diff --git a/.changelog/10690.txt b/.changelog/10690.txt new file mode 100644 index 000000000..47cfd6bdf --- /dev/null +++ b/.changelog/10690.txt @@ -0,0 +1,3 @@ +```release-note:feature +health-checks: add support for h2c in http2 ping health checks +``` diff --git a/agent/agent.go b/agent/agent.go index 6df0ea729..2c254e251 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -2734,9 +2734,11 @@ func (a *Agent) addCheck(check *structs.HealthCheck, chkType *structs.CheckType, ) chkType.Interval = checks.MinInterval } - - tlsClientConfig := a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify, chkType.TLSServerName) - tlsClientConfig.NextProtos = []string{http2.NextProtoTLS} + var tlsClientConfig *tls.Config + if chkType.H2PingUseTLS { + tlsClientConfig = a.tlsConfigurator.OutgoingTLSConfigForCheck(chkType.TLSSkipVerify, chkType.TLSServerName) + tlsClientConfig.NextProtos = []string{http2.NextProtoTLS} + } h2ping := &checks.CheckH2PING{ CheckID: cid, diff --git a/agent/agent_test.go b/agent/agent_test.go index 94903698a..e0bcc1592 100644 --- a/agent/agent_test.go +++ b/agent/agent_test.go @@ -855,6 +855,32 @@ func TestAgent_AddServiceWithH2PINGCheck(t *testing.T) { requireCheckExists(t, a, "test-h2ping-check") } +func TestAgent_AddServiceWithH2CPINGCheck(t *testing.T) { + t.Parallel() + a := NewTestAgent(t, "") + defer a.Shutdown() + check := []*structs.CheckType{ + { + CheckID: "test-h2cping-check", + Name: "test-h2cping-check", + H2PING: "localhost:12345", + TLSSkipVerify: true, + Interval: 10 * time.Second, + H2PingUseTLS: false, + }, + } + + nodeService := &structs.NodeService{ + ID: "test-h2cping-check-service", + Service: "test-h2cping-check-service", + } + err := a.addServiceFromSource(nodeService, check, false, "", ConfigSourceLocal) + if err != nil { + t.Fatalf("Error registering service: %v", err) + } + requireCheckExists(t, a, "test-h2cping-check") +} + func TestAgent_AddServiceNoExec(t *testing.T) { if testing.Short() { t.Skip("too slow for testing.Short") diff --git a/agent/checks/check.go b/agent/checks/check.go index 687de9e51..5bc00bc18 100644 --- a/agent/checks/check.go +++ b/agent/checks/check.go @@ -535,11 +535,25 @@ func shutdownHTTP2ClientConn(clientConn *http2.ClientConn, timeout time.Duration } func (c *CheckH2PING) check() { - t := &http2.Transport{ - TLSClientConfig: c.TLSClientConfig, + t := &http2.Transport{} + var dialFunc func(ctx context.Context, network, address string, tlscfg *tls.Config) (net.Conn, error) + if c.TLSClientConfig != nil { + t.TLSClientConfig = c.TLSClientConfig + dialFunc = func(ctx context.Context, network, address string, tlscfg *tls.Config) (net.Conn, error) { + dialer := &tls.Dialer{Config: tlscfg} + return dialer.DialContext(ctx, network, address) + } + } else { + t.AllowHTTP = true + dialFunc = func(ctx context.Context, network, address string, tlscfg *tls.Config) (net.Conn, error) { + dialer := &net.Dialer{} + return dialer.DialContext(ctx, network, address) + } } target := c.H2PING - conn, err := tls.Dial("tcp", target, c.TLSClientConfig) + ctx, cancel := context.WithTimeout(context.Background(), c.Timeout) + defer cancel() + conn, err := dialFunc(ctx, "tcp", target, c.TLSClientConfig) if err != nil { message := fmt.Sprintf("Failed to dial to %s: %s", target, err) c.StatusHandler.updateCheck(c.CheckID, api.HealthCritical, message) @@ -553,8 +567,6 @@ func (c *CheckH2PING) check() { return } defer shutdownHTTP2ClientConn(clientConn, c.Timeout, c.CheckID.String(), c.Logger) - ctx, cancel := context.WithTimeout(context.Background(), c.Timeout) - defer cancel() err = clientConn.Ping(ctx) if err == nil { c.StatusHandler.updateCheck(c.CheckID, api.HealthPassing, "HTTP2 ping was successful") diff --git a/agent/checks/check_test.go b/agent/checks/check_test.go index af97d0238..ba61aeeab 100644 --- a/agent/checks/check_test.go +++ b/agent/checks/check_test.go @@ -21,6 +21,7 @@ import ( "github.com/hashicorp/go-uuid" "github.com/stretchr/testify/require" http2 "golang.org/x/net/http2" + "golang.org/x/net/http2/h2c" ) func uniqueID() string { @@ -1256,6 +1257,64 @@ func TestCheckH2PINGInvalidListener(t *testing.T) { }) } +func TestCheckH2CPING(t *testing.T) { + t.Parallel() + + tests := []struct { + desc string + passing bool + timeout time.Duration + connTimeout time.Duration + }{ + {desc: "passing", passing: true, timeout: 1 * time.Second, connTimeout: 1 * time.Second}, + {desc: "failing because of time out", passing: false, timeout: 1 * time.Nanosecond, connTimeout: 1 * time.Second}, + {desc: "failing because of closed connection", passing: false, timeout: 1 * time.Nanosecond, connTimeout: 1 * time.Millisecond}, + } + + for _, tt := range tests { + t.Run(tt.desc, func(t *testing.T) { + handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { return }) + h2chandler := h2c.NewHandler(handler, &http2.Server{}) + server := httptest.NewUnstartedServer(h2chandler) + server.Config.ReadTimeout = tt.connTimeout + server.Start() + defer server.Close() + serverAddress := server.Listener.Addr() + target := serverAddress.String() + + notif := mock.NewNotify() + logger := testutil.Logger(t) + statusHandler := NewStatusHandler(notif, logger, 0, 0, 0) + cid := structs.NewCheckID("foo", nil) + check := &CheckH2PING{ + CheckID: cid, + H2PING: target, + Interval: 5 * time.Second, + Timeout: tt.timeout, + Logger: logger, + TLSClientConfig: nil, + StatusHandler: statusHandler, + } + + check.Start() + defer check.Stop() + if tt.passing { + retry.Run(t, func(r *retry.R) { + if got, want := notif.State(cid), api.HealthPassing; got != want { + r.Fatalf("got state %q want %q", got, want) + } + }) + } else { + retry.Run(t, func(r *retry.R) { + if got, want := notif.State(cid), api.HealthCritical; got != want { + r.Fatalf("got state %q want %q", got, want) + } + }) + } + }) + } +} + func TestCheck_Docker(t *testing.T) { if testing.Short() { t.Skip("too slow for testing.Short") diff --git a/agent/config/builder.go b/agent/config/builder.go index 4456ff252..9b5f5fd97 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -1542,6 +1542,13 @@ func (b *builder) checkVal(v *CheckDefinition) *structs.CheckDefinition { return nil } + var H2PingUseTLSVal bool + if stringVal(v.H2PING) != "" { + H2PingUseTLSVal = boolValWithDefault(v.H2PingUseTLS, true) + } else { + H2PingUseTLSVal = boolVal(v.H2PingUseTLS) + } + id := types.CheckID(stringVal(v.ID)) return &structs.CheckDefinition{ @@ -1572,6 +1579,7 @@ func (b *builder) checkVal(v *CheckDefinition) *structs.CheckDefinition { FailuresBeforeCritical: intVal(v.FailuresBeforeCritical), FailuresBeforeWarning: intValWithDefault(v.FailuresBeforeWarning, intVal(v.FailuresBeforeCritical)), H2PING: stringVal(v.H2PING), + H2PingUseTLS: H2PingUseTLSVal, DeregisterCriticalServiceAfter: b.durationVal(fmt.Sprintf("check[%s].deregister_critical_service_after", id), v.DeregisterCriticalServiceAfter), OutputMaxSize: intValWithDefault(v.OutputMaxSize, checks.DefaultBufSize), EnterpriseMeta: v.EnterpriseMeta.ToStructs(), diff --git a/agent/config/config.go b/agent/config/config.go index 7a85b6747..3b5b417dd 100644 --- a/agent/config/config.go +++ b/agent/config/config.go @@ -419,6 +419,7 @@ type CheckDefinition struct { Timeout *string `mapstructure:"timeout"` TTL *string `mapstructure:"ttl"` H2PING *string `mapstructure:"h2ping"` + H2PingUseTLS *bool `mapstructure:"h2ping_use_tls"` SuccessBeforePassing *int `mapstructure:"success_before_passing"` FailuresBeforeWarning *int `mapstructure:"failures_before_warning"` FailuresBeforeCritical *int `mapstructure:"failures_before_critical"` diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index d9ef24f97..5d33f1376 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -2375,6 +2375,42 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { rt.DataDir = dataDir }, }) + run(t, testCase{ + desc: "h2ping check without h2ping_use_tls set", + args: []string{ + `-data-dir=` + dataDir, + }, + json: []string{ + `{ "check": { "name": "a", "h2ping": "localhost:55555", "interval": "5s" } }`, + }, + hcl: []string{ + `check = { name = "a" h2ping = "localhost:55555" interval = "5s" }`, + }, + expected: func(rt *RuntimeConfig) { + rt.Checks = []*structs.CheckDefinition{ + {Name: "a", H2PING: "localhost:55555", H2PingUseTLS: true, OutputMaxSize: checks.DefaultBufSize, Interval: 5 * time.Second}, + } + rt.DataDir = dataDir + }, + }) + run(t, testCase{ + desc: "h2ping check with h2ping_use_tls set to false", + args: []string{ + `-data-dir=` + dataDir, + }, + json: []string{ + `{ "check": { "name": "a", "h2ping": "localhost:55555", "h2ping_use_tls": false, "interval": "5s" } }`, + }, + hcl: []string{ + `check = { name = "a" h2ping = "localhost:55555" h2ping_use_tls = false interval = "5s" }`, + }, + expected: func(rt *RuntimeConfig) { + rt.Checks = []*structs.CheckDefinition{ + {Name: "a", H2PING: "localhost:55555", H2PingUseTLS: false, OutputMaxSize: checks.DefaultBufSize, Interval: 5 * time.Second}, + } + rt.DataDir = dataDir + }, + }) run(t, testCase{ desc: "alias check with no node", args: []string{ @@ -5307,6 +5343,7 @@ func TestLoad_FullConfig(t *testing.T) { Body: "wSjTy7dg", TCP: "RJQND605", H2PING: "9N1cSb5B", + H2PingUseTLS: false, Interval: 22164 * time.Second, OutputMaxSize: checks.DefaultBufSize, DockerContainerID: "ipgdFtjd", @@ -5334,6 +5371,7 @@ func TestLoad_FullConfig(t *testing.T) { OutputMaxSize: checks.DefaultBufSize, TCP: "4jG5casb", H2PING: "HCHU7gEb", + H2PingUseTLS: false, Interval: 28767 * time.Second, DockerContainerID: "THW6u7rL", Shell: "C1Zt3Zwh", @@ -5360,6 +5398,7 @@ func TestLoad_FullConfig(t *testing.T) { OutputMaxSize: checks.DefaultBufSize, TCP: "JY6fTTcw", H2PING: "rQ8eyCSF", + H2PingUseTLS: false, Interval: 18714 * time.Second, DockerContainerID: "qF66POS9", Shell: "sOnDy228", @@ -5565,6 +5604,7 @@ func TestLoad_FullConfig(t *testing.T) { OutputMaxSize: checks.DefaultBufSize, TCP: "ICbxkpSF", H2PING: "7s7BbMyb", + H2PingUseTLS: false, Interval: 24392 * time.Second, DockerContainerID: "ZKXr68Yb", Shell: "CEfzx0Fo", @@ -5616,6 +5656,7 @@ func TestLoad_FullConfig(t *testing.T) { OutputMaxSize: checks.DefaultBufSize, TCP: "MN3oA9D2", H2PING: "OV6Q2XEg", + H2PingUseTLS: false, Interval: 32718 * time.Second, DockerContainerID: "cU15LMet", Shell: "nEz9qz2l", @@ -5759,6 +5800,7 @@ func TestLoad_FullConfig(t *testing.T) { OutputMaxSize: checks.DefaultBufSize, TCP: "bNnNfx2A", H2PING: "qC1pidiW", + H2PingUseTLS: false, Interval: 22224 * time.Second, DockerContainerID: "ipgdFtjd", Shell: "omVZq7Sz", @@ -5783,6 +5825,7 @@ func TestLoad_FullConfig(t *testing.T) { OutputMaxSize: checks.DefaultBufSize, TCP: "FfvCwlqH", H2PING: "spI3muI3", + H2PingUseTLS: false, Interval: 12356 * time.Second, DockerContainerID: "HBndBU6R", Shell: "hVI33JjA", @@ -5807,6 +5850,7 @@ func TestLoad_FullConfig(t *testing.T) { OutputMaxSize: checks.DefaultBufSize, TCP: "fjiLFqVd", H2PING: "5NbNWhan", + H2PingUseTLS: false, Interval: 23926 * time.Second, DockerContainerID: "dO5TtRHk", Shell: "e6q2ttES", diff --git a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden index 38dc675dc..2d1093d1e 100644 --- a/agent/config/testdata/TestRuntimeConfig_Sanitize.golden +++ b/agent/config/testdata/TestRuntimeConfig_Sanitize.golden @@ -99,6 +99,7 @@ "GRPC": "", "GRPCUseTLS": false, "H2PING": "", + "H2PingUseTLS": false, "HTTP": "", "Header": {}, "ID": "", @@ -303,6 +304,7 @@ "GRPC": "", "GRPCUseTLS": false, "H2PING": "", + "H2PingUseTLS": false, "HTTP": "", "Header": {}, "Interval": "0s", @@ -419,4 +421,4 @@ "Version": "", "VersionPrerelease": "", "Watches": [] -} \ No newline at end of file +} diff --git a/agent/config/testdata/full-config.hcl b/agent/config/testdata/full-config.hcl index 1c840d192..acdd740c6 100644 --- a/agent/config/testdata/full-config.hcl +++ b/agent/config/testdata/full-config.hcl @@ -110,6 +110,7 @@ check = { body = "5PBQd2OT" tcp = "JY6fTTcw" h2ping = "rQ8eyCSF" + h2ping_use_tls = false interval = "18714s" output_max_size = 4096 docker_container_id = "qF66POS9" @@ -137,6 +138,7 @@ checks = [ body = "wSjTy7dg" tcp = "RJQND605" h2ping = "9N1cSb5B" + h2ping_use_tls = false interval = "22164s" output_max_size = 4096 docker_container_id = "ipgdFtjd" @@ -163,6 +165,7 @@ checks = [ body = "0jkKgGUC" tcp = "4jG5casb" h2ping = "HCHU7gEb" + h2ping_use_tls = false interval = "28767s" output_max_size = 4096 docker_container_id = "THW6u7rL" @@ -380,6 +383,7 @@ service = { body = "wVVL2V6f" tcp = "fjiLFqVd" h2ping = "5NbNWhan" + h2ping_use_tls = false interval = "23926s" docker_container_id = "dO5TtRHk" shell = "e6q2ttES" @@ -404,6 +408,7 @@ service = { body = "OwGjTFQi" tcp = "bNnNfx2A" h2ping = "qC1pidiW" + h2ping_use_tls = false interval = "22224s" output_max_size = 4096 docker_container_id = "ipgdFtjd" @@ -428,6 +433,7 @@ service = { body = "lUVLGYU7" tcp = "FfvCwlqH" h2ping = "spI3muI3" + h2ping_use_tls = false interval = "12356s" output_max_size = 4096 docker_container_id = "HBndBU6R" @@ -466,6 +472,7 @@ services = [ body = "WeikigLh" tcp = "ICbxkpSF" h2ping = "7s7BbMyb" + h2ping_use_tls = false interval = "24392s" output_max_size = 4096 docker_container_id = "ZKXr68Yb" @@ -507,6 +514,7 @@ services = [ body = "7CRjCJyz" tcp = "MN3oA9D2" h2ping = "OV6Q2XEg" + h2ping_use_tls = false interval = "32718s" output_max_size = 4096 docker_container_id = "cU15LMet" diff --git a/agent/config/testdata/full-config.json b/agent/config/testdata/full-config.json index 7e28cc0c4..711c0a1fa 100644 --- a/agent/config/testdata/full-config.json +++ b/agent/config/testdata/full-config.json @@ -112,6 +112,7 @@ "output_max_size": 4096, "tcp": "JY6fTTcw", "h2ping": "rQ8eyCSF", + "h2ping_use_tls": false, "interval": "18714s", "docker_container_id": "qF66POS9", "shell": "sOnDy228", @@ -138,6 +139,7 @@ "body": "wSjTy7dg", "tcp": "RJQND605", "h2ping": "9N1cSb5B", + "h2ping_use_tls": false, "interval": "22164s", "output_max_size": 4096, "docker_container_id": "ipgdFtjd", @@ -164,6 +166,7 @@ "body": "0jkKgGUC", "tcp": "4jG5casb", "h2ping": "HCHU7gEb", + "h2ping_use_tls": false, "interval": "28767s", "output_max_size": 4096, "docker_container_id": "THW6u7rL", @@ -376,6 +379,7 @@ "body": "wVVL2V6f", "tcp": "fjiLFqVd", "h2ping": "5NbNWhan", + "h2ping_use_tls": false, "interval": "23926s", "output_max_size": 4096, "docker_container_id": "dO5TtRHk", @@ -401,6 +405,7 @@ "body": "OwGjTFQi", "tcp": "bNnNfx2A", "h2ping": "qC1pidiW", + "h2ping_use_tls": false, "interval": "22224s", "output_max_size": 4096, "docker_container_id": "ipgdFtjd", @@ -425,6 +430,7 @@ "body": "lUVLGYU7", "tcp": "FfvCwlqH", "h2ping": "spI3muI3", + "h2ping_use_tls": false, "interval": "12356s", "output_max_size": 4096, "docker_container_id": "HBndBU6R", @@ -463,6 +469,7 @@ "body": "WeikigLh", "tcp": "ICbxkpSF", "h2ping": "7s7BbMyb", + "h2ping_use_tls": false, "interval": "24392s", "output_max_size": 4096, "docker_container_id": "ZKXr68Yb", @@ -504,6 +511,7 @@ "body": "7CRjCJyz", "tcp": "MN3oA9D2", "h2ping": "OV6Q2XEg", + "h2ping_use_tls": false, "interval": "32718s", "output_max_size": 4096, "docker_container_id": "cU15LMet", diff --git a/agent/http_decode_test.go b/agent/http_decode_test.go index 4b546f630..50347f6e1 100644 --- a/agent/http_decode_test.go +++ b/agent/http_decode_test.go @@ -285,6 +285,7 @@ var translateCheckTypeTCs = [][]translateKeyTestCase{ translateDockerTCs, translateGRPCUseTLSTCs, translateTLSServerNameTCs, + translateH2PingUseTLS, translateTLSSkipVerifyTCs, translateServiceIDTCs, } @@ -677,6 +678,62 @@ var translateGRPCUseTLSTCs = []translateKeyTestCase{ }, } +func h2pingUseTLSEqFn(out interface{}, want interface{}) error { + var got interface{} + switch v := out.(type) { + case structs.CheckDefinition: + got = v.H2PingUseTLS + case *structs.CheckDefinition: + got = v.H2PingUseTLS + case structs.CheckType: + got = v.H2PingUseTLS + case *structs.CheckType: + got = v.H2PingUseTLS + case structs.HealthCheckDefinition: + got = v.H2PingUseTLS + case *structs.HealthCheckDefinition: + got = v.H2PingUseTLS + default: + panic(fmt.Sprintf("unexpected type %T", out)) + } + if got != want { + return fmt.Errorf("expected H2PingUseTLS to be %v, got %v", want, got) + } + return nil +} + +var h2pingUseTLSFields = []string{`"H2PING": "testing"`, `"H2PingUseTLS": %s`, `"h2ping_use_tls": %s`} +var translateH2PingUseTLS = []translateKeyTestCase{ + { + desc: "H2PingUseTLS: both set", + in: []interface{}{"false", "true"}, + want: false, + jsonFmtStr: "{" + strings.Join(h2pingUseTLSFields, ",") + "}", + equalityFn: h2pingUseTLSEqFn, + }, + { + desc: "H2PingUseTLS:: first set", + in: []interface{}{`false`}, + want: false, + jsonFmtStr: "{" + strings.Join(h2pingUseTLSFields[0:2], ",") + "}", + equalityFn: h2pingUseTLSEqFn, + }, + { + desc: "H2PingUseTLS: second set", + in: []interface{}{`false`}, + want: false, + jsonFmtStr: "{" + h2pingUseTLSFields[0] + "," + h2pingUseTLSFields[2] + "}", + equalityFn: h2pingUseTLSEqFn, + }, + { + desc: "H2PingUseTLS: neither set", + in: []interface{}{}, + want: true, // zero value + jsonFmtStr: "{" + h2pingUseTLSFields[0] + "}", + equalityFn: h2pingUseTLSEqFn, + }, +} + // ServiceID: string func serviceIDEqFn(out interface{}, want interface{}) error { var got interface{} @@ -935,6 +992,8 @@ func TestDecodeACLRoleWrite(t *testing.T) { // Shell string // GRPC string // GRPCUseTLS bool +// H2PING string +// H2PingUseTLS bool // TLSServerName string // TLSSkipVerify bool // AliasNode string diff --git a/agent/structs/check_definition.go b/agent/structs/check_definition.go index 5ac0d6044..434f35e65 100644 --- a/agent/structs/check_definition.go +++ b/agent/structs/check_definition.go @@ -25,6 +25,7 @@ type CheckDefinition struct { ScriptArgs []string HTTP string H2PING string + H2PingUseTLS bool Header map[string][]string Method string Body string @@ -69,11 +70,23 @@ func (t *CheckDefinition) UnmarshalJSON(data []byte) (err error) { TLSSkipVerifySnake bool `json:"tls_skip_verify"` GRPCUseTLSSnake bool `json:"grpc_use_tls"` ServiceIDSnake string `json:"service_id"` + H2PingUseTLSSnake bool `json:"h2ping_use_tls"` *Alias }{ Alias: (*Alias)(t), } + + // Preevaluate struct values to determine where to set defaults + if err = lib.UnmarshalJSON(data, &aux); err != nil { + return err + } + // Set defaults + if aux.H2PING != "" { + aux.H2PingUseTLS = true + aux.H2PingUseTLSSnake = true + } + if err = lib.UnmarshalJSON(data, &aux); err != nil { return err } @@ -104,6 +117,10 @@ func (t *CheckDefinition) UnmarshalJSON(data []byte) (err error) { t.ServiceID = aux.ServiceIDSnake } + if (aux.H2PING != "" && !aux.H2PingUseTLSSnake) || (aux.H2PING == "" && aux.H2PingUseTLSSnake) { + t.H2PingUseTLS = aux.H2PingUseTLSSnake + } + // Parse special values if aux.Interval != nil { switch v := aux.Interval.(type) { @@ -182,6 +199,7 @@ func (c *CheckDefinition) CheckType() *CheckType { AliasService: c.AliasService, HTTP: c.HTTP, H2PING: c.H2PING, + H2PingUseTLS: c.H2PingUseTLS, GRPC: c.GRPC, GRPCUseTLS: c.GRPCUseTLS, Header: c.Header, diff --git a/agent/structs/check_type.go b/agent/structs/check_type.go index 50c9714b3..7f3b58370 100644 --- a/agent/structs/check_type.go +++ b/agent/structs/check_type.go @@ -33,6 +33,7 @@ type CheckType struct { ScriptArgs []string HTTP string H2PING string + H2PingUseTLS bool Header map[string][]string Method string Body string @@ -81,6 +82,7 @@ func (t *CheckType) UnmarshalJSON(data []byte) (err error) { TLSServerNameSnake string `json:"tls_server_name"` TLSSkipVerifySnake bool `json:"tls_skip_verify"` GRPCUseTLSSnake bool `json:"grpc_use_tls"` + H2PingUseTLSSnake bool `json:"h2ping_use_tls"` // These are going to be ignored but since we are disallowing unknown fields // during parsing we have to be explicit about parsing but not using these. @@ -91,6 +93,17 @@ func (t *CheckType) UnmarshalJSON(data []byte) (err error) { }{ Alias: (*Alias)(t), } + + // Preevaluate struct values to determine where to set defaults + if err = lib.UnmarshalJSON(data, aux); err != nil { + return err + } + // Set defaults + if aux.H2PING != "" { + aux.H2PingUseTLS = true + aux.H2PingUseTLSSnake = true + } + if err = lib.UnmarshalJSON(data, aux); err != nil { return err } @@ -115,7 +128,6 @@ func (t *CheckType) UnmarshalJSON(data []byte) (err error) { if aux.GRPCUseTLSSnake { t.GRPCUseTLS = aux.GRPCUseTLSSnake } - if aux.Interval != nil { switch v := aux.Interval.(type) { case string: @@ -156,6 +168,9 @@ func (t *CheckType) UnmarshalJSON(data []byte) (err error) { t.DeregisterCriticalServiceAfter = time.Duration(v) } } + if (aux.H2PING != "" && !aux.H2PingUseTLSSnake) || (aux.H2PING == "" && aux.H2PingUseTLSSnake) { + t.H2PingUseTLS = aux.H2PingUseTLSSnake + } return nil diff --git a/agent/structs/structs.go b/agent/structs/structs.go index 83ae63e79..7f3bd3369 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -1544,6 +1544,7 @@ type HealthCheckDefinition struct { Body string `json:",omitempty"` TCP string `json:",omitempty"` H2PING string `json:",omitempty"` + H2PingUseTLS bool `json:",omitempty"` Interval time.Duration `json:",omitempty"` OutputMaxSize uint `json:",omitempty"` Timeout time.Duration `json:",omitempty"` @@ -1691,6 +1692,7 @@ func (c *HealthCheck) CheckType() *CheckType { Body: c.Definition.Body, TCP: c.Definition.TCP, H2PING: c.Definition.H2PING, + H2PingUseTLS: c.Definition.H2PingUseTLS, Interval: c.Definition.Interval, DockerContainerID: c.Definition.DockerContainerID, Shell: c.Definition.Shell, diff --git a/api/agent.go b/api/agent.go index 51a8b88ae..c4efa0efe 100644 --- a/api/agent.go +++ b/api/agent.go @@ -339,6 +339,8 @@ type AgentServiceCheck struct { TLSSkipVerify bool `json:",omitempty"` GRPC string `json:",omitempty"` GRPCUseTLS bool `json:",omitempty"` + H2PING string `json:",omitempty"` + H2PingUseTLS bool `json:",omitempty"` AliasNode string `json:",omitempty"` AliasService string `json:",omitempty"` SuccessBeforePassing int `json:",omitempty"` diff --git a/proto/pbservice/healthcheck.gen.go b/proto/pbservice/healthcheck.gen.go index d195c84d7..2939eddc6 100644 --- a/proto/pbservice/healthcheck.gen.go +++ b/proto/pbservice/healthcheck.gen.go @@ -13,6 +13,7 @@ func CheckTypeToStructs(s CheckType) structs.CheckType { t.ScriptArgs = s.ScriptArgs t.HTTP = s.HTTP t.H2PING = s.H2PING + t.H2PingUseTLS = s.H2PingUseTLS t.Header = MapHeadersToStructs(s.Header) t.Method = s.Method t.Body = s.Body @@ -46,6 +47,7 @@ func NewCheckTypeFromStructs(t structs.CheckType) CheckType { s.ScriptArgs = t.ScriptArgs s.HTTP = t.HTTP s.H2PING = t.H2PING + s.H2PingUseTLS = t.H2PingUseTLS s.Header = NewMapHeadersFromStructs(t.Header) s.Method = t.Method s.Body = t.Body @@ -120,6 +122,7 @@ func HealthCheckDefinitionToStructs(s HealthCheckDefinition) structs.HealthCheck t.Body = s.Body t.TCP = s.TCP t.H2PING = s.H2PING + t.H2PingUseTLS = s.H2PingUseTLS t.Interval = s.Interval t.OutputMaxSize = uint(s.OutputMaxSize) t.Timeout = s.Timeout @@ -144,6 +147,7 @@ func NewHealthCheckDefinitionFromStructs(t structs.HealthCheckDefinition) Health s.Body = t.Body s.TCP = t.TCP s.H2PING = t.H2PING + s.H2PingUseTLS = t.H2PingUseTLS s.Interval = t.Interval s.OutputMaxSize = uint32(t.OutputMaxSize) s.Timeout = t.Timeout diff --git a/proto/pbservice/healthcheck.pb.go b/proto/pbservice/healthcheck.pb.go index f1e53fb4f..207088462 100644 --- a/proto/pbservice/healthcheck.pb.go +++ b/proto/pbservice/healthcheck.pb.go @@ -153,6 +153,7 @@ type HealthCheckDefinition struct { DockerContainerID string `protobuf:"bytes,11,opt,name=DockerContainerID,proto3" json:"DockerContainerID,omitempty"` Shell string `protobuf:"bytes,12,opt,name=Shell,proto3" json:"Shell,omitempty"` H2PING string `protobuf:"bytes,20,opt,name=H2PING,proto3" json:"H2PING,omitempty"` + H2PingUseTLS bool `protobuf:"varint,21,opt,name=H2PingUseTLS,proto3" json:"H2PingUseTLS,omitempty"` GRPC string `protobuf:"bytes,13,opt,name=GRPC,proto3" json:"GRPC,omitempty"` GRPCUseTLS bool `protobuf:"varint,14,opt,name=GRPCUseTLS,proto3" json:"GRPCUseTLS,omitempty"` AliasNode string `protobuf:"bytes,15,opt,name=AliasNode,proto3" json:"AliasNode,omitempty"` @@ -223,6 +224,7 @@ type CheckType struct { DockerContainerID string `protobuf:"bytes,12,opt,name=DockerContainerID,proto3" json:"DockerContainerID,omitempty"` Shell string `protobuf:"bytes,13,opt,name=Shell,proto3" json:"Shell,omitempty"` H2PING string `protobuf:"bytes,28,opt,name=H2PING,proto3" json:"H2PING,omitempty"` + H2PingUseTLS bool `protobuf:"varint,30,opt,name=H2PingUseTLS,proto3" json:"H2PingUseTLS,omitempty"` GRPC string `protobuf:"bytes,14,opt,name=GRPC,proto3" json:"GRPC,omitempty"` GRPCUseTLS bool `protobuf:"varint,15,opt,name=GRPCUseTLS,proto3" json:"GRPCUseTLS,omitempty"` TLSServerName string `protobuf:"bytes,27,opt,name=TLSServerName,proto3" json:"TLSServerName,omitempty"` @@ -291,75 +293,76 @@ func init() { func init() { proto.RegisterFile("proto/pbservice/healthcheck.proto", fileDescriptor_8a6f7448747c9fbe) } var fileDescriptor_8a6f7448747c9fbe = []byte{ - // 1076 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0x5d, 0x4f, 0xe3, 0x46, - 0x14, 0x8d, 0x09, 0x24, 0xf1, 0x04, 0x58, 0x98, 0x05, 0x3a, 0xcb, 0x6e, 0x4d, 0x4a, 0xf7, 0x81, - 0xaa, 0x34, 0x91, 0xe8, 0x87, 0xda, 0x4a, 0x6d, 0x45, 0x08, 0x0b, 0xa9, 0x80, 0xa6, 0x4e, 0xba, - 0x95, 0xfa, 0x66, 0x9c, 0x49, 0x62, 0xe1, 0x78, 0xac, 0xf1, 0x18, 0x91, 0xfe, 0x8a, 0x7d, 0xdc, - 0x9f, 0xc4, 0x23, 0x8f, 0x95, 0x2a, 0xd1, 0x2e, 0xfc, 0x8b, 0x3e, 0x55, 0x73, 0xc7, 0x0e, 0xf6, - 0xc6, 0x5b, 0xd2, 0xd5, 0xee, 0x13, 0x73, 0xef, 0xb9, 0x77, 0xc6, 0x33, 0xf7, 0x9c, 0x13, 0xd0, - 0x47, 0x3e, 0x67, 0x82, 0xd5, 0xfc, 0xd3, 0x80, 0xf2, 0x73, 0xc7, 0xa6, 0xb5, 0x01, 0xb5, 0x5c, - 0x31, 0xb0, 0x07, 0xd4, 0x3e, 0xab, 0x02, 0x86, 0xf5, 0x31, 0xb8, 0x6e, 0xf4, 0x19, 0xeb, 0xbb, - 0xb4, 0x06, 0xc0, 0x69, 0xd8, 0xab, 0x75, 0x43, 0x6e, 0x09, 0x87, 0x79, 0xaa, 0x74, 0xfd, 0x71, - 0xbc, 0x9b, 0xcd, 0x86, 0x43, 0xe6, 0xd5, 0xd4, 0x9f, 0x08, 0x5c, 0xe9, 0xb3, 0x3e, 0x53, 0x05, - 0x72, 0xa5, 0xb2, 0x9b, 0x7f, 0xce, 0xa2, 0xf2, 0x21, 0x9c, 0xb9, 0x27, 0xcf, 0xc4, 0x18, 0xcd, - 0x9e, 0xb0, 0x2e, 0x25, 0x5a, 0x45, 0xdb, 0xd2, 0x4d, 0x58, 0xe3, 0x03, 0x54, 0x04, 0xb0, 0xd9, - 0x20, 0x33, 0x32, 0x5d, 0xff, 0xec, 0x9f, 0xeb, 0x8d, 0x4f, 0xfa, 0x8e, 0x18, 0x84, 0xa7, 0x55, - 0x9b, 0x0d, 0x6b, 0x03, 0x2b, 0x18, 0x38, 0x36, 0xe3, 0x7e, 0xcd, 0x66, 0x5e, 0x10, 0xba, 0x35, - 0x31, 0xf2, 0x69, 0x50, 0x8d, 0x9a, 0xcc, 0xb8, 0x1b, 0x36, 0xb7, 0x86, 0x94, 0xe4, 0xa3, 0xcd, - 0xad, 0x21, 0xc5, 0x6b, 0xa8, 0xd0, 0x16, 0x96, 0x08, 0x03, 0x32, 0x0b, 0xd9, 0x28, 0xc2, 0x2b, - 0x68, 0xee, 0x84, 0x09, 0x1a, 0x90, 0x39, 0x48, 0xab, 0x40, 0x56, 0xff, 0x14, 0x0a, 0x3f, 0x14, - 0xa4, 0xa0, 0xaa, 0x55, 0x84, 0x9f, 0x20, 0xbd, 0xad, 0x1e, 0xa9, 0xd9, 0x20, 0x45, 0x80, 0xee, - 0x12, 0xb8, 0x82, 0xca, 0x51, 0x00, 0xc7, 0x97, 0x00, 0x4f, 0xa6, 0x12, 0x15, 0x1d, 0xab, 0x1f, - 0x10, 0xbd, 0x92, 0x4f, 0x54, 0xc8, 0x94, 0xfc, 0xf6, 0xce, 0xc8, 0xa7, 0x64, 0x5e, 0x7d, 0xbb, - 0x5c, 0xe3, 0x67, 0x08, 0x35, 0x68, 0xcf, 0xf1, 0x1c, 0x39, 0x03, 0x82, 0x2a, 0xda, 0x56, 0x79, - 0xa7, 0x52, 0x1d, 0xcf, 0xab, 0x9a, 0x78, 0xd8, 0xbb, 0xba, 0xfa, 0xec, 0xe5, 0xf5, 0x46, 0xce, - 0x4c, 0x74, 0xe2, 0x6f, 0x90, 0x6e, 0x5a, 0x3d, 0xd1, 0xf4, 0xba, 0xf4, 0x82, 0x94, 0x61, 0x9b, - 0xe5, 0x6a, 0x34, 0xbc, 0x31, 0x50, 0x2f, 0xc9, 0xbe, 0xab, 0xeb, 0x0d, 0xcd, 0xbc, 0xab, 0xc6, - 0x0d, 0xb4, 0xb8, 0xef, 0x09, 0xca, 0x7d, 0xee, 0x04, 0xf4, 0x98, 0x0a, 0x8b, 0x2c, 0x40, 0xff, - 0x5a, 0xdc, 0x9f, 0x46, 0xa3, 0xc3, 0x5f, 0xeb, 0x91, 0xd7, 0xdf, 0xbf, 0xf0, 0x59, 0x40, 0xbb, - 0x2d, 0xc6, 0x05, 0x59, 0xac, 0x68, 0x5b, 0x73, 0x66, 0x32, 0x85, 0xd7, 0x51, 0xa9, 0x29, 0x7b, - 0xce, 0x2d, 0x97, 0x3c, 0x80, 0x27, 0x18, 0xc7, 0x98, 0xa0, 0x62, 0xc7, 0x19, 0x52, 0x16, 0x0a, - 0xb2, 0x04, 0x50, 0x1c, 0x6e, 0x7e, 0x0c, 0xe4, 0xea, 0x52, 0xfe, 0xdc, 0x72, 0x43, 0x2a, 0x67, - 0x0a, 0x0b, 0xa2, 0xc1, 0xfb, 0xaa, 0x60, 0xf3, 0x45, 0x11, 0xad, 0x66, 0xbe, 0x94, 0x7c, 0xf3, - 0xc3, 0x4e, 0xa7, 0x15, 0x93, 0x51, 0xae, 0xf1, 0x53, 0xb4, 0xd0, 0x39, 0x6a, 0xcb, 0xc9, 0x50, - 0x0e, 0xd3, 0x7c, 0x08, 0x60, 0x3a, 0x19, 0x57, 0x9d, 0x39, 0xfe, 0x73, 0xca, 0x9d, 0xde, 0x08, - 0x88, 0x5b, 0x32, 0xd3, 0x49, 0xfc, 0x23, 0x2a, 0xa8, 0xcf, 0x23, 0xf9, 0x4a, 0x7e, 0xab, 0xbc, - 0xb3, 0x7d, 0xdf, 0xec, 0xaa, 0xaa, 0x7c, 0xdf, 0x13, 0x7c, 0x14, 0x3d, 0x65, 0xb4, 0x83, 0x64, - 0xe6, 0x31, 0x15, 0x03, 0xd6, 0x8d, 0x79, 0xac, 0x22, 0x79, 0x87, 0x3a, 0xeb, 0x8e, 0x08, 0x56, - 0x77, 0x90, 0x6b, 0xbc, 0x84, 0xf2, 0x9d, 0xbd, 0x56, 0xc4, 0x6c, 0xb9, 0xc4, 0x3f, 0x24, 0x9e, - 0xb7, 0x00, 0x03, 0x7c, 0x54, 0x55, 0x62, 0xaf, 0xc6, 0x62, 0xaf, 0x36, 0x22, 0xb1, 0x2b, 0x22, - 0xbc, 0xfc, 0x6b, 0x43, 0x4b, 0xcc, 0xe0, 0x29, 0x5a, 0x50, 0x52, 0x38, 0xb6, 0x2e, 0xda, 0xce, - 0xef, 0x94, 0xe8, 0x15, 0x6d, 0x6b, 0xc1, 0x4c, 0x27, 0xf1, 0x77, 0x77, 0x93, 0x2a, 0x4e, 0x7f, - 0x4a, 0xdc, 0x83, 0xcf, 0x90, 0xd1, 0xa0, 0x9c, 0xf6, 0x9d, 0x40, 0x50, 0xbe, 0xc7, 0x1d, 0xe1, - 0xd8, 0x96, 0x1b, 0x89, 0x64, 0xb7, 0x27, 0x28, 0x07, 0x69, 0x4d, 0xb9, 0xeb, 0x3d, 0x5b, 0x61, - 0x03, 0xa1, 0xb6, 0xcd, 0x1d, 0x5f, 0xec, 0xf2, 0x7e, 0x40, 0x10, 0x30, 0x26, 0x91, 0xc1, 0xdb, - 0x68, 0xb9, 0xc1, 0xec, 0x33, 0xca, 0xf7, 0x98, 0x27, 0x2c, 0xc7, 0xa3, 0xbc, 0xd9, 0x00, 0xf1, - 0xe8, 0xe6, 0x24, 0x20, 0xa9, 0xd7, 0x1e, 0x50, 0xd7, 0x8d, 0xf4, 0xab, 0x02, 0x39, 0xb4, 0xc3, - 0x9d, 0x56, 0xf3, 0xe4, 0x80, 0xac, 0xa8, 0xa1, 0xa9, 0x48, 0x0e, 0xed, 0xc0, 0x6c, 0xed, 0x81, - 0x96, 0x74, 0x13, 0xd6, 0xf2, 0x7b, 0xe4, 0xdf, 0x5f, 0x02, 0xda, 0x39, 0x6a, 0x83, 0x44, 0x4a, - 0x66, 0x22, 0x23, 0x2d, 0x68, 0xd7, 0x75, 0xac, 0x00, 0xec, 0x53, 0x49, 0xe4, 0x2e, 0x81, 0x37, - 0xd1, 0x3c, 0x04, 0xd1, 0x15, 0x23, 0xa1, 0xa4, 0x72, 0xf8, 0x4b, 0x94, 0xef, 0x74, 0x8e, 0xc8, - 0xf2, 0xf4, 0x6f, 0x28, 0xeb, 0xd7, 0x7f, 0x8e, 0x45, 0x06, 0xb4, 0x94, 0xe4, 0x3a, 0xa3, 0xa3, - 0x48, 0x33, 0x72, 0x89, 0xb7, 0xd1, 0xdc, 0x39, 0xc8, 0x6e, 0x26, 0xb2, 0x86, 0x14, 0xcb, 0x63, - 0x75, 0x9a, 0xaa, 0xe8, 0xdb, 0x99, 0xaf, 0xb5, 0xcd, 0x57, 0x3a, 0xd2, 0x81, 0xfa, 0x60, 0x73, - 0x09, 0xff, 0xd7, 0xde, 0x89, 0xff, 0xcf, 0x64, 0xfa, 0x7f, 0x3e, 0xdb, 0xff, 0x67, 0x93, 0xfe, - 0x9f, 0x26, 0xc5, 0xdc, 0x04, 0x29, 0x62, 0xc7, 0x28, 0x24, 0x1c, 0xe3, 0xfb, 0xb1, 0xca, 0x57, - 0x40, 0xe5, 0x49, 0x87, 0x1e, 0x5f, 0x72, 0x2a, 0x65, 0x17, 0x33, 0x95, 0xbd, 0x3e, 0xa9, 0xec, - 0x52, 0xb6, 0xb2, 0xf5, 0xb7, 0x51, 0x76, 0x8a, 0x57, 0xe8, 0x3e, 0x5e, 0x95, 0x33, 0x78, 0x95, - 0xa9, 0x94, 0xf9, 0x7b, 0x95, 0xb2, 0x90, 0xad, 0x94, 0x27, 0x99, 0x4a, 0x59, 0x7c, 0xa3, 0x52, - 0x1e, 0x4c, 0x28, 0x65, 0xc2, 0xc2, 0x1f, 0x4f, 0x65, 0xe1, 0x4b, 0x59, 0x16, 0x9e, 0x70, 0xb4, - 0xe5, 0xb7, 0x70, 0xb4, 0x48, 0x72, 0xf8, 0xff, 0x49, 0x0e, 0xef, 0xa0, 0x95, 0x76, 0x68, 0xdb, - 0x34, 0x08, 0xea, 0xb4, 0xc7, 0x38, 0x6d, 0x59, 0x41, 0xe0, 0x78, 0x7d, 0xb2, 0x0a, 0x3f, 0x9c, - 0x99, 0x18, 0xfe, 0x02, 0xad, 0x3e, 0xb3, 0x1c, 0x37, 0xe4, 0x34, 0x02, 0x7e, 0xb5, 0xb8, 0x27, - 0x9b, 0x3e, 0x84, 0xa6, 0x6c, 0x10, 0x7f, 0x85, 0xd6, 0xd2, 0x40, 0xec, 0x95, 0x64, 0x0d, 0xda, - 0xde, 0x80, 0x4a, 0xd6, 0xb4, 0x38, 0xbb, 0x18, 0x81, 0x1a, 0x3e, 0x50, 0xac, 0x19, 0x27, 0xc6, - 0x28, 0x8c, 0x8e, 0x24, 0x50, 0x98, 0xdf, 0xfd, 0x36, 0xff, 0xf0, 0xdd, 0xd9, 0xfc, 0xc4, 0x0f, - 0xd7, 0x23, 0xb8, 0x57, 0x3a, 0xf9, 0x1e, 0x3c, 0xae, 0x7e, 0x7c, 0xf9, 0xca, 0xc8, 0x5d, 0xde, - 0x18, 0xda, 0xd5, 0x8d, 0xa1, 0xfd, 0x7d, 0x63, 0x68, 0x2f, 0x6e, 0x8d, 0xdc, 0xcb, 0x5b, 0x23, - 0x77, 0x75, 0x6b, 0xe4, 0xfe, 0xb8, 0x35, 0x72, 0xbf, 0x7d, 0xfa, 0x5f, 0x16, 0xf7, 0xda, 0x3f, - 0xee, 0xa7, 0x05, 0x48, 0x7c, 0xfe, 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x8b, 0x36, 0xc6, 0x76, - 0xd2, 0x0b, 0x00, 0x00, + // 1098 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x57, 0x4f, 0x4f, 0xe3, 0x46, + 0x14, 0x8f, 0x09, 0x49, 0xc8, 0x64, 0x61, 0x61, 0x16, 0xe8, 0x2c, 0xbb, 0x35, 0x29, 0xdd, 0x03, + 0x55, 0x69, 0x22, 0xd1, 0x3f, 0x6a, 0x2b, 0xb5, 0x15, 0x21, 0x2c, 0xa4, 0x02, 0x9a, 0x3a, 0xe9, + 0x56, 0xea, 0xcd, 0x38, 0x93, 0xc4, 0x22, 0xf1, 0x58, 0xe3, 0x31, 0x22, 0xbd, 0xf7, 0xde, 0xe3, + 0x7e, 0x90, 0x7e, 0x08, 0x8e, 0x1c, 0x2b, 0x55, 0xa2, 0x2d, 0x7c, 0x8b, 0x9e, 0xaa, 0x79, 0x33, + 0x0e, 0xf6, 0xc6, 0x0b, 0xe9, 0x6a, 0x7b, 0xca, 0xbc, 0xf7, 0x7b, 0x6f, 0xc6, 0x33, 0xef, 0xf7, + 0x7b, 0x4f, 0x41, 0xef, 0xf9, 0x9c, 0x09, 0x56, 0xf5, 0x4f, 0x02, 0xca, 0xcf, 0x5c, 0x87, 0x56, + 0xfb, 0xd4, 0x1e, 0x88, 0xbe, 0xd3, 0xa7, 0xce, 0x69, 0x05, 0x30, 0x5c, 0x1c, 0x83, 0x6b, 0x66, + 0x8f, 0xb1, 0xde, 0x80, 0x56, 0x01, 0x38, 0x09, 0xbb, 0xd5, 0x4e, 0xc8, 0x6d, 0xe1, 0x32, 0x4f, + 0x85, 0xae, 0x3d, 0x89, 0x76, 0x73, 0xd8, 0x70, 0xc8, 0xbc, 0xaa, 0xfa, 0xd1, 0xe0, 0x72, 0x8f, + 0xf5, 0x98, 0x0a, 0x90, 0x2b, 0xe5, 0xdd, 0xf8, 0x63, 0x16, 0x95, 0x0e, 0xe0, 0xcc, 0x5d, 0x79, + 0x26, 0xc6, 0x68, 0xf6, 0x98, 0x75, 0x28, 0x31, 0xca, 0xc6, 0x66, 0xd1, 0x82, 0x35, 0xde, 0x47, + 0x05, 0x00, 0x1b, 0x75, 0x32, 0x23, 0xdd, 0xb5, 0x8f, 0xfe, 0xb9, 0x5a, 0xff, 0xa0, 0xe7, 0x8a, + 0x7e, 0x78, 0x52, 0x71, 0xd8, 0xb0, 0xda, 0xb7, 0x83, 0xbe, 0xeb, 0x30, 0xee, 0x57, 0x1d, 0xe6, + 0x05, 0xe1, 0xa0, 0x2a, 0x46, 0x3e, 0x0d, 0x2a, 0x3a, 0xc9, 0x8a, 0xb2, 0x61, 0x73, 0x7b, 0x48, + 0x49, 0x56, 0x6f, 0x6e, 0x0f, 0x29, 0x5e, 0x45, 0xf9, 0x96, 0xb0, 0x45, 0x18, 0x90, 0x59, 0xf0, + 0x6a, 0x0b, 0x2f, 0xa3, 0xdc, 0x31, 0x13, 0x34, 0x20, 0x39, 0x70, 0x2b, 0x43, 0x46, 0x7f, 0x17, + 0x0a, 0x3f, 0x14, 0x24, 0xaf, 0xa2, 0x95, 0x85, 0x9f, 0xa2, 0x62, 0x4b, 0x3d, 0x52, 0xa3, 0x4e, + 0x0a, 0x00, 0xdd, 0x3a, 0x70, 0x19, 0x95, 0xb4, 0x01, 0xc7, 0xcf, 0x01, 0x1e, 0x77, 0xc5, 0x22, + 0xda, 0x76, 0x2f, 0x20, 0xc5, 0x72, 0x36, 0x16, 0x21, 0x5d, 0xf2, 0xdb, 0xdb, 0x23, 0x9f, 0x92, + 0x07, 0xea, 0xdb, 0xe5, 0x1a, 0x3f, 0x47, 0xa8, 0x4e, 0xbb, 0xae, 0xe7, 0xca, 0x1a, 0x10, 0x54, + 0x36, 0x36, 0x4b, 0xdb, 0xe5, 0xca, 0xb8, 0x5e, 0x95, 0xd8, 0xc3, 0xde, 0xc6, 0xd5, 0x66, 0x2f, + 0xae, 0xd6, 0x33, 0x56, 0x2c, 0x13, 0x7f, 0x81, 0x8a, 0x96, 0xdd, 0x15, 0x0d, 0xaf, 0x43, 0xcf, + 0x49, 0x09, 0xb6, 0x59, 0xaa, 0xe8, 0xe2, 0x8d, 0x81, 0xda, 0x9c, 0xcc, 0xbb, 0xbc, 0x5a, 0x37, + 0xac, 0xdb, 0x68, 0x5c, 0x47, 0x0b, 0x7b, 0x9e, 0xa0, 0xdc, 0xe7, 0x6e, 0x40, 0x8f, 0xa8, 0xb0, + 0xc9, 0x3c, 0xe4, 0xaf, 0x46, 0xf9, 0x49, 0x54, 0x1f, 0xfe, 0x4a, 0x8e, 0xbc, 0xfe, 0xde, 0xb9, + 0xcf, 0x02, 0xda, 0x69, 0x32, 0x2e, 0xc8, 0x42, 0xd9, 0xd8, 0xcc, 0x59, 0x71, 0x17, 0x5e, 0x43, + 0x73, 0x0d, 0x99, 0x73, 0x66, 0x0f, 0xc8, 0x43, 0x78, 0x82, 0xb1, 0x8d, 0x09, 0x2a, 0xb4, 0xdd, + 0x21, 0x65, 0xa1, 0x20, 0x8b, 0x00, 0x45, 0xe6, 0xc6, 0xfb, 0x40, 0xae, 0x0e, 0xe5, 0x2f, 0xec, + 0x41, 0x48, 0x65, 0x4d, 0x61, 0x41, 0x0c, 0x78, 0x5f, 0x65, 0x6c, 0xfc, 0x56, 0x40, 0x2b, 0xa9, + 0x2f, 0x25, 0xdf, 0xfc, 0xa0, 0xdd, 0x6e, 0x46, 0x64, 0x94, 0x6b, 0xfc, 0x0c, 0xcd, 0xb7, 0x0f, + 0x5b, 0xb2, 0x32, 0x94, 0x43, 0x35, 0x1f, 0x01, 0x98, 0x74, 0x46, 0x51, 0xa7, 0xae, 0xff, 0x82, + 0x72, 0xb7, 0x3b, 0x02, 0xe2, 0xce, 0x59, 0x49, 0x27, 0xfe, 0x16, 0xe5, 0xd5, 0xe7, 0x91, 0x6c, + 0x39, 0xbb, 0x59, 0xda, 0xde, 0xba, 0xaf, 0x76, 0x15, 0x15, 0xbe, 0xe7, 0x09, 0x3e, 0xd2, 0x4f, + 0xa9, 0x77, 0x90, 0xcc, 0x3c, 0xa2, 0xa2, 0xcf, 0x3a, 0x11, 0x8f, 0x95, 0x25, 0xef, 0x50, 0x63, + 0x9d, 0x11, 0xc1, 0xea, 0x0e, 0x72, 0x8d, 0x17, 0x51, 0xb6, 0xbd, 0xdb, 0xd4, 0xcc, 0x96, 0x4b, + 0xfc, 0x4d, 0xec, 0x79, 0xf3, 0x50, 0xc0, 0xc7, 0x15, 0x25, 0xf6, 0x4a, 0x24, 0xf6, 0x4a, 0x5d, + 0x8b, 0x5d, 0x11, 0xe1, 0xe5, 0x9f, 0xeb, 0x46, 0xac, 0x06, 0xcf, 0xd0, 0xbc, 0x92, 0xc2, 0x91, + 0x7d, 0xde, 0x72, 0x7f, 0xa6, 0xa4, 0x58, 0x36, 0x36, 0xe7, 0xad, 0xa4, 0x13, 0x7f, 0x75, 0x5b, + 0xa9, 0xc2, 0xf4, 0xa7, 0x44, 0x39, 0xf8, 0x14, 0x99, 0x75, 0xca, 0x69, 0xcf, 0x0d, 0x04, 0xe5, + 0xbb, 0xdc, 0x15, 0xae, 0x63, 0x0f, 0xb4, 0x48, 0x76, 0xba, 0x82, 0x72, 0x90, 0xd6, 0x94, 0xbb, + 0xde, 0xb3, 0x15, 0x36, 0x11, 0x6a, 0x39, 0xdc, 0xf5, 0xc5, 0x0e, 0xef, 0x05, 0x04, 0x01, 0x63, + 0x62, 0x1e, 0xbc, 0x85, 0x96, 0xea, 0xcc, 0x39, 0xa5, 0x7c, 0x97, 0x79, 0xc2, 0x76, 0x3d, 0xca, + 0x1b, 0x75, 0x10, 0x4f, 0xd1, 0x9a, 0x04, 0x24, 0xf5, 0x5a, 0x7d, 0x3a, 0x18, 0x68, 0xfd, 0x2a, + 0x43, 0x16, 0xed, 0x60, 0xbb, 0xd9, 0x38, 0xde, 0x27, 0xcb, 0xaa, 0x68, 0xca, 0xc2, 0x1b, 0xe8, + 0xc1, 0xc1, 0x76, 0xd3, 0xf5, 0x7a, 0x3f, 0x04, 0xb4, 0x7d, 0xd8, 0x22, 0x2b, 0xc0, 0x9e, 0x84, + 0x4f, 0x16, 0x76, 0xdf, 0x6a, 0xee, 0x82, 0xde, 0x8a, 0x16, 0xac, 0xe5, 0x37, 0xcb, 0x5f, 0x9d, + 0xb5, 0x00, 0x59, 0x31, 0x8f, 0x6c, 0x53, 0x3b, 0x03, 0xd7, 0x0e, 0xa0, 0xc5, 0x2a, 0x19, 0xdd, + 0x3a, 0xe4, 0xa9, 0x60, 0xe8, 0x67, 0xd0, 0x62, 0x4a, 0xf8, 0xf0, 0xa7, 0x28, 0xdb, 0x6e, 0x1f, + 0x92, 0xa5, 0xe9, 0xdf, 0x59, 0xc6, 0xaf, 0x7d, 0x1f, 0x09, 0x11, 0xa8, 0x2b, 0x09, 0x78, 0x4a, + 0x47, 0x5a, 0x57, 0x72, 0x89, 0xb7, 0x50, 0xee, 0x0c, 0xa4, 0x39, 0xa3, 0xdb, 0x47, 0x42, 0x09, + 0x91, 0x82, 0x2d, 0x15, 0xf4, 0xe5, 0xcc, 0xe7, 0xc6, 0xc6, 0x2f, 0x08, 0x15, 0x41, 0x1e, 0xd0, + 0x0a, 0x63, 0x33, 0xc2, 0x78, 0x2b, 0x33, 0x62, 0x26, 0x75, 0x46, 0x64, 0xd3, 0x67, 0xc4, 0x6c, + 0x7c, 0x46, 0x24, 0x89, 0x93, 0x9b, 0x20, 0x4e, 0xd4, 0x55, 0xf2, 0xb1, 0xae, 0xf2, 0xf5, 0xb8, + 0x13, 0x2c, 0x43, 0x27, 0x88, 0x77, 0xf1, 0xf1, 0x25, 0xa7, 0x52, 0x7f, 0x21, 0x55, 0xfd, 0x6b, + 0x93, 0xea, 0x9f, 0x4b, 0x57, 0x7f, 0xf1, 0x4d, 0xd4, 0x9f, 0xe0, 0x15, 0xba, 0x8f, 0x57, 0xa5, + 0x14, 0x5e, 0xa5, 0xaa, 0xe9, 0xc1, 0xbd, 0x6a, 0x9a, 0x4f, 0x57, 0xd3, 0xd3, 0x3b, 0xd5, 0x64, + 0xde, 0xa1, 0xa6, 0x85, 0xd7, 0xaa, 0xe9, 0xe1, 0x84, 0x9a, 0x26, 0x46, 0xc1, 0x93, 0xa9, 0x46, + 0xc1, 0x62, 0xda, 0x28, 0x88, 0x75, 0xc6, 0xa5, 0x37, 0xe8, 0x8c, 0x5a, 0x96, 0xf8, 0xbf, 0xc9, + 0x12, 0x6f, 0xa3, 0xe5, 0x56, 0xe8, 0x38, 0x34, 0x08, 0x6a, 0xb4, 0xcb, 0x38, 0x6d, 0xda, 0x41, + 0xe0, 0x7a, 0x3d, 0xe8, 0x37, 0x39, 0x2b, 0x15, 0xc3, 0x9f, 0xa0, 0x95, 0xe7, 0xb6, 0x3b, 0x08, + 0x39, 0xd5, 0xc0, 0x8f, 0x36, 0xf7, 0x64, 0xd2, 0xbb, 0x90, 0x94, 0x0e, 0xe2, 0xcf, 0xd0, 0x6a, + 0x12, 0x88, 0x7a, 0x2e, 0x59, 0x85, 0xb4, 0xd7, 0xa0, 0x92, 0x59, 0x4d, 0xce, 0xce, 0x47, 0xa0, + 0x98, 0x77, 0x14, 0xb3, 0xc6, 0x8e, 0x31, 0x0a, 0xa5, 0x23, 0x31, 0x14, 0xea, 0x77, 0xff, 0xb8, + 0x78, 0xf4, 0xf6, 0xc6, 0xc5, 0xc4, 0x00, 0x7c, 0x0c, 0xf7, 0x4a, 0x3a, 0xff, 0x87, 0x3e, 0x58, + 0x3b, 0xba, 0xf8, 0xdb, 0xcc, 0x5c, 0x5c, 0x9b, 0xc6, 0xe5, 0xb5, 0x69, 0xfc, 0x75, 0x6d, 0x1a, + 0xbf, 0xde, 0x98, 0x99, 0x97, 0x37, 0x66, 0xe6, 0xf2, 0xc6, 0xcc, 0xfc, 0x7e, 0x63, 0x66, 0x7e, + 0xfa, 0xf0, 0xae, 0x36, 0xf8, 0xca, 0x1f, 0x80, 0x93, 0x3c, 0x38, 0x3e, 0xfe, 0x37, 0x00, 0x00, + 0xff, 0xff, 0xd0, 0xae, 0x76, 0xe3, 0x1a, 0x0c, 0x00, 0x00, } func (m *HealthCheck) Marshal() (dAtA []byte, err error) { @@ -560,6 +563,18 @@ func (m *HealthCheckDefinition) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.H2PingUseTLS { + i-- + if m.H2PingUseTLS { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xa8 + } if len(m.H2PING) > 0 { i -= len(m.H2PING) copy(dAtA[i:], m.H2PING) @@ -760,6 +775,18 @@ func (m *CheckType) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if m.H2PingUseTLS { + i-- + if m.H2PingUseTLS { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x1 + i-- + dAtA[i] = 0xf0 + } if m.FailuresBeforeWarning != 0 { i = encodeVarintHealthcheck(dAtA, i, uint64(m.FailuresBeforeWarning)) i-- @@ -1191,6 +1218,9 @@ func (m *HealthCheckDefinition) Size() (n int) { if l > 0 { n += 2 + l + sovHealthcheck(uint64(l)) } + if m.H2PingUseTLS { + n += 3 + } return n } @@ -1309,6 +1339,9 @@ func (m *CheckType) Size() (n int) { if m.FailuresBeforeWarning != 0 { n += 2 + sovHealthcheck(uint64(m.FailuresBeforeWarning)) } + if m.H2PingUseTLS { + n += 3 + } return n } @@ -2685,6 +2718,26 @@ func (m *HealthCheckDefinition) Unmarshal(dAtA []byte) error { } m.H2PING = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 21: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field H2PingUseTLS", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowHealthcheck + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.H2PingUseTLS = bool(v != 0) default: iNdEx = preIndex skippy, err := skipHealthcheck(dAtA[iNdEx:]) @@ -3688,6 +3741,26 @@ func (m *CheckType) Unmarshal(dAtA []byte) error { break } } + case 30: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field H2PingUseTLS", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowHealthcheck + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.H2PingUseTLS = bool(v != 0) default: iNdEx = preIndex skippy, err := skipHealthcheck(dAtA[iNdEx:]) diff --git a/proto/pbservice/healthcheck.proto b/proto/pbservice/healthcheck.proto index 5bc893f4a..53c4ea731 100644 --- a/proto/pbservice/healthcheck.proto +++ b/proto/pbservice/healthcheck.proto @@ -83,6 +83,7 @@ message HealthCheckDefinition { string DockerContainerID = 11; string Shell = 12; string H2PING = 20; + bool H2PingUseTLS = 21; string GRPC = 13; bool GRPCUseTLS = 14; string AliasNode = 15; @@ -124,6 +125,7 @@ message CheckType { string DockerContainerID = 12; string Shell = 13; string H2PING = 28; + bool H2PingUseTLS = 30; string GRPC = 14; bool GRPCUseTLS = 15; string TLSServerName = 27; diff --git a/website/content/api-docs/agent/check.mdx b/website/content/api-docs/agent/check.mdx index ba832ff76..ec97e31d1 100644 --- a/website/content/api-docs/agent/check.mdx +++ b/website/content/api-docs/agent/check.mdx @@ -183,10 +183,14 @@ The table below shows this endpoint's support for If TLS is enabled, then by default, a valid TLS certificate is expected. Certificate verification can be turned off by setting `TLSSkipVerify` to `true`. -- `H2PING` `(string "")` - Specifies an address that uses http2 with TLS to run a ping check on. +- `H2PING` `(string "")` - Specifies an address that uses http2 to run a ping check on. At the specified `Interval`, a connection is made to the address, and a ping is sent. If the ping is successful, the check will be classified as `passing`, otherwise it will be marked as `critical`. - A valid SSL certificate is required by default, but verification can be removed with `TLSSkipVerify`. + TLS is used by default. To disable TLS and use h2c, set `H2PingUseTLS` to `false`. + If TLS is enabled, a valid SSL certificate is required by default, but verification can be removed with `TLSSkipVerify`. + +- `H2PingUseTLS` `(bool: true)` - Specifies if TLS should be used for H2PING check. + If TLS is enabled, a valid SSL certificate is required by default, but verification can be removed with `TLSSkipVerify`. - `HTTP` `(string: "")` - Specifies an `HTTP` check to perform a `GET` request against the value of `HTTP` (expected to be a URL) every `Interval`. If the diff --git a/website/content/docs/discovery/checks.mdx b/website/content/docs/discovery/checks.mdx index 2a6ad2861..d9a6986d3 100644 --- a/website/content/docs/discovery/checks.mdx +++ b/website/content/docs/discovery/checks.mdx @@ -120,10 +120,11 @@ There are several different kinds of checks: `tls_skip_verify` field to `true` in the check definition. To check on a specific service instead of the whole gRPC server, add the service identifier after the `gRPC` check's endpoint in the following format `/:service_identifier`. -- `H2ping + Interval` - These checks test an endpoint that uses http2 with TLS - by connecting to the endpoint and sending a ping frame. If the ping is successful +- `H2ping + Interval` - These checks test an endpoint that uses http2 + by connecting to the endpoint and sending a ping frame. TLS is assumed to be configured by default. + To disable TLS and use h2c, set `h2ping_use_tls` to `false`. If the ping is successful within a specified timeout, then the check is updated as passing. - The timeout defaults to 10 seconds, but is configurable using the `timeout` field. A valid + The timeout defaults to 10 seconds, but is configurable using the `timeout` field. If TLS is enabled a valid certificate is required, unless `tls_skip_verify` is set to `true`. The check will be run on the interval specified by the `interval` field. @@ -164,7 +165,7 @@ A HTTP check: "tls_server_name": "", "tls_skip_verify": false, "method": "POST", - "header": {"Content-Type": ["application/json"]}, + "header": { "Content-Type": ["application/json"] }, "body": "{\"method\":\"health\"}", "interval": "10s", "timeout": "1s" @@ -251,6 +252,7 @@ A h2ping check: "name": "h2ping", "h2ping": "localhost:22222", "interval": "10s", + "h2ping_use_tls": false } } ``` @@ -420,14 +422,14 @@ a health check may be configured to become passing/warning/critical only after a specified number of consecutive checks return passing/critical. The status will not transition states until the configured threshold is reached. -* `success_before_passing` - Number of consecutive successful results required - before check status transitions to passing. Defaults to `0`. Added in Consul 1.7.0. -* `failures_before_warning` - Number of consecutive unsuccessful results required +- `success_before_passing` - Number of consecutive successful results required + before check status transitions to passing. Defaults to `0`. Added in Consul 1.7.0. +- `failures_before_warning` - Number of consecutive unsuccessful results required before check status transitions to warning. Defaults to the same value as that of `failures_before_critical` to maintain the expected behavior of not changing the status of serivce checks to `warning` before `critical` unless configured to do so. Values higher than `failures_before_critical` are invalid. Added in Consul 1.11.0. -* `failures_before_critical` - Number of consecutive unsuccessful results required +- `failures_before_critical` - Number of consecutive unsuccessful results required before check status transitions to critical. Defaults to `0`. Added in Consul 1.7.0. This feature is available for HTTP, TCP, gRPC, Docker & Monitor checks.