2014-08-28 20:42:07 +00:00
|
|
|
package agent
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"io"
|
|
|
|
"net/http"
|
|
|
|
"strconv"
|
|
|
|
"time"
|
|
|
|
|
2017-08-23 14:52:48 +00:00
|
|
|
"github.com/hashicorp/consul/acl"
|
2017-07-06 10:34:00 +00:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
2014-08-28 20:42:07 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// EventFire is used to fire a new event
|
2020-09-04 18:42:15 +00:00
|
|
|
func (s *HTTPHandlers) EventFire(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
2014-08-28 20:42:07 +00:00
|
|
|
|
2014-08-28 22:00:49 +00:00
|
|
|
// Get the datacenter
|
|
|
|
var dc string
|
|
|
|
s.parseDC(req, &dc)
|
|
|
|
|
2014-08-28 20:42:07 +00:00
|
|
|
event := &UserEvent{}
|
2022-01-26 18:12:42 +00:00
|
|
|
var err error
|
|
|
|
event.Name, err = getPathSuffixUnescaped(req.URL.Path, "/v1/event/fire/")
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2014-08-28 20:42:07 +00:00
|
|
|
if event.Name == "" {
|
2022-01-31 16:17:35 +00:00
|
|
|
return nil, BadRequestError{Reason: "Missing name"}
|
2014-08-28 20:42:07 +00:00
|
|
|
}
|
|
|
|
|
2015-06-18 01:58:27 +00:00
|
|
|
// Get the ACL token
|
|
|
|
var token string
|
|
|
|
s.parseToken(req, &token)
|
|
|
|
|
2014-08-28 20:42:07 +00:00
|
|
|
// Get the filters
|
|
|
|
if filt := req.URL.Query().Get("node"); filt != "" {
|
|
|
|
event.NodeFilter = filt
|
|
|
|
}
|
|
|
|
if filt := req.URL.Query().Get("service"); filt != "" {
|
|
|
|
event.ServiceFilter = filt
|
|
|
|
}
|
|
|
|
if filt := req.URL.Query().Get("tag"); filt != "" {
|
|
|
|
event.TagFilter = filt
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get the payload
|
|
|
|
if req.ContentLength > 0 {
|
|
|
|
var buf bytes.Buffer
|
|
|
|
if _, err := io.Copy(&buf, req.Body); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
event.Payload = buf.Bytes()
|
|
|
|
}
|
|
|
|
|
|
|
|
// Try to fire the event
|
2015-06-18 01:58:27 +00:00
|
|
|
if err := s.agent.UserEvent(dc, token, event); err != nil {
|
2017-08-23 14:52:48 +00:00
|
|
|
if acl.IsErrPermissionDenied(err) {
|
2022-01-31 16:17:35 +00:00
|
|
|
return nil, ForbiddenError{Reason: acl.ErrPermissionDenied.Error()}
|
2015-06-19 00:34:35 +00:00
|
|
|
}
|
2017-08-23 19:19:11 +00:00
|
|
|
resp.WriteHeader(http.StatusInternalServerError)
|
2015-06-19 00:34:35 +00:00
|
|
|
return nil, err
|
2014-08-28 20:42:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Return the event
|
|
|
|
return event, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// EventList is used to retrieve the recent list of events
|
2020-09-04 18:42:15 +00:00
|
|
|
func (s *HTTPHandlers) EventList(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
2014-08-28 20:42:07 +00:00
|
|
|
// Parse the query options, since we simulate a blocking query
|
|
|
|
var b structs.QueryOptions
|
|
|
|
if parseWait(resp, req, &b) {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
2016-12-15 03:42:37 +00:00
|
|
|
// Fetch the ACL token, if any.
|
|
|
|
var token string
|
|
|
|
s.parseToken(req, &token)
|
2021-04-14 16:39:35 +00:00
|
|
|
authz, err := s.agent.delegate.ResolveTokenAndDefaultMeta(token, nil, nil)
|
2016-12-15 03:42:37 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2014-08-28 22:25:53 +00:00
|
|
|
// Look for a name filter
|
|
|
|
var nameFilter string
|
|
|
|
if filt := req.URL.Query().Get("name"); filt != "" {
|
|
|
|
nameFilter = filt
|
|
|
|
}
|
|
|
|
|
2017-01-24 07:44:32 +00:00
|
|
|
// Lots of this logic is borrowed from consul/rpc.go:blockingQuery
|
2014-08-28 20:42:07 +00:00
|
|
|
// However we cannot use that directly since this code has some
|
|
|
|
// slight semantics differences...
|
|
|
|
var timeout <-chan time.Time
|
|
|
|
var notifyCh chan struct{}
|
|
|
|
|
|
|
|
// Fast path non-blocking
|
|
|
|
if b.MinQueryIndex == 0 {
|
|
|
|
goto RUN_QUERY
|
|
|
|
}
|
|
|
|
|
|
|
|
// Restrict the max query time
|
|
|
|
if b.MaxQueryTime > maxQueryTime {
|
|
|
|
b.MaxQueryTime = maxQueryTime
|
|
|
|
}
|
|
|
|
|
|
|
|
// Ensure a time limit is set if we have an index
|
|
|
|
if b.MinQueryIndex > 0 && b.MaxQueryTime == 0 {
|
|
|
|
b.MaxQueryTime = maxQueryTime
|
|
|
|
}
|
|
|
|
|
|
|
|
// Setup a query timeout
|
|
|
|
if b.MaxQueryTime > 0 {
|
|
|
|
timeout = time.After(b.MaxQueryTime)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Setup a notification channel for changes
|
|
|
|
SETUP_NOTIFY:
|
|
|
|
if b.MinQueryIndex > 0 {
|
|
|
|
notifyCh = make(chan struct{}, 1)
|
|
|
|
s.agent.eventNotify.Wait(notifyCh)
|
2018-08-02 13:54:48 +00:00
|
|
|
defer s.agent.eventNotify.Clear(notifyCh)
|
2014-08-28 20:42:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
RUN_QUERY:
|
|
|
|
// Get the recent events
|
|
|
|
events := s.agent.UserEvents()
|
2014-08-28 22:25:53 +00:00
|
|
|
|
2021-12-03 17:38:59 +00:00
|
|
|
// Filter the events if requested
|
|
|
|
if nameFilter != "" {
|
|
|
|
for i := 0; i < len(events); i++ {
|
|
|
|
if events[i].Name != nameFilter {
|
|
|
|
events = append(events[:i], events[i+1:]...)
|
|
|
|
i--
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-12-15 03:42:37 +00:00
|
|
|
// Filter the events using the ACL, if present
|
2021-12-03 17:38:59 +00:00
|
|
|
//
|
|
|
|
// Note: we filter the results with ACLs *after* applying the user-supplied
|
|
|
|
// name filter, to ensure the filtered-by-acls header we set below does not
|
|
|
|
// include results that would be filtered out even if the user did have
|
|
|
|
// permission.
|
|
|
|
var removed bool
|
2021-07-30 18:55:35 +00:00
|
|
|
for i := 0; i < len(events); i++ {
|
|
|
|
name := events[i].Name
|
|
|
|
if authz.EventRead(name, nil) == acl.Allow {
|
|
|
|
continue
|
2016-12-15 03:42:37 +00:00
|
|
|
}
|
2021-07-30 18:55:35 +00:00
|
|
|
s.agent.logger.Debug("dropping event from result due to ACLs", "event", name)
|
2021-12-03 17:38:59 +00:00
|
|
|
removed = true
|
2021-07-30 18:55:35 +00:00
|
|
|
events = append(events[:i], events[i+1:]...)
|
|
|
|
i--
|
2016-12-15 03:42:37 +00:00
|
|
|
}
|
|
|
|
|
2021-12-03 17:38:59 +00:00
|
|
|
// Set the X-Consul-Results-Filtered-By-ACLs header, but only if the user is
|
|
|
|
// authenticated (to prevent information leaking).
|
|
|
|
//
|
|
|
|
// This is done automatically for HTTP endpoints that proxy to an RPC endpoint
|
|
|
|
// that sets QueryMeta.ResultsFilteredByACLs, but must be done manually for
|
|
|
|
// agent-local endpoints.
|
|
|
|
//
|
|
|
|
// For more information see the comment on: Server.maskResultsFilteredByACLs.
|
|
|
|
if token != "" {
|
|
|
|
setResultsFilteredByACLs(resp, removed)
|
2014-08-28 22:25:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Determine the index
|
2014-08-28 20:42:07 +00:00
|
|
|
var index uint64
|
|
|
|
if len(events) == 0 {
|
2014-08-28 22:55:36 +00:00
|
|
|
// Return a non-zero index to prevent a hot query loop. This
|
|
|
|
// can be caused by a watch for example when there is no matching
|
|
|
|
// events.
|
|
|
|
index = 1
|
2014-08-28 20:42:07 +00:00
|
|
|
} else {
|
|
|
|
last := events[len(events)-1]
|
|
|
|
index = uuidToUint64(last.ID)
|
|
|
|
}
|
|
|
|
setIndex(resp, index)
|
|
|
|
|
2014-08-31 00:22:17 +00:00
|
|
|
// Check for exact match on the query value. Because
|
2014-08-28 20:42:07 +00:00
|
|
|
// the index value is not monotonic, we just ensure it is
|
|
|
|
// not an exact match.
|
|
|
|
if index > 0 && index == b.MinQueryIndex {
|
|
|
|
select {
|
|
|
|
case <-notifyCh:
|
|
|
|
goto SETUP_NOTIFY
|
|
|
|
case <-timeout:
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return events, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// uuidToUint64 is a bit of a hack to generate a 64bit Consul index.
|
|
|
|
// In effect, we take our random UUID, convert it to a 128 bit number,
|
|
|
|
// then XOR the high-order and low-order 64bit's together to get the
|
|
|
|
// output. This lets us generate an index which can be used to simulate
|
|
|
|
// the blocking behavior of other catalog endpoints.
|
|
|
|
func uuidToUint64(uuid string) uint64 {
|
|
|
|
lower := uuid[0:8] + uuid[9:13] + uuid[14:18]
|
|
|
|
upper := uuid[19:23] + uuid[24:36]
|
|
|
|
lowVal, err := strconv.ParseUint(lower, 16, 64)
|
|
|
|
if err != nil {
|
|
|
|
panic("Failed to convert " + lower)
|
|
|
|
}
|
|
|
|
highVal, err := strconv.ParseUint(upper, 16, 64)
|
|
|
|
if err != nil {
|
|
|
|
panic("Failed to convert " + upper)
|
|
|
|
}
|
|
|
|
return lowVal ^ highVal
|
|
|
|
}
|