consul/agent/grpc-external/services/resource/server.go

112 lines
2.6 KiB
Go
Raw Normal View History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package resource
import (
"context"
2023-04-06 09:40:04 +00:00
"github.com/hashicorp/go-hclog"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/metadata"
"google.golang.org/grpc/status"
2023-04-06 09:40:04 +00:00
"google.golang.org/protobuf/proto"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/acl/resolver"
"github.com/hashicorp/consul/internal/resource"
"github.com/hashicorp/consul/internal/storage"
"github.com/hashicorp/consul/proto-public/pbresource"
)
type Server struct {
Config
}
type Config struct {
2023-04-06 09:40:04 +00:00
Logger hclog.Logger
Registry Registry
2023-04-04 16:30:06 +00:00
// Backend is the storage backend that will be used for resource persistence.
Backend Backend
ACLResolver ACLResolver
}
//go:generate mockery --name Registry --inpackage
type Registry interface {
resource.Registry
}
//go:generate mockery --name Backend --inpackage
type Backend interface {
storage.Backend
}
//go:generate mockery --name ACLResolver --inpackage
type ACLResolver interface {
ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (resolver.Result, error)
}
func NewServer(cfg Config) *Server {
return &Server{cfg}
}
var _ pbresource.ResourceServiceServer = (*Server)(nil)
func (s *Server) Register(grpcServer *grpc.Server) {
pbresource.RegisterResourceServiceServer(grpcServer, s)
}
// Get token from grpc metadata or AnonymounsTokenId if not found
func tokenFromContext(ctx context.Context) string {
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return acl.AnonymousTokenID
}
vals := md.Get("x-consul-token")
if len(vals) == 0 {
return acl.AnonymousTokenID
}
return vals[0]
}
func (s *Server) resolveType(typ *pbresource.Type) (*resource.Registration, error) {
2023-04-06 09:40:04 +00:00
v, ok := s.Registry.Resolve(typ)
if ok {
return &v, nil
}
return nil, status.Errorf(
codes.InvalidArgument,
"resource type %s not registered", resource.ToGVK(typ),
)
}
func readConsistencyFrom(ctx context.Context) storage.ReadConsistency {
md, ok := metadata.FromIncomingContext(ctx)
if !ok {
return storage.EventualConsistency
}
vals := md.Get("x-consul-consistency-mode")
if len(vals) == 0 {
return storage.EventualConsistency
}
if vals[0] == "consistent" {
return storage.StrongConsistency
}
return storage.EventualConsistency
}
2023-04-06 09:40:04 +00:00
func (s *Server) getAuthorizer(token string) (acl.Authorizer, error) {
authz, err := s.ACLResolver.ResolveTokenAndDefaultMeta(token, nil, nil)
if err != nil {
return nil, status.Errorf(codes.Internal, "failed getting authorizer: %v", err)
}
return authz, nil
}
2023-04-06 09:40:04 +00:00
func clone[T proto.Message](v T) T { return proto.Clone(v).(T) }