diff --git a/agent/proxy/daemon.go b/agent/proxy/daemon.go index c0ae7fdee..013fbdc28 100644 --- a/agent/proxy/daemon.go +++ b/agent/proxy/daemon.go @@ -33,6 +33,10 @@ type Daemon struct { // be a Cmd that isn't yet started. Command *exec.Cmd + // ProxyId is the ID of the proxy service. This is required for API + // requests (along with the token) and is passed via env var. + ProxyId string + // ProxyToken is the special local-only ACL token that allows a proxy // to communicate to the Connect-specific endpoints. ProxyToken string @@ -204,7 +208,9 @@ func (p *Daemon) start() (*os.Process, error) { // reference. We allocate an exactly sized slice. cmd.Env = make([]string, len(p.Command.Env), len(p.Command.Env)+1) copy(cmd.Env, p.Command.Env) - cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", EnvProxyToken, p.ProxyToken)) + cmd.Env = append(cmd.Env, + fmt.Sprintf("%s=%s", EnvProxyId, p.ProxyId), + fmt.Sprintf("%s=%s", EnvProxyToken, p.ProxyToken)) // Args must always contain a 0 entry which is usually the executed binary. // To be safe and a bit more robust we default this, but only to prevent @@ -387,6 +393,9 @@ func (p *Daemon) UnmarshalSnapshot(m map[string]interface{}) error { } // daemonSnapshot is the structure of the marshalled data for snapshotting. +// +// Note we don't have to store the ProxyId because this is stored directly +// within the manager snapshot and is restored automatically. type daemonSnapshot struct { // Pid of the process. This is the only value actually required to // regain mangement control. The remainder values are for Equal. diff --git a/agent/proxy/daemon_test.go b/agent/proxy/daemon_test.go index 17e821a44..f08716276 100644 --- a/agent/proxy/daemon_test.go +++ b/agent/proxy/daemon_test.go @@ -30,10 +30,12 @@ func TestDaemonStartStop(t *testing.T) { d := &Daemon{ Command: helperProcess("start-stop", path), + ProxyId: "tubes", ProxyToken: uuid, Logger: testLogger, } require.NoError(d.Start()) + defer d.Stop() // Wait for the file to exist retry.Run(t, func(r *retry.R) { @@ -49,7 +51,7 @@ func TestDaemonStartStop(t *testing.T) { // that we properly passed the token as an env var. data, err := ioutil.ReadFile(path) require.NoError(err) - require.Equal(uuid, string(data)) + require.Equal("tubes:"+uuid, string(data)) // Stop the process require.NoError(d.Stop()) diff --git a/agent/proxy/manager.go b/agent/proxy/manager.go index 5bb871c65..09eb1f601 100644 --- a/agent/proxy/manager.go +++ b/agent/proxy/manager.go @@ -411,6 +411,7 @@ func (m *Manager) newProxy(mp *local.ManagedProxy) (Proxy, error) { // Build the daemon structure proxy.Command = &cmd + proxy.ProxyId = id proxy.ProxyToken = mp.ProxyToken return proxy, nil diff --git a/agent/proxy/proxy.go b/agent/proxy/proxy.go index 1bb88da8e..90ae158f4 100644 --- a/agent/proxy/proxy.go +++ b/agent/proxy/proxy.go @@ -11,9 +11,16 @@ import ( "github.com/hashicorp/consul/agent/structs" ) -// EnvProxyToken is the name of the environment variable that is passed -// to managed proxies containing the proxy token. -const EnvProxyToken = "CONNECT_PROXY_TOKEN" +const ( + // EnvProxyId is the name of the environment variable that is set for + // managed proxies containing the proxy service ID. This is required along + // with the token to make API requests related to the proxy. + EnvProxyId = "CONNECT_PROXY_ID" + + // EnvProxyToken is the name of the environment variable that is passed + // to managed proxies containing the proxy token. + EnvProxyToken = "CONNECT_PROXY_TOKEN" +) // Proxy is the interface implemented by all types of managed proxies. // @@ -51,6 +58,10 @@ type Proxy interface { // so that Consul can recover the proxy process after a restart. The // result should only contain primitive values and containers (lists/maps). // + // MarshalSnapshot does NOT need to store the following fields, since they + // are part of the manager snapshot and will be automatically restored + // for any proxies: proxy ID. + // // UnmarshalSnapshot is called to restore the receiving Proxy from its // marshalled state. If UnmarshalSnapshot returns an error, the snapshot // is ignored and the marshalled snapshot will be lost. The manager will diff --git a/agent/proxy/proxy_test.go b/agent/proxy/proxy_test.go index d0812fc07..b46b5d677 100644 --- a/agent/proxy/proxy_test.go +++ b/agent/proxy/proxy_test.go @@ -78,7 +78,10 @@ func TestHelperProcess(t *testing.T) { defer signal.Stop(ch) path := args[0] - data := []byte(os.Getenv(EnvProxyToken)) + var data []byte + data = append(data, []byte(os.Getenv(EnvProxyId))...) + data = append(data, ':') + data = append(data, []byte(os.Getenv(EnvProxyToken))...) if err := ioutil.WriteFile(path, data, 0644); err != nil { t.Fatalf("err: %s", err)