34140ff3e0
Previously, public referred to gRPC services that are both exposed on the dedicated gRPC port and have their definitions in the proto-public directory (so were considered usable by 3rd parties). Whereas private referred to services on the multiplexed server port that are only usable by agents and other servers. Now, we're splitting these definitions, such that external/internal refers to the port and public/private refers to whether they can be used by 3rd parties. This is necessary because the peering replication API needs to be exposed on the dedicated port, but is not (yet) suitable for use by 3rd parties.
89 lines
3.2 KiB
Go
89 lines
3.2 KiB
Go
package dataplane
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"strings"
|
|
|
|
"google.golang.org/grpc/codes"
|
|
"google.golang.org/grpc/status"
|
|
"google.golang.org/protobuf/types/known/structpb"
|
|
|
|
acl "github.com/hashicorp/consul/acl"
|
|
"github.com/hashicorp/consul/agent/consul/state"
|
|
external "github.com/hashicorp/consul/agent/grpc-external"
|
|
structs "github.com/hashicorp/consul/agent/structs"
|
|
"github.com/hashicorp/consul/proto-public/pbdataplane"
|
|
)
|
|
|
|
func (s *Server) GetEnvoyBootstrapParams(ctx context.Context, req *pbdataplane.GetEnvoyBootstrapParamsRequest) (*pbdataplane.GetEnvoyBootstrapParamsResponse, error) {
|
|
logger := s.Logger.Named("get-envoy-bootstrap-params").With("service_id", req.GetServiceId(), "request_id", external.TraceID())
|
|
|
|
logger.Trace("Started processing request")
|
|
defer logger.Trace("Finished processing request")
|
|
|
|
token := external.TokenFromContext(ctx)
|
|
var authzContext acl.AuthorizerContext
|
|
entMeta := acl.NewEnterpriseMetaWithPartition(req.GetPartition(), req.GetNamespace())
|
|
authz, err := s.ACLResolver.ResolveTokenAndDefaultMeta(token, &entMeta, &authzContext)
|
|
if err != nil {
|
|
return nil, status.Error(codes.Unauthenticated, err.Error())
|
|
}
|
|
|
|
store := s.GetStore()
|
|
|
|
_, svc, err := store.ServiceNode(req.GetNodeId(), req.GetNodeName(), req.GetServiceId(), &entMeta, structs.DefaultPeerKeyword)
|
|
if err != nil {
|
|
logger.Error("Error looking up service", "error", err)
|
|
if errors.Is(err, state.ErrNodeNotFound) {
|
|
return nil, status.Error(codes.NotFound, err.Error())
|
|
} else if strings.Contains(err.Error(), "Node ID or name required") {
|
|
return nil, status.Error(codes.InvalidArgument, err.Error())
|
|
} else {
|
|
return nil, status.Error(codes.Internal, "Failure looking up service")
|
|
}
|
|
}
|
|
if svc == nil {
|
|
return nil, status.Error(codes.NotFound, "Service not found")
|
|
}
|
|
|
|
if err := authz.ToAllowAuthorizer().ServiceReadAllowed(svc.ServiceName, &authzContext); err != nil {
|
|
return nil, status.Error(codes.PermissionDenied, err.Error())
|
|
}
|
|
|
|
// Build out the response
|
|
|
|
resp := &pbdataplane.GetEnvoyBootstrapParamsResponse{
|
|
Service: svc.ServiceProxy.DestinationServiceName,
|
|
Partition: svc.EnterpriseMeta.PartitionOrDefault(),
|
|
Namespace: svc.EnterpriseMeta.NamespaceOrDefault(),
|
|
Datacenter: s.Datacenter,
|
|
ServiceKind: convertToResponseServiceKind(svc.ServiceKind),
|
|
}
|
|
|
|
bootstrapConfig, err := structpb.NewStruct(svc.ServiceProxy.Config)
|
|
if err != nil {
|
|
logger.Error("Error creating the envoy boostrap params config", "error", err)
|
|
return nil, status.Error(codes.Unknown, "Error creating the envoy boostrap params config")
|
|
}
|
|
resp.Config = bootstrapConfig
|
|
|
|
return resp, nil
|
|
}
|
|
|
|
func convertToResponseServiceKind(serviceKind structs.ServiceKind) (respKind pbdataplane.ServiceKind) {
|
|
switch serviceKind {
|
|
case structs.ServiceKindConnectProxy:
|
|
respKind = pbdataplane.ServiceKind_SERVICE_KIND_CONNECT_PROXY
|
|
case structs.ServiceKindMeshGateway:
|
|
respKind = pbdataplane.ServiceKind_SERVICE_KIND_MESH_GATEWAY
|
|
case structs.ServiceKindTerminatingGateway:
|
|
respKind = pbdataplane.ServiceKind_SERVICE_KIND_TERMINATING_GATEWAY
|
|
case structs.ServiceKindIngressGateway:
|
|
respKind = pbdataplane.ServiceKind_SERVICE_KIND_INGRESS_GATEWAY
|
|
case structs.ServiceKindTypical:
|
|
respKind = pbdataplane.ServiceKind_SERVICE_KIND_TYPICAL
|
|
}
|
|
return
|
|
}
|