2017-04-27 18:49:43 +00:00
|
|
|
SHELL = bash
|
2016-05-07 20:02:12 +00:00
|
|
|
GOTOOLS = \
|
2019-04-10 17:09:02 +00:00
|
|
|
github.com/elazarl/go-bindata-assetfs/go-bindata-assetfs \
|
|
|
|
github.com/hashicorp/go-bindata/go-bindata \
|
2016-05-07 20:02:12 +00:00
|
|
|
github.com/mitchellh/gox \
|
|
|
|
golang.org/x/tools/cmd/cover \
|
2017-06-29 10:55:01 +00:00
|
|
|
golang.org/x/tools/cmd/stringer \
|
CA Provider Plugins (#4751)
This adds the `agent/connect/ca/plugin` library for consuming/serving Connect CA providers as [go-plugin](https://github.com/hashicorp/go-plugin) plugins. This **does not** wire this up in any way to Consul itself, so this will not enable using these plugins yet.
## Why?
We want to enable CA providers to be pluggable without modifying Consul so that any CA or PKI system can potentially back the Connect certificates. This CA system may also be used in the future for easier bootstrapping and internal cluster security.
### go-plugin
The benefit of `go-plugin` is that for the plugin consumer, the fact that the interface implementation is communicating over multi-process RPC is invisible. Internals of Consul will continue to just use `ca.Provider` interface implementations as if they're local. For plugin _authors_, they simply have to implement the interface. The network/transport/process management issues are handled by go-plugin itself.
The CA provider plugins support both `net/rpc` and gRPC transports. This enables easy authoring in any language. go-plugin handles the actual protocol handshake and connection. This is just a feature of go-plugin.
`go-plugin` is already in production use for years by Packer, Terraform, Nomad, Vault, and Sentinel. We've shown stability for both desktop and server-side software. It is very mature.
## Implementation Details
### `map[string]interface{}`
The `Configure` method passes a `map[string]interface{}`. This map contains only Go primitives and containers of primitives (no funcs, chans, etc.). For `net/rpc` we encode as-is using Gob. For gRPC we marshal to JSON and transmit as a `bytes` type. This is the same approach we take with Vault and other software.
Note that this is just the transport protocol, the end software views it fully decoded.
### `x509.Certificate` and `CertificateRequest`
We transmit the raw ASN.1 bytes and decode on the other side. Unit tests are verifying we get the same cert/csrs across the wire.
### Testing
`go-plugin` exposes test helpers that enable testing the full plugin RPC over real loopback network connections. We test all endpoints for success and error for both `net/rpc` and gRPC.
### Vendoring
This PR doesn't introduce vendoring for two reasons:
1. @banks's `f-envoy` branch introduces a lot of these and I didn't want conflict.
2. The library isn't actually used yet so it doesn't introduce compile-time errors (it does introduce test errors).
## Next Steps
With this in place, we need to figure out the proper way to actually hook these up to Consul, load them, etc. This discussion can happen elsewhere, since regardless of approach this plugin library implementation is the exact same.
2019-01-07 17:48:44 +00:00
|
|
|
github.com/gogo/protobuf/protoc-gen-gofast \
|
|
|
|
github.com/vektra/mockery/cmd/mockery
|
2017-06-29 12:50:47 +00:00
|
|
|
|
2017-08-30 11:25:14 +00:00
|
|
|
GOTAGS ?=
|
2019-04-26 16:33:01 +00:00
|
|
|
GOMODULES ?= ./... ./api/... ./sdk/...
|
|
|
|
GOFILES ?= $(shell go list $(GOMODULES) | grep -v /vendor/)
|
2018-02-21 12:53:35 +00:00
|
|
|
ifeq ($(origin GOTEST_PKGS_EXCLUDE), undefined)
|
2019-04-26 16:33:01 +00:00
|
|
|
GOTEST_PKGS ?= $(GOMODULES)
|
2018-02-21 12:53:35 +00:00
|
|
|
else
|
2019-04-26 16:33:01 +00:00
|
|
|
GOTEST_PKGS=$(shell go list $(GOMODULES) | sed 's/github.com\/hashicorp\/consul/./' | egrep -v "^($(GOTEST_PKGS_EXCLUDE))$$")
|
2018-02-21 12:53:35 +00:00
|
|
|
endif
|
2018-06-19 14:49:07 +00:00
|
|
|
GOOS?=$(shell go env GOOS)
|
|
|
|
GOARCH?=$(shell go env GOARCH)
|
2018-01-04 19:38:20 +00:00
|
|
|
GOPATH=$(shell go env GOPATH)
|
2017-04-18 22:03:51 +00:00
|
|
|
|
2018-06-08 14:20:54 +00:00
|
|
|
ASSETFS_PATH?=agent/bindata_assetfs.go
|
2017-04-18 22:03:51 +00:00
|
|
|
# Get the git commit
|
2018-06-08 14:20:54 +00:00
|
|
|
GIT_COMMIT?=$(shell git rev-parse --short HEAD)
|
|
|
|
GIT_DIRTY?=$(shell test -n "`git status --porcelain`" && echo "+CHANGES" || true)
|
2019-04-10 11:54:03 +00:00
|
|
|
GIT_DESCRIBE?=$(shell git describe --tags --always --match "v*")
|
2017-04-18 22:03:51 +00:00
|
|
|
GIT_IMPORT=github.com/hashicorp/consul/version
|
|
|
|
GOLDFLAGS=-X $(GIT_IMPORT).GitCommit=$(GIT_COMMIT)$(GIT_DIRTY) -X $(GIT_IMPORT).GitDescribe=$(GIT_DESCRIBE)
|
|
|
|
|
2018-06-15 01:25:59 +00:00
|
|
|
ifeq ($(FORCE_REBUILD),1)
|
|
|
|
NOCACHE=--no-cache
|
|
|
|
else
|
|
|
|
NOCACHE=
|
|
|
|
endif
|
|
|
|
|
|
|
|
DOCKER_BUILD_QUIET?=1
|
|
|
|
ifeq (${DOCKER_BUILD_QUIET},1)
|
|
|
|
QUIET=-q
|
|
|
|
else
|
|
|
|
QUIET=
|
|
|
|
endif
|
|
|
|
|
|
|
|
CONSUL_DEV_IMAGE?=consul-dev
|
2018-06-08 14:20:54 +00:00
|
|
|
GO_BUILD_TAG?=consul-build-go
|
|
|
|
UI_BUILD_TAG?=consul-build-ui
|
|
|
|
BUILD_CONTAINER_NAME?=consul-builder
|
2019-04-12 19:17:13 +00:00
|
|
|
CONSUL_IMAGE_VERSION?=latest
|
2018-06-08 14:20:54 +00:00
|
|
|
|
2019-07-25 13:19:09 +00:00
|
|
|
################
|
|
|
|
# CI Variables #
|
|
|
|
################
|
|
|
|
CI_DEV_DOCKER_NAMESPACE?=hashicorpdev
|
|
|
|
CI_DEV_DOCKER_IMAGE_NAME?=consul
|
|
|
|
CI_DEV_DOCKER_WORKDIR?=bin/
|
|
|
|
################
|
|
|
|
|
2018-06-12 20:55:52 +00:00
|
|
|
DIST_TAG?=1
|
|
|
|
DIST_BUILD?=1
|
|
|
|
DIST_SIGN?=1
|
|
|
|
|
2018-06-15 01:25:59 +00:00
|
|
|
ifdef DIST_VERSION
|
2018-06-18 18:36:24 +00:00
|
|
|
DIST_VERSION_ARG=-v "$(DIST_VERSION)"
|
2018-06-15 01:25:59 +00:00
|
|
|
else
|
|
|
|
DIST_VERSION_ARG=
|
|
|
|
endif
|
|
|
|
|
|
|
|
ifdef DIST_RELEASE_DATE
|
2018-06-18 18:36:24 +00:00
|
|
|
DIST_DATE_ARG=-d "$(DIST_RELEASE_DATE)"
|
2018-06-15 01:25:59 +00:00
|
|
|
else
|
|
|
|
DIST_DATE_ARG=
|
|
|
|
endif
|
|
|
|
|
2018-06-18 21:01:20 +00:00
|
|
|
ifdef DIST_PRERELEASE
|
|
|
|
DIST_REL_ARG=-r "$(DIST_PRERELEASE)"
|
|
|
|
else
|
|
|
|
DIST_REL_ARG=
|
|
|
|
endif
|
|
|
|
|
2018-06-15 19:23:26 +00:00
|
|
|
PUB_GIT?=1
|
|
|
|
PUB_WEBSITE?=1
|
|
|
|
|
|
|
|
ifeq ($(PUB_GIT),1)
|
|
|
|
PUB_GIT_ARG=-g
|
|
|
|
else
|
|
|
|
PUB_GIT_ARG=
|
|
|
|
endif
|
|
|
|
|
|
|
|
ifeq ($(PUB_WEBSITE),1)
|
2018-06-26 18:08:10 +00:00
|
|
|
PUB_WEBSITE_ARG=-w
|
2018-06-15 19:23:26 +00:00
|
|
|
else
|
|
|
|
PUB_WEBSITE_ARG=
|
|
|
|
endif
|
|
|
|
|
2018-06-26 18:26:23 +00:00
|
|
|
NOGOX?=1
|
|
|
|
|
|
|
|
export NOGOX
|
2018-06-08 14:20:54 +00:00
|
|
|
export GO_BUILD_TAG
|
|
|
|
export UI_BUILD_TAG
|
|
|
|
export BUILD_CONTAINER_NAME
|
|
|
|
export GIT_COMMIT
|
|
|
|
export GIT_DIRTY
|
|
|
|
export GIT_DESCRIBE
|
|
|
|
export GOTAGS
|
2017-04-18 22:03:51 +00:00
|
|
|
export GOLDFLAGS
|
2013-12-06 23:43:07 +00:00
|
|
|
|
2019-04-29 16:27:57 +00:00
|
|
|
# Allow skipping docker build during integration tests in CI since we already
|
|
|
|
# have a built binary
|
|
|
|
ENVOY_INTEG_DEPS?=dev-docker
|
|
|
|
ifdef SKIP_DOCKER_BUILD
|
|
|
|
ENVOY_INTEG_DEPS=noop
|
|
|
|
endif
|
2018-06-26 18:26:23 +00:00
|
|
|
|
2018-06-26 15:46:37 +00:00
|
|
|
DEV_PUSH?=0
|
|
|
|
ifeq ($(DEV_PUSH),1)
|
|
|
|
DEV_PUSH_ARG=
|
|
|
|
else
|
|
|
|
DEV_PUSH_ARG=--no-push
|
|
|
|
endif
|
|
|
|
|
2016-02-18 04:36:48 +00:00
|
|
|
# all builds binaries for all targets
|
2016-10-25 20:49:57 +00:00
|
|
|
all: bin
|
|
|
|
|
2019-04-29 16:27:57 +00:00
|
|
|
# used to make integration dependencies conditional
|
|
|
|
noop: ;
|
|
|
|
|
2018-06-27 18:25:49 +00:00
|
|
|
bin: tools
|
|
|
|
@$(SHELL) $(CURDIR)/build-support/scripts/build-local.sh
|
2015-10-22 18:16:01 +00:00
|
|
|
|
2015-10-22 19:00:35 +00:00
|
|
|
# dev creates binaries for testing locally - these are put into ./bin and $GOPATH
|
2019-04-01 14:55:48 +00:00
|
|
|
dev: changelogfmt dev-build
|
2017-07-18 07:22:49 +00:00
|
|
|
|
|
|
|
dev-build:
|
2018-06-19 14:49:07 +00:00
|
|
|
@$(SHELL) $(CURDIR)/build-support/scripts/build-local.sh -o $(GOOS) -a $(GOARCH)
|
2018-06-15 01:25:59 +00:00
|
|
|
|
2019-04-12 19:17:13 +00:00
|
|
|
dev-docker: linux
|
|
|
|
@echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)"
|
|
|
|
@docker pull consul:$(CONSUL_IMAGE_VERSION) >/dev/null
|
|
|
|
@echo "Building Consul Development container - $(CONSUL_DEV_IMAGE)"
|
|
|
|
@docker build $(NOCACHE) $(QUIET) -t '$(CONSUL_DEV_IMAGE)' --build-arg CONSUL_IMAGE_VERSION=$(CONSUL_IMAGE_VERSION) $(CURDIR)/pkg/bin/linux_amd64 -f $(CURDIR)/build-support/docker/Consul-Dev.dockerfile
|
2015-10-22 18:16:01 +00:00
|
|
|
|
2019-07-25 13:19:09 +00:00
|
|
|
# In CircleCI, the linux binary will be attached from a previous step at bin/. This make target
|
|
|
|
# should only run in CI and not locally.
|
|
|
|
ci.dev-docker:
|
|
|
|
@echo "Pulling consul container image - $(CONSUL_IMAGE_VERSION)"
|
|
|
|
@docker pull consul:$(CONSUL_IMAGE_VERSION) >/dev/null
|
|
|
|
@echo "Building Consul Development container - $(CI_DEV_DOCKER_IMAGE_NAME)"
|
|
|
|
@docker build $(NOCACHE) $(QUIET) -t '$(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):$(GIT_COMMIT)' \
|
|
|
|
--build-arg CONSUL_IMAGE_VERSION=$(CONSUL_IMAGE_VERSION) \
|
|
|
|
--label COMMIT_SHA=$(CIRCLE_SHA1) \
|
|
|
|
--label PULL_REQUEST=$(CIRCLE_PULL_REQUEST) \
|
|
|
|
--label CIRCLE_BUILD_URL=$(CIRCLE_BUILD_URL) \
|
|
|
|
$(CI_DEV_DOCKER_WORKDIR) -f $(CURDIR)/build-support/docker/Consul-Dev.dockerfile
|
|
|
|
@echo $(DOCKER_PASS) | docker login -u="$(DOCKER_LOGIN)" --password-stdin
|
|
|
|
@echo "Pushing dev image to: https://cloud.docker.com/u/hashicorpdev/repository/docker/hashicorpdev/consul"
|
|
|
|
@docker push $(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):$(GIT_COMMIT)
|
|
|
|
ifeq ($(CIRCLE_BRANCH), master)
|
|
|
|
@docker tag $(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):$(GIT_COMMIT) $(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):latest
|
|
|
|
@docker push $(CI_DEV_DOCKER_NAMESPACE)/$(CI_DEV_DOCKER_IMAGE_NAME):latest
|
|
|
|
endif
|
|
|
|
|
2017-10-04 18:56:28 +00:00
|
|
|
changelogfmt:
|
|
|
|
@echo "--> Making [GH-xxxx] references clickable..."
|
|
|
|
@sed -E 's|([^\[])\[GH-([0-9]+)\]|\1[[GH-\2](https://github.com/hashicorp/consul/issues/\2)]|g' CHANGELOG.md > changelog.tmp && mv changelog.tmp CHANGELOG.md
|
|
|
|
|
2017-06-28 14:48:00 +00:00
|
|
|
# linux builds a linux package independent of the source platform
|
2017-05-04 11:31:56 +00:00
|
|
|
linux:
|
2018-06-15 01:25:59 +00:00
|
|
|
@$(SHELL) $(CURDIR)/build-support/scripts/build-local.sh -o linux -a amd64
|
2017-05-04 11:31:56 +00:00
|
|
|
|
2016-02-18 04:36:48 +00:00
|
|
|
# dist builds binaries for all platforms and packages them for distribution
|
|
|
|
dist:
|
2018-06-18 21:01:20 +00:00
|
|
|
@$(SHELL) $(CURDIR)/build-support/scripts/release.sh -t '$(DIST_TAG)' -b '$(DIST_BUILD)' -S '$(DIST_SIGN)' $(DIST_VERSION_ARG) $(DIST_DATE_ARG) $(DIST_REL_ARG)
|
2018-06-26 16:08:33 +00:00
|
|
|
|
|
|
|
verify:
|
2018-10-19 16:04:07 +00:00
|
|
|
@$(SHELL) $(CURDIR)/build-support/scripts/verify.sh
|
2018-06-26 16:08:33 +00:00
|
|
|
|
2018-06-13 19:10:02 +00:00
|
|
|
publish:
|
2018-06-18 18:36:24 +00:00
|
|
|
@$(SHELL) $(CURDIR)/build-support/scripts/publish.sh $(PUB_GIT_ARG) $(PUB_WEBSITE_ARG)
|
2015-10-22 18:16:01 +00:00
|
|
|
|
2018-06-15 12:00:12 +00:00
|
|
|
dev-tree:
|
2018-06-26 15:46:37 +00:00
|
|
|
@$(SHELL) $(CURDIR)/build-support/scripts/dev.sh $(DEV_PUSH_ARG)
|
2018-06-15 12:00:12 +00:00
|
|
|
|
2013-12-06 23:43:07 +00:00
|
|
|
cov:
|
2019-04-26 16:33:01 +00:00
|
|
|
go test $(GOMODULES) -coverprofile=coverage.out
|
2019-04-09 20:05:52 +00:00
|
|
|
go tool cover -html=coverage.out
|
2013-12-06 23:43:07 +00:00
|
|
|
|
2018-07-24 14:12:48 +00:00
|
|
|
test: other-consul dev-build vet test-install-deps test-internal
|
|
|
|
|
|
|
|
test-install-deps:
|
|
|
|
go test -tags '$(GOTAGS)' -i $(GOTEST_PKGS)
|
|
|
|
|
2019-04-26 16:33:01 +00:00
|
|
|
update-vendor:
|
|
|
|
@echo "--> Running go mod vendor"
|
|
|
|
@go mod vendor
|
|
|
|
@echo "--> Removing vendoring of our own nested modules"
|
|
|
|
@rm -rf vendor/github.com/hashicorp/consul
|
|
|
|
@grep -v "hashicorp/consul/" < vendor/modules.txt > vendor/modules.txt.new
|
|
|
|
@mv vendor/modules.txt.new vendor/modules.txt
|
|
|
|
|
2018-07-24 14:12:48 +00:00
|
|
|
test-internal:
|
2017-09-25 18:40:42 +00:00
|
|
|
@echo "--> Running go test"
|
|
|
|
@rm -f test.log exit-code
|
2018-02-20 15:32:44 +00:00
|
|
|
@# Dump verbose output to test.log so we can surface test names on failure but
|
|
|
|
@# hide it from travis as it exceeds their log limits and causes job to be
|
|
|
|
@# terminated (over 4MB and over 10k lines in the UI). We need to output
|
|
|
|
@# _something_ to stop them terminating us due to inactivity...
|
2018-09-18 16:47:01 +00:00
|
|
|
{ go test -v $(GOTEST_FLAGS) -tags '$(GOTAGS)' $(GOTEST_PKGS) 2>&1 ; echo $$? > exit-code ; } | tee test.log | egrep '^(ok|FAIL|panic:|--- FAIL|--- PASS)'
|
2018-07-24 14:12:48 +00:00
|
|
|
@echo "Exit code: $$(cat exit-code)"
|
2018-04-19 12:01:20 +00:00
|
|
|
@# This prints all the race report between ====== lines
|
|
|
|
@awk '/^WARNING: DATA RACE/ {do_print=1; print "=================="} do_print==1 {print} /^={10,}/ {do_print=0}' test.log || true
|
2018-04-20 13:24:24 +00:00
|
|
|
@grep -A10 'panic: ' test.log || true
|
2018-04-19 12:01:20 +00:00
|
|
|
@# Prints all the failure output until the next non-indented line - testify
|
2018-04-20 13:24:24 +00:00
|
|
|
@# helpers often output multiple lines for readability but useless if we can't
|
|
|
|
@# see them. Un-intuitive order of matches is necessary. No || true because
|
|
|
|
@# awk always returns true even if there is no match and it breaks non-bash
|
|
|
|
@# shells locally.
|
|
|
|
@awk '/^[^[:space:]]/ {do_print=0} /--- SKIP/ {do_print=1} do_print==1 {print}' test.log
|
|
|
|
@awk '/^[^[:space:]]/ {do_print=0} /--- FAIL/ {do_print=1} do_print==1 {print}' test.log
|
2017-06-29 12:50:47 +00:00
|
|
|
@grep '^FAIL' test.log || true
|
2017-09-25 18:40:42 +00:00
|
|
|
@if [ "$$(cat exit-code)" == "0" ] ; then echo "PASS" ; exit 0 ; else exit 1 ; fi
|
2017-06-29 12:50:47 +00:00
|
|
|
|
|
|
|
test-race:
|
|
|
|
$(MAKE) GOTEST_FLAGS=-race
|
2017-05-22 19:24:38 +00:00
|
|
|
|
2018-07-24 14:12:48 +00:00
|
|
|
# Run tests with config for CI so `make test` can still be local-dev friendly.
|
|
|
|
test-ci: other-consul dev-build vet test-install-deps
|
2018-08-06 23:46:09 +00:00
|
|
|
@ if ! GOTEST_FLAGS="-short -timeout 8m -p 3 -parallel 4" make test-internal; then \
|
2018-07-24 14:12:48 +00:00
|
|
|
echo " ============"; \
|
2018-08-06 23:46:09 +00:00
|
|
|
echo " Retrying 1/2"; \
|
2018-07-24 14:12:48 +00:00
|
|
|
echo " ============"; \
|
2018-09-04 11:27:39 +00:00
|
|
|
if ! GOTEST_FLAGS="-timeout 9m -p 1 -parallel 1" make test-internal; then \
|
2018-08-06 23:46:09 +00:00
|
|
|
echo " ============"; \
|
|
|
|
echo " Retrying 2/2"; \
|
|
|
|
echo " ============"; \
|
|
|
|
GOTEST_FLAGS="-timeout 9m -p 1 -parallel 1" make test-internal; \
|
|
|
|
fi \
|
|
|
|
fi
|
2018-07-24 14:12:48 +00:00
|
|
|
|
2018-09-10 15:44:07 +00:00
|
|
|
test-flake: other-consul vet test-install-deps
|
|
|
|
@$(SHELL) $(CURDIR)/build-support/scripts/test-flake.sh --pkg "$(FLAKE_PKG)" --test "$(FLAKE_TEST)" --cpus "$(FLAKE_CPUS)" --n "$(FLAKE_N)"
|
|
|
|
|
2017-09-25 18:40:42 +00:00
|
|
|
other-consul:
|
|
|
|
@echo "--> Checking for other consul instances"
|
|
|
|
@if ps -ef | grep 'consul agent' | grep -v grep ; then \
|
|
|
|
echo "Found other running consul agents. This may affect your tests." ; \
|
|
|
|
exit 1 ; \
|
|
|
|
fi
|
|
|
|
|
2016-02-13 00:50:37 +00:00
|
|
|
cover:
|
2017-04-26 22:47:57 +00:00
|
|
|
go test $(GOFILES) --cover
|
2013-12-06 23:43:07 +00:00
|
|
|
|
2016-02-13 00:50:37 +00:00
|
|
|
format:
|
2014-05-06 05:45:54 +00:00
|
|
|
@echo "--> Running go fmt"
|
2017-04-26 22:47:57 +00:00
|
|
|
@go fmt $(GOFILES)
|
2014-05-06 05:38:21 +00:00
|
|
|
|
Makefile: add vet target
Add a vet target in order to catch suspicious constructs
reported by go vet.
Vet has successfully detected problems in the past,
for example, see
c9333b1b9b472feb5cad80e2c8276d41b64bde88
Some vet flags are noisy. In particular, the following flags
reports a large amount of generally unharmful constructs:
```
-assign: check for useless assignments
-composites: check that composite literals used field-keyed
elements
-shadow: check for shadowed variables
-shadowstrict: whether to be strict about shadowing
-unreachable: check for unreachable code
```
In order to skip running the flags mentioned above, vet is
invoked on a directory basis with `go tool vet .` since package-
level type-checking with `go vet` doesn't accept flags.
Hence, each file is vetted in isolation, which is weaker than
package-level type-checking. But nevertheless, it might catch
suspicious constructs that pose a real issue.
The vet target runs the following flags on the entire repo:
```
-asmdecl: check assembly against Go declarations
-atomic: check for common mistaken usages of the
sync/atomic package
-bool: check for mistakes involving boolean operators
-buildtags: check that +build tags are valid
-copylocks: check that locks are not passed by value
-methods: check that canonically named methods are canonically
defined
-nilfunc: check for comparisons between functions and nil
-printf: check printf-like invocations
-rangeloops: check that range loop variables are used correctly
-shift: check for useless shifts
-structtags: check that struct field tags have canonical format
and apply to exported fields as needed
-unsafeptr: check for misuse of unsafe.Pointer
```
Now and then, it might make sense to check the output of the
disabled flags manually.
For example, `VETARGS=-unreachable make vet` can detect several
lines of dead code that can be deleted, etc.
2015-01-17 06:44:10 +00:00
|
|
|
vet:
|
2017-03-23 23:06:25 +00:00
|
|
|
@echo "--> Running go vet"
|
2018-02-22 23:57:09 +00:00
|
|
|
@go vet -tags '$(GOTAGS)' $(GOFILES); if [ $$? -eq 1 ]; then \
|
Makefile: add vet target
Add a vet target in order to catch suspicious constructs
reported by go vet.
Vet has successfully detected problems in the past,
for example, see
c9333b1b9b472feb5cad80e2c8276d41b64bde88
Some vet flags are noisy. In particular, the following flags
reports a large amount of generally unharmful constructs:
```
-assign: check for useless assignments
-composites: check that composite literals used field-keyed
elements
-shadow: check for shadowed variables
-shadowstrict: whether to be strict about shadowing
-unreachable: check for unreachable code
```
In order to skip running the flags mentioned above, vet is
invoked on a directory basis with `go tool vet .` since package-
level type-checking with `go vet` doesn't accept flags.
Hence, each file is vetted in isolation, which is weaker than
package-level type-checking. But nevertheless, it might catch
suspicious constructs that pose a real issue.
The vet target runs the following flags on the entire repo:
```
-asmdecl: check assembly against Go declarations
-atomic: check for common mistaken usages of the
sync/atomic package
-bool: check for mistakes involving boolean operators
-buildtags: check that +build tags are valid
-copylocks: check that locks are not passed by value
-methods: check that canonically named methods are canonically
defined
-nilfunc: check for comparisons between functions and nil
-printf: check printf-like invocations
-rangeloops: check that range loop variables are used correctly
-shift: check for useless shifts
-structtags: check that struct field tags have canonical format
and apply to exported fields as needed
-unsafeptr: check for misuse of unsafe.Pointer
```
Now and then, it might make sense to check the output of the
disabled flags manually.
For example, `VETARGS=-unreachable make vet` can detect several
lines of dead code that can be deleted, etc.
2015-01-17 06:44:10 +00:00
|
|
|
echo ""; \
|
|
|
|
echo "Vet found suspicious constructs. Please check the reported constructs"; \
|
2017-03-23 23:06:25 +00:00
|
|
|
echo "and fix them if necessary before submitting the code for review."; \
|
|
|
|
exit 1; \
|
Makefile: add vet target
Add a vet target in order to catch suspicious constructs
reported by go vet.
Vet has successfully detected problems in the past,
for example, see
c9333b1b9b472feb5cad80e2c8276d41b64bde88
Some vet flags are noisy. In particular, the following flags
reports a large amount of generally unharmful constructs:
```
-assign: check for useless assignments
-composites: check that composite literals used field-keyed
elements
-shadow: check for shadowed variables
-shadowstrict: whether to be strict about shadowing
-unreachable: check for unreachable code
```
In order to skip running the flags mentioned above, vet is
invoked on a directory basis with `go tool vet .` since package-
level type-checking with `go vet` doesn't accept flags.
Hence, each file is vetted in isolation, which is weaker than
package-level type-checking. But nevertheless, it might catch
suspicious constructs that pose a real issue.
The vet target runs the following flags on the entire repo:
```
-asmdecl: check assembly against Go declarations
-atomic: check for common mistaken usages of the
sync/atomic package
-bool: check for mistakes involving boolean operators
-buildtags: check that +build tags are valid
-copylocks: check that locks are not passed by value
-methods: check that canonically named methods are canonically
defined
-nilfunc: check for comparisons between functions and nil
-printf: check printf-like invocations
-rangeloops: check that range loop variables are used correctly
-shift: check for useless shifts
-structtags: check that struct field tags have canonical format
and apply to exported fields as needed
-unsafeptr: check for misuse of unsafe.Pointer
```
Now and then, it might make sense to check the output of the
disabled flags manually.
For example, `VETARGS=-unreachable make vet` can detect several
lines of dead code that can be deleted, etc.
2015-01-17 06:44:10 +00:00
|
|
|
fi
|
|
|
|
|
2017-06-21 21:43:07 +00:00
|
|
|
# If you've run "make ui" manually then this will get called for you. This is
|
|
|
|
# also run as part of the release build script when it verifies that there are no
|
|
|
|
# changes to the UI assets that aren't checked in.
|
2016-02-13 00:50:37 +00:00
|
|
|
static-assets:
|
2018-06-08 14:20:54 +00:00
|
|
|
@go-bindata-assetfs -pkg agent -prefix pkg -o $(ASSETFS_PATH) ./pkg/web_ui/...
|
2019-03-29 15:29:27 +00:00
|
|
|
@go fmt $(ASSETFS_PATH)
|
2015-11-30 19:24:08 +00:00
|
|
|
|
2018-06-15 12:00:12 +00:00
|
|
|
|
|
|
|
# Build the static web ui and build static assets inside a Docker container
|
2019-04-12 15:02:27 +00:00
|
|
|
ui: ui-docker static-assets-docker
|
2018-06-15 12:00:12 +00:00
|
|
|
|
2016-02-13 01:09:18 +00:00
|
|
|
tools:
|
|
|
|
go get -u -v $(GOTOOLS)
|
|
|
|
|
2018-06-12 20:55:52 +00:00
|
|
|
version:
|
2018-06-13 19:10:02 +00:00
|
|
|
@echo -n "Version: "
|
2018-06-15 01:25:59 +00:00
|
|
|
@$(SHELL) $(CURDIR)/build-support/scripts/version.sh
|
2018-06-13 19:10:02 +00:00
|
|
|
@echo -n "Version + release: "
|
2018-06-15 01:25:59 +00:00
|
|
|
@$(SHELL) $(CURDIR)/build-support/scripts/version.sh -r
|
2018-06-13 19:10:02 +00:00
|
|
|
@echo -n "Version + git: "
|
2018-06-15 01:25:59 +00:00
|
|
|
@$(SHELL) $(CURDIR)/build-support/scripts/version.sh -g
|
2018-06-13 19:10:02 +00:00
|
|
|
@echo -n "Version + release + git: "
|
2018-06-15 12:00:12 +00:00
|
|
|
@$(SHELL) $(CURDIR)/build-support/scripts/version.sh -r -g
|
2018-10-19 16:04:07 +00:00
|
|
|
|
2018-06-15 01:25:59 +00:00
|
|
|
|
2019-04-12 15:02:27 +00:00
|
|
|
docker-images: go-build-image ui-build-image
|
2018-06-08 14:20:54 +00:00
|
|
|
|
|
|
|
go-build-image:
|
2018-06-15 01:25:59 +00:00
|
|
|
@echo "Building Golang build container"
|
|
|
|
@docker build $(NOCACHE) $(QUIET) --build-arg 'GOTOOLS=$(GOTOOLS)' -t $(GO_BUILD_TAG) - < build-support/docker/Build-Go.dockerfile
|
2018-10-19 16:04:07 +00:00
|
|
|
|
2018-06-08 14:20:54 +00:00
|
|
|
ui-build-image:
|
2018-06-15 01:25:59 +00:00
|
|
|
@echo "Building UI build container"
|
|
|
|
@docker build $(NOCACHE) $(QUIET) -t $(UI_BUILD_TAG) - < build-support/docker/Build-UI.dockerfile
|
2018-10-19 16:04:07 +00:00
|
|
|
|
2018-06-08 14:20:54 +00:00
|
|
|
static-assets-docker: go-build-image
|
2018-06-15 01:25:59 +00:00
|
|
|
@$(SHELL) $(CURDIR)/build-support/scripts/build-docker.sh static-assets
|
2018-10-19 16:04:07 +00:00
|
|
|
|
2018-06-12 20:55:52 +00:00
|
|
|
consul-docker: go-build-image
|
2018-06-15 01:25:59 +00:00
|
|
|
@$(SHELL) $(CURDIR)/build-support/scripts/build-docker.sh consul
|
2018-10-19 16:04:07 +00:00
|
|
|
|
2018-06-08 14:20:54 +00:00
|
|
|
ui-docker: ui-build-image
|
2018-06-15 01:25:59 +00:00
|
|
|
@$(SHELL) $(CURDIR)/build-support/scripts/build-docker.sh ui
|
2018-10-19 16:04:07 +00:00
|
|
|
|
2019-04-29 16:27:57 +00:00
|
|
|
test-envoy-integ: $(ENVOY_INTEG_DEPS)
|
|
|
|
@$(SHELL) $(CURDIR)/test/integration/connect/envoy/run-tests.sh
|
|
|
|
|
CA Provider Plugins (#4751)
This adds the `agent/connect/ca/plugin` library for consuming/serving Connect CA providers as [go-plugin](https://github.com/hashicorp/go-plugin) plugins. This **does not** wire this up in any way to Consul itself, so this will not enable using these plugins yet.
## Why?
We want to enable CA providers to be pluggable without modifying Consul so that any CA or PKI system can potentially back the Connect certificates. This CA system may also be used in the future for easier bootstrapping and internal cluster security.
### go-plugin
The benefit of `go-plugin` is that for the plugin consumer, the fact that the interface implementation is communicating over multi-process RPC is invisible. Internals of Consul will continue to just use `ca.Provider` interface implementations as if they're local. For plugin _authors_, they simply have to implement the interface. The network/transport/process management issues are handled by go-plugin itself.
The CA provider plugins support both `net/rpc` and gRPC transports. This enables easy authoring in any language. go-plugin handles the actual protocol handshake and connection. This is just a feature of go-plugin.
`go-plugin` is already in production use for years by Packer, Terraform, Nomad, Vault, and Sentinel. We've shown stability for both desktop and server-side software. It is very mature.
## Implementation Details
### `map[string]interface{}`
The `Configure` method passes a `map[string]interface{}`. This map contains only Go primitives and containers of primitives (no funcs, chans, etc.). For `net/rpc` we encode as-is using Gob. For gRPC we marshal to JSON and transmit as a `bytes` type. This is the same approach we take with Vault and other software.
Note that this is just the transport protocol, the end software views it fully decoded.
### `x509.Certificate` and `CertificateRequest`
We transmit the raw ASN.1 bytes and decode on the other side. Unit tests are verifying we get the same cert/csrs across the wire.
### Testing
`go-plugin` exposes test helpers that enable testing the full plugin RPC over real loopback network connections. We test all endpoints for success and error for both `net/rpc` and gRPC.
### Vendoring
This PR doesn't introduce vendoring for two reasons:
1. @banks's `f-envoy` branch introduces a lot of these and I didn't want conflict.
2. The library isn't actually used yet so it doesn't introduce compile-time errors (it does introduce test errors).
## Next Steps
With this in place, we need to figure out the proper way to actually hook these up to Consul, load them, etc. This discussion can happen elsewhere, since regardless of approach this plugin library implementation is the exact same.
2019-01-07 17:48:44 +00:00
|
|
|
proto:
|
|
|
|
protoc agent/connect/ca/plugin/*.proto --gofast_out=plugins=grpc:../../..
|
2018-10-19 16:04:07 +00:00
|
|
|
|
2019-04-01 14:55:48 +00:00
|
|
|
.PHONY: all ci bin dev dist cov test test-ci test-internal test-install-deps cover format vet ui static-assets tools
|
2019-04-12 15:02:27 +00:00
|
|
|
.PHONY: docker-images go-build-image ui-build-image static-assets-docker consul-docker ui-docker
|
2019-04-29 16:27:57 +00:00
|
|
|
.PHONY: version proto test-envoy-integ
|