Documentation ¶
Overview ¶
Package xds provides an impementation of a gRPC service that exports Envoy's xDS API for config discovery. Specifically we support the Aggregated Discovery Service (ADS) only as we control all config.
A full description of the XDS protocol can be found at https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md
xds.Server also support ext_authz network filter API to authorize incoming connections to Envoy.
Index ¶
- Constants
- func TestCheckRequest(t testing.T, source, dest string) *envoyauth.CheckRequest
- type ACLResolverFunc
- type ADSStream
- type ConfigManager
- type ConnectAuthz
- type Server
- func (s *Server) Check(ctx context.Context, r *envoyauthz.CheckRequest) (*envoyauthz.CheckResponse, error)
- func (s *Server) GRPCServer(certFile, keyFile string) (*grpc.Server, error)
- func (s *Server) IncrementalAggregatedResources(_ envoydisco.AggregatedDiscoveryService_IncrementalAggregatedResourcesServer) error
- func (s *Server) StreamAggregatedResources(stream ADSStream) error
- type TestADSStream
- func (s *TestADSStream) Context() context.Context
- func (s *TestADSStream) Recv() (*envoy.DiscoveryRequest, error)
- func (s *TestADSStream) RecvMsg(m interface{}) error
- func (s *TestADSStream) Send(r *envoy.DiscoveryResponse) error
- func (s *TestADSStream) SendHeader(metadata.MD) error
- func (s *TestADSStream) SendMsg(m interface{}) error
- func (s *TestADSStream) SetHeader(metadata.MD) error
- func (s *TestADSStream) SetTrailer(metadata.MD)
- type TestEnvoy
Constants ¶
const ( // EndpointType is the TypeURL for Endpoint discovery responses. EndpointType = typePrefix + "ClusterLoadAssignment" // ClusterType is the TypeURL for Cluster discovery responses. ClusterType = typePrefix + "Cluster" // RouteType is the TypeURL for Route discovery responses. RouteType = typePrefix + "RouteConfiguration" // ListenerType is the TypeURL for Listener discovery responses. ListenerType = typePrefix + "Listener" // PublicListenerName is the name we give the public listener in Envoy config. PublicListenerName = "public_listener" // LocalAppClusterName is the name we give the local application "cluster" in // Envoy config. LocalAppClusterName = "local_app" // LocalAgentClusterName is the name we give the local agent "cluster" in // Envoy config. LocalAgentClusterName = "local_agent" )
Variables ¶
This section is empty.
Functions ¶
func TestCheckRequest ¶
func TestCheckRequest(t testing.T, source, dest string) *envoyauth.CheckRequest
TestCheckRequest creates an envoyauth.CheckRequest with the source and destination service names.
Types ¶
type ACLResolverFunc ¶
type ACLResolverFunc func(id string) (acl.Authorizer, error)
ACLResolverFunc is a shim to resolve ACLs. Since ACL enforcement is so far entirely agent-local and all uses private methods this allows a simple shim to be written in the agent package to allow resolving without tightly coupling this to the agent.
type ADSStream ¶
type ADSStream = envoydisco.AggregatedDiscoveryService_StreamAggregatedResourcesServer
ADSStream is a shorter way of referring to this thing...
type ConfigManager ¶
type ConfigManager interface {
Watch(proxyID string) (<-chan *proxycfg.ConfigSnapshot, proxycfg.CancelFunc)
}
ConfigManager is the interface xds.Server requires to consume proxy config updates. It's satisfied normally by the agent's proxycfg.Manager, but allows easier testing without several layers of mocked cache, local state and proxycfg.Manager.
type ConnectAuthz ¶
type ConnectAuthz interface { // ConnectAuthorize is implemented by Agent.ConnectAuthorize ConnectAuthorize(token string, req *structs.ConnectAuthorizeRequest) (authz bool, reason string, m *cache.ResultMeta, err error) }
ConnectAuthz is the interface the agent needs to expose to be able to re-use the authorization logic between both APIs.
type Server ¶
type Server struct { Logger *log.Logger CfgMgr ConfigManager Authz ConnectAuthz ResolveToken ACLResolverFunc }
Server represents a gRPC server that can handle both XDS and ext_authz requests from Envoy. All of it's public members must be set before the gRPC server is started.
A full description of the XDS protocol can be found at https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md
func (*Server) Check ¶
func (s *Server) Check(ctx context.Context, r *envoyauthz.CheckRequest) (*envoyauthz.CheckResponse, error)
Check implements envoyauthz.AuthorizationServer.
func (*Server) GRPCServer ¶
GRPCServer returns a server instance that can handle XDS and ext_authz requests.
func (*Server) IncrementalAggregatedResources ¶
func (s *Server) IncrementalAggregatedResources(_ envoydisco.AggregatedDiscoveryService_IncrementalAggregatedResourcesServer) error
IncrementalAggregatedResources implements envoydisco.AggregatedDiscoveryServiceServer
func (*Server) StreamAggregatedResources ¶
StreamAggregatedResources implements envoydisco.AggregatedDiscoveryServiceServer. This is the ADS endpoint which is the only xDS API we directly support for now.
type TestADSStream ¶
type TestADSStream struct {
// contains filtered or unexported fields
}
TestADSStream mocks discovery.AggregatedDiscoveryService_StreamAggregatedResourcesServer to allow testing ADS handler.
func NewTestADSStream ¶
func NewTestADSStream(t testing.T, ctx context.Context) *TestADSStream
NewTestADSStream makes a new TestADSStream
func (*TestADSStream) Context ¶
func (s *TestADSStream) Context() context.Context
Context implements ADSStream
func (*TestADSStream) Recv ¶
func (s *TestADSStream) Recv() (*envoy.DiscoveryRequest, error)
Recv implements ADSStream
func (*TestADSStream) RecvMsg ¶
func (s *TestADSStream) RecvMsg(m interface{}) error
RecvMsg implements ADSStream
func (*TestADSStream) Send ¶
func (s *TestADSStream) Send(r *envoy.DiscoveryResponse) error
Send implements ADSStream
func (*TestADSStream) SendHeader ¶
func (s *TestADSStream) SendHeader(metadata.MD) error
SendHeader implements ADSStream
func (*TestADSStream) SendMsg ¶
func (s *TestADSStream) SendMsg(m interface{}) error
SendMsg implements ADSStream
func (*TestADSStream) SetHeader ¶
func (s *TestADSStream) SetHeader(metadata.MD) error
SetHeader implements ADSStream
func (*TestADSStream) SetTrailer ¶
func (s *TestADSStream) SetTrailer(metadata.MD)
SetTrailer implements ADSStream