proxy

package
v1.10.0-alpha Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 18, 2021 License: MPL-2.0 Imports: 22 Imported by: 23

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func TestEchoConn

func TestEchoConn(t testing.T, conn net.Conn, prefix string)

TestEchoConn attempts to write some bytes to conn and expects to read them back within a short timeout (10ms). If prefix is not empty we expect it to be poresent at the start of all echoed responses (for example to distinguish between multiple echo server instances).

func TestLocalAddr

func TestLocalAddr(port int) string

TestLocalAddr makes a localhost address on the given port

func TestStaticUpstreamResolverFunc added in v1.3.0

func TestStaticUpstreamResolverFunc(r connect.Resolver) func(UpstreamConfig) (connect.Resolver, error)

TestStaticUpstreamResolverFunc returns a function that will return a static resolver for testing UpstreamListener.

func UpstreamResolverFuncFromClient added in v1.3.0

func UpstreamResolverFuncFromClient(client *api.Client) func(cfg UpstreamConfig) (connect.Resolver, error)

UpstreamResolverFuncFromClient returns a closure that captures a consul client and when called provides a ConsulResolver that can resolve the given UpstreamConfig using the provided api.Client dependency.

Types

type AgentConfigWatcher

type AgentConfigWatcher struct {
	// contains filtered or unexported fields
}

AgentConfigWatcher watches the local Consul agent for proxy config changes.

func NewAgentConfigWatcher

func NewAgentConfigWatcher(client *api.Client, proxyID string,
	logger hclog.Logger) (*AgentConfigWatcher, error)

NewAgentConfigWatcher creates an AgentConfigWatcher.

func (*AgentConfigWatcher) Close

func (w *AgentConfigWatcher) Close() error

Close frees watcher resources and implements io.Closer

func (*AgentConfigWatcher) Watch

func (w *AgentConfigWatcher) Watch() <-chan *Config

Watch implements ConfigWatcher.

type Config

type Config struct {
	// Token is the authentication token provided for queries to the local agent.
	Token string `json:"token" hcl:"token"`

	// ProxiedServiceName is the name of the service this proxy is representing.
	// This is the service _name_ and not the service _id_. This allows the
	// proxy to represent services not present in the local catalog.
	//
	// ProxiedServiceNamespace is the namespace of the service this proxy is
	// representing.
	ProxiedServiceName      string `json:"proxied_service_name" hcl:"proxied_service_name"`
	ProxiedServiceNamespace string `json:"proxied_service_namespace" hcl:"proxied_service_namespace"`

	// PublicListener configures the mTLS listener.
	PublicListener PublicListenerConfig `json:"public_listener" hcl:"public_listener"`

	// Upstreams configures outgoing proxies for remote connect services.
	Upstreams []UpstreamConfig `json:"upstreams" hcl:"upstreams"`

	// Telemetry stores configuration for go-metrics. It is typically populated
	// from the agent's runtime config via the proxy config endpoint so that the
	// proxy will log metrics to the same location(s) as the agent.
	Telemetry lib.TelemetryConfig
}

Config is the publicly configurable state for an entire proxy instance. It's mostly used as the format for the local-file config mode which is mostly for dev/testing. In normal use, different parts of this config are pulled from different locations (e.g. command line, agent config endpoint, agent certificate endpoints).

func (*Config) Service

func (c *Config) Service(client *api.Client, logger hclog.Logger) (*connect.Service, error)

Service returns the *connect.Service structure represented by this config.

type ConfigWatcher

type ConfigWatcher interface {
	// Watch returns a channel that will deliver new Configs if something external
	// provokes it.
	Watch() <-chan *Config
}

ConfigWatcher is a simple interface to allow dynamic configurations from pluggable sources.

type Conn

type Conn struct {
	// contains filtered or unexported fields
}

Conn represents a single proxied TCP connection.

func NewConn

func NewConn(src, dst net.Conn) *Conn

NewConn returns a conn joining the two given net.Conn

func (*Conn) Close

func (c *Conn) Close() error

Close closes both connections.

func (*Conn) CopyBytes

func (c *Conn) CopyBytes() error

CopyBytes will continuously copy bytes in both directions between src and dst until either connection is closed.

func (*Conn) Stats

func (c *Conn) Stats() (txBytes, rxBytes uint64)

Stats returns number of bytes transmitted and received. Transmit means bytes written to dst, receive means bytes written to src.

type Listener

type Listener struct {
	// Service is the connect service instance to use.
	Service *connect.Service
	// contains filtered or unexported fields
}

Listener is the implementation of a specific proxy listener. It has pluggable Listen and Dial methods to suit public mTLS vs upstream semantics. It handles the lifecycle of the listener and all connections opened through it

func NewPublicListener

func NewPublicListener(svc *connect.Service, cfg PublicListenerConfig,
	logger hclog.Logger) *Listener

NewPublicListener returns a Listener setup to listen for public mTLS connections and proxy them to the configured local application over TCP.

func NewUpstreamListener

func NewUpstreamListener(svc *connect.Service, client *api.Client,
	cfg UpstreamConfig, logger hclog.Logger) *Listener

NewUpstreamListener returns a Listener setup to listen locally for TCP connections that are proxied to a discovered Connect service instance.

func (*Listener) BindAddr

func (l *Listener) BindAddr() string

BindAddr returns the address the listen is bound to.

func (*Listener) Close

func (l *Listener) Close() error

Close terminates the listener and all active connections.

func (*Listener) Serve

func (l *Listener) Serve() error

Serve runs the listener until it is stopped. It is an error to call Serve more than once for any given Listener instance.

func (*Listener) Wait

func (l *Listener) Wait()

Wait for the listener to be ready to accept connections.

type Proxy

type Proxy struct {
	// contains filtered or unexported fields
}

Proxy implements the built-in connect proxy.

func New

func New(client *api.Client, cw ConfigWatcher, logger hclog.Logger) (*Proxy, error)

New returns a proxy with the given configuration source.

The ConfigWatcher can be used to update the configuration of the proxy. Whenever a new configuration is detected, the proxy will reconfigure itself.

func (*Proxy) Close

func (p *Proxy) Close()

Close stops the proxy and terminates all active connections. It must be called only once.

func (*Proxy) Serve

func (p *Proxy) Serve() error

Serve the proxy instance until a fatal error occurs or proxy is closed.

type PublicListenerConfig

type PublicListenerConfig struct {
	// BindAddress is the host/IP the public mTLS listener will bind to.
	//
	// BindPort is the port the public listener will bind to.
	BindAddress string `json:"bind_address" hcl:"bind_address" mapstructure:"bind_address"`
	BindPort    int    `json:"bind_port" hcl:"bind_port" mapstructure:"bind_port"`

	// LocalServiceAddress is the host:port for the proxied application. This
	// should be on loopback or otherwise protected as it's plain TCP.
	LocalServiceAddress string `json:"local_service_address" hcl:"local_service_address" mapstructure:"local_service_address"`

	// LocalConnectTimeout is the timeout for establishing connections with the
	// local backend. Defaults to 1000 (1s).
	LocalConnectTimeoutMs int `json:"local_connect_timeout_ms" hcl:"local_connect_timeout_ms" mapstructure:"local_connect_timeout_ms"`

	// HandshakeTimeout is the timeout for incoming mTLS clients to complete a
	// handshake. Setting this low avoids DOS by malicious clients holding
	// resources open. Defaults to 10000 (10s).
	HandshakeTimeoutMs int `json:"handshake_timeout_ms" hcl:"handshake_timeout_ms" mapstructure:"handshake_timeout_ms"`
}

PublicListenerConfig contains the parameters needed for the incoming mTLS listener.

type StaticConfigWatcher

type StaticConfigWatcher struct {
	// contains filtered or unexported fields
}

StaticConfigWatcher is a simple ConfigWatcher that delivers a static Config once and then never changes it.

func NewStaticConfigWatcher

func NewStaticConfigWatcher(cfg *Config) *StaticConfigWatcher

NewStaticConfigWatcher returns a ConfigWatcher for a config that never changes. It assumes only one "watcher" will ever call Watch. The config is delivered on the first call but will never be delivered again to allow callers to call repeatedly (e.g. select in a loop).

func (*StaticConfigWatcher) Watch

func (sc *StaticConfigWatcher) Watch() <-chan *Config

Watch implements ConfigWatcher on a static configuration for compatibility. It returns itself on the channel once and then leaves it open.

type TestTCPServer

type TestTCPServer struct {
	// contains filtered or unexported fields
}

TestTCPServer is a simple TCP echo server for use during tests.

func NewTestTCPServer

func NewTestTCPServer(t testing.T) *TestTCPServer

NewTestTCPServer opens as a listening socket on the given address and returns a TestTCPServer serving requests to it. The server is already started and can be stopped by calling Close().

func (*TestTCPServer) Addr

func (s *TestTCPServer) Addr() net.Addr

Addr returns the address that this server is listening on.

func (*TestTCPServer) Close

func (s *TestTCPServer) Close()

Close stops the server

type UpstreamConfig

type UpstreamConfig api.Upstream

UpstreamConfig is an alias for api.Upstream so we can parse in a compatible way but define custom methods for accessing the opaque config metadata.

func (*UpstreamConfig) ConnectTimeout added in v1.3.0

func (uc *UpstreamConfig) ConnectTimeout() time.Duration

ConnectTimeout returns the connect timeout field of the nested config struct or the default value.

func (*UpstreamConfig) String

func (uc *UpstreamConfig) String() string

String returns a string that uniquely identifies the Upstream. Used for identifying the upstream in log output and map keys.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL