open-nomad/api/consul.go
2023-04-10 15:36:59 +00:00

629 lines
17 KiB
Go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
"time"
"golang.org/x/exp/maps"
)
// Consul represents configuration related to consul.
type Consul struct {
// (Enterprise-only) Namespace represents a Consul namespace.
Namespace string `mapstructure:"namespace" hcl:"namespace,optional"`
}
// Canonicalize Consul into a canonical form. The Canonicalize structs containing
// a Consul should ensure it is not nil.
func (c *Consul) Canonicalize() {
// Nothing to do here.
//
// If Namespace is nil, that is a choice of the job submitter that
// we should inherit from higher up (i.e. job<-group). Likewise, if
// Namespace is set but empty, that is a choice to use the default consul
// namespace.
}
// Copy creates a deep copy of c.
func (c *Consul) Copy() *Consul {
return &Consul{
Namespace: c.Namespace,
}
}
// MergeNamespace sets Namespace to namespace if not already configured.
// This is used to inherit the job-level consul_namespace if the group-level
// namespace is not explicitly configured.
func (c *Consul) MergeNamespace(namespace *string) {
// only inherit namespace from above if not already set
if c.Namespace == "" && namespace != nil {
c.Namespace = *namespace
}
}
// ConsulConnect represents a Consul Connect jobspec block.
type ConsulConnect struct {
Native bool `hcl:"native,optional"`
Gateway *ConsulGateway `hcl:"gateway,block"`
SidecarService *ConsulSidecarService `mapstructure:"sidecar_service" hcl:"sidecar_service,block"`
SidecarTask *SidecarTask `mapstructure:"sidecar_task" hcl:"sidecar_task,block"`
}
func (cc *ConsulConnect) Canonicalize() {
if cc == nil {
return
}
cc.SidecarService.Canonicalize()
cc.SidecarTask.Canonicalize()
cc.Gateway.Canonicalize()
}
// ConsulSidecarService represents a Consul Connect SidecarService jobspec
// block.
type ConsulSidecarService struct {
Tags []string `hcl:"tags,optional"`
Port string `hcl:"port,optional"`
Proxy *ConsulProxy `hcl:"proxy,block"`
DisableDefaultTCPCheck bool `mapstructure:"disable_default_tcp_check" hcl:"disable_default_tcp_check,optional"`
Meta map[string]string `hcl:"meta,block"`
}
func (css *ConsulSidecarService) Canonicalize() {
if css == nil {
return
}
if len(css.Tags) == 0 {
css.Tags = nil
}
if len(css.Meta) == 0 {
css.Meta = nil
}
css.Proxy.Canonicalize()
}
// SidecarTask represents a subset of Task fields that can be set to override
// the fields of the Task generated for the sidecar
type SidecarTask struct {
Name string `hcl:"name,optional"`
Driver string `hcl:"driver,optional"`
User string `hcl:"user,optional"`
Config map[string]interface{} `hcl:"config,block"`
Env map[string]string `hcl:"env,block"`
Resources *Resources `hcl:"resources,block"`
Meta map[string]string `hcl:"meta,block"`
KillTimeout *time.Duration `mapstructure:"kill_timeout" hcl:"kill_timeout,optional"`
LogConfig *LogConfig `mapstructure:"logs" hcl:"logs,block"`
ShutdownDelay *time.Duration `mapstructure:"shutdown_delay" hcl:"shutdown_delay,optional"`
KillSignal string `mapstructure:"kill_signal" hcl:"kill_signal,optional"`
}
func (st *SidecarTask) Canonicalize() {
if st == nil {
return
}
if len(st.Config) == 0 {
st.Config = nil
}
if len(st.Env) == 0 {
st.Env = nil
}
if st.Resources == nil {
st.Resources = DefaultResources()
} else {
st.Resources.Canonicalize()
}
if st.LogConfig == nil {
st.LogConfig = DefaultLogConfig()
} else {
st.LogConfig.Canonicalize()
}
if len(st.Meta) == 0 {
st.Meta = nil
}
if st.KillTimeout == nil {
st.KillTimeout = pointerOf(5 * time.Second)
}
if st.ShutdownDelay == nil {
st.ShutdownDelay = pointerOf(time.Duration(0))
}
}
// ConsulProxy represents a Consul Connect sidecar proxy jobspec block.
type ConsulProxy struct {
LocalServiceAddress string `mapstructure:"local_service_address" hcl:"local_service_address,optional"`
LocalServicePort int `mapstructure:"local_service_port" hcl:"local_service_port,optional"`
Expose *ConsulExposeConfig `mapstructure:"expose" hcl:"expose,block"`
ExposeConfig *ConsulExposeConfig // Deprecated: only to maintain backwards compatibility. Use Expose instead.
Upstreams []*ConsulUpstream `hcl:"upstreams,block"`
Config map[string]interface{} `hcl:"config,block"`
}
func (cp *ConsulProxy) Canonicalize() {
if cp == nil {
return
}
cp.Expose.Canonicalize()
if len(cp.Upstreams) == 0 {
cp.Upstreams = nil
}
for _, upstream := range cp.Upstreams {
upstream.Canonicalize()
}
if len(cp.Config) == 0 {
cp.Config = nil
}
}
// ConsulMeshGateway is used to configure mesh gateway usage when connecting to
// a connect upstream in another datacenter.
type ConsulMeshGateway struct {
// Mode configures how an upstream should be accessed with regard to using
// mesh gateways.
//
// local - the connect proxy makes outbound connections through mesh gateway
// originating in the same datacenter.
//
// remote - the connect proxy makes outbound connections to a mesh gateway
// in the destination datacenter.
//
// none (default) - no mesh gateway is used, the proxy makes outbound connections
// directly to destination services.
//
// https://www.consul.io/docs/connect/gateways/mesh-gateway#modes-of-operation
Mode string `mapstructure:"mode" hcl:"mode,optional"`
}
func (c *ConsulMeshGateway) Canonicalize() {
// Mode may be empty string, indicating behavior will defer to Consul
// service-defaults config entry.
return
}
func (c *ConsulMeshGateway) Copy() *ConsulMeshGateway {
if c == nil {
return nil
}
return &ConsulMeshGateway{
Mode: c.Mode,
}
}
// ConsulUpstream represents a Consul Connect upstream jobspec block.
type ConsulUpstream struct {
DestinationName string `mapstructure:"destination_name" hcl:"destination_name,optional"`
DestinationNamespace string `mapstructure:"destination_namespace" hcl:"destination_namespace,optional"`
LocalBindPort int `mapstructure:"local_bind_port" hcl:"local_bind_port,optional"`
Datacenter string `mapstructure:"datacenter" hcl:"datacenter,optional"`
LocalBindAddress string `mapstructure:"local_bind_address" hcl:"local_bind_address,optional"`
MeshGateway *ConsulMeshGateway `mapstructure:"mesh_gateway" hcl:"mesh_gateway,block"`
Config map[string]any `mapstructure:"config" hcl:"config,block"`
}
func (cu *ConsulUpstream) Copy() *ConsulUpstream {
if cu == nil {
return nil
}
return &ConsulUpstream{
DestinationName: cu.DestinationName,
DestinationNamespace: cu.DestinationNamespace,
LocalBindPort: cu.LocalBindPort,
Datacenter: cu.Datacenter,
LocalBindAddress: cu.LocalBindAddress,
MeshGateway: cu.MeshGateway.Copy(),
Config: maps.Clone(cu.Config),
}
}
func (cu *ConsulUpstream) Canonicalize() {
if cu == nil {
return
}
cu.MeshGateway.Canonicalize()
if len(cu.Config) == 0 {
cu.Config = nil
}
}
type ConsulExposeConfig struct {
Paths []*ConsulExposePath `mapstructure:"path" hcl:"path,block"`
Path []*ConsulExposePath // Deprecated: only to maintain backwards compatibility. Use Paths instead.
}
func (cec *ConsulExposeConfig) Canonicalize() {
if cec == nil {
return
}
if len(cec.Paths) == 0 {
cec.Paths = nil
}
if len(cec.Path) == 0 {
cec.Path = nil
}
}
type ConsulExposePath struct {
Path string `hcl:"path,optional"`
Protocol string `hcl:"protocol,optional"`
LocalPathPort int `mapstructure:"local_path_port" hcl:"local_path_port,optional"`
ListenerPort string `mapstructure:"listener_port" hcl:"listener_port,optional"`
}
// ConsulGateway is used to configure one of the Consul Connect Gateway types.
type ConsulGateway struct {
// Proxy is used to configure the Envoy instance acting as the gateway.
Proxy *ConsulGatewayProxy `hcl:"proxy,block"`
// Ingress represents the Consul Configuration Entry for an Ingress Gateway.
Ingress *ConsulIngressConfigEntry `hcl:"ingress,block"`
// Terminating represents the Consul Configuration Entry for a Terminating Gateway.
Terminating *ConsulTerminatingConfigEntry `hcl:"terminating,block"`
// Mesh indicates the Consul service should be a Mesh Gateway.
Mesh *ConsulMeshConfigEntry `hcl:"mesh,block"`
}
func (g *ConsulGateway) Canonicalize() {
if g == nil {
return
}
g.Proxy.Canonicalize()
g.Ingress.Canonicalize()
g.Terminating.Canonicalize()
}
func (g *ConsulGateway) Copy() *ConsulGateway {
if g == nil {
return nil
}
return &ConsulGateway{
Proxy: g.Proxy.Copy(),
Ingress: g.Ingress.Copy(),
Terminating: g.Terminating.Copy(),
}
}
type ConsulGatewayBindAddress struct {
Name string `hcl:",label"`
Address string `mapstructure:"address" hcl:"address,optional"`
Port int `mapstructure:"port" hcl:"port,optional"`
}
var (
// defaultGatewayConnectTimeout is the default amount of time connections to
// upstreams are allowed before timing out.
defaultGatewayConnectTimeout = 5 * time.Second
)
// ConsulGatewayProxy is used to tune parameters of the proxy instance acting as
// one of the forms of Connect gateways that Consul supports.
//
// https://www.consul.io/docs/connect/proxies/envoy#gateway-options
type ConsulGatewayProxy struct {
ConnectTimeout *time.Duration `mapstructure:"connect_timeout" hcl:"connect_timeout,optional"`
EnvoyGatewayBindTaggedAddresses bool `mapstructure:"envoy_gateway_bind_tagged_addresses" hcl:"envoy_gateway_bind_tagged_addresses,optional"`
EnvoyGatewayBindAddresses map[string]*ConsulGatewayBindAddress `mapstructure:"envoy_gateway_bind_addresses" hcl:"envoy_gateway_bind_addresses,block"`
EnvoyGatewayNoDefaultBind bool `mapstructure:"envoy_gateway_no_default_bind" hcl:"envoy_gateway_no_default_bind,optional"`
EnvoyDNSDiscoveryType string `mapstructure:"envoy_dns_discovery_type" hcl:"envoy_dns_discovery_type,optional"`
Config map[string]interface{} `hcl:"config,block"` // escape hatch envoy config
}
func (p *ConsulGatewayProxy) Canonicalize() {
if p == nil {
return
}
if p.ConnectTimeout == nil {
// same as the default from consul
p.ConnectTimeout = pointerOf(defaultGatewayConnectTimeout)
}
if len(p.EnvoyGatewayBindAddresses) == 0 {
p.EnvoyGatewayBindAddresses = nil
}
if len(p.Config) == 0 {
p.Config = nil
}
}
func (p *ConsulGatewayProxy) Copy() *ConsulGatewayProxy {
if p == nil {
return nil
}
var binds map[string]*ConsulGatewayBindAddress = nil
if p.EnvoyGatewayBindAddresses != nil {
binds = make(map[string]*ConsulGatewayBindAddress, len(p.EnvoyGatewayBindAddresses))
for k, v := range p.EnvoyGatewayBindAddresses {
binds[k] = v
}
}
var config map[string]interface{} = nil
if p.Config != nil {
config = make(map[string]interface{}, len(p.Config))
for k, v := range p.Config {
config[k] = v
}
}
return &ConsulGatewayProxy{
ConnectTimeout: pointerOf(*p.ConnectTimeout),
EnvoyGatewayBindTaggedAddresses: p.EnvoyGatewayBindTaggedAddresses,
EnvoyGatewayBindAddresses: binds,
EnvoyGatewayNoDefaultBind: p.EnvoyGatewayNoDefaultBind,
EnvoyDNSDiscoveryType: p.EnvoyDNSDiscoveryType,
Config: config,
}
}
// ConsulGatewayTLSConfig is used to configure TLS for a gateway.
type ConsulGatewayTLSConfig struct {
Enabled bool `hcl:"enabled,optional"`
TLSMinVersion string `hcl:"tls_min_version,optional" mapstructure:"tls_min_version"`
TLSMaxVersion string `hcl:"tls_max_version,optional" mapstructure:"tls_max_version"`
CipherSuites []string `hcl:"cipher_suites,optional" mapstructure:"cipher_suites"`
}
func (tc *ConsulGatewayTLSConfig) Canonicalize() {
}
func (tc *ConsulGatewayTLSConfig) Copy() *ConsulGatewayTLSConfig {
if tc == nil {
return nil
}
result := &ConsulGatewayTLSConfig{
Enabled: tc.Enabled,
TLSMinVersion: tc.TLSMinVersion,
TLSMaxVersion: tc.TLSMaxVersion,
}
if len(tc.CipherSuites) != 0 {
cipherSuites := make([]string, len(tc.CipherSuites))
copy(cipherSuites, tc.CipherSuites)
result.CipherSuites = cipherSuites
}
return result
}
// ConsulIngressService is used to configure a service fronted by the ingress gateway.
type ConsulIngressService struct {
// Namespace is not yet supported.
// Namespace string
Name string `hcl:"name,optional"`
Hosts []string `hcl:"hosts,optional"`
}
func (s *ConsulIngressService) Canonicalize() {
if s == nil {
return
}
if len(s.Hosts) == 0 {
s.Hosts = nil
}
}
func (s *ConsulIngressService) Copy() *ConsulIngressService {
if s == nil {
return nil
}
var hosts []string = nil
if n := len(s.Hosts); n > 0 {
hosts = make([]string, n)
copy(hosts, s.Hosts)
}
return &ConsulIngressService{
Name: s.Name,
Hosts: hosts,
}
}
const (
defaultIngressListenerProtocol = "tcp"
)
// ConsulIngressListener is used to configure a listener on a Consul Ingress
// Gateway.
type ConsulIngressListener struct {
Port int `hcl:"port,optional"`
Protocol string `hcl:"protocol,optional"`
Services []*ConsulIngressService `hcl:"service,block"`
}
func (l *ConsulIngressListener) Canonicalize() {
if l == nil {
return
}
if l.Protocol == "" {
// same as default from consul
l.Protocol = defaultIngressListenerProtocol
}
if len(l.Services) == 0 {
l.Services = nil
}
}
func (l *ConsulIngressListener) Copy() *ConsulIngressListener {
if l == nil {
return nil
}
var services []*ConsulIngressService = nil
if n := len(l.Services); n > 0 {
services = make([]*ConsulIngressService, n)
for i := 0; i < n; i++ {
services[i] = l.Services[i].Copy()
}
}
return &ConsulIngressListener{
Port: l.Port,
Protocol: l.Protocol,
Services: services,
}
}
// ConsulIngressConfigEntry represents the Consul Configuration Entry type for
// an Ingress Gateway.
//
// https://www.consul.io/docs/agent/config-entries/ingress-gateway#available-fields
type ConsulIngressConfigEntry struct {
// Namespace is not yet supported.
// Namespace string
TLS *ConsulGatewayTLSConfig `hcl:"tls,block"`
Listeners []*ConsulIngressListener `hcl:"listener,block"`
}
func (e *ConsulIngressConfigEntry) Canonicalize() {
if e == nil {
return
}
e.TLS.Canonicalize()
if len(e.Listeners) == 0 {
e.Listeners = nil
}
for _, listener := range e.Listeners {
listener.Canonicalize()
}
}
func (e *ConsulIngressConfigEntry) Copy() *ConsulIngressConfigEntry {
if e == nil {
return nil
}
var listeners []*ConsulIngressListener = nil
if n := len(e.Listeners); n > 0 {
listeners = make([]*ConsulIngressListener, n)
for i := 0; i < n; i++ {
listeners[i] = e.Listeners[i].Copy()
}
}
return &ConsulIngressConfigEntry{
TLS: e.TLS.Copy(),
Listeners: listeners,
}
}
type ConsulLinkedService struct {
Name string `hcl:"name,optional"`
CAFile string `hcl:"ca_file,optional" mapstructure:"ca_file"`
CertFile string `hcl:"cert_file,optional" mapstructure:"cert_file"`
KeyFile string `hcl:"key_file,optional" mapstructure:"key_file"`
SNI string `hcl:"sni,optional"`
}
func (s *ConsulLinkedService) Canonicalize() {
// nothing to do for now
}
func (s *ConsulLinkedService) Copy() *ConsulLinkedService {
if s == nil {
return nil
}
return &ConsulLinkedService{
Name: s.Name,
CAFile: s.CAFile,
CertFile: s.CertFile,
KeyFile: s.KeyFile,
SNI: s.SNI,
}
}
// ConsulTerminatingConfigEntry represents the Consul Configuration Entry type
// for a Terminating Gateway.
//
// https://www.consul.io/docs/agent/config-entries/terminating-gateway#available-fields
type ConsulTerminatingConfigEntry struct {
// Namespace is not yet supported.
// Namespace string
Services []*ConsulLinkedService `hcl:"service,block"`
}
func (e *ConsulTerminatingConfigEntry) Canonicalize() {
if e == nil {
return
}
if len(e.Services) == 0 {
e.Services = nil
}
for _, service := range e.Services {
service.Canonicalize()
}
}
func (e *ConsulTerminatingConfigEntry) Copy() *ConsulTerminatingConfigEntry {
if e == nil {
return nil
}
var services []*ConsulLinkedService = nil
if n := len(e.Services); n > 0 {
services = make([]*ConsulLinkedService, n)
for i := 0; i < n; i++ {
services[i] = e.Services[i].Copy()
}
}
return &ConsulTerminatingConfigEntry{
Services: services,
}
}
// ConsulMeshConfigEntry is a stub used to represent that the gateway service type
// should be for a Mesh Gateway. Unlike Ingress and Terminating, there is no
// actual Consul Config Entry type for mesh-gateway, at least for now. We still
// create a type for future proofing, instead just using a bool for example.
type ConsulMeshConfigEntry struct {
// nothing in here
}
func (e *ConsulMeshConfigEntry) Canonicalize() {
return
}
func (e *ConsulMeshConfigEntry) Copy() *ConsulMeshConfigEntry {
if e == nil {
return nil
}
return new(ConsulMeshConfigEntry)
}