2020-09-08 19:22:35 +00:00
|
|
|
package subscribe
|
|
|
|
|
|
|
|
import (
|
2020-09-08 21:31:47 +00:00
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
|
|
|
|
"github.com/hashicorp/consul/agent/consul/state"
|
|
|
|
"github.com/hashicorp/consul/proto/pbservice"
|
2020-09-08 19:22:35 +00:00
|
|
|
"github.com/hashicorp/go-uuid"
|
2020-09-08 21:31:47 +00:00
|
|
|
"google.golang.org/grpc"
|
|
|
|
"google.golang.org/grpc/codes"
|
|
|
|
"google.golang.org/grpc/status"
|
|
|
|
|
|
|
|
"github.com/hashicorp/consul/acl"
|
|
|
|
"github.com/hashicorp/consul/agent/consul/stream"
|
|
|
|
"github.com/hashicorp/consul/proto/pbsubscribe"
|
2020-09-08 19:22:35 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// Server implements a StateChangeSubscriptionServer for accepting SubscribeRequests,
|
|
|
|
// and sending events to the subscription topic.
|
|
|
|
type Server struct {
|
2020-09-08 21:31:47 +00:00
|
|
|
Backend Backend
|
|
|
|
Logger Logger
|
2020-09-08 19:22:35 +00:00
|
|
|
}
|
|
|
|
|
2020-09-08 21:31:47 +00:00
|
|
|
type Logger interface {
|
|
|
|
IsTrace() bool
|
|
|
|
Trace(msg string, args ...interface{})
|
|
|
|
}
|
2020-09-08 19:22:35 +00:00
|
|
|
|
2020-09-08 21:31:47 +00:00
|
|
|
var _ pbsubscribe.StateChangeSubscriptionServer = (*Server)(nil)
|
|
|
|
|
|
|
|
type Backend interface {
|
|
|
|
ResolveToken(token string) (acl.Authorizer, error)
|
|
|
|
Forward(dc string, f func(*grpc.ClientConn) error) (handled bool, err error)
|
|
|
|
Subscribe(req *stream.SubscribeRequest) (*stream.Subscription, error)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (h *Server) Subscribe(req *pbsubscribe.SubscribeRequest, serverStream pbsubscribe.StateChangeSubscription_SubscribeServer) error {
|
2020-09-08 19:22:35 +00:00
|
|
|
// streamID is just used for message correlation in trace logs and not
|
|
|
|
// populated normally.
|
|
|
|
var streamID string
|
|
|
|
|
2020-09-08 21:31:47 +00:00
|
|
|
if h.Logger.IsTrace() {
|
2020-09-08 19:22:35 +00:00
|
|
|
// TODO(banks) it might be nice one day to replace this with OpenTracing ID
|
|
|
|
// if one is set etc. but probably pointless until we support that properly
|
|
|
|
// in other places so it's actually propagated properly. For now this just
|
|
|
|
// makes lifetime of a stream more traceable in our regular server logs for
|
|
|
|
// debugging/dev.
|
2020-09-08 21:31:47 +00:00
|
|
|
var err error
|
2020-09-08 19:22:35 +00:00
|
|
|
streamID, err = uuid.GenerateUUID()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-09-08 21:31:47 +00:00
|
|
|
// TODO: add fields to logger and pass logger around instead of streamID
|
|
|
|
handled, err := h.Backend.Forward(req.Datacenter, h.forwardToDC(req, serverStream, streamID))
|
|
|
|
if handled || err != nil {
|
|
|
|
return err
|
2020-09-08 19:22:35 +00:00
|
|
|
}
|
|
|
|
|
2020-09-08 21:31:47 +00:00
|
|
|
h.Logger.Trace("new subscription",
|
2020-09-08 19:22:35 +00:00
|
|
|
"topic", req.Topic.String(),
|
|
|
|
"key", req.Key,
|
|
|
|
"index", req.Index,
|
|
|
|
"stream_id", streamID,
|
|
|
|
)
|
|
|
|
|
|
|
|
var sentCount uint64
|
2020-09-08 21:31:47 +00:00
|
|
|
defer h.Logger.Trace("subscription closed", "stream_id", streamID)
|
2020-09-08 19:22:35 +00:00
|
|
|
|
|
|
|
// Resolve the token and create the ACL filter.
|
|
|
|
// TODO: handle token expiry gracefully...
|
2020-09-08 21:31:47 +00:00
|
|
|
authz, err := h.Backend.ResolveToken(req.Token)
|
2020-09-08 19:22:35 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2020-09-08 21:31:47 +00:00
|
|
|
sub, err := h.Backend.Subscribe(toStreamSubscribeRequest(req))
|
2020-09-08 19:22:35 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2020-09-08 21:31:47 +00:00
|
|
|
defer sub.Unsubscribe()
|
2020-09-08 19:22:35 +00:00
|
|
|
|
2020-09-08 21:31:47 +00:00
|
|
|
ctx := serverStream.Context()
|
|
|
|
snapshotDone := false
|
2020-09-08 19:22:35 +00:00
|
|
|
for {
|
2020-09-08 21:31:47 +00:00
|
|
|
events, err := sub.Next(ctx)
|
|
|
|
switch {
|
|
|
|
// TODO: test case
|
|
|
|
case errors.Is(err, stream.ErrSubscriptionClosed):
|
|
|
|
h.Logger.Trace("subscription reset by server", "stream_id", streamID)
|
|
|
|
return status.Error(codes.Aborted, err.Error())
|
|
|
|
case err != nil:
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
events = filterStreamEvents(authz, events)
|
|
|
|
if len(events) == 0 {
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
first := events[0]
|
|
|
|
switch {
|
|
|
|
case first.IsEndOfSnapshot() || first.IsEndOfEmptySnapshot():
|
|
|
|
snapshotDone = true
|
|
|
|
h.Logger.Trace("snapshot complete",
|
|
|
|
"index", first.Index, "sent", sentCount, "stream_id", streamID)
|
|
|
|
case snapshotDone:
|
|
|
|
h.Logger.Trace("sending events",
|
|
|
|
"index", first.Index,
|
|
|
|
"sent", sentCount,
|
|
|
|
"batch_size", len(events),
|
2020-09-08 19:22:35 +00:00
|
|
|
"stream_id", streamID,
|
|
|
|
)
|
|
|
|
}
|
2020-09-08 21:31:47 +00:00
|
|
|
|
|
|
|
sentCount += uint64(len(events))
|
|
|
|
e := newEventFromStreamEvents(req, events)
|
|
|
|
if err := serverStream.Send(e); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO: can be replaced by mog conversion
|
|
|
|
func toStreamSubscribeRequest(req *pbsubscribe.SubscribeRequest) *stream.SubscribeRequest {
|
|
|
|
return &stream.SubscribeRequest{
|
|
|
|
Topic: req.Topic,
|
|
|
|
Key: req.Key,
|
|
|
|
Token: req.Token,
|
|
|
|
Index: req.Index,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (h *Server) forwardToDC(
|
|
|
|
req *pbsubscribe.SubscribeRequest,
|
|
|
|
serverStream pbsubscribe.StateChangeSubscription_SubscribeServer,
|
|
|
|
streamID string,
|
|
|
|
) func(conn *grpc.ClientConn) error {
|
|
|
|
return func(conn *grpc.ClientConn) error {
|
|
|
|
h.Logger.Trace("forwarding to another DC",
|
|
|
|
"dc", req.Datacenter,
|
|
|
|
"topic", req.Topic.String(),
|
|
|
|
"key", req.Key,
|
|
|
|
"index", req.Index,
|
|
|
|
"stream_id", streamID,
|
|
|
|
)
|
|
|
|
|
|
|
|
defer func() {
|
|
|
|
h.Logger.Trace("forwarded stream closed",
|
|
|
|
"dc", req.Datacenter,
|
|
|
|
"stream_id", streamID,
|
|
|
|
)
|
|
|
|
}()
|
|
|
|
|
|
|
|
client := pbsubscribe.NewStateChangeSubscriptionClient(conn)
|
|
|
|
streamHandle, err := client.Subscribe(serverStream.Context(), req)
|
2020-09-08 19:22:35 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2020-09-08 21:31:47 +00:00
|
|
|
for {
|
|
|
|
event, err := streamHandle.Recv()
|
|
|
|
if err != nil {
|
2020-09-08 19:22:35 +00:00
|
|
|
return err
|
|
|
|
}
|
2020-09-08 21:31:47 +00:00
|
|
|
if err := serverStream.Send(event); err != nil {
|
2020-09-08 19:22:35 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-09-08 21:31:47 +00:00
|
|
|
// filterStreamEvents to only those allowed by the acl token.
|
|
|
|
func filterStreamEvents(authz acl.Authorizer, events []stream.Event) []stream.Event {
|
|
|
|
// TODO: when is authz nil?
|
|
|
|
if authz == nil || len(events) == 0 {
|
|
|
|
return events
|
|
|
|
}
|
2020-09-08 19:22:35 +00:00
|
|
|
|
2020-09-08 21:31:47 +00:00
|
|
|
// Fast path for the common case of only 1 event since we can avoid slice
|
|
|
|
// allocation in the hot path of every single update event delivered in vast
|
|
|
|
// majority of cases with this. Note that this is called _per event/item_ when
|
|
|
|
// sending snapshots which is a lot worse than being called once on regular
|
|
|
|
// result.
|
|
|
|
if len(events) == 1 {
|
|
|
|
if enforceACL(authz, events[0]) == acl.Allow {
|
|
|
|
return events
|
|
|
|
}
|
|
|
|
return nil
|
2020-09-08 19:22:35 +00:00
|
|
|
}
|
|
|
|
|
2020-09-08 21:31:47 +00:00
|
|
|
var filtered []stream.Event
|
|
|
|
for idx := range events {
|
|
|
|
event := events[idx]
|
|
|
|
if enforceACL(authz, event) == acl.Allow {
|
|
|
|
filtered = append(filtered, event)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return filtered
|
|
|
|
}
|
2020-09-08 19:22:35 +00:00
|
|
|
|
2020-09-08 21:31:47 +00:00
|
|
|
func newEventFromStreamEvents(req *pbsubscribe.SubscribeRequest, events []stream.Event) *pbsubscribe.Event {
|
|
|
|
e := &pbsubscribe.Event{
|
|
|
|
Topic: req.Topic,
|
|
|
|
Key: req.Key,
|
|
|
|
Index: events[0].Index,
|
|
|
|
}
|
|
|
|
if len(events) == 1 {
|
|
|
|
setPayload(e, events[0].Payload)
|
|
|
|
return e
|
|
|
|
}
|
2020-09-08 19:22:35 +00:00
|
|
|
|
2020-09-08 21:31:47 +00:00
|
|
|
e.Payload = &pbsubscribe.Event_EventBatch{
|
|
|
|
EventBatch: &pbsubscribe.EventBatch{
|
|
|
|
Events: batchEventsFromEventSlice(events),
|
|
|
|
},
|
2020-09-08 19:22:35 +00:00
|
|
|
}
|
2020-09-08 21:31:47 +00:00
|
|
|
return e
|
|
|
|
}
|
2020-09-08 19:22:35 +00:00
|
|
|
|
2020-09-08 21:31:47 +00:00
|
|
|
func setPayload(e *pbsubscribe.Event, payload interface{}) {
|
|
|
|
switch p := payload.(type) {
|
|
|
|
case state.EventPayloadCheckServiceNode:
|
|
|
|
e.Payload = &pbsubscribe.Event_ServiceHealth{
|
|
|
|
ServiceHealth: &pbsubscribe.ServiceHealthUpdate{
|
|
|
|
Op: p.Op,
|
|
|
|
// TODO: this could be cached
|
|
|
|
CheckServiceNode: pbservice.NewCheckServiceNodeFromStructs(p.Value),
|
|
|
|
},
|
2020-09-08 19:22:35 +00:00
|
|
|
}
|
2020-09-08 21:31:47 +00:00
|
|
|
default:
|
|
|
|
panic(fmt.Sprintf("unexpected payload: %T: %#v", p, p))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func batchEventsFromEventSlice(events []stream.Event) []*pbsubscribe.Event {
|
|
|
|
result := make([]*pbsubscribe.Event, len(events))
|
|
|
|
for i := range events {
|
|
|
|
event := events[i]
|
|
|
|
result[i] = &pbsubscribe.Event{Key: event.Key, Index: event.Index}
|
|
|
|
setPayload(result[i], event.Payload)
|
2020-09-08 19:22:35 +00:00
|
|
|
}
|
2020-09-08 21:31:47 +00:00
|
|
|
return result
|
2020-09-08 19:22:35 +00:00
|
|
|
}
|