open-consul/agent/rpc/operator/service.go

package operator

import (
	"context"
	"github.com/hashicorp/consul/acl"
	"github.com/hashicorp/consul/acl/resolver"
	external "github.com/hashicorp/consul/agent/grpc-external"
	"github.com/hashicorp/consul/agent/structs"
	"github.com/hashicorp/consul/proto/pboperator"
	"github.com/hashicorp/go-hclog"
	"google.golang.org/grpc"
)

// For private/internal gRPC handlers, protoc-gen-rpc-glue generates the
// requisite methods to satisfy the structs.RPCInfo interface using fields
// from the pbcommon package. This service is public, so we can't use those
// fields in our proto definition. Instead, we construct our RPCInfo manually.
var writeRequest struct {
	structs.WriteRequest
	structs.DCSpecificRequest
}

var readRequest struct {
	structs.QueryOptions
	structs.DCSpecificRequest
}

// Server implements pboperator.OperatorService to provide RPC operations for
// managing operator operation.
type Server struct {
	Config
}

func (s *Server) TransferLeader(ctx context.Context, request *pboperator.TransferLeaderRequest) (*pboperator.TransferLeaderResponse, error) {
	resp := &pboperator.TransferLeaderResponse{Success: false}
	handled, err := s.ForwardRPC(&writeRequest, func(conn *grpc.ClientConn) error {
		ctx := external.ForwardMetadataContext(ctx)
		var err error
		resp, err = pboperator.NewOperatorServiceClient(conn).TransferLeader(ctx, request)
		return err
	})
	if handled || err != nil {
		return resp, err
	}

	var authzCtx acl.AuthorizerContext
	entMeta := structs.DefaultEnterpriseMetaInDefaultPartition()

	options, err := external.QueryOptionsFromContext(ctx)
	if err != nil {
		return nil, err
	}

	authz, err := s.Backend.ResolveTokenAndDefaultMeta(options.Token, entMeta, &authzCtx)
	if err != nil {
		return resp, err
	}

	if err := authz.ToAllowAuthorizer().OperatorWriteAllowed(&authzCtx); err != nil {
		return resp, err
	}

	return s.Backend.TransferLeader(ctx, request)
}

type Config struct {
	Backend    Backend
	Logger     hclog.Logger
	ForwardRPC func(structs.RPCInfo, func(*grpc.ClientConn) error) (bool, error)
	Datacenter string
}

func NewServer(cfg Config) *Server {
	requireNotNil(cfg.Backend, "Backend")
	requireNotNil(cfg.Logger, "Logger")
	requireNotNil(cfg.ForwardRPC, "ForwardRPC")
	if cfg.Datacenter == "" {
		panic("Datacenter is required")
	}
	return &Server{
		Config: cfg,
	}
}

func requireNotNil(v interface{}, name string) {
	if v == nil {
		panic(name + " is required")
	}
}

var _ pboperator.OperatorServiceServer = (*Server)(nil)

func (s *Server) Register(grpcServer *grpc.Server) {
	pboperator.RegisterOperatorServiceServer(grpcServer, s)
}

// Backend defines the core integrations the Operator endpoint depends on. A
// functional implementation will integrate with various operator operation such as
// raft, autopilot operation. The only currently implemented operation is raft leader transfer
type Backend interface {
	TransferLeader(ctx context.Context, request *pboperator.TransferLeaderRequest) (*pboperator.TransferLeaderResponse, error)
	ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzCtx *acl.AuthorizerContext) (resolver.Result, error)
}
Leadership transfer cmd (#14132) * add leadership transfer command * add RPC call test (flaky) * add missing import * add changelog * add command registration * Apply suggestions from code review Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> * add the possibility of providing an id to raft leadership transfer. Add few tests. * delete old file from cherry pick * rename changelog filename to PR # * rename changelog and fix import * fix failing test * check for OperatorWrite Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> * rename from leader-transfer to transfer-leader * remove version check and add test for operator read * move struct to operator.go * first pass * add code for leader transfer in the grpc backend and tests * wire the http endpoint to the new grpc endpoint * remove the RPC endpoint * remove non needed struct * fix naming * add mog glue to API * fix comment * remove dead code * fix linter error * change package name for proto file * remove error wrapping * fix failing test * add command registration * add grpc service mock tests * fix receiver to be pointer * use defined values Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> * reuse MockAclAuthorizer * add documentation * remove usage of external.TokenFromContext * fix failing tests * fix proto generation * Apply suggestions from code review Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * Apply suggestions from code review * add more context in doc for the reason * Apply suggestions from docs code review Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> * regenerate proto * fix linter errors Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com> Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com> 2022-11-14 20:35:12 +00:00			`package operator`

			`import (`
			`"context"`
			`"github.com/hashicorp/consul/acl"`
			`"github.com/hashicorp/consul/acl/resolver"`
			`external "github.com/hashicorp/consul/agent/grpc-external"`
			`"github.com/hashicorp/consul/agent/structs"`
			`"github.com/hashicorp/consul/proto/pboperator"`
			`"github.com/hashicorp/go-hclog"`
			`"google.golang.org/grpc"`
			`)`

			`// For private/internal gRPC handlers, protoc-gen-rpc-glue generates the`
			`// requisite methods to satisfy the structs.RPCInfo interface using fields`
			`// from the pbcommon package. This service is public, so we can't use those`
			`// fields in our proto definition. Instead, we construct our RPCInfo manually.`
			`var writeRequest struct {`
			`structs.WriteRequest`
			`structs.DCSpecificRequest`
			`}`

			`var readRequest struct {`
			`structs.QueryOptions`
			`structs.DCSpecificRequest`
			`}`

			`// Server implements pboperator.OperatorService to provide RPC operations for`
			`// managing operator operation.`
			`type Server struct {`
			`Config`
			`}`

			`func (s Server) TransferLeader(ctx context.Context, request pboperator.TransferLeaderRequest) (*pboperator.TransferLeaderResponse, error) {`
			`resp := &pboperator.TransferLeaderResponse{Success: false}`
			`handled, err := s.ForwardRPC(&writeRequest, func(conn *grpc.ClientConn) error {`
			`ctx := external.ForwardMetadataContext(ctx)`
			`var err error`
			`resp, err = pboperator.NewOperatorServiceClient(conn).TransferLeader(ctx, request)`
			`return err`
			`})`
			`if handled \|\| err != nil {`
			`return resp, err`
			`}`

			`var authzCtx acl.AuthorizerContext`
			`entMeta := structs.DefaultEnterpriseMetaInDefaultPartition()`

			`options, err := external.QueryOptionsFromContext(ctx)`
			`if err != nil {`
			`return nil, err`
			`}`

			`authz, err := s.Backend.ResolveTokenAndDefaultMeta(options.Token, entMeta, &authzCtx)`
			`if err != nil {`
			`return resp, err`
			`}`

			`if err := authz.ToAllowAuthorizer().OperatorWriteAllowed(&authzCtx); err != nil {`
			`return resp, err`
			`}`

			`return s.Backend.TransferLeader(ctx, request)`
			`}`

			`type Config struct {`
			`Backend Backend`
			`Logger hclog.Logger`
			`ForwardRPC func(structs.RPCInfo, func(*grpc.ClientConn) error) (bool, error)`
			`Datacenter string`
			`}`

			`func NewServer(cfg Config) *Server {`
			`requireNotNil(cfg.Backend, "Backend")`
			`requireNotNil(cfg.Logger, "Logger")`
			`requireNotNil(cfg.ForwardRPC, "ForwardRPC")`
			`if cfg.Datacenter == "" {`
			`panic("Datacenter is required")`
			`}`
			`return &Server{`
			`Config: cfg,`
			`}`
			`}`

			`func requireNotNil(v interface{}, name string) {`
			`if v == nil {`
			`panic(name + " is required")`
			`}`
			`}`

			`var _ pboperator.OperatorServiceServer = (*Server)(nil)`

			`func (s Server) Register(grpcServer grpc.Server) {`
			`pboperator.RegisterOperatorServiceServer(grpcServer, s)`
			`}`

			`// Backend defines the core integrations the Operator endpoint depends on. A`
			`// functional implementation will integrate with various operator operation such as`
			`// raft, autopilot operation. The only currently implemented operation is raft leader transfer`
			`type Backend interface {`
			`TransferLeader(ctx context.Context, request pboperator.TransferLeaderRequest) (pboperator.TransferLeaderResponse, error)`
			`ResolveTokenAndDefaultMeta(token string, entMeta acl.EnterpriseMeta, authzCtx acl.AuthorizerContext) (resolver.Result, error)`
			`}`