consul/agent/discovery_chain_endpoint.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1

package agent

import (
	"fmt"
	"net/http"
	"strings"
	"time"

	"github.com/mitchellh/mapstructure"

	"github.com/hashicorp/consul/acl"
	cachetype "github.com/hashicorp/consul/agent/cache-types"
	"github.com/hashicorp/consul/agent/structs"
	"github.com/hashicorp/consul/lib/decode"
)

func (s *HTTPHandlers) DiscoveryChainRead(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
	var args structs.DiscoveryChainRequest
	if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
		return nil, nil
	}

	args.Name = strings.TrimPrefix(req.URL.Path, "/v1/discovery-chain/")
	if args.Name == "" {
		return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing chain name"}
	}

	args.EvaluateInDatacenter = req.URL.Query().Get("compile-dc")
	var entMeta acl.EnterpriseMeta
	if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil {
		return nil, err
	}
	args.WithEnterpriseMeta(&entMeta)

	if req.Method == "POST" {
		var raw map[string]interface{}
		if err := decodeBody(req.Body, &raw); err != nil {
			return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: fmt.Sprintf("Request decoding failed: %v", err)}
		}

		apiReq, err := decodeDiscoveryChainReadRequest(raw)
		if err != nil {
			return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: fmt.Sprintf("Request decoding failed: %v", err)}
		}

		args.OverrideProtocol = apiReq.OverrideProtocol
		args.OverrideConnectTimeout = apiReq.OverrideConnectTimeout

		if apiReq.OverrideMeshGateway.Mode != "" {
			_, err := structs.ValidateMeshGatewayMode(string(apiReq.OverrideMeshGateway.Mode))
			if err != nil {
				return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Invalid OverrideMeshGateway.Mode parameter"}
			}
			args.OverrideMeshGateway = apiReq.OverrideMeshGateway
		}
	}

	// Make the RPC request
	var out structs.DiscoveryChainResponse
	defer setMeta(resp, &out.QueryMeta)

	if args.QueryOptions.UseCache {
		raw, m, err := s.agent.cache.Get(req.Context(), cachetype.CompiledDiscoveryChainName, &args)
		if err != nil {
			return nil, err
		}
		defer setCacheMeta(resp, &m)

		reply, ok := raw.(*structs.DiscoveryChainResponse)
		if !ok {
			// This should never happen, but we want to protect against panics
			return nil, fmt.Errorf("internal error: response type not correct")
		}
		out = *reply
	} else {
	RETRY_ONCE:
		if err := s.agent.RPC(req.Context(), "DiscoveryChain.Get", &args, &out); err != nil {
			return nil, err
		}
		if args.QueryOptions.AllowStale && args.MaxStaleDuration > 0 && args.MaxStaleDuration < out.LastContact {
			args.AllowStale = false
			args.MaxStaleDuration = 0
			goto RETRY_ONCE
		}
	}
	out.ConsistencyLevel = args.QueryOptions.ConsistencyLevel()

	return discoveryChainReadResponse{Chain: out.Chain}, nil
}

// discoveryChainReadRequest is the API variation of structs.DiscoveryChainRequest
type discoveryChainReadRequest struct {
	OverrideMeshGateway    structs.MeshGatewayConfig `alias:"override_mesh_gateway"`
	OverrideProtocol       string                    `alias:"override_protocol"`
	OverrideConnectTimeout time.Duration             `alias:"override_connect_timeout"`
}

// discoveryChainReadResponse is the API variation of structs.DiscoveryChainResponse
type discoveryChainReadResponse struct {
	Chain *structs.CompiledDiscoveryChain
}

func decodeDiscoveryChainReadRequest(raw map[string]interface{}) (*discoveryChainReadRequest, error) {
	var apiReq discoveryChainReadRequest
	// TODO(dnephin): at this time only JSON payloads are read, so it is unlikely
	// that HookWeakDecodeFromSlice is necessary. It was added while porting
	// from lib.PatchSliceOfMaps to decode.HookWeakDecodeFromSlice. It may be
	// safe to remove in the future.
	decodeConf := &mapstructure.DecoderConfig{
		DecodeHook: mapstructure.ComposeDecodeHookFunc(
			decode.HookWeakDecodeFromSlice,
			decode.HookTranslateKeys,
			mapstructure.StringToTimeDurationHookFunc(),
		),
		Result:           &apiReq,
		WeaklyTypedInput: true,
	}

	decoder, err := mapstructure.NewDecoder(decodeConf)
	if err != nil {
		return nil, err
	}

	if err := decoder.Decode(raw); err != nil {
		return nil, err
	}

	return &apiReq, nil
}
copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files 2023-03-28 18:39:22 +00:00			`// Copyright (c) HashiCorp, Inc.`
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> 2023-08-11 13:12:13 +00:00			`// SPDX-License-Identifier: BUSL-1.1`
copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files 2023-03-28 18:39:22 +00:00
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00			`package agent`

			`import (`
			`"fmt"`
			`"net/http"`
Revert getPathSuffixUnescaped (#13256) 2022-06-01 17:17:14 +00:00			`"strings"`
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00			`"time"`

http: Check HTTPUseCache in a single place HTTPUseCache is only used is a gate for allowing QueryOptions.UseCache to be enabled. By moving it to the place where the query options are set, this behaviour is more obvious. Also remove parseInternal which was an alias for parse. 2020-10-04 17:54:56 +00:00			`"github.com/mitchellh/mapstructure"`

Fixup acl.EnterpriseMeta Signed-off-by: Mark Anderson <manderson@hashicorp.com> 2022-04-05 21:10:06 +00:00			`"github.com/hashicorp/consul/acl"`
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00			`cachetype "github.com/hashicorp/consul/agent/cache-types"`
			`"github.com/hashicorp/consul/agent/structs"`
config: use the new HookTranslateKeys instead of lib.TranslateKeys With the exception of CA provider config, which will be migrated at some later time. 2020-05-27 18:42:01 +00:00			`"github.com/hashicorp/consul/lib/decode"`
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00			`)`

api: rename HTTPServer to HTTPHandlers Resolves a TODO about naming. This type is a set of handlers for an http.Server, it is not itself a Server. It provides http.Handler functions. 2020-09-04 18:42:15 +00:00			`func (s HTTPHandlers) DiscoveryChainRead(resp http.ResponseWriter, req http.Request) (interface{}, error) {`
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00			`var args structs.DiscoveryChainRequest`
			`if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {`
			`return nil, nil`
			`}`

Revert getPathSuffixUnescaped (#13256) 2022-06-01 17:17:14 +00:00			`args.Name = strings.TrimPrefix(req.URL.Path, "/v1/discovery-chain/")`
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00			`if args.Name == "" {`
Unify various status errors into one HTTP error type. (#12594) Replaces specific error types for HTTP Status codes with a generic HTTPError type. Co-authored-by: Chris S. Kim <ckim@hashicorp.com> 2022-04-29 17:42:49 +00:00			`return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Missing chain name"}`
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00			`}`

			`args.EvaluateInDatacenter = req.URL.Query().Get("compile-dc")`
Fixup acl.EnterpriseMeta Signed-off-by: Mark Anderson <manderson@hashicorp.com> 2022-04-05 21:10:06 +00:00			`var entMeta acl.EnterpriseMeta`
Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 15:04:58 +00:00			`if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil {`
			`return nil, err`
			`}`
			`args.WithEnterpriseMeta(&entMeta)`
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00
			`if req.Method == "POST" {`
			`var raw map[string]interface{}`
Use encoding/json as JSON decoder instead of mapstructure (#6680) Fixes #6147 2019-10-29 18:13:36 +00:00			`if err := decodeBody(req.Body, &raw); err != nil {`
Unify various status errors into one HTTP error type. (#12594) Replaces specific error types for HTTP Status codes with a generic HTTPError type. Co-authored-by: Chris S. Kim <ckim@hashicorp.com> 2022-04-29 17:42:49 +00:00			`return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: fmt.Sprintf("Request decoding failed: %v", err)}`
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00			`}`

			`apiReq, err := decodeDiscoveryChainReadRequest(raw)`
			`if err != nil {`
Unify various status errors into one HTTP error type. (#12594) Replaces specific error types for HTTP Status codes with a generic HTTPError type. Co-authored-by: Chris S. Kim <ckim@hashicorp.com> 2022-04-29 17:42:49 +00:00			`return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: fmt.Sprintf("Request decoding failed: %v", err)}`
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00			`}`

			`args.OverrideProtocol = apiReq.OverrideProtocol`
			`args.OverrideConnectTimeout = apiReq.OverrideConnectTimeout`

			`if apiReq.OverrideMeshGateway.Mode != "" {`
			`_, err := structs.ValidateMeshGatewayMode(string(apiReq.OverrideMeshGateway.Mode))`
			`if err != nil {`
Unify various status errors into one HTTP error type. (#12594) Replaces specific error types for HTTP Status codes with a generic HTTPError type. Co-authored-by: Chris S. Kim <ckim@hashicorp.com> 2022-04-29 17:42:49 +00:00			`return nil, HTTPError{StatusCode: http.StatusBadRequest, Reason: "Invalid OverrideMeshGateway.Mode parameter"}`
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00			`}`
			`args.OverrideMeshGateway = apiReq.OverrideMeshGateway`
			`}`
			`}`

			`// Make the RPC request`
			`var out structs.DiscoveryChainResponse`
			`defer setMeta(resp, &out.QueryMeta)`

http: Check HTTPUseCache in a single place HTTPUseCache is only used is a gate for allowing QueryOptions.UseCache to be enabled. By moving it to the place where the query options are set, this behaviour is more obvious. Also remove parseInternal which was an alias for parse. 2020-10-04 17:54:56 +00:00			`if args.QueryOptions.UseCache {`
Make the Agent Cache more Context aware (#8092) Blocking queries issues will still be uncancellable (that cannot be helped until we get rid of net/rpc). However this makes it so that if calling getWithIndex (like during a cache Notify go routine) we can cancell the outer routine. Previously it would keep issuing more blocking queries until the result state actually changed. 2020-06-15 15:01:25 +00:00			`raw, m, err := s.agent.cache.Get(req.Context(), cachetype.CompiledDiscoveryChainName, &args)`
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00			`if err != nil {`
			`return nil, err`
			`}`
			`defer setCacheMeta(resp, &m)`

			`reply, ok := raw.(*structs.DiscoveryChainResponse)`
			`if !ok {`
			`// This should never happen, but we want to protect against panics`
			`return nil, fmt.Errorf("internal error: response type not correct")`
			`}`
			`out = *reply`
			`} else {`
			`RETRY_ONCE:`
Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 15:24:22 +00:00			`if err := s.agent.RPC(req.Context(), "DiscoveryChain.Get", &args, &out); err != nil {`
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00			`return nil, err`
			`}`
			`if args.QueryOptions.AllowStale && args.MaxStaleDuration > 0 && args.MaxStaleDuration < out.LastContact {`
			`args.AllowStale = false`
			`args.MaxStaleDuration = 0`
			`goto RETRY_ONCE`
			`}`
			`}`
			`out.ConsistencyLevel = args.QueryOptions.ConsistencyLevel()`

			`return discoveryChainReadResponse{Chain: out.Chain}, nil`
			`}`

			`// discoveryChainReadRequest is the API variation of structs.DiscoveryChainRequest`
			`type discoveryChainReadRequest struct {`
Add alias struct tags for new decode hook 2020-05-27 18:28:28 +00:00			OverrideMeshGateway structs.MeshGatewayConfig `alias:"override_mesh_gateway"`
			OverrideProtocol string `alias:"override_protocol"`
			OverrideConnectTimeout time.Duration `alias:"override_connect_timeout"`
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00			`}`

			`// discoveryChainReadResponse is the API variation of structs.DiscoveryChainResponse`
			`type discoveryChainReadResponse struct {`
			`Chain *structs.CompiledDiscoveryChain`
			`}`

			`func decodeDiscoveryChainReadRequest(raw map[string]interface{}) (*discoveryChainReadRequest, error) {`
			`var apiReq discoveryChainReadRequest`
config: add HookWeakDecodeFromSlice Currently opaque config blocks (config entries, and CA provider config) are modified by PatchSliceOfMaps, making it impossible for these opaque config sections to contain slices of maps. In order to fix this problem, any lazy-decoding of these blocks needs to support weak decoding of []map[string]interface{} to a struct type before PatchSliceOfMaps is replaces. This is necessary because these config blobs are persisted, and during an upgrade an older version of Consul could read one of the new configuration values, which would cause an error. To support the upgrade path, this commit first introduces the new hooks for weak decoding of []map[string]interface{} and uses them only in the lazy-decode paths. That way, in a future release, new style configuration will be supported by the older version of Consul. This decode hook has a number of advantages: 1. It no longer panics. It allows mapstructure to report the error 2. It no longer requires the user to declare which fields are slices of structs. It can deduce that information from the 'to' value. 3. It will make it possible to preserve opaque configuration, allowing for structured opaque config. 2020-05-27 17:02:22 +00:00			`// TODO(dnephin): at this time only JSON payloads are read, so it is unlikely`
			`// that HookWeakDecodeFromSlice is necessary. It was added while porting`
			`// from lib.PatchSliceOfMaps to decode.HookWeakDecodeFromSlice. It may be`
			`// safe to remove in the future.`
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00			`decodeConf := &mapstructure.DecoderConfig{`
config: use the new HookTranslateKeys instead of lib.TranslateKeys With the exception of CA provider config, which will be migrated at some later time. 2020-05-27 18:42:01 +00:00			`DecodeHook: mapstructure.ComposeDecodeHookFunc(`
config: add HookWeakDecodeFromSlice Currently opaque config blocks (config entries, and CA provider config) are modified by PatchSliceOfMaps, making it impossible for these opaque config sections to contain slices of maps. In order to fix this problem, any lazy-decoding of these blocks needs to support weak decoding of []map[string]interface{} to a struct type before PatchSliceOfMaps is replaces. This is necessary because these config blobs are persisted, and during an upgrade an older version of Consul could read one of the new configuration values, which would cause an error. To support the upgrade path, this commit first introduces the new hooks for weak decoding of []map[string]interface{} and uses them only in the lazy-decode paths. That way, in a future release, new style configuration will be supported by the older version of Consul. This decode hook has a number of advantages: 1. It no longer panics. It allows mapstructure to report the error 2. It no longer requires the user to declare which fields are slices of structs. It can deduce that information from the 'to' value. 3. It will make it possible to preserve opaque configuration, allowing for structured opaque config. 2020-05-27 17:02:22 +00:00			`decode.HookWeakDecodeFromSlice,`
config: use the new HookTranslateKeys instead of lib.TranslateKeys With the exception of CA provider config, which will be migrated at some later time. 2020-05-27 18:42:01 +00:00			`decode.HookTranslateKeys,`
			`mapstructure.StringToTimeDurationHookFunc(),`
			`),`
connect: expose an API endpoint to compile the discovery chain (#6248) In addition to exposing compilation over the API cleaned up the structures that would be exchanged to be cleaner and easier to support and understand. Also removed ability to configure the envoy OverprovisioningFactor. 2019-08-02 20:34:54 +00:00			`Result: &apiReq,`
			`WeaklyTypedInput: true,`
			`}`

			`decoder, err := mapstructure.NewDecoder(decodeConf)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if err := decoder.Decode(raw); err != nil {`
			`return nil, err`
			`}`

			`return &apiReq, nil`
			`}`