consul/agent/structs/check_definition.go
Christopher Broglie f0307c73e5 Add support for configuring TLS ServerName for health checks
Some TLS servers require SNI, but the Golang HTTP client doesn't
include it in the ClientHello when connecting to an IP address. This
change adds a new TLSServerName field to health check definitions to
optionally set it. This fixes #9473.
2021-03-16 18:16:44 -04:00

199 lines
5.6 KiB
Go

package structs
import (
"time"
"github.com/hashicorp/consul/api"
"github.com/hashicorp/consul/lib"
"github.com/hashicorp/consul/types"
)
// CheckDefinition is used to JSON decode the Check definitions
type CheckDefinition struct {
ID types.CheckID
Name string
Notes string
ServiceID string
Token string
Status string
// Copied fields from CheckType without the fields
// already present in CheckDefinition:
//
// ID (CheckID), Name, Status, Notes
//
ScriptArgs []string
HTTP string
Header map[string][]string
Method string
Body string
TCP string
Interval time.Duration
DockerContainerID string
Shell string
GRPC string
GRPCUseTLS bool
TLSServerName string
TLSSkipVerify bool
AliasNode string
AliasService string
Timeout time.Duration
TTL time.Duration
SuccessBeforePassing int
FailuresBeforeCritical int
DeregisterCriticalServiceAfter time.Duration
OutputMaxSize int
EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
}
func (t *CheckDefinition) UnmarshalJSON(data []byte) (err error) {
type Alias CheckDefinition
aux := &struct {
// Parse special values
Interval interface{}
Timeout interface{}
TTL interface{}
DeregisterCriticalServiceAfter interface{}
// Translate fields
// "args" -> ScriptArgs
Args []string `json:"args"`
ScriptArgsSnake []string `json:"script_args"`
DeregisterCriticalServiceAfterSnake interface{} `json:"deregister_critical_service_after"`
DockerContainerIDSnake string `json:"docker_container_id"`
TLSServerNameSnake string `json:"tls_server_name"`
TLSSkipVerifySnake bool `json:"tls_skip_verify"`
GRPCUseTLSSnake bool `json:"grpc_use_tls"`
ServiceIDSnake string `json:"service_id"`
*Alias
}{
Alias: (*Alias)(t),
}
if err = lib.UnmarshalJSON(data, &aux); err != nil {
return err
}
// Translate Fields
if aux.DeregisterCriticalServiceAfter == nil {
aux.DeregisterCriticalServiceAfter = aux.DeregisterCriticalServiceAfterSnake
}
if len(t.ScriptArgs) == 0 {
t.ScriptArgs = aux.Args
}
if len(t.ScriptArgs) == 0 {
t.ScriptArgs = aux.ScriptArgsSnake
}
if t.DockerContainerID == "" {
t.DockerContainerID = aux.DockerContainerIDSnake
}
if t.TLSServerName == "" {
t.TLSServerName = aux.TLSServerNameSnake
}
if aux.TLSSkipVerifySnake {
t.TLSSkipVerify = aux.TLSSkipVerifySnake
}
if aux.GRPCUseTLSSnake {
t.GRPCUseTLS = aux.GRPCUseTLSSnake
}
if t.ServiceID == "" {
t.ServiceID = aux.ServiceIDSnake
}
// Parse special values
if aux.Interval != nil {
switch v := aux.Interval.(type) {
case string:
if t.Interval, err = time.ParseDuration(v); err != nil {
return err
}
case float64:
t.Interval = time.Duration(v)
}
}
if aux.Timeout != nil {
switch v := aux.Timeout.(type) {
case string:
if t.Timeout, err = time.ParseDuration(v); err != nil {
return err
}
case float64:
t.Timeout = time.Duration(v)
}
}
if aux.TTL != nil {
switch v := aux.TTL.(type) {
case string:
if t.TTL, err = time.ParseDuration(v); err != nil {
return err
}
case float64:
t.TTL = time.Duration(v)
}
}
if aux.DeregisterCriticalServiceAfter != nil {
switch v := aux.DeregisterCriticalServiceAfter.(type) {
case string:
if t.DeregisterCriticalServiceAfter, err = time.ParseDuration(v); err != nil {
return err
}
case float64:
t.DeregisterCriticalServiceAfter = time.Duration(v)
}
}
return nil
}
func (c *CheckDefinition) HealthCheck(node string) *HealthCheck {
health := &HealthCheck{
Node: node,
CheckID: c.ID,
Name: c.Name,
Status: api.HealthCritical,
Notes: c.Notes,
ServiceID: c.ServiceID,
EnterpriseMeta: c.EnterpriseMeta,
}
if c.Status != "" {
health.Status = c.Status
}
if health.CheckID == "" && health.Name != "" {
health.CheckID = types.CheckID(health.Name)
}
return health
}
func (c *CheckDefinition) CheckType() *CheckType {
return &CheckType{
CheckID: c.ID,
Name: c.Name,
Status: c.Status,
Notes: c.Notes,
ScriptArgs: c.ScriptArgs,
AliasNode: c.AliasNode,
AliasService: c.AliasService,
HTTP: c.HTTP,
GRPC: c.GRPC,
GRPCUseTLS: c.GRPCUseTLS,
Header: c.Header,
Method: c.Method,
Body: c.Body,
OutputMaxSize: c.OutputMaxSize,
TCP: c.TCP,
Interval: c.Interval,
DockerContainerID: c.DockerContainerID,
Shell: c.Shell,
TLSServerName: c.TLSServerName,
TLSSkipVerify: c.TLSSkipVerify,
Timeout: c.Timeout,
TTL: c.TTL,
SuccessBeforePassing: c.SuccessBeforePassing,
FailuresBeforeCritical: c.FailuresBeforeCritical,
DeregisterCriticalServiceAfter: c.DeregisterCriticalServiceAfter,
}
}