From 42b338308f8b674e680ac21474d0cf2b4306a5ef Mon Sep 17 00:00:00 2001 From: Sander Mol Date: Thu, 24 Feb 2022 15:34:54 +0100 Subject: [PATCH] add go-sockaddr templating support to nomad consul address (#12084) --- .changelog/12084.txt | 3 ++ command/agent/config.go | 28 +++---------- go.mod | 13 ++++++- go.sum | 24 +++++++++++- nomad/structs/config/consul.go | 8 +++- nomad/structs/config/consul_test.go | 39 +++++++++++++++++++ website/content/docs/configuration/consul.mdx | 2 + 7 files changed, 91 insertions(+), 26 deletions(-) create mode 100644 .changelog/12084.txt diff --git a/.changelog/12084.txt b/.changelog/12084.txt new file mode 100644 index 000000000..37bbb6537 --- /dev/null +++ b/.changelog/12084.txt @@ -0,0 +1,3 @@ +```release-note:improvement +consul: add go-sockaddr templating support to nomad consul address +``` diff --git a/command/agent/config.go b/command/agent/config.go index 1fb9b93c3..7ed47aa73 100644 --- a/command/agent/config.go +++ b/command/agent/config.go @@ -16,6 +16,7 @@ import ( "strings" "time" + "github.com/hashicorp/go-secure-stdlib/listenerutil" sockaddr "github.com/hashicorp/go-sockaddr" "github.com/hashicorp/go-sockaddr/template" client "github.com/hashicorp/nomad/client/config" @@ -1230,7 +1231,7 @@ func (c *Config) Merge(b *Config) *Config { // initialized and have reasonable defaults. func (c *Config) normalizeAddrs() error { if c.BindAddr != "" { - ipStr, err := parseSingleIPTemplate(c.BindAddr) + ipStr, err := listenerutil.ParseSingleIPTemplate(c.BindAddr) if err != nil { return fmt.Errorf("Bind address resolution failed: %v", err) } @@ -1325,25 +1326,6 @@ func parseSingleInterfaceTemplate(tpl string) (string, error) { return out, nil } -// parseSingleIPTemplate is used as a helper function to parse out a single IP -// address from a config parameter. -func parseSingleIPTemplate(ipTmpl string) (string, error) { - out, err := template.Parse(ipTmpl) - if err != nil { - return "", fmt.Errorf("Unable to parse address template %q: %v", ipTmpl, err) - } - - ips := strings.Split(out, " ") - switch len(ips) { - case 0: - return "", errors.New("No addresses found, please configure one.") - case 1: - return ips[0], nil - default: - return "", fmt.Errorf("Multiple addresses found (%q), please configure one.", out) - } -} - // parseMultipleIPTemplate is used as a helper function to parse out a multiple IP // addresses from a config parameter. func parseMultipleIPTemplate(ipTmpl string) ([]string, error) { @@ -1367,7 +1349,7 @@ func normalizeBind(addr, bind string) (string, error) { if addr == "" { return bind, nil } - return parseSingleIPTemplate(addr) + return listenerutil.ParseSingleIPTemplate(addr) } // normalizeMultipleBind returns normalized bind addresses. @@ -1393,7 +1375,7 @@ func normalizeMultipleBind(addr, bind string) ([]string, error) { // // Loopback is only considered a valid advertise address in dev mode. func normalizeAdvertise(addr string, bind string, defport int, dev bool) (string, error) { - addr, err := parseSingleIPTemplate(addr) + addr, err := listenerutil.ParseSingleIPTemplate(addr) if err != nil { return "", fmt.Errorf("Error parsing advertise address template: %v", err) } @@ -1434,7 +1416,7 @@ func normalizeAdvertise(addr string, bind string, defport int, dev bool) (string } // Bind is not localhost but not a valid advertise IP, use first private IP - addr, err = parseSingleIPTemplate("{{ GetPrivateIP }}") + addr, err = listenerutil.ParseSingleIPTemplate("{{ GetPrivateIP }}") if err != nil { return "", fmt.Errorf("Unable to parse default advertise address: %v", err) } diff --git a/go.mod b/go.mod index 2b6e21658..671a0c463 100644 --- a/go.mod +++ b/go.mod @@ -64,6 +64,7 @@ require ( github.com/hashicorp/go-msgpack v1.1.5 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-plugin v1.4.3 + github.com/hashicorp/go-secure-stdlib/listenerutil v0.1.4 github.com/hashicorp/go-sockaddr v1.0.2 github.com/hashicorp/go-syslog v1.0.0 github.com/hashicorp/go-uuid v1.0.2 @@ -86,7 +87,7 @@ require ( github.com/kr/text v0.2.0 github.com/mattn/go-colorable v0.1.9 github.com/miekg/dns v1.1.26 - github.com/mitchellh/cli v1.1.0 + github.com/mitchellh/cli v1.1.2 github.com/mitchellh/colorstring v0.0.0-20150917214807-8631ce90f286 github.com/mitchellh/copystructure v1.2.0 github.com/mitchellh/go-glint v0.0.0-20210722152315-6515ceb4a127 @@ -143,6 +144,9 @@ require ( github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/BurntSushi/toml v0.4.1 // indirect github.com/DataDog/datadog-go v3.2.0+incompatible // indirect + github.com/Masterminds/goutils v1.1.0 // indirect + github.com/Masterminds/semver v1.5.0 // indirect + github.com/Masterminds/sprig v2.22.0+incompatible // indirect github.com/Microsoft/hcsshim v0.8.23 // indirect github.com/VividCortex/ewma v1.1.1 // indirect github.com/agext/levenshtein v1.2.1 // indirect @@ -197,9 +201,16 @@ require ( github.com/hashicorp/go-retryablehttp v0.6.7 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-safetemp v1.0.0 // indirect + github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1 // indirect + github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1 // indirect + github.com/hashicorp/go-secure-stdlib/strutil v0.1.1 // indirect + github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1 // indirect github.com/hashicorp/mdns v1.0.1 // indirect github.com/hashicorp/vic v1.5.1-0.20190403131502-bbfe86ec9443 // indirect + github.com/huandu/xstrings v1.3.2 // indirect + github.com/imdario/mergo v0.3.12 // indirect github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07 // indirect + github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/joyent/triton-go v0.0.0-20190112182421-51ffac552869 // indirect github.com/klauspost/compress v1.13.6 // indirect diff --git a/go.sum b/go.sum index 4d83ddeef..75a8d90dd 100644 --- a/go.sum +++ b/go.sum @@ -103,6 +103,12 @@ github.com/DataDog/datadog-go v3.2.0+incompatible h1:qSG2N4FghB1He/r2mFrWKCaL7dX github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/LK4D4/joincontext v0.0.0-20171026170139-1724345da6d5 h1:U7q69tqXiCf6m097GRlNQB0/6SI1qWIOHYHhCEvDxF4= github.com/LK4D4/joincontext v0.0.0-20171026170139-1724345da6d5/go.mod h1:nxQPcNPR/34g+HcK2hEsF99O+GJgIkW/OmPl8wtzhmk= +github.com/Masterminds/goutils v1.1.0 h1:zukEsf/1JZwCMgHiK3GZftabmxiCw4apj3a28RPBiVg= +github.com/Masterminds/goutils v1.1.0/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= +github.com/Masterminds/semver v1.5.0 h1:H65muMkzWKEuNDnfl9d70GUjFniHKHRbFPGBuZ3QEww= +github.com/Masterminds/semver v1.5.0/go.mod h1:MB6lktGJrhw8PrUyiEoblNEGEQ+RzHPF078ddwwvV3Y= +github.com/Masterminds/sprig v2.22.0+incompatible h1:z4yfnGrZ7netVz+0EDJ0Wi+5VZCSYp4Z0m2dk6cEM60= +github.com/Masterminds/sprig v2.22.0+incompatible/go.mod h1:y6hNFY5UBTIWBxnzTeuNhlNS5hqE0NB0E6fgfo2Br3o= github.com/Microsoft/hcsshim v0.8.6/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7-0.20190325164909-8abdbb8205e4/go.mod h1:Op3hHsoHPAvb6lceZHDtd9OkTew38wNoXnJs8iY7rUg= github.com/Microsoft/hcsshim v0.8.7/go.mod h1:OHd7sQqRFrYd3RmSgbgji+ctCwkbq2wbEYNSzOYtcBQ= @@ -729,6 +735,16 @@ github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5O github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo= github.com/hashicorp/go-safetemp v1.0.0/go.mod h1:oaerMy3BhqiTbVye6QuFhFtIceqFoDHxNAB65b+Rj1I= +github.com/hashicorp/go-secure-stdlib/listenerutil v0.1.4 h1:6ajbq64FhrIJZ6prrff3upVVDil4yfCrnSKwTH0HIPE= +github.com/hashicorp/go-secure-stdlib/listenerutil v0.1.4/go.mod h1:myX7XYMJRIP4PLHtYJiKMTJcKOX0M5ZJNwP0iw+l3uw= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1 h1:78ki3QBevHwYrVxnyVeaEz+7WtifHhauYF23es/0KlI= +github.com/hashicorp/go-secure-stdlib/parseutil v0.1.1/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= +github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1 h1:SMGUnbpAcat8rIKHkBPjfv81yC46a8eCNZ2hsR2l1EI= +github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1/go.mod h1:Ch/bf00Qnx77MZd49JRgHYqHQjtEmTgGU2faufpVZb0= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.1 h1:nd0HIW15E6FG1MsnArYaHfuw9C2zgzM8LxkG5Ty/788= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U= +github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1 h1:Yc026VyMyIpq1UWRnakHRG01U8fJm+nEfEmjoAb00n8= +github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1/go.mod h1:l8slYwnJA26yBz+ErHpp2IRCLr0vuOMGBORIz4rRiAs= github.com/hashicorp/go-sockaddr v1.0.0/go.mod h1:7Xibr9yA9JjQq1JpNB2Vw7kxv8xerXegt+ozgdvDeDU= github.com/hashicorp/go-sockaddr v1.0.2 h1:ztczhD1jLxIRjVejw8gFomI1BQZOe2WoVOu0SyteCQc= github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= @@ -799,6 +815,8 @@ github.com/hexdigest/gowrap v1.1.7/go.mod h1:Z+nBFUDLa01iaNM+/jzoOA1JJ7sm51rnYFa github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= github.com/hpcloud/tail v1.0.1-0.20170814160653-37f427138745 h1:8as8OQ+RF1QrsHvWWsKBtBKINhD9QaD1iozA1wrO4aA= github.com/hpcloud/tail v1.0.1-0.20170814160653-37f427138745/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= +github.com/huandu/xstrings v1.3.2 h1:L18LIDzqlW6xN2rEkpdV8+oL/IXWJ1APd+vsdYy4Wdw= +github.com/huandu/xstrings v1.3.2/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/iancoleman/strcase v0.2.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47ZCWhYzw7ho= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -807,6 +825,7 @@ github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJ github.com/imdario/mergo v0.3.8/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA= github.com/imdario/mergo v0.3.10/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= +github.com/imdario/mergo v0.3.12 h1:b6R2BslTbIEToALKP7LxUvijTsNI9TAe80pLWN2g/HU= github.com/imdario/mergo v0.3.12/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8= github.com/ishidawataru/sctp v0.0.0-20191218070446-00ab2ac2db07 h1:rw3IAne6CDuVFlZbPOkA7bhxlqawFh7RJJ+CejfMaxE= @@ -815,6 +834,8 @@ github.com/j-keck/arping v0.0.0-20160618110441-2cf9dc699c56/go.mod h1:ymszkNOg6t github.com/j-keck/arping v1.0.2/go.mod h1:aJbELhR92bSk7tp79AWM/ftfc90EfEi2bQJrbBFOsPw= github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da h1:FjHUJJ7oBW4G/9j1KzlHaXL09LyMVM9rupS39lncbXk= github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9deReOc7jgqp+e7LuFiCBH6Rm5hL32cLcEAArb4= +github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f h1:E87tDTVS5W65euzixn7clSzK66puSt1H4I5SC0EmHH4= +github.com/jefferai/isbadcipher v0.0.0-20190226160619-51d2077c035f/go.mod h1:3J2qVK16Lq8V+wfiL2lPeDZ7UWMxk5LemerHa1p6N00= github.com/jhump/protoreflect v1.6.0 h1:h5jfMVslIg6l29nsMs0D8Wj17RDVdNYti0vDN/PZZoE= github.com/jhump/protoreflect v1.6.0/go.mod h1:eaTn3RZAmMBcV0fifFvlm6VHNz3wSkYyXYWUh7ymB74= github.com/jmespath/go-jmespath v0.0.0-20160202185014-0b12d6b521d8/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= @@ -911,8 +932,9 @@ github.com/miekg/dns v1.1.26/go.mod h1:bPDLeHnStXmXAq1m/Ch/hvfNHr14JKNPMBo3VZKju github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible/go.mod h1:8AuVvqP/mXw1px98n46wfvcGfQ4ci2FwoAjKYxuo3Z4= github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= -github.com/mitchellh/cli v1.1.0 h1:tEElEatulEHDeedTxwckzyYMA5c86fbmNIUL1hBIiTg= github.com/mitchellh/cli v1.1.0/go.mod h1:xcISNoH86gajksDmfB23e/pu+B+GeFRMYmoHXxx3xhI= +github.com/mitchellh/cli v1.1.2 h1:PvH+lL2B7IQ101xQL63Of8yFS2y+aDlsFcsqNc+u/Kw= +github.com/mitchellh/cli v1.1.2/go.mod h1:6iaV0fGdElS6dPBx0EApTxHrcWvmJphyh2n8YBLPPZ4= github.com/mitchellh/colorstring v0.0.0-20150917214807-8631ce90f286 h1:KHyL+3mQOF9sPfs26lsefckcFNDcIZtiACQiECzIUkw= github.com/mitchellh/colorstring v0.0.0-20150917214807-8631ce90f286/go.mod h1:l0dey0ia/Uv7NcFFVbCLtqEBQbrT4OCwCSKTEv6enCw= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= diff --git a/nomad/structs/config/consul.go b/nomad/structs/config/consul.go index f228c6321..f836b822b 100644 --- a/nomad/structs/config/consul.go +++ b/nomad/structs/config/consul.go @@ -1,11 +1,13 @@ package config import ( + "fmt" "net/http" "strings" "time" consul "github.com/hashicorp/consul/api" + "github.com/hashicorp/go-secure-stdlib/listenerutil" "github.com/hashicorp/nomad/helper" ) @@ -251,7 +253,11 @@ func (c *ConsulConfig) ApiConfig() (*consul.Config, error) { // http.Transport. config := consul.DefaultConfig() if c.Addr != "" { - config.Address = c.Addr + ipStr, err := listenerutil.ParseSingleIPTemplate(c.Addr) + if err != nil { + return nil, fmt.Errorf("unable to parse address template %q: %v", c.Addr, err) + } + config.Address = ipStr } if c.Token != "" { config.Token = c.Token diff --git a/nomad/structs/config/consul_test.go b/nomad/structs/config/consul_test.go index eb228814f..d2243e418 100644 --- a/nomad/structs/config/consul_test.go +++ b/nomad/structs/config/consul_test.go @@ -5,10 +5,12 @@ import ( "fmt" "os" "os/exec" + "strings" "testing" "time" consulapi "github.com/hashicorp/consul/api" + sockaddr "github.com/hashicorp/go-sockaddr" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" ) @@ -167,3 +169,40 @@ func TestConsulConfig_Exec(t *testing.T) { require.NotNil(t, conf.VerifySSL) assert.True(t, *conf.VerifySSL) } + +func TestConsulConfig_IpTemplateParse(t *testing.T) { + t.Parallel() + + privateIps, err := sockaddr.GetPrivateIP() + require.NoError(t, err) + privateIp := strings.Split(privateIps, " ")[0] + + testCases := []struct { + name string + tmpl string + expectedOut string + expectErr bool + } { + { name: "string address keeps working", tmpl: "10.0.1.0:8500", expectedOut: "10.0.1.0:8500", expectErr: false }, + { name: "single ip sock-addr template", tmpl: "{{ GetPrivateIP }}:8500", expectedOut: privateIp+":8500", expectErr: false }, + { name: "multi ip sock-addr template", tmpl: "{{ GetPrivateIPs }}:8500", expectedOut: "", expectErr: true }, + } + + for _, tc := range testCases { + tc := tc + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + conf := ConsulConfig{ + Addr: tc.tmpl, + } + out, err := conf.ApiConfig() + + if tc.expectErr { + require.Error(t, err) + return + } + require.NoError(t, err) + require.Equal(t, tc.expectedOut, out.Address) + }) + } +} diff --git a/website/content/docs/configuration/consul.mdx b/website/content/docs/configuration/consul.mdx index a53cf6d89..a4b1f3a77 100644 --- a/website/content/docs/configuration/consul.mdx +++ b/website/content/docs/configuration/consul.mdx @@ -44,6 +44,7 @@ configuring Nomad to talk to Consul via DNS such as consul.service.consul Consul agent, given in the format `host:port`. Supports Unix sockets with the format: `unix:///tmp/consul/consul.sock`. Will default to the `CONSUL_HTTP_ADDR` environment variable if set. + The value supports [go-sockaddr/template format][go-sockaddr/template]. - `allow_unauthenticated` `(bool: true)` - Specifies if users submitting jobs to the Nomad server should be required to provide their own Consul token, proving @@ -225,3 +226,4 @@ namespace "nomad-ns" { [consul]: https://www.consul.io/ 'Consul by HashiCorp' [bootstrap]: https://learn.hashicorp.com/tutorials/nomad/clustering 'Automatic Bootstrapping' +[go-sockaddr/template]: https://pkg.go.dev/github.com/hashicorp/go-sockaddr/template