peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
package peering
import (
"context"
"errors"
"fmt"
"strings"
"time"
"github.com/armon/go-metrics"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-memdb"
2022-08-01 14:33:18 +00:00
"github.com/hashicorp/go-multierror"
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
grpcstatus "google.golang.org/grpc/status"
2022-07-19 18:43:29 +00:00
"google.golang.org/protobuf/proto"
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
"github.com/hashicorp/consul/acl"
2022-07-12 23:18:05 +00:00
"github.com/hashicorp/consul/acl/resolver"
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
"github.com/hashicorp/consul/agent/consul/state"
"github.com/hashicorp/consul/agent/consul/stream"
"github.com/hashicorp/consul/agent/dns"
2022-07-12 23:18:05 +00:00
external "github.com/hashicorp/consul/agent/grpc-external"
2022-07-13 15:33:48 +00:00
"github.com/hashicorp/consul/agent/grpc-external/services/peerstream"
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
"github.com/hashicorp/consul/agent/structs"
2022-06-21 18:04:08 +00:00
"github.com/hashicorp/consul/lib"
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
"github.com/hashicorp/consul/proto/pbpeering"
2022-08-26 14:27:13 +00:00
"github.com/hashicorp/consul/proto/pbpeerstream"
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
)
var (
errPeeringTokenInvalidCA = errors . New ( "peering token CA value is invalid" )
errPeeringTokenEmptyServerAddresses = errors . New ( "peering token server addresses value is empty" )
errPeeringTokenEmptyServerName = errors . New ( "peering token server name value is empty" )
errPeeringTokenEmptyPeerID = errors . New ( "peering token peer ID value is empty" )
)
2022-06-10 16:10:46 +00:00
// errPeeringInvalidServerAddress is returned when an establish request contains
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
// an invalid server address.
type errPeeringInvalidServerAddress struct {
addr string
}
// Error implements the error interface
func ( e * errPeeringInvalidServerAddress ) Error ( ) string {
return fmt . Sprintf ( "%s is not a valid peering server address" , e . addr )
}
2022-07-12 23:18:05 +00:00
// For private/internal gRPC handlers, protoc-gen-rpc-glue generates the
// requisite methods to satisfy the structs.RPCInfo interface using fields
// from the pbcommon package. This service is public, so we can't use those
// fields in our proto definition. Instead, we construct our RPCInfo manually.
var writeRequest struct {
structs . WriteRequest
structs . DCSpecificRequest
}
var readRequest struct {
structs . QueryOptions
structs . DCSpecificRequest
}
2022-07-08 17:01:13 +00:00
// Server implements pbpeering.PeeringService to provide RPC operations for
// managing peering relationships.
type Server struct {
Config
}
2022-05-25 17:37:44 +00:00
type Config struct {
2022-07-08 17:01:13 +00:00
Backend Backend
Tracker * peerstream . Tracker
Logger hclog . Logger
ForwardRPC func ( structs . RPCInfo , func ( * grpc . ClientConn ) error ) ( bool , error )
2022-05-25 17:37:44 +00:00
Datacenter string
ConnectEnabled bool
2022-07-22 22:20:21 +00:00
PeeringEnabled bool
2022-05-25 17:37:44 +00:00
}
2022-07-08 17:01:13 +00:00
func NewServer ( cfg Config ) * Server {
requireNotNil ( cfg . Backend , "Backend" )
requireNotNil ( cfg . Tracker , "Tracker" )
requireNotNil ( cfg . Logger , "Logger" )
requireNotNil ( cfg . ForwardRPC , "ForwardRPC" )
if cfg . Datacenter == "" {
panic ( "Datacenter is required" )
}
return & Server {
Config : cfg ,
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
}
2022-07-08 17:01:13 +00:00
func requireNotNil ( v interface { } , name string ) {
if v == nil {
panic ( name + " is required" )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
}
}
2022-07-08 17:01:13 +00:00
var _ pbpeering . PeeringServiceServer = ( * Server ) ( nil )
func ( s * Server ) Register ( grpcServer * grpc . Server ) {
pbpeering . RegisterPeeringServiceServer ( grpcServer , s )
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
// Backend defines the core integrations the Peering endpoint depends on. A
// functional implementation will integrate with various subcomponents of Consul
// such as the State store for reading and writing data, the CA machinery for
// providing access to CA data and the RPC system for forwarding requests to
// other servers.
type Backend interface {
2022-07-12 23:18:05 +00:00
// ResolveTokenAndDefaultMeta returns an acl.Authorizer which authorizes
// actions based on the permissions granted to the token.
// If either entMeta or authzContext are non-nil they will be populated with the
// partition and namespace from the token.
ResolveTokenAndDefaultMeta ( token string , entMeta * acl . EnterpriseMeta , authzCtx * acl . AuthorizerContext ) ( resolver . Result , error )
2022-09-29 03:27:11 +00:00
// GetTLSMaterials returns the TLS materials for the dialer to dial the acceptor using TLS.
// It returns the server name to validate, and the CA certificate to validate with.
2022-09-29 21:49:58 +00:00
GetTLSMaterials ( generatingToken bool ) ( string , [ ] string , error )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
2022-09-20 13:46:20 +00:00
// GetServerAddresses returns the addresses used for establishing a peering connection.
// These may be server addresses or mesh gateway addresses if peering through mesh gateways.
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
GetServerAddresses ( ) ( [ ] string , error )
// EncodeToken packages a peering token into a slice of bytes.
EncodeToken ( tok * structs . PeeringToken ) ( [ ] byte , error )
// DecodeToken unpackages a peering token from a slice of bytes.
DecodeToken ( [ ] byte ) ( * structs . PeeringToken , error )
EnterpriseCheckPartitions ( partition string ) error
2022-06-08 16:55:18 +00:00
EnterpriseCheckNamespaces ( namespace string ) error
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
Subscribe ( req * stream . SubscribeRequest ) ( * stream . Subscription , error )
2022-05-23 18:30:58 +00:00
// IsLeader indicates whether the consul server is in a leader state or not.
IsLeader ( ) bool
2022-07-08 17:01:13 +00:00
// SetLeaderAddress is called on a raft.LeaderObservation in a go routine
// in the consul server; see trackLeaderChanges()
SetLeaderAddress ( string )
// GetLeaderAddress provides the best hint for the current address of the
// leader. There is no guarantee that this is the actual address of the
// leader.
GetLeaderAddress ( ) string
2022-05-27 00:55:16 +00:00
2022-08-01 14:33:18 +00:00
// CheckPeeringUUID returns true if the given UUID is not associated with
// an existing peering.
2022-07-08 17:01:13 +00:00
CheckPeeringUUID ( id string ) ( bool , error )
2022-08-01 14:33:18 +00:00
ValidateProposedPeeringSecret ( id string ) ( bool , error )
2022-07-08 17:01:13 +00:00
PeeringWrite ( req * pbpeering . PeeringWriteRequest ) error
Store ( ) Store
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
}
// Store provides a read-only interface for querying Peering data.
type Store interface {
PeeringRead ( ws memdb . WatchSet , q state . Query ) ( uint64 , * pbpeering . Peering , error )
2022-05-12 21:04:44 +00:00
PeeringReadByID ( ws memdb . WatchSet , id string ) ( uint64 , * pbpeering . Peering , error )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
PeeringList ( ws memdb . WatchSet , entMeta acl . EnterpriseMeta ) ( uint64 , [ ] * pbpeering . Peering , error )
2022-05-12 22:58:22 +00:00
PeeringTrustBundleRead ( ws memdb . WatchSet , q state . Query ) ( uint64 , * pbpeering . PeeringTrustBundle , error )
2022-06-15 19:36:18 +00:00
PeeringTrustBundleList ( ws memdb . WatchSet , entMeta acl . EnterpriseMeta ) ( uint64 , [ ] * pbpeering . PeeringTrustBundle , error )
2022-06-27 19:37:18 +00:00
TrustBundleListByService ( ws memdb . WatchSet , service , dc string , entMeta acl . EnterpriseMeta ) ( uint64 , [ ] * pbpeering . PeeringTrustBundle , error )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
}
2022-07-22 22:20:21 +00:00
var peeringNotEnabledErr = grpcstatus . Error ( codes . FailedPrecondition , "peering must be enabled to use this endpoint" )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
// GenerateToken implements the PeeringService RPC method to generate a
// peering token which is the initial step in establishing a peering relationship
// with other Consul clusters.
2022-07-08 17:01:13 +00:00
func ( s * Server ) GenerateToken (
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
ctx context . Context ,
req * pbpeering . GenerateTokenRequest ,
) ( * pbpeering . GenerateTokenResponse , error ) {
2022-07-22 22:20:21 +00:00
if ! s . Config . PeeringEnabled {
return nil , peeringNotEnabledErr
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
if err := s . Backend . EnterpriseCheckPartitions ( req . Partition ) ; err != nil {
return nil , grpcstatus . Error ( codes . InvalidArgument , err . Error ( ) )
}
// validate prior to forwarding to the leader, this saves a network hop
if err := dns . ValidateLabel ( req . PeerName ) ; err != nil {
return nil , fmt . Errorf ( "%s is not a valid peer name: %w" , req . PeerName , err )
}
2022-05-09 20:47:37 +00:00
if err := structs . ValidateMetaTags ( req . Meta ) ; err != nil {
return nil , fmt . Errorf ( "meta tags failed validation: %w" , err )
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
resp := & pbpeering . GenerateTokenResponse { }
2022-07-12 23:18:05 +00:00
handled , err := s . ForwardRPC ( & writeRequest , func ( conn * grpc . ClientConn ) error {
ctx := external . ForwardMetadataContext ( ctx )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
var err error
resp , err = pbpeering . NewPeeringServiceClient ( conn ) . GenerateToken ( ctx , req )
return err
} )
if handled || err != nil {
return resp , err
}
2022-09-09 21:10:48 +00:00
defer metrics . MeasureSince ( [ ] string { "peering" , "generate_token" } , time . Now ( ) )
2022-07-12 23:18:05 +00:00
var authzCtx acl . AuthorizerContext
entMeta := structs . DefaultEnterpriseMetaInPartition ( req . Partition )
2022-09-28 16:56:59 +00:00
options , err := external . QueryOptionsFromContext ( ctx )
if err != nil {
return nil , err
}
authz , err := s . Backend . ResolveTokenAndDefaultMeta ( options . Token , entMeta , & authzCtx )
2022-07-12 23:18:05 +00:00
if err != nil {
return nil , err
}
if err := authz . ToAllowAuthorizer ( ) . PeeringWriteAllowed ( & authzCtx ) ; err != nil {
return nil , err
}
2022-09-29 21:49:58 +00:00
serverName , caPEMs , err := s . Backend . GetTLSMaterials ( true )
if err != nil {
return nil , err
}
2022-08-01 14:33:18 +00:00
var (
peering * pbpeering . Peering
secretID string
)
2022-07-25 18:37:56 +00:00
// This loop ensures at most one retry in the case of a race condition.
for canRetry := true ; canRetry ; canRetry = false {
peering , err = s . getExistingPeering ( req . PeerName , entMeta . PartitionOrDefault ( ) )
if err != nil {
return nil , err
}
if peering == nil {
id , err := lib . GenerateUUID ( s . Backend . CheckPeeringUUID )
if err != nil {
return resp , err
}
peering = & pbpeering . Peering {
ID : id ,
Name : req . PeerName ,
Meta : req . Meta ,
// PartitionOrEmpty is used to avoid writing "default" in OSS.
Partition : entMeta . PartitionOrEmpty ( ) ,
}
} else {
// validate that this peer name is not being used as a dialer already
if err := validatePeer ( peering , false ) ; err != nil {
return nil , err
}
}
2022-08-01 14:33:18 +00:00
// A new establishment secret is generated on every GenerateToken request.
// This allows for rotating secrets by generating a new token for a peering and then
// using the new token to re-establish the peering.
secretID , err = s . generateNewEstablishmentSecret ( )
if err != nil {
return nil , fmt . Errorf ( "failed to generate secret for peering establishment: %w" , err )
}
writeReq := & pbpeering . PeeringWriteRequest {
2022-07-25 18:37:56 +00:00
Peering : peering ,
2022-08-08 07:41:00 +00:00
SecretsRequest : & pbpeering . SecretsWriteRequest {
PeerID : peering . ID ,
Request : & pbpeering . SecretsWriteRequest_GenerateToken {
GenerateToken : & pbpeering . SecretsWriteRequest_GenerateTokenRequest {
EstablishmentSecret : secretID ,
2022-08-02 22:20:07 +00:00
} ,
2022-08-01 14:33:18 +00:00
} ,
} ,
2022-07-25 18:37:56 +00:00
}
2022-08-01 14:33:18 +00:00
if err := s . Backend . PeeringWrite ( writeReq ) ; err != nil {
2022-07-25 18:37:56 +00:00
// There's a possible race where two servers call Generate Token at the
// same time with the same peer name for the first time. They both
// generate an ID and try to insert and only one wins. This detects the
// collision and forces the loser to discard its generated ID and use
// the one from the other server.
if strings . Contains ( err . Error ( ) , "A peering already exists with the name" ) {
// retry to fetch existing peering
continue
}
return nil , fmt . Errorf ( "failed to write peering: %w" , err )
}
// write succeeded, break loop early
break
}
2022-07-21 21:56:11 +00:00
// ServerExternalAddresses must be formatted as addr:port.
var serverAddrs [ ] string
if len ( req . ServerExternalAddresses ) > 0 {
serverAddrs = req . ServerExternalAddresses
} else {
serverAddrs , err = s . Backend . GetServerAddresses ( )
if err != nil {
return nil , err
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
}
tok := structs . PeeringToken {
// Store the UUID so that we can do a global search when handling inbound streams.
2022-08-01 14:33:18 +00:00
PeerID : peering . ID ,
2022-09-29 03:27:11 +00:00
CA : caPEMs ,
2022-08-01 14:33:18 +00:00
ServerAddresses : serverAddrs ,
2022-09-29 03:27:11 +00:00
ServerName : serverName ,
2022-08-01 14:33:18 +00:00
EstablishmentSecret : secretID ,
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
}
encoded , err := s . Backend . EncodeToken ( & tok )
if err != nil {
return nil , err
}
resp . PeeringToken = string ( encoded )
return resp , err
}
2022-06-10 16:10:46 +00:00
// Establish implements the PeeringService RPC method to finalize peering
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
// registration. Given a valid token output from a peer's GenerateToken endpoint,
// a peering is registered.
2022-07-08 17:01:13 +00:00
func ( s * Server ) Establish (
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
ctx context . Context ,
2022-06-10 16:10:46 +00:00
req * pbpeering . EstablishRequest ,
) ( * pbpeering . EstablishResponse , error ) {
2022-07-22 22:20:21 +00:00
if ! s . Config . PeeringEnabled {
return nil , peeringNotEnabledErr
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
// validate prior to forwarding to the leader, this saves a network hop
if err := dns . ValidateLabel ( req . PeerName ) ; err != nil {
return nil , fmt . Errorf ( "%s is not a valid peer name: %w" , req . PeerName , err )
}
tok , err := s . Backend . DecodeToken ( [ ] byte ( req . PeeringToken ) )
if err != nil {
return nil , err
}
if err := validatePeeringToken ( tok ) ; err != nil {
return nil , err
}
2022-05-09 20:47:37 +00:00
if err := structs . ValidateMetaTags ( req . Meta ) ; err != nil {
return nil , fmt . Errorf ( "meta tags failed validation: %w" , err )
}
2022-06-10 16:10:46 +00:00
resp := & pbpeering . EstablishResponse { }
2022-07-12 23:18:05 +00:00
handled , err := s . ForwardRPC ( & writeRequest , func ( conn * grpc . ClientConn ) error {
ctx := external . ForwardMetadataContext ( ctx )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
var err error
2022-06-10 16:10:46 +00:00
resp , err = pbpeering . NewPeeringServiceClient ( conn ) . Establish ( ctx , req )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
return err
} )
if handled || err != nil {
return resp , err
}
2022-06-10 16:10:46 +00:00
defer metrics . MeasureSince ( [ ] string { "peering" , "establish" } , time . Now ( ) )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
2022-07-12 23:18:05 +00:00
var authzCtx acl . AuthorizerContext
entMeta := structs . DefaultEnterpriseMetaInPartition ( req . Partition )
2022-09-28 16:56:59 +00:00
options , err := external . QueryOptionsFromContext ( ctx )
if err != nil {
return nil , err
}
authz , err := s . Backend . ResolveTokenAndDefaultMeta ( options . Token , entMeta , & authzCtx )
2022-07-12 23:18:05 +00:00
if err != nil {
return nil , err
}
if err := authz . ToAllowAuthorizer ( ) . PeeringWriteAllowed ( & authzCtx ) ; err != nil {
return nil , err
}
2022-08-01 14:33:18 +00:00
existing , err := s . getExistingPeering ( req . PeerName , entMeta . PartitionOrDefault ( ) )
2022-07-22 22:56:25 +00:00
if err != nil {
return nil , err
}
2022-09-09 21:09:32 +00:00
if err := s . validatePeeringLocality ( tok , entMeta . PartitionOrEmpty ( ) ) ; err != nil {
2022-07-26 01:00:48 +00:00
return nil , err
}
2022-07-22 22:56:25 +00:00
var id string
2022-08-26 14:27:13 +00:00
serverAddrs := tok . ServerAddresses
2022-08-01 14:33:18 +00:00
if existing == nil {
2022-07-22 22:56:25 +00:00
id , err = lib . GenerateUUID ( s . Backend . CheckPeeringUUID )
if err != nil {
return nil , err
}
2022-07-25 18:37:56 +00:00
} else {
2022-08-01 14:33:18 +00:00
id = existing . ID
2022-08-26 14:27:13 +00:00
// If there is a connected stream, assume that the existing ServerAddresses
// are up to date and do not try to overwrite them with the token's addresses.
if status , ok := s . Tracker . StreamStatus ( id ) ; ok && status . Connected {
serverAddrs = existing . PeerServerAddresses
}
2022-07-25 18:37:56 +00:00
}
// validate that this peer name is not being used as an acceptor already
2022-08-01 14:33:18 +00:00
if err := validatePeer ( existing , true ) ; err != nil {
2022-07-25 18:37:56 +00:00
return nil , err
2022-07-22 22:56:25 +00:00
}
2022-08-01 14:33:18 +00:00
peering := & pbpeering . Peering {
ID : id ,
Name : req . PeerName ,
PeerCAPems : tok . CA ,
2022-08-26 14:27:13 +00:00
PeerServerAddresses : serverAddrs ,
2022-08-01 14:33:18 +00:00
PeerServerName : tok . ServerName ,
PeerID : tok . PeerID ,
Meta : req . Meta ,
State : pbpeering . PeeringState_ESTABLISHING ,
// PartitionOrEmpty is used to avoid writing "default" in OSS.
Partition : entMeta . PartitionOrEmpty ( ) ,
}
tlsOption , err := peering . TLSDialOption ( )
if err != nil {
return nil , fmt . Errorf ( "failed to build TLS dial option from peering: %w" , err )
}
exchangeReq := pbpeerstream . ExchangeSecretRequest {
PeerID : peering . PeerID ,
EstablishmentSecret : tok . EstablishmentSecret ,
}
var exchangeResp * pbpeerstream . ExchangeSecretResponse
2022-08-26 14:27:13 +00:00
// Loop through the known server addresses once, attempting to fetch the long-lived stream secret.
2022-08-01 14:33:18 +00:00
var dialErrors error
2022-08-26 14:27:13 +00:00
for _ , addr := range serverAddrs {
2022-08-01 14:33:18 +00:00
exchangeResp , err = exchangeSecret ( ctx , addr , tlsOption , & exchangeReq )
if err != nil {
dialErrors = multierror . Append ( dialErrors , fmt . Errorf ( "failed to exchange peering secret with %q: %w" , addr , err ) )
}
if exchangeResp != nil {
break
}
}
if exchangeResp == nil {
return nil , dialErrors
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
}
2022-08-08 07:41:00 +00:00
// As soon as a peering is written with a non-empty list of ServerAddresses
// and an active stream secret, a leader routine will see the peering and
// attempt to establish a peering stream with the remote peer.
2022-05-19 21:37:52 +00:00
//
// This peer now has a record of both the LocalPeerID(ID) and
// RemotePeerID(PeerID) but at this point the other peer does not.
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
writeReq := & pbpeering . PeeringWriteRequest {
2022-08-01 14:33:18 +00:00
Peering : peering ,
2022-08-08 07:41:00 +00:00
SecretsRequest : & pbpeering . SecretsWriteRequest {
PeerID : peering . ID ,
Request : & pbpeering . SecretsWriteRequest_Establish {
Establish : & pbpeering . SecretsWriteRequest_EstablishRequest {
ActiveStreamSecret : exchangeResp . StreamSecret ,
2022-08-02 22:20:07 +00:00
} ,
2022-08-01 14:33:18 +00:00
} ,
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
} ,
}
2022-07-25 18:37:56 +00:00
if err := s . Backend . PeeringWrite ( writeReq ) ; err != nil {
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
return nil , fmt . Errorf ( "failed to write peering: %w" , err )
}
2022-07-25 18:37:56 +00:00
// TODO(peering): low prio: consider adding response details
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
return resp , nil
}
2022-09-09 21:09:32 +00:00
// validatePeeringLocality makes sure that we don't create a peering in the cluster/partition it was generated.
// We validate by looking at the remote PeerID from the PeeringToken and looking up that peering in the partition.
// If there is one and the request partition is the same, then we are attempting to peer within the partition, which we shouldn't.
// We also perform a check to verify if the ServerName of the PeeringToken overlaps with our own, we do not process it
// unless we've been able to find the peering in the store, i.e. this peering is between two local partitions.
func ( s * Server ) validatePeeringLocality ( token * structs . PeeringToken , partition string ) error {
_ , peering , err := s . Backend . Store ( ) . PeeringReadByID ( nil , token . PeerID )
2022-07-26 01:00:48 +00:00
if err != nil {
return fmt . Errorf ( "cannot read peering by ID: %w" , err )
}
2022-09-09 21:09:32 +00:00
// If the token has the same server name as this cluster, but we can't find the peering
// in our store, it indicates a naming conflict.
2022-09-29 21:49:58 +00:00
serverName , _ , err := s . Backend . GetTLSMaterials ( false )
2022-09-29 03:27:11 +00:00
if err != nil {
return fmt . Errorf ( "failed to fetch TLS materials: %w" , err )
}
2022-09-29 21:49:58 +00:00
if serverName == token . ServerName && peering == nil {
2022-09-29 03:27:11 +00:00
return fmt . Errorf ( "conflict - peering token's server name matches the current cluster's server name, %q, but there is no record in the database" , serverName )
2022-09-09 21:09:32 +00:00
}
2022-07-27 21:48:30 +00:00
if peering != nil && acl . EqualPartitions ( peering . GetPartition ( ) , partition ) {
2022-07-27 21:28:08 +00:00
return fmt . Errorf ( "cannot create a peering within the same partition (ENT) or cluster (OSS)" )
2022-07-26 01:00:48 +00:00
}
return nil
}
2022-08-01 14:33:18 +00:00
func exchangeSecret ( ctx context . Context , addr string , tlsOption grpc . DialOption , req * pbpeerstream . ExchangeSecretRequest ) ( * pbpeerstream . ExchangeSecretResponse , error ) {
dialCtx , cancel := context . WithTimeout ( ctx , 10 * time . Second )
defer cancel ( )
conn , err := grpc . DialContext ( dialCtx , addr ,
tlsOption ,
)
if err != nil {
return nil , fmt . Errorf ( "failed to dial peer: %w" , err )
}
defer conn . Close ( )
client := pbpeerstream . NewPeerStreamServiceClient ( conn )
return client . ExchangeSecret ( ctx , req )
}
2022-07-12 23:18:05 +00:00
// OPTIMIZE: Handle blocking queries
2022-07-08 17:01:13 +00:00
func ( s * Server ) PeeringRead ( ctx context . Context , req * pbpeering . PeeringReadRequest ) ( * pbpeering . PeeringReadResponse , error ) {
2022-07-22 22:20:21 +00:00
if ! s . Config . PeeringEnabled {
return nil , peeringNotEnabledErr
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
if err := s . Backend . EnterpriseCheckPartitions ( req . Partition ) ; err != nil {
return nil , grpcstatus . Error ( codes . InvalidArgument , err . Error ( ) )
}
var resp * pbpeering . PeeringReadResponse
2022-07-12 23:18:05 +00:00
handled , err := s . ForwardRPC ( & readRequest , func ( conn * grpc . ClientConn ) error {
ctx := external . ForwardMetadataContext ( ctx )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
var err error
resp , err = pbpeering . NewPeeringServiceClient ( conn ) . PeeringRead ( ctx , req )
return err
} )
if handled || err != nil {
return resp , err
}
defer metrics . MeasureSince ( [ ] string { "peering" , "read" } , time . Now ( ) )
2022-07-12 23:18:05 +00:00
var authzCtx acl . AuthorizerContext
entMeta := structs . DefaultEnterpriseMetaInPartition ( req . Partition )
2022-09-28 16:56:59 +00:00
options , err := external . QueryOptionsFromContext ( ctx )
if err != nil {
return nil , err
}
authz , err := s . Backend . ResolveTokenAndDefaultMeta ( options . Token , entMeta , & authzCtx )
2022-07-12 23:18:05 +00:00
if err != nil {
return nil , err
}
if err := authz . ToAllowAuthorizer ( ) . PeeringReadAllowed ( & authzCtx ) ; err != nil {
return nil , err
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
q := state . Query {
Value : strings . ToLower ( req . Name ) ,
2022-07-12 23:18:05 +00:00
EnterpriseMeta : * entMeta ,
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
_ , peering , err := s . Backend . Store ( ) . PeeringRead ( nil , q )
if err != nil {
return nil , err
}
2022-06-29 16:43:50 +00:00
if peering == nil {
return & pbpeering . PeeringReadResponse { Peering : nil } , nil
}
2022-07-15 17:20:43 +00:00
2022-07-19 18:43:29 +00:00
cp := s . reconcilePeering ( peering )
2022-06-29 16:43:50 +00:00
return & pbpeering . PeeringReadResponse { Peering : cp } , nil
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
}
2022-07-12 23:18:05 +00:00
// OPTIMIZE: Handle blocking queries
2022-07-08 17:01:13 +00:00
func ( s * Server ) PeeringList ( ctx context . Context , req * pbpeering . PeeringListRequest ) ( * pbpeering . PeeringListResponse , error ) {
2022-07-22 22:20:21 +00:00
if ! s . Config . PeeringEnabled {
return nil , peeringNotEnabledErr
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
if err := s . Backend . EnterpriseCheckPartitions ( req . Partition ) ; err != nil {
return nil , grpcstatus . Error ( codes . InvalidArgument , err . Error ( ) )
}
var resp * pbpeering . PeeringListResponse
2022-07-12 23:18:05 +00:00
handled , err := s . ForwardRPC ( & readRequest , func ( conn * grpc . ClientConn ) error {
ctx := external . ForwardMetadataContext ( ctx )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
var err error
resp , err = pbpeering . NewPeeringServiceClient ( conn ) . PeeringList ( ctx , req )
return err
} )
if handled || err != nil {
return resp , err
}
2022-07-12 23:18:05 +00:00
var authzCtx acl . AuthorizerContext
entMeta := structs . DefaultEnterpriseMetaInPartition ( req . Partition )
2022-09-28 16:56:59 +00:00
options , err := external . QueryOptionsFromContext ( ctx )
if err != nil {
return nil , err
}
authz , err := s . Backend . ResolveTokenAndDefaultMeta ( options . Token , entMeta , & authzCtx )
2022-07-12 23:18:05 +00:00
if err != nil {
return nil , err
}
if err := authz . ToAllowAuthorizer ( ) . PeeringReadAllowed ( & authzCtx ) ; err != nil {
return nil , err
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
defer metrics . MeasureSince ( [ ] string { "peering" , "list" } , time . Now ( ) )
2022-07-12 23:18:05 +00:00
_ , peerings , err := s . Backend . Store ( ) . PeeringList ( nil , * entMeta )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
if err != nil {
return nil , err
}
2022-06-29 16:43:50 +00:00
// reconcile the actual peering state; need to copy over the ds for peering
var cPeerings [ ] * pbpeering . Peering
for _ , p := range peerings {
2022-07-19 18:43:29 +00:00
cp := s . reconcilePeering ( p )
2022-06-29 16:43:50 +00:00
cPeerings = append ( cPeerings , cp )
}
2022-07-19 18:43:29 +00:00
2022-06-29 16:43:50 +00:00
return & pbpeering . PeeringListResponse { Peerings : cPeerings } , nil
}
2022-07-19 18:43:29 +00:00
// TODO(peering): Get rid of this func when we stop using the stream tracker for imported/ exported services and the peering state
// reconcilePeering enriches the peering with the following information:
// -- PeeringState.Active if the peering is active
// -- ImportedServicesCount and ExportedServicesCount
// NOTE: we return a new peering with this additional data
func ( s * Server ) reconcilePeering ( peering * pbpeering . Peering ) * pbpeering . Peering {
streamState , found := s . Tracker . StreamStatus ( peering . ID )
if ! found {
s . Logger . Warn ( "did not find peer in stream tracker; cannot populate imported and" +
" exported services count or reconcile peering state" , "peerID" , peering . ID )
return peering
} else {
cp := copyPeering ( peering )
2022-06-29 16:43:50 +00:00
2022-07-19 18:43:29 +00:00
// reconcile pbpeering.PeeringState_Active
if streamState . Connected {
cp . State = pbpeering . PeeringState_ACTIVE
2022-07-25 21:27:53 +00:00
} else if streamState . DisconnectErrorMessage != "" {
cp . State = pbpeering . PeeringState_FAILING
2022-07-19 18:43:29 +00:00
}
2022-06-29 16:43:50 +00:00
2022-09-29 19:37:19 +00:00
// add imported & exported services
cp . ImportedServices = streamState . ImportedServices
cp . ExportedServices = streamState . ExportedServices
2022-07-19 18:43:29 +00:00
cp . ImportedServiceCount = streamState . GetImportedServicesCount ( )
cp . ExportedServiceCount = streamState . GetExportedServicesCount ( )
return cp
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
}
// TODO(peering): As of writing, this method is only used in tests to set up Peerings in the state store.
// Consider removing if we can find another way to populate state store in peering_endpoint_test.go
2022-07-08 17:01:13 +00:00
func ( s * Server ) PeeringWrite ( ctx context . Context , req * pbpeering . PeeringWriteRequest ) ( * pbpeering . PeeringWriteResponse , error ) {
2022-07-22 22:20:21 +00:00
if ! s . Config . PeeringEnabled {
return nil , peeringNotEnabledErr
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
if err := s . Backend . EnterpriseCheckPartitions ( req . Peering . Partition ) ; err != nil {
return nil , grpcstatus . Error ( codes . InvalidArgument , err . Error ( ) )
}
var resp * pbpeering . PeeringWriteResponse
2022-07-12 23:18:05 +00:00
handled , err := s . ForwardRPC ( & writeRequest , func ( conn * grpc . ClientConn ) error {
ctx := external . ForwardMetadataContext ( ctx )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
var err error
resp , err = pbpeering . NewPeeringServiceClient ( conn ) . PeeringWrite ( ctx , req )
return err
} )
if handled || err != nil {
return resp , err
}
defer metrics . MeasureSince ( [ ] string { "peering" , "write" } , time . Now ( ) )
2022-07-12 23:18:05 +00:00
var authzCtx acl . AuthorizerContext
entMeta := structs . DefaultEnterpriseMetaInPartition ( req . Peering . Partition )
2022-09-28 16:56:59 +00:00
options , err := external . QueryOptionsFromContext ( ctx )
if err != nil {
return nil , err
}
authz , err := s . Backend . ResolveTokenAndDefaultMeta ( options . Token , entMeta , & authzCtx )
2022-07-12 23:18:05 +00:00
if err != nil {
return nil , err
}
if err := authz . ToAllowAuthorizer ( ) . PeeringWriteAllowed ( & authzCtx ) ; err != nil {
return nil , err
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
2022-06-21 18:04:08 +00:00
if req . Peering == nil {
return nil , fmt . Errorf ( "missing required peering body" )
}
2022-07-25 18:37:56 +00:00
var id string
peering , err := s . getExistingPeering ( req . Peering . Name , entMeta . PartitionOrDefault ( ) )
2022-06-21 18:04:08 +00:00
if err != nil {
return nil , err
}
2022-07-25 18:37:56 +00:00
if peering == nil {
id , err = lib . GenerateUUID ( s . Backend . CheckPeeringUUID )
if err != nil {
return nil , err
}
} else {
id = peering . ID
}
2022-06-21 18:04:08 +00:00
req . Peering . ID = id
2022-07-08 17:01:13 +00:00
err = s . Backend . PeeringWrite ( req )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
if err != nil {
return nil , err
}
return & pbpeering . PeeringWriteResponse { } , nil
}
2022-07-08 17:01:13 +00:00
func ( s * Server ) PeeringDelete ( ctx context . Context , req * pbpeering . PeeringDeleteRequest ) ( * pbpeering . PeeringDeleteResponse , error ) {
2022-07-22 22:20:21 +00:00
if ! s . Config . PeeringEnabled {
return nil , peeringNotEnabledErr
}
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
if err := s . Backend . EnterpriseCheckPartitions ( req . Partition ) ; err != nil {
return nil , grpcstatus . Error ( codes . InvalidArgument , err . Error ( ) )
}
var resp * pbpeering . PeeringDeleteResponse
2022-07-12 23:18:05 +00:00
handled , err := s . ForwardRPC ( & writeRequest , func ( conn * grpc . ClientConn ) error {
ctx := external . ForwardMetadataContext ( ctx )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
var err error
resp , err = pbpeering . NewPeeringServiceClient ( conn ) . PeeringDelete ( ctx , req )
return err
} )
if handled || err != nil {
return resp , err
}
defer metrics . MeasureSince ( [ ] string { "peering" , "delete" } , time . Now ( ) )
2022-07-12 23:18:05 +00:00
var authzCtx acl . AuthorizerContext
entMeta := structs . DefaultEnterpriseMetaInPartition ( req . Partition )
2022-09-28 16:56:59 +00:00
options , err := external . QueryOptionsFromContext ( ctx )
if err != nil {
return nil , err
}
authz , err := s . Backend . ResolveTokenAndDefaultMeta ( options . Token , entMeta , & authzCtx )
2022-07-12 23:18:05 +00:00
if err != nil {
return nil , err
}
if err := authz . ToAllowAuthorizer ( ) . PeeringWriteAllowed ( & authzCtx ) ; err != nil {
return nil , err
}
2022-06-08 22:53:32 +00:00
q := state . Query {
Value : strings . ToLower ( req . Name ) ,
2022-07-12 23:18:05 +00:00
EnterpriseMeta : * entMeta ,
2022-06-08 22:53:32 +00:00
}
_ , existing , err := s . Backend . Store ( ) . PeeringRead ( nil , q )
if err != nil {
return nil , err
}
2022-08-26 16:52:47 +00:00
if existing == nil || existing . State == pbpeering . PeeringState_DELETING {
2022-06-08 22:53:32 +00:00
// Return early when the Peering doesn't exist or is already marked for deletion.
// We don't return nil because the pb will fail to marshal.
return & pbpeering . PeeringDeleteResponse { } , nil
}
2022-08-26 16:52:47 +00:00
2022-06-08 22:53:32 +00:00
// We are using a write request due to needing to perform a deferred deletion.
// The peering gets marked for deletion by setting the DeletedAt field,
// and a leader routine will handle deleting the peering.
writeReq := & pbpeering . PeeringWriteRequest {
Peering : & pbpeering . Peering {
// We only need to include the name and partition for the peering to be identified.
// All other data associated with the peering can be discarded because once marked
// for deletion the peering is effectively gone.
2022-08-03 00:10:34 +00:00
ID : existing . ID ,
Name : req . Name ,
State : pbpeering . PeeringState_DELETING ,
PeerServerAddresses : existing . PeerServerAddresses ,
DeletedAt : structs . TimeToProto ( time . Now ( ) . UTC ( ) ) ,
2022-07-12 23:18:05 +00:00
// PartitionOrEmpty is used to avoid writing "default" in OSS.
Partition : entMeta . PartitionOrEmpty ( ) ,
2022-06-08 22:53:32 +00:00
} ,
}
2022-07-08 17:01:13 +00:00
err = s . Backend . PeeringWrite ( writeReq )
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
if err != nil {
return nil , err
}
return & pbpeering . PeeringDeleteResponse { } , nil
}
2022-07-12 23:18:05 +00:00
// OPTIMIZE: Handle blocking queries
2022-07-08 17:01:13 +00:00
func ( s * Server ) TrustBundleRead ( ctx context . Context , req * pbpeering . TrustBundleReadRequest ) ( * pbpeering . TrustBundleReadResponse , error ) {
2022-07-22 22:20:21 +00:00
if ! s . Config . PeeringEnabled {
return nil , peeringNotEnabledErr
}
2022-05-31 15:54:40 +00:00
if err := s . Backend . EnterpriseCheckPartitions ( req . Partition ) ; err != nil {
return nil , grpcstatus . Error ( codes . InvalidArgument , err . Error ( ) )
}
2022-09-28 16:56:59 +00:00
options , err := external . QueryOptionsFromContext ( ctx )
if err != nil {
return nil , err
}
2022-05-31 15:54:40 +00:00
var resp * pbpeering . TrustBundleReadResponse
2022-07-12 23:18:05 +00:00
handled , err := s . ForwardRPC ( & readRequest , func ( conn * grpc . ClientConn ) error {
ctx := external . ForwardMetadataContext ( ctx )
2022-05-31 15:54:40 +00:00
var err error
resp , err = pbpeering . NewPeeringServiceClient ( conn ) . TrustBundleRead ( ctx , req )
return err
} )
if handled || err != nil {
return resp , err
}
defer metrics . MeasureSince ( [ ] string { "peering" , "trust_bundle_read" } , time . Now ( ) )
2022-07-12 23:18:05 +00:00
var authzCtx acl . AuthorizerContext
entMeta := structs . DefaultEnterpriseMetaInPartition ( req . Partition )
2022-09-28 16:56:59 +00:00
authz , err := s . Backend . ResolveTokenAndDefaultMeta ( options . Token , entMeta , & authzCtx )
2022-07-12 23:18:05 +00:00
if err != nil {
return nil , err
}
if err := authz . ToAllowAuthorizer ( ) . ServiceWriteAnyAllowed ( & authzCtx ) ; err != nil {
return nil , err
}
2022-05-31 15:54:40 +00:00
idx , trustBundle , err := s . Backend . Store ( ) . PeeringTrustBundleRead ( nil , state . Query {
Value : req . Name ,
2022-07-12 23:18:05 +00:00
EnterpriseMeta : * entMeta ,
2022-05-31 15:54:40 +00:00
} )
if err != nil {
return nil , fmt . Errorf ( "failed to read trust bundle for peer %s: %w" , req . Name , err )
}
return & pbpeering . TrustBundleReadResponse {
Index : idx ,
Bundle : trustBundle ,
} , nil
}
2022-06-15 19:36:18 +00:00
// TODO(peering): rename rpc & request/response to drop the "service" part
2022-07-12 23:18:05 +00:00
// OPTIMIZE: Handle blocking queries
2022-07-08 17:01:13 +00:00
func ( s * Server ) TrustBundleListByService ( ctx context . Context , req * pbpeering . TrustBundleListByServiceRequest ) ( * pbpeering . TrustBundleListByServiceResponse , error ) {
2022-07-22 22:20:21 +00:00
if ! s . Config . PeeringEnabled {
return nil , peeringNotEnabledErr
}
2022-05-12 22:58:22 +00:00
if err := s . Backend . EnterpriseCheckPartitions ( req . Partition ) ; err != nil {
return nil , grpcstatus . Error ( codes . InvalidArgument , err . Error ( ) )
}
2022-06-08 16:55:18 +00:00
if err := s . Backend . EnterpriseCheckNamespaces ( req . Namespace ) ; err != nil {
return nil , grpcstatus . Error ( codes . InvalidArgument , err . Error ( ) )
}
2022-07-12 23:18:05 +00:00
if req . ServiceName == "" {
return nil , errors . New ( "missing service name" )
}
2022-05-12 22:58:22 +00:00
var resp * pbpeering . TrustBundleListByServiceResponse
2022-07-12 23:18:05 +00:00
handled , err := s . ForwardRPC ( & readRequest , func ( conn * grpc . ClientConn ) error {
ctx := external . ForwardMetadataContext ( ctx )
2022-05-12 22:58:22 +00:00
var err error
resp , err = pbpeering . NewPeeringServiceClient ( conn ) . TrustBundleListByService ( ctx , req )
return err
} )
if handled || err != nil {
return resp , err
}
defer metrics . MeasureSince ( [ ] string { "peering" , "trust_bundle_list_by_service" } , time . Now ( ) )
2022-07-12 23:18:05 +00:00
var authzCtx acl . AuthorizerContext
2022-05-23 23:57:42 +00:00
entMeta := acl . NewEnterpriseMetaWithPartition ( req . Partition , req . Namespace )
2022-09-28 16:56:59 +00:00
options , err := external . QueryOptionsFromContext ( ctx )
if err != nil {
return nil , err
}
authz , err := s . Backend . ResolveTokenAndDefaultMeta ( options . Token , & entMeta , & authzCtx )
2022-07-12 23:18:05 +00:00
if err != nil {
return nil , err
}
if err := authz . ToAllowAuthorizer ( ) . ServiceWriteAllowed ( req . ServiceName , & authzCtx ) ; err != nil {
return nil , err
}
2022-06-15 19:36:18 +00:00
var (
idx uint64
bundles [ ] * pbpeering . PeeringTrustBundle
)
switch {
case req . Kind == string ( structs . ServiceKindMeshGateway ) :
idx , bundles , err = s . Backend . Store ( ) . PeeringTrustBundleList ( nil , entMeta )
2022-07-12 23:18:05 +00:00
case req . ServiceName != "" :
idx , bundles , err = s . Backend . Store ( ) . TrustBundleListByService ( nil , req . ServiceName , s . Datacenter , entMeta )
2022-06-15 19:36:18 +00:00
case req . Kind != "" :
return nil , grpcstatus . Error ( codes . InvalidArgument , "kind must be mesh-gateway if set" )
default :
return nil , grpcstatus . Error ( codes . InvalidArgument , "one of service or kind is required" )
}
2022-05-12 22:58:22 +00:00
if err != nil {
2022-05-23 23:57:42 +00:00
return nil , err
2022-05-12 22:58:22 +00:00
}
2022-05-23 23:57:42 +00:00
return & pbpeering . TrustBundleListByServiceResponse { Index : idx , Bundles : bundles } , nil
2022-05-12 22:58:22 +00:00
}
2022-07-22 22:56:25 +00:00
func ( s * Server ) getExistingPeering ( peerName , partition string ) ( * pbpeering . Peering , error ) {
q := state . Query {
Value : strings . ToLower ( peerName ) ,
EnterpriseMeta : * structs . NodeEnterpriseMetaInPartition ( partition ) ,
}
_ , peering , err := s . Backend . Store ( ) . PeeringRead ( nil , q )
if err != nil {
return nil , err
}
return peering , nil
}
2022-08-01 14:33:18 +00:00
func ( s * Server ) generateNewEstablishmentSecret ( ) ( string , error ) {
id , err := lib . GenerateUUID ( s . Backend . ValidateProposedPeeringSecret )
if err != nil {
return "" , err
}
return id , nil
}
2022-07-22 22:56:25 +00:00
// validatePeer enforces the following rule for an existing peering:
// - if a peering already exists, it can only be used as an acceptor or dialer
//
// We define a DIALER as a peering that has server addresses (or a peering that is created via the Establish endpoint)
// Conversely, we define an ACCEPTOR as a peering that is created via the GenerateToken endpoint
2022-07-25 18:37:56 +00:00
func validatePeer ( peering * pbpeering . Peering , shouldDial bool ) error {
if peering != nil && peering . ShouldDial ( ) != shouldDial {
if shouldDial {
2022-07-22 22:56:25 +00:00
return fmt . Errorf ( "cannot create peering with name: %q; there is an existing peering expecting to be dialed" , peering . Name )
} else {
return fmt . Errorf ( "cannot create peering with name: %q; there is already an established peering" , peering . Name )
}
}
return nil
}
2022-07-19 18:43:29 +00:00
func copyPeering ( p * pbpeering . Peering ) * pbpeering . Peering {
var copyP pbpeering . Peering
proto . Merge ( & copyP , p )
return & copyP
2022-06-29 16:43:50 +00:00
}