2017-11-29 20:43:27 +00:00
|
|
|
package fsm
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"time"
|
|
|
|
|
2020-11-14 00:26:08 +00:00
|
|
|
"github.com/armon/go-metrics"
|
|
|
|
"github.com/armon/go-metrics/prometheus"
|
2021-02-03 23:10:38 +00:00
|
|
|
|
2020-12-09 21:22:29 +00:00
|
|
|
"github.com/hashicorp/consul/agent/consul/state"
|
2017-11-29 20:43:27 +00:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
|
|
"github.com/hashicorp/consul/api"
|
2023-02-17 21:14:46 +00:00
|
|
|
"github.com/hashicorp/consul/proto/private/pbpeering"
|
2017-11-29 20:43:27 +00:00
|
|
|
)
|
|
|
|
|
2020-11-14 00:26:08 +00:00
|
|
|
var CommandsSummaries = []prometheus.SummaryDefinition{
|
|
|
|
{
|
|
|
|
Name: []string{"fsm", "register"},
|
2020-11-16 19:02:11 +00:00
|
|
|
Help: "Measures the time it takes to apply a catalog register operation to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"fsm", "deregister"},
|
2020-11-16 19:02:11 +00:00
|
|
|
Help: "Measures the time it takes to apply a catalog deregister operation to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"fsm", "kvs"},
|
2020-11-16 19:02:11 +00:00
|
|
|
Help: "Measures the time it takes to apply the given KV operation to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"fsm", "session"},
|
2020-11-16 19:02:11 +00:00
|
|
|
Help: "Measures the time it takes to apply the given session operation to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"fsm", "acl"},
|
2020-11-16 19:02:11 +00:00
|
|
|
Help: "Measures the time it takes to apply the given ACL operation to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"fsm", "tombstone"},
|
2020-11-16 19:02:11 +00:00
|
|
|
Help: "Measures the time it takes to apply the given tombstone operation to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"fsm", "coordinate", "batch-update"},
|
2020-11-16 19:02:11 +00:00
|
|
|
Help: "Measures the time it takes to apply the given batch coordinate update to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"fsm", "prepared-query"},
|
2020-11-16 19:02:11 +00:00
|
|
|
Help: "Measures the time it takes to apply the given prepared query update operation to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"fsm", "txn"},
|
2020-11-16 19:02:11 +00:00
|
|
|
Help: "Measures the time it takes to apply the given transaction update to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"fsm", "autopilot"},
|
2020-11-16 19:02:11 +00:00
|
|
|
Help: "Measures the time it takes to apply the given autopilot update to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"consul", "fsm", "intention"},
|
2020-11-23 20:42:51 +00:00
|
|
|
Help: "Deprecated - use fsm_intention instead",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"fsm", "intention"},
|
2020-11-23 20:42:51 +00:00
|
|
|
Help: "Measures the time it takes to apply an intention operation to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"consul", "fsm", "ca"},
|
2020-11-23 20:42:51 +00:00
|
|
|
Help: "Deprecated - use fsm_ca instead",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
2020-11-23 20:42:51 +00:00
|
|
|
Name: []string{"fsm", "ca"},
|
|
|
|
Help: "Measures the time it takes to apply CA configuration operations to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
2020-11-23 20:42:51 +00:00
|
|
|
Name: []string{"fsm", "ca", "leaf"},
|
|
|
|
Help: "Measures the time it takes to apply an operation while signing a leaf certificate.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
2020-11-23 20:42:51 +00:00
|
|
|
Name: []string{"fsm", "acl", "token"},
|
|
|
|
Help: "Measures the time it takes to apply an ACL token operation to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"fsm", "acl", "policy"},
|
2020-11-23 20:42:51 +00:00
|
|
|
Help: "Measures the time it takes to apply an ACL policy operation to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"fsm", "acl", "bindingrule"},
|
2020-11-23 20:42:51 +00:00
|
|
|
Help: "Measures the time it takes to apply an ACL binding rule operation to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"fsm", "acl", "authmethod"},
|
2020-11-23 20:42:51 +00:00
|
|
|
Help: "Measures the time it takes to apply an ACL authmethod operation to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"fsm", "system_metadata"},
|
2020-11-23 20:42:51 +00:00
|
|
|
Help: "Measures the time it takes to apply a system metadata operation to the FSM.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
{
|
|
|
|
Name: []string{"fsm", "peering"},
|
|
|
|
Help: "Measures the time it takes to apply a peering operation to the FSM.",
|
|
|
|
},
|
2020-11-14 00:26:08 +00:00
|
|
|
// TODO(kit): We generate the config-entry fsm summaries by reading off of the request. It is
|
|
|
|
// possible to statically declare these when we know all of the names, but I didn't get to it
|
|
|
|
// in this patch. Config-entries are known though and we should add these in the future.
|
|
|
|
// {
|
|
|
|
// Name: []string{"fsm", "config_entry", req.Entry.GetKind()},
|
|
|
|
// Help: "",
|
|
|
|
// },
|
|
|
|
}
|
|
|
|
|
2017-11-29 20:43:27 +00:00
|
|
|
func init() {
|
|
|
|
registerCommand(structs.RegisterRequestType, (*FSM).applyRegister)
|
|
|
|
registerCommand(structs.DeregisterRequestType, (*FSM).applyDeregister)
|
|
|
|
registerCommand(structs.KVSRequestType, (*FSM).applyKVSOperation)
|
|
|
|
registerCommand(structs.SessionRequestType, (*FSM).applySessionOperation)
|
2018-10-19 16:04:07 +00:00
|
|
|
// DEPRECATED (ACL-Legacy-Compat) - Only needed for v1 ACL compat
|
2021-09-22 15:43:13 +00:00
|
|
|
registerCommand(structs.DeprecatedACLRequestType, (*FSM).deprecatedApplyACLOperation)
|
2017-11-29 20:43:27 +00:00
|
|
|
registerCommand(structs.TombstoneRequestType, (*FSM).applyTombstoneOperation)
|
|
|
|
registerCommand(structs.CoordinateBatchUpdateType, (*FSM).applyCoordinateBatchUpdate)
|
|
|
|
registerCommand(structs.PreparedQueryRequestType, (*FSM).applyPreparedQueryOperation)
|
|
|
|
registerCommand(structs.TxnRequestType, (*FSM).applyTxn)
|
|
|
|
registerCommand(structs.AutopilotRequestType, (*FSM).applyAutopilotUpdate)
|
2018-02-28 18:28:07 +00:00
|
|
|
registerCommand(structs.IntentionRequestType, (*FSM).applyIntentionOperation)
|
2018-03-21 17:10:53 +00:00
|
|
|
registerCommand(structs.ConnectCARequestType, (*FSM).applyConnectCAOperation)
|
2018-10-31 20:00:46 +00:00
|
|
|
registerCommand(structs.ACLTokenSetRequestType, (*FSM).applyACLTokenSetOperation)
|
2018-10-19 16:04:07 +00:00
|
|
|
registerCommand(structs.ACLTokenDeleteRequestType, (*FSM).applyACLTokenDeleteOperation)
|
|
|
|
registerCommand(structs.ACLBootstrapRequestType, (*FSM).applyACLTokenBootstrap)
|
2018-10-31 20:00:46 +00:00
|
|
|
registerCommand(structs.ACLPolicySetRequestType, (*FSM).applyACLPolicySetOperation)
|
2018-10-19 16:04:07 +00:00
|
|
|
registerCommand(structs.ACLPolicyDeleteRequestType, (*FSM).applyACLPolicyDeleteOperation)
|
2019-01-11 21:04:57 +00:00
|
|
|
registerCommand(structs.ConnectCALeafRequestType, (*FSM).applyConnectCALeafOperation)
|
2019-03-28 06:56:35 +00:00
|
|
|
registerCommand(structs.ConfigEntryRequestType, (*FSM).applyConfigEntryOperation)
|
2019-04-15 20:43:19 +00:00
|
|
|
registerCommand(structs.ACLRoleSetRequestType, (*FSM).applyACLRoleSetOperation)
|
|
|
|
registerCommand(structs.ACLRoleDeleteRequestType, (*FSM).applyACLRoleDeleteOperation)
|
2019-04-26 17:49:28 +00:00
|
|
|
registerCommand(structs.ACLBindingRuleSetRequestType, (*FSM).applyACLBindingRuleSetOperation)
|
|
|
|
registerCommand(structs.ACLBindingRuleDeleteRequestType, (*FSM).applyACLBindingRuleDeleteOperation)
|
|
|
|
registerCommand(structs.ACLAuthMethodSetRequestType, (*FSM).applyACLAuthMethodSetOperation)
|
|
|
|
registerCommand(structs.ACLAuthMethodDeleteRequestType, (*FSM).applyACLAuthMethodDeleteOperation)
|
2020-03-09 20:59:02 +00:00
|
|
|
registerCommand(structs.FederationStateRequestType, (*FSM).applyFederationStateOperation)
|
2020-10-06 15:08:37 +00:00
|
|
|
registerCommand(structs.SystemMetadataRequestType, (*FSM).applySystemMetadataOperation)
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
registerCommand(structs.PeeringWriteType, (*FSM).applyPeeringWrite)
|
|
|
|
registerCommand(structs.PeeringDeleteType, (*FSM).applyPeeringDelete)
|
|
|
|
registerCommand(structs.PeeringTerminateByIDType, (*FSM).applyPeeringTerminate)
|
|
|
|
registerCommand(structs.PeeringTrustBundleWriteType, (*FSM).applyPeeringTrustBundleWrite)
|
|
|
|
registerCommand(structs.PeeringTrustBundleDeleteType, (*FSM).applyPeeringTrustBundleDelete)
|
2022-08-01 14:33:18 +00:00
|
|
|
registerCommand(structs.PeeringSecretsWriteType, (*FSM).applyPeeringSecretsWrite)
|
2017-11-29 20:43:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyRegister(buf []byte, index uint64) interface{} {
|
|
|
|
defer metrics.MeasureSince([]string{"fsm", "register"}, time.Now())
|
|
|
|
var req structs.RegisterRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
// Apply all updates in a single transaction
|
|
|
|
if err := c.state.EnsureRegistration(index, &req); err != nil {
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("EnsureRegistration failed", "error", err)
|
2017-11-29 20:43:27 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyDeregister(buf []byte, index uint64) interface{} {
|
|
|
|
defer metrics.MeasureSince([]string{"fsm", "deregister"}, time.Now())
|
|
|
|
var req structs.DeregisterRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
// Either remove the service entry or the whole node. The precedence
|
|
|
|
// here is also baked into vetDeregisterWithACL() in acl.go, so if you
|
|
|
|
// make changes here, be sure to also adjust the code over there.
|
|
|
|
if req.ServiceID != "" {
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
if err := c.state.DeleteService(index, req.Node, req.ServiceID, &req.EnterpriseMeta, req.PeerName); err != nil {
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("DeleteNodeService failed", "error", err)
|
2017-11-29 20:43:27 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
} else if req.CheckID != "" {
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
if err := c.state.DeleteCheck(index, req.Node, req.CheckID, &req.EnterpriseMeta, req.PeerName); err != nil {
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("DeleteNodeCheck failed", "error", err)
|
2017-11-29 20:43:27 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
} else {
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
if err := c.state.DeleteNode(index, req.Node, &req.EnterpriseMeta, req.PeerName); err != nil {
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("DeleteNode failed", "error", err)
|
2017-11-29 20:43:27 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyKVSOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.KVSRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "kvs"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
switch req.Op {
|
|
|
|
case api.KVSet:
|
|
|
|
return c.state.KVSSet(index, &req.DirEnt)
|
|
|
|
case api.KVDelete:
|
2019-11-25 17:57:35 +00:00
|
|
|
return c.state.KVSDelete(index, req.DirEnt.Key, &req.DirEnt.EnterpriseMeta)
|
2017-11-29 20:43:27 +00:00
|
|
|
case api.KVDeleteCAS:
|
2019-11-25 17:57:35 +00:00
|
|
|
act, err := c.state.KVSDeleteCAS(index, req.DirEnt.ModifyIndex, req.DirEnt.Key, &req.DirEnt.EnterpriseMeta)
|
2017-11-29 20:43:27 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return act
|
|
|
|
case api.KVDeleteTree:
|
2019-11-25 17:57:35 +00:00
|
|
|
return c.state.KVSDeleteTree(index, req.DirEnt.Key, &req.DirEnt.EnterpriseMeta)
|
2017-11-29 20:43:27 +00:00
|
|
|
case api.KVCAS:
|
|
|
|
act, err := c.state.KVSSetCAS(index, &req.DirEnt)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return act
|
|
|
|
case api.KVLock:
|
|
|
|
act, err := c.state.KVSLock(index, &req.DirEnt)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return act
|
|
|
|
case api.KVUnlock:
|
|
|
|
act, err := c.state.KVSUnlock(index, &req.DirEnt)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return act
|
|
|
|
default:
|
|
|
|
err := fmt.Errorf("Invalid KVS operation '%s'", req.Op)
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("Invalid KVS operation", "operation", req.Op)
|
2017-11-29 20:43:27 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applySessionOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.SessionRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "session"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
switch req.Op {
|
|
|
|
case structs.SessionCreate:
|
|
|
|
if err := c.state.SessionCreate(index, &req.Session); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return req.Session.ID
|
|
|
|
case structs.SessionDestroy:
|
2019-11-25 17:07:04 +00:00
|
|
|
return c.state.SessionDestroy(index, req.Session.ID, &req.Session.EnterpriseMeta)
|
2017-11-29 20:43:27 +00:00
|
|
|
default:
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("Invalid Session operation", "operation", req.Op)
|
2017-11-29 20:43:27 +00:00
|
|
|
return fmt.Errorf("Invalid Session operation '%s'", req.Op)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2021-09-22 15:43:13 +00:00
|
|
|
func (c *FSM) deprecatedApplyACLOperation(_ []byte, _ uint64) interface{} {
|
|
|
|
return fmt.Errorf("legacy ACL command has been removed with the legacy ACL system")
|
2017-11-29 20:43:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyTombstoneOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.TombstoneRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "tombstone"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
switch req.Op {
|
|
|
|
case structs.TombstoneReap:
|
2020-03-19 13:11:20 +00:00
|
|
|
return c.state.ReapTombstones(index, req.ReapIndex)
|
2017-11-29 20:43:27 +00:00
|
|
|
default:
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("Invalid Tombstone operation", "operation", req.Op)
|
2017-11-29 20:43:27 +00:00
|
|
|
return fmt.Errorf("Invalid Tombstone operation '%s'", req.Op)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// applyCoordinateBatchUpdate processes a batch of coordinate updates and applies
|
|
|
|
// them in a single underlying transaction. This interface isn't 1:1 with the outer
|
|
|
|
// update interface that the coordinate endpoint exposes, so we made it single
|
|
|
|
// purpose and avoided the opcode convention.
|
|
|
|
func (c *FSM) applyCoordinateBatchUpdate(buf []byte, index uint64) interface{} {
|
|
|
|
var updates structs.Coordinates
|
|
|
|
if err := structs.Decode(buf, &updates); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode batch updates: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSince([]string{"fsm", "coordinate", "batch-update"}, time.Now())
|
|
|
|
if err := c.state.CoordinateBatchUpdate(index, updates); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// applyPreparedQueryOperation applies the given prepared query operation to the
|
|
|
|
// state store.
|
|
|
|
func (c *FSM) applyPreparedQueryOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.PreparedQueryRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "prepared-query"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
switch req.Op {
|
|
|
|
case structs.PreparedQueryCreate, structs.PreparedQueryUpdate:
|
|
|
|
return c.state.PreparedQuerySet(index, req.Query)
|
|
|
|
case structs.PreparedQueryDelete:
|
|
|
|
return c.state.PreparedQueryDelete(index, req.Query.ID)
|
|
|
|
default:
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("Invalid PreparedQuery operation", "operation", req.Op)
|
2017-11-29 20:43:27 +00:00
|
|
|
return fmt.Errorf("Invalid PreparedQuery operation '%s'", req.Op)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyTxn(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.TxnRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSince([]string{"fsm", "txn"}, time.Now())
|
|
|
|
results, errors := c.state.TxnRW(index, req.Ops)
|
|
|
|
return structs.TxnResponse{
|
|
|
|
Results: results,
|
|
|
|
Errors: errors,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyAutopilotUpdate(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.AutopilotSetConfigRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSince([]string{"fsm", "autopilot"}, time.Now())
|
|
|
|
|
|
|
|
if req.CAS {
|
|
|
|
act, err := c.state.AutopilotCASConfig(index, req.Config.ModifyIndex, &req.Config)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return act
|
|
|
|
}
|
|
|
|
return c.state.AutopilotSetConfig(index, &req.Config)
|
|
|
|
}
|
2018-02-28 18:28:07 +00:00
|
|
|
|
|
|
|
// applyIntentionOperation applies the given intention operation to the state store.
|
|
|
|
func (c *FSM) applyIntentionOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.IntentionRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
|
2020-11-23 20:42:51 +00:00
|
|
|
// TODO(kit): We should deprecate this first metric that writes the metrics_prefix itself,
|
|
|
|
// the config we use to flag this out, telemetry.disable_compat_1.9 is on the agent - how do
|
|
|
|
// we access it here?
|
2018-02-28 18:28:07 +00:00
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"consul", "fsm", "intention"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
2020-11-23 20:42:51 +00:00
|
|
|
|
2018-02-28 18:28:07 +00:00
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "intention"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
2020-11-13 20:42:21 +00:00
|
|
|
|
|
|
|
if req.Mutation != nil {
|
|
|
|
return c.state.IntentionMutation(index, req.Op, req.Mutation)
|
|
|
|
}
|
|
|
|
|
2018-02-28 18:28:07 +00:00
|
|
|
switch req.Op {
|
|
|
|
case structs.IntentionOpCreate, structs.IntentionOpUpdate:
|
2020-10-06 18:24:05 +00:00
|
|
|
//nolint:staticcheck
|
|
|
|
return c.state.LegacyIntentionSet(index, req.Intention)
|
2018-02-28 18:28:07 +00:00
|
|
|
case structs.IntentionOpDelete:
|
2020-10-06 18:24:05 +00:00
|
|
|
//nolint:staticcheck
|
|
|
|
return c.state.LegacyIntentionDelete(index, req.Intention.ID)
|
|
|
|
case structs.IntentionOpDeleteAll:
|
|
|
|
return c.state.LegacyIntentionDeleteAll(index)
|
|
|
|
case structs.IntentionOpUpsert:
|
|
|
|
fallthrough // unsupported
|
2018-02-28 18:28:07 +00:00
|
|
|
default:
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("Invalid Intention operation", "operation", req.Op)
|
2018-02-28 18:28:07 +00:00
|
|
|
return fmt.Errorf("Invalid Intention operation '%s'", req.Op)
|
|
|
|
}
|
|
|
|
}
|
2018-03-21 17:10:53 +00:00
|
|
|
|
|
|
|
// applyConnectCAOperation applies the given CA operation to the state store.
|
|
|
|
func (c *FSM) applyConnectCAOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.CARequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"consul", "fsm", "ca"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "ca"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
2021-12-02 22:10:25 +00:00
|
|
|
|
|
|
|
result := ApplyConnectCAOperationFromRequest(c.state, &req, index)
|
|
|
|
if err, ok := result.(error); ok && err != nil {
|
|
|
|
c.logger.Warn("Failed to apply CA operation", "operation", req.Op)
|
|
|
|
}
|
|
|
|
return result
|
|
|
|
}
|
|
|
|
|
|
|
|
func ApplyConnectCAOperationFromRequest(state *state.Store, req *structs.CARequest, index uint64) interface{} {
|
2018-03-21 17:10:53 +00:00
|
|
|
switch req.Op {
|
2018-04-07 00:58:45 +00:00
|
|
|
case structs.CAOpSetConfig:
|
|
|
|
if req.Config.ModifyIndex != 0 {
|
2021-12-02 22:10:25 +00:00
|
|
|
act, err := state.CACheckAndSetConfig(index, req.Config.ModifyIndex, req.Config)
|
2018-04-07 00:58:45 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return act
|
|
|
|
}
|
|
|
|
|
2021-12-02 22:10:25 +00:00
|
|
|
return state.CASetConfig(index, req.Config)
|
2018-04-07 00:58:45 +00:00
|
|
|
case structs.CAOpSetRoots:
|
2021-12-02 22:10:25 +00:00
|
|
|
act, err := state.CARootSetCAS(index, req.Index, req.Roots)
|
2018-03-21 17:10:53 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2018-04-20 08:30:34 +00:00
|
|
|
return act
|
|
|
|
case structs.CAOpSetProviderState:
|
2021-12-02 22:10:25 +00:00
|
|
|
act, err := state.CASetProviderState(index, req.ProviderState)
|
2018-04-20 08:30:34 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2018-04-21 01:46:02 +00:00
|
|
|
return act
|
|
|
|
case structs.CAOpDeleteProviderState:
|
2021-12-02 22:10:25 +00:00
|
|
|
if err := state.CADeleteProviderState(index, req.ProviderState.ID); err != nil {
|
2018-04-21 01:46:02 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return true
|
|
|
|
case structs.CAOpSetRootsAndConfig:
|
2021-12-02 22:10:25 +00:00
|
|
|
act, err := state.CARootSetCAS(index, req.Index, req.Roots)
|
2018-04-21 01:46:02 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2018-11-07 06:46:06 +00:00
|
|
|
if !act {
|
|
|
|
return act
|
|
|
|
}
|
2018-04-21 01:46:02 +00:00
|
|
|
|
2021-12-02 22:10:25 +00:00
|
|
|
act, err = state.CACheckAndSetConfig(index, req.Config.ModifyIndex, req.Config)
|
2018-11-07 06:46:06 +00:00
|
|
|
if err != nil {
|
2018-04-21 01:46:02 +00:00
|
|
|
return err
|
|
|
|
}
|
2018-03-21 17:10:53 +00:00
|
|
|
return act
|
2020-01-09 15:32:19 +00:00
|
|
|
case structs.CAOpIncrementProviderSerialNumber:
|
2021-12-02 22:10:25 +00:00
|
|
|
sn, err := state.CAIncrementProviderSerialNumber(index)
|
2020-01-09 15:32:19 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return sn
|
2018-03-21 17:10:53 +00:00
|
|
|
default:
|
|
|
|
return fmt.Errorf("Invalid CA operation '%s'", req.Op)
|
|
|
|
}
|
|
|
|
}
|
2018-10-19 16:04:07 +00:00
|
|
|
|
2020-11-23 20:42:51 +00:00
|
|
|
// applyConnectCALeafOperation applies an operation while signing a leaf certificate.
|
2019-01-11 21:04:57 +00:00
|
|
|
func (c *FSM) applyConnectCALeafOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.CALeafRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "ca", "leaf"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
switch req.Op {
|
|
|
|
case structs.CALeafOpIncrementIndex:
|
2020-03-19 13:11:20 +00:00
|
|
|
// Use current index as the new value as well as the value to write at.
|
|
|
|
if err := c.state.CALeafSetIndex(index, index); err != nil {
|
2019-01-11 21:04:57 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return index
|
|
|
|
default:
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("Invalid CA Leaf operation", "operation", req.Op)
|
2019-01-11 21:04:57 +00:00
|
|
|
return fmt.Errorf("Invalid CA operation '%s'", req.Op)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-31 20:00:46 +00:00
|
|
|
func (c *FSM) applyACLTokenSetOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLTokenBatchSetRequest
|
2018-10-19 16:04:07 +00:00
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "token"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
|
|
|
|
2020-12-09 21:22:29 +00:00
|
|
|
opts := state.ACLTokenSetOptions{
|
|
|
|
CAS: req.CAS,
|
|
|
|
AllowMissingPolicyAndRoleIDs: req.AllowMissingLinks,
|
|
|
|
ProhibitUnprivileged: req.ProhibitUnprivileged,
|
|
|
|
FromReplication: req.FromReplication,
|
|
|
|
}
|
|
|
|
return c.state.ACLTokenBatchSet(index, req.Tokens, opts)
|
2018-10-19 16:04:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyACLTokenDeleteOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLTokenBatchDeleteRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "token"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
|
2018-10-31 20:00:46 +00:00
|
|
|
return c.state.ACLTokenBatchDelete(index, req.TokenIDs)
|
2018-10-19 16:04:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyACLTokenBootstrap(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLTokenBootstrapRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "token"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "bootstrap"}})
|
2021-09-21 23:50:54 +00:00
|
|
|
return c.state.ACLBootstrap(index, req.ResetIndex, &req.Token)
|
2018-10-19 16:04:07 +00:00
|
|
|
}
|
|
|
|
|
2018-10-31 20:00:46 +00:00
|
|
|
func (c *FSM) applyACLPolicySetOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLPolicyBatchSetRequest
|
2018-10-19 16:04:07 +00:00
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "policy"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
|
|
|
|
2018-10-31 20:00:46 +00:00
|
|
|
return c.state.ACLPolicyBatchSet(index, req.Policies)
|
2018-10-19 16:04:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyACLPolicyDeleteOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLPolicyBatchDeleteRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "policy"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
|
2018-10-31 20:00:46 +00:00
|
|
|
return c.state.ACLPolicyBatchDelete(index, req.PolicyIDs)
|
2018-10-19 16:04:07 +00:00
|
|
|
}
|
2019-03-19 22:56:17 +00:00
|
|
|
|
2019-03-28 06:56:35 +00:00
|
|
|
func (c *FSM) applyConfigEntryOperation(buf []byte, index uint64) interface{} {
|
2019-03-20 23:13:13 +00:00
|
|
|
req := structs.ConfigEntryRequest{
|
|
|
|
Entry: &structs.ProxyConfigEntry{},
|
|
|
|
}
|
2019-03-19 22:56:17 +00:00
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
2019-03-20 23:13:13 +00:00
|
|
|
|
2019-03-19 22:56:17 +00:00
|
|
|
switch req.Op {
|
2019-04-29 22:08:09 +00:00
|
|
|
case structs.ConfigEntryUpsertCAS:
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "config_entry", req.Entry.GetKind()}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
2021-02-03 23:10:38 +00:00
|
|
|
updated, err := c.state.EnsureConfigEntryCAS(index, req.Entry.GetRaftIndex().ModifyIndex, req.Entry)
|
2019-04-29 22:08:09 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return updated
|
2019-03-19 22:56:17 +00:00
|
|
|
case structs.ConfigEntryUpsert:
|
2019-03-20 23:13:13 +00:00
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "config_entry", req.Entry.GetKind()}, time.Now(),
|
2019-03-19 22:56:17 +00:00
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
2021-02-03 23:10:38 +00:00
|
|
|
if err := c.state.EnsureConfigEntry(index, req.Entry); err != nil {
|
2019-04-30 23:27:16 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return true
|
2023-01-27 19:34:11 +00:00
|
|
|
case structs.ConfigEntryUpsertWithStatusCAS:
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "config_entry", req.Entry.GetKind()}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert_with_status"}})
|
|
|
|
updated, err := c.state.EnsureConfigEntryWithStatusCAS(index, req.Entry.GetRaftIndex().ModifyIndex, req.Entry)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return updated
|
2021-11-01 16:42:01 +00:00
|
|
|
case structs.ConfigEntryDeleteCAS:
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "config_entry", req.Entry.GetKind()}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
deleted, err := c.state.DeleteConfigEntryCAS(index, req.Entry.GetRaftIndex().ModifyIndex, req.Entry)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return deleted
|
2019-03-19 22:56:17 +00:00
|
|
|
case structs.ConfigEntryDelete:
|
2019-03-20 23:13:13 +00:00
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "config_entry", req.Entry.GetKind()}, time.Now(),
|
2019-03-19 22:56:17 +00:00
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
2020-01-24 15:04:58 +00:00
|
|
|
return c.state.DeleteConfigEntry(index, req.Entry.GetKind(), req.Entry.GetName(), req.Entry.GetEnterpriseMeta())
|
2019-03-19 22:56:17 +00:00
|
|
|
default:
|
|
|
|
return fmt.Errorf("invalid config entry operation type: %v", req.Op)
|
|
|
|
}
|
|
|
|
}
|
2019-04-15 20:43:19 +00:00
|
|
|
|
|
|
|
func (c *FSM) applyACLRoleSetOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLRoleBatchSetRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "role"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
|
|
|
|
2019-05-02 20:02:21 +00:00
|
|
|
return c.state.ACLRoleBatchSet(index, req.Roles, req.AllowMissingLinks)
|
2019-04-15 20:43:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyACLRoleDeleteOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLRoleBatchDeleteRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "role"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
|
|
|
|
return c.state.ACLRoleBatchDelete(index, req.RoleIDs)
|
|
|
|
}
|
2019-04-26 17:49:28 +00:00
|
|
|
|
|
|
|
func (c *FSM) applyACLBindingRuleSetOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLBindingRuleBatchSetRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "bindingrule"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
|
|
|
|
|
|
|
return c.state.ACLBindingRuleBatchSet(index, req.BindingRules)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyACLBindingRuleDeleteOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLBindingRuleBatchDeleteRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "bindingrule"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
|
|
|
|
return c.state.ACLBindingRuleBatchDelete(index, req.BindingRuleIDs)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyACLAuthMethodSetOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLAuthMethodBatchSetRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "authmethod"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
|
|
|
|
|
|
|
return c.state.ACLAuthMethodBatchSet(index, req.AuthMethods)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyACLAuthMethodDeleteOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLAuthMethodBatchDeleteRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "authmethod"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
|
2019-10-24 18:38:09 +00:00
|
|
|
return c.state.ACLAuthMethodBatchDelete(index, req.AuthMethodNames, &req.EnterpriseMeta)
|
2019-04-26 17:49:28 +00:00
|
|
|
}
|
2020-03-09 20:59:02 +00:00
|
|
|
|
|
|
|
func (c *FSM) applyFederationStateOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.FederationStateRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
switch req.Op {
|
|
|
|
case structs.FederationStateUpsert:
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "federation_state", req.State.Datacenter}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
|
|
|
if err := c.state.FederationStateSet(index, req.State); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
case structs.FederationStateDelete:
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "federation_state", req.State.Datacenter}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
return c.state.FederationStateDelete(index, req.State.Datacenter)
|
|
|
|
default:
|
|
|
|
return fmt.Errorf("invalid federation state operation type: %v", req.Op)
|
|
|
|
}
|
|
|
|
}
|
2020-10-06 15:08:37 +00:00
|
|
|
|
|
|
|
func (c *FSM) applySystemMetadataOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.SystemMetadataRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
switch req.Op {
|
|
|
|
case structs.SystemMetadataUpsert:
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "system_metadata"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
|
|
|
if err := c.state.SystemMetadataSet(index, req.Entry); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
case structs.SystemMetadataDelete:
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "system_metadata"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
return c.state.SystemMetadataDelete(index, req.Entry)
|
|
|
|
default:
|
|
|
|
return fmt.Errorf("invalid system metadata operation type: %v", req.Op)
|
|
|
|
}
|
|
|
|
}
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
|
|
|
|
func (c *FSM) applyPeeringWrite(buf []byte, index uint64) interface{} {
|
|
|
|
var req pbpeering.PeeringWriteRequest
|
|
|
|
if err := structs.DecodeProto(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode peering write request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "peering"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "write"}})
|
|
|
|
|
2022-08-01 14:33:18 +00:00
|
|
|
return c.state.PeeringWrite(index, &req)
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyPeeringDelete(buf []byte, index uint64) interface{} {
|
|
|
|
var req pbpeering.PeeringDeleteRequest
|
|
|
|
if err := structs.DecodeProto(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode peering delete request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "peering"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
|
|
|
|
q := state.Query{
|
|
|
|
Value: req.Name,
|
|
|
|
EnterpriseMeta: *structs.NodeEnterpriseMetaInPartition(req.Partition),
|
|
|
|
}
|
|
|
|
return c.state.PeeringDelete(index, q)
|
|
|
|
}
|
|
|
|
|
2022-08-01 14:33:18 +00:00
|
|
|
func (c *FSM) applyPeeringSecretsWrite(buf []byte, index uint64) interface{} {
|
2022-08-08 07:41:00 +00:00
|
|
|
var req pbpeering.SecretsWriteRequest
|
2022-08-01 14:33:18 +00:00
|
|
|
if err := structs.DecodeProto(buf, &req); err != nil {
|
2022-08-08 07:41:00 +00:00
|
|
|
panic(fmt.Errorf("failed to decode peering secrets write request: %v", err))
|
2022-08-01 14:33:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "peering_secrets"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "write"}})
|
|
|
|
|
|
|
|
return c.state.PeeringSecretsWrite(index, &req)
|
|
|
|
}
|
|
|
|
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
func (c *FSM) applyPeeringTerminate(buf []byte, index uint64) interface{} {
|
|
|
|
var req pbpeering.PeeringTerminateByIDRequest
|
|
|
|
if err := structs.DecodeProto(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode peering delete request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "peering"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "terminate"}})
|
|
|
|
|
|
|
|
return c.state.PeeringTerminateByID(index, req.ID)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyPeeringTrustBundleWrite(buf []byte, index uint64) interface{} {
|
|
|
|
var req pbpeering.PeeringTrustBundleWriteRequest
|
|
|
|
if err := structs.DecodeProto(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode peering trust bundle write request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "peering_trust_bundle"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "write"}})
|
|
|
|
|
|
|
|
return c.state.PeeringTrustBundleWrite(index, req.PeeringTrustBundle)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyPeeringTrustBundleDelete(buf []byte, index uint64) interface{} {
|
|
|
|
var req pbpeering.PeeringTrustBundleDeleteRequest
|
|
|
|
if err := structs.DecodeProto(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode peering trust bundle delete request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "peering_trust_bundle"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
|
|
|
|
q := state.Query{
|
|
|
|
Value: req.Name,
|
|
|
|
EnterpriseMeta: *structs.NodeEnterpriseMetaInPartition(req.Partition),
|
|
|
|
}
|
|
|
|
return c.state.PeeringTrustBundleDelete(index, q)
|
|
|
|
}
|