2023-03-28 18:39:22 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2021-10-20 19:24:18 +00:00
|
|
|
package structs
|
|
|
|
|
|
|
|
import (
|
2021-10-27 20:54:27 +00:00
|
|
|
"encoding/json"
|
2021-10-20 19:24:18 +00:00
|
|
|
"fmt"
|
|
|
|
|
|
|
|
"github.com/hashicorp/consul/acl"
|
|
|
|
)
|
|
|
|
|
2021-12-03 06:50:38 +00:00
|
|
|
// ExportedServicesConfigEntry is the top-level struct for exporting a service to be exposed
|
2021-10-20 19:24:18 +00:00
|
|
|
// across other admin partitions.
|
2021-12-03 06:50:38 +00:00
|
|
|
type ExportedServicesConfigEntry struct {
|
2021-10-22 16:11:03 +00:00
|
|
|
Name string
|
2021-10-20 19:24:18 +00:00
|
|
|
|
|
|
|
// Services is a list of services to be exported and the list of partitions
|
|
|
|
// to expose them to.
|
2022-04-27 15:27:21 +00:00
|
|
|
Services []ExportedService `json:",omitempty"`
|
2021-10-20 19:24:18 +00:00
|
|
|
|
2022-03-13 03:55:53 +00:00
|
|
|
Meta map[string]string `json:",omitempty"`
|
|
|
|
acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
|
2021-10-20 19:24:18 +00:00
|
|
|
RaftIndex
|
|
|
|
}
|
|
|
|
|
|
|
|
// ExportedService manages the exporting of a service in the local partition to
|
|
|
|
// other partitions.
|
|
|
|
type ExportedService struct {
|
|
|
|
// Name is the name of the service to be exported.
|
|
|
|
Name string
|
|
|
|
|
|
|
|
// Namespace is the namespace to export the service from.
|
|
|
|
Namespace string `json:",omitempty"`
|
|
|
|
|
|
|
|
// Consumers is a list of downstream consumers of the service to be exported.
|
2022-04-27 15:27:21 +00:00
|
|
|
Consumers []ServiceConsumer `json:",omitempty"`
|
2021-10-20 19:24:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// ServiceConsumer represents a downstream consumer of the service to be exported.
|
2022-10-04 18:46:15 +00:00
|
|
|
// At most one of Partition or Peer must be specified.
|
2021-10-20 19:24:18 +00:00
|
|
|
type ServiceConsumer struct {
|
|
|
|
// Partition is the admin partition to export the service to.
|
2022-04-27 15:27:21 +00:00
|
|
|
Partition string `json:",omitempty"`
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
|
2022-10-04 18:46:15 +00:00
|
|
|
// Peer is the name of the peer to export the service to.
|
|
|
|
Peer string `json:",omitempty" alias:"peer_name"`
|
2021-10-20 19:24:18 +00:00
|
|
|
|
2023-03-31 17:36:44 +00:00
|
|
|
// SamenessGroup is the name of the sameness group to export the service to.
|
|
|
|
SamenessGroup string `json:",omitempty" alias:"sameness_group"`
|
2021-10-20 19:24:18 +00:00
|
|
|
}
|
|
|
|
|
2021-12-03 06:50:38 +00:00
|
|
|
func (e *ExportedServicesConfigEntry) GetKind() string {
|
|
|
|
return ExportedServices
|
2021-10-20 19:24:18 +00:00
|
|
|
}
|
|
|
|
|
2021-12-03 06:50:38 +00:00
|
|
|
func (e *ExportedServicesConfigEntry) GetName() string {
|
2021-10-20 19:24:18 +00:00
|
|
|
if e == nil {
|
|
|
|
return ""
|
|
|
|
}
|
|
|
|
|
2021-10-22 16:11:03 +00:00
|
|
|
return e.Name
|
2021-10-20 19:24:18 +00:00
|
|
|
}
|
|
|
|
|
2021-12-03 06:50:38 +00:00
|
|
|
func (e *ExportedServicesConfigEntry) GetMeta() map[string]string {
|
2021-10-20 19:24:18 +00:00
|
|
|
if e == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
return e.Meta
|
|
|
|
}
|
|
|
|
|
2021-12-03 06:50:38 +00:00
|
|
|
func (e *ExportedServicesConfigEntry) Normalize() error {
|
2021-10-20 19:24:18 +00:00
|
|
|
if e == nil {
|
|
|
|
return fmt.Errorf("config entry is nil")
|
|
|
|
}
|
2021-10-22 16:11:03 +00:00
|
|
|
e.EnterpriseMeta = *DefaultEnterpriseMetaInPartition(e.Name)
|
2021-10-20 19:24:18 +00:00
|
|
|
e.EnterpriseMeta.Normalize()
|
|
|
|
|
|
|
|
for i := range e.Services {
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
e.Services[i].Namespace = acl.NormalizeNamespace(e.Services[i].Namespace)
|
2021-10-20 19:24:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2021-12-03 06:50:38 +00:00
|
|
|
func (e *ExportedServicesConfigEntry) Validate() error {
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
if err := validateExportedServicesName(e.Name); err != nil {
|
2021-11-29 18:21:33 +00:00
|
|
|
return err
|
|
|
|
}
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
|
2021-11-29 18:21:33 +00:00
|
|
|
if err := validateConfigEntryMeta(e.Meta); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2021-10-20 19:24:18 +00:00
|
|
|
|
2023-03-31 17:36:44 +00:00
|
|
|
if err := e.validateServicesEnterprise(); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return e.validateServices()
|
|
|
|
}
|
|
|
|
|
|
|
|
func (e *ExportedServicesConfigEntry) validateServices() error {
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
for i, svc := range e.Services {
|
2021-10-20 19:24:18 +00:00
|
|
|
if svc.Name == "" {
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
return fmt.Errorf("Services[%d]: service name cannot be empty", i)
|
|
|
|
}
|
|
|
|
if svc.Namespace == WildcardSpecifier && svc.Name != WildcardSpecifier {
|
|
|
|
return fmt.Errorf("Services[%d]: service name must be wildcard if namespace is wildcard", i)
|
2021-10-20 19:24:18 +00:00
|
|
|
}
|
|
|
|
if len(svc.Consumers) == 0 {
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
return fmt.Errorf("Services[%d]: must have at least one consumer", i)
|
2021-10-20 19:24:18 +00:00
|
|
|
}
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
for j, consumer := range svc.Consumers {
|
2023-03-31 17:36:44 +00:00
|
|
|
count := 0
|
|
|
|
if consumer.Peer != "" {
|
|
|
|
count++
|
|
|
|
}
|
|
|
|
if consumer.Partition != "" {
|
|
|
|
count++
|
|
|
|
}
|
|
|
|
if consumer.SamenessGroup != "" {
|
|
|
|
count++
|
|
|
|
}
|
|
|
|
if count > 1 {
|
|
|
|
return fmt.Errorf("Services[%d].Consumers[%d]: must define at most one of Peer, Partition, or SamenessGroup", i, j)
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
}
|
2021-10-20 19:24:18 +00:00
|
|
|
if consumer.Partition == WildcardSpecifier {
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
return fmt.Errorf("Services[%d].Consumers[%d]: exporting to all partitions (wildcard) is not supported", i, j)
|
|
|
|
}
|
2022-10-04 18:46:15 +00:00
|
|
|
if consumer.Peer == WildcardSpecifier {
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
return fmt.Errorf("Services[%d].Consumers[%d]: exporting to all peers (wildcard) is not supported", i, j)
|
2021-10-20 19:24:18 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2021-11-29 18:21:33 +00:00
|
|
|
return nil
|
2021-10-20 19:24:18 +00:00
|
|
|
}
|
|
|
|
|
2022-03-11 21:45:51 +00:00
|
|
|
func (e *ExportedServicesConfigEntry) CanRead(authz acl.Authorizer) error {
|
2021-10-20 19:24:18 +00:00
|
|
|
var authzContext acl.AuthorizerContext
|
|
|
|
e.FillAuthzContext(&authzContext)
|
2022-03-11 21:45:51 +00:00
|
|
|
return authz.ToAllowAuthorizer().MeshReadAllowed(&authzContext)
|
2021-10-20 19:24:18 +00:00
|
|
|
}
|
|
|
|
|
2022-03-11 21:45:51 +00:00
|
|
|
func (e *ExportedServicesConfigEntry) CanWrite(authz acl.Authorizer) error {
|
2021-10-20 19:24:18 +00:00
|
|
|
var authzContext acl.AuthorizerContext
|
|
|
|
e.FillAuthzContext(&authzContext)
|
2022-03-11 21:45:51 +00:00
|
|
|
return authz.ToAllowAuthorizer().MeshWriteAllowed(&authzContext)
|
2021-10-20 19:24:18 +00:00
|
|
|
}
|
|
|
|
|
2021-12-03 06:50:38 +00:00
|
|
|
func (e *ExportedServicesConfigEntry) GetRaftIndex() *RaftIndex {
|
2021-10-20 19:24:18 +00:00
|
|
|
if e == nil {
|
|
|
|
return &RaftIndex{}
|
|
|
|
}
|
|
|
|
|
|
|
|
return &e.RaftIndex
|
|
|
|
}
|
|
|
|
|
2022-03-13 03:55:53 +00:00
|
|
|
func (e *ExportedServicesConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta {
|
2021-10-20 19:24:18 +00:00
|
|
|
if e == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
return &e.EnterpriseMeta
|
|
|
|
}
|
2021-10-27 20:54:27 +00:00
|
|
|
|
|
|
|
// MarshalJSON adds the Kind field so that the JSON can be decoded back into the
|
|
|
|
// correct type.
|
|
|
|
// This method is implemented on the structs type (as apposed to the api type)
|
|
|
|
// because that is what the API currently uses to return a response.
|
2021-12-03 06:50:38 +00:00
|
|
|
func (e *ExportedServicesConfigEntry) MarshalJSON() ([]byte, error) {
|
|
|
|
type Alias ExportedServicesConfigEntry
|
2021-10-27 20:54:27 +00:00
|
|
|
source := &struct {
|
|
|
|
Kind string
|
|
|
|
*Alias
|
|
|
|
}{
|
2021-12-03 06:50:38 +00:00
|
|
|
Kind: ExportedServices,
|
2021-10-27 20:54:27 +00:00
|
|
|
Alias: (*Alias)(e),
|
|
|
|
}
|
|
|
|
return json.Marshal(source)
|
|
|
|
}
|