21:44 +00:00
|
|
|
func (cfg *UpstreamConfig) NormalizeWithoutName() error {
|
|
|
|
|
return cfg.normalize(false, nil)
|
|
|
|
|
}
|
2022-03-13 03:55:53 +00:00
|
|
|
func (cfg *UpstreamConfig) NormalizeWithName(entMeta *acl.EnterpriseMeta) error {
|
2021-04-15 19:21:44 +00:00
|
|
|
return cfg.normalize(true, entMeta)
|
|
|
|
|
}
|
2022-03-13 03:55:53 +00:00
|
|
|
func (cfg *UpstreamConfig) normalize(named bool, entMeta *acl.EnterpriseMeta) error {
|
2021-04-15 19:21:44 +00:00
|
|
|
if named {
|
|
|
|
|
// If the upstream namespace is omitted it inherits that of the enclosing
|
|
|
|
|
// config entry.
|
|
|
|
|
cfg.EnterpriseMeta.MergeNoWildcard(entMeta)
|
|
|
|
|
cfg.EnterpriseMeta.Normalize()
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-15 20:12:15 +00:00
|
|
|
cfg.Protocol = strings.ToLower(cfg.Protocol)
|
2021-03-09 05:10:27 +00:00
|
|
|
|
2021-03-18 03:37:55 +00:00
|
|
|
if cfg.ConnectTimeoutMs < 0 {
|
|
|
|
|
cfg.ConnectTimeoutMs = 0
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
2021-04-15 19:21:44 +00:00
|
|
|
return nil
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
|
|
|
|
|
2021-04-15 19:21:44 +00:00
|
|
|
func (cfg UpstreamConfig) ValidateWithoutName() error {
|
|
|
|
|
return cfg.validate(false)
|
|
|
|
|
}
|
|
|
|
|
func (cfg UpstreamConfig) ValidateWithName() error {
|
|
|
|
|
return cfg.validate(true)
|
|
|
|
|
}
|
|
|
|
|
func (cfg UpstreamConfig) validate(named bool) error {
|
|
|
|
|
if named {
|
|
|
|
|
if cfg.Name == "" {
|
|
|
|
|
return fmt.Errorf("Name is required")
|
|
|
|
|
}
|
2021-06-23 20:48:54 +00:00
|
|
|
if cfg.Name == WildcardSpecifier {
|
|
|
|
|
return fmt.Errorf("Wildcard name is not supported")
|
|
|
|
|
}
|
|
|
|
|
if cfg.EnterpriseMeta.NamespaceOrDefault() == WildcardSpecifier {
|
|
|
|
|
return fmt.Errorf("Wildcard namespace is not supported")
|
|
|
|
|
}
|
2021-04-15 19:21:44 +00:00
|
|
|
} else {
|
|
|
|
|
if cfg.Name != "" {
|
|
|
|
|
return fmt.Errorf("Name must be empty")
|
|
|
|
|
}
|
|
|
|
|
if cfg.EnterpriseMeta.NamespaceOrEmpty() != "" {
|
|
|
|
|
return fmt.Errorf("Namespace must be empty")
|
|
|
|
|
}
|
2021-06-23 21:44:10 +00:00
|
|
|
if cfg.EnterpriseMeta.PartitionOrEmpty() != "" {
|
|
|
|
|
return fmt.Errorf("Partition must be empty")
|
|
|
|
|
}
|
2021-04-15 19:21:44 +00:00
|
|
|
}
|
|
|
|
|
|
2021-03-09 05:10:27 +00:00
|
|
|
var validationErr error
|
|
|
|
|
|
2021-03-11 18:04:40 +00:00
|
|
|
if cfg.PassiveHealthCheck != nil {
|
|
|
|
|
err := cfg.PassiveHealthCheck.Validate()
|
|
|
|
|
if err != nil {
|
|
|
|
|
validationErr = multierror.Append(validationErr, err)
|
|
|
|
|
}
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
2021-03-11 18:04:40 +00:00
|
|
|
|
|
|
|
|
if cfg.Limits != nil {
|
|
|
|
|
err := cfg.Limits.Validate()
|
|
|
|
|
if err != nil {
|
|
|
|
|
validationErr = multierror.Append(validationErr, err)
|
|
|
|
|
}
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
|
|
|
|
|
2022-09-26 16:29:06 +00:00
|
|
|
if !isValidConnectionBalance(cfg.BalanceOutboundConnections) {
|
|
|
|
|
validationErr = multierror.Append(validationErr, fmt.Errorf("invalid value for balance_outbound_connections: %v", cfg.BalanceOutboundConnections))
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-09 05:10:27 +00:00
|
|
|
return validationErr
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-11 04:04:13 +00:00
|
|
|
func ParseUpstreamConfigNoDefaults(m map[string]interface{}) (UpstreamConfig, error) {
|
|
|
|
|
var cfg UpstreamConfig
|
|
|
|
|
config := &mapstructure.DecoderConfig{
|
|
|
|
|
DecodeHook: mapstructure.ComposeDecodeHookFunc(
|
|
|
|
|
decode.HookWeakDecodeFromSlice,
|
|
|
|
|
decode.HookTranslateKeys,
|
|
|
|
|
mapstructure.StringToTimeDurationHookFunc(),
|
|
|
|
|
),
|
|
|
|
|
Result: &cfg,
|
|
|
|
|
WeaklyTypedInput: true,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
decoder, err := mapstructure.NewDecoder(config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return cfg, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-04-15 19:21:44 +00:00
|
|
|
if err := decoder.Decode(m); err != nil {
|
|
|
|
|
return cfg, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
err = cfg.NormalizeWithoutName()
|
2021-03-18 03:37:55 +00:00
|
|
|
|
2021-03-11 04:04:13 +00:00
|
|
|
return cfg, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// ParseUpstreamConfig returns the UpstreamConfig parsed from an opaque map.
|
|
|
|
|
// If an error occurs during parsing it is returned along with the default
|
|
|
|
|
// config this allows caller to choose whether and how to report the error.
|
|
|
|
|
func ParseUpstreamConfig(m map[string]interface{}) (UpstreamConfig, error) {
|
|
|
|
|
cfg, err := ParseUpstreamConfigNoDefaults(m)
|
|
|
|
|
|
2021-03-18 03:13:40 +00:00
|
|
|
// Set default (even if error is returned)
|
|
|
|
|
if cfg.Protocol == "" {
|
|
|
|
|
cfg.Protocol = "tcp"
|
|
|
|
|
}
|
2021-03-18 03:37:55 +00:00
|
|
|
if cfg.ConnectTimeoutMs == 0 {
|
|
|
|
|
cfg.ConnectTimeoutMs = 5000
|
|
|
|
|
}
|
2021-03-18 03:13:40 +00:00
|
|
|
|
2021-03-11 04:04:13 +00:00
|
|
|
return cfg, err
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-09 05:10:27 +00:00
|
|
|
type PassiveHealthCheck struct {
|
|
|
|
|
// Interval between health check analysis sweeps. Each sweep may remove
|
|
|
|
|
// hosts or return hosts to the pool.
|
2021-03-15 19:23:18 +00:00
|
|
|
Interval time.Duration `json:",omitempty"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
|
// MaxFailures is the count of consecutive failures that results in a host
|
|
|
|
|
// being removed from the pool.
|
2021-03-15 19:23:18 +00:00
|
|
|
MaxFailures uint32 `json:",omitempty" alias:"max_failures"`
|
2022-09-01 16:59:11 +00:00
|
|
|
|
|
|
|
|
// EnforcingConsecutive5xx is the % chance that a host will be actually ejected
|
|
|
|
|
// when an outlier status is detected through consecutive 5xx.
|
|
|
|
|
// This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
|
|
|
|
|
EnforcingConsecutive5xx *uint32 `json:",omitempty" alias:"enforcing_consecutive_5xx"`
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
|
|
|
|
|
2021-04-15 19:21:44 +00:00
|
|
|
func (chk *PassiveHealthCheck) Clone() *PassiveHealthCheck {
|
|
|
|
|
if chk == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
chk2 := *chk
|
|
|
|
|
return &chk2
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-11 04:04:13 +00:00
|
|
|
func (chk *PassiveHealthCheck) IsZero() bool {
|
|
|
|
|
zeroVal := PassiveHealthCheck{}
|
|
|
|
|
return *chk == zeroVal
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-09 05:10:27 +00:00
|
|
|
func (chk PassiveHealthCheck) Validate() error {
|
2021-04-12 16:05:03 +00:00
|
|
|
if chk.Interval < 0*time.Second {
|
|
|
|
|
return fmt.Errorf("passive health check interval cannot be negative")
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// UpstreamLimits describes the limits that are associated with a specific
|
|
|
|
|
// upstream of a service instance.
|
|
|
|
|
type UpstreamLimits struct {
|
|
|
|
|
// MaxConnections is the maximum number of connections the local proxy can
|
|
|
|
|
// make to the upstream service.
|
2021-03-15 19:23:18 +00:00
|
|
|
MaxConnections *int `json:",omitempty" alias:"max_connections"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
|
// MaxPendingRequests is the maximum number of requests that will be queued
|
|
|
|
|
// waiting for an available connection. This is mostly applicable to HTTP/1.1
|
|
|
|
|
// clusters since all HTTP/2 requests are streamed over a single
|
|
|
|
|
// connection.
|
2021-03-15 19:23:18 +00:00
|
|
|
MaxPendingRequests *int `json:",omitempty" alias:"max_pending_requests"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
|
// MaxConcurrentRequests is the maximum number of in-flight requests that will be allowed
|
|
|
|
|
// to the upstream cluster at a point in time. This is mostly applicable to HTTP/2
|
|
|
|
|
// clusters since all HTTP/1.1 requests are limited by MaxConnections.
|
2021-03-15 19:23:18 +00:00
|
|
|
MaxConcurrentRequests *int `json:",omitempty" alias:"max_concurrent_requests"`
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
|
|
|
|
|
2021-04-15 19:21:44 +00:00
|
|
|
func (ul *UpstreamLimits) Clone() *UpstreamLimits {
|
|
|
|
|
if ul == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
return &UpstreamLimits{
|
|
|
|
|
MaxConnections: intPointerCopy(ul.MaxConnections),
|
|
|
|
|
MaxPendingRequests: intPointerCopy(ul.MaxPendingRequests),
|
|
|
|
|
MaxConcurrentRequests: intPointerCopy(ul.MaxConcurrentRequests),
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func intPointerCopy(v *int) *int {
|
|
|
|
|
if v == nil {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
v2 := *v
|
|
|
|
|
return &v2
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-11 04:04:13 +00:00
|
|
|
func (ul *UpstreamLimits) IsZero() bool {
|
|
|
|
|
zeroVal := UpstreamLimits{}
|
|
|
|
|
return *ul == zeroVal
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-09 05:10:27 +00:00
|
|
|
func (ul UpstreamLimits) Validate() error {
|
2021-04-12 16:05:03 +00:00
|
|
|
if ul.MaxConnections != nil && *ul.MaxConnections < 0 {
|
|
|
|
|
return fmt.Errorf("max connections cannot be negative")
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
2021-04-12 16:05:03 +00:00
|
|
|
if ul.MaxPendingRequests != nil && *ul.MaxPendingRequests < 0 {
|
|
|
|
|
return fmt.Errorf("max pending requests cannot be negative")
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
2021-04-12 16:05:03 +00:00
|
|
|
if ul.MaxConcurrentRequests != nil && *ul.MaxConcurrentRequests < 0 {
|
|
|
|
|
return fmt.Errorf("max concurrent requests cannot be negative")
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type OpaqueUpstreamConfig struct {
|
2020-01-24 15:04:58 +00:00
|
|
|
Upstream ServiceID
|
|
|
|
|
Config map[string]interface{}
|
|
|
|
|
}
|
|
|
|
|
|
2021-03-09 05:10:27 +00:00
|
|
|
type OpaqueUpstreamConfigs []OpaqueUpstreamConfig
|
2020-01-24 15:04:58 +00:00
|
|
|
|
2021-03-09 05:10:27 +00:00
|
|
|
func (configs OpaqueUpstreamConfigs) GetUpstreamConfig(sid ServiceID) (config map[string]interface{}, found bool) {
|
2020-01-24 15:04:58 +00:00
|
|
|
for _, usconf := range configs {
|
2020-12-11 21:10:00 +00:00
|
|
|
if usconf.Upstream.Matches(sid) {
|
2020-01-24 15:04:58 +00:00
|
|
|
return usconf.Config, true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil, false
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-07 06:38:08 +00:00
|
|
|
type ServiceConfigResponse struct {
|
2020-01-24 15:04:58 +00:00
|
|
|
ProxyConfig map[string]interface{}
|
|
|
|
|
UpstreamConfigs map[string]map[string]interface{}
|
2021-03-09 05:10:27 +00:00
|
|
|
UpstreamIDConfigs OpaqueUpstreamConfigs
|
2021-04-12 15:35:14 +00:00
|
|
|
MeshGateway MeshGatewayConfig `json:",omitempty"`
|
|
|
|
|
Expose ExposeConfig `json:",omitempty"`
|
|
|
|
|
TransparentProxy TransparentProxyConfig `json:",omitempty"`
|
|
|
|
|
Mode ProxyMode `json:",omitempty"`
|
2022-05-24 16:51:52 +00:00
|
|
|
Destination DestinationConfig `json:",omitempty"`
|
2022-12-22 20:18:15 +00:00
|
|
|
AccessLogs AccessLogsConfig `json:",omitempty"`
|
2022-03-07 19:35:33 +00:00
|
|
|
Meta map[string]string `json:",omitempty"`
|
2022-12-19 20:19:37 +00:00
|
|
|
EnvoyExtensions []EnvoyExtension `json:",omitempty"`
|
2019-04-07 06:38:08 +00:00
|
|
|
QueryMeta
|
|
|
|
|
}
|
2019-04-29 22:08:09 +00:00
|
|
|
|
2019-05-02 13:11:33 +00:00
|
|
|
// MarshalBinary writes ServiceConfigResponse as msgpack encoded. It's only here
|
|
|
|
|
// because we need custom decoding of the raw interface{} values.
|
|
|
|
|
func (r *ServiceConfigResponse) MarshalBinary() (data []byte, err error) {
|
|
|
|
|
// bs will grow if needed but allocate enough to avoid reallocation in common
|
|
|
|
|
// case.
|
|
|
|
|
bs := make([]byte, 128)
|
2020-02-07 21:50:24 +00:00
|
|
|
enc := codec.NewEncoderBytes(&bs, MsgpackHandle)
|
2019-05-02 13:11:33 +00:00
|
|
|
|
|
|
|
|
type Alias ServiceConfigResponse
|
|
|
|
|
|
|
|
|
|
if err := enc.Encode((*Alias)(r)); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return bs, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// UnmarshalBinary decodes msgpack encoded ServiceConfigResponse. It used
|
|
|
|
|
// default msgpack encoding but fixes up the uint8 strings and other problems we
|
|
|
|
|
// have with encoding map[string]interface{}.
|
|
|
|
|
func (r *ServiceConfigResponse) UnmarshalBinary(data []byte) error {
|
2020-02-07 21:50:24 +00:00
|
|
|
dec := codec.NewDecoderBytes(data, MsgpackHandle)
|
2019-05-02 13:11:33 +00:00
|
|
|
|
|
|
|
|
type Alias ServiceConfigResponse
|
|
|
|
|
var a Alias
|
|
|
|
|
|
|
|
|
|
if err := dec.Decode(&a); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*r = ServiceConfigResponse(a)
|
|
|
|
|
|
|
|
|
|
var err error
|
|
|
|
|
|
|
|
|
|
// Fix strings and maps in the returned maps
|
|
|
|
|
r.ProxyConfig, err = lib.MapWalk(r.ProxyConfig)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
for k := range r.UpstreamConfigs {
|
|
|
|
|
r.UpstreamConfigs[k], err = lib.MapWalk(r.UpstreamConfigs[k])
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-01-24 15:04:58 +00:00
|
|
|
|
|
|
|
|
for k := range r.UpstreamIDConfigs {
|
|
|
|
|
r.UpstreamIDConfigs[k].Config, err = lib.MapWalk(r.UpstreamIDConfigs[k].Config)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
2019-05-02 13:11:33 +00:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-29 22:08:09 +00:00
|
|
|
// ConfigEntryResponse returns a single ConfigEntry
|
|
|
|
|
type ConfigEntryResponse struct {
|
|
|
|
|
Entry ConfigEntry
|
|
|
|
|
QueryMeta
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *ConfigEntryResponse) MarshalBinary() (data []byte, err error) {
|
|
|
|
|
// bs will grow if needed but allocate enough to avoid reallocation in common
|
|
|
|
|
// case.
|
|
|
|
|
bs := make([]byte, 128)
|
2020-02-07 21:50:24 +00:00
|
|
|
enc := codec.NewEncoderBytes(&bs, MsgpackHandle)
|
2019-04-29 22:08:09 +00:00
|
|
|
|
2019-05-02 19:25:29 +00:00
|
|
|
if c.Entry != nil {
|
|
|
|
|
if err := enc.Encode(c.Entry.GetKind()); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if err := enc.Encode(c.Entry); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if err := enc.Encode(""); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2019-04-29 22:08:09 +00:00
|
|
|
}
|
2019-05-02 19:25:29 +00:00
|
|
|
|
2019-04-29 22:08:09 +00:00
|
|
|
if err := enc.Encode(c.QueryMeta); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return bs, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *ConfigEntryResponse) UnmarshalBinary(data []byte) error {
|
2020-02-07 21:50:24 +00:00
|
|
|
dec := codec.NewDecoderBytes(data, MsgpackHandle)
|
2019-04-29 22:08:09 +00:00
|
|
|
|
|
|
|
|
var kind string
|
|
|
|
|
if err := dec.Decode(&kind); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2019-05-02 19:25:29 +00:00
|
|
|
if kind != "" {
|
|
|
|
|
entry, err := MakeConfigEntry(kind, "")
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2019-04-29 22:08:09 +00:00
|
|
|
|
2019-05-02 19:25:29 +00:00
|
|
|
if err := dec.Decode(entry); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
c.Entry = entry
|
|
|
|
|
} else {
|
|
|
|
|
c.Entry = nil
|
2019-04-29 22:08:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if err := dec.Decode(&c.QueryMeta); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2019-07-01 20:23:36 +00:00
|
|
|
|
2020-09-02 19:10:25 +00:00
|
|
|
func validateConfigEntryMeta(meta map[string]string) error {
|
|
|
|
|
var err error
|
|
|
|
|
if len(meta) > metaMaxKeyPairs {
|
|
|
|
|
err = multierror.Append(err, fmt.Errorf(
|
|
|
|
|
"Meta exceeds maximum element count %d", metaMaxKeyPairs))
|
|
|
|
|
}
|
|
|
|
|
for k, v := range meta {
|
|
|
|
|
if len(k) > metaKeyMaxLength {
|
|
|
|
|
err = multierror.Append(err, fmt.Errorf(
|
|
|
|
|
"Meta key %q exceeds maximum length %d", k, metaKeyMaxLength))
|
|
|
|
|
}
|
|
|
|
|
if len(v) > metaValueMaxLength {
|
|
|
|
|
err = multierror.Append(err, fmt.Errorf(
|
|
|
|
|
"Meta value for key %q exceeds maximum length %d", k, metaValueMaxLength))
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return err
|
|
|
|
|
}
|
2021-11-01 16:42:01 +00:00
|
|
|
|
|
|
|
|
type ConfigEntryDeleteResponse struct {
|
|
|
|
|
Deleted bool
|
|
|
|
|
}
|
2022-09-26 16:29:06 +00:00
|
|
|
|
|
|
|
|
func isValidConnectionBalance(s string) bool {
|
|
|
|
|
return s == "" || s == ConnectionExactBalance
|
|
|
|
|
}
|