status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
consul/agent/http_ce.go

125 lines
3.6 KiB
Go
Raw Normal View History

copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files
2023-03-28 18:39:22 +00:00
// Copyright (c) HashiCorp, Inc.
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-08-11 13:12:13 +00:00
// SPDX-License-Identifier: BUSL-1.1
copyright headers for agent folder (#16704) * copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files
2023-03-28 18:39:22 +00:00
re-run gofmt on 1.17 (#11579) This should let freshly recompiled golangci-lint binaries using Go 1.17 pass 'make lint'
2021-11-16 18:04:01 +00:00
//go:build !consulent
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) Main Changes: • method signature updates everywhere to account for passing around enterprise meta. • populate the EnterpriseAuthorizerContext for all ACL related authorizations. • ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing. • Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation. Secondary Changes: • Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies. • Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure) • AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise. • Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally. • Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token. • Added a bunch of ACL test helpers for inserting ACL resource test data.
2019-10-24 18:38:09 +00:00
Creates HTTP endpoint registry.
2017-11-29 00:06:26 +00:00
package agent
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) Main Changes: • method signature updates everywhere to account for passing around enterprise meta. • populate the EnterpriseAuthorizerContext for all ACL related authorizations. • ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing. • Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation. Secondary Changes: • Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies. • Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure) • AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise. • Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally. • Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token. • Added a bunch of ACL test helpers for inserting ACL resource test data.
2019-10-24 18:38:09 +00:00
import (
Add Namespace support to the API module and the CLI commands (#6874) Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent. Add Namespace HTTP API docs Make all API endpoints disallow unknown fields
2019-12-06 16:14:56 +00:00
"fmt"
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) Main Changes: • method signature updates everywhere to account for passing around enterprise meta. • populate the EnterpriseAuthorizerContext for all ACL related authorizations. • ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing. • Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation. Secondary Changes: • Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies. • Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure) • AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise. • Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally. • Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token. • Added a bunch of ACL test helpers for inserting ACL resource test data.
2019-10-24 18:38:09 +00:00
"net/http"
Add Namespace support to the API module and the CLI commands (#6874) Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent. Add Namespace HTTP API docs Make all API endpoints disallow unknown fields
2019-12-06 16:14:56 +00:00
"strings"
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) Main Changes: • method signature updates everywhere to account for passing around enterprise meta. • populate the EnterpriseAuthorizerContext for all ACL related authorizations. • ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing. • Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation. Secondary Changes: • Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies. • Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure) • AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise. • Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally. • Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token. • Added a bunch of ACL test helpers for inserting ACL resource test data.
2019-10-24 18:38:09 +00:00
Fixup acl.EnterpriseMeta Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-04-05 21:10:06 +00:00
"github.com/hashicorp/consul/acl"
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) Main Changes: • method signature updates everywhere to account for passing around enterprise meta. • populate the EnterpriseAuthorizerContext for all ACL related authorizations. • ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing. • Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation. Secondary Changes: • Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies. • Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure) • AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise. • Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally. • Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token. • Added a bunch of ACL test helpers for inserting ACL resource test data.
2019-10-24 18:38:09 +00:00
"github.com/hashicorp/consul/agent/structs"
)
Initialise `allowedMethods` in init()
2018-02-18 01:31:24 +00:00
Fixup acl.EnterpriseMeta Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-04-05 21:10:06 +00:00
func (s *HTTPHandlers) parseEntMeta(req *http.Request, entMeta *acl.EnterpriseMeta) error {
Add Namespace support to the API module and the CLI commands (#6874) Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent. Add Namespace HTTP API docs Make all API endpoints disallow unknown fields
2019-12-06 16:14:56 +00:00
if headerNS := req.Header.Get("X-Consul-Namespace"); headerNS != "" {
Unify various status errors into one HTTP error type. (#12594) Replaces specific error types for HTTP Status codes with a generic HTTPError type. Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-04-29 17:42:49 +00:00
return HTTPError{
StatusCode: http.StatusBadRequest,
Reason: "Invalid header: \"X-Consul-Namespace\" - Namespaces are a Consul Enterprise feature",
}
Add Namespace support to the API module and the CLI commands (#6874) Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent. Add Namespace HTTP API docs Make all API endpoints disallow unknown fields
2019-12-06 16:14:56 +00:00
}
if queryNS := req.URL.Query().Get("ns"); queryNS != "" {
Unify various status errors into one HTTP error type. (#12594) Replaces specific error types for HTTP Status codes with a generic HTTPError type. Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-04-29 17:42:49 +00:00
return HTTPError{
StatusCode: http.StatusBadRequest,
Reason: "Invalid query parameter: \"ns\" - Namespaces are a Consul Enterprise feature",
}
Add Namespace support to the API module and the CLI commands (#6874) Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent. Add Namespace HTTP API docs Make all API endpoints disallow unknown fields
2019-12-06 16:14:56 +00:00
}
agent: ensure that most agent behavior correctly respects partition configuration (#10880)
2021-08-19 20:09:42 +00:00
try to infer command partition from node partition (#10981)
2021-09-03 12:37:23 +00:00
return s.parseEntMetaPartition(req, entMeta)
Add Namespace support to the API module and the CLI commands (#6874) Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent. Add Namespace HTTP API docs Make all API endpoints disallow unknown fields
2019-12-06 16:14:56 +00:00
}
Sync enterprise changes to oss (#10994) This commit updates OSS with files for enterprise-specific admin partitions feature work
2021-09-08 15:59:30 +00:00
func (s *HTTPHandlers) validateEnterpriseIntentionPartition(logName, partition string) error {
if partition == "" {
return nil
} else if strings.ToLower(partition) == "default" {
return nil
}
OSS -> CE (community edition) changes (#18517)
2023-08-22 14:46:03 +00:00
// No special handling for wildcard namespaces as they are pointless in CE.
Sync enterprise changes to oss (#10994) This commit updates OSS with files for enterprise-specific admin partitions feature work
2021-09-08 15:59:30 +00:00
Unify various status errors into one HTTP error type. (#12594) Replaces specific error types for HTTP Status codes with a generic HTTPError type. Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-04-29 17:42:49 +00:00
return HTTPError{
StatusCode: http.StatusBadRequest,
Reason: "Invalid " + logName + "(" + partition + ")" + ": Partitions is a Consul Enterprise feature",
}
Sync enterprise changes to oss (#10994) This commit updates OSS with files for enterprise-specific admin partitions feature work
2021-09-08 15:59:30 +00:00
}
api: rename HTTPServer to HTTPHandlers Resolves a TODO about naming. This type is a set of handlers for an http.Server, it is not itself a Server. It provides http.Handler functions.
2020-09-04 18:42:15 +00:00
func (s *HTTPHandlers) validateEnterpriseIntentionNamespace(logName, ns string, _ bool) error {
connect: various changes to make namespaces for intentions work more like for other subsystems (#8194) Highlights: - add new endpoint to query for intentions by exact match - using this endpoint from the CLI instead of the dump+filter approach - enforcing that OSS can only read/write intentions with a SourceNS or DestinationNS field of "default". - preexisting OSS intentions with now-invalid namespace fields will delete those intentions on initial election or for wildcard namespaces an attempt will be made to downgrade them to "default" unless one exists. - also allow the '-namespace' CLI arg on all of the intention subcommands - update lots of docs
2020-06-26 21:59:15 +00:00
if ns == "" {
return nil
} else if strings.ToLower(ns) == structs.IntentionDefaultNamespace {
return nil
}
OSS -> CE (community edition) changes (#18517)
2023-08-22 14:46:03 +00:00
// No special handling for wildcard namespaces as they are pointless in CE.
connect: various changes to make namespaces for intentions work more like for other subsystems (#8194) Highlights: - add new endpoint to query for intentions by exact match - using this endpoint from the CLI instead of the dump+filter approach - enforcing that OSS can only read/write intentions with a SourceNS or DestinationNS field of "default". - preexisting OSS intentions with now-invalid namespace fields will delete those intentions on initial election or for wildcard namespaces an attempt will be made to downgrade them to "default" unless one exists. - also allow the '-namespace' CLI arg on all of the intention subcommands - update lots of docs
2020-06-26 21:59:15 +00:00
Unify various status errors into one HTTP error type. (#12594) Replaces specific error types for HTTP Status codes with a generic HTTPError type. Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-04-29 17:42:49 +00:00
return HTTPError{
StatusCode: http.StatusBadRequest,
Reason: "Invalid " + logName + "(" + ns + ")" + ": Namespaces is a Consul Enterprise feature",
}
connect: various changes to make namespaces for intentions work more like for other subsystems (#8194) Highlights: - add new endpoint to query for intentions by exact match - using this endpoint from the CLI instead of the dump+filter approach - enforcing that OSS can only read/write intentions with a SourceNS or DestinationNS field of "default". - preexisting OSS intentions with now-invalid namespace fields will delete those intentions on initial election or for wildcard namespaces an attempt will be made to downgrade them to "default" unless one exists. - also allow the '-namespace' CLI arg on all of the intention subcommands - update lots of docs
2020-06-26 21:59:15 +00:00
}
Fixup acl.EnterpriseMeta Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-04-05 21:10:06 +00:00
func (s *HTTPHandlers) parseEntMetaNoWildcard(req *http.Request, _ *acl.EnterpriseMeta) error {
Miscellaneous Fixes (#6896) Ensure we close the Sentinel Evaluator so as not to leak go routines Fix a bunch of test logging so that various warnings when starting a test agent go to the ltest logger and not straight to stdout. Various canned ent meta types always return a valid pointer (no more nils). This allows us to blindly deref + assign in various places. Update ACL index tracking to ensure oss -> ent upgrades will work as expected. Update ent meta parsing to include function to disallow wildcarding.
2019-12-06 19:01:34 +00:00
return s.parseEntMeta(req, nil)
}
api: rename HTTPServer to HTTPHandlers Resolves a TODO about naming. This type is a set of handlers for an http.Server, it is not itself a Server. It provides http.Handler functions.
2020-09-04 18:42:15 +00:00
func (s *HTTPHandlers) rewordUnknownEnterpriseFieldError(err error) error {
Add Namespace support to the API module and the CLI commands (#6874) Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent. Add Namespace HTTP API docs Make all API endpoints disallow unknown fields
2019-12-06 16:14:56 +00:00
if err == nil {
return nil
}
msg := err.Error()
if strings.Contains(msg, "json: unknown field ") {
quotedField := strings.TrimPrefix(msg, "json: unknown field ")
switch quotedField {
case `"Namespace"`:
Update namespaces subject-verb agreement
2020-06-23 16:57:30 +00:00
return fmt.Errorf("%v - Namespaces are a Consul Enterprise feature", err)
Add Namespace support to the API module and the CLI commands (#6874) Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent. Add Namespace HTTP API docs Make all API endpoints disallow unknown fields
2019-12-06 16:14:56 +00:00
}
}
return err
Creates HTTP endpoint registry.
2017-11-29 00:06:26 +00:00
}
ui: feature support templating for index.html (#6921)
2019-12-13 19:50:07 +00:00
AuthMethod updates to support alternate namespace logins (#7029)
2020-01-14 15:09:29 +00:00
func parseACLAuthMethodEnterpriseMeta(req *http.Request, _ *structs.ACLAuthMethodEnterpriseMeta) error {
if methodNS := req.URL.Query().Get("authmethod-ns"); methodNS != "" {
Unify various status errors into one HTTP error type. (#12594) Replaces specific error types for HTTP Status codes with a generic HTTPError type. Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-04-29 17:42:49 +00:00
return HTTPError{
StatusCode: http.StatusBadRequest,
Reason: "Invalid query parameter: \"authmethod-ns\" - Namespaces are a Consul Enterprise feature",
}
AuthMethod updates to support alternate namespace logins (#7029)
2020-01-14 15:09:29 +00:00
}
return nil
}
agent: stub out auditing functionality in OSS
2020-04-16 22:07:52 +00:00
Fix audit-log encoding issue (CC-7337) (#20345) * add changes * added changelog * change update * CE chnages * Removed gzip size fix * fix changelog * Update .changelog/20345.txt Co-authored-by: Hans Hasselberg <hans@hashicorp.com> * Adding comments --------- Co-authored-by: Abhishek Sahu <abhishek.sahu@hashicorp.com> Co-authored-by: Hans Hasselberg <hans@hashicorp.com> Co-authored-by: srahul3 <rahulsharma@hashicorp.com>
2024-02-06 11:10:07 +00:00
func (s *HTTPHandlers) enterpriseRequest(w http.ResponseWriter, req *http.Request, handler func(http.ResponseWriter, *http.Request)) {
// no special handling for CE. Calling the default handler with default params.
handler(w, req)
agent: stub out auditing functionality in OSS
2020-04-16 22:07:52 +00:00
}
uiserver: upstream refactors done elsewhere (#8891)
2020-10-09 13:32:39 +00:00
// uiTemplateDataTransform returns an optional uiserver.UIDataTransform to allow
// altering UI data in enterprise.
http: fix a bug that would cause runtimeConfig to be cached This bug would result in the UI not having the correct settings in Consul enterprise, which could produce many warnings in the logs. This bug occured because the index page, which includes a map of configuration was rendered when the HTTPHandler is first created. This PR changes the UIServer to instead render the index page when the page is requested. The rendering does not appear to be all that expensive, so rendering it when requested should not cause much extra latency.
2021-03-24 18:43:42 +00:00
func (s *HTTPHandlers) uiTemplateDataTransform(data map[string]interface{}) error {
uiserver: upstream refactors done elsewhere (#8891)
2020-10-09 13:32:39 +00:00
return nil
}
http: add partition query param parsing
2021-07-14 19:07:38 +00:00
Fixup acl.EnterpriseMeta Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-04-05 21:10:06 +00:00
func (s *HTTPHandlers) parseEntMetaPartition(req *http.Request, meta *acl.EnterpriseMeta) error {
agent: ensure that most agent behavior correctly respects partition configuration (#10880)
2021-08-19 20:09:42 +00:00
if headerAP := req.Header.Get("X-Consul-Partition"); headerAP != "" {
Unify various status errors into one HTTP error type. (#12594) Replaces specific error types for HTTP Status codes with a generic HTTPError type. Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-04-29 17:42:49 +00:00
return HTTPError{
StatusCode: http.StatusBadRequest,
Reason: "Invalid header: \"X-Consul-Partition\" - Partitions are a Consul Enterprise feature",
}
agent: ensure that most agent behavior correctly respects partition configuration (#10880)
2021-08-19 20:09:42 +00:00
}
if queryAP := req.URL.Query().Get("partition"); queryAP != "" {
Unify various status errors into one HTTP error type. (#12594) Replaces specific error types for HTTP Status codes with a generic HTTPError type. Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-04-29 17:42:49 +00:00
return HTTPError{
StatusCode: http.StatusBadRequest,
Reason: "Invalid query parameter: \"partition\" - Partitions are a Consul Enterprise feature",
}
agent: ensure that most agent behavior correctly respects partition configuration (#10880)
2021-08-19 20:09:42 +00:00
}
http: add partition query param parsing
2021-07-14 19:07:38 +00:00
return nil
}