consul/command/troubleshoot/proxy/troubleshoot_proxy.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1

package proxy

import (
	"flag"
	"fmt"
	"net"
	"os"

	"github.com/hashicorp/consul/command/cli"
	"github.com/hashicorp/consul/command/flags"
	troubleshoot "github.com/hashicorp/consul/troubleshoot/proxy"
)

func New(ui cli.Ui) *cmd {
	c := &cmd{UI: ui}
	c.init()
	return c
}

type cmd struct {
	UI    cli.Ui
	flags *flag.FlagSet
	http  *flags.HTTPFlags
	help  string

	// flags
	upstreamEnvoyID    string
	upstreamIP         string
	envoyAdminEndpoint string
}

func (c *cmd) init() {
	c.flags = flag.NewFlagSet("", flag.ContinueOnError)

	c.flags.StringVar(&c.upstreamEnvoyID, "upstream-envoy-id", os.Getenv("UPSTREAM_ENVOY_ID"), "The envoy identifier of the upstream service that receives the communication. (explicit upstreams only)")
	c.flags.StringVar(&c.upstreamIP, "upstream-ip", os.Getenv("UPSTREAM_IP"), "The IP address of the upstream service that receives the communication. (transparent proxy only) ")

	defaultEnvoyAdminEndpoint := "localhost:19000"
	if envoyAdminEndpoint := os.Getenv("ENVOY_ADMIN_ENDPOINT"); envoyAdminEndpoint != "" {
		defaultEnvoyAdminEndpoint = envoyAdminEndpoint
	}
	c.flags.StringVar(&c.envoyAdminEndpoint, "envoy-admin-endpoint", defaultEnvoyAdminEndpoint, "The address:port that envoy's admin endpoint is on.")

	c.http = &flags.HTTPFlags{}
	flags.Merge(c.flags, c.http.ClientFlags())
	flags.Merge(c.flags, c.http.ServerFlags())
	c.help = flags.Usage(help, c.flags)
}

func (c *cmd) Run(args []string) int {

	if err := c.flags.Parse(args); err != nil {
		c.UI.Error(fmt.Sprintf("Failed to parse args: %v", err))
		return 1
	}

	if c.upstreamEnvoyID == "" && c.upstreamIP == "" {
		c.UI.Error("-upstream-envoy-id OR -upstream-ip is required.")
		c.UI.Error("Please run `consul troubleshoot upstreams` to find the corresponding upstream.")
		return 1
	}

	adminAddr, adminPort, err := net.SplitHostPort(c.envoyAdminEndpoint)
	if err != nil {
		c.UI.Error("Invalid Envoy Admin endpoint: " + err.Error())
		return 1
	}

	// Envoy requires IP addresses to bind too when using static so resolve DNS or
	// localhost here.
	adminBindIP, err := net.ResolveIPAddr("ip", adminAddr)
	if err != nil {
		c.UI.Error("Failed to resolve Envoy admin endpoint: " + err.Error())
		c.UI.Error("Please make sure Envoy's Admin API is enabled.")
		return 1
	}

	t, err := troubleshoot.NewTroubleshoot(adminBindIP, adminPort)
	if err != nil {
		c.UI.Error("Error generating troubleshoot client: " + err.Error())
		return 1
	}
	messages, err := t.RunAllTests(c.upstreamEnvoyID, c.upstreamIP)
	if err != nil {
		c.UI.Error("Error running the tests: " + err.Error())
		return 1
	}

	c.UI.HeaderOutput("Validation")
	for _, o := range messages {
		if o.Success {
			c.UI.SuccessOutput(o.Message)
		} else {
			c.UI.ErrorOutput(o.Message)
			for _, action := range o.PossibleActions {
				c.UI.UnchangedOutput("-> " + action)
			}
		}
	}
	if messages.Success() {
		c.UI.UnchangedOutput("If you are still experiencing issues, you can:")
		c.UI.UnchangedOutput("-> Check intentions to ensure the upstream allows traffic from this source")
		c.UI.UnchangedOutput("-> If using transparent proxy, ensure DNS resolution is to the same IP you have verified here")
	}
	return 0
}

func (c *cmd) Synopsis() string {
	return synopsis
}

func (c *cmd) Help() string {
	return c.help
}

const (
	synopsis = "Troubleshoots service mesh issues from the current envoy instance"
	help     = `
Usage: consul troubleshoot proxy [options]
  
  Connects to local envoy proxy and troubleshoots service mesh communication issues.
  Requires an upstream service identifier. When debugging explicitly configured upstreams,
  use -upstream-envoy-id, when debugging transparent proxy upstreams use -upstream-ip.
  Examples:
    (explicit upstreams only)
      $ consul troubleshoot proxy -upstream-envoy-id foo
    (transparent proxy only)
      $ consul troubleshoot proxy -upstream-ip 240.0.0.1
 
    where 'foo' is the upstream envoy identifier and '240.0.0.1' is an upstream ip which
    can be obtained by running:
    $ consul troubleshoot upstreams [options]
`
)
Copyright headers for command folder (#16705) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files * copyright headers for agent folder * Copyright headers for command folder * fix merge conflicts 2023-03-28 19:12:30 +00:00			`// Copyright (c) HashiCorp, Inc.`
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> 2023-08-11 13:12:13 +00:00			`// SPDX-License-Identifier: BUSL-1.1`
Copyright headers for command folder (#16705) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files * copyright headers for agent folder * Copyright headers for command folder * fix merge conflicts 2023-03-28 19:12:30 +00:00
update troubleshoot CLI (#16129) 2023-02-01 23:11:05 +00:00			`package proxy`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00
			`import (`
			`"flag"`
			`"fmt"`
			`"net"`
			`"os"`

troubleshoot: make output have tables and colors (#16235) Adds tables and colors using libraries used in consul-k8s. It doesn't add the full `terminal` UI package that consul-k8s uses since there is an existing UI in Consul that I didn't want to affect too much. So instead this adds to the existing UI. 2023-02-10 19:12:13 +00:00			`"github.com/hashicorp/consul/command/cli"`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00			`"github.com/hashicorp/consul/command/flags"`
refactor: remove troubleshoot module dependency on consul top level module (#16162) Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul. * turns troubleshoot into a go module [authored by @curtbushko] * gets the envoy protos into the troubleshoot module [authored by @curtbushko] * adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import * adds testing and linting for the new go modules * moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package * fixes all the imports everywhere as a result of these changes Co-authored-by: Curt Bushko <cbushko@gmail.com> 2023-02-06 17:14:35 +00:00			`troubleshoot "github.com/hashicorp/consul/troubleshoot/proxy"`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00			`)`

			`func New(ui cli.Ui) *cmd {`
			`c := &cmd{UI: ui}`
			`c.init()`
			`return c`
			`}`

			`type cmd struct {`
			`UI cli.Ui`
			`flags *flag.FlagSet`
			`http *flags.HTTPFlags`
			`help string`

			`// flags`
update troubleshoot CLI, update flags and upstreams output (#16211) * update troubleshoot CLI, update flags and upstreams output * update troubleshoot upstreams output 2023-02-09 00:05:22 +00:00			`upstreamEnvoyID string`
			`upstreamIP string`
			`envoyAdminEndpoint string`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00			`}`

			`func (c *cmd) init() {`
			`c.flags = flag.NewFlagSet("", flag.ContinueOnError)`

update troubleshoot CLI, update flags and upstreams output (#16211) * update troubleshoot CLI, update flags and upstreams output * update troubleshoot upstreams output 2023-02-09 00:05:22 +00:00			`c.flags.StringVar(&c.upstreamEnvoyID, "upstream-envoy-id", os.Getenv("UPSTREAM_ENVOY_ID"), "The envoy identifier of the upstream service that receives the communication. (explicit upstreams only)")`
			`c.flags.StringVar(&c.upstreamIP, "upstream-ip", os.Getenv("UPSTREAM_IP"), "The IP address of the upstream service that receives the communication. (transparent proxy only) ")`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00
update troubleshoot CLI, update flags and upstreams output (#16211) * update troubleshoot CLI, update flags and upstreams output * update troubleshoot upstreams output 2023-02-09 00:05:22 +00:00			`defaultEnvoyAdminEndpoint := "localhost:19000"`
			`if envoyAdminEndpoint := os.Getenv("ENVOY_ADMIN_ENDPOINT"); envoyAdminEndpoint != "" {`
			`defaultEnvoyAdminEndpoint = envoyAdminEndpoint`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00			`}`
update troubleshoot CLI, update flags and upstreams output (#16211) * update troubleshoot CLI, update flags and upstreams output * update troubleshoot upstreams output 2023-02-09 00:05:22 +00:00			`c.flags.StringVar(&c.envoyAdminEndpoint, "envoy-admin-endpoint", defaultEnvoyAdminEndpoint, "The address:port that envoy's admin endpoint is on.")`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00
			`c.http = &flags.HTTPFlags{}`
			`flags.Merge(c.flags, c.http.ClientFlags())`
			`flags.Merge(c.flags, c.http.ServerFlags())`
			`c.help = flags.Usage(help, c.flags)`
			`}`

			`func (c *cmd) Run(args []string) int {`

			`if err := c.flags.Parse(args); err != nil {`
			`c.UI.Error(fmt.Sprintf("Failed to parse args: %v", err))`
			`return 1`
			`}`

update troubleshoot CLI, update flags and upstreams output (#16211) * update troubleshoot CLI, update flags and upstreams output * update troubleshoot upstreams output 2023-02-09 00:05:22 +00:00			`if c.upstreamEnvoyID == "" && c.upstreamIP == "" {`
			`c.UI.Error("-upstream-envoy-id OR -upstream-ip is required.")`
			c.UI.Error("Please run `consul troubleshoot upstreams` to find the corresponding upstream.")
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00			`return 1`
			`}`

update troubleshoot CLI, update flags and upstreams output (#16211) * update troubleshoot CLI, update flags and upstreams output * update troubleshoot upstreams output 2023-02-09 00:05:22 +00:00			`adminAddr, adminPort, err := net.SplitHostPort(c.envoyAdminEndpoint)`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00			`if err != nil {`
			`c.UI.Error("Invalid Envoy Admin endpoint: " + err.Error())`
			`return 1`
			`}`

			`// Envoy requires IP addresses to bind too when using static so resolve DNS or`
			`// localhost here.`
			`adminBindIP, err := net.ResolveIPAddr("ip", adminAddr)`
			`if err != nil {`
update troubleshoot CLI, update flags and upstreams output (#16211) * update troubleshoot CLI, update flags and upstreams output * update troubleshoot upstreams output 2023-02-09 00:05:22 +00:00			`c.UI.Error("Failed to resolve Envoy admin endpoint: " + err.Error())`
			`c.UI.Error("Please make sure Envoy's Admin API is enabled.")`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00			`return 1`
			`}`

			`t, err := troubleshoot.NewTroubleshoot(adminBindIP, adminPort)`
			`if err != nil {`
troubleshoot: fixes and updated messages (#16294) 2023-02-17 15:43:05 +00:00			`c.UI.Error("Error generating troubleshoot client: " + err.Error())`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00			`return 1`
			`}`
update troubleshoot CLI, update flags and upstreams output (#16211) * update troubleshoot CLI, update flags and upstreams output * update troubleshoot upstreams output 2023-02-09 00:05:22 +00:00			`messages, err := t.RunAllTests(c.upstreamEnvoyID, c.upstreamIP)`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00			`if err != nil {`
troubleshoot: fixes and updated messages (#16294) 2023-02-17 15:43:05 +00:00			`c.UI.Error("Error running the tests: " + err.Error())`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00			`return 1`
			`}`
validate certs and get stats (#16139) 2023-02-02 22:24:18 +00:00
troubleshoot: make output have tables and colors (#16235) Adds tables and colors using libraries used in consul-k8s. It doesn't add the full `terminal` UI package that consul-k8s uses since there is an existing UI in Consul that I didn't want to affect too much. So instead this adds to the existing UI. 2023-02-10 19:12:13 +00:00			`c.UI.HeaderOutput("Validation")`
troubleshoot: output messages for the troubleshoot proxy command (#16208) 2023-02-08 21:03:15 +00:00			`for _, o := range messages {`
			`if o.Success {`
troubleshoot: make output have tables and colors (#16235) Adds tables and colors using libraries used in consul-k8s. It doesn't add the full `terminal` UI package that consul-k8s uses since there is an existing UI in Consul that I didn't want to affect too much. So instead this adds to the existing UI. 2023-02-10 19:12:13 +00:00			`c.UI.SuccessOutput(o.Message)`
troubleshoot: output messages for the troubleshoot proxy command (#16208) 2023-02-08 21:03:15 +00:00			`} else {`
troubleshoot: make output have tables and colors (#16235) Adds tables and colors using libraries used in consul-k8s. It doesn't add the full `terminal` UI package that consul-k8s uses since there is an existing UI in Consul that I didn't want to affect too much. So instead this adds to the existing UI. 2023-02-10 19:12:13 +00:00			`c.UI.ErrorOutput(o.Message)`
troubleshoot: fixes and updated messages (#16294) 2023-02-17 15:43:05 +00:00			`for _, action := range o.PossibleActions {`
			`c.UI.UnchangedOutput("-> " + action)`
troubleshoot: output messages for the troubleshoot proxy command (#16208) 2023-02-08 21:03:15 +00:00			`}`
			`}`
validate certs and get stats (#16139) 2023-02-02 22:24:18 +00:00			`}`
troubleshoot: fixes and updated messages (#16294) 2023-02-17 15:43:05 +00:00			`if messages.Success() {`
			`c.UI.UnchangedOutput("If you are still experiencing issues, you can:")`
			`c.UI.UnchangedOutput("-> Check intentions to ensure the upstream allows traffic from this source")`
			`c.UI.UnchangedOutput("-> If using transparent proxy, ensure DNS resolution is to the same IP you have verified here")`
			`}`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00			`return 0`
			`}`

			`func (c *cmd) Synopsis() string {`
			`return synopsis`
			`}`

			`func (c *cmd) Help() string {`
			`return c.help`
			`}`

			`const (`
update troubleshoot CLI (#16129) 2023-02-01 23:11:05 +00:00			`synopsis = "Troubleshoots service mesh issues from the current envoy instance"`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00			help = `
			`Usage: consul troubleshoot proxy [options]`
validate certs and get stats (#16139) 2023-02-02 22:24:18 +00:00
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00			`Connects to local envoy proxy and troubleshoots service mesh communication issues.`
troubleshoot: fixes and updated messages (#16294) 2023-02-17 15:43:05 +00:00			`Requires an upstream service identifier. When debugging explicitly configured upstreams,`
			`use -upstream-envoy-id, when debugging transparent proxy upstreams use -upstream-ip.`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00			`Examples:`
update troubleshoot CLI, update flags and upstreams output (#16211) * update troubleshoot CLI, update flags and upstreams output * update troubleshoot upstreams output 2023-02-09 00:05:22 +00:00			`(explicit upstreams only)`
			`$ consul troubleshoot proxy -upstream-envoy-id foo`
			`(transparent proxy only)`
troubleshoot: fixes and updated messages (#16294) 2023-02-17 15:43:05 +00:00			`$ consul troubleshoot proxy -upstream-ip 240.0.0.1`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00
troubleshoot: fixes and updated messages (#16294) 2023-02-17 15:43:05 +00:00			`where 'foo' is the upstream envoy identifier and '240.0.0.1' is an upstream ip which`
add troubleshoot cli (#16070) * add troubleshoot cli * fix lint issue * fix merge conflict * fix lint issue 2023-02-01 19:37:30 +00:00			`can be obtained by running:`
			`$ consul troubleshoot upstreams [options]`
			`
			`)`