2014-01-03 17:15:51 -08:00
package agent
import (
2019-02-27 14:28:31 -05:00
"encoding/json"
2014-01-30 15:35:38 -08:00
"fmt"
2016-11-16 16:45:26 -05:00
"log"
2014-01-03 17:15:51 -08:00
"net/http"
2019-02-27 14:28:31 -05:00
"path/filepath"
2015-01-21 09:53:31 -08:00
"strconv"
2014-01-03 17:15:51 -08:00
"strings"
2018-04-19 11:15:32 +01:00
2019-10-04 13:37:34 -05:00
"github.com/hashicorp/go-memdb"
"github.com/mitchellh/hashstructure"
2017-08-23 16:52:48 +02:00
"github.com/hashicorp/consul/acl"
2019-03-06 11:13:28 -06:00
cachetype "github.com/hashicorp/consul/agent/cache-types"
2018-10-17 13:20:35 -07:00
"github.com/hashicorp/consul/agent/debug"
2017-07-06 12:34:00 +02:00
"github.com/hashicorp/consul/agent/structs"
2019-02-27 14:28:31 -05:00
token_store "github.com/hashicorp/consul/agent/token"
2017-04-19 16:00:11 -07:00
"github.com/hashicorp/consul/api"
2017-05-15 22:10:36 +02:00
"github.com/hashicorp/consul/ipaddr"
2017-08-14 07:36:07 -07:00
"github.com/hashicorp/consul/lib"
2019-02-27 14:28:31 -05:00
"github.com/hashicorp/consul/lib/file"
2016-11-16 16:45:26 -05:00
"github.com/hashicorp/consul/logger"
2016-06-06 13:19:31 -07:00
"github.com/hashicorp/consul/types"
2019-09-25 20:55:52 -06:00
"github.com/hashicorp/go-bexpr"
2016-11-16 16:45:26 -05:00
"github.com/hashicorp/logutils"
2016-06-06 01:53:30 -07:00
"github.com/hashicorp/serf/coordinate"
"github.com/hashicorp/serf/serf"
2018-04-06 08:55:49 +02:00
"github.com/prometheus/client_golang/prometheus"
"github.com/prometheus/client_golang/prometheus/promhttp"
2014-01-03 17:15:51 -08:00
)
2017-04-20 17:46:29 -07:00
type Self struct {
2017-10-04 19:43:17 +02:00
Config interface { }
DebugConfig map [ string ] interface { }
Coord * coordinate . Coordinate
Member serf . Member
Stats map [ string ] map [ string ] string
Meta map [ string ] string
2014-05-28 00:09:28 +02:00
}
2014-05-26 01:59:48 +02:00
func ( s * HTTPServer ) AgentSelf ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2016-12-14 09:33:57 -08:00
// Fetch the ACL token, if any, and enforce agent policy.
var token string
s . parseToken ( req , & token )
2017-08-23 16:52:48 +02:00
rule , err := s . agent . resolveToken ( token )
2016-12-14 09:33:57 -08:00
if err != nil {
return nil , err
}
2019-10-15 16:58:50 -04:00
if rule != nil && rule . AgentRead ( s . agent . config . NodeName , nil ) != acl . Allow {
2017-08-23 16:52:48 +02:00
return nil , acl . ErrPermissionDenied
2016-12-14 09:33:57 -08:00
}
2018-01-19 15:25:22 -08:00
var cs lib . CoordinateSet
if ! s . agent . config . DisableCoordinates {
var err error
if cs , err = s . agent . GetLANCoordinate ( ) ; err != nil {
return nil , err
}
}
2017-10-04 19:43:17 +02:00
config := struct {
Datacenter string
NodeName string
2018-01-10 15:17:33 -08:00
NodeID string
2017-10-04 19:43:17 +02:00
Revision string
Server bool
Version string
} {
Datacenter : s . agent . config . Datacenter ,
NodeName : s . agent . config . NodeName ,
2018-01-10 15:17:33 -08:00
NodeID : string ( s . agent . config . NodeID ) ,
2017-10-04 19:43:17 +02:00
Revision : s . agent . config . Revision ,
Server : s . agent . config . ServerMode ,
Version : s . agent . config . Version ,
}
2017-04-20 17:46:29 -07:00
return Self {
2017-10-04 19:43:17 +02:00
Config : config ,
DebugConfig : s . agent . config . Sanitized ( ) ,
Coord : cs [ s . agent . config . SegmentName ] ,
Member : s . agent . LocalMember ( ) ,
Stats : s . agent . Stats ( ) ,
2017-08-28 14:17:13 +02:00
Meta : s . agent . State . Metadata ( ) ,
2014-05-28 00:09:28 +02:00
} , nil
2014-05-26 01:59:48 +02:00
}
2018-04-09 13:16:03 +02:00
// enablePrometheusOutput will look for Prometheus mime-type or format Query parameter the same way as Nomad
func enablePrometheusOutput ( req * http . Request ) bool {
if format := req . URL . Query ( ) . Get ( "format" ) ; format == "prometheus" {
return true
}
return false
}
2017-08-08 13:05:38 -07:00
func ( s * HTTPServer ) AgentMetrics ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
// Fetch the ACL token, if any, and enforce agent policy.
var token string
s . parseToken ( req , & token )
2017-08-23 16:52:48 +02:00
rule , err := s . agent . resolveToken ( token )
2017-08-08 13:05:38 -07:00
if err != nil {
return nil , err
}
2019-10-15 16:58:50 -04:00
if rule != nil && rule . AgentRead ( s . agent . config . NodeName , nil ) != acl . Allow {
2017-08-23 16:52:48 +02:00
return nil , acl . ErrPermissionDenied
2017-08-08 13:05:38 -07:00
}
2018-04-09 13:16:03 +02:00
if enablePrometheusOutput ( req ) {
2018-06-14 13:52:48 +01:00
if s . agent . config . Telemetry . PrometheusRetentionTime < 1 {
2018-04-06 14:21:05 +02:00
resp . WriteHeader ( http . StatusUnsupportedMediaType )
2018-10-03 22:47:56 +01:00
fmt . Fprint ( resp , "Prometheus is not enabled since its retention time is not positive" )
2018-04-06 14:21:05 +02:00
return nil , nil
}
2018-04-06 08:55:49 +02:00
handlerOptions := promhttp . HandlerOpts {
2018-04-09 13:16:03 +02:00
ErrorLog : s . agent . logger ,
ErrorHandling : promhttp . ContinueOnError ,
2018-04-06 08:55:49 +02:00
}
2017-08-08 13:05:38 -07:00
2018-04-06 08:55:49 +02:00
handler := promhttp . HandlerFor ( prometheus . DefaultGatherer , handlerOptions )
handler . ServeHTTP ( resp , req )
return nil , nil
}
2017-08-08 13:05:38 -07:00
return s . agent . MemSink . DisplayMetrics ( resp , req )
}
2016-11-30 13:29:42 -05:00
func ( s * HTTPServer ) AgentReload ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2016-12-14 09:33:57 -08:00
// Fetch the ACL token, if any, and enforce agent policy.
var token string
s . parseToken ( req , & token )
2017-08-23 16:52:48 +02:00
rule , err := s . agent . resolveToken ( token )
2016-12-14 09:33:57 -08:00
if err != nil {
return nil , err
}
2019-10-15 16:58:50 -04:00
if rule != nil && rule . AgentWrite ( s . agent . config . NodeName , nil ) != acl . Allow {
2017-08-23 16:52:48 +02:00
return nil , acl . ErrPermissionDenied
2016-12-14 09:33:57 -08:00
}
2016-11-30 13:29:42 -05:00
// Trigger the reload
2019-07-20 15:37:19 +02:00
errCh := make ( chan error )
2016-11-30 13:29:42 -05:00
select {
2017-05-19 17:51:39 +02:00
case <- s . agent . shutdownCh :
2016-11-30 13:29:42 -05:00
return nil , fmt . Errorf ( "Agent was shutdown before reload could be completed" )
case s . agent . reloadCh <- errCh :
}
// Wait for the result of the reload, or for the agent to shutdown
select {
2017-05-19 17:51:39 +02:00
case <- s . agent . shutdownCh :
2016-11-30 13:29:42 -05:00
return nil , fmt . Errorf ( "Agent was shutdown before reload could be completed" )
case err := <- errCh :
return nil , err
}
}
2019-08-09 15:19:30 -04:00
func buildAgentService ( s * structs . NodeService ) api . AgentService {
2019-01-07 15:39:23 +01:00
weights := api . AgentWeights { Passing : 1 , Warning : 1 }
if s . Weights != nil {
if s . Weights . Passing > 0 {
weights . Passing = s . Weights . Passing
}
weights . Warning = s . Weights . Warning
}
2019-06-17 10:51:50 -04:00
var taggedAddrs map [ string ] api . ServiceAddress
if len ( s . TaggedAddresses ) > 0 {
taggedAddrs = make ( map [ string ] api . ServiceAddress )
for k , v := range s . TaggedAddresses {
taggedAddrs [ k ] = v . ToAPIServiceAddress ( )
}
}
2019-01-07 15:39:23 +01:00
as := api . AgentService {
Kind : api . ServiceKind ( s . Kind ) ,
ID : s . ID ,
Service : s . Service ,
Tags : s . Tags ,
Meta : s . Meta ,
Port : s . Port ,
Address : s . Address ,
2019-06-17 10:51:50 -04:00
TaggedAddresses : taggedAddrs ,
2019-01-07 15:39:23 +01:00
EnableTagOverride : s . EnableTagOverride ,
CreateIndex : s . CreateIndex ,
ModifyIndex : s . ModifyIndex ,
Weights : weights ,
}
if as . Tags == nil {
as . Tags = [ ] string { }
}
if as . Meta == nil {
as . Meta = map [ string ] string { }
}
2019-06-17 20:52:01 -04:00
// Attach Proxy config if exists
if s . Kind == structs . ServiceKindConnectProxy ||
s . Kind == structs . ServiceKindMeshGateway {
2019-01-07 15:39:23 +01:00
as . Proxy = s . Proxy . ToAPI ( )
}
2019-08-09 15:19:30 -04:00
// Attach Connect configs if they exist.
if s . Connect . Native {
2019-01-07 15:39:23 +01:00
as . Connect = & api . AgentServiceConnect {
Native : true ,
}
}
return as
}
2014-01-03 17:15:51 -08:00
func ( s * HTTPServer ) AgentServices ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2016-12-14 14:16:46 -08:00
// Fetch the ACL token, if any.
var token string
s . parseToken ( req , & token )
2019-04-16 12:00:15 -04:00
var filterExpression string
s . parseFilter ( req , & filterExpression )
2017-08-28 14:17:13 +02:00
services := s . agent . State . Services ( )
2016-12-14 14:16:46 -08:00
if err := s . agent . filterServices ( token , & services ) ; err != nil {
return nil , err
}
2017-04-27 18:22:07 -07:00
2018-04-20 14:24:24 +01:00
// Convert into api.AgentService since that includes Connect config but so far
// NodeService doesn't need to internally. They are otherwise identical since
// that is the struct used in client for reading the one we output here
// anyway.
agentSvcs := make ( map [ string ] * api . AgentService )
2017-04-27 18:22:07 -07:00
// Use empty list instead of nil
2018-02-07 07:02:10 -08:00
for id , s := range services {
2019-08-09 15:19:30 -04:00
agentService := buildAgentService ( s )
2019-01-07 15:39:23 +01:00
agentSvcs [ id ] = & agentService
2017-04-27 18:22:07 -07:00
}
2019-04-16 12:00:15 -04:00
filter , err := bexpr . CreateFilter ( filterExpression , nil , agentSvcs )
if err != nil {
return nil , err
}
return filter . Execute ( agentSvcs )
2014-01-20 15:00:52 -10:00
}
2018-09-27 15:00:51 +01:00
// GET /v1/agent/service/:service_id
//
// Returns the service definition for a single local services and allows
// blocking watch using hash-based blocking.
func ( s * HTTPServer ) AgentService ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
// Get the proxy ID. Note that this is the ID of a proxy's service instance.
id := strings . TrimPrefix ( req . URL . Path , "/v1/agent/service/" )
// Maybe block
var queryOpts structs . QueryOptions
if parseWait ( resp , req , & queryOpts ) {
// parseWait returns an error itself
return nil , nil
}
// Parse the token
var token string
s . parseToken ( req , & token )
// Parse hash specially. Eventually this should happen in parseWait and end up
// in QueryOptions but I didn't want to make very general changes right away.
hash := req . URL . Query ( ) . Get ( "hash" )
2019-09-25 20:55:52 -06:00
resultHash , service , err := s . agent . LocalBlockingQuery ( false , hash , queryOpts . MaxQueryTime ,
2018-09-27 15:00:51 +01:00
func ( ws memdb . WatchSet ) ( string , interface { } , error ) {
svcState := s . agent . State . ServiceState ( id )
if svcState == nil {
resp . WriteHeader ( http . StatusNotFound )
fmt . Fprintf ( resp , "unknown proxy service ID: %s" , id )
return "" , nil , nil
}
svc := svcState . Service
// Setup watch on the service
ws . Add ( svcState . WatchCh )
// Check ACLs.
rule , err := s . agent . resolveToken ( token )
if err != nil {
return "" , nil , err
}
2019-10-15 16:58:50 -04:00
// TODO (namespaces) - pass through a real ent authz ctx
if rule != nil && rule . ServiceRead ( svc . Service , nil ) != acl . Allow {
2018-09-27 15:00:51 +01:00
return "" , nil , acl . ErrPermissionDenied
}
// Calculate the content hash over the response, minus the hash field
2019-08-10 09:15:19 -04:00
aSvc := buildAgentService ( svc )
reply := & aSvc
2018-09-27 15:00:51 +01:00
rawHash , err := hashstructure . Hash ( reply , nil )
if err != nil {
return "" , nil , err
}
// Include the ContentHash in the response body
reply . ContentHash = fmt . Sprintf ( "%x" , rawHash )
return reply . ContentHash , reply , nil
2019-09-25 20:55:52 -06:00
} ,
)
if resultHash != "" {
resp . Header ( ) . Set ( "X-Consul-ContentHash" , resultHash )
}
return service , err
2018-09-27 15:00:51 +01:00
}
2014-01-20 15:00:52 -10:00
func ( s * HTTPServer ) AgentChecks ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2016-12-14 14:16:46 -08:00
// Fetch the ACL token, if any.
var token string
s . parseToken ( req , & token )
2019-04-16 12:00:15 -04:00
var filterExpression string
s . parseFilter ( req , & filterExpression )
filter , err := bexpr . CreateFilter ( filterExpression , nil , nil )
if err != nil {
return nil , err
}
2017-08-28 14:17:13 +02:00
checks := s . agent . State . Checks ( )
2016-12-14 14:16:46 -08:00
if err := s . agent . filterChecks ( token , & checks ) ; err != nil {
return nil , err
}
2017-04-27 18:22:07 -07:00
// Use empty list instead of nil
2018-02-06 20:35:55 -08:00
for id , c := range checks {
2017-04-27 18:22:07 -07:00
if c . ServiceTags == nil {
2018-02-06 20:35:55 -08:00
clone := * c
clone . ServiceTags = make ( [ ] string , 0 )
checks [ id ] = & clone
2017-04-27 18:22:07 -07:00
}
}
2019-04-16 12:00:15 -04:00
return filter . Execute ( checks )
2014-01-03 17:15:51 -08:00
}
func ( s * HTTPServer ) AgentMembers ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2016-12-14 14:16:46 -08:00
// Fetch the ACL token, if any.
var token string
s . parseToken ( req , & token )
2014-01-03 17:15:51 -08:00
// Check if the WAN is being queried
wan := false
if other := req . URL . Query ( ) . Get ( "wan" ) ; other != "" {
wan = true
}
2016-12-14 14:16:46 -08:00
2017-08-14 07:36:07 -07:00
segment := req . URL . Query ( ) . Get ( "segment" )
2017-09-05 13:40:19 -07:00
if wan {
switch segment {
case "" , api . AllSegments :
// The zero value and the special "give me all members"
// key are ok, otherwise the argument doesn't apply to
// the WAN.
default :
resp . WriteHeader ( http . StatusBadRequest )
fmt . Fprint ( resp , "Cannot provide a segment with wan=true" )
return nil , nil
}
2017-08-14 07:36:07 -07:00
}
2016-12-14 14:16:46 -08:00
var members [ ] serf . Member
2014-01-03 17:15:51 -08:00
if wan {
2016-12-14 14:16:46 -08:00
members = s . agent . WANMembers ( )
2017-08-14 07:36:07 -07:00
} else {
var err error
2017-09-05 12:22:20 -07:00
if segment == api . AllSegments {
members , err = s . agent . delegate . LANMembersAllSegments ( )
} else {
members , err = s . agent . delegate . LANSegmentMembers ( segment )
}
2017-08-14 07:36:07 -07:00
if err != nil {
return nil , err
}
2016-12-14 14:16:46 -08:00
}
if err := s . agent . filterMembers ( token , & members ) ; err != nil {
return nil , err
2014-01-03 17:15:51 -08:00
}
2016-12-14 14:16:46 -08:00
return members , nil
2014-01-03 17:15:51 -08:00
}
func ( s * HTTPServer ) AgentJoin ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2016-12-14 09:33:57 -08:00
// Fetch the ACL token, if any, and enforce agent policy.
var token string
s . parseToken ( req , & token )
2017-08-23 16:52:48 +02:00
rule , err := s . agent . resolveToken ( token )
2016-12-14 09:33:57 -08:00
if err != nil {
return nil , err
}
2019-10-15 16:58:50 -04:00
if rule != nil && rule . AgentWrite ( s . agent . config . NodeName , nil ) != acl . Allow {
2017-08-23 16:52:48 +02:00
return nil , acl . ErrPermissionDenied
2016-12-14 09:33:57 -08:00
}
2014-01-03 17:15:51 -08:00
// Check if the WAN is being queried
wan := false
if other := req . URL . Query ( ) . Get ( "wan" ) ; other != "" {
wan = true
}
// Get the address
addr := strings . TrimPrefix ( req . URL . Path , "/v1/agent/join/" )
if wan {
2017-04-20 18:59:42 -07:00
_ , err = s . agent . JoinWAN ( [ ] string { addr } )
2014-01-03 17:15:51 -08:00
} else {
2017-04-20 18:59:42 -07:00
_ , err = s . agent . JoinLAN ( [ ] string { addr } )
2014-01-03 17:15:51 -08:00
}
2017-04-20 18:59:42 -07:00
return nil , err
2014-01-03 17:15:51 -08:00
}
2016-11-30 13:29:42 -05:00
func ( s * HTTPServer ) AgentLeave ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2016-12-14 09:33:57 -08:00
// Fetch the ACL token, if any, and enforce agent policy.
var token string
s . parseToken ( req , & token )
2017-08-23 16:52:48 +02:00
rule , err := s . agent . resolveToken ( token )
2016-12-14 09:33:57 -08:00
if err != nil {
return nil , err
}
2019-10-15 16:58:50 -04:00
if rule != nil && rule . AgentWrite ( s . agent . config . NodeName , nil ) != acl . Allow {
2017-08-23 16:52:48 +02:00
return nil , acl . ErrPermissionDenied
2016-12-14 09:33:57 -08:00
}
2016-11-30 13:29:42 -05:00
if err := s . agent . Leave ( ) ; err != nil {
return nil , err
}
2017-06-20 09:29:20 +02:00
return nil , s . agent . ShutdownAgent ( )
2016-11-30 13:29:42 -05:00
}
2014-01-03 17:15:51 -08:00
func ( s * HTTPServer ) AgentForceLeave ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2016-12-14 09:33:57 -08:00
// Fetch the ACL token, if any, and enforce agent policy.
var token string
s . parseToken ( req , & token )
2017-08-23 16:52:48 +02:00
rule , err := s . agent . resolveToken ( token )
2016-12-14 09:33:57 -08:00
if err != nil {
return nil , err
}
2019-10-15 16:58:50 -04:00
if rule != nil && rule . AgentWrite ( s . agent . config . NodeName , nil ) != acl . Allow {
2017-08-23 16:52:48 +02:00
return nil , acl . ErrPermissionDenied
2016-12-14 09:33:57 -08:00
}
2019-10-04 16:10:02 -05:00
//Check the value of the prune query
_ , prune := req . URL . Query ( ) [ "prune" ]
2014-01-03 17:15:51 -08:00
addr := strings . TrimPrefix ( req . URL . Path , "/v1/agent/force-leave/" )
2019-10-04 16:10:02 -05:00
return nil , s . agent . ForceLeave ( addr , prune )
2014-01-03 17:15:51 -08:00
}
2014-01-30 14:58:36 -08:00
2016-12-14 09:33:57 -08:00
// syncChanges is a helper function which wraps a blocking call to sync
// services and checks to the server. If the operation fails, we only
// only warn because the write did succeed and anti-entropy will sync later.
func ( s * HTTPServer ) syncChanges ( ) {
2017-08-28 14:17:13 +02:00
if err := s . agent . State . SyncChanges ( ) ; err != nil {
2017-05-19 11:53:41 +02:00
s . agent . logger . Printf ( "[ERR] agent: failed to sync changes: %v" , err )
2016-12-14 09:33:57 -08:00
}
}
2014-01-30 14:58:36 -08:00
func ( s * HTTPServer ) AgentRegisterCheck ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2017-06-15 18:46:06 +02:00
var args structs . CheckDefinition
2019-10-29 11:13:36 -07:00
if err := decodeBody ( req . Body , & args ) ; err != nil {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprintf ( resp , "Request decode failed: %v" , err )
2014-01-30 15:35:38 -08:00
return nil , nil
}
2016-12-14 14:16:46 -08:00
// Verify the check has a name.
2014-01-30 15:35:38 -08:00
if args . Name == "" {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprint ( resp , "Missing check name" )
2014-01-30 15:35:38 -08:00
return nil , nil
}
2015-04-12 00:53:48 +00:00
if args . Status != "" && ! structs . ValidStatus ( args . Status ) {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprint ( resp , "Bad check status" )
2015-04-12 00:53:48 +00:00
return nil , nil
}
2016-12-14 14:16:46 -08:00
// Construct the health check.
2014-02-03 15:15:35 -08:00
health := args . HealthCheck ( s . agent . config . NodeName )
2014-01-30 15:35:38 -08:00
2016-12-14 14:16:46 -08:00
// Verify the check type.
2017-05-15 21:49:13 +02:00
chkType := args . CheckType ( )
2017-10-10 18:54:06 -05:00
err := chkType . Validate ( )
if err != nil {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
2017-10-10 18:54:06 -05:00
fmt . Fprint ( resp , fmt . Errorf ( "Invalid check: %v" , err ) )
2014-01-30 15:35:38 -08:00
return nil , nil
}
2019-10-17 20:33:11 +02:00
// Store the type of check based on the definition
health . Type = chkType . Type ( )
2019-04-30 19:00:57 -04:00
if health . ServiceID != "" {
// fixup the service name so that vetCheckRegister requires the right ACLs
service := s . agent . State . Service ( health . ServiceID )
if service != nil {
health . ServiceName = service . Service
}
}
2016-12-14 14:16:46 -08:00
// Get the provided token, if any, and vet against any ACL policies.
2015-04-27 18:26:23 -07:00
var token string
s . parseToken ( req , & token )
2016-12-14 14:16:46 -08:00
if err := s . agent . vetCheckRegister ( token , health ) ; err != nil {
return nil , err
}
2015-04-27 18:26:23 -07:00
2016-12-14 14:16:46 -08:00
// Add the check.
2018-10-11 14:22:11 +02:00
if err := s . agent . AddCheck ( health , chkType , true , token , ConfigSourceRemote ) ; err != nil {
2015-02-20 15:45:06 -08:00
return nil , err
}
s . syncChanges ( )
return nil , nil
2014-01-30 14:58:36 -08:00
}
func ( s * HTTPServer ) AgentDeregisterCheck ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2016-06-06 13:19:31 -07:00
checkID := types . CheckID ( strings . TrimPrefix ( req . URL . Path , "/v1/agent/check/deregister/" ) )
2016-12-14 14:16:46 -08:00
// Get the provided token, if any, and vet against any ACL policies.
var token string
s . parseToken ( req , & token )
if err := s . agent . vetCheckUpdate ( token , checkID ) ; err != nil {
return nil , err
}
2015-02-20 15:45:06 -08:00
if err := s . agent . RemoveCheck ( checkID , true ) ; err != nil {
return nil , err
}
s . syncChanges ( )
return nil , nil
2014-01-30 14:58:36 -08:00
}
func ( s * HTTPServer ) AgentCheckPass ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2016-06-06 13:19:31 -07:00
checkID := types . CheckID ( strings . TrimPrefix ( req . URL . Path , "/v1/agent/check/pass/" ) )
2014-01-30 15:18:05 -08:00
note := req . URL . Query ( ) . Get ( "note" )
2016-12-14 14:16:46 -08:00
// Get the provided token, if any, and vet against any ACL policies.
var token string
s . parseToken ( req , & token )
if err := s . agent . vetCheckUpdate ( token , checkID ) ; err != nil {
return nil , err
}
2017-04-19 16:00:11 -07:00
if err := s . agent . updateTTLCheck ( checkID , api . HealthPassing , note ) ; err != nil {
2015-02-20 15:45:06 -08:00
return nil , err
}
s . syncChanges ( )
return nil , nil
2014-01-30 14:58:36 -08:00
}
func ( s * HTTPServer ) AgentCheckWarn ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2016-06-06 13:19:31 -07:00
checkID := types . CheckID ( strings . TrimPrefix ( req . URL . Path , "/v1/agent/check/warn/" ) )
2014-01-30 15:18:05 -08:00
note := req . URL . Query ( ) . Get ( "note" )
2016-12-14 14:16:46 -08:00
// Get the provided token, if any, and vet against any ACL policies.
var token string
s . parseToken ( req , & token )
if err := s . agent . vetCheckUpdate ( token , checkID ) ; err != nil {
return nil , err
}
2017-04-19 16:00:11 -07:00
if err := s . agent . updateTTLCheck ( checkID , api . HealthWarning , note ) ; err != nil {
2015-02-20 15:45:06 -08:00
return nil , err
}
s . syncChanges ( )
return nil , nil
2014-01-30 14:58:36 -08:00
}
func ( s * HTTPServer ) AgentCheckFail ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2016-06-06 13:19:31 -07:00
checkID := types . CheckID ( strings . TrimPrefix ( req . URL . Path , "/v1/agent/check/fail/" ) )
2014-01-30 15:18:05 -08:00
note := req . URL . Query ( ) . Get ( "note" )
2016-12-14 14:16:46 -08:00
// Get the provided token, if any, and vet against any ACL policies.
var token string
s . parseToken ( req , & token )
if err := s . agent . vetCheckUpdate ( token , checkID ) ; err != nil {
return nil , err
}
2017-04-19 16:00:11 -07:00
if err := s . agent . updateTTLCheck ( checkID , api . HealthCritical , note ) ; err != nil {
2015-02-20 15:45:06 -08:00
return nil , err
}
s . syncChanges ( )
return nil , nil
2014-01-30 14:58:36 -08:00
}
2016-03-02 17:08:06 -08:00
// checkUpdate is the payload for a PUT to AgentCheckUpdate.
type checkUpdate struct {
2017-04-19 16:00:11 -07:00
// Status us one of the api.Health* states, "passing", "warning", or
2016-03-02 17:08:06 -08:00
// "critical".
Status string
// Output is the information to post to the UI for operators as the
// output of the process that decided to hit the TTL check. This is
// different from the note field that's associated with the check
// itself.
Output string
}
// AgentCheckUpdate is a PUT-based alternative to the GET-based Pass/Warn/Fail
// APIs.
func ( s * HTTPServer ) AgentCheckUpdate ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
var update checkUpdate
2019-10-29 11:13:36 -07:00
if err := decodeBody ( req . Body , & update ) ; err != nil {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprintf ( resp , "Request decode failed: %v" , err )
2016-03-02 17:08:06 -08:00
return nil , nil
}
switch update . Status {
2017-04-19 16:00:11 -07:00
case api . HealthPassing :
case api . HealthWarning :
case api . HealthCritical :
2016-03-02 17:08:06 -08:00
default :
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprintf ( resp , "Invalid check status: '%s'" , update . Status )
2016-03-02 17:08:06 -08:00
return nil , nil
}
2016-06-06 13:19:31 -07:00
checkID := types . CheckID ( strings . TrimPrefix ( req . URL . Path , "/v1/agent/check/update/" ) )
2016-12-14 14:16:46 -08:00
// Get the provided token, if any, and vet against any ACL policies.
var token string
s . parseToken ( req , & token )
if err := s . agent . vetCheckUpdate ( token , checkID ) ; err != nil {
return nil , err
}
2016-08-16 00:05:55 -07:00
if err := s . agent . updateTTLCheck ( checkID , update . Status , update . Output ) ; err != nil {
2016-03-02 17:08:06 -08:00
return nil , err
}
s . syncChanges ( )
return nil , nil
}
2019-01-07 15:39:23 +01:00
// agentHealthService Returns Health for a given service ID
func agentHealthService ( serviceID string , s * HTTPServer ) ( int , string , api . HealthChecks ) {
checks := s . agent . State . Checks ( )
serviceChecks := make ( api . HealthChecks , 0 )
for _ , c := range checks {
if c . ServiceID == serviceID || c . ServiceID == "" {
// TODO: harmonize struct.HealthCheck and api.HealthCheck (or at least extract conversion function)
healthCheck := & api . HealthCheck {
Node : c . Node ,
CheckID : string ( c . CheckID ) ,
Name : c . Name ,
Status : c . Status ,
Notes : c . Notes ,
Output : c . Output ,
ServiceID : c . ServiceID ,
ServiceName : c . ServiceName ,
ServiceTags : c . ServiceTags ,
}
serviceChecks = append ( serviceChecks , healthCheck )
}
}
status := serviceChecks . AggregatedStatus ( )
switch status {
case api . HealthWarning :
return http . StatusTooManyRequests , status , serviceChecks
case api . HealthPassing :
return http . StatusOK , status , serviceChecks
default :
return http . StatusServiceUnavailable , status , serviceChecks
}
}
func returnTextPlain ( req * http . Request ) bool {
if contentType := req . Header . Get ( "Accept" ) ; strings . HasPrefix ( contentType , "text/plain" ) {
return true
}
if format := req . URL . Query ( ) . Get ( "format" ) ; format != "" {
return format == "text"
}
return false
}
// AgentHealthServiceByID return the local Service Health given its ID
func ( s * HTTPServer ) AgentHealthServiceByID ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
// Pull out the service id (service id since there may be several instance of the same service on this host)
serviceID := strings . TrimPrefix ( req . URL . Path , "/v1/agent/health/service/id/" )
if serviceID == "" {
return nil , & BadRequestError { Reason : "Missing serviceID" }
}
services := s . agent . State . Services ( )
for _ , service := range services {
if service . ID == serviceID {
code , status , healthChecks := agentHealthService ( serviceID , s )
if returnTextPlain ( req ) {
return status , CodeWithPayloadError { StatusCode : code , Reason : status , ContentType : "text/plain" }
}
2019-08-09 15:19:30 -04:00
serviceInfo := buildAgentService ( service )
2019-01-07 15:39:23 +01:00
result := & api . AgentServiceChecksInfo {
AggregatedStatus : status ,
Checks : healthChecks ,
Service : & serviceInfo ,
}
return result , CodeWithPayloadError { StatusCode : code , Reason : status , ContentType : "application/json" }
}
}
notFoundReason := fmt . Sprintf ( "ServiceId %s not found" , serviceID )
if returnTextPlain ( req ) {
return notFoundReason , CodeWithPayloadError { StatusCode : http . StatusNotFound , Reason : fmt . Sprintf ( "ServiceId %s not found" , serviceID ) , ContentType : "application/json" }
}
return & api . AgentServiceChecksInfo {
AggregatedStatus : api . HealthCritical ,
Checks : nil ,
Service : nil ,
} , CodeWithPayloadError { StatusCode : http . StatusNotFound , Reason : notFoundReason , ContentType : "application/json" }
}
// AgentHealthServiceByName return the worse status of all the services with given name on an agent
func ( s * HTTPServer ) AgentHealthServiceByName ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
// Pull out the service name
serviceName := strings . TrimPrefix ( req . URL . Path , "/v1/agent/health/service/name/" )
if serviceName == "" {
return nil , & BadRequestError { Reason : "Missing service Name" }
}
code := http . StatusNotFound
status := fmt . Sprintf ( "ServiceName %s Not Found" , serviceName )
services := s . agent . State . Services ( )
result := make ( [ ] api . AgentServiceChecksInfo , 0 , 16 )
for _ , service := range services {
if service . Service == serviceName {
scode , sstatus , healthChecks := agentHealthService ( service . ID , s )
2019-08-09 15:19:30 -04:00
serviceInfo := buildAgentService ( service )
2019-01-07 15:39:23 +01:00
res := api . AgentServiceChecksInfo {
AggregatedStatus : sstatus ,
Checks : healthChecks ,
Service : & serviceInfo ,
}
result = append ( result , res )
// When service is not found, we ignore it and keep existing HTTP status
if code == http . StatusNotFound {
code = scode
status = sstatus
}
// We take the worst of all statuses, so we keep iterating
// passing: 200 < warning: 429 < critical: 503
if code < scode {
code = scode
status = sstatus
}
}
}
if returnTextPlain ( req ) {
return status , CodeWithPayloadError { StatusCode : code , Reason : status , ContentType : "text/plain" }
}
return result , CodeWithPayloadError { StatusCode : code , Reason : status , ContentType : "application/json" }
}
2014-01-30 14:58:36 -08:00
func ( s * HTTPServer ) AgentRegisterService ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2017-06-15 18:46:06 +02:00
var args structs . ServiceDefinition
2016-12-14 14:16:46 -08:00
// Fixup the type decode of TTL or Interval if a check if provided.
2014-04-24 19:44:27 -07:00
2019-10-29 11:13:36 -07:00
if err := decodeBody ( req . Body , & args ) ; err != nil {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprintf ( resp , "Request decode failed: %v" , err )
2014-01-30 15:35:38 -08:00
return nil , nil
}
2016-12-14 14:16:46 -08:00
// Verify the service has a name.
2014-01-30 15:35:38 -08:00
if args . Name == "" {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprint ( resp , "Missing service name" )
2014-01-30 15:35:38 -08:00
return nil , nil
}
2017-05-08 18:34:45 +02:00
// Check the service address here and in the catalog RPC endpoint
2018-03-19 12:56:00 -04:00
// since service registration isn't synchronous.
2017-05-15 22:10:36 +02:00
if ipaddr . IsAny ( args . Address ) {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
2017-05-08 18:34:45 +02:00
fmt . Fprintf ( resp , "Invalid service address" )
return nil , nil
}
2016-12-14 14:16:46 -08:00
// Get the node service.
2014-02-03 15:15:35 -08:00
ns := args . NodeService ( )
2018-09-07 16:30:47 +02:00
if ns . Weights != nil {
if err := structs . ValidateWeights ( ns . Weights ) ; err != nil {
resp . WriteHeader ( http . StatusBadRequest )
fmt . Fprint ( resp , fmt . Errorf ( "Invalid Weights: %v" , err ) )
return nil , nil
}
}
2018-03-28 09:04:50 -05:00
if err := structs . ValidateMetadata ( ns . Meta , false ) ; err != nil {
2018-02-07 01:54:42 +01:00
resp . WriteHeader ( http . StatusBadRequest )
2018-03-27 22:22:42 +02:00
fmt . Fprint ( resp , fmt . Errorf ( "Invalid Service Meta: %v" , err ) )
2018-02-07 01:54:42 +01:00
return nil , nil
}
2014-01-30 15:35:38 -08:00
2018-03-10 17:42:30 -08:00
// Run validation. This is the same validation that would happen on
// the catalog endpoint so it helps ensure the sync will work properly.
if err := ns . Validate ( ) ; err != nil {
resp . WriteHeader ( http . StatusBadRequest )
fmt . Fprintf ( resp , err . Error ( ) )
return nil , nil
}
2016-12-14 14:16:46 -08:00
// Verify the check type.
2017-10-10 18:54:06 -05:00
chkTypes , err := args . CheckTypes ( )
if err != nil {
resp . WriteHeader ( http . StatusBadRequest )
fmt . Fprint ( resp , fmt . Errorf ( "Invalid check: %v" , err ) )
return nil , nil
}
2015-01-13 17:52:17 -08:00
for _ , check := range chkTypes {
2015-04-12 00:53:48 +00:00
if check . Status != "" && ! structs . ValidStatus ( check . Status ) {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprint ( resp , "Status for checks must 'passing', 'warning', 'critical'" )
2015-04-12 00:53:48 +00:00
return nil , nil
}
2014-01-30 15:35:38 -08:00
}
2018-09-27 14:33:12 +01:00
// Verify the sidecar check types
if args . Connect != nil && args . Connect . SidecarService != nil {
chkTypes , err := args . Connect . SidecarService . CheckTypes ( )
if err != nil {
return nil , & BadRequestError {
Reason : fmt . Sprintf ( "Invalid check in sidecar_service: %v" , err ) ,
}
}
for _ , check := range chkTypes {
if check . Status != "" && ! structs . ValidStatus ( check . Status ) {
return nil , & BadRequestError {
Reason : "Status for checks must 'passing', 'warning', 'critical'" ,
}
}
}
}
2016-12-14 14:16:46 -08:00
// Get the provided token, if any, and vet against any ACL policies.
2015-04-27 18:26:23 -07:00
var token string
s . parseToken ( req , & token )
2016-12-14 14:16:46 -08:00
if err := s . agent . vetServiceRegister ( token , ns ) ; err != nil {
return nil , err
}
2015-04-27 18:26:23 -07:00
2018-09-27 14:33:12 +01:00
// See if we have a sidecar to register too
sidecar , sidecarChecks , sidecarToken , err := s . agent . sidecarServiceFromNodeService ( ns , token )
if err != nil {
return nil , & BadRequestError {
Reason : fmt . Sprintf ( "Invalid SidecarService: %s" , err ) }
}
if sidecar != nil {
2018-10-09 17:57:26 +01:00
// Make sure we are allowed to register the sidecar using the token
2018-09-27 14:33:12 +01:00
// specified (might be specific to sidecar or the same one as the overall
// request).
if err := s . agent . vetServiceRegister ( sidecarToken , sidecar ) ; err != nil {
return nil , err
}
// We parsed the sidecar registration, now remove it from the NodeService
// for the actual service since it's done it's job and we don't want to
// persist it in the actual state/catalog. SidecarService is meant to be a
// registration syntax sugar so don't propagate it any further.
ns . Connect . SidecarService = nil
}
2016-12-14 14:16:46 -08:00
// Add the service.
2019-09-02 17:38:29 +02:00
replaceExistingChecks := false
query := req . URL . Query ( )
if len ( query [ "replace-existing-checks" ] ) > 0 && ( query . Get ( "replace-existing-checks" ) == "" || query . Get ( "replace-existing-checks" ) == "true" ) {
replaceExistingChecks = true
}
if replaceExistingChecks {
if err := s . agent . AddServiceAndReplaceChecks ( ns , chkTypes , true , token , ConfigSourceRemote ) ; err != nil {
return nil , err
}
} else {
if err := s . agent . AddService ( ns , chkTypes , true , token , ConfigSourceRemote ) ; err != nil {
return nil , err
}
2015-02-20 15:45:06 -08:00
}
2018-09-27 14:33:12 +01:00
// Add sidecar.
if sidecar != nil {
2019-09-24 10:04:48 -05:00
if replaceExistingChecks {
if err := s . agent . AddServiceAndReplaceChecks ( sidecar , sidecarChecks , true , sidecarToken , ConfigSourceRemote ) ; err != nil {
return nil , err
}
} else {
if err := s . agent . AddService ( sidecar , sidecarChecks , true , sidecarToken , ConfigSourceRemote ) ; err != nil {
return nil , err
}
2018-09-27 14:33:12 +01:00
}
}
2015-02-20 15:45:06 -08:00
s . syncChanges ( )
return nil , nil
2014-01-30 14:58:36 -08:00
}
func ( s * HTTPServer ) AgentDeregisterService ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2014-01-30 15:18:05 -08:00
serviceID := strings . TrimPrefix ( req . URL . Path , "/v1/agent/service/deregister/" )
2016-12-14 14:16:46 -08:00
// Get the provided token, if any, and vet against any ACL policies.
var token string
s . parseToken ( req , & token )
if err := s . agent . vetServiceUpdate ( token , serviceID ) ; err != nil {
return nil , err
}
2019-09-24 10:04:48 -05:00
if err := s . agent . RemoveService ( serviceID ) ; err != nil {
2015-02-20 15:45:06 -08:00
return nil , err
}
2018-06-13 08:57:48 +01:00
2015-02-20 15:45:06 -08:00
s . syncChanges ( )
return nil , nil
2014-01-30 14:58:36 -08:00
}
2015-01-15 00:16:34 -08:00
func ( s * HTTPServer ) AgentServiceMaintenance ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
// Ensure we have a service ID
serviceID := strings . TrimPrefix ( req . URL . Path , "/v1/agent/service/maintenance/" )
if serviceID == "" {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprint ( resp , "Missing service ID" )
2015-01-15 00:16:34 -08:00
return nil , nil
}
// Ensure we have some action
params := req . URL . Query ( )
if _ , ok := params [ "enable" ] ; ! ok {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprint ( resp , "Missing value for enable" )
2015-01-15 00:16:34 -08:00
return nil , nil
}
raw := params . Get ( "enable" )
2015-01-21 09:53:31 -08:00
enable , err := strconv . ParseBool ( raw )
if err != nil {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprintf ( resp , "Invalid value for enable: %q" , raw )
2015-01-15 00:16:34 -08:00
return nil , nil
}
2016-12-14 14:16:46 -08:00
// Get the provided token, if any, and vet against any ACL policies.
2015-09-10 11:43:59 -07:00
var token string
s . parseToken ( req , & token )
2016-12-14 14:16:46 -08:00
if err := s . agent . vetServiceUpdate ( token , serviceID ) ; err != nil {
return nil , err
}
2015-09-10 11:43:59 -07:00
2015-01-15 00:16:34 -08:00
if enable {
2015-01-21 12:21:57 -08:00
reason := params . Get ( "reason" )
2015-09-10 11:43:59 -07:00
if err = s . agent . EnableServiceMaintenance ( serviceID , reason , token ) ; err != nil {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusNotFound )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprint ( resp , err . Error ( ) )
2015-01-21 13:28:26 -08:00
return nil , nil
2015-01-15 01:17:35 -08:00
}
2015-01-15 00:16:34 -08:00
} else {
2015-01-15 01:17:35 -08:00
if err = s . agent . DisableServiceMaintenance ( serviceID ) ; err != nil {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusNotFound )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprint ( resp , err . Error ( ) )
2015-01-21 13:28:26 -08:00
return nil , nil
2015-01-15 01:17:35 -08:00
}
2015-01-15 00:16:34 -08:00
}
2015-02-20 15:45:06 -08:00
s . syncChanges ( )
2015-01-21 13:28:26 -08:00
return nil , nil
2015-01-15 00:16:34 -08:00
}
2015-01-15 11:20:22 -08:00
func ( s * HTTPServer ) AgentNodeMaintenance ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
// Ensure we have some action
params := req . URL . Query ( )
if _ , ok := params [ "enable" ] ; ! ok {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprint ( resp , "Missing value for enable" )
2015-01-15 11:20:22 -08:00
return nil , nil
}
raw := params . Get ( "enable" )
2015-01-21 09:53:31 -08:00
enable , err := strconv . ParseBool ( raw )
if err != nil {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprintf ( resp , "Invalid value for enable: %q" , raw )
2015-01-15 11:20:22 -08:00
return nil , nil
}
2016-12-14 14:16:46 -08:00
// Get the provided token, if any, and vet against any ACL policies.
2015-09-10 11:43:59 -07:00
var token string
s . parseToken ( req , & token )
2017-08-23 16:52:48 +02:00
rule , err := s . agent . resolveToken ( token )
2016-12-14 14:16:46 -08:00
if err != nil {
return nil , err
}
2019-10-15 16:58:50 -04:00
// TODO (namespaces) - pass through a real ent authz ctx?
if rule != nil && rule . NodeWrite ( s . agent . config . NodeName , nil ) != acl . Allow {
2017-08-23 16:52:48 +02:00
return nil , acl . ErrPermissionDenied
2016-12-14 14:16:46 -08:00
}
2015-09-10 11:43:59 -07:00
2015-01-15 11:20:22 -08:00
if enable {
2015-09-10 11:43:59 -07:00
s . agent . EnableNodeMaintenance ( params . Get ( "reason" ) , token )
2015-01-15 11:20:22 -08:00
} else {
s . agent . DisableNodeMaintenance ( )
}
2015-02-20 15:45:06 -08:00
s . syncChanges ( )
2015-01-15 11:20:22 -08:00
return nil , nil
}
2015-02-20 15:45:06 -08:00
2016-11-16 16:45:26 -05:00
func ( s * HTTPServer ) AgentMonitor ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2016-12-14 09:33:57 -08:00
// Fetch the ACL token, if any, and enforce agent policy.
var token string
s . parseToken ( req , & token )
2017-08-23 16:52:48 +02:00
rule , err := s . agent . resolveToken ( token )
2016-12-14 09:33:57 -08:00
if err != nil {
2016-11-28 16:08:31 -05:00
return nil , err
}
2019-10-15 16:58:50 -04:00
if rule != nil && rule . AgentRead ( s . agent . config . NodeName , nil ) != acl . Allow {
2017-08-23 16:52:48 +02:00
return nil , acl . ErrPermissionDenied
2016-12-14 09:33:57 -08:00
}
2016-11-28 16:08:31 -05:00
2016-12-14 09:33:57 -08:00
// Get the provided loglevel.
2016-11-16 16:45:26 -05:00
logLevel := req . URL . Query ( ) . Get ( "loglevel" )
if logLevel == "" {
logLevel = "INFO"
}
2016-12-14 09:33:57 -08:00
// Upper case the level since that's required by the filter.
2016-11-16 16:45:26 -05:00
logLevel = strings . ToUpper ( logLevel )
2016-12-14 09:33:57 -08:00
// Create a level filter and flusher.
2016-11-16 16:45:26 -05:00
filter := logger . LevelFilter ( )
filter . MinLevel = logutils . LogLevel ( logLevel )
if ! logger . ValidateLevelFilter ( filter . MinLevel , filter ) {
2017-08-23 21:19:11 +02:00
resp . WriteHeader ( http . StatusBadRequest )
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprintf ( resp , "Unknown log level: %s" , filter . MinLevel )
2016-11-16 16:45:26 -05:00
return nil , nil
}
flusher , ok := resp . ( http . Flusher )
if ! ok {
return nil , fmt . Errorf ( "Streaming not supported" )
}
2016-12-14 09:33:57 -08:00
// Set up a log handler.
2016-11-16 16:45:26 -05:00
handler := & httpLogHandler {
filter : filter ,
logCh : make ( chan string , 512 ) ,
2017-05-19 11:53:41 +02:00
logger : s . agent . logger ,
2016-11-16 16:45:26 -05:00
}
2017-05-19 17:51:39 +02:00
s . agent . LogWriter . RegisterHandler ( handler )
defer s . agent . LogWriter . DeregisterHandler ( handler )
2016-11-16 16:45:26 -05:00
notify := resp . ( http . CloseNotifier ) . CloseNotify ( )
2018-02-19 21:53:10 +00:00
// Send header so client can start streaming body
resp . WriteHeader ( http . StatusOK )
2018-04-03 22:33:13 +02:00
// 0 byte write is needed before the Flush call so that if we are using
// a gzip stream it will go ahead and write out the HTTP response header
resp . Write ( [ ] byte ( "" ) )
2018-02-19 21:53:10 +00:00
flusher . Flush ( )
2016-12-14 09:33:57 -08:00
// Stream logs until the connection is closed.
2016-11-16 16:45:26 -05:00
for {
select {
case <- notify :
2017-05-19 17:51:39 +02:00
s . agent . LogWriter . DeregisterHandler ( handler )
2016-11-28 16:08:31 -05:00
if handler . droppedCount > 0 {
s . agent . logger . Printf ( "[WARN] agent: Dropped %d logs during monitor request" , handler . droppedCount )
}
2016-11-16 16:45:26 -05:00
return nil , nil
case log := <- handler . logCh :
Use fmt.Fprint/Fprintf/Fprintln
Used the following rewrite rules:
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go
gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go
gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 07:07:42 -07:00
fmt . Fprintln ( resp , log )
2016-11-16 16:45:26 -05:00
flusher . Flush ( )
}
}
}
type httpLogHandler struct {
2016-11-28 16:08:31 -05:00
filter * logutils . LevelFilter
logCh chan string
logger * log . Logger
droppedCount int
2016-11-16 16:45:26 -05:00
}
func ( h * httpLogHandler ) HandleLog ( log string ) {
// Check the log level
if ! h . filter . Check ( [ ] byte ( log ) ) {
return
}
// Do a non-blocking send
select {
case h . logCh <- log :
default :
2016-11-28 16:08:31 -05:00
// Just increment a counter for dropped logs to this handler; we can't log now
// because the lock is already held by the LogWriter invoking this
2017-04-20 12:00:03 -07:00
h . droppedCount ++
2016-11-16 16:45:26 -05:00
}
}
2017-07-26 11:03:43 -07:00
func ( s * HTTPServer ) AgentToken ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2017-11-28 13:47:30 -08:00
if s . checkACLDisabled ( resp , req ) {
return nil , nil
}
2017-07-26 11:03:43 -07:00
// Fetch the ACL token, if any, and enforce agent policy.
var token string
s . parseToken ( req , & token )
2017-08-23 16:52:48 +02:00
rule , err := s . agent . resolveToken ( token )
2017-07-26 11:03:43 -07:00
if err != nil {
return nil , err
}
2019-10-15 16:58:50 -04:00
if rule != nil && rule . AgentWrite ( s . agent . config . NodeName , nil ) != acl . Allow {
2017-08-23 16:52:48 +02:00
return nil , acl . ErrPermissionDenied
2017-07-26 11:03:43 -07:00
}
// The body is just the token, but it's in a JSON object so we can add
// fields to this later if needed.
var args api . AgentToken
2019-10-29 11:13:36 -07:00
if err := decodeBody ( req . Body , & args ) ; err != nil {
2017-07-26 11:03:43 -07:00
resp . WriteHeader ( http . StatusBadRequest )
fmt . Fprintf ( resp , "Request decode failed: %v" , err )
return nil , nil
}
2019-02-27 14:28:31 -05:00
if s . agent . config . ACLEnableTokenPersistence {
// we hold the lock around updating the internal token store
// as well as persisting the tokens because we don't want to write
// into the store to have something else wipe it out before we can
// persist everything (like an agent config reload). The token store
// lock is only held for those operations so other go routines that
// just need to read some token out of the store will not be impacted
// any more than they would be without token persistence.
s . agent . persistedTokensLock . Lock ( )
defer s . agent . persistedTokensLock . Unlock ( )
}
2017-07-26 11:03:43 -07:00
// Figure out the target token.
target := strings . TrimPrefix ( req . URL . Path , "/v1/agent/token/" )
2019-10-04 13:37:34 -05:00
triggerAntiEntropySync := false
2017-07-26 11:03:43 -07:00
switch target {
2019-02-27 14:28:31 -05:00
case "acl_token" , "default" :
2019-10-04 13:37:34 -05:00
changed := s . agent . tokens . UpdateUserToken ( args . Token , token_store . TokenSourceAPI )
if changed {
triggerAntiEntropySync = true
}
2017-07-26 11:03:43 -07:00
2019-02-27 14:28:31 -05:00
case "acl_agent_token" , "agent" :
2019-10-04 13:37:34 -05:00
changed := s . agent . tokens . UpdateAgentToken ( args . Token , token_store . TokenSourceAPI )
if changed {
triggerAntiEntropySync = true
}
2017-07-26 11:03:43 -07:00
2019-02-27 14:28:31 -05:00
case "acl_agent_master_token" , "agent_master" :
s . agent . tokens . UpdateAgentMasterToken ( args . Token , token_store . TokenSourceAPI )
2017-08-03 15:39:31 -07:00
2019-02-27 14:28:31 -05:00
case "acl_replication_token" , "replication" :
s . agent . tokens . UpdateReplicationToken ( args . Token , token_store . TokenSourceAPI )
2018-10-15 09:17:48 -07:00
2017-07-26 11:03:43 -07:00
default :
resp . WriteHeader ( http . StatusNotFound )
fmt . Fprintf ( resp , "Token %q is unknown" , target )
return nil , nil
}
2019-10-04 13:37:34 -05:00
if triggerAntiEntropySync {
s . agent . sync . SyncFull . Trigger ( )
}
2019-02-27 14:28:31 -05:00
if s . agent . config . ACLEnableTokenPersistence {
tokens := persistedTokens { }
if tok , source := s . agent . tokens . UserTokenAndSource ( ) ; tok != "" && source == token_store . TokenSourceAPI {
tokens . Default = tok
}
if tok , source := s . agent . tokens . AgentTokenAndSource ( ) ; tok != "" && source == token_store . TokenSourceAPI {
tokens . Agent = tok
}
if tok , source := s . agent . tokens . AgentMasterTokenAndSource ( ) ; tok != "" && source == token_store . TokenSourceAPI {
tokens . AgentMaster = tok
}
if tok , source := s . agent . tokens . ReplicationTokenAndSource ( ) ; tok != "" && source == token_store . TokenSourceAPI {
tokens . Replication = tok
}
data , err := json . Marshal ( tokens )
if err != nil {
s . agent . logger . Printf ( "[WARN] agent: failed to persist tokens - %v" , err )
return nil , fmt . Errorf ( "Failed to marshal tokens for persistence: %v" , err )
}
if err := file . WriteAtomicWithPerms ( filepath . Join ( s . agent . config . DataDir , tokensPath ) , data , 0600 ) ; err != nil {
s . agent . logger . Printf ( "[WARN] agent: failed to persist tokens - %v" , err )
return nil , fmt . Errorf ( "Failed to persist tokens - %v" , err )
}
}
2018-03-21 15:56:14 +00:00
s . agent . logger . Printf ( "[INFO] agent: Updated agent's ACL token %q" , target )
2017-07-26 11:03:43 -07:00
return nil , nil
}
2018-03-16 21:39:26 -07:00
// AgentConnectCARoots returns the trusted CA roots.
func ( s * HTTPServer ) AgentConnectCARoots ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2018-04-11 09:52:51 +01:00
var args structs . DCSpecificRequest
if done := s . parse ( resp , req , & args . Datacenter , & args . QueryOptions ) ; done {
return nil , nil
}
2018-06-15 13:13:54 +01:00
raw , m , err := s . agent . cache . Get ( cachetype . ConnectCARootName , & args )
2018-04-11 09:52:51 +01:00
if err != nil {
return nil , err
}
2018-06-15 13:13:54 +01:00
defer setCacheMeta ( resp , & m )
// Add cache hit
2018-04-11 09:52:51 +01:00
reply , ok := raw . ( * structs . IndexedCARoots )
if ! ok {
// This should never happen, but we want to protect against panics
return nil , fmt . Errorf ( "internal error: response type not correct" )
}
defer setMeta ( resp , & reply . QueryMeta )
return * reply , nil
2018-03-16 21:39:26 -07:00
}
2018-03-21 10:55:39 -07:00
// AgentConnectCALeafCert returns the certificate bundle for a service
// instance. This supports blocking queries to update the returned bundle.
func ( s * HTTPServer ) AgentConnectCALeafCert ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2019-03-06 11:13:28 -06:00
// Get the service name. Note that this is the name of the service,
2018-05-22 10:33:14 -07:00
// not the ID of the service instance.
2018-05-18 23:27:02 -07:00
serviceName := strings . TrimPrefix ( req . URL . Path , "/v1/agent/connect/ca/leaf/" )
2018-03-21 10:55:39 -07:00
2018-04-30 22:23:49 +01:00
args := cachetype . ConnectCALeafRequest {
2019-08-27 17:45:58 -04:00
Service : serviceName , // Need name not ID
2018-04-30 22:23:49 +01:00
}
var qOpts structs . QueryOptions
2018-07-30 09:11:51 -04:00
2018-04-30 22:23:49 +01:00
// Store DC in the ConnectCALeafRequest but query opts separately
2019-08-09 15:19:30 -04:00
if done := s . parse ( resp , req , & args . Datacenter , & qOpts ) ; done {
2018-04-30 22:23:49 +01:00
return nil , nil
}
args . MinQueryIndex = qOpts . MinQueryIndex
2019-01-10 11:23:37 -05:00
args . MaxQueryTime = qOpts . MaxQueryTime
2019-08-09 15:19:30 -04:00
args . Token = qOpts . Token
2018-04-30 22:23:49 +01:00
2018-06-15 13:13:54 +01:00
raw , m , err := s . agent . cache . Get ( cachetype . ConnectCALeafName , & args )
2018-04-30 22:23:49 +01:00
if err != nil {
return nil , err
}
2018-06-15 13:13:54 +01:00
defer setCacheMeta ( resp , & m )
2018-04-30 22:23:49 +01:00
reply , ok := raw . ( * structs . IssuedCert )
if ! ok {
// This should never happen, but we want to protect against panics
return nil , fmt . Errorf ( "internal error: response type not correct" )
}
setIndex ( resp , reply . ModifyIndex )
2018-03-21 10:55:39 -07:00
2018-04-30 22:23:49 +01:00
return reply , nil
2018-03-21 10:55:39 -07:00
}
2018-03-21 13:02:46 -10:00
// AgentConnectAuthorize
//
// POST /v1/agent/connect/authorize
2018-05-10 22:37:02 -07:00
//
2018-05-18 21:03:10 -07:00
// Note: when this logic changes, consider if the Intention.Check RPC method
2018-05-10 22:37:02 -07:00
// also needs to be updated.
2018-03-21 13:02:46 -10:00
func ( s * HTTPServer ) AgentConnectAuthorize ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
2018-03-25 15:50:05 -10:00
// Fetch the token
var token string
s . parseToken ( req , & token )
2018-03-25 14:52:26 -10:00
// Decode the request from the request body
var authReq structs . ConnectAuthorizeRequest
2019-10-29 11:13:36 -07:00
if err := decodeBody ( req . Body , & authReq ) ; err != nil {
2018-10-03 20:37:53 +01:00
return nil , BadRequestError { fmt . Sprintf ( "Request decode failed: %v" , err ) }
2018-05-09 20:30:43 +01:00
}
2018-03-27 10:09:13 -07:00
2018-10-03 20:37:53 +01:00
authz , reason , cacheMeta , err := s . agent . ConnectAuthorize ( token , & authReq )
2018-04-17 18:26:58 -05:00
if err != nil {
2018-03-25 14:52:26 -10:00
return nil , err
}
2018-10-03 20:37:53 +01:00
setCacheMeta ( resp , cacheMeta )
2018-03-25 15:50:05 -10:00
2018-03-25 14:52:26 -10:00
return & connectAuthorizeResp {
2018-03-25 15:50:05 -10:00
Authorized : authz ,
Reason : reason ,
2018-03-25 14:52:26 -10:00
} , nil
}
2018-03-25 15:02:25 -10:00
// connectAuthorizeResp is the response format/structure for the
// /v1/agent/connect/authorize endpoint.
2018-03-25 14:52:26 -10:00
type connectAuthorizeResp struct {
2018-03-25 15:02:25 -10:00
Authorized bool // True if authorized, false if not
Reason string // Reason for the Authorized value (whether true or false)
2018-03-21 13:02:46 -10:00
}
2018-10-17 13:20:35 -07:00
// AgentHost
//
// GET /v1/agent/host
//
// Retrieves information about resources available and in-use for the
// host the agent is running on such as CPU, memory, and disk usage. Requires
// a operator:read ACL token.
func ( s * HTTPServer ) AgentHost ( resp http . ResponseWriter , req * http . Request ) ( interface { } , error ) {
// Fetch the ACL token, if any, and enforce agent policy.
var token string
s . parseToken ( req , & token )
rule , err := s . agent . resolveToken ( token )
if err != nil {
return nil , err
}
2018-11-13 05:43:53 -08:00
2019-10-15 16:58:50 -04:00
// TODO (namespaces) - pass through a real ent authz ctx
if rule != nil && rule . OperatorRead ( nil ) != acl . Allow {
2018-10-17 13:20:35 -07:00
return nil , acl . ErrPermissionDenied
}
return debug . CollectHostInfo ( ) , nil
}