2023-03-28 20:12:41 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2019-04-29 22:08:09 +00:00
|
|
|
package api
|
|
|
|
|
|
|
|
import (
|
2019-04-30 23:27:16 +00:00
|
|
|
"bytes"
|
|
|
|
"encoding/json"
|
2019-04-29 22:08:09 +00:00
|
|
|
"fmt"
|
2019-04-30 23:27:16 +00:00
|
|
|
"io"
|
|
|
|
"strconv"
|
|
|
|
"strings"
|
2020-10-06 18:24:05 +00:00
|
|
|
"time"
|
2019-04-29 22:08:09 +00:00
|
|
|
|
|
|
|
"github.com/mitchellh/mapstructure"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
2020-03-31 19:27:32 +00:00
|
|
|
ServiceDefaults string = "service-defaults"
|
|
|
|
ProxyDefaults string = "proxy-defaults"
|
|
|
|
ServiceRouter string = "service-router"
|
|
|
|
ServiceSplitter string = "service-splitter"
|
|
|
|
ServiceResolver string = "service-resolver"
|
|
|
|
IngressGateway string = "ingress-gateway"
|
|
|
|
TerminatingGateway string = "terminating-gateway"
|
2020-10-06 18:24:05 +00:00
|
|
|
ServiceIntentions string = "service-intentions"
|
2021-04-28 22:13:29 +00:00
|
|
|
MeshConfig string = "mesh"
|
2021-12-03 06:50:38 +00:00
|
|
|
ExportedServices string = "exported-services"
|
2023-03-13 21:19:11 +00:00
|
|
|
SamenessGroup string = "sameness-group"
|
2023-03-15 18:21:24 +00:00
|
|
|
RateLimitIPConfig string = "control-plane-request-limit"
|
2019-06-27 17:37:43 +00:00
|
|
|
|
2024-04-15 20:45:05 +00:00
|
|
|
ProxyConfigGlobal string = "global"
|
|
|
|
MeshConfigMesh string = "mesh"
|
|
|
|
APIGateway string = "api-gateway"
|
|
|
|
TCPRoute string = "tcp-route"
|
|
|
|
FileSystemCertificate string = "file-system-certificate"
|
|
|
|
InlineCertificate string = "inline-certificate"
|
|
|
|
HTTPRoute string = "http-route"
|
|
|
|
JWTProvider string = "jwt-provider"
|
2019-04-29 22:08:09 +00:00
|
|
|
)
|
|
|
|
|
2023-01-06 17:13:40 +00:00
|
|
|
const (
|
2023-08-30 14:51:58 +00:00
|
|
|
BuiltinAWSLambdaExtension string = "builtin/aws/lambda"
|
|
|
|
BuiltinExtAuthzExtension string = "builtin/ext-authz"
|
|
|
|
BuiltinLuaExtension string = "builtin/lua"
|
|
|
|
BuiltinOTELAccessLoggingExtension string = "builtin/otel-access-logging"
|
|
|
|
BuiltinPropertyOverrideExtension string = "builtin/property-override"
|
|
|
|
BuiltinWasmExtension string = "builtin/wasm"
|
2023-05-23 11:55:06 +00:00
|
|
|
// BuiltinValidateExtension should not be exposed directly or accepted as a valid configured
|
|
|
|
// extension type, as it is only used indirectly via troubleshooting tools. It is included here
|
|
|
|
// for common reference alongside other builtin extensions.
|
|
|
|
BuiltinValidateExtension string = "builtin/proxy/validate"
|
2023-01-06 17:13:40 +00:00
|
|
|
)
|
|
|
|
|
2019-04-29 22:08:09 +00:00
|
|
|
type ConfigEntry interface {
|
|
|
|
GetKind() string
|
|
|
|
GetName() string
|
2021-09-13 21:53:52 +00:00
|
|
|
GetPartition() string
|
2020-09-29 14:11:57 +00:00
|
|
|
GetNamespace() string
|
|
|
|
GetMeta() map[string]string
|
2019-04-30 23:27:16 +00:00
|
|
|
GetCreateIndex() uint64
|
|
|
|
GetModifyIndex() uint64
|
2019-04-29 22:08:09 +00:00
|
|
|
}
|
|
|
|
|
2019-06-18 00:52:01 +00:00
|
|
|
type MeshGatewayMode string
|
|
|
|
|
|
|
|
const (
|
|
|
|
// MeshGatewayModeDefault represents no specific mode and should
|
|
|
|
// be used to indicate that a different layer of the configuration
|
|
|
|
// chain should take precedence
|
|
|
|
MeshGatewayModeDefault MeshGatewayMode = ""
|
|
|
|
|
|
|
|
// MeshGatewayModeNone represents that the Upstream Connect connections
|
|
|
|
// should be direct and not flow through a mesh gateway.
|
|
|
|
MeshGatewayModeNone MeshGatewayMode = "none"
|
|
|
|
|
2021-04-11 21:48:04 +00:00
|
|
|
// MeshGatewayModeLocal represents that the Upstream Connect connections
|
|
|
|
// should be made to a mesh gateway in the local datacenter.
|
2019-06-18 00:52:01 +00:00
|
|
|
MeshGatewayModeLocal MeshGatewayMode = "local"
|
|
|
|
|
|
|
|
// MeshGatewayModeRemote represents that the Upstream Connect connections
|
|
|
|
// should be made to a mesh gateway in a remote datacenter.
|
|
|
|
MeshGatewayModeRemote MeshGatewayMode = "remote"
|
|
|
|
)
|
|
|
|
|
|
|
|
// MeshGatewayConfig controls how Mesh Gateways are used for upstream Connect
|
|
|
|
// services
|
|
|
|
type MeshGatewayConfig struct {
|
|
|
|
// Mode is the mode that should be used for the upstream connection.
|
2019-08-19 20:31:05 +00:00
|
|
|
Mode MeshGatewayMode `json:",omitempty"`
|
2019-06-18 00:52:01 +00:00
|
|
|
}
|
|
|
|
|
2021-04-12 15:35:14 +00:00
|
|
|
type ProxyMode string
|
|
|
|
|
|
|
|
const (
|
|
|
|
// ProxyModeDefault represents no specific mode and should
|
|
|
|
// be used to indicate that a different layer of the configuration
|
|
|
|
// chain should take precedence
|
|
|
|
ProxyModeDefault ProxyMode = ""
|
|
|
|
|
|
|
|
// ProxyModeTransparent represents that inbound and outbound application
|
|
|
|
// traffic is being captured and redirected through the proxy.
|
|
|
|
ProxyModeTransparent ProxyMode = "transparent"
|
|
|
|
|
|
|
|
// ProxyModeDirect represents that the proxy's listeners must be dialed directly
|
|
|
|
// by the local application and other proxies.
|
|
|
|
ProxyModeDirect ProxyMode = "direct"
|
|
|
|
)
|
|
|
|
|
|
|
|
type TransparentProxyConfig struct {
|
|
|
|
// The port of the listener where outbound application traffic is being redirected to.
|
|
|
|
OutboundListenerPort int `json:",omitempty" alias:"outbound_listener_port"`
|
2021-06-09 20:34:17 +00:00
|
|
|
|
|
|
|
// DialedDirectly indicates whether transparent proxies can dial this proxy instance directly.
|
|
|
|
// The discovery chain is not considered when dialing a service instance directly.
|
|
|
|
// This setting is useful when addressing stateful services, such as a database cluster with a leader node.
|
|
|
|
DialedDirectly bool `json:",omitempty" alias:"dialed_directly"`
|
2021-04-12 15:35:14 +00:00
|
|
|
}
|
|
|
|
|
2023-04-19 19:45:00 +00:00
|
|
|
type MutualTLSMode string
|
|
|
|
|
|
|
|
const (
|
|
|
|
// MutualTLSModeDefault represents no specific mode and should
|
|
|
|
// be used to indicate that a different layer of the configuration
|
|
|
|
// chain should take precedence.
|
|
|
|
MutualTLSModeDefault MutualTLSMode = ""
|
|
|
|
|
|
|
|
// MutualTLSModeStrict requires mTLS for incoming traffic.
|
|
|
|
MutualTLSModeStrict MutualTLSMode = "strict"
|
|
|
|
|
|
|
|
// MutualTLSModePermissive allows incoming non-mTLS traffic.
|
|
|
|
MutualTLSModePermissive MutualTLSMode = "permissive"
|
|
|
|
)
|
|
|
|
|
2019-09-26 02:55:52 +00:00
|
|
|
// ExposeConfig describes HTTP paths to expose through Envoy outside of Connect.
|
|
|
|
// Users can expose individual paths and/or all HTTP/GRPC paths for checks.
|
|
|
|
type ExposeConfig struct {
|
|
|
|
// Checks defines whether paths associated with Consul checks will be exposed.
|
|
|
|
// This flag triggers exposing all HTTP and GRPC check paths registered for the service.
|
|
|
|
Checks bool `json:",omitempty"`
|
|
|
|
|
|
|
|
// Paths is the list of paths exposed through the proxy.
|
|
|
|
Paths []ExposePath `json:",omitempty"`
|
|
|
|
}
|
|
|
|
|
2022-12-19 20:19:37 +00:00
|
|
|
// EnvoyExtension has configuration for an extension that patches Envoy resources.
|
|
|
|
type EnvoyExtension struct {
|
2023-06-08 14:26:11 +00:00
|
|
|
Name string
|
|
|
|
Required bool
|
|
|
|
Arguments map[string]interface{} `bexpr:"-"`
|
|
|
|
ConsulVersion string
|
|
|
|
EnvoyVersion string
|
2022-12-19 20:19:37 +00:00
|
|
|
}
|
|
|
|
|
2019-09-26 02:55:52 +00:00
|
|
|
type ExposePath struct {
|
|
|
|
// ListenerPort defines the port of the proxy's listener for exposed paths.
|
2020-05-27 18:28:28 +00:00
|
|
|
ListenerPort int `json:",omitempty" alias:"listener_port"`
|
2019-09-26 02:55:52 +00:00
|
|
|
|
|
|
|
// Path is the path to expose through the proxy, ie. "/metrics."
|
|
|
|
Path string `json:",omitempty"`
|
|
|
|
|
|
|
|
// LocalPathPort is the port that the service is listening on for the given path.
|
2020-05-27 18:28:28 +00:00
|
|
|
LocalPathPort int `json:",omitempty" alias:"local_path_port"`
|
2019-09-26 02:55:52 +00:00
|
|
|
|
|
|
|
// Protocol describes the upstream's service protocol.
|
|
|
|
// Valid values are "http" and "http2", defaults to "http"
|
|
|
|
Protocol string `json:",omitempty"`
|
|
|
|
|
|
|
|
// ParsedFromCheck is set if this path was parsed from a registered check
|
|
|
|
ParsedFromCheck bool
|
|
|
|
}
|
|
|
|
|
2022-12-13 19:52:18 +00:00
|
|
|
type LogSinkType string
|
|
|
|
|
|
|
|
const (
|
2022-12-22 20:18:15 +00:00
|
|
|
DefaultLogSinkType LogSinkType = ""
|
|
|
|
FileLogSinkType LogSinkType = "file"
|
|
|
|
StdErrLogSinkType LogSinkType = "stderr"
|
|
|
|
StdOutLogSinkType LogSinkType = "stdout"
|
2022-12-13 19:52:18 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// AccessLogsConfig contains the associated default settings for all Envoy instances within the datacenter or partition
|
|
|
|
type AccessLogsConfig struct {
|
|
|
|
// Enabled turns off all access logging
|
|
|
|
Enabled bool `json:",omitempty" alias:"enabled"`
|
|
|
|
|
|
|
|
// DisableListenerLogs turns off just listener logs for connections rejected by Envoy because they don't
|
|
|
|
// have a matching listener filter.
|
|
|
|
DisableListenerLogs bool `json:",omitempty" alias:"disable_listener_logs"`
|
|
|
|
|
|
|
|
// Type selects the output for logs: "file", "stderr". "stdout"
|
|
|
|
Type LogSinkType `json:",omitempty" alias:"type"`
|
|
|
|
|
|
|
|
// Path is the output file to write logs
|
|
|
|
Path string `json:",omitempty" alias:"path"`
|
|
|
|
|
|
|
|
// The presence of one format string or the other implies the access log string encoding.
|
|
|
|
// Defining Both is invalid.
|
|
|
|
JSONFormat string `json:",omitempty" alias:"json_format"`
|
|
|
|
TextFormat string `json:",omitempty" alias:"text_format"`
|
|
|
|
}
|
|
|
|
|
2021-04-15 19:21:44 +00:00
|
|
|
type UpstreamConfiguration struct {
|
|
|
|
// Overrides is a slice of per-service configuration. The name field is
|
|
|
|
// required.
|
|
|
|
Overrides []*UpstreamConfig `json:",omitempty"`
|
|
|
|
|
|
|
|
// Defaults contains default configuration for all upstreams of a given
|
|
|
|
// service. The name field must be empty.
|
|
|
|
Defaults *UpstreamConfig `json:",omitempty"`
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type UpstreamConfig struct {
|
2023-02-03 15:51:53 +00:00
|
|
|
// Name is only accepted within service-defaults.upstreamConfig.overrides .
|
2021-04-15 19:21:44 +00:00
|
|
|
Name string `json:",omitempty"`
|
2021-09-13 21:53:52 +00:00
|
|
|
|
2023-02-03 15:51:53 +00:00
|
|
|
// Partition is only accepted within service-defaults.upstreamConfig.overrides .
|
2021-09-13 21:53:52 +00:00
|
|
|
Partition string `json:",omitempty"`
|
|
|
|
|
2023-02-03 15:51:53 +00:00
|
|
|
// Namespace is only accepted within service-defaults.upstreamConfig.overrides .
|
2021-04-15 19:21:44 +00:00
|
|
|
Namespace string `json:",omitempty"`
|
|
|
|
|
2023-02-03 15:51:53 +00:00
|
|
|
// Peer is only accepted within service-defaults.upstreamConfig.overrides .
|
|
|
|
Peer string `json:",omitempty"`
|
|
|
|
|
2021-03-15 20:12:57 +00:00
|
|
|
// EnvoyListenerJSON is a complete override ("escape hatch") for the upstream's
|
2021-03-09 05:10:27 +00:00
|
|
|
// listener.
|
|
|
|
//
|
|
|
|
// Note: This escape hatch is NOT compatible with the discovery chain and
|
|
|
|
// will be ignored if a discovery chain is active.
|
2021-03-15 20:12:57 +00:00
|
|
|
EnvoyListenerJSON string `json:",omitempty" alias:"envoy_listener_json"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
2021-03-15 20:12:57 +00:00
|
|
|
// EnvoyClusterJSON is a complete override ("escape hatch") for the upstream's
|
2021-03-09 05:10:27 +00:00
|
|
|
// cluster. The Connect client TLS certificate and context will be injected
|
|
|
|
// overriding any TLS settings present.
|
|
|
|
//
|
|
|
|
// Note: This escape hatch is NOT compatible with the discovery chain and
|
|
|
|
// will be ignored if a discovery chain is active.
|
2021-03-15 20:12:57 +00:00
|
|
|
EnvoyClusterJSON string `json:",omitempty" alias:"envoy_cluster_json"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
// Protocol describes the upstream's service protocol. Valid values are "tcp",
|
|
|
|
// "http" and "grpc". Anything else is treated as tcp. The enables protocol
|
|
|
|
// aware features like per-request metrics and connection pooling, tracing,
|
|
|
|
// routing etc.
|
2021-03-15 19:23:18 +00:00
|
|
|
Protocol string `json:",omitempty"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
// ConnectTimeoutMs is the number of milliseconds to timeout making a new
|
|
|
|
// connection to this upstream. Defaults to 5000 (5 seconds) if not set.
|
2021-03-15 19:23:18 +00:00
|
|
|
ConnectTimeoutMs int `json:",omitempty" alias:"connect_timeout_ms"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
// Limits are the set of limits that are applied to the proxy for a specific upstream of a
|
|
|
|
// service instance.
|
2021-03-15 19:23:18 +00:00
|
|
|
Limits *UpstreamLimits `json:",omitempty"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
// PassiveHealthCheck configuration determines how upstream proxy instances will
|
|
|
|
// be monitored for removal from the load balancing pool.
|
2021-03-11 18:04:40 +00:00
|
|
|
PassiveHealthCheck *PassiveHealthCheck `json:",omitempty" alias:"passive_health_check"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
// MeshGatewayConfig controls how Mesh Gateways are configured and used
|
|
|
|
MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway" `
|
2022-09-26 16:29:06 +00:00
|
|
|
|
|
|
|
// BalanceOutboundConnections indicates that the proxy should attempt to evenly distribute
|
|
|
|
// outbound connections across worker threads. Only used by envoy proxies.
|
|
|
|
BalanceOutboundConnections string `json:",omitempty" alias:"balance_outbound_connections"`
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
|
|
|
|
2022-05-31 20:20:12 +00:00
|
|
|
// DestinationConfig represents a virtual service, i.e. one that is external to Consul
|
|
|
|
type DestinationConfig struct {
|
2022-07-18 21:10:06 +00:00
|
|
|
// Addresses of the endpoint; hostname or IP
|
|
|
|
Addresses []string `json:",omitempty"`
|
2022-05-19 22:15:57 +00:00
|
|
|
|
|
|
|
// Port allowed within this endpoint
|
|
|
|
Port int `json:",omitempty"`
|
|
|
|
}
|
|
|
|
|
2021-03-09 05:10:27 +00:00
|
|
|
type PassiveHealthCheck struct {
|
|
|
|
// Interval between health check analysis sweeps. Each sweep may remove
|
|
|
|
// hosts or return hosts to the pool.
|
2021-03-15 19:23:18 +00:00
|
|
|
Interval time.Duration `json:",omitempty"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
// MaxFailures is the count of consecutive failures that results in a host
|
|
|
|
// being removed from the pool.
|
|
|
|
MaxFailures uint32 `alias:"max_failures"`
|
2022-09-01 16:59:11 +00:00
|
|
|
|
|
|
|
// EnforcingConsecutive5xx is the % chance that a host will be actually ejected
|
|
|
|
// when an outlier status is detected through consecutive 5xx.
|
|
|
|
// This setting can be used to disable ejection or to ramp it up slowly.
|
2022-09-13 20:59:44 +00:00
|
|
|
EnforcingConsecutive5xx *uint32 `json:",omitempty" alias:"enforcing_consecutive_5xx"`
|
2023-04-26 22:59:48 +00:00
|
|
|
|
|
|
|
// The maximum % of an upstream cluster that can be ejected due to outlier detection.
|
|
|
|
// Defaults to 10% but will eject at least one host regardless of the value.
|
|
|
|
MaxEjectionPercent *uint32 `json:",omitempty" alias:"max_ejection_percent"`
|
|
|
|
|
|
|
|
// The base time that a host is ejected for. The real time is equal to the base time
|
|
|
|
// multiplied by the number of times the host has been ejected and is capped by
|
|
|
|
// max_ejection_time (Default 300s). Defaults to 30000ms or 30s.
|
|
|
|
BaseEjectionTime *time.Duration `json:",omitempty" alias:"base_ejection_time"`
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// UpstreamLimits describes the limits that are associated with a specific
|
|
|
|
// upstream of a service instance.
|
|
|
|
type UpstreamLimits struct {
|
|
|
|
// MaxConnections is the maximum number of connections the local proxy can
|
|
|
|
// make to the upstream service.
|
2021-04-15 19:21:44 +00:00
|
|
|
MaxConnections *int `alias:"max_connections"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
// MaxPendingRequests is the maximum number of requests that will be queued
|
|
|
|
// waiting for an available connection. This is mostly applicable to HTTP/1.1
|
|
|
|
// clusters since all HTTP/2 requests are streamed over a single
|
|
|
|
// connection.
|
2021-04-15 19:21:44 +00:00
|
|
|
MaxPendingRequests *int `alias:"max_pending_requests"`
|
2021-03-09 05:10:27 +00:00
|
|
|
|
|
|
|
// MaxConcurrentRequests is the maximum number of in-flight requests that will be allowed
|
|
|
|
// to the upstream cluster at a point in time. This is mostly applicable to HTTP/2
|
|
|
|
// clusters since all HTTP/1.1 requests are limited by MaxConnections.
|
2021-04-15 19:21:44 +00:00
|
|
|
MaxConcurrentRequests *int `alias:"max_concurrent_requests"`
|
2021-03-09 05:10:27 +00:00
|
|
|
}
|
|
|
|
|
2023-08-25 16:47:20 +00:00
|
|
|
// RateLimits is rate limiting configuration that is applied to
|
|
|
|
// inbound traffic for a service.
|
|
|
|
// Rate limiting is a Consul enterprise feature.
|
|
|
|
type RateLimits struct {
|
|
|
|
InstanceLevel InstanceLevelRateLimits `alias:"instance_level"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// InstanceLevelRateLimits represents rate limit configuration
|
|
|
|
// that are applied per service instance.
|
|
|
|
type InstanceLevelRateLimits struct {
|
|
|
|
// RequestsPerSecond is the average number of requests per second that can be
|
|
|
|
// made without being throttled. This field is required if RequestsMaxBurst
|
|
|
|
// is set. The allowed number of requests may exceed RequestsPerSecond up to
|
|
|
|
// the value specified in RequestsMaxBurst.
|
|
|
|
//
|
|
|
|
// Internally, this is the refill rate of the token bucket used for rate limiting.
|
|
|
|
RequestsPerSecond int `alias:"requests_per_second"`
|
|
|
|
|
|
|
|
// RequestsMaxBurst is the maximum number of requests that can be sent
|
|
|
|
// in a burst. Should be equal to or greater than RequestsPerSecond.
|
|
|
|
// If unset, defaults to RequestsPerSecond.
|
|
|
|
//
|
|
|
|
// Internally, this is the maximum size of the token bucket used for rate limiting.
|
|
|
|
RequestsMaxBurst int `alias:"requests_max_burst"`
|
|
|
|
|
|
|
|
// Routes is a list of rate limits applied to specific routes.
|
2023-10-25 20:01:46 +00:00
|
|
|
// For a given request, the first matching route will be applied, if any
|
2023-08-25 16:47:20 +00:00
|
|
|
// Overrides any top-level configuration.
|
|
|
|
Routes []InstanceLevelRouteRateLimits
|
|
|
|
}
|
|
|
|
|
|
|
|
// InstanceLevelRouteRateLimits represents rate limit configuration
|
|
|
|
// applied to a route matching one of PathExact/PathPrefix/PathRegex.
|
|
|
|
type InstanceLevelRouteRateLimits struct {
|
|
|
|
PathExact string `alias:"path_exact"`
|
|
|
|
PathPrefix string `alias:"path_prefix"`
|
|
|
|
PathRegex string `alias:"path_regex"`
|
|
|
|
|
|
|
|
RequestsPerSecond int `alias:"requests_per_second"`
|
|
|
|
RequestsMaxBurst int `alias:"requests_max_burst"`
|
|
|
|
}
|
|
|
|
|
2019-04-29 22:08:09 +00:00
|
|
|
type ServiceConfigEntry struct {
|
2022-09-26 16:29:06 +00:00
|
|
|
Kind string
|
|
|
|
Name string
|
|
|
|
Partition string `json:",omitempty"`
|
|
|
|
Namespace string `json:",omitempty"`
|
|
|
|
Protocol string `json:",omitempty"`
|
|
|
|
Mode ProxyMode `json:",omitempty"`
|
|
|
|
TransparentProxy *TransparentProxyConfig `json:",omitempty" alias:"transparent_proxy"`
|
2023-04-19 19:45:00 +00:00
|
|
|
MutualTLSMode MutualTLSMode `json:",omitempty" alias:"mutual_tls_mode"`
|
2022-09-26 16:29:06 +00:00
|
|
|
MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"`
|
|
|
|
Expose ExposeConfig `json:",omitempty"`
|
|
|
|
ExternalSNI string `json:",omitempty" alias:"external_sni"`
|
|
|
|
UpstreamConfig *UpstreamConfiguration `json:",omitempty" alias:"upstream_config"`
|
|
|
|
Destination *DestinationConfig `json:",omitempty"`
|
|
|
|
MaxInboundConnections int `json:",omitempty" alias:"max_inbound_connections"`
|
|
|
|
LocalConnectTimeoutMs int `json:",omitempty" alias:"local_connect_timeout_ms"`
|
|
|
|
LocalRequestTimeoutMs int `json:",omitempty" alias:"local_request_timeout_ms"`
|
|
|
|
BalanceInboundConnections string `json:",omitempty" alias:"balance_inbound_connections"`
|
2023-08-25 16:47:20 +00:00
|
|
|
RateLimits *RateLimits `json:",omitempty" alias:"rate_limits"`
|
2022-12-19 20:19:37 +00:00
|
|
|
EnvoyExtensions []EnvoyExtension `json:",omitempty" alias:"envoy_extensions"`
|
2022-09-26 16:29:06 +00:00
|
|
|
Meta map[string]string `json:",omitempty"`
|
|
|
|
CreateIndex uint64
|
|
|
|
ModifyIndex uint64
|
2019-04-29 22:08:09 +00:00
|
|
|
}
|
|
|
|
|
2021-09-13 21:53:52 +00:00
|
|
|
func (s *ServiceConfigEntry) GetKind() string { return s.Kind }
|
|
|
|
func (s *ServiceConfigEntry) GetName() string { return s.Name }
|
|
|
|
func (s *ServiceConfigEntry) GetPartition() string { return s.Partition }
|
|
|
|
func (s *ServiceConfigEntry) GetNamespace() string { return s.Namespace }
|
|
|
|
func (s *ServiceConfigEntry) GetMeta() map[string]string { return s.Meta }
|
|
|
|
func (s *ServiceConfigEntry) GetCreateIndex() uint64 { return s.CreateIndex }
|
|
|
|
func (s *ServiceConfigEntry) GetModifyIndex() uint64 { return s.ModifyIndex }
|
2019-04-30 23:27:16 +00:00
|
|
|
|
2019-04-29 22:08:09 +00:00
|
|
|
type ProxyConfigEntry struct {
|
2023-04-14 20:42:54 +00:00
|
|
|
Kind string
|
|
|
|
Name string
|
|
|
|
Partition string `json:",omitempty"`
|
|
|
|
Namespace string `json:",omitempty"`
|
|
|
|
Mode ProxyMode `json:",omitempty"`
|
|
|
|
TransparentProxy *TransparentProxyConfig `json:",omitempty" alias:"transparent_proxy"`
|
2023-04-19 19:45:00 +00:00
|
|
|
MutualTLSMode MutualTLSMode `json:",omitempty" alias:"mutual_tls_mode"`
|
2023-04-14 20:42:54 +00:00
|
|
|
Config map[string]interface{} `json:",omitempty"`
|
|
|
|
MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"`
|
|
|
|
Expose ExposeConfig `json:",omitempty"`
|
|
|
|
AccessLogs *AccessLogsConfig `json:",omitempty" alias:"access_logs"`
|
|
|
|
EnvoyExtensions []EnvoyExtension `json:",omitempty" alias:"envoy_extensions"`
|
|
|
|
FailoverPolicy *ServiceResolverFailoverPolicy `json:",omitempty" alias:"failover_policy"`
|
|
|
|
PrioritizeByLocality *ServiceResolverPrioritizeByLocality `json:",omitempty" alias:"prioritize_by_locality"`
|
2022-03-30 18:43:59 +00:00
|
|
|
|
|
|
|
Meta map[string]string `json:",omitempty"`
|
|
|
|
CreateIndex uint64
|
|
|
|
ModifyIndex uint64
|
2019-04-29 22:08:09 +00:00
|
|
|
}
|
|
|
|
|
2021-09-13 21:53:52 +00:00
|
|
|
func (p *ProxyConfigEntry) GetKind() string { return p.Kind }
|
2022-10-25 17:55:15 +00:00
|
|
|
func (p *ProxyConfigEntry) GetName() string { return ProxyConfigGlobal }
|
2021-09-13 21:53:52 +00:00
|
|
|
func (p *ProxyConfigEntry) GetPartition() string { return p.Partition }
|
|
|
|
func (p *ProxyConfigEntry) GetNamespace() string { return p.Namespace }
|
|
|
|
func (p *ProxyConfigEntry) GetMeta() map[string]string { return p.Meta }
|
|
|
|
func (p *ProxyConfigEntry) GetCreateIndex() uint64 { return p.CreateIndex }
|
|
|
|
func (p *ProxyConfigEntry) GetModifyIndex() uint64 { return p.ModifyIndex }
|
2019-04-30 23:27:16 +00:00
|
|
|
|
2019-04-29 22:08:09 +00:00
|
|
|
func makeConfigEntry(kind, name string) (ConfigEntry, error) {
|
|
|
|
switch kind {
|
|
|
|
case ServiceDefaults:
|
2019-06-28 16:35:35 +00:00
|
|
|
return &ServiceConfigEntry{Kind: kind, Name: name}, nil
|
2019-04-29 22:08:09 +00:00
|
|
|
case ProxyDefaults:
|
2019-06-28 16:35:35 +00:00
|
|
|
return &ProxyConfigEntry{Kind: kind, Name: name}, nil
|
2019-06-27 17:37:43 +00:00
|
|
|
case ServiceRouter:
|
2019-06-28 16:35:35 +00:00
|
|
|
return &ServiceRouterConfigEntry{Kind: kind, Name: name}, nil
|
2019-06-27 17:37:43 +00:00
|
|
|
case ServiceSplitter:
|
2019-06-28 16:35:35 +00:00
|
|
|
return &ServiceSplitterConfigEntry{Kind: kind, Name: name}, nil
|
2019-06-27 17:37:43 +00:00
|
|
|
case ServiceResolver:
|
2019-06-28 16:35:35 +00:00
|
|
|
return &ServiceResolverConfigEntry{Kind: kind, Name: name}, nil
|
2020-03-31 16:59:10 +00:00
|
|
|
case IngressGateway:
|
|
|
|
return &IngressGatewayConfigEntry{Kind: kind, Name: name}, nil
|
2020-03-31 19:27:32 +00:00
|
|
|
case TerminatingGateway:
|
|
|
|
return &TerminatingGatewayConfigEntry{Kind: kind, Name: name}, nil
|
2020-10-06 18:24:05 +00:00
|
|
|
case ServiceIntentions:
|
|
|
|
return &ServiceIntentionsConfigEntry{Kind: kind, Name: name}, nil
|
2021-04-28 22:13:29 +00:00
|
|
|
case MeshConfig:
|
2021-04-29 19:54:27 +00:00
|
|
|
return &MeshConfigEntry{}, nil
|
2021-12-03 06:50:38 +00:00
|
|
|
case ExportedServices:
|
|
|
|
return &ExportedServicesConfigEntry{Name: name}, nil
|
2023-03-13 21:19:11 +00:00
|
|
|
case SamenessGroup:
|
|
|
|
return &SamenessGroupConfigEntry{Kind: kind, Name: name}, nil
|
2023-01-18 22:14:34 +00:00
|
|
|
case APIGateway:
|
|
|
|
return &APIGatewayConfigEntry{Kind: kind, Name: name}, nil
|
|
|
|
case TCPRoute:
|
|
|
|
return &TCPRouteConfigEntry{Kind: kind, Name: name}, nil
|
2024-04-15 20:45:05 +00:00
|
|
|
case FileSystemCertificate:
|
|
|
|
return &FileSystemCertificateConfigEntry{Kind: kind, Name: name}, nil
|
2023-01-18 22:14:34 +00:00
|
|
|
case InlineCertificate:
|
|
|
|
return &InlineCertificateConfigEntry{Kind: kind, Name: name}, nil
|
|
|
|
case HTTPRoute:
|
|
|
|
return &HTTPRouteConfigEntry{Kind: kind, Name: name}, nil
|
2023-03-15 18:21:24 +00:00
|
|
|
case RateLimitIPConfig:
|
|
|
|
return &RateLimitIPConfigEntry{Kind: kind, Name: name}, nil
|
2023-04-19 21:54:14 +00:00
|
|
|
case JWTProvider:
|
|
|
|
return &JWTProviderConfigEntry{Kind: kind, Name: name}, nil
|
2019-04-29 22:08:09 +00:00
|
|
|
default:
|
|
|
|
return nil, fmt.Errorf("invalid config entry kind: %s", kind)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-06-27 17:37:43 +00:00
|
|
|
func MakeConfigEntry(kind, name string) (ConfigEntry, error) {
|
|
|
|
return makeConfigEntry(kind, name)
|
|
|
|
}
|
|
|
|
|
2019-08-05 22:15:22 +00:00
|
|
|
// DecodeConfigEntry will decode the result of using json.Unmarshal of a config
|
|
|
|
// entry into a map[string]interface{}.
|
2019-06-27 17:37:43 +00:00
|
|
|
//
|
2019-08-05 22:15:22 +00:00
|
|
|
// Important caveats:
|
2019-06-27 17:37:43 +00:00
|
|
|
//
|
2019-08-05 22:15:22 +00:00
|
|
|
// - This will NOT work if the map[string]interface{} was produced using HCL
|
|
|
|
// decoding as that requires more extensive parsing to work around the issues
|
|
|
|
// with map[string][]interface{} that arise.
|
2019-06-27 17:37:43 +00:00
|
|
|
//
|
2019-08-05 22:15:22 +00:00
|
|
|
// - This will only decode fields using their camel case json field
|
|
|
|
// representations.
|
2019-04-29 22:08:09 +00:00
|
|
|
func DecodeConfigEntry(raw map[string]interface{}) (ConfigEntry, error) {
|
|
|
|
var entry ConfigEntry
|
|
|
|
|
|
|
|
kindVal, ok := raw["Kind"]
|
|
|
|
if !ok {
|
|
|
|
kindVal, ok = raw["kind"]
|
|
|
|
}
|
|
|
|
if !ok {
|
|
|
|
return nil, fmt.Errorf("Payload does not contain a kind/Kind key at the top level")
|
|
|
|
}
|
|
|
|
|
|
|
|
if kindStr, ok := kindVal.(string); ok {
|
|
|
|
newEntry, err := makeConfigEntry(kindStr, "")
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
entry = newEntry
|
|
|
|
} else {
|
|
|
|
return nil, fmt.Errorf("Kind value in payload is not a string")
|
|
|
|
}
|
|
|
|
|
|
|
|
decodeConf := &mapstructure.DecoderConfig{
|
2020-10-06 18:24:05 +00:00
|
|
|
DecodeHook: mapstructure.ComposeDecodeHookFunc(
|
|
|
|
mapstructure.StringToTimeDurationHookFunc(),
|
|
|
|
mapstructure.StringToTimeHookFunc(time.RFC3339),
|
|
|
|
),
|
2019-04-29 22:08:09 +00:00
|
|
|
Result: &entry,
|
|
|
|
WeaklyTypedInput: true,
|
|
|
|
}
|
|
|
|
|
|
|
|
decoder, err := mapstructure.NewDecoder(decodeConf)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return entry, decoder.Decode(raw)
|
|
|
|
}
|
|
|
|
|
2019-04-30 23:27:16 +00:00
|
|
|
func DecodeConfigEntryFromJSON(data []byte) (ConfigEntry, error) {
|
|
|
|
var raw map[string]interface{}
|
|
|
|
if err := json.Unmarshal(data, &raw); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return DecodeConfigEntry(raw)
|
|
|
|
}
|
|
|
|
|
2019-08-05 22:15:22 +00:00
|
|
|
func decodeConfigEntrySlice(raw []map[string]interface{}) ([]ConfigEntry, error) {
|
|
|
|
var entries []ConfigEntry
|
|
|
|
for _, rawEntry := range raw {
|
|
|
|
entry, err := DecodeConfigEntry(rawEntry)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
entries = append(entries, entry)
|
|
|
|
}
|
|
|
|
return entries, nil
|
|
|
|
}
|
|
|
|
|
2019-08-02 20:34:54 +00:00
|
|
|
// ConfigEntries can be used to query the Config endpoints
|
2019-04-29 22:08:09 +00:00
|
|
|
type ConfigEntries struct {
|
|
|
|
c *Client
|
|
|
|
}
|
|
|
|
|
|
|
|
// Config returns a handle to the Config endpoints
|
|
|
|
func (c *Client) ConfigEntries() *ConfigEntries {
|
|
|
|
return &ConfigEntries{c}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (conf *ConfigEntries) Get(kind string, name string, q *QueryOptions) (ConfigEntry, *QueryMeta, error) {
|
|
|
|
if kind == "" || name == "" {
|
|
|
|
return nil, nil, fmt.Errorf("Both kind and name parameters must not be empty")
|
|
|
|
}
|
|
|
|
|
|
|
|
entry, err := makeConfigEntry(kind, name)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
|
2022-01-25 17:15:06 +00:00
|
|
|
r := conf.c.newRequest("GET", fmt.Sprintf("/v1/config/%s/%s", kind, name))
|
2019-04-29 22:08:09 +00:00
|
|
|
r.setQueryOptions(q)
|
2021-10-28 16:24:23 +00:00
|
|
|
rtt, resp, err := conf.c.doRequest(r)
|
2019-04-29 22:08:09 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
2021-06-14 22:49:32 +00:00
|
|
|
defer closeResponseBody(resp)
|
2021-10-28 16:24:23 +00:00
|
|
|
if err := requireOK(resp); err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
2019-04-29 22:08:09 +00:00
|
|
|
|
|
|
|
qm := &QueryMeta{}
|
|
|
|
parseQueryMeta(resp, qm)
|
|
|
|
qm.RequestTime = rtt
|
|
|
|
|
|
|
|
if err := decodeBody(resp, entry); err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return entry, qm, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (conf *ConfigEntries) List(kind string, q *QueryOptions) ([]ConfigEntry, *QueryMeta, error) {
|
|
|
|
if kind == "" {
|
|
|
|
return nil, nil, fmt.Errorf("The kind parameter must not be empty")
|
|
|
|
}
|
|
|
|
|
2022-01-25 17:15:06 +00:00
|
|
|
r := conf.c.newRequest("GET", fmt.Sprintf("/v1/config/%s", kind))
|
2019-04-29 22:08:09 +00:00
|
|
|
r.setQueryOptions(q)
|
2021-10-28 16:24:23 +00:00
|
|
|
rtt, resp, err := conf.c.doRequest(r)
|
2019-04-29 22:08:09 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
2021-06-14 22:49:32 +00:00
|
|
|
defer closeResponseBody(resp)
|
2021-10-28 16:24:23 +00:00
|
|
|
if err := requireOK(resp); err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
2019-04-29 22:08:09 +00:00
|
|
|
|
|
|
|
qm := &QueryMeta{}
|
|
|
|
parseQueryMeta(resp, qm)
|
|
|
|
qm.RequestTime = rtt
|
|
|
|
|
|
|
|
var raw []map[string]interface{}
|
|
|
|
if err := decodeBody(resp, &raw); err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
|
|
|
|
2019-08-05 22:15:22 +00:00
|
|
|
entries, err := decodeConfigEntrySlice(raw)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
2019-04-29 22:08:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return entries, qm, nil
|
|
|
|
}
|
|
|
|
|
2019-04-30 23:27:16 +00:00
|
|
|
func (conf *ConfigEntries) Set(entry ConfigEntry, w *WriteOptions) (bool, *WriteMeta, error) {
|
|
|
|
return conf.set(entry, nil, w)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (conf *ConfigEntries) CAS(entry ConfigEntry, index uint64, w *WriteOptions) (bool, *WriteMeta, error) {
|
|
|
|
return conf.set(entry, map[string]string{"cas": strconv.FormatUint(index, 10)}, w)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (conf *ConfigEntries) set(entry ConfigEntry, params map[string]string, w *WriteOptions) (bool, *WriteMeta, error) {
|
2019-04-29 22:08:09 +00:00
|
|
|
r := conf.c.newRequest("PUT", "/v1/config")
|
|
|
|
r.setWriteOptions(w)
|
2019-04-30 23:27:16 +00:00
|
|
|
for param, value := range params {
|
|
|
|
r.params.Set(param, value)
|
|
|
|
}
|
2019-04-29 22:08:09 +00:00
|
|
|
r.obj = entry
|
2021-10-28 16:24:23 +00:00
|
|
|
rtt, resp, err := conf.c.doRequest(r)
|
2019-04-29 22:08:09 +00:00
|
|
|
if err != nil {
|
2019-04-30 23:27:16 +00:00
|
|
|
return false, nil, err
|
2019-04-29 22:08:09 +00:00
|
|
|
}
|
2021-06-14 22:49:32 +00:00
|
|
|
defer closeResponseBody(resp)
|
2021-10-28 16:24:23 +00:00
|
|
|
if err := requireOK(resp); err != nil {
|
|
|
|
return false, nil, err
|
|
|
|
}
|
2019-04-30 23:27:16 +00:00
|
|
|
|
|
|
|
var buf bytes.Buffer
|
|
|
|
if _, err := io.Copy(&buf, resp.Body); err != nil {
|
|
|
|
return false, nil, fmt.Errorf("Failed to read response: %v", err)
|
|
|
|
}
|
|
|
|
res := strings.Contains(buf.String(), "true")
|
2019-04-29 22:08:09 +00:00
|
|
|
|
|
|
|
wm := &WriteMeta{RequestTime: rtt}
|
2019-04-30 23:27:16 +00:00
|
|
|
return res, wm, nil
|
2019-04-29 22:08:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (conf *ConfigEntries) Delete(kind string, name string, w *WriteOptions) (*WriteMeta, error) {
|
2021-11-01 16:42:01 +00:00
|
|
|
_, wm, err := conf.delete(kind, name, nil, w)
|
|
|
|
return wm, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// DeleteCAS performs a Check-And-Set deletion of the given config entry, and
|
|
|
|
// returns true if it was successful. If the provided index no longer matches
|
|
|
|
// the entry's ModifyIndex (i.e. it was modified by another process) then the
|
|
|
|
// operation will fail and return false.
|
|
|
|
func (conf *ConfigEntries) DeleteCAS(kind, name string, index uint64, w *WriteOptions) (bool, *WriteMeta, error) {
|
|
|
|
return conf.delete(kind, name, map[string]string{"cas": strconv.FormatUint(index, 10)}, w)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (conf *ConfigEntries) delete(kind, name string, params map[string]string, w *WriteOptions) (bool, *WriteMeta, error) {
|
2019-04-29 22:08:09 +00:00
|
|
|
if kind == "" || name == "" {
|
2021-11-01 16:42:01 +00:00
|
|
|
return false, nil, fmt.Errorf("Both kind and name parameters must not be empty")
|
2019-04-29 22:08:09 +00:00
|
|
|
}
|
|
|
|
|
2022-01-25 17:15:06 +00:00
|
|
|
r := conf.c.newRequest("DELETE", fmt.Sprintf("/v1/config/%s/%s", kind, name))
|
2019-04-29 22:08:09 +00:00
|
|
|
r.setWriteOptions(w)
|
2021-11-01 16:42:01 +00:00
|
|
|
for param, value := range params {
|
|
|
|
r.params.Set(param, value)
|
|
|
|
}
|
|
|
|
|
2021-10-28 16:24:23 +00:00
|
|
|
rtt, resp, err := conf.c.doRequest(r)
|
2019-04-29 22:08:09 +00:00
|
|
|
if err != nil {
|
2021-11-01 16:42:01 +00:00
|
|
|
return false, nil, err
|
2019-04-29 22:08:09 +00:00
|
|
|
}
|
2021-10-28 16:24:23 +00:00
|
|
|
defer closeResponseBody(resp)
|
2021-11-01 16:42:01 +00:00
|
|
|
|
2021-10-28 16:24:23 +00:00
|
|
|
if err := requireOK(resp); err != nil {
|
2021-11-01 16:42:01 +00:00
|
|
|
return false, nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
var buf bytes.Buffer
|
|
|
|
if _, err := io.Copy(&buf, resp.Body); err != nil {
|
|
|
|
return false, nil, fmt.Errorf("Failed to read response: %v", err)
|
2021-10-28 16:24:23 +00:00
|
|
|
}
|
2021-11-01 16:42:01 +00:00
|
|
|
|
|
|
|
res := strings.Contains(buf.String(), "true")
|
2019-04-29 22:08:09 +00:00
|
|
|
wm := &WriteMeta{RequestTime: rtt}
|
2021-11-01 16:42:01 +00:00
|
|
|
return res, wm, nil
|
2019-04-29 22:08:09 +00:00
|
|
|
}
|