consul/agent/session_endpoint.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1

package agent

import (
	"fmt"
	"net/http"
	"strings"
	"time"

	"github.com/hashicorp/consul/agent/structs"
	"github.com/hashicorp/consul/lib"
	"github.com/hashicorp/consul/types"
)

// sessionCreateResponse is used to wrap the session ID
type sessionCreateResponse struct {
	ID string
}

// SessionCreate is used to create a new session
func (s *HTTPHandlers) SessionCreate(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	// Default the session to our node + serf check + release session
	// invalidate behavior.
	args := structs.SessionRequest{
		Op: structs.SessionCreate,
		Session: structs.Session{
			Node:       s.agent.config.NodeName,
			NodeChecks: []string{string(structs.SerfCheckID)},
			Checks:     []types.CheckID{structs.SerfCheckID},
			LockDelay:  15 * time.Second,
			Behavior:   structs.SessionKeysRelease,
			TTL:        "",
		},
	}
	s.parseDC(req, &args.Datacenter)
	s.parseToken(req, &args.Token)

	if err := s.parseEntMetaNoWildcard(req, &args.Session.EnterpriseMeta); err != nil {
		return nil, err
	}

	// Handle optional request body
	if req.ContentLength > 0 {
		if err := s.rewordUnknownEnterpriseFieldError(lib.DecodeJSON(req.Body, &args.Session)); err != nil {
			return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: fmt.Sprintf("Request decode failed: %v", err)}
		}
	}

	fixupEmptySessionChecks(&args.Session)

	if (s.agent.config.Datacenter != args.Datacenter) && (!s.agent.config.ServerMode) {
		return nil, fmt.Errorf("cross datacenter lock must be created at server agent")
	}

	// Create the session, get the ID
	var out string
	if err := s.agent.RPC(req.Context(), "Session.Apply", &args, &out); err != nil {
		return nil, err
	}

	// Format the response as a JSON object
	return sessionCreateResponse{out}, nil
}

// SessionDestroy is used to destroy an existing session
func (s *HTTPHandlers) SessionDestroy(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	args := structs.SessionRequest{
		Op: structs.SessionDestroy,
	}
	s.parseDC(req, &args.Datacenter)
	s.parseToken(req, &args.Token)

	if err := s.parseEntMetaNoWildcard(req, &args.Session.EnterpriseMeta); err != nil {
		return nil, err
	}

	// Pull out the session id
	args.Session.ID = strings.TrimPrefix(req.URL.Path, "/v1/session/destroy/")
	if args.Session.ID == "" {
		return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing session"}
	}

	var out string
	if err := s.agent.RPC(req.Context(), "Session.Apply", &args, &out); err != nil {
		return nil, err
	}
	return true, nil
}

// SessionRenew is used to renew the TTL on an existing TTL session
func (s *HTTPHandlers) SessionRenew(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	args := structs.SessionSpecificRequest{}
	if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
		return nil, nil
	}
	if err := s.parseEntMetaNoWildcard(req, &args.EnterpriseMeta); err != nil {
		return nil, err
	}

	// Pull out the session id
	args.SessionID = strings.TrimPrefix(req.URL.Path, "/v1/session/renew/")
	args.Session = args.SessionID
	if args.SessionID == "" {
		return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing session"}
	}

	var out structs.IndexedSessions
	if err := s.agent.RPC(req.Context(), "Session.Renew", &args, &out); err != nil {
		return nil, err
	} else if out.Sessions == nil {
		return nil, HTTPError{StatusCode: http.StatusNotFound, Reason: fmt.Sprintf("Session id '%s' not found", args.SessionID)}
	}

	return out.Sessions, nil
}

// SessionGet is used to get info for a particular session
func (s *HTTPHandlers) SessionGet(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	args := structs.SessionSpecificRequest{}
	if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
		return nil, nil
	}
	if err := s.parseEntMetaNoWildcard(req, &args.EnterpriseMeta); err != nil {
		return nil, err
	}

	// Pull out the session id
	args.SessionID = strings.TrimPrefix(req.URL.Path, "/v1/session/info/")
	args.Session = args.SessionID
	if args.SessionID == "" {
		return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing session"}
	}

	var out structs.IndexedSessions
	defer setMeta(resp, &out.QueryMeta)
	if err := s.agent.RPC(req.Context(), "Session.Get", &args, &out); err != nil {
		return nil, err
	}

	// Use empty list instead of nil
	if out.Sessions == nil {
		out.Sessions = make(structs.Sessions, 0)
	}
	return out.Sessions, nil
}

// SessionList is used to list all the sessions
func (s *HTTPHandlers) SessionList(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	args := structs.SessionSpecificRequest{}
	if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
		return nil, nil
	}
	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
		return nil, err
	}

	var out structs.IndexedSessions
	defer setMeta(resp, &out.QueryMeta)
	if err := s.agent.RPC(req.Context(), "Session.List", &args, &out); err != nil {
		return nil, err
	}

	// Use empty list instead of nil
	if out.Sessions == nil {
		out.Sessions = make(structs.Sessions, 0)
	}
	return out.Sessions, nil
}

// SessionsForNode returns all the nodes belonging to a node
func (s *HTTPHandlers) SessionsForNode(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	args := structs.NodeSpecificRequest{}
	if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
		return nil, nil
	}
	if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
		return nil, err
	}

	// Pull out the node name
	args.Node = strings.TrimPrefix(req.URL.Path, "/v1/session/node/")
	if args.Node == "" {
		return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing node name"}
	}

	var out structs.IndexedSessions
	defer setMeta(resp, &out.QueryMeta)
	if err := s.agent.RPC(req.Context(), "Session.NodeSessions", &args, &out); err != nil {
		return nil, err
	}

	// Use empty list instead of nil
	if out.Sessions == nil {
		out.Sessions = make(structs.Sessions, 0)
	}
	return out.Sessions, nil
}

// This is for backwards compatibility. Prior to 1.7.0 users could create a session with no Checks
// by passing an empty Checks field. Now the preferred field is session.NodeChecks.
func fixupEmptySessionChecks(session *structs.Session) {
	// If the Checks field contains an empty slice, empty out the default check that was provided to NodeChecks
	if len(session.Checks) == 0 {
		session.NodeChecks = make([]string, 0)
		return
	}

	// If the checks field contains the default value, empty it out. Defer to what is in NodeChecks.
	if len(session.Checks) == 1 && session.Checks[0] == structs.SerfCheckID {
		session.Checks = nil
		return
	}

	// If the NodeChecks field contains an empty slice, empty out the default check that was provided to Checks
	if len(session.NodeChecks) == 0 {
		session.Checks = nil
		return
	}
	return
}