status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
consul/agent/structs/structs_oss.go

177 lines
4.2 KiB
Go
Raw Normal View History

copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files
2023-03-28 18:39:22 +00:00
// Copyright (c) HashiCorp, Inc.
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-08-11 13:12:13 +00:00
// SPDX-License-Identifier: BUSL-1.1
copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files
2023-03-28 18:39:22 +00:00
re-run gofmt on 1.17 (#11579) This should let freshly recompiled golangci-lint binaries using Go 1.17 pass 'make lint'
2021-11-16 18:04:01 +00:00
//go:build !consulent
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) Main Changes: • method signature updates everywhere to account for passing around enterprise meta. • populate the EnterpriseAuthorizerContext for all ACL related authorizations. • ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing. • Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation. Secondary Changes: • Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies. • Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure) • AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise. • Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally. • Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token. • Added a bunch of ACL test helpers for inserting ACL resource test data.
2019-10-24 18:38:09 +00:00
// +build !consulent
package structs
import (
"github.com/hashicorp/consul/acl"
Move Session.CheckIDs into OSS only code. (#6993)
2020-01-03 20:51:19 +00:00
"github.com/hashicorp/consul/types"
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) Main Changes: • method signature updates everywhere to account for passing around enterprise meta. • populate the EnterpriseAuthorizerContext for all ACL related authorizations. • ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing. • Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation. Secondary Changes: • Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies. • Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure) • AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise. • Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally. • Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token. • Added a bunch of ACL test helpers for inserting ACL resource test data.
2019-10-24 18:38:09 +00:00
)
add new entmeta stuff. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-12 03:51:24 +00:00
// TODO(acl-move-enterprise-meta) sync this with enterprise
var emptyEnterpriseMeta = acl.EnterpriseMeta{}
rpc: Unset partition before forwarding to remote datacenter (#11758)
2021-12-08 19:02:14 +00:00
agent/structs: add a bunch more EnterpriseMeta helper functions to help with partitioning (#10669)
2021-07-22 18:20:45 +00:00
// TODO(partition): stop using this
add new entmeta stuff. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-12 03:51:24 +00:00
func NewEnterpriseMetaInDefaultPartition(_ string) acl.EnterpriseMeta {
agent/structs: add a bunch more EnterpriseMeta helper functions to help with partitioning (#10669)
2021-07-22 18:20:45 +00:00
return emptyEnterpriseMeta
}
add new entmeta stuff. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-12 03:51:24 +00:00
// ReplicationEnterpriseMeta stub
func ReplicationEnterpriseMeta() *acl.EnterpriseMeta {
return &emptyEnterpriseMeta
Handle namespaces in route names correctly; add tests for enterprise
2021-08-25 12:40:47 +00:00
}
add new entmeta stuff. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-12 03:51:24 +00:00
// TODO(partition): stop using this
func WildcardEnterpriseMetaInDefaultPartition() *acl.EnterpriseMeta {
Miscellaneous Fixes (#6896) Ensure we close the Sentinel Evaluator so as not to leak go routines Fix a bunch of test logging so that various warnings when starting a test agent go to the ltest logger and not straight to stdout. Various canned ent meta types always return a valid pointer (no more nils). This allows us to blindly deref + assign in various places. Update ACL index tracking to ensure oss -> ent upgrades will work as expected. Update ent meta parsing to include function to disallow wildcarding.
2019-12-06 19:01:34 +00:00
return &emptyEnterpriseMeta
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) Main Changes: • method signature updates everywhere to account for passing around enterprise meta. • populate the EnterpriseAuthorizerContext for all ACL related authorizations. • ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing. • Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation. Secondary Changes: • Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies. • Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure) • AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise. • Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally. • Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token. • Added a bunch of ACL test helpers for inserting ACL resource test data.
2019-10-24 18:38:09 +00:00
}
agent/structs: add a bunch more EnterpriseMeta helper functions to help with partitioning (#10669)
2021-07-22 18:20:45 +00:00
// TODO(partition): stop using this
add new entmeta stuff. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-12 03:51:24 +00:00
func DefaultEnterpriseMetaInDefaultPartition() *acl.EnterpriseMeta {
agent/structs: add a bunch more EnterpriseMeta helper functions to help with partitioning (#10669)
2021-07-22 18:20:45 +00:00
return &emptyEnterpriseMeta
}
// DefaultEnterpriseMetaInPartition stub
add new entmeta stuff. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-12 03:51:24 +00:00
func DefaultEnterpriseMetaInPartition(_ string) *acl.EnterpriseMeta {
agent/structs: add a bunch more EnterpriseMeta helper functions to help with partitioning (#10669)
2021-07-22 18:20:45 +00:00
return &emptyEnterpriseMeta
}
add new entmeta stuff. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-12 03:51:24 +00:00
// WildcardEnterpriseMetaInPartition stub
func WildcardEnterpriseMetaInPartition(_ string) *acl.EnterpriseMeta {
agent/structs: add a bunch more EnterpriseMeta helper functions to help with partitioning (#10669)
2021-07-22 18:20:45 +00:00
return &emptyEnterpriseMeta
}
add new entmeta stuff. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-12 03:51:24 +00:00
func NewEnterpriseMetaWithPartition(_, _ string) acl.EnterpriseMeta {
return emptyEnterpriseMeta
agent/structs: add a bunch more EnterpriseMeta helper functions to help with partitioning (#10669)
2021-07-22 18:20:45 +00:00
}
add new entmeta stuff. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-12 03:51:24 +00:00
func NodeEnterpriseMetaInPartition(_ string) *acl.EnterpriseMeta {
Miscellaneous Fixes (#6896) Ensure we close the Sentinel Evaluator so as not to leak go routines Fix a bunch of test logging so that various warnings when starting a test agent go to the ltest logger and not straight to stdout. Various canned ent meta types always return a valid pointer (no more nils). This allows us to blindly deref + assign in various places. Update ACL index tracking to ensure oss -> ent upgrades will work as expected. Update ent meta parsing to include function to disallow wildcarding.
2019-12-06 19:01:34 +00:00
return &emptyEnterpriseMeta
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) Main Changes: • method signature updates everywhere to account for passing around enterprise meta. • populate the EnterpriseAuthorizerContext for all ACL related authorizations. • ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing. • Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation. Secondary Changes: • Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies. • Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure) • AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise. • Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally. • Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token. • Added a bunch of ACL test helpers for inserting ACL resource test data.
2019-10-24 18:38:09 +00:00
}
add new entmeta stuff. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-12 03:51:24 +00:00
// TODO(partition): stop using this
func NodeEnterpriseMetaInDefaultPartition() *acl.EnterpriseMeta {
Miscellaneous Fixes (#6896) Ensure we close the Sentinel Evaluator so as not to leak go routines Fix a bunch of test logging so that various warnings when starting a test agent go to the ltest logger and not straight to stdout. Various canned ent meta types always return a valid pointer (no more nils). This allows us to blindly deref + assign in various places. Update ACL index tracking to ensure oss -> ent upgrades will work as expected. Update ent meta parsing to include function to disallow wildcarding.
2019-12-06 19:01:34 +00:00
return &emptyEnterpriseMeta
}
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) Main Changes: • method signature updates everywhere to account for passing around enterprise meta. • populate the EnterpriseAuthorizerContext for all ACL related authorizations. • ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing. • Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation. Secondary Changes: • Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies. • Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure) • AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise. • Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally. • Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token. • Added a bunch of ACL test helpers for inserting ACL resource test data.
2019-10-24 18:38:09 +00:00
Fixup authz for data imported from peers (#15347) There are a few changes that needed to be made to to handle authorizing reads for imported data: - If the data was imported from a peer we should not attempt to read the data using the traditional authz rules. This is because the name of services/nodes in a peer cluster are not equivalent to those of the importing cluster. - If the data was imported from a peer we need to check whether the token corresponds to a service, meaning that it has service:write permissions, or to a local read only token that can read all nodes/services in a namespace. This required changes at the policyAuthorizer level, since that is the only view available to OSS Consul, and at the enterprise partition/namespace level.
2022-11-14 18:36:27 +00:00
func (n *Node) FillAuthzContext(ctx *acl.AuthorizerContext) {
if ctx == nil {
return
}
ctx.Peer = n.PeerName
}
acl: some acl authz refactors for nodes (#10909)
2021-08-25 18:43:11 +00:00
peering: accept replication stream of discovery chain information at the importing side (#13151)
2022-05-19 21:37:52 +00:00
func (n *Node) OverridePartition(_ string) {
n.Partition = ""
}
acl: some acl authz refactors for nodes (#10909)
2021-08-25 18:43:11 +00:00
func (_ *Coordinate) FillAuthzContext(_ *acl.AuthorizerContext) {}
Ensure that NodeDump imported nodes are filtered (#15356)
2022-11-14 19:35:20 +00:00
func (n *NodeInfo) FillAuthzContext(ctx *acl.AuthorizerContext) {
ctx.Peer = n.PeerName
}
acl: some acl authz refactors for nodes (#10909)
2021-08-25 18:43:11 +00:00
Sync of OSS changes to support namespaces (#6909)
2019-12-10 02:26:41 +00:00
// FillAuthzContext stub
Rename EnterpriseAuthorizerContext -> AuthorizerContext
2019-12-18 18:43:24 +00:00
func (_ *DirEntry) FillAuthzContext(_ *acl.AuthorizerContext) {}
Sync of OSS changes to support namespaces (#6909)
2019-12-10 02:26:41 +00:00
Add DirEntry method to fill enterprise authz context
2019-11-01 20:48:44 +00:00
// FillAuthzContext stub
Rename EnterpriseAuthorizerContext -> AuthorizerContext
2019-12-18 18:43:24 +00:00
func (_ *RegisterRequest) FillAuthzContext(_ *acl.AuthorizerContext) {}
Sync of OSS changes to support namespaces (#6909)
2019-12-10 02:26:41 +00:00
add new entmeta stuff. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-12 03:51:24 +00:00
func (_ *RegisterRequest) GetEnterpriseMeta() *acl.EnterpriseMeta {
Sync of OSS changes to support namespaces (#6909)
2019-12-10 02:26:41 +00:00
return nil
}
// OSS Stub
Rename EnterpriseAuthorizerContext -> AuthorizerContext
2019-12-18 18:43:24 +00:00
func (op *TxnNodeOp) FillAuthzContext(ctx *acl.AuthorizerContext) {}
Sync of OSS changes to support namespaces (#6909)
2019-12-10 02:26:41 +00:00
// OSS Stub
Rename EnterpriseAuthorizerContext -> AuthorizerContext
2019-12-18 18:43:24 +00:00
func (_ *TxnServiceOp) FillAuthzContext(_ *acl.AuthorizerContext) {}
Sync of OSS changes to support namespaces (#6909)
2019-12-10 02:26:41 +00:00
// OSS Stub
Rename EnterpriseAuthorizerContext -> AuthorizerContext
2019-12-18 18:43:24 +00:00
func (_ *TxnCheckOp) FillAuthzContext(_ *acl.AuthorizerContext) {}
Sync of OSS changes to support namespaces (#6909)
2019-12-10 02:26:41 +00:00
add new entmeta stuff. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-12 03:51:24 +00:00
func NodeNameString(node string, _ *acl.EnterpriseMeta) string {
acl: some acl authz refactors for nodes (#10909)
2021-08-25 18:43:11 +00:00
return node
}
add new entmeta stuff. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-12 03:51:24 +00:00
func ServiceIDString(id string, _ *acl.EnterpriseMeta) string {
Sync of OSS changes to support namespaces (#6909)
2019-12-10 02:26:41 +00:00
return id
}
add new entmeta stuff. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-12 03:51:24 +00:00
func ParseServiceIDString(input string) (string, *acl.EnterpriseMeta) {
agent/structs: add a bunch more EnterpriseMeta helper functions to help with partitioning (#10669)
2021-07-22 18:20:45 +00:00
return input, DefaultEnterpriseMetaInDefaultPartition()
Updates to Config Entries and Connect for Namespaces (#7116)
2020-01-24 15:04:58 +00:00
}
structs: Fix printing of IDs These types are used as values (not pointers) in other structs. Using a pointer receiver causes problems when the value is printed. fmt will not call the String method if it is passed a value and the String method has a pointer receiver. By using a value receiver the correct string is printed. Also remove some unused methods.
2020-12-11 21:10:00 +00:00
func (sid ServiceID) String() string {
Sync of OSS changes to support namespaces (#6909)
2019-12-10 02:26:41 +00:00
return sid.ID
}
Updates to Config Entries and Connect for Namespaces (#7116)
2020-01-24 15:04:58 +00:00
func ServiceIDFromString(input string) ServiceID {
id, _ := ParseServiceIDString(input)
return ServiceID{ID: id}
}
add new entmeta stuff. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-12 03:51:24 +00:00
func ParseServiceNameString(input string) (string, *acl.EnterpriseMeta) {
agent/structs: add a bunch more EnterpriseMeta helper functions to help with partitioning (#10669)
2021-07-22 18:20:45 +00:00
return input, DefaultEnterpriseMetaInDefaultPartition()
Move compound service names to use ServiceName type
2020-06-12 14:57:41 +00:00
}
structs: Fix printing of IDs These types are used as values (not pointers) in other structs. Using a pointer receiver causes problems when the value is printed. fmt will not call the String method if it is passed a value and the String method has a pointer receiver. By using a value receiver the correct string is printed. Also remove some unused methods.
2020-12-11 21:10:00 +00:00
func (n ServiceName) String() string {
Move compound service names to use ServiceName type
2020-06-12 14:57:41 +00:00
return n.Name
}
func ServiceNameFromString(input string) ServiceName {
id, _ := ParseServiceNameString(input)
return ServiceName{Name: id}
}
structs: add convenience methods to sort slices of ServiceName values (#13038)
2022-05-12 15:08:50 +00:00
// Less implements sort.Interface.
func (s ServiceList) Less(i, j int) bool {
a, b := s[i], s[j]
return a.Name < b.Name
}
structs: Fix printing of IDs These types are used as values (not pointers) in other structs. Using a pointer receiver causes problems when the value is printed. fmt will not call the String method if it is passed a value and the String method has a pointer receiver. By using a value receiver the correct string is printed. Also remove some unused methods.
2020-12-11 21:10:00 +00:00
func (cid CheckID) String() string {
Sync of OSS changes to support namespaces (#6909)
2019-12-10 02:26:41 +00:00
return string(cid.ID)
}
func (_ *HealthCheck) Validate() error {
return nil
}
Move Session.CheckIDs into OSS only code. (#6993)
2020-01-03 20:51:19 +00:00
Enhance the output of consul snapshot inspect (#8787)
2020-10-09 19:57:29 +00:00
func enterpriseRequestType(m MessageType) (string, bool) {
return "", false
}
Move Session.CheckIDs into OSS only code. (#6993)
2020-01-03 20:51:19 +00:00
// CheckIDs returns the IDs for all checks associated with a session, regardless of type
func (s *Session) CheckIDs() []types.CheckID {
// Merge all check IDs into a single slice, since they will be handled the same way
checks := make([]types.CheckID, 0, len(s.Checks)+len(s.NodeChecks)+len(s.ServiceChecks))
checks = append(checks, s.Checks...)
for _, c := range s.NodeChecks {
checks = append(checks, types.CheckID(c))
}
for _, c := range s.ServiceChecks {
checks = append(checks, types.CheckID(c.ID))
}
return checks
}
Add methods to check intention has wildcard src or dst
2021-03-18 04:15:48 +00:00
func (t *Intention) HasWildcardSource() bool {
return t.SourceName == WildcardSpecifier
}
func (t *Intention) HasWildcardDestination() bool {
return t.DestinationName == WildcardSpecifier
}
replumbing a bunch of api and agent structs for partitions (#10681)
2021-07-22 19:33:22 +00:00
func (s *ServiceNode) NodeIdentity() Identity {
return Identity{ID: s.Node}
}
Add the `operator usage instances` command and api endpoint (#16205) This endpoint shows total services, connect service instances and billable service instances in the local datacenter or globally. Billable instances = total service instances - connect services - consul server instances.
2023-02-08 20:07:21 +00:00
type EnterpriseServiceUsage struct{}