mirror of
https://github.com/status-im/consul.git
synced 2025-01-10 05:45:46 +00:00
e5f5fc9301
Ongoing work to support Nomad Workload Identity for authenticating with Consul will mean that Nomad's service registration sync with Consul will want to use Consul tokens scoped to individual workloads for registering services and checks. The `CheckRegister` method in the API doesn't have an option to pass the token in, which prevent us from sharing the same Consul connection for all workloads. Add a `CheckRegisterOpts` to match the behavior of `ServiceRegisterOpts`.
1447 lines
47 KiB
Go
1447 lines
47 KiB
Go
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
package api
|
|
|
|
import (
|
|
"bufio"
|
|
"context"
|
|
"errors"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
)
|
|
|
|
// ServiceKind is the kind of service being registered.
|
|
type ServiceKind string
|
|
|
|
const (
|
|
// ServiceKindTypical is a typical, classic Consul service. This is
|
|
// represented by the absence of a value. This was chosen for ease of
|
|
// backwards compatibility: existing services in the catalog would
|
|
// default to the typical service.
|
|
ServiceKindTypical ServiceKind = ""
|
|
|
|
// ServiceKindConnectProxy is a proxy for the Connect feature. This
|
|
// service proxies another service within Consul and speaks the connect
|
|
// protocol.
|
|
ServiceKindConnectProxy ServiceKind = "connect-proxy"
|
|
|
|
// ServiceKindMeshGateway is a Mesh Gateway for the Connect feature. This
|
|
// service will proxy connections based off the SNI header set by other
|
|
// connect proxies
|
|
ServiceKindMeshGateway ServiceKind = "mesh-gateway"
|
|
|
|
// ServiceKindTerminatingGateway is a Terminating Gateway for the Connect
|
|
// feature. This service will proxy connections to services outside the mesh.
|
|
ServiceKindTerminatingGateway ServiceKind = "terminating-gateway"
|
|
|
|
// ServiceKindIngressGateway is an Ingress Gateway for the Connect feature.
|
|
// This service will ingress connections based of configuration defined in
|
|
// the ingress-gateway config entry.
|
|
ServiceKindIngressGateway ServiceKind = "ingress-gateway"
|
|
|
|
// ServiceKindAPIGateway is an API Gateway for the Connect feature.
|
|
// This service will ingress connections based of configuration defined in
|
|
// the api-gateway config entry.
|
|
ServiceKindAPIGateway ServiceKind = "api-gateway"
|
|
)
|
|
|
|
// UpstreamDestType is the type of upstream discovery mechanism.
|
|
type UpstreamDestType string
|
|
|
|
const (
|
|
// UpstreamDestTypeService discovers instances via healthy service lookup.
|
|
UpstreamDestTypeService UpstreamDestType = "service"
|
|
|
|
// UpstreamDestTypePreparedQuery discovers instances via prepared query
|
|
// execution.
|
|
UpstreamDestTypePreparedQuery UpstreamDestType = "prepared_query"
|
|
)
|
|
|
|
// AgentCheck represents a check known to the agent
|
|
type AgentCheck struct {
|
|
Node string
|
|
CheckID string
|
|
Name string
|
|
Status string
|
|
Notes string
|
|
Output string
|
|
ServiceID string
|
|
ServiceName string
|
|
Type string
|
|
ExposedPort int
|
|
Definition HealthCheckDefinition
|
|
Namespace string `json:",omitempty"`
|
|
Partition string `json:",omitempty"`
|
|
}
|
|
|
|
// AgentWeights represent optional weights for a service
|
|
type AgentWeights struct {
|
|
Passing int
|
|
Warning int
|
|
}
|
|
|
|
// AgentService represents a service known to the agent
|
|
type AgentService struct {
|
|
Kind ServiceKind `json:",omitempty"`
|
|
ID string
|
|
Service string
|
|
Tags []string
|
|
Meta map[string]string
|
|
Port int
|
|
Address string
|
|
SocketPath string `json:",omitempty"`
|
|
TaggedAddresses map[string]ServiceAddress `json:",omitempty"`
|
|
Weights AgentWeights
|
|
EnableTagOverride bool
|
|
CreateIndex uint64 `json:",omitempty" bexpr:"-"`
|
|
ModifyIndex uint64 `json:",omitempty" bexpr:"-"`
|
|
ContentHash string `json:",omitempty" bexpr:"-"`
|
|
Proxy *AgentServiceConnectProxyConfig `json:",omitempty"`
|
|
Connect *AgentServiceConnect `json:",omitempty"`
|
|
PeerName string `json:",omitempty"`
|
|
// NOTE: If we ever set the ContentHash outside of singular service lookup then we may need
|
|
// to include the Namespace in the hash. When we do, then we are in for lots of fun with tests.
|
|
// For now though, ignoring it works well enough.
|
|
Namespace string `json:",omitempty" bexpr:"-" hash:"ignore"`
|
|
Partition string `json:",omitempty" bexpr:"-" hash:"ignore"`
|
|
// Datacenter is only ever returned and is ignored if presented.
|
|
Datacenter string `json:",omitempty" bexpr:"-" hash:"ignore"`
|
|
Locality *Locality `json:",omitempty" bexpr:"-" hash:"ignore"`
|
|
}
|
|
|
|
// AgentServiceChecksInfo returns information about a Service and its checks
|
|
type AgentServiceChecksInfo struct {
|
|
AggregatedStatus string
|
|
Service *AgentService
|
|
Checks HealthChecks
|
|
}
|
|
|
|
// AgentServiceConnect represents the Connect configuration of a service.
|
|
type AgentServiceConnect struct {
|
|
Native bool `json:",omitempty"`
|
|
SidecarService *AgentServiceRegistration `json:",omitempty" bexpr:"-"`
|
|
}
|
|
|
|
// AgentServiceConnectProxyConfig is the proxy configuration in a connect-proxy
|
|
// ServiceDefinition or response.
|
|
type AgentServiceConnectProxyConfig struct {
|
|
EnvoyExtensions []EnvoyExtension `json:",omitempty"`
|
|
DestinationServiceName string `json:",omitempty"`
|
|
DestinationServiceID string `json:",omitempty"`
|
|
LocalServiceAddress string `json:",omitempty"`
|
|
LocalServicePort int `json:",omitempty"`
|
|
LocalServiceSocketPath string `json:",omitempty"`
|
|
Mode ProxyMode `json:",omitempty"`
|
|
TransparentProxy *TransparentProxyConfig `json:",omitempty"`
|
|
Config map[string]interface{} `json:",omitempty" bexpr:"-"`
|
|
Upstreams []Upstream `json:",omitempty"`
|
|
MeshGateway MeshGatewayConfig `json:",omitempty"`
|
|
Expose ExposeConfig `json:",omitempty"`
|
|
AccessLogs *AccessLogsConfig `json:",omitempty"`
|
|
}
|
|
|
|
const (
|
|
// MemberTagKeyACLMode is the key used to indicate what ACL mode the agent is
|
|
// operating in. The values of this key will be one of the MemberACLMode constants
|
|
// with the key not being present indicating ACLModeUnknown.
|
|
MemberTagKeyACLMode = "acls"
|
|
|
|
// MemberTagRole is the key used to indicate that the member is a server or not.
|
|
MemberTagKeyRole = "role"
|
|
|
|
// MemberTagValueRoleServer is the value of the MemberTagKeyRole used to indicate
|
|
// that the member represents a Consul server.
|
|
MemberTagValueRoleServer = "consul"
|
|
|
|
// MemberTagValueRoleClient is the value of the MemberTagKeyRole used to indicate
|
|
// that the member represents a Consul client.
|
|
MemberTagValueRoleClient = "node"
|
|
|
|
// MemberTagKeyDatacenter is the key used to indicate which datacenter this member is in.
|
|
MemberTagKeyDatacenter = "dc"
|
|
|
|
// MemberTagKeySegment is the key name of the tag used to indicate which network
|
|
// segment this member is in.
|
|
// Network Segments are a Consul Enterprise feature.
|
|
MemberTagKeySegment = "segment"
|
|
|
|
// MemberTagKeyPartition is the key name of the tag used to indicate which partition
|
|
// this member is in.
|
|
// Partitions are a Consul Enterprise feature.
|
|
MemberTagKeyPartition = "ap"
|
|
|
|
// MemberTagKeyBootstrap is the key name of the tag used to indicate whether this
|
|
// agent was started with the "bootstrap" configuration enabled
|
|
MemberTagKeyBootstrap = "bootstrap"
|
|
// MemberTagValueBootstrap is the value of the MemberTagKeyBootstrap key when the
|
|
// agent was started with the "bootstrap" configuration enabled.
|
|
MemberTagValueBootstrap = "1"
|
|
|
|
// MemberTagKeyBootstrapExpect is the key name of the tag used to indicate whether
|
|
// this agent was started with the "bootstrap_expect" configuration set to a non-zero
|
|
// value. The value of this key will be the string for of that configuration value.
|
|
MemberTagKeyBootstrapExpect = "expect"
|
|
|
|
// MemberTagKeyUseTLS is the key name of the tag used to indicate whther this agent
|
|
// was configured to use TLS.
|
|
MemberTagKeyUseTLS = "use_tls"
|
|
// MemberTagValueUseTLS is the value of the MemberTagKeyUseTLS when the agent was
|
|
// configured to use TLS. Any other value indicates that it was not setup in
|
|
// that manner.
|
|
MemberTagValueUseTLS = "1"
|
|
|
|
// MemberTagKeyReadReplica is the key used to indicate that the member is a read
|
|
// replica server (will remain a Raft non-voter).
|
|
// Read Replicas are a Consul Enterprise feature.
|
|
MemberTagKeyReadReplica = "read_replica"
|
|
// MemberTagValueReadReplica is the value of the MemberTagKeyReadReplica key when
|
|
// the member is in fact a read-replica. Any other value indicates that it is not.
|
|
// Read Replicas are a Consul Enterprise feature.
|
|
MemberTagValueReadReplica = "1"
|
|
)
|
|
|
|
type MemberACLMode string
|
|
|
|
const (
|
|
// ACLModeDisables indicates that ACLs are disabled for this agent
|
|
ACLModeDisabled MemberACLMode = "0"
|
|
// ACLModeEnabled indicates that ACLs are enabled and operating in new ACL
|
|
// mode (v1.4.0+ ACLs)
|
|
ACLModeEnabled MemberACLMode = "1"
|
|
// ACLModeLegacy has been deprecated, and will be treated as ACLModeUnknown.
|
|
ACLModeLegacy MemberACLMode = "2" // DEPRECATED
|
|
// ACLModeUnkown is used to indicate that the AgentMember.Tags didn't advertise
|
|
// an ACL mode at all. This is the case for Consul versions before v1.4.0 and
|
|
// should be treated the same as ACLModeLegacy.
|
|
ACLModeUnknown MemberACLMode = "3"
|
|
)
|
|
|
|
// AgentMember represents a cluster member known to the agent
|
|
type AgentMember struct {
|
|
Name string
|
|
Addr string
|
|
Port uint16
|
|
Tags map[string]string
|
|
// Status of the Member which corresponds to github.com/hashicorp/serf/serf.MemberStatus
|
|
// Value is one of:
|
|
//
|
|
// AgentMemberNone = 0
|
|
// AgentMemberAlive = 1
|
|
// AgentMemberLeaving = 2
|
|
// AgentMemberLeft = 3
|
|
// AgentMemberFailed = 4
|
|
Status int
|
|
ProtocolMin uint8
|
|
ProtocolMax uint8
|
|
ProtocolCur uint8
|
|
DelegateMin uint8
|
|
DelegateMax uint8
|
|
DelegateCur uint8
|
|
}
|
|
|
|
// ACLMode returns the ACL mode this agent is operating in.
|
|
func (m *AgentMember) ACLMode() MemberACLMode {
|
|
mode := m.Tags[MemberTagKeyACLMode]
|
|
|
|
// the key may not have existed but then an
|
|
// empty string will be returned and we will
|
|
// handle that in the default case of the switch
|
|
switch MemberACLMode(mode) {
|
|
case ACLModeDisabled:
|
|
return ACLModeDisabled
|
|
case ACLModeEnabled:
|
|
return ACLModeEnabled
|
|
default:
|
|
return ACLModeUnknown
|
|
}
|
|
}
|
|
|
|
// IsConsulServer returns true when this member is a Consul server.
|
|
func (m *AgentMember) IsConsulServer() bool {
|
|
return m.Tags[MemberTagKeyRole] == MemberTagValueRoleServer
|
|
}
|
|
|
|
// AllSegments is used to select for all segments in MembersOpts.
|
|
const AllSegments = "_all"
|
|
|
|
// MembersOpts is used for querying member information.
|
|
type MembersOpts struct {
|
|
// WAN is whether to show members from the WAN.
|
|
WAN bool
|
|
|
|
// Segment is the LAN segment to show members for. Setting this to the
|
|
// AllSegments value above will show members in all segments.
|
|
Segment string
|
|
|
|
Filter string
|
|
}
|
|
|
|
// AgentServiceRegistration is used to register a new service
|
|
type AgentServiceRegistration struct {
|
|
Kind ServiceKind `json:",omitempty"`
|
|
ID string `json:",omitempty"`
|
|
Name string `json:",omitempty"`
|
|
Tags []string `json:",omitempty"`
|
|
Port int `json:",omitempty"`
|
|
Address string `json:",omitempty"`
|
|
SocketPath string `json:",omitempty"`
|
|
TaggedAddresses map[string]ServiceAddress `json:",omitempty"`
|
|
EnableTagOverride bool `json:",omitempty"`
|
|
Meta map[string]string `json:",omitempty"`
|
|
Weights *AgentWeights `json:",omitempty"`
|
|
Check *AgentServiceCheck
|
|
Checks AgentServiceChecks
|
|
Proxy *AgentServiceConnectProxyConfig `json:",omitempty"`
|
|
Connect *AgentServiceConnect `json:",omitempty"`
|
|
Namespace string `json:",omitempty" bexpr:"-" hash:"ignore"`
|
|
Partition string `json:",omitempty" bexpr:"-" hash:"ignore"`
|
|
Locality *Locality `json:",omitempty" bexpr:"-" hash:"ignore"`
|
|
}
|
|
|
|
// ServiceRegisterOpts is used to pass extra options to the service register.
|
|
type ServiceRegisterOpts struct {
|
|
// Missing healthchecks will be deleted from the agent.
|
|
// Using this parameter allows to idempotently register a service and its checks without
|
|
// having to manually deregister checks.
|
|
ReplaceExistingChecks bool
|
|
|
|
// Token is used to provide a per-request ACL token
|
|
// which overrides the agent's default token.
|
|
Token string
|
|
|
|
// ctx is an optional context pass through to the underlying HTTP
|
|
// request layer. Use WithContext() to set the context.
|
|
ctx context.Context
|
|
}
|
|
|
|
// WithContext sets the context to be used for the request on a new ServiceRegisterOpts,
|
|
// and returns the opts.
|
|
func (o ServiceRegisterOpts) WithContext(ctx context.Context) ServiceRegisterOpts {
|
|
o.ctx = ctx
|
|
return o
|
|
}
|
|
|
|
// AgentCheckRegistration is used to register a new check
|
|
type AgentCheckRegistration struct {
|
|
ID string `json:",omitempty"`
|
|
Name string `json:",omitempty"`
|
|
Notes string `json:",omitempty"`
|
|
ServiceID string `json:",omitempty"`
|
|
AgentServiceCheck
|
|
Namespace string `json:",omitempty"`
|
|
Partition string `json:",omitempty"`
|
|
}
|
|
|
|
// AgentServiceCheck is used to define a node or service level check
|
|
type AgentServiceCheck struct {
|
|
CheckID string `json:",omitempty"`
|
|
Name string `json:",omitempty"`
|
|
Args []string `json:"ScriptArgs,omitempty"`
|
|
DockerContainerID string `json:",omitempty"`
|
|
Shell string `json:",omitempty"` // Only supported for Docker.
|
|
Interval string `json:",omitempty"`
|
|
Timeout string `json:",omitempty"`
|
|
TTL string `json:",omitempty"`
|
|
HTTP string `json:",omitempty"`
|
|
Header map[string][]string `json:",omitempty"`
|
|
Method string `json:",omitempty"`
|
|
Body string `json:",omitempty"`
|
|
TCP string `json:",omitempty"`
|
|
TCPUseTLS bool `json:",omitempty"`
|
|
UDP string `json:",omitempty"`
|
|
Status string `json:",omitempty"`
|
|
Notes string `json:",omitempty"`
|
|
TLSServerName string `json:",omitempty"`
|
|
TLSSkipVerify bool `json:",omitempty"`
|
|
GRPC string `json:",omitempty"`
|
|
GRPCUseTLS bool `json:",omitempty"`
|
|
H2PING string `json:",omitempty"`
|
|
H2PingUseTLS bool `json:",omitempty"`
|
|
AliasNode string `json:",omitempty"`
|
|
AliasService string `json:",omitempty"`
|
|
SuccessBeforePassing int `json:",omitempty"`
|
|
FailuresBeforeWarning int `json:",omitempty"`
|
|
FailuresBeforeCritical int `json:",omitempty"`
|
|
|
|
// In Consul 0.7 and later, checks that are associated with a service
|
|
// may also contain this optional DeregisterCriticalServiceAfter field,
|
|
// which is a timeout in the same Go time format as Interval and TTL. If
|
|
// a check is in the critical state for more than this configured value,
|
|
// then its associated service (and all of its associated checks) will
|
|
// automatically be deregistered.
|
|
DeregisterCriticalServiceAfter string `json:",omitempty"`
|
|
}
|
|
type AgentServiceChecks []*AgentServiceCheck
|
|
|
|
// AgentToken is used when updating ACL tokens for an agent.
|
|
type AgentToken struct {
|
|
Token string
|
|
}
|
|
|
|
// Metrics info is used to store different types of metric values from the agent.
|
|
type MetricsInfo struct {
|
|
Timestamp string
|
|
Gauges []GaugeValue
|
|
Points []PointValue
|
|
Counters []SampledValue
|
|
Samples []SampledValue
|
|
}
|
|
|
|
// GaugeValue stores one value that is updated as time goes on, such as
|
|
// the amount of memory allocated.
|
|
type GaugeValue struct {
|
|
Name string
|
|
Value float32
|
|
Labels map[string]string
|
|
}
|
|
|
|
// PointValue holds a series of points for a metric.
|
|
type PointValue struct {
|
|
Name string
|
|
Points []float32
|
|
}
|
|
|
|
// SampledValue stores info about a metric that is incremented over time,
|
|
// such as the number of requests to an HTTP endpoint.
|
|
type SampledValue struct {
|
|
Name string
|
|
Count int
|
|
Sum float64
|
|
Min float64
|
|
Max float64
|
|
Mean float64
|
|
Stddev float64
|
|
Labels map[string]string
|
|
}
|
|
|
|
// AgentAuthorizeParams are the request parameters for authorizing a request.
|
|
type AgentAuthorizeParams struct {
|
|
Target string
|
|
ClientCertURI string
|
|
ClientCertSerial string
|
|
}
|
|
|
|
// AgentAuthorize is the response structure for Connect authorization.
|
|
type AgentAuthorize struct {
|
|
Authorized bool
|
|
Reason string
|
|
}
|
|
|
|
// ConnectProxyConfig is the response structure for agent-local proxy
|
|
// configuration.
|
|
type ConnectProxyConfig struct {
|
|
ProxyServiceID string
|
|
TargetServiceID string
|
|
TargetServiceName string
|
|
ContentHash string
|
|
Config map[string]interface{} `bexpr:"-"`
|
|
Upstreams []Upstream
|
|
}
|
|
|
|
// Upstream is the response structure for a proxy upstream configuration.
|
|
type Upstream struct {
|
|
DestinationType UpstreamDestType `json:",omitempty"`
|
|
DestinationPartition string `json:",omitempty"`
|
|
DestinationNamespace string `json:",omitempty"`
|
|
DestinationPeer string `json:",omitempty"`
|
|
DestinationName string
|
|
Datacenter string `json:",omitempty"`
|
|
LocalBindAddress string `json:",omitempty"`
|
|
LocalBindPort int `json:",omitempty"`
|
|
LocalBindSocketPath string `json:",omitempty"`
|
|
LocalBindSocketMode string `json:",omitempty"`
|
|
Config map[string]interface{} `json:",omitempty" bexpr:"-"`
|
|
MeshGateway MeshGatewayConfig `json:",omitempty"`
|
|
CentrallyConfigured bool `json:",omitempty" bexpr:"-"`
|
|
}
|
|
|
|
// Agent can be used to query the Agent endpoints
|
|
type Agent struct {
|
|
c *Client
|
|
|
|
// cache the node name
|
|
nodeName string
|
|
}
|
|
|
|
// Agent returns a handle to the agent endpoints
|
|
func (c *Client) Agent() *Agent {
|
|
return &Agent{c: c}
|
|
}
|
|
|
|
// Self is used to query the agent we are speaking to for
|
|
// information about itself
|
|
func (a *Agent) Self() (map[string]map[string]interface{}, error) {
|
|
r := a.c.newRequest("GET", "/v1/agent/self")
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
var out map[string]map[string]interface{}
|
|
if err := decodeBody(resp, &out); err != nil {
|
|
return nil, err
|
|
}
|
|
return out, nil
|
|
}
|
|
|
|
// Host is used to retrieve information about the host the
|
|
// agent is running on such as CPU, memory, and disk. Requires
|
|
// a operator:read ACL token.
|
|
func (a *Agent) Host() (map[string]interface{}, error) {
|
|
r := a.c.newRequest("GET", "/v1/agent/host")
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return nil, err
|
|
}
|
|
var out map[string]interface{}
|
|
if err := decodeBody(resp, &out); err != nil {
|
|
return nil, err
|
|
}
|
|
return out, nil
|
|
}
|
|
|
|
// Version is used to retrieve information about the running Consul version and build.
|
|
func (a *Agent) Version() (map[string]interface{}, error) {
|
|
r := a.c.newRequest("GET", "/v1/agent/version")
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return nil, err
|
|
}
|
|
var out map[string]interface{}
|
|
if err := decodeBody(resp, &out); err != nil {
|
|
return nil, err
|
|
}
|
|
return out, nil
|
|
}
|
|
|
|
// Metrics is used to query the agent we are speaking to for
|
|
// its current internal metric data
|
|
func (a *Agent) Metrics() (*MetricsInfo, error) {
|
|
r := a.c.newRequest("GET", "/v1/agent/metrics")
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return nil, err
|
|
}
|
|
var out *MetricsInfo
|
|
if err := decodeBody(resp, &out); err != nil {
|
|
return nil, err
|
|
}
|
|
return out, nil
|
|
}
|
|
|
|
// MetricsStream returns an io.ReadCloser which will emit a stream of metrics
|
|
// until the context is cancelled. The metrics are json encoded.
|
|
// The caller is responsible for closing the returned io.ReadCloser.
|
|
func (a *Agent) MetricsStream(ctx context.Context) (io.ReadCloser, error) {
|
|
r := a.c.newRequest("GET", "/v1/agent/metrics/stream")
|
|
r.ctx = ctx
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if err := requireOK(resp); err != nil {
|
|
return nil, err
|
|
}
|
|
return resp.Body, nil
|
|
}
|
|
|
|
// Reload triggers a configuration reload for the agent we are connected to.
|
|
func (a *Agent) Reload() error {
|
|
r := a.c.newRequest("PUT", "/v1/agent/reload")
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// NodeName is used to get the node name of the agent
|
|
func (a *Agent) NodeName() (string, error) {
|
|
if a.nodeName != "" {
|
|
return a.nodeName, nil
|
|
}
|
|
info, err := a.Self()
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
name := info["Config"]["NodeName"].(string)
|
|
a.nodeName = name
|
|
return name, nil
|
|
}
|
|
|
|
// Checks returns the locally registered checks
|
|
func (a *Agent) Checks() (map[string]*AgentCheck, error) {
|
|
return a.ChecksWithFilter("")
|
|
}
|
|
|
|
// ChecksWithFilter returns a subset of the locally registered checks that match
|
|
// the given filter expression
|
|
func (a *Agent) ChecksWithFilter(filter string) (map[string]*AgentCheck, error) {
|
|
return a.ChecksWithFilterOpts(filter, nil)
|
|
}
|
|
|
|
// ChecksWithFilterOpts returns a subset of the locally registered checks that match
|
|
// the given filter expression and QueryOptions.
|
|
func (a *Agent) ChecksWithFilterOpts(filter string, q *QueryOptions) (map[string]*AgentCheck, error) {
|
|
r := a.c.newRequest("GET", "/v1/agent/checks")
|
|
r.setQueryOptions(q)
|
|
r.filterQuery(filter)
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return nil, err
|
|
}
|
|
var out map[string]*AgentCheck
|
|
if err := decodeBody(resp, &out); err != nil {
|
|
return nil, err
|
|
}
|
|
return out, nil
|
|
}
|
|
|
|
// Services returns the locally registered services
|
|
func (a *Agent) Services() (map[string]*AgentService, error) {
|
|
return a.ServicesWithFilter("")
|
|
}
|
|
|
|
// ServicesWithFilter returns a subset of the locally registered services that match
|
|
// the given filter expression
|
|
func (a *Agent) ServicesWithFilter(filter string) (map[string]*AgentService, error) {
|
|
return a.ServicesWithFilterOpts(filter, nil)
|
|
}
|
|
|
|
// ServicesWithFilterOpts returns a subset of the locally registered services that match
|
|
// the given filter expression and QueryOptions.
|
|
func (a *Agent) ServicesWithFilterOpts(filter string, q *QueryOptions) (map[string]*AgentService, error) {
|
|
r := a.c.newRequest("GET", "/v1/agent/services")
|
|
r.setQueryOptions(q)
|
|
r.filterQuery(filter)
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return nil, err
|
|
}
|
|
var out map[string]*AgentService
|
|
if err := decodeBody(resp, &out); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return out, nil
|
|
}
|
|
|
|
// AgentHealthServiceByID returns for a given serviceID: the aggregated health status, the service definition or an error if any
|
|
// - If the service is not found, will return status (critical, nil, nil)
|
|
// - If the service is found, will return (critical|passing|warning), AgentServiceChecksInfo, nil)
|
|
// - In all other cases, will return an error
|
|
func (a *Agent) AgentHealthServiceByID(serviceID string) (string, *AgentServiceChecksInfo, error) {
|
|
return a.AgentHealthServiceByIDOpts(serviceID, nil)
|
|
}
|
|
|
|
func (a *Agent) AgentHealthServiceByIDOpts(serviceID string, q *QueryOptions) (string, *AgentServiceChecksInfo, error) {
|
|
path := fmt.Sprintf("/v1/agent/health/service/id/%v", serviceID)
|
|
r := a.c.newRequest("GET", path)
|
|
r.setQueryOptions(q)
|
|
r.params.Add("format", "json")
|
|
r.header.Set("Accept", "application/json")
|
|
// not a lot of value in wrapping the doRequest call in a requireHttpCodes call
|
|
// we manipulate the resp body and the require calls "swallow" the content on err
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return "", nil, err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
// Service not Found
|
|
if resp.StatusCode == http.StatusNotFound {
|
|
return HealthCritical, nil, nil
|
|
}
|
|
var out *AgentServiceChecksInfo
|
|
if err := decodeBody(resp, &out); err != nil {
|
|
return HealthCritical, out, err
|
|
}
|
|
switch resp.StatusCode {
|
|
case http.StatusOK:
|
|
return HealthPassing, out, nil
|
|
case http.StatusTooManyRequests:
|
|
return HealthWarning, out, nil
|
|
case http.StatusServiceUnavailable:
|
|
return HealthCritical, out, nil
|
|
}
|
|
return HealthCritical, out, fmt.Errorf("Unexpected Error Code %v for %s", resp.StatusCode, path)
|
|
}
|
|
|
|
// AgentHealthServiceByName returns for a given service name: the aggregated health status for all services
|
|
// having the specified name.
|
|
// - If no service is not found, will return status (critical, [], nil)
|
|
// - If the service is found, will return (critical|passing|warning), []api.AgentServiceChecksInfo, nil)
|
|
// - In all other cases, will return an error
|
|
func (a *Agent) AgentHealthServiceByName(service string) (string, []AgentServiceChecksInfo, error) {
|
|
return a.AgentHealthServiceByNameOpts(service, nil)
|
|
}
|
|
|
|
func (a *Agent) AgentHealthServiceByNameOpts(service string, q *QueryOptions) (string, []AgentServiceChecksInfo, error) {
|
|
path := fmt.Sprintf("/v1/agent/health/service/name/%v", service)
|
|
r := a.c.newRequest("GET", path)
|
|
r.setQueryOptions(q)
|
|
r.params.Add("format", "json")
|
|
r.header.Set("Accept", "application/json")
|
|
// not a lot of value in wrapping the doRequest call in a requireHttpCodes call
|
|
// we manipulate the resp body and the require calls "swallow" the content on err
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return "", nil, err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
// Service not Found
|
|
if resp.StatusCode == http.StatusNotFound {
|
|
return HealthCritical, nil, nil
|
|
}
|
|
var out []AgentServiceChecksInfo
|
|
if err := decodeBody(resp, &out); err != nil {
|
|
return HealthCritical, out, err
|
|
}
|
|
switch resp.StatusCode {
|
|
case http.StatusOK:
|
|
return HealthPassing, out, nil
|
|
case http.StatusTooManyRequests:
|
|
return HealthWarning, out, nil
|
|
case http.StatusServiceUnavailable:
|
|
return HealthCritical, out, nil
|
|
}
|
|
return HealthCritical, out, fmt.Errorf("Unexpected Error Code %v for %s", resp.StatusCode, path)
|
|
}
|
|
|
|
// Service returns a locally registered service instance and allows for
|
|
// hash-based blocking.
|
|
//
|
|
// Note that this uses an unconventional blocking mechanism since it's
|
|
// agent-local state. That means there is no persistent raft index so we block
|
|
// based on object hash instead.
|
|
func (a *Agent) Service(serviceID string, q *QueryOptions) (*AgentService, *QueryMeta, error) {
|
|
r := a.c.newRequest("GET", "/v1/agent/service/"+serviceID)
|
|
r.setQueryOptions(q)
|
|
rtt, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return nil, nil, err
|
|
}
|
|
qm := &QueryMeta{}
|
|
parseQueryMeta(resp, qm)
|
|
qm.RequestTime = rtt
|
|
|
|
var out *AgentService
|
|
if err := decodeBody(resp, &out); err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
return out, qm, nil
|
|
}
|
|
|
|
// Members returns the known gossip members. The WAN
|
|
// flag can be used to query a server for WAN members.
|
|
func (a *Agent) Members(wan bool) ([]*AgentMember, error) {
|
|
r := a.c.newRequest("GET", "/v1/agent/members")
|
|
if wan {
|
|
r.params.Set("wan", "1")
|
|
}
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return nil, err
|
|
}
|
|
var out []*AgentMember
|
|
if err := decodeBody(resp, &out); err != nil {
|
|
return nil, err
|
|
}
|
|
return out, nil
|
|
}
|
|
|
|
// MembersOpts returns the known gossip members and can be passed
|
|
// additional options for WAN/segment filtering.
|
|
func (a *Agent) MembersOpts(opts MembersOpts) ([]*AgentMember, error) {
|
|
r := a.c.newRequest("GET", "/v1/agent/members")
|
|
r.params.Set("segment", opts.Segment)
|
|
if opts.WAN {
|
|
r.params.Set("wan", "1")
|
|
}
|
|
|
|
if opts.Filter != "" {
|
|
r.params.Set("filter", opts.Filter)
|
|
}
|
|
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return nil, err
|
|
}
|
|
var out []*AgentMember
|
|
if err := decodeBody(resp, &out); err != nil {
|
|
return nil, err
|
|
}
|
|
return out, nil
|
|
}
|
|
|
|
// ServiceRegister is used to register a new service with
|
|
// the local agent
|
|
func (a *Agent) ServiceRegister(service *AgentServiceRegistration) error {
|
|
opts := ServiceRegisterOpts{
|
|
ReplaceExistingChecks: false,
|
|
}
|
|
|
|
return a.serviceRegister(service, opts)
|
|
}
|
|
|
|
// ServiceRegister is used to register a new service with
|
|
// the local agent and can be passed additional options.
|
|
func (a *Agent) ServiceRegisterOpts(service *AgentServiceRegistration, opts ServiceRegisterOpts) error {
|
|
return a.serviceRegister(service, opts)
|
|
}
|
|
|
|
func (a *Agent) serviceRegister(service *AgentServiceRegistration, opts ServiceRegisterOpts) error {
|
|
r := a.c.newRequest("PUT", "/v1/agent/service/register")
|
|
r.obj = service
|
|
r.ctx = opts.ctx
|
|
if opts.ReplaceExistingChecks {
|
|
r.params.Set("replace-existing-checks", "true")
|
|
}
|
|
if opts.Token != "" {
|
|
r.header.Set("X-Consul-Token", opts.Token)
|
|
}
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// ServiceDeregister is used to deregister a service with
|
|
// the local agent
|
|
func (a *Agent) ServiceDeregister(serviceID string) error {
|
|
r := a.c.newRequest("PUT", "/v1/agent/service/deregister/"+serviceID)
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// ServiceDeregisterOpts is used to deregister a service with
|
|
// the local agent with QueryOptions.
|
|
func (a *Agent) ServiceDeregisterOpts(serviceID string, q *QueryOptions) error {
|
|
r := a.c.newRequest("PUT", "/v1/agent/service/deregister/"+serviceID)
|
|
r.setQueryOptions(q)
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// PassTTL is used to set a TTL check to the passing state.
|
|
//
|
|
// DEPRECATION NOTICE: This interface is deprecated in favor of UpdateTTL().
|
|
// The client interface will be removed in 0.8 or changed to use
|
|
// UpdateTTL()'s endpoint and the server endpoints will be removed in 0.9.
|
|
func (a *Agent) PassTTL(checkID, note string) error {
|
|
return a.updateTTL(checkID, note, "pass")
|
|
}
|
|
|
|
// WarnTTL is used to set a TTL check to the warning state.
|
|
//
|
|
// DEPRECATION NOTICE: This interface is deprecated in favor of UpdateTTL().
|
|
// The client interface will be removed in 0.8 or changed to use
|
|
// UpdateTTL()'s endpoint and the server endpoints will be removed in 0.9.
|
|
func (a *Agent) WarnTTL(checkID, note string) error {
|
|
return a.updateTTL(checkID, note, "warn")
|
|
}
|
|
|
|
// FailTTL is used to set a TTL check to the failing state.
|
|
//
|
|
// DEPRECATION NOTICE: This interface is deprecated in favor of UpdateTTL().
|
|
// The client interface will be removed in 0.8 or changed to use
|
|
// UpdateTTL()'s endpoint and the server endpoints will be removed in 0.9.
|
|
func (a *Agent) FailTTL(checkID, note string) error {
|
|
return a.updateTTL(checkID, note, "fail")
|
|
}
|
|
|
|
// updateTTL is used to update the TTL of a check. This is the internal
|
|
// method that uses the old API that's present in Consul versions prior to
|
|
// 0.6.4. Since Consul didn't have an analogous "update" API before it seemed
|
|
// ok to break this (former) UpdateTTL in favor of the new UpdateTTL below,
|
|
// but keep the old Pass/Warn/Fail methods using the old API under the hood.
|
|
//
|
|
// DEPRECATION NOTICE: This interface is deprecated in favor of UpdateTTL().
|
|
// The client interface will be removed in 0.8 and the server endpoints will
|
|
// be removed in 0.9.
|
|
func (a *Agent) updateTTL(checkID, note, status string) error {
|
|
switch status {
|
|
case "pass":
|
|
case "warn":
|
|
case "fail":
|
|
default:
|
|
return fmt.Errorf("Invalid status: %s", status)
|
|
}
|
|
endpoint := fmt.Sprintf("/v1/agent/check/%s/%s", status, checkID)
|
|
r := a.c.newRequest("PUT", endpoint)
|
|
r.params.Set("note", note)
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// checkUpdate is the payload for a PUT for a check update.
|
|
type checkUpdate struct {
|
|
// Status is one of the api.Health* states: HealthPassing
|
|
// ("passing"), HealthWarning ("warning"), or HealthCritical
|
|
// ("critical").
|
|
Status string
|
|
|
|
// Output is the information to post to the UI for operators as the
|
|
// output of the process that decided to hit the TTL check. This is
|
|
// different from the note field that's associated with the check
|
|
// itself.
|
|
Output string
|
|
}
|
|
|
|
// UpdateTTL is used to update the TTL of a check. This uses the newer API
|
|
// that was introduced in Consul 0.6.4 and later. We translate the old status
|
|
// strings for compatibility (though a newer version of Consul will still be
|
|
// required to use this API).
|
|
func (a *Agent) UpdateTTL(checkID, output, status string) error {
|
|
return a.UpdateTTLOpts(checkID, output, status, nil)
|
|
}
|
|
|
|
func (a *Agent) UpdateTTLOpts(checkID, output, status string, q *QueryOptions) error {
|
|
switch status {
|
|
case "pass", HealthPassing:
|
|
status = HealthPassing
|
|
case "warn", HealthWarning:
|
|
status = HealthWarning
|
|
case "fail", HealthCritical:
|
|
status = HealthCritical
|
|
default:
|
|
return fmt.Errorf("Invalid status: %s", status)
|
|
}
|
|
|
|
endpoint := fmt.Sprintf("/v1/agent/check/update/%s", checkID)
|
|
r := a.c.newRequest("PUT", endpoint)
|
|
r.setQueryOptions(q)
|
|
r.obj = &checkUpdate{
|
|
Status: status,
|
|
Output: output,
|
|
}
|
|
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// CheckRegister is used to register a new check with
|
|
// the local agent
|
|
func (a *Agent) CheckRegister(check *AgentCheckRegistration) error {
|
|
return a.CheckRegisterOpts(check, nil)
|
|
}
|
|
|
|
// CheckRegisterOpts is used to register a new check with
|
|
// the local agent using query options
|
|
func (a *Agent) CheckRegisterOpts(check *AgentCheckRegistration, q *QueryOptions) error {
|
|
r := a.c.newRequest("PUT", "/v1/agent/check/register")
|
|
r.setQueryOptions(q)
|
|
r.obj = check
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// CheckDeregister is used to deregister a check with
|
|
// the local agent
|
|
func (a *Agent) CheckDeregister(checkID string) error {
|
|
return a.CheckDeregisterOpts(checkID, nil)
|
|
}
|
|
|
|
// CheckDeregisterOpts is used to deregister a check with
|
|
// the local agent using query options
|
|
func (a *Agent) CheckDeregisterOpts(checkID string, q *QueryOptions) error {
|
|
r := a.c.newRequest("PUT", "/v1/agent/check/deregister/"+checkID)
|
|
r.setQueryOptions(q)
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Join is used to instruct the agent to attempt a join to
|
|
// another cluster member
|
|
func (a *Agent) Join(addr string, wan bool) error {
|
|
r := a.c.newRequest("PUT", "/v1/agent/join/"+addr)
|
|
if wan {
|
|
r.params.Set("wan", "1")
|
|
}
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Leave is used to have the agent gracefully leave the cluster and shutdown
|
|
func (a *Agent) Leave() error {
|
|
r := a.c.newRequest("PUT", "/v1/agent/leave")
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
type ForceLeaveOpts struct {
|
|
// Prune indicates if we should remove a failed agent from the list of
|
|
// members in addition to ejecting it.
|
|
Prune bool
|
|
|
|
// WAN indicates that the request should exclusively target the WAN pool.
|
|
WAN bool
|
|
}
|
|
|
|
// ForceLeave is used to have the agent eject a failed node
|
|
func (a *Agent) ForceLeave(node string) error {
|
|
return a.ForceLeaveOpts(node, ForceLeaveOpts{})
|
|
}
|
|
|
|
// ForceLeavePrune is used to have an a failed agent removed
|
|
// from the list of members
|
|
func (a *Agent) ForceLeavePrune(node string) error {
|
|
return a.ForceLeaveOpts(node, ForceLeaveOpts{Prune: true})
|
|
}
|
|
|
|
// ForceLeaveOpts is used to have the agent eject a failed node or remove it
|
|
// completely from the list of members.
|
|
//
|
|
// DEPRECATED - Use ForceLeaveOptions instead.
|
|
func (a *Agent) ForceLeaveOpts(node string, opts ForceLeaveOpts) error {
|
|
return a.ForceLeaveOptions(node, opts, nil)
|
|
}
|
|
|
|
// ForceLeaveOptions is used to have the agent eject a failed node or remove it
|
|
// completely from the list of members. Allows usage of QueryOptions on-top of ForceLeaveOpts
|
|
func (a *Agent) ForceLeaveOptions(node string, opts ForceLeaveOpts, q *QueryOptions) error {
|
|
r := a.c.newRequest("PUT", "/v1/agent/force-leave/"+node)
|
|
r.setQueryOptions(q)
|
|
if opts.Prune {
|
|
r.params.Set("prune", "1")
|
|
}
|
|
if opts.WAN {
|
|
r.params.Set("wan", "1")
|
|
}
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// ConnectAuthorize is used to authorize an incoming connection
|
|
// to a natively integrated Connect service.
|
|
func (a *Agent) ConnectAuthorize(auth *AgentAuthorizeParams) (*AgentAuthorize, error) {
|
|
r := a.c.newRequest("POST", "/v1/agent/connect/authorize")
|
|
r.obj = auth
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return nil, err
|
|
}
|
|
var out AgentAuthorize
|
|
if err := decodeBody(resp, &out); err != nil {
|
|
return nil, err
|
|
}
|
|
return &out, nil
|
|
}
|
|
|
|
// ConnectCARoots returns the list of roots.
|
|
func (a *Agent) ConnectCARoots(q *QueryOptions) (*CARootList, *QueryMeta, error) {
|
|
r := a.c.newRequest("GET", "/v1/agent/connect/ca/roots")
|
|
r.setQueryOptions(q)
|
|
rtt, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return nil, nil, err
|
|
}
|
|
|
|
qm := &QueryMeta{}
|
|
parseQueryMeta(resp, qm)
|
|
qm.RequestTime = rtt
|
|
|
|
var out CARootList
|
|
if err := decodeBody(resp, &out); err != nil {
|
|
return nil, nil, err
|
|
}
|
|
return &out, qm, nil
|
|
}
|
|
|
|
// ConnectCALeaf gets the leaf certificate for the given service ID.
|
|
func (a *Agent) ConnectCALeaf(serviceID string, q *QueryOptions) (*LeafCert, *QueryMeta, error) {
|
|
r := a.c.newRequest("GET", "/v1/agent/connect/ca/leaf/"+serviceID)
|
|
r.setQueryOptions(q)
|
|
rtt, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return nil, nil, err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return nil, nil, err
|
|
}
|
|
qm := &QueryMeta{}
|
|
parseQueryMeta(resp, qm)
|
|
qm.RequestTime = rtt
|
|
|
|
var out LeafCert
|
|
if err := decodeBody(resp, &out); err != nil {
|
|
return nil, nil, err
|
|
}
|
|
return &out, qm, nil
|
|
}
|
|
|
|
// EnableServiceMaintenance toggles service maintenance mode on
|
|
// for the given service ID.
|
|
func (a *Agent) EnableServiceMaintenance(serviceID, reason string) error {
|
|
return a.EnableServiceMaintenanceOpts(serviceID, reason, nil)
|
|
}
|
|
|
|
func (a *Agent) EnableServiceMaintenanceOpts(serviceID, reason string, q *QueryOptions) error {
|
|
r := a.c.newRequest("PUT", "/v1/agent/service/maintenance/"+serviceID)
|
|
r.setQueryOptions(q)
|
|
r.params.Set("enable", "true")
|
|
r.params.Set("reason", reason)
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// DisableServiceMaintenance toggles service maintenance mode off
|
|
// for the given service ID.
|
|
func (a *Agent) DisableServiceMaintenance(serviceID string) error {
|
|
return a.DisableServiceMaintenanceOpts(serviceID, nil)
|
|
}
|
|
|
|
func (a *Agent) DisableServiceMaintenanceOpts(serviceID string, q *QueryOptions) error {
|
|
r := a.c.newRequest("PUT", "/v1/agent/service/maintenance/"+serviceID)
|
|
r.setQueryOptions(q)
|
|
r.params.Set("enable", "false")
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// EnableNodeMaintenance toggles node maintenance mode on for the
|
|
// agent we are connected to.
|
|
func (a *Agent) EnableNodeMaintenance(reason string) error {
|
|
r := a.c.newRequest("PUT", "/v1/agent/maintenance")
|
|
r.params.Set("enable", "true")
|
|
r.params.Set("reason", reason)
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// DisableNodeMaintenance toggles node maintenance mode off for the
|
|
// agent we are connected to.
|
|
func (a *Agent) DisableNodeMaintenance() error {
|
|
r := a.c.newRequest("PUT", "/v1/agent/maintenance")
|
|
r.params.Set("enable", "false")
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
if err := requireOK(resp); err != nil {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// Monitor returns a channel which will receive streaming logs from the agent
|
|
// Providing a non-nil stopCh can be used to close the connection and stop the
|
|
// log stream. An empty string will be sent down the given channel when there's
|
|
// nothing left to stream, after which the caller should close the stopCh.
|
|
func (a *Agent) Monitor(loglevel string, stopCh <-chan struct{}, q *QueryOptions) (chan string, error) {
|
|
return a.monitor(loglevel, false, stopCh, q)
|
|
}
|
|
|
|
// MonitorJSON is like Monitor except it returns logs in JSON format.
|
|
func (a *Agent) MonitorJSON(loglevel string, stopCh <-chan struct{}, q *QueryOptions) (chan string, error) {
|
|
return a.monitor(loglevel, true, stopCh, q)
|
|
}
|
|
|
|
func (a *Agent) monitor(loglevel string, logJSON bool, stopCh <-chan struct{}, q *QueryOptions) (chan string, error) {
|
|
r := a.c.newRequest("GET", "/v1/agent/monitor")
|
|
r.setQueryOptions(q)
|
|
if loglevel != "" {
|
|
r.params.Add("loglevel", loglevel)
|
|
}
|
|
if logJSON {
|
|
r.params.Set("logjson", "true")
|
|
}
|
|
_, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
if err := requireOK(resp); err != nil {
|
|
return nil, err
|
|
}
|
|
logCh := make(chan string, 64)
|
|
go func() {
|
|
defer closeResponseBody(resp)
|
|
scanner := bufio.NewScanner(resp.Body)
|
|
for {
|
|
select {
|
|
case <-stopCh:
|
|
close(logCh)
|
|
return
|
|
default:
|
|
}
|
|
if scanner.Scan() {
|
|
// An empty string signals to the caller that
|
|
// the scan is done, so make sure we only emit
|
|
// that when the scanner says it's done, not if
|
|
// we happen to ingest an empty line.
|
|
if text := scanner.Text(); text != "" {
|
|
logCh <- text
|
|
} else {
|
|
logCh <- " "
|
|
}
|
|
} else {
|
|
logCh <- ""
|
|
}
|
|
}
|
|
}()
|
|
return logCh, nil
|
|
}
|
|
|
|
// UpdateACLToken updates the agent's "acl_token". See updateToken for more
|
|
// details. Deprecated in Consul 1.4.
|
|
//
|
|
// DEPRECATED (ACL-Legacy-Compat) - Prefer UpdateDefaultACLToken for v1.4.3 and above
|
|
func (a *Agent) UpdateACLToken(token string, q *WriteOptions) (*WriteMeta, error) {
|
|
return nil, fmt.Errorf("Legacy ACL Tokens were deprecated in Consul 1.4")
|
|
}
|
|
|
|
// UpdateACLAgentToken updates the agent's "acl_agent_token". See updateToken
|
|
// for more details. Deprecated in Consul 1.4.
|
|
//
|
|
// DEPRECATED (ACL-Legacy-Compat) - Prefer UpdateAgentACLToken for v1.4.3 and above
|
|
func (a *Agent) UpdateACLAgentToken(token string, q *WriteOptions) (*WriteMeta, error) {
|
|
return nil, fmt.Errorf("Legacy ACL Tokens were deprecated in Consul 1.4")
|
|
}
|
|
|
|
// UpdateACLAgentMasterToken updates the agent's "acl_agent_master_token". See
|
|
// updateToken for more details. Deprecated in Consul 1.4.
|
|
//
|
|
// DEPRECATED (ACL-Legacy-Compat) - Prefer UpdateAgentMasterACLToken for v1.4.3 and above
|
|
func (a *Agent) UpdateACLAgentMasterToken(token string, q *WriteOptions) (*WriteMeta, error) {
|
|
return nil, fmt.Errorf("Legacy ACL Tokens were deprecated in Consul 1.4")
|
|
}
|
|
|
|
// UpdateACLReplicationToken updates the agent's "acl_replication_token". See
|
|
// updateToken for more details. Deprecated in Consul 1.4.
|
|
//
|
|
// DEPRECATED (ACL-Legacy-Compat) - Prefer UpdateReplicationACLToken for v1.4.3 and above
|
|
func (a *Agent) UpdateACLReplicationToken(token string, q *WriteOptions) (*WriteMeta, error) {
|
|
return nil, fmt.Errorf("Legacy ACL Tokens were deprecated in Consul 1.4")
|
|
}
|
|
|
|
// UpdateDefaultACLToken updates the agent's "default" token. See updateToken
|
|
// for more details
|
|
func (a *Agent) UpdateDefaultACLToken(token string, q *WriteOptions) (*WriteMeta, error) {
|
|
return a.updateTokenFallback(token, q, "default", "acl_token")
|
|
}
|
|
|
|
// UpdateAgentACLToken updates the agent's "agent" token. See updateToken
|
|
// for more details
|
|
func (a *Agent) UpdateAgentACLToken(token string, q *WriteOptions) (*WriteMeta, error) {
|
|
return a.updateTokenFallback(token, q, "agent", "acl_agent_token")
|
|
}
|
|
|
|
// UpdateAgentRecoveryACLToken updates the agent's "agent_recovery" token. See updateToken
|
|
// for more details.
|
|
func (a *Agent) UpdateAgentRecoveryACLToken(token string, q *WriteOptions) (*WriteMeta, error) {
|
|
return a.updateTokenFallback(token, q, "agent_recovery", "agent_master", "acl_agent_master_token")
|
|
}
|
|
|
|
// UpdateAgentMasterACLToken updates the agent's "agent_master" token. See updateToken
|
|
// for more details.
|
|
//
|
|
// DEPRECATED - Prefer UpdateAgentRecoveryACLToken for v1.11 and above.
|
|
func (a *Agent) UpdateAgentMasterACLToken(token string, q *WriteOptions) (*WriteMeta, error) {
|
|
return a.updateTokenFallback(token, q, "agent_master", "acl_agent_master_token")
|
|
}
|
|
|
|
// UpdateReplicationACLToken updates the agent's "replication" token. See updateToken
|
|
// for more details
|
|
func (a *Agent) UpdateReplicationACLToken(token string, q *WriteOptions) (*WriteMeta, error) {
|
|
return a.updateTokenFallback(token, q, "replication", "acl_replication_token")
|
|
}
|
|
|
|
// UpdateConfigFileRegistrationToken updates the agent's "replication" token. See updateToken
|
|
// for more details
|
|
func (a *Agent) UpdateConfigFileRegistrationToken(token string, q *WriteOptions) (*WriteMeta, error) {
|
|
return a.updateToken("config_file_service_registration", token, q)
|
|
}
|
|
|
|
func (a *Agent) UpdateDNSToken(token string, q *WriteOptions) (*WriteMeta, error) {
|
|
return a.updateToken("dns", token, q)
|
|
}
|
|
|
|
// updateToken can be used to update one of an agent's ACL tokens after the agent has
|
|
// started. The tokens are may not be persisted, so will need to be updated again if
|
|
// the agent is restarted unless the agent is configured to persist them.
|
|
func (a *Agent) updateToken(target, token string, q *WriteOptions) (*WriteMeta, error) {
|
|
meta, _, err := a.updateTokenOnce(target, token, q)
|
|
return meta, err
|
|
}
|
|
|
|
func (a *Agent) updateTokenFallback(token string, q *WriteOptions, targets ...string) (*WriteMeta, error) {
|
|
if len(targets) == 0 {
|
|
panic("targets must not be empty")
|
|
}
|
|
|
|
var (
|
|
meta *WriteMeta
|
|
err error
|
|
)
|
|
for _, target := range targets {
|
|
var status int
|
|
meta, status, err = a.updateTokenOnce(target, token, q)
|
|
if err == nil && status != http.StatusNotFound {
|
|
return meta, err
|
|
}
|
|
}
|
|
return meta, err
|
|
}
|
|
|
|
func (a *Agent) updateTokenOnce(target, token string, q *WriteOptions) (*WriteMeta, int, error) {
|
|
r := a.c.newRequest("PUT", fmt.Sprintf("/v1/agent/token/%s", target))
|
|
r.setWriteOptions(q)
|
|
r.obj = &AgentToken{Token: token}
|
|
|
|
rtt, resp, err := a.c.doRequest(r)
|
|
if err != nil {
|
|
return nil, 500, err
|
|
}
|
|
defer closeResponseBody(resp)
|
|
wm := &WriteMeta{RequestTime: rtt}
|
|
if err := requireOK(resp); err != nil {
|
|
var statusE StatusError
|
|
if errors.As(err, &statusE) {
|
|
return wm, statusE.Code, statusE
|
|
}
|
|
return nil, 0, err
|
|
}
|
|
return wm, resp.StatusCode, nil
|
|
}
|