mirror of
https://github.com/status-im/consul.git
synced 2025-01-09 21:35:52 +00:00
34a32d4ce5
The peer name will eventually show up elsewhere in the resource. For now though this rips it out of where we don’t want it to be.
328 lines
9.9 KiB
Go
328 lines
9.9 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
package resource
|
|
|
|
import (
|
|
"context"
|
|
"errors"
|
|
"strings"
|
|
"time"
|
|
|
|
"google.golang.org/grpc"
|
|
"google.golang.org/grpc/codes"
|
|
"google.golang.org/grpc/metadata"
|
|
"google.golang.org/grpc/status"
|
|
"google.golang.org/protobuf/proto"
|
|
|
|
"github.com/hashicorp/go-hclog"
|
|
|
|
"github.com/hashicorp/consul/acl"
|
|
"github.com/hashicorp/consul/acl/resolver"
|
|
"github.com/hashicorp/consul/internal/resource"
|
|
"github.com/hashicorp/consul/internal/storage"
|
|
"github.com/hashicorp/consul/lib/retry"
|
|
"github.com/hashicorp/consul/proto-public/pbresource"
|
|
)
|
|
|
|
type Server struct {
|
|
Config
|
|
}
|
|
|
|
type Config struct {
|
|
Logger hclog.Logger
|
|
Registry Registry
|
|
|
|
// Backend is the storage backend that will be used for resource persistence.
|
|
Backend Backend
|
|
ACLResolver ACLResolver
|
|
// TenancyBridge temporarily allows us to use V1 implementations of
|
|
// partitions and namespaces until V2 implementations are available.
|
|
TenancyBridge TenancyBridge
|
|
|
|
// UseV2Tenancy is true if the "v2tenancy" experiement is active, false otherwise.
|
|
// Attempts to create v2 tenancy resources (partition or namespace) will fail when the
|
|
// flag is false.
|
|
UseV2Tenancy bool
|
|
}
|
|
|
|
//go:generate mockery --name Registry --inpackage
|
|
type Registry interface {
|
|
resource.Registry
|
|
}
|
|
|
|
//go:generate mockery --name Backend --inpackage
|
|
type Backend interface {
|
|
storage.Backend
|
|
}
|
|
|
|
//go:generate mockery --name ACLResolver --inpackage
|
|
type ACLResolver interface {
|
|
ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (resolver.Result, error)
|
|
}
|
|
|
|
//go:generate mockery --name TenancyBridge --inpackage
|
|
type TenancyBridge interface {
|
|
PartitionExists(partition string) (bool, error)
|
|
IsPartitionMarkedForDeletion(partition string) (bool, error)
|
|
NamespaceExists(partition, namespace string) (bool, error)
|
|
IsNamespaceMarkedForDeletion(partition, namespace string) (bool, error)
|
|
}
|
|
|
|
func NewServer(cfg Config) *Server {
|
|
return &Server{cfg}
|
|
}
|
|
|
|
var _ pbresource.ResourceServiceServer = (*Server)(nil)
|
|
|
|
func (s *Server) Register(registrar grpc.ServiceRegistrar) {
|
|
pbresource.RegisterResourceServiceServer(registrar, s)
|
|
}
|
|
|
|
// Get token from grpc metadata or AnonymounsTokenId if not found
|
|
func tokenFromContext(ctx context.Context) string {
|
|
md, ok := metadata.FromIncomingContext(ctx)
|
|
if !ok {
|
|
return acl.AnonymousTokenID
|
|
}
|
|
|
|
vals := md.Get("x-consul-token")
|
|
if len(vals) == 0 {
|
|
return acl.AnonymousTokenID
|
|
}
|
|
return vals[0]
|
|
}
|
|
|
|
func (s *Server) resolveType(typ *pbresource.Type) (*resource.Registration, error) {
|
|
v, ok := s.Registry.Resolve(typ)
|
|
if ok {
|
|
return &v, nil
|
|
}
|
|
return nil, status.Errorf(
|
|
codes.InvalidArgument,
|
|
"resource type %s not registered", resource.ToGVK(typ),
|
|
)
|
|
}
|
|
|
|
func readConsistencyFrom(ctx context.Context) storage.ReadConsistency {
|
|
md, ok := metadata.FromIncomingContext(ctx)
|
|
if !ok {
|
|
return storage.EventualConsistency
|
|
}
|
|
|
|
vals := md.Get("x-consul-consistency-mode")
|
|
if len(vals) == 0 {
|
|
return storage.EventualConsistency
|
|
}
|
|
|
|
if vals[0] == "consistent" {
|
|
return storage.StrongConsistency
|
|
}
|
|
return storage.EventualConsistency
|
|
}
|
|
|
|
func (s *Server) getAuthorizer(token string, entMeta *acl.EnterpriseMeta) (acl.Authorizer, *acl.AuthorizerContext, error) {
|
|
authzContext := &acl.AuthorizerContext{}
|
|
authz, err := s.ACLResolver.ResolveTokenAndDefaultMeta(token, entMeta, authzContext)
|
|
if err != nil {
|
|
return nil, nil, status.Errorf(codes.Internal, "failed getting authorizer: %v", err)
|
|
}
|
|
return authz, authzContext, nil
|
|
}
|
|
|
|
func isGRPCStatusError(err error) bool {
|
|
if err == nil {
|
|
return false
|
|
}
|
|
_, ok := status.FromError(err)
|
|
return ok
|
|
}
|
|
|
|
func validateId(id *pbresource.ID, errorPrefix string) error {
|
|
if id.Type == nil {
|
|
return status.Errorf(codes.InvalidArgument, "%s.type is required", errorPrefix)
|
|
}
|
|
|
|
if err := resource.ValidateName(id.Name); err != nil {
|
|
return status.Errorf(codes.InvalidArgument, "%s.name invalid: %v", errorPrefix, err)
|
|
}
|
|
|
|
// Better UX: Allow callers to pass in nil tenancy. Defaulting and inheritance of tenancy
|
|
// from the request token will take place further down in the call flow.
|
|
if id.Tenancy == nil {
|
|
id.Tenancy = &pbresource.Tenancy{
|
|
Partition: "",
|
|
Namespace: "",
|
|
}
|
|
}
|
|
|
|
if id.Tenancy.Partition != "" {
|
|
if err := resource.ValidateName(id.Tenancy.Partition); err != nil {
|
|
return status.Errorf(codes.InvalidArgument, "%s.tenancy.partition invalid: %v", errorPrefix, err)
|
|
}
|
|
}
|
|
if id.Tenancy.Namespace != "" {
|
|
if err := resource.ValidateName(id.Tenancy.Namespace); err != nil {
|
|
return status.Errorf(codes.InvalidArgument, "%s.tenancy.namespace invalid: %v", errorPrefix, err)
|
|
}
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func validateRef(ref *pbresource.Reference, errorPrefix string) error {
|
|
if ref.Type == nil {
|
|
return status.Errorf(codes.InvalidArgument, "%s.type is required", errorPrefix)
|
|
}
|
|
if err := resource.ValidateName(ref.Name); err != nil {
|
|
return status.Errorf(codes.InvalidArgument, "%s.name invalid: %v", errorPrefix, err)
|
|
}
|
|
if err := resource.ValidateName(ref.Tenancy.Partition); err != nil {
|
|
return status.Errorf(codes.InvalidArgument, "%s.tenancy.partition invalid: %v", errorPrefix, err)
|
|
}
|
|
if err := resource.ValidateName(ref.Tenancy.Namespace); err != nil {
|
|
return status.Errorf(codes.InvalidArgument, "%s.tenancy.namespace invalid: %v", errorPrefix, err)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func validateWildcardTenancy(tenancy *pbresource.Tenancy, namePrefix string) error {
|
|
// Partition has to be a valid name if not wildcard or empty
|
|
if tenancy.Partition != "" && tenancy.Partition != "*" {
|
|
if err := resource.ValidateName(tenancy.Partition); err != nil {
|
|
return status.Errorf(codes.InvalidArgument, "tenancy.partition invalid: %v", err)
|
|
}
|
|
}
|
|
|
|
// Namespace has to be a valid name if not wildcard or empty
|
|
if tenancy.Namespace != "" && tenancy.Namespace != "*" {
|
|
if err := resource.ValidateName(tenancy.Namespace); err != nil {
|
|
return status.Errorf(codes.InvalidArgument, "tenancy.namespace invalid: %v", err)
|
|
}
|
|
}
|
|
|
|
// Not doing a strict resource name validation here because the prefix can be
|
|
// something like "foo-" which is a valid prefix but not valid resource name.
|
|
// relax validation to just check for lowercasing
|
|
if namePrefix != strings.ToLower(namePrefix) {
|
|
return status.Errorf(codes.InvalidArgument, "name_prefix invalid: must be lowercase alphanumeric, got: %v", namePrefix)
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// tenancyExists return an error with the passed in gRPC status code when tenancy partition or namespace do not exist.
|
|
func tenancyExists(reg *resource.Registration, tenancyBridge TenancyBridge, tenancy *pbresource.Tenancy, errCode codes.Code) error {
|
|
if reg.Scope == resource.ScopePartition || reg.Scope == resource.ScopeNamespace {
|
|
exists, err := tenancyBridge.PartitionExists(tenancy.Partition)
|
|
switch {
|
|
case err != nil:
|
|
return err
|
|
case !exists:
|
|
return status.Errorf(errCode, "partition not found: %v", tenancy.Partition)
|
|
}
|
|
}
|
|
|
|
if reg.Scope == resource.ScopeNamespace {
|
|
exists, err := tenancyBridge.NamespaceExists(tenancy.Partition, tenancy.Namespace)
|
|
switch {
|
|
case err != nil:
|
|
return err
|
|
case !exists:
|
|
return status.Errorf(errCode, "namespace not found: %v", tenancy.Namespace)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func validateScopedTenancy(scope resource.Scope, resourceType *pbresource.Type, tenancy *pbresource.Tenancy, allowWildcards bool) error {
|
|
if scope == resource.ScopePartition && tenancy.Namespace != "" && (!allowWildcards || tenancy.Namespace != storage.Wildcard) {
|
|
return status.Errorf(
|
|
codes.InvalidArgument,
|
|
"partition scoped resource %s cannot have a namespace. got: %s",
|
|
resource.ToGVK(resourceType),
|
|
tenancy.Namespace,
|
|
)
|
|
}
|
|
|
|
if scope == resource.ScopeCluster {
|
|
if tenancy.Partition != "" && (!allowWildcards || tenancy.Partition != storage.Wildcard) {
|
|
return status.Errorf(
|
|
codes.InvalidArgument,
|
|
"cluster scoped resource %s cannot have a partition: %s",
|
|
resource.ToGVK(resourceType),
|
|
tenancy.Partition,
|
|
)
|
|
}
|
|
if tenancy.Namespace != "" && (!allowWildcards || tenancy.Namespace != storage.Wildcard) {
|
|
return status.Errorf(
|
|
codes.InvalidArgument,
|
|
"cluster scoped resource %s cannot have a namespace: %s",
|
|
resource.ToGVK(resourceType),
|
|
tenancy.Namespace,
|
|
)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func isTenancyMarkedForDeletion(reg *resource.Registration, tenancyBridge TenancyBridge, tenancy *pbresource.Tenancy) (bool, error) {
|
|
if reg.Scope == resource.ScopePartition || reg.Scope == resource.ScopeNamespace {
|
|
marked, err := tenancyBridge.IsPartitionMarkedForDeletion(tenancy.Partition)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
if marked {
|
|
return marked, nil
|
|
}
|
|
}
|
|
|
|
if reg.Scope == resource.ScopeNamespace {
|
|
marked, err := tenancyBridge.IsNamespaceMarkedForDeletion(tenancy.Partition, tenancy.Namespace)
|
|
if err != nil {
|
|
return false, err
|
|
}
|
|
return marked, nil
|
|
}
|
|
|
|
// Cluster scope has no tenancy so always return false
|
|
return false, nil
|
|
}
|
|
|
|
// retryCAS retries the given operation with exponential backoff if the user
|
|
// didn't provide a version. This is intended to hide failures when the user
|
|
// isn't intentionally performing a CAS operation (all writes are, by design,
|
|
// CAS operations at the storage backend layer).
|
|
func (s *Server) retryCAS(ctx context.Context, vsn string, cas func() error) error {
|
|
if vsn != "" {
|
|
return cas()
|
|
}
|
|
|
|
const maxAttempts = 5
|
|
|
|
// These parameters are fairly arbitrary, so if you find better ones then go
|
|
// ahead and swap them out! In general, we want to wait long enough to smooth
|
|
// over small amounts of storage replication lag, but not so long that we make
|
|
// matters worse by holding onto load.
|
|
backoff := &retry.Waiter{
|
|
MinWait: 50 * time.Millisecond,
|
|
MaxWait: 1 * time.Second,
|
|
Jitter: retry.NewJitter(50),
|
|
Factor: 75 * time.Millisecond,
|
|
}
|
|
|
|
var err error
|
|
for i := 1; i <= maxAttempts; i++ {
|
|
if err = cas(); !errors.Is(err, storage.ErrCASFailure) {
|
|
break
|
|
}
|
|
if backoff.Wait(ctx) != nil {
|
|
break
|
|
}
|
|
s.Logger.Trace("retrying failed CAS operation", "failure_count", i)
|
|
}
|
|
return err
|
|
}
|
|
|
|
func clone[T proto.Message](v T) T { return proto.Clone(v).(T) }
|