mirror of
https://github.com/status-im/consul.git
synced 2025-01-23 20:19:29 +00:00
7a55de375c
Previously, we'd begin a session with the xDS concurrency limiter regardless of whether the proxy was registered in the catalog or in the server's local agent state. This caused problems for users who run `consul connect envoy` directly against a server rather than a client agent, as the server's locally registered proxies wouldn't be included in the limiter's capacity. Now, the `ConfigSource` is responsible for beginning the session and we only do so for services in the catalog. Fixes: https://github.com/hashicorp/consul/issues/15753
33 lines
1.1 KiB
Go
33 lines
1.1 KiB
Go
package local
|
|
|
|
import (
|
|
"github.com/hashicorp/consul/agent/grpc-external/limiter"
|
|
"github.com/hashicorp/consul/agent/proxycfg"
|
|
structs "github.com/hashicorp/consul/agent/structs"
|
|
)
|
|
|
|
// ConfigSource wraps a proxycfg.Manager to create watches on services
|
|
// local to the agent (pre-registered by Sync).
|
|
type ConfigSource struct {
|
|
manager ConfigManager
|
|
}
|
|
|
|
// NewConfigSource builds a ConfigSource with the given proxycfg.Manager.
|
|
func NewConfigSource(cfgMgr ConfigManager) *ConfigSource {
|
|
return &ConfigSource{cfgMgr}
|
|
}
|
|
|
|
func (m *ConfigSource) Watch(serviceID structs.ServiceID, nodeName string, _ string) (<-chan *proxycfg.ConfigSnapshot, limiter.SessionTerminatedChan, proxycfg.CancelFunc, error) {
|
|
watchCh, cancelWatch := m.manager.Watch(proxycfg.ProxyID{
|
|
ServiceID: serviceID,
|
|
NodeName: nodeName,
|
|
|
|
// Note: we *intentionally* don't set Token here. All watches on local
|
|
// services use the same ACL token, regardless of whatever token is
|
|
// presented in the xDS stream (the token presented to the xDS server
|
|
// is checked before the watch is created).
|
|
Token: "",
|
|
})
|
|
return watchCh, nil, cancelWatch, nil
|
|
}
|