167 lines
6.3 KiB
Go
167 lines
6.3 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package agent
|
|
|
|
import (
|
|
"fmt"
|
|
"net"
|
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
)
|
|
|
|
type TranslateAddressAccept int
|
|
|
|
const (
|
|
TranslateAddressAcceptDomain TranslateAddressAccept = 1 << iota
|
|
TranslateAddressAcceptIPv4
|
|
TranslateAddressAcceptIPv6
|
|
|
|
TranslateAddressAcceptAny TranslateAddressAccept = ^0
|
|
)
|
|
|
|
// TranslateServicePort is used to provide the final, translated port for a service,
|
|
// depending on how the agent and the other node are configured. The dc
|
|
// parameter is the dc the datacenter this node is from.
|
|
func (a *Agent) TranslateServicePort(dc string, port int, taggedAddresses map[string]structs.ServiceAddress) int {
|
|
if a.config.TranslateWANAddrs && (a.config.Datacenter != dc) {
|
|
if wanAddr, ok := taggedAddresses[structs.TaggedAddressWAN]; ok && wanAddr.Port != 0 {
|
|
return wanAddr.Port
|
|
}
|
|
}
|
|
return port
|
|
}
|
|
|
|
// TranslateServiceAddress is used to provide the final, translated address for a node,
|
|
// depending on how the agent and the other node are configured. The dc
|
|
// parameter is the dc the datacenter this node is from.
|
|
func (a *Agent) TranslateServiceAddress(dc string, addr string, taggedAddresses map[string]structs.ServiceAddress, accept TranslateAddressAccept) string {
|
|
def := addr
|
|
v4 := taggedAddresses[structs.TaggedAddressLANIPv4].Address
|
|
v6 := taggedAddresses[structs.TaggedAddressLANIPv6].Address
|
|
|
|
shouldUseWan := a.config.TranslateWANAddrs && (a.config.Datacenter != dc)
|
|
if shouldUseWan {
|
|
if v, ok := taggedAddresses[structs.TaggedAddressWAN]; ok {
|
|
def = v.Address
|
|
}
|
|
if v, ok := taggedAddresses[structs.TaggedAddressWANIPv4]; ok {
|
|
v4 = v.Address
|
|
}
|
|
if v, ok := taggedAddresses[structs.TaggedAddressWANIPv6]; ok {
|
|
v6 = v.Address
|
|
}
|
|
}
|
|
|
|
return translateAddressAccept(accept, def, v4, v6)
|
|
}
|
|
|
|
// TranslateAddress is used to provide the final, translated address for a node,
|
|
// depending on how the agent and the other node are configured. The dc
|
|
// parameter is the dc the datacenter this node is from.
|
|
func (a *Agent) TranslateAddress(dc string, addr string, taggedAddresses map[string]string, accept TranslateAddressAccept) string {
|
|
def := addr
|
|
v4 := taggedAddresses[structs.TaggedAddressLANIPv4]
|
|
v6 := taggedAddresses[structs.TaggedAddressLANIPv6]
|
|
|
|
shouldUseWan := a.config.TranslateWANAddrs && (a.config.Datacenter != dc)
|
|
if shouldUseWan {
|
|
if v, ok := taggedAddresses[structs.TaggedAddressWAN]; ok {
|
|
def = v
|
|
}
|
|
if v, ok := taggedAddresses[structs.TaggedAddressWANIPv4]; ok {
|
|
v4 = v
|
|
}
|
|
if v, ok := taggedAddresses[structs.TaggedAddressWANIPv6]; ok {
|
|
v6 = v
|
|
}
|
|
}
|
|
|
|
return translateAddressAccept(accept, def, v4, v6)
|
|
}
|
|
|
|
func translateAddressAccept(accept TranslateAddressAccept, def, v4, v6 string) string {
|
|
switch {
|
|
case accept&TranslateAddressAcceptIPv6 > 0 && v6 != "":
|
|
return v6
|
|
case accept&TranslateAddressAcceptIPv4 > 0 && v4 != "":
|
|
return v4
|
|
case accept&TranslateAddressAcceptAny > 0 && def != "":
|
|
return def
|
|
default:
|
|
defIP := net.ParseIP(def)
|
|
switch {
|
|
case defIP != nil && defIP.To4() != nil && accept&TranslateAddressAcceptIPv4 > 0:
|
|
return def
|
|
case defIP != nil && defIP.To4() == nil && accept&TranslateAddressAcceptIPv6 > 0:
|
|
return def
|
|
case defIP == nil && accept&TranslateAddressAcceptDomain > 0:
|
|
return def
|
|
}
|
|
}
|
|
|
|
return ""
|
|
}
|
|
|
|
// TranslateAddresses translates addresses in the given structure into the
|
|
// final, translated address, depending on how the agent and the other node are
|
|
// configured. The dc parameter is the datacenter this structure is from.
|
|
func (a *Agent) TranslateAddresses(dc string, subj interface{}, accept TranslateAddressAccept) {
|
|
// CAUTION - SUBTLE! An agent running on a server can, in some cases,
|
|
// return pointers directly into the immutable state store for
|
|
// performance (it's via the in-memory RPC mechanism). It's never safe
|
|
// to modify those values, so we short circuit here so that we never
|
|
// update any structures that are from our own datacenter. This works
|
|
// for address translation because we *never* need to translate local
|
|
// addresses, but this is super subtle, so we've piped all the in-place
|
|
// address translation into this function which makes sure this check is
|
|
// done. This also happens to skip looking at any of the incoming
|
|
// structure for the common case of not needing to translate, so it will
|
|
// skip a lot of work if no translation needs to be done.
|
|
if !a.config.TranslateWANAddrs || (a.config.Datacenter == dc) {
|
|
return
|
|
}
|
|
|
|
// Translate addresses in-place, subject to the condition checked above
|
|
// which ensures this is safe to do since we are operating on a local
|
|
// copy of the data.
|
|
switch v := subj.(type) {
|
|
case structs.CheckServiceNodes:
|
|
for _, entry := range v {
|
|
entry.Node.Address = a.TranslateAddress(dc, entry.Node.Address, entry.Node.TaggedAddresses, accept)
|
|
entry.Service.Address = a.TranslateServiceAddress(dc, entry.Service.Address, entry.Service.TaggedAddresses, accept)
|
|
entry.Service.Port = a.TranslateServicePort(dc, entry.Service.Port, entry.Service.TaggedAddresses)
|
|
}
|
|
case *structs.Node:
|
|
v.Address = a.TranslateAddress(dc, v.Address, v.TaggedAddresses, accept)
|
|
case structs.Nodes:
|
|
for _, node := range v {
|
|
node.Address = a.TranslateAddress(dc, node.Address, node.TaggedAddresses, accept)
|
|
}
|
|
case structs.ServiceNodes:
|
|
for _, entry := range v {
|
|
entry.Address = a.TranslateAddress(dc, entry.Address, entry.TaggedAddresses, accept)
|
|
entry.ServiceAddress = a.TranslateServiceAddress(dc, entry.ServiceAddress, entry.ServiceTaggedAddresses, accept)
|
|
entry.ServicePort = a.TranslateServicePort(dc, entry.ServicePort, entry.ServiceTaggedAddresses)
|
|
}
|
|
case *structs.NodeServices:
|
|
if v.Node != nil {
|
|
v.Node.Address = a.TranslateAddress(dc, v.Node.Address, v.Node.TaggedAddresses, accept)
|
|
}
|
|
for _, entry := range v.Services {
|
|
entry.Address = a.TranslateServiceAddress(dc, entry.Address, entry.TaggedAddresses, accept)
|
|
entry.Port = a.TranslateServicePort(dc, entry.Port, entry.TaggedAddresses)
|
|
}
|
|
case *structs.NodeServiceList:
|
|
if v.Node != nil {
|
|
v.Node.Address = a.TranslateAddress(dc, v.Node.Address, v.Node.TaggedAddresses, accept)
|
|
}
|
|
for _, entry := range v.Services {
|
|
entry.Address = a.TranslateServiceAddress(dc, entry.Address, entry.TaggedAddresses, accept)
|
|
entry.Port = a.TranslateServicePort(dc, entry.Port, entry.TaggedAddresses)
|
|
}
|
|
default:
|
|
panic(fmt.Errorf("Unhandled type passed to address translator: %#v", subj))
|
|
}
|
|
}
|