2023-03-28 18:39:22 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2022-06-01 15:18:06 +00:00
|
|
|
package proxycfgglue
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
|
2022-09-01 14:45:07 +00:00
|
|
|
"github.com/hashicorp/go-hclog"
|
2022-07-01 15:18:33 +00:00
|
|
|
"github.com/hashicorp/go-memdb"
|
|
|
|
|
2023-02-17 21:14:46 +00:00
|
|
|
"github.com/hashicorp/consul/proto/private/pbpeering"
|
2022-09-01 14:45:07 +00:00
|
|
|
|
2022-07-01 15:18:33 +00:00
|
|
|
"github.com/hashicorp/consul/acl"
|
2022-06-01 15:18:06 +00:00
|
|
|
"github.com/hashicorp/consul/agent/cache"
|
|
|
|
cachetype "github.com/hashicorp/consul/agent/cache-types"
|
2022-07-12 10:34:14 +00:00
|
|
|
"github.com/hashicorp/consul/agent/configentry"
|
|
|
|
"github.com/hashicorp/consul/agent/consul/discoverychain"
|
2022-07-12 10:39:27 +00:00
|
|
|
"github.com/hashicorp/consul/agent/consul/state"
|
2022-09-01 14:45:07 +00:00
|
|
|
"github.com/hashicorp/consul/agent/consul/stream"
|
2022-07-01 15:18:33 +00:00
|
|
|
"github.com/hashicorp/consul/agent/consul/watch"
|
2022-06-01 15:18:06 +00:00
|
|
|
"github.com/hashicorp/consul/agent/proxycfg"
|
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
2022-09-01 14:45:07 +00:00
|
|
|
"github.com/hashicorp/consul/agent/submatview"
|
2022-06-01 15:18:06 +00:00
|
|
|
)
|
|
|
|
|
2022-09-01 14:45:07 +00:00
|
|
|
// ServerDataSourceDeps contains the dependencies needed for sourcing data from
|
|
|
|
// server-local sources (e.g. materialized views).
|
|
|
|
type ServerDataSourceDeps struct {
|
|
|
|
Datacenter string
|
|
|
|
ViewStore *submatview.Store
|
|
|
|
EventPublisher *stream.EventPublisher
|
|
|
|
Logger hclog.Logger
|
|
|
|
ACLResolver submatview.ACLResolver
|
|
|
|
GetStore func() Store
|
|
|
|
}
|
|
|
|
|
2022-07-01 15:18:33 +00:00
|
|
|
// Store is the state store interface required for server-local data sources.
|
|
|
|
type Store interface {
|
|
|
|
watch.StateStore
|
|
|
|
|
2022-10-07 21:45:49 +00:00
|
|
|
ExportedServicesForAllPeersByName(ws memdb.WatchSet, dc string, entMeta acl.EnterpriseMeta) (uint64, map[string]structs.ServiceList, error)
|
2022-07-12 10:43:42 +00:00
|
|
|
FederationStateList(ws memdb.WatchSet) (uint64, []*structs.FederationState, error)
|
2022-07-12 10:41:29 +00:00
|
|
|
GatewayServices(ws memdb.WatchSet, gateway string, entMeta *acl.EnterpriseMeta) (uint64, structs.GatewayServices, error)
|
2023-04-20 16:16:04 +00:00
|
|
|
IntentionMatchOne(ws memdb.WatchSet, entry structs.IntentionMatchEntry, matchType structs.IntentionMatchType, destinationType structs.IntentionTargetType) (uint64, structs.SimplifiedIntentions, error)
|
2022-07-01 15:18:33 +00:00
|
|
|
IntentionTopology(ws memdb.WatchSet, target structs.ServiceName, downstreams bool, defaultDecision acl.EnforcementDecision, intentionTarget structs.IntentionTargetType) (uint64, structs.ServiceList, error)
|
2022-09-01 14:45:07 +00:00
|
|
|
ReadResolvedServiceConfigEntries(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, upstreamIDs []structs.ServiceID, proxyMode structs.ProxyMode) (uint64, *configentry.ResolvedServiceConfigSet, error)
|
2022-07-12 10:34:14 +00:00
|
|
|
ServiceDiscoveryChain(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, req discoverychain.CompileRequest) (uint64, *structs.CompiledDiscoveryChain, *configentry.DiscoveryChainSet, error)
|
2022-09-01 14:46:30 +00:00
|
|
|
ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind bool, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error)
|
2022-09-26 16:50:17 +00:00
|
|
|
PeeringList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.Peering, error)
|
2022-07-12 10:39:27 +00:00
|
|
|
PeeringTrustBundleRead(ws memdb.WatchSet, q state.Query) (uint64, *pbpeering.PeeringTrustBundle, error)
|
|
|
|
PeeringTrustBundleList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error)
|
|
|
|
TrustBundleListByService(ws memdb.WatchSet, service, dc string, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error)
|
2022-07-21 12:38:28 +00:00
|
|
|
VirtualIPsForAllImportedServices(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []state.ServiceVirtualIP, error)
|
2022-07-01 15:18:33 +00:00
|
|
|
}
|
|
|
|
|
2022-06-01 15:18:06 +00:00
|
|
|
// CacheCARoots satisfies the proxycfg.CARoots interface by sourcing data from
|
|
|
|
// the agent cache.
|
2022-09-01 14:45:07 +00:00
|
|
|
//
|
|
|
|
// Note: there isn't a server-local equivalent of this data source because
|
|
|
|
// "agentless" proxies obtain certificates via SDS served by consul-dataplane.
|
2022-10-12 14:49:56 +00:00
|
|
|
// If SDS is not supported on consul-dataplane, data is sourced from the server agent cache
|
|
|
|
// even for "agentless" proxies.
|
2022-06-01 15:18:06 +00:00
|
|
|
func CacheCARoots(c *cache.Cache) proxycfg.CARoots {
|
|
|
|
return &cacheProxyDataSource[*structs.DCSpecificRequest]{c, cachetype.ConnectCARootName}
|
|
|
|
}
|
|
|
|
|
|
|
|
// CacheDatacenters satisfies the proxycfg.Datacenters interface by sourcing
|
|
|
|
// data from the agent cache.
|
2022-09-01 14:45:07 +00:00
|
|
|
//
|
|
|
|
// Note: there isn't a server-local equivalent of this data source because it
|
|
|
|
// relies on polling (so a more efficient method isn't available).
|
2022-06-01 15:18:06 +00:00
|
|
|
func CacheDatacenters(c *cache.Cache) proxycfg.Datacenters {
|
|
|
|
return &cacheProxyDataSource[*structs.DatacentersRequest]{c, cachetype.CatalogDatacentersName}
|
|
|
|
}
|
|
|
|
|
2022-07-14 18:45:51 +00:00
|
|
|
// CacheServiceGateways satisfies the proxycfg.ServiceGateways interface by
|
|
|
|
// sourcing data from the agent cache.
|
|
|
|
func CacheServiceGateways(c *cache.Cache) proxycfg.GatewayServices {
|
|
|
|
return &cacheProxyDataSource[*structs.ServiceSpecificRequest]{c, cachetype.ServiceGatewaysName}
|
|
|
|
}
|
|
|
|
|
2022-06-01 15:18:06 +00:00
|
|
|
// CacheLeafCertificate satisifies the proxycfg.LeafCertificate interface by
|
|
|
|
// sourcing data from the agent cache.
|
2022-09-01 14:45:07 +00:00
|
|
|
//
|
|
|
|
// Note: there isn't a server-local equivalent of this data source because
|
|
|
|
// "agentless" proxies obtain certificates via SDS served by consul-dataplane.
|
2022-10-12 14:49:56 +00:00
|
|
|
// If SDS is not supported on consul-dataplane, data is sourced from the server agent cache
|
|
|
|
// even for "agentless" proxies.
|
2022-06-01 15:18:06 +00:00
|
|
|
func CacheLeafCertificate(c *cache.Cache) proxycfg.LeafCertificate {
|
|
|
|
return &cacheProxyDataSource[*cachetype.ConnectCALeafRequest]{c, cachetype.ConnectCALeafName}
|
|
|
|
}
|
|
|
|
|
|
|
|
// CachePrepraredQuery satisfies the proxycfg.PreparedQuery interface by
|
|
|
|
// sourcing data from the agent cache.
|
2022-09-01 14:45:07 +00:00
|
|
|
//
|
|
|
|
// Note: there isn't a server-local equivalent of this data source because it
|
|
|
|
// relies on polling (so a more efficient method isn't available).
|
2022-06-01 15:18:06 +00:00
|
|
|
func CachePrepraredQuery(c *cache.Cache) proxycfg.PreparedQuery {
|
|
|
|
return &cacheProxyDataSource[*structs.PreparedQueryExecuteRequest]{c, cachetype.PreparedQueryName}
|
|
|
|
}
|
|
|
|
|
|
|
|
// cacheProxyDataSource implements a generic wrapper around the agent cache to
|
|
|
|
// provide data to the proxycfg.Manager.
|
|
|
|
type cacheProxyDataSource[ReqType cache.Request] struct {
|
|
|
|
c *cache.Cache
|
|
|
|
t string
|
|
|
|
}
|
|
|
|
|
|
|
|
// Notify satisfies the interfaces used by proxycfg.Manager to source data by
|
|
|
|
// subscribing to notifications from the agent cache.
|
|
|
|
func (c *cacheProxyDataSource[ReqType]) Notify(
|
|
|
|
ctx context.Context,
|
|
|
|
req ReqType,
|
|
|
|
correlationID string,
|
|
|
|
ch chan<- proxycfg.UpdateEvent,
|
|
|
|
) error {
|
2022-07-01 15:18:33 +00:00
|
|
|
return c.c.NotifyCallback(ctx, c.t, req, correlationID, dispatchCacheUpdate(ch))
|
2022-06-01 15:18:06 +00:00
|
|
|
}
|
|
|
|
|
2022-07-01 15:18:33 +00:00
|
|
|
func dispatchCacheUpdate(ch chan<- proxycfg.UpdateEvent) cache.Callback {
|
2022-06-01 15:18:06 +00:00
|
|
|
return func(ctx context.Context, e cache.UpdateEvent) {
|
|
|
|
select {
|
2022-08-11 09:19:36 +00:00
|
|
|
case ch <- newUpdateEvent(e.CorrelationID, e.Result, e.Err):
|
2022-06-01 15:18:06 +00:00
|
|
|
case <-ctx.Done():
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2022-08-11 09:19:36 +00:00
|
|
|
|
2022-09-01 14:47:06 +00:00
|
|
|
func dispatchBlockingQueryUpdate[ResultType any](ch chan<- proxycfg.UpdateEvent) func(context.Context, string, ResultType, error) {
|
|
|
|
return func(ctx context.Context, correlationID string, result ResultType, err error) {
|
|
|
|
select {
|
|
|
|
case ch <- newUpdateEvent(correlationID, result, err):
|
|
|
|
case <-ctx.Done():
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-08-11 09:19:36 +00:00
|
|
|
func newUpdateEvent(correlationID string, result any, err error) proxycfg.UpdateEvent {
|
|
|
|
// This roughly matches the logic in agent/submatview.LocalMaterializer.isTerminalError.
|
|
|
|
if acl.IsErrNotFound(err) {
|
|
|
|
err = proxycfg.TerminalError(err)
|
|
|
|
}
|
|
|
|
return proxycfg.UpdateEvent{
|
|
|
|
CorrelationID: correlationID,
|
|
|
|
Result: result,
|
|
|
|
Err: err,
|
|
|
|
}
|
|
|
|
}
|