Documentation ¶
Index ¶
- Constants
- Variables
- func ACLIDReserved(id string) bool
- func Decode(buf []byte, out interface{}) error
- func DecodeProto(buf []byte, pb proto.Message) error
- func DefaultEnterpriseMetaInDefaultPartition() *acl.EnterpriseMeta
- func DefaultEnterpriseMetaInPartition(_ string) *acl.EnterpriseMeta
- func DurationFromProto(d *duration.Duration) time.Duration
- func DurationToProto(d time.Duration) *duration.Duration
- func Encode(t MessageType, msg interface{}) ([]byte, error)
- func EncodeProto(t MessageType, pb proto.Message) ([]byte, error)
- func EncodeProtoInterface(t MessageType, message interface{}) ([]byte, error)
- func IsConsulServiceID(id ServiceID) bool
- func IsErrNoDCPath(err error) bool
- func IsErrNoLeader(err error) bool
- func IsErrQueryNotFound(err error) bool
- func IsErrRPCRateExceeded(err error) bool
- func IsErrServiceNotFound(err error) bool
- func IsProtocolHTTPLike(protocol string) bool
- func IsSerfCheckID(id CheckID) bool
- func IsValidPartitionAndDatacenter(meta acl.EnterpriseMeta, datacenters []string, primaryDatacenter string) bool
- func IsZeroProtoTime(t *timestamp.Timestamp) bool
- func NewEnterpriseMetaInDefaultPartition(_ string) acl.EnterpriseMeta
- func NewEnterpriseMetaWithPartition(_, _ string) acl.EnterpriseMeta
- func NodeEnterpriseMetaInDefaultPartition() *acl.EnterpriseMeta
- func NodeEnterpriseMetaInPartition(_ string) *acl.EnterpriseMeta
- func NodeNameString(node string, _ *acl.EnterpriseMeta) string
- func NormalizeServiceSplitWeight(weight float32) float32
- func ParseDurationFunc() mapstructure.DecodeHookFunc
- func ParseServiceIDString(input string) (string, *acl.EnterpriseMeta)
- func ParseServiceNameString(input string) (string, *acl.EnterpriseMeta)
- func ReplicationEnterpriseMeta() *acl.EnterpriseMeta
- func SanitizeLegacyACLToken(token *ACLToken)
- func SanitizeLegacyACLTokenRules(rules string) string
- func SatisfiesMetaFilters(meta map[string]string, filters map[string]string) bool
- func ServiceGatewayVirtualIPTag(sn ServiceName) string
- func ServiceIDString(id string, _ *acl.EnterpriseMeta) string
- func TestMsgpackEncodeDecode(t *testing.T, in interface{}, requireEncoderEquality bool)
- func TimeFromProto(s *timestamp.Timestamp) time.Time
- func TimeToProto(s time.Time) *timestamp.Timestamp
- func Uint8ToString(bs []uint8) string
- func UniqueID(node string, compoundID string) string
- func ValidStatus(s string) bool
- func ValidateNodeMetadata(meta map[string]string, allowConsulPrefix bool) error
- func ValidateServiceMetadata(kind ServiceKind, meta map[string]string, allowConsulPrefix bool) error
- func ValidateWeights(weights *Weights) error
- func WildcardEnterpriseMetaInDefaultPartition() *acl.EnterpriseMeta
- func WildcardEnterpriseMetaInPartition(_ string) *acl.EnterpriseMeta
- type ACLAuthMethod
- type ACLAuthMethodBatchDeleteRequest
- type ACLAuthMethodBatchSetRequest
- type ACLAuthMethodDeleteRequest
- type ACLAuthMethodEnterpriseFields
- type ACLAuthMethodEnterpriseMeta
- type ACLAuthMethodGetRequest
- type ACLAuthMethodListRequest
- type ACLAuthMethodListResponse
- type ACLAuthMethodListStub
- type ACLAuthMethodListStubs
- type ACLAuthMethodResponse
- type ACLAuthMethodSetRequest
- type ACLAuthMethods
- type ACLAuthorizationRequest
- type ACLAuthorizationResponse
- type ACLBindingRule
- type ACLBindingRuleBatchDeleteRequest
- type ACLBindingRuleBatchSetRequest
- type ACLBindingRuleDeleteRequest
- type ACLBindingRuleGetRequest
- type ACLBindingRuleListRequest
- type ACLBindingRuleListResponse
- type ACLBindingRuleResponse
- type ACLBindingRuleSetRequest
- type ACLBindingRules
- type ACLCaches
- func (c *ACLCaches) GetAuthorizer(id string) *AuthorizerCacheEntry
- func (c *ACLCaches) GetIdentity(id string) *IdentityCacheEntry
- func (c *ACLCaches) GetParsedPolicy(id string) *ParsedPolicyCacheEntry
- func (c *ACLCaches) GetPolicy(policyID string) *PolicyCacheEntry
- func (c *ACLCaches) GetRole(roleID string) *RoleCacheEntry
- func (c *ACLCaches) Purge()
- func (c *ACLCaches) PutAuthorizer(id string, authorizer acl.Authorizer)
- func (c *ACLCaches) PutIdentity(id string, ident ACLIdentity)
- func (c *ACLCaches) PutParsedPolicy(id string, policy *acl.Policy)
- func (c *ACLCaches) PutPolicy(policyId string, policy *ACLPolicy)
- func (c *ACLCaches) PutRole(roleID string, role *ACLRole)
- func (c *ACLCaches) RemoveIdentity(id string)
- func (c *ACLCaches) RemovePolicy(policyID string)
- func (c *ACLCaches) RemoveRole(roleID string)
- type ACLCachesConfig
- type ACLIdentity
- type ACLLoginParams
- type ACLLoginRequest
- type ACLLogoutRequest
- type ACLMode
- type ACLNodeIdentity
- type ACLPolicies
- type ACLPolicy
- type ACLPolicyBatchDeleteRequest
- type ACLPolicyBatchGetRequest
- type ACLPolicyBatchResponse
- type ACLPolicyBatchSetRequest
- type ACLPolicyDeleteRequest
- type ACLPolicyGetRequest
- type ACLPolicyListRequest
- type ACLPolicyListResponse
- type ACLPolicyListStub
- type ACLPolicyListStubs
- type ACLPolicyResponse
- type ACLPolicySetRequest
- type ACLReplicationStatus
- type ACLReplicationType
- type ACLRole
- type ACLRoleBatchDeleteRequest
- type ACLRoleBatchGetRequest
- type ACLRoleBatchResponse
- type ACLRoleBatchSetRequest
- type ACLRoleDeleteRequest
- type ACLRoleGetRequest
- type ACLRoleListRequest
- type ACLRoleListResponse
- type ACLRolePolicyLink
- type ACLRoleResponse
- type ACLRoleSetRequest
- type ACLRoles
- type ACLServiceIdentity
- type ACLToken
- func (t *ACLToken) Clone() *ACLToken
- func (t *ACLToken) EnterpriseMetadata() *acl.EnterpriseMeta
- func (t *ACLToken) EstimateSize() int
- func (t *ACLToken) HasExpirationTime() bool
- func (t *ACLToken) ID() string
- func (t *ACLToken) IsExpired(asOf time.Time) bool
- func (t *ACLToken) IsLocal() bool
- func (t *ACLToken) NodeIdentityList() []*ACLNodeIdentity
- func (t *ACLToken) PolicyIDs() []string
- func (t *ACLToken) RoleIDs() []string
- func (t *ACLToken) SecretToken() string
- func (t *ACLToken) ServiceIdentityList() []*ACLServiceIdentity
- func (t *ACLToken) SetHash(force bool) []byte
- func (token *ACLToken) Stub() *ACLTokenListStub
- func (t *ACLToken) UnmarshalJSON(data []byte) (err error)
- type ACLTokenBatchDeleteRequest
- type ACLTokenBatchGetRequest
- type ACLTokenBatchResponse
- type ACLTokenBatchSetRequest
- type ACLTokenBootstrapRequest
- type ACLTokenDeleteRequest
- type ACLTokenExpanded
- type ACLTokenGetRequest
- type ACLTokenIDType
- type ACLTokenListRequest
- type ACLTokenListResponse
- type ACLTokenListStub
- type ACLTokenListStubs
- type ACLTokenPolicyLink
- type ACLTokenResponse
- type ACLTokenRoleLink
- type ACLTokenSetRequest
- type ACLTokens
- type AWSCAProviderConfig
- type AgentRecoveryTokenIdentity
- func (id *AgentRecoveryTokenIdentity) EnterpriseMetadata() *acl.EnterpriseMeta
- func (id *AgentRecoveryTokenIdentity) ID() string
- func (id *AgentRecoveryTokenIdentity) IsExpired(asOf time.Time) bool
- func (id *AgentRecoveryTokenIdentity) IsLocal() bool
- func (id *AgentRecoveryTokenIdentity) NodeIdentityList() []*ACLNodeIdentity
- func (id *AgentRecoveryTokenIdentity) PolicyIDs() []string
- func (id *AgentRecoveryTokenIdentity) RoleIDs() []string
- func (id *AgentRecoveryTokenIdentity) SecretToken() string
- func (id *AgentRecoveryTokenIdentity) ServiceIdentityList() []*ACLServiceIdentity
- type AuthorizerCacheEntry
- type AutopilotConfig
- type AutopilotHealthReply
- type AutopilotServerHealth
- type AutopilotSetConfigRequest
- type CAConfiguration
- type CAConsulProviderState
- type CALeafOp
- type CALeafRequest
- type CAOp
- type CARequest
- type CARoot
- type CARoots
- type CASignRequest
- type CatalogContents
- type CatalogSummary
- type CheckDefinition
- type CheckID
- type CheckServiceNode
- type CheckServiceNodes
- func (nodes CheckServiceNodes) Filter(onlyPassing bool) CheckServiceNodes
- func (nodes CheckServiceNodes) FilterIgnore(onlyPassing bool, ignoreCheckIDs []types.CheckID) CheckServiceNodes
- func (nodes CheckServiceNodes) ShallowClone() CheckServiceNodes
- func (nodes CheckServiceNodes) Shuffle()
- func (nodes CheckServiceNodes) ToServiceDump() ServiceDump
- type CheckType
- func (c *CheckType) Empty() bool
- func (c *CheckType) IsAlias() bool
- func (c *CheckType) IsDocker() bool
- func (c *CheckType) IsGRPC() bool
- func (c *CheckType) IsH2PING() bool
- func (c *CheckType) IsHTTP() bool
- func (c *CheckType) IsMonitor() bool
- func (c *CheckType) IsScript() bool
- func (c *CheckType) IsTCP() bool
- func (c *CheckType) IsTTL() bool
- func (c *CheckType) Type() string
- func (t *CheckType) UnmarshalJSON(data []byte) (err error)
- func (c *CheckType) Validate() error
- type CheckTypes
- type ChecksInStateRequest
- type CommonCAProviderConfig
- type CompiledDiscoveryChain
- type CompoundResponse
- type ConfigEntry
- type ConfigEntryDeleteResponse
- type ConfigEntryGraphError
- type ConfigEntryListAllRequest
- type ConfigEntryOp
- type ConfigEntryQuery
- type ConfigEntryRequest
- type ConfigEntryResponse
- type ConnectAuthorizeRequest
- type ConnectProxyConfig
- type ConsulCAProviderConfig
- type CookieConfig
- type Coordinate
- type CoordinateUpdateRequest
- type Coordinates
- type DCSpecificRequest
- type DatacenterIndexedCheckServiceNodes
- type DatacenterMap
- type DatacentersRequest
- type DeregisterRequest
- type DirEntries
- type DirEntry
- type DiscoveryChainRequest
- type DiscoveryChainResponse
- type DiscoveryFailover
- type DiscoveryGraphNode
- type DiscoveryResolver
- type DiscoveryRoute
- type DiscoverySplit
- type DiscoveryTarget
- type EventFireRequest
- type EventFireResponse
- type ExpandedTokenInfo
- type ExportedService
- type ExportedServicesConfigEntry
- func (e *ExportedServicesConfigEntry) CanRead(authz acl.Authorizer) error
- func (e *ExportedServicesConfigEntry) CanWrite(authz acl.Authorizer) error
- func (e *ExportedServicesConfigEntry) Clone() *ExportedServicesConfigEntry
- func (e *ExportedServicesConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
- func (e *ExportedServicesConfigEntry) GetKind() string
- func (e *ExportedServicesConfigEntry) GetMeta() map[string]string
- func (e *ExportedServicesConfigEntry) GetName() string
- func (e *ExportedServicesConfigEntry) GetRaftIndex() *RaftIndex
- func (e *ExportedServicesConfigEntry) MarshalJSON() ([]byte, error)
- func (e *ExportedServicesConfigEntry) Normalize() error
- func (e *ExportedServicesConfigEntry) ToMap() map[string]map[string][]string
- func (e *ExportedServicesConfigEntry) Validate() error
- type ExposeConfig
- type ExposePath
- type FederationState
- type FederationStateOp
- type FederationStateQuery
- type FederationStateRequest
- type FederationStateResponse
- type FederationStates
- type GatewayService
- type GatewayServiceTLSConfig
- type GatewayServices
- type GatewayTLSConfig
- type GatewayTLSSDSConfig
- type HTTPHeaderModifiers
- type HashPolicy
- type HealthCheck
- func (c *HealthCheck) CheckType() *CheckType
- func (c *HealthCheck) Clone() *HealthCheck
- func (hc *HealthCheck) CompoundCheckID() CheckID
- func (hc *HealthCheck) CompoundServiceID() ServiceID
- func (c *HealthCheck) IsSame(other *HealthCheck) bool
- func (hc *HealthCheck) NodeIdentity() Identity
- func (_ *HealthCheck) Validate() error
- type HealthCheckDefinition
- type HealthChecks
- type HealthSummary
- type Identity
- type IdentityCacheEntry
- type IndexedCARoots
- type IndexedCheckServiceNodes
- type IndexedConfigEntries
- type IndexedCoordinate
- type IndexedCoordinates
- type IndexedDirEntries
- type IndexedFederationStates
- type IndexedGatewayServices
- type IndexedGenericConfigEntries
- type IndexedHealthChecks
- type IndexedIntentionMatches
- type IndexedIntentions
- type IndexedKeyList
- type IndexedNodeDump
- type IndexedNodeServiceList
- type IndexedNodeServices
- type IndexedNodes
- type IndexedNodesWithGateways
- type IndexedPreparedQueries
- type IndexedServiceDump
- type IndexedServiceList
- type IndexedServiceNodes
- type IndexedServiceTopology
- type IndexedServices
- type IndexedSessions
- type IngressGatewayConfigEntry
- func (e *IngressGatewayConfigEntry) CanRead(authz acl.Authorizer) error
- func (e *IngressGatewayConfigEntry) CanWrite(authz acl.Authorizer) error
- func (e *IngressGatewayConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
- func (e *IngressGatewayConfigEntry) GetKind() string
- func (e *IngressGatewayConfigEntry) GetMeta() map[string]string
- func (e *IngressGatewayConfigEntry) GetName() string
- func (e *IngressGatewayConfigEntry) GetRaftIndex() *RaftIndex
- func (e *IngressGatewayConfigEntry) ListRelatedServices() []ServiceID
- func (e *IngressGatewayConfigEntry) Normalize() error
- func (e *IngressGatewayConfigEntry) Validate() error
- type IngressListener
- type IngressService
- type Intention
- func (ixn *Intention) CanRead(authz acl.Authorizer) bool
- func (ixn *Intention) CanWrite(authz acl.Authorizer) bool
- func (t *Intention) Clone() *Intention
- func (ixn *Intention) DestinationEnterpriseMeta() *acl.EnterpriseMeta
- func (x *Intention) DestinationServiceName() ServiceName
- func (_ *Intention) FillAuthzContext(_ *acl.AuthorizerContext, _ bool)
- func (ixn *Intention) FillPartitionAndNamespace(entMeta *acl.EnterpriseMeta, fillDefault bool)
- func (t *Intention) HasWildcardDestination() bool
- func (t *Intention) HasWildcardSource() bool
- func (x *Intention) LegacyEstimateSize() intdeprecated
- func (t *Intention) MarshalJSON() ([]byte, error)
- func (x *Intention) SetHash()deprecated
- func (ixn *Intention) SourceEnterpriseMeta() *acl.EnterpriseMeta
- func (x *Intention) SourceServiceName() ServiceName
- func (x *Intention) String() string
- func (x *Intention) ToConfigEntry(legacy bool) *ServiceIntentionsConfigEntry
- func (t *Intention) ToExact() *IntentionQueryExact
- func (x *Intention) ToSourceIntention(legacy bool) *SourceIntention
- func (t *Intention) UnmarshalJSON(data []byte) (err error)
- func (x *Intention) UpdatePrecedence()deprecated
- func (x *Intention) Validate() errordeprecated
- type IntentionAction
- type IntentionDecisionSummary
- type IntentionHTTPHeaderPermission
- type IntentionHTTPPermission
- type IntentionListRequest
- type IntentionMatchEntry
- type IntentionMatchType
- type IntentionMutation
- type IntentionOp
- type IntentionPermission
- type IntentionPrecedenceSorter
- type IntentionQueryCheck
- type IntentionQueryCheckResponse
- type IntentionQueryExact
- type IntentionQueryMatch
- type IntentionQueryRequest
- type IntentionRequest
- type IntentionSourceType
- type Intentions
- type IssuedCert
- type KVSRequest
- type KeyListRequest
- type KeyRequest
- type KeyringOp
- type KeyringRequest
- type KeyringResponse
- type KeyringResponses
- type LeastRequestConfig
- type LinkedService
- type LoadBalancer
- type MeshConfigEntry
- func (e *MeshConfigEntry) CanRead(authz acl.Authorizer) error
- func (e *MeshConfigEntry) CanWrite(authz acl.Authorizer) error
- func (e *MeshConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
- func (e *MeshConfigEntry) GetKind() string
- func (e *MeshConfigEntry) GetMeta() map[string]string
- func (e *MeshConfigEntry) GetName() string
- func (e *MeshConfigEntry) GetRaftIndex() *RaftIndex
- func (e *MeshConfigEntry) MarshalJSON() ([]byte, error)
- func (e *MeshConfigEntry) Normalize() error
- func (e *MeshConfigEntry) Validate() error
- type MeshDirectionalTLSConfig
- type MeshGatewayConfig
- type MeshGatewayMode
- type MeshTLSConfig
- type MessageType
- type NetworkSegment
- type Node
- type NodeDump
- type NodeInfo
- type NodeService
- func TestNodeService(t testing.T) *NodeService
- func TestNodeServiceExpose(t testing.T) *NodeService
- func TestNodeServiceIngressGateway(t testing.T, address string) *NodeService
- func TestNodeServiceMeshGateway(t testing.T) *NodeService
- func TestNodeServiceMeshGatewayWithAddrs(t testing.T, address string, port int, lanAddr, wanAddr ServiceAddress) *NodeService
- func TestNodeServiceProxy(t testing.T) *NodeService
- func TestNodeServiceProxyInPartition(t testing.T, partition string) *NodeService
- func TestNodeServiceSidecar(t testing.T) *NodeService
- func TestNodeServiceTerminatingGateway(t testing.T, address string) *NodeService
- func TestNodeServiceWithName(t testing.T, name string) *NodeService
- func (ns *NodeService) BestAddress(wan bool) (string, int)
- func (ns *NodeService) CompoundServiceID() ServiceID
- func (ns *NodeService) CompoundServiceName() ServiceName
- func (s *NodeService) IsGateway() bool
- func (s *NodeService) IsSame(other *NodeService) bool
- func (s *NodeService) IsSidecarProxy() bool
- func (s *NodeService) ToServiceNode(node string) *ServiceNode
- func (s *NodeService) Validate() error
- type NodeServiceList
- type NodeServices
- type NodeSpecificRequest
- type Nodes
- type OpaqueUpstreamConfig
- type OpaqueUpstreamConfigs
- type ParsedPolicyCacheEntry
- type PassiveHealthCheck
- type PolicyCacheEntry
- type PreparedQueries
- type PreparedQuery
- type PreparedQueryExecuteRemoteRequest
- type PreparedQueryExecuteRequest
- type PreparedQueryExecuteResponse
- type PreparedQueryExplainResponse
- type PreparedQueryOp
- type PreparedQueryRequest
- type PreparedQuerySpecificRequest
- type ProxyConfigEntry
- func (e *ProxyConfigEntry) CanRead(authz acl.Authorizer) error
- func (e *ProxyConfigEntry) CanWrite(authz acl.Authorizer) error
- func (e *ProxyConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
- func (e *ProxyConfigEntry) GetKind() string
- func (e *ProxyConfigEntry) GetMeta() map[string]string
- func (e *ProxyConfigEntry) GetName() string
- func (e *ProxyConfigEntry) GetRaftIndex() *RaftIndex
- func (e *ProxyConfigEntry) MarshalBinary() (data []byte, err error)
- func (e *ProxyConfigEntry) Normalize() error
- func (e *ProxyConfigEntry) UnmarshalBinary(data []byte) error
- func (e *ProxyConfigEntry) Validate() error
- type ProxyMode
- type QueryBackend
- type QueryDNSOptions
- type QueryDatacenterOptions
- type QueryMeta
- func (q *QueryMeta) GetBackend() QueryBackend
- func (m *QueryMeta) GetConsistencyLevel() string
- func (m *QueryMeta) GetIndex() uint64
- func (m *QueryMeta) GetKnownLeader() bool
- func (m *QueryMeta) GetLastContact() (time.Duration, error)
- func (q *QueryMeta) GetResultsFilteredByACLs() bool
- func (q *QueryMeta) SetConsistencyLevel(consistencyLevel string)
- func (q *QueryMeta) SetIndex(index uint64)
- func (q *QueryMeta) SetKnownLeader(knownLeader bool)
- func (q *QueryMeta) SetLastContact(lastContact time.Duration)
- func (q *QueryMeta) SetResultsFilteredByACLs(v bool)
- type QueryOptions
- func (q QueryOptions) AllowStaleRead() bool
- func (q QueryOptions) ConsistencyLevel() string
- func (m *QueryOptions) GetAllowStale() bool
- func (m *QueryOptions) GetFilter() string
- func (m *QueryOptions) GetMaxAge() (time.Duration, error)
- func (m *QueryOptions) GetMaxQueryTime() (time.Duration, error)
- func (m *QueryOptions) GetMaxStaleDuration() (time.Duration, error)
- func (m *QueryOptions) GetMinQueryIndex() uint64
- func (m *QueryOptions) GetMustRevalidate() bool
- func (m *QueryOptions) GetRequireConsistent() bool
- func (m *QueryOptions) GetStaleIfError() (time.Duration, error)
- func (m *QueryOptions) GetToken() string
- func (m *QueryOptions) GetUseCache() bool
- func (q QueryOptions) HasTimedOut(start time.Time, rpcHoldTimeout, maxQueryTime, defaultQueryTime time.Duration) (bool, error)
- func (q QueryOptions) IsRead() bool
- func (q *QueryOptions) SetAllowStale(allowStale bool)
- func (q *QueryOptions) SetFilter(filter string)
- func (q *QueryOptions) SetMaxAge(maxAge time.Duration)
- func (q *QueryOptions) SetMaxQueryTime(maxQueryTime time.Duration)
- func (q *QueryOptions) SetMaxStaleDuration(maxStaleDuration time.Duration)
- func (q *QueryOptions) SetMinQueryIndex(minQueryIndex uint64)
- func (q *QueryOptions) SetMustRevalidate(mustRevalidate bool)
- func (q *QueryOptions) SetRequireConsistent(requireConsistent bool)
- func (q *QueryOptions) SetStaleIfError(staleIfError time.Duration)
- func (q *QueryOptions) SetToken(token string)
- func (q *QueryOptions) SetTokenSecret(s string)
- func (q *QueryOptions) SetUseCache(useCache bool)
- func (q QueryOptions) TokenSecret() string
- type QuerySource
- type QueryTemplateOptions
- type RPCInfo
- type RaftConfigurationResponse
- type RaftIndex
- type RaftRemovePeerRequest
- type RaftServer
- type RaftStats
- type RegisterRequest
- type RemoteACLAuthorizationRequest
- type RingHashConfig
- type RoleCacheEntry
- type ServiceAddress
- type ServiceCheck
- type ServiceConfigEntry
- func (e *ServiceConfigEntry) CanRead(authz acl.Authorizer) error
- func (e *ServiceConfigEntry) CanWrite(authz acl.Authorizer) error
- func (e *ServiceConfigEntry) Clone() *ServiceConfigEntry
- func (e *ServiceConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
- func (e *ServiceConfigEntry) GetKind() string
- func (e *ServiceConfigEntry) GetMeta() map[string]string
- func (e *ServiceConfigEntry) GetName() string
- func (e *ServiceConfigEntry) GetRaftIndex() *RaftIndex
- func (e *ServiceConfigEntry) Normalize() error
- func (e *ServiceConfigEntry) Validate() error
- type ServiceConfigRequest
- type ServiceConfigResponse
- type ServiceConnect
- type ServiceConsumer
- type ServiceDefinition
- type ServiceDump
- type ServiceDumpRequest
- type ServiceID
- type ServiceInfo
- type ServiceIntentionsConfigEntry
- func (e *ServiceIntentionsConfigEntry) CanRead(authz acl.Authorizer) error
- func (e *ServiceIntentionsConfigEntry) CanWrite(authz acl.Authorizer) error
- func (e *ServiceIntentionsConfigEntry) Clone() *ServiceIntentionsConfigEntry
- func (e *ServiceIntentionsConfigEntry) DeleteSourceByLegacyID(legacyID string) bool
- func (e *ServiceIntentionsConfigEntry) DeleteSourceByName(sn ServiceName) bool
- func (e *ServiceIntentionsConfigEntry) DestinationServiceName() ServiceName
- func (e *ServiceIntentionsConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
- func (e *ServiceIntentionsConfigEntry) GetKind() string
- func (e *ServiceIntentionsConfigEntry) GetMeta() map[string]string
- func (e *ServiceIntentionsConfigEntry) GetName() string
- func (e *ServiceIntentionsConfigEntry) GetRaftIndex() *RaftIndex
- func (e *ServiceIntentionsConfigEntry) HasAnyPermissions() bool
- func (e *ServiceIntentionsConfigEntry) HasWildcardDestination() bool
- func (e *ServiceIntentionsConfigEntry) LegacyIDFieldsAreAllEmpty() bool
- func (e *ServiceIntentionsConfigEntry) LegacyIDFieldsAreAllSet() bool
- func (e *ServiceIntentionsConfigEntry) LegacyNormalize() error
- func (e *ServiceIntentionsConfigEntry) LegacyValidate() error
- func (e *ServiceIntentionsConfigEntry) Normalize() error
- func (e *ServiceIntentionsConfigEntry) ToIntention(src *SourceIntention) *Intention
- func (e *ServiceIntentionsConfigEntry) ToIntentions() Intentions
- func (e *ServiceIntentionsConfigEntry) UpdateOver(rawPrev ConfigEntry) error
- func (e *ServiceIntentionsConfigEntry) UpdateSourceByLegacyID(legacyID string, update *SourceIntention) bool
- func (e *ServiceIntentionsConfigEntry) UpsertSourceByName(sn ServiceName, upsert *SourceIntention)
- func (e *ServiceIntentionsConfigEntry) Validate() error
- type ServiceKind
- type ServiceList
- type ServiceName
- type ServiceNode
- func (sn *ServiceNode) CompoundServiceID() ServiceID
- func (sn *ServiceNode) CompoundServiceName() ServiceName
- func (s *ServiceNode) IsSameService(other *ServiceNode) bool
- func (s *ServiceNode) NodeIdentity() Identity
- func (s *ServiceNode) PartialClone() *ServiceNode
- func (s *ServiceNode) ToNodeService() *NodeService
- type ServiceNodes
- type ServiceQuery
- type ServiceResolverConfigEntry
- func (e *ServiceResolverConfigEntry) CanRead(authz acl.Authorizer) error
- func (e *ServiceResolverConfigEntry) CanWrite(authz acl.Authorizer) error
- func (e *ServiceResolverConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
- func (e *ServiceResolverConfigEntry) GetKind() string
- func (e *ServiceResolverConfigEntry) GetMeta() map[string]string
- func (e *ServiceResolverConfigEntry) GetName() string
- func (e *ServiceResolverConfigEntry) GetRaftIndex() *RaftIndex
- func (e *ServiceResolverConfigEntry) IsDefault() bool
- func (e *ServiceResolverConfigEntry) ListRelatedServices() []ServiceID
- func (e *ServiceResolverConfigEntry) MarshalJSON() ([]byte, error)
- func (e *ServiceResolverConfigEntry) Normalize() error
- func (e *ServiceResolverConfigEntry) SubsetExists(name string) bool
- func (e *ServiceResolverConfigEntry) UnmarshalJSON(data []byte) error
- func (e *ServiceResolverConfigEntry) Validate() error
- type ServiceResolverFailover
- type ServiceResolverRedirect
- type ServiceResolverSubset
- type ServiceRoute
- type ServiceRouteDestination
- type ServiceRouteHTTPMatch
- type ServiceRouteHTTPMatchHeader
- type ServiceRouteHTTPMatchQueryParam
- type ServiceRouteMatch
- type ServiceRouterConfigEntry
- func (e *ServiceRouterConfigEntry) CanRead(authz acl.Authorizer) error
- func (e *ServiceRouterConfigEntry) CanWrite(authz acl.Authorizer) error
- func (e *ServiceRouterConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
- func (e *ServiceRouterConfigEntry) GetKind() string
- func (e *ServiceRouterConfigEntry) GetMeta() map[string]string
- func (e *ServiceRouterConfigEntry) GetName() string
- func (e *ServiceRouterConfigEntry) GetRaftIndex() *RaftIndex
- func (e *ServiceRouterConfigEntry) ListRelatedServices() []ServiceID
- func (e *ServiceRouterConfigEntry) Normalize() error
- func (e *ServiceRouterConfigEntry) Validate() error
- type ServiceSpecificRequest
- type ServiceSplit
- type ServiceSplitterConfigEntry
- func (e *ServiceSplitterConfigEntry) CanRead(authz acl.Authorizer) error
- func (e *ServiceSplitterConfigEntry) CanWrite(authz acl.Authorizer) error
- func (e *ServiceSplitterConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
- func (e *ServiceSplitterConfigEntry) GetKind() string
- func (e *ServiceSplitterConfigEntry) GetMeta() map[string]string
- func (e *ServiceSplitterConfigEntry) GetName() string
- func (e *ServiceSplitterConfigEntry) GetRaftIndex() *RaftIndex
- func (e *ServiceSplitterConfigEntry) ListRelatedServices() []ServiceID
- func (e *ServiceSplitterConfigEntry) Normalize() error
- func (e *ServiceSplitterConfigEntry) Validate() error
- type ServiceTopology
- type Services
- type Session
- type SessionBehavior
- type SessionOp
- type SessionRequest
- type SessionSpecificRequest
- type Sessions
- type SignedResponse
- type SnapshotOp
- type SnapshotReplyFn
- type SnapshotRequest
- type SnapshotResponse
- type SourceIntention
- type SystemMetadataEntry
- type SystemMetadataOp
- type SystemMetadataRequest
- type TerminatingGatewayConfigEntry
- func (e *TerminatingGatewayConfigEntry) CanRead(authz acl.Authorizer) error
- func (e *TerminatingGatewayConfigEntry) CanWrite(authz acl.Authorizer) error
- func (e *TerminatingGatewayConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
- func (e *TerminatingGatewayConfigEntry) GetKind() string
- func (e *TerminatingGatewayConfigEntry) GetMeta() map[string]string
- func (e *TerminatingGatewayConfigEntry) GetName() string
- func (e *TerminatingGatewayConfigEntry) GetRaftIndex() *RaftIndex
- func (e *TerminatingGatewayConfigEntry) Normalize() error
- func (e *TerminatingGatewayConfigEntry) Validate() error
- func (e *TerminatingGatewayConfigEntry) Warnings() []string
- type TombstoneOp
- type TombstoneRequest
- type TransparentProxyConfig
- type TransparentProxyMeshConfig
- type TxnCheckOp
- type TxnCheckResult
- type TxnError
- type TxnErrors
- type TxnIntentionOpdeprecated
- type TxnKVOp
- type TxnKVResult
- type TxnNodeOp
- type TxnNodeResult
- type TxnOp
- type TxnOps
- type TxnReadRequest
- type TxnReadResponse
- type TxnRequest
- type TxnResponse
- type TxnResult
- type TxnResults
- type TxnServiceOp
- type TxnServiceResult
- type TxnSessionOp
- type UpdatableConfigEntry
- type Upstream
- func (us *Upstream) DestinationID() ServiceID
- func (us *Upstream) GetEnterpriseMeta() *acl.EnterpriseMeta
- func (u *Upstream) HasLocalPortOrSocket() bool
- func (us *Upstream) String() string
- func (u *Upstream) ToAPI() api.Upstream
- func (u *Upstream) ToKey() UpstreamKey
- func (t *Upstream) UnmarshalJSON(data []byte) (err error)
- func (u *Upstream) UpstreamAddressToString() string
- func (u *Upstream) UpstreamIsUnixSocket() bool
- func (u *Upstream) Validate() error
- type UpstreamConfig
- func (cfg UpstreamConfig) Clone() UpstreamConfig
- func (cfg UpstreamConfig) MergeInto(dst map[string]interface{})
- func (cfg *UpstreamConfig) NormalizeWithName(entMeta *acl.EnterpriseMeta) error
- func (cfg *UpstreamConfig) NormalizeWithoutName() error
- func (cfg *UpstreamConfig) ServiceID() ServiceID
- func (cfg *UpstreamConfig) ServiceName() ServiceName
- func (cfg UpstreamConfig) ValidateWithName() error
- func (cfg UpstreamConfig) ValidateWithoutName() error
- type UpstreamConfiguration
- type UpstreamKey
- type UpstreamLimits
- type Upstreams
- type VaultAuthMethod
- type VaultCAProviderConfig
- type WarningConfigEntry
- type Weights
- type WriteRequest
Constants ¶
const ( // This policy gives unlimited access to everything. Users // may rename if desired but cannot delete or modify the rules. ACLPolicyGlobalManagementID = "00000000-0000-0000-0000-000000000001" ACLPolicyGlobalManagement = ` acl = "write" agent_prefix "" { policy = "write" } event_prefix "" { policy = "write" } key_prefix "" { policy = "write" } keyring = "write" node_prefix "" { policy = "write" } operator = "write" mesh = "write" query_prefix "" { policy = "write" } service_prefix "" { policy = "write" intentions = "write" } session_prefix "" { policy = "write" }` + EnterpriseACLPolicyGlobalManagement // This is the policy ID for anonymous access. This is configurable by the // user. ACLTokenAnonymousID = "00000000-0000-0000-0000-000000000002" ACLReservedPrefix = "00000000-0000-0000-0000-0000000000" )
const ( // BindingRuleBindTypeService is the binding rule bind type that // assigns a Service Identity to the token that is created using the value // of the computed BindName as the ServiceName like: // // &ACLToken{ // ...other fields... // ServiceIdentities: []*ACLServiceIdentity{ // &ACLServiceIdentity{ // ServiceName: "<computed BindName>", // }, // }, // } BindingRuleBindTypeService = "service" // BindingRuleBindTypeRole is the binding rule bind type that only allows // the binding rule to function if a role with the given name (BindName) // exists at login-time. If it does the token that is created is directly // linked to that role like: // // &ACLToken{ // ...other fields... // Roles: []ACLTokenRoleLink{ // { Name: "<computed BindName>" } // } // } // // If it does not exist at login-time the rule is ignored. BindingRuleBindTypeRole = "role" // BindingRuleBindTypeNode is the binding rule bind type that assigns // a Node Identity to the token that is created using the value of // the computed BindName as the NodeName like: // // &ACLToken{ // ...other fields... // NodeIdentities: []*ACLNodeIdentity{ // &ACLNodeIdentity{ // NodeName: "<computed BindName>", // Datacenter: "<local datacenter of the binding rule>" // } // } // } BindingRuleBindTypeNode = "node" )
const ( SerfCheckID types.CheckID = "serfHealth" SerfCheckName = "Serf Health Status" SerfCheckAliveOutput = "Agent alive and reachable" SerfCheckFailedOutput = "Agent not live or unreachable" )
These are used to manage the built-in "serfHealth" check that's attached to every node in the catalog.
const ( // These are used to manage the "consul" service that's attached to every // Consul server node in the catalog. ConsulServiceID = "consul" ConsulServiceName = "consul" )
const ( ServiceDefaults string = "service-defaults" ProxyDefaults string = "proxy-defaults" ServiceRouter string = "service-router" ServiceSplitter string = "service-splitter" ServiceResolver string = "service-resolver" IngressGateway string = "ingress-gateway" TerminatingGateway string = "terminating-gateway" ServiceIntentions string = "service-intentions" MeshConfig string = "mesh" ExportedServices string = "exported-services" ProxyConfigGlobal string = "global" MeshConfigMesh string = "mesh" DefaultServiceProtocol = "tcp" )
const ( // Names of Envoy's LB policies LBPolicyMaglev = "maglev" LBPolicyRingHash = "ring_hash" LBPolicyRandom = "random" LBPolicyLeastRequest = "least_request" LBPolicyRoundRobin = "round_robin" // Names of Envoy's LB policies HashPolicyCookie = "cookie" HashPolicyHeader = "header" HashPolicyQueryParam = "query_parameter" )
const ( DefaultLeafCertTTL = "72h" DefaultIntermediateCertTTL = "8760h" // ~ 1 year = 365 * 24h DefaultRootCertTTL = "87600h" // ~ 10 years = 365 * 24h * 10 )
const ( ConsulCAProvider = "consul" VaultCAProvider = "vault" AWSCAProvider = "aws-pca" )
const ( // TODO (freddy) Should we have a TopologySourceMixed when there is a mix of proxy reg and tproxy? // Currently we label as proxy-registration if ANY instance has the explicit upstream definition. // TopologySourceRegistration is used to label upstreams or downstreams from explicit upstream definitions. TopologySourceRegistration = "proxy-registration" // TopologySourceSpecificIntention is used to label upstreams or downstreams from specific intentions. TopologySourceSpecificIntention = "specific-intention" // TopologySourceWildcardIntention is used to label upstreams or downstreams from wildcard intentions. TopologySourceWildcardIntention = "wildcard-intention" // TopologySourceDefaultAllow is used to label upstreams or downstreams from default allow ACL policy. TopologySourceDefaultAllow = "default-allow" // TopologySourceRoutingConfig is used to label upstreams that are not backed by a service instance // and are simply used for routing configurations. TopologySourceRoutingConfig = "routing-config" )
const ( UpstreamDestTypeService = "service" UpstreamDestTypePreparedQuery = "prepared_query" )
const ( DiscoveryGraphNodeTypeRouter = "router" DiscoveryGraphNodeTypeSplitter = "splitter" DiscoveryGraphNodeTypeResolver = "resolver" )
const ( IntentionDataOriginLegacy = "legacy" IntentionDataOriginConfigEntries = "config" )
const ( RegisterRequestType MessageType = 0 DeregisterRequestType = 1 KVSRequestType = 2 SessionRequestType = 3 DeprecatedACLRequestType = 4 // Removed with the legacy ACL system TombstoneRequestType = 5 CoordinateBatchUpdateType = 6 PreparedQueryRequestType = 7 TxnRequestType = 8 AutopilotRequestType = 9 AreaRequestType = 10 ACLBootstrapRequestType = 11 IntentionRequestType = 12 ConnectCARequestType = 13 ConnectCAProviderStateType = 14 ConnectCAConfigType = 15 // FSM snapshots only. IndexRequestType = 16 // FSM snapshots only. ACLTokenSetRequestType = 17 ACLTokenDeleteRequestType = 18 ACLPolicySetRequestType = 19 ACLPolicyDeleteRequestType = 20 ConnectCALeafRequestType = 21 ConfigEntryRequestType = 22 ACLRoleSetRequestType = 23 ACLRoleDeleteRequestType = 24 ACLBindingRuleSetRequestType = 25 ACLBindingRuleDeleteRequestType = 26 ACLAuthMethodSetRequestType = 27 ACLAuthMethodDeleteRequestType = 28 ChunkingStateType = 29 FederationStateRequestType = 30 SystemMetadataRequestType = 31 ServiceVirtualIPRequestType = 32 FreeVirtualIPRequestType = 33 KindServiceNamesType = 34 )
These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.
const ( // IgnoreUnknownTypeFlag is set along with a MessageType // to indicate that the message type can be safely ignored // if it is not recognized. This is for future proofing, so // that new commands can be added in a way that won't cause // old servers to crash when the FSM attempts to process them. IgnoreUnknownTypeFlag MessageType = 128 // NodeMaint is the special key set by a node in maintenance mode. NodeMaint = "_node_maintenance" // ServiceMaintPrefix is the prefix for a service in maintenance mode. ServiceMaintPrefix = "_service_maintenance:" // The meta key prefix reserved for Consul's internal use MetaKeyReservedPrefix = "consul-" // MetaSegmentKey is the node metadata key used to store the node's network segment MetaSegmentKey = "consul-network-segment" // MetaWANFederationKey is the mesh gateway metadata key that indicates a // mesh gateway is usable for wan federation. MetaWANFederationKey = "consul-wan-federation" // MetaExternalSource is the metadata key used when a resource is managed by a source outside Consul like nomad/k8s MetaExternalSource = "external-source" // TaggedAddressVirtualIP is the key used to store tagged virtual IPs generated by Consul. TaggedAddressVirtualIP = "consul-virtual" // MaxLockDelay provides a maximum LockDelay value for // a session. Any value above this will not be respected. MaxLockDelay = 60 * time.Second // JitterFraction is a the limit to the amount of jitter we apply // to a user specified MaxQueryTime. We divide the specified time by // the fraction. So 16 == 6.25% limit of jitter. This same fraction // is applied to the RPCHoldTimeout JitterFraction = 16 // WildcardSpecifier is the string which should be used for specifying a wildcard // The exact semantics of the wildcard is left up to the code where its used. WildcardSpecifier = "*" )
const ( TaggedAddressWAN = "wan" TaggedAddressWANIPv4 = "wan_ipv4" TaggedAddressWANIPv6 = "wan_ipv6" TaggedAddressLAN = "lan" TaggedAddressLANIPv4 = "lan_ipv4" TaggedAddressLANIPv6 = "lan_ipv6" )
const ( SessionTTLMax = 24 * time.Hour SessionTTLMultiplier = 2 )
const ( KeyringList KeyringOp = "list" KeyringInstall = "install" KeyringUse = "use" KeyringRemove = "remove" )
const ( SystemMetadataIntentionFormatKey = "intention-format" SystemMetadataIntentionFormatConfigValue = "config-entry" SystemMetadataIntentionFormatLegacyValue = "legacy" SystemMetadataVirtualIPsEnabled = "virtual-ips" SystemMetadataTermGatewayVirtualIPsEnabled = "virtual-ips-term-gateway" )
const (
EnterpriseACLPolicyGlobalManagement = ""
)
const ( // IntentionDefaultNamespace is the default namespace value. // NOTE(mitchellh): This is only meant to be a temporary constant. // When namespaces are introduced, we should delete this constant and // fix up all the places where this was used with the proper namespace // value. IntentionDefaultNamespace = "default" )
const ( // QueryTemplateTypeNamePrefixMatch uses the Name field of the query as // a prefix to select the template. QueryTemplateTypeNamePrefixMatch = "name_prefix_match" )
Variables ¶
var ( ErrNoLeader = errors.New(errNoLeader) ErrNoDCPath = errors.New(errNoDCPath) ErrNoServers = errors.New(errNoServers) ErrNotReadyForConsistentReads = errors.New(errNotReadyForConsistentReads) ErrSegmentsNotSupported = errors.New(errSegmentsNotSupported) ErrRPCRateExceeded = errors.New(errRPCRateExceeded) ErrDCNotAvailable = errors.New(errDCNotAvailable) ErrQueryNotFound = errors.New(errQueryNotFound) ErrLeaderNotTracked = errors.New(errLeaderNotTracked) )
var ACLBootstrapInvalidResetIndexErr = errors.New("Invalid ACL bootstrap reset index")
ACLBootstrapInvalidResetIndexErr is returned when bootstrap is requested with a non-zero reset index but the index doesn't match the bootstrap index
var ACLBootstrapNotAllowedErr = errors.New("ACL bootstrap no longer allowed")
ACLBootstrapNotAllowedErr is returned once we know that a bootstrap can no longer be done since the cluster was bootstrapped
var AllConfigEntryKinds = []string{ ServiceDefaults, ProxyDefaults, ServiceRouter, ServiceSplitter, ServiceResolver, IngressGateway, TerminatingGateway, ServiceIntentions, MeshConfig, ExportedServices, }
var IntermediateCertRenewInterval = time.Hour
intermediateCertRenewInterval is the interval at which the expiration of the intermediate cert is checked and renewed if necessary.
var MaxLeafCertTTL = 365 * 24 * time.Hour
var MinLeafCertTTL = time.Hour
var MsgpackHandle = &codec.MsgpackHandle{ RawToString: true, BasicHandle: codec.BasicHandle{ DecodeOptions: codec.DecodeOptions{ MapType: reflect.TypeOf(map[string]interface{}{}), }, }, }
MsgpackHandle is a shared handle for encoding/decoding msgpack payloads
var (
NodeMaintCheckID = NewCheckID(NodeMaint, nil)
)
var TestingOldPre1dot7MsgpackHandle = &codec.MsgpackHandle{}
TestingOldPre1dot7MsgpackHandle is the common configuration pre-1.7.0
Functions ¶
func ACLIDReserved ¶ added in v1.4.0
func DefaultEnterpriseMetaInDefaultPartition ¶ added in v1.11.0
func DefaultEnterpriseMetaInDefaultPartition() *acl.EnterpriseMeta
TODO(partition): stop using this
func DefaultEnterpriseMetaInPartition ¶ added in v1.11.0
func DefaultEnterpriseMetaInPartition(_ string) *acl.EnterpriseMeta
DefaultEnterpriseMetaInPartition stub
func DurationFromProto ¶ added in v1.12.0
func Encode ¶
func Encode(t MessageType, msg interface{}) ([]byte, error)
Encode is used to encode a MsgPack object with type prefix
func EncodeProto ¶ added in v1.7.0
func EncodeProto(t MessageType, pb proto.Message) ([]byte, error)
func EncodeProtoInterface ¶ added in v1.7.0
func EncodeProtoInterface(t MessageType, message interface{}) ([]byte, error)
func IsConsulServiceID ¶ added in v1.10.5
func IsErrNoDCPath ¶ added in v1.8.1
func IsErrNoLeader ¶ added in v1.0.0
func IsErrQueryNotFound ¶ added in v1.8.1
func IsErrRPCRateExceeded ¶ added in v0.9.3
func IsErrServiceNotFound ¶ added in v1.4.1
func IsProtocolHTTPLike ¶ added in v1.9.0
func IsSerfCheckID ¶ added in v1.10.5
func IsValidPartitionAndDatacenter ¶ added in v1.11.0
func IsValidPartitionAndDatacenter(meta acl.EnterpriseMeta, datacenters []string, primaryDatacenter string) bool
func IsZeroProtoTime ¶ added in v1.12.0
IsZeroProtoTime returns true if the time is the minimum protobuf timestamp (the Unix epoch).
func NewEnterpriseMetaInDefaultPartition ¶ added in v1.11.0
func NewEnterpriseMetaInDefaultPartition(_ string) acl.EnterpriseMeta
TODO(partition): stop using this
func NewEnterpriseMetaWithPartition ¶ added in v1.11.0
func NewEnterpriseMetaWithPartition(_, _ string) acl.EnterpriseMeta
func NodeEnterpriseMetaInDefaultPartition ¶ added in v1.11.0
func NodeEnterpriseMetaInDefaultPartition() *acl.EnterpriseMeta
TODO(partition): stop using this
func NodeEnterpriseMetaInPartition ¶ added in v1.11.0
func NodeEnterpriseMetaInPartition(_ string) *acl.EnterpriseMeta
func NodeNameString ¶ added in v1.11.0
func NodeNameString(node string, _ *acl.EnterpriseMeta) string
func NormalizeServiceSplitWeight ¶ added in v1.6.0
func ParseDurationFunc ¶ added in v1.2.3
func ParseDurationFunc() mapstructure.DecodeHookFunc
ParseDurationFunc is a mapstructure hook for decoding a string or []uint8 into a time.Duration value.
func ParseServiceIDString ¶ added in v1.7.0
func ParseServiceIDString(input string) (string, *acl.EnterpriseMeta)
func ParseServiceNameString ¶ added in v1.8.0
func ParseServiceNameString(input string) (string, *acl.EnterpriseMeta)
func ReplicationEnterpriseMeta ¶ added in v1.7.0
func ReplicationEnterpriseMeta() *acl.EnterpriseMeta
ReplicationEnterpriseMeta stub
func SanitizeLegacyACLToken ¶ added in v1.4.0
func SanitizeLegacyACLToken(token *ACLToken)
SanitizeLegacyACLToken does nothing in the OSS builds. It does not mutate the input argument at all.
In enterprise builds this hook is necessary to support fixing old multiline HCL strings in legacy token Sentinel policies into heredocs. If the token was updated and previously had a Hash set, this will also update it.
DEPRECATED (ACL-Legacy-Compat)
func SanitizeLegacyACLTokenRules ¶ added in v1.4.0
SanitizeLegacyACLTokenRules does nothing in the OSS builds. It always returns an empty string.
In enterprise builds this hook is necessary to support fixing any old multiline HCL strings in legacy token Sentinel policies into heredocs.
DEPRECATED (ACL-Legacy-Compat)
func SatisfiesMetaFilters ¶
SatisfiesMetaFilters returns true if the metadata map contains the given filters
func ServiceGatewayVirtualIPTag ¶ added in v1.11.2
func ServiceGatewayVirtualIPTag(sn ServiceName) string
func ServiceIDString ¶ added in v1.7.0
func ServiceIDString(id string, _ *acl.EnterpriseMeta) string
func TestMsgpackEncodeDecode ¶ added in v1.7.0
TestMsgpackEncodeDecode is a test helper to easily write a test to verify msgpack encoding and decoding using two handles is identical.
func Uint8ToString ¶ added in v1.2.3
func UniqueID ¶ added in v1.9.0
UniqueID is a unique identifier for a service instance within a datacenter by encoding: node/namespace/service_id
Note: We do not have strict character restrictions in all node names, so this should NOT be split on / to retrieve components.
func ValidStatus ¶
func ValidateNodeMetadata ¶ added in v1.8.0
ValidateNodeMetadata validates a set of key/value pairs from the agent config for use on a Node.
func ValidateServiceMetadata ¶ added in v1.8.0
func ValidateServiceMetadata(kind ServiceKind, meta map[string]string, allowConsulPrefix bool) error
ValidateServiceMetadata validates a set of key/value pairs from the agent config for use on a Service. ValidateMeta validates a set of key/value pairs from the agent config
func ValidateWeights ¶ added in v1.2.3
ValidateWeights checks the definition of DNS weight is valid
func WildcardEnterpriseMetaInDefaultPartition ¶ added in v1.11.0
func WildcardEnterpriseMetaInDefaultPartition() *acl.EnterpriseMeta
TODO(partition): stop using this
func WildcardEnterpriseMetaInPartition ¶ added in v1.11.0
func WildcardEnterpriseMetaInPartition(_ string) *acl.EnterpriseMeta
WildcardEnterpriseMetaInPartition stub
Types ¶
type ACLAuthMethod ¶ added in v1.5.0
type ACLAuthMethod struct { // Name is a unique identifier for this specific auth method. // // Immutable once set and only settable during create. Name string // Type is the type of the auth method this is. // // Immutable once set and only settable during create. Type string // DisplayName is an optional name to use instead of the Name field when // displaying information about this auth method in any kind of user // interface. DisplayName string `json:",omitempty"` // Description is just an optional bunch of explanatory text. Description string `json:",omitempty"` // MaxTokenTTL this is the maximum life of a token created by this method. MaxTokenTTL time.Duration `json:",omitempty"` // TokenLocality defines the kind of token that this auth method produces. // This can be either 'local' or 'global'. If empty 'local' is assumed. TokenLocality string `json:",omitempty"` // Configuration is arbitrary configuration for the auth method. This // should only contain primitive values and containers (such as lists and // maps). Config map[string]interface{} // Embedded Enterprise ACL Meta acl.EnterpriseMeta `mapstructure:",squash"` ACLAuthMethodEnterpriseFields `mapstructure:",squash"` // Embedded Raft Metadata RaftIndex `hash:"ignore"` }
func (*ACLAuthMethod) MarshalJSON ¶ added in v1.8.0
func (m *ACLAuthMethod) MarshalJSON() ([]byte, error)
func (*ACLAuthMethod) Stub ¶ added in v1.5.0
func (p *ACLAuthMethod) Stub() *ACLAuthMethodListStub
func (*ACLAuthMethod) UnmarshalJSON ¶ added in v1.8.0
func (m *ACLAuthMethod) UnmarshalJSON(data []byte) (err error)
type ACLAuthMethodBatchDeleteRequest ¶ added in v1.5.0
type ACLAuthMethodBatchDeleteRequest struct { AuthMethodNames []string // While it may seem odd that AuthMethodNames is associated with a single // EnterpriseMeta, it is okay as this struct is only ever used to // delete a single entry. This is because AuthMethods unlike tokens, policies // and roles are not replicated between datacenters and therefore never // batch applied. acl.EnterpriseMeta }
ACLAuthMethodBatchDeleteRequest is used at the Raft layer for batching multiple auth method deletions
type ACLAuthMethodBatchSetRequest ¶ added in v1.5.0
type ACLAuthMethodBatchSetRequest struct {
AuthMethods ACLAuthMethods
}
ACLAuthMethodBatchSetRequest is used at the Raft layer for batching multiple auth method creations and updates
type ACLAuthMethodDeleteRequest ¶ added in v1.5.0
type ACLAuthMethodDeleteRequest struct { AuthMethodName string // name of the auth method to delete Datacenter string // The datacenter to perform the request within acl.EnterpriseMeta WriteRequest }
ACLAuthMethodDeleteRequest is used at the RPC layer deletion requests
func (*ACLAuthMethodDeleteRequest) RequestDatacenter ¶ added in v1.5.0
func (r *ACLAuthMethodDeleteRequest) RequestDatacenter() string
type ACLAuthMethodEnterpriseFields ¶ added in v1.8.0
type ACLAuthMethodEnterpriseFields struct{}
type ACLAuthMethodEnterpriseMeta ¶ added in v1.7.0
type ACLAuthMethodEnterpriseMeta struct{}
func (*ACLAuthMethodEnterpriseMeta) FillWithEnterpriseMeta ¶ added in v1.7.0
func (_ *ACLAuthMethodEnterpriseMeta) FillWithEnterpriseMeta(_ *acl.EnterpriseMeta)
func (*ACLAuthMethodEnterpriseMeta) ToEnterpriseMeta ¶ added in v1.7.0
func (_ *ACLAuthMethodEnterpriseMeta) ToEnterpriseMeta() *acl.EnterpriseMeta
type ACLAuthMethodGetRequest ¶ added in v1.5.0
type ACLAuthMethodGetRequest struct { AuthMethodName string // name used for the auth method lookup Datacenter string // The datacenter to perform the request within acl.EnterpriseMeta QueryOptions }
ACLAuthMethodGetRequest is used at the RPC layer to perform rule read operations
func (*ACLAuthMethodGetRequest) RequestDatacenter ¶ added in v1.5.0
func (r *ACLAuthMethodGetRequest) RequestDatacenter() string
type ACLAuthMethodListRequest ¶ added in v1.5.0
type ACLAuthMethodListRequest struct { Datacenter string // The datacenter to perform the request within acl.EnterpriseMeta QueryOptions }
ACLAuthMethodListRequest is used at the RPC layer to request a listing of auth methods
func (*ACLAuthMethodListRequest) RequestDatacenter ¶ added in v1.5.0
func (r *ACLAuthMethodListRequest) RequestDatacenter() string
type ACLAuthMethodListResponse ¶ added in v1.5.0
type ACLAuthMethodListResponse struct { AuthMethods ACLAuthMethodListStubs QueryMeta }
type ACLAuthMethodListStub ¶ added in v1.5.0
type ACLAuthMethodListStub struct { Name string Type string DisplayName string `json:",omitempty"` Description string `json:",omitempty"` MaxTokenTTL time.Duration `json:",omitempty"` TokenLocality string `json:",omitempty"` CreateIndex uint64 ModifyIndex uint64 acl.EnterpriseMeta }
Note: this is a subset of ACLAuthMethod's fields
func (*ACLAuthMethodListStub) MarshalJSON ¶ added in v1.10.0
func (m *ACLAuthMethodListStub) MarshalJSON() ([]byte, error)
This is nearly identical to the ACLAuthMethod MarshalJSON Unmarshaling is not implemented because the API is read only
type ACLAuthMethodListStubs ¶ added in v1.5.0
type ACLAuthMethodListStubs []*ACLAuthMethodListStub
func (ACLAuthMethodListStubs) Sort ¶ added in v1.5.0
func (methods ACLAuthMethodListStubs) Sort()
type ACLAuthMethodResponse ¶ added in v1.5.0
type ACLAuthMethodResponse struct { AuthMethod *ACLAuthMethod QueryMeta }
ACLAuthMethodResponse returns a single auth method + metadata
type ACLAuthMethodSetRequest ¶ added in v1.5.0
type ACLAuthMethodSetRequest struct { AuthMethod ACLAuthMethod // The auth method to upsert Datacenter string // The datacenter to perform the request within WriteRequest }
ACLAuthMethodSetRequest is used at the RPC layer for creation and update requests
func (*ACLAuthMethodSetRequest) RequestDatacenter ¶ added in v1.5.0
func (r *ACLAuthMethodSetRequest) RequestDatacenter() string
type ACLAuthMethods ¶ added in v1.5.0
type ACLAuthMethods []*ACLAuthMethod
func (ACLAuthMethods) Sort ¶ added in v1.5.0
func (methods ACLAuthMethods) Sort()
type ACLAuthorizationRequest ¶ added in v1.7.0
type ACLAuthorizationResponse ¶ added in v1.7.0
type ACLAuthorizationResponse struct { ACLAuthorizationRequest Allow bool }
func CreateACLAuthorizationResponses ¶ added in v1.7.0
func CreateACLAuthorizationResponses(authz acl.Authorizer, requests []ACLAuthorizationRequest) ([]ACLAuthorizationResponse, error)
type ACLBindingRule ¶ added in v1.5.0
type ACLBindingRule struct { // ID is the internal UUID associated with the binding rule ID string // Description is a human readable description (Optional) Description string // AuthMethod is the name of the auth method for which this rule applies. AuthMethod string // Selector is an expression that matches against verified identity // attributes returned from the auth method during login. Selector string // BindType adjusts how this binding rule is applied at login time. The // valid values are: // // - BindingRuleBindTypeService = "service" // - BindingRuleBindTypeRole = "role" BindType string // BindName is the target of the binding. Can be lightly templated using // HIL ${foo} syntax from available field names. How it is used depends // upon the BindType. BindName string // Embedded Enterprise ACL metadata acl.EnterpriseMeta `mapstructure:",squash"` // Embedded Raft Metadata RaftIndex `hash:"ignore"` }
func (*ACLBindingRule) Clone ¶ added in v1.5.0
func (r *ACLBindingRule) Clone() *ACLBindingRule
type ACLBindingRuleBatchDeleteRequest ¶ added in v1.5.0
type ACLBindingRuleBatchDeleteRequest struct {
BindingRuleIDs []string
}
ACLBindingRuleBatchDeleteRequest is used at the Raft layer for batching multiple rule deletions
type ACLBindingRuleBatchSetRequest ¶ added in v1.5.0
type ACLBindingRuleBatchSetRequest struct {
BindingRules ACLBindingRules
}
ACLBindingRuleBatchSetRequest is used at the Raft layer for batching multiple rule creations and updates
type ACLBindingRuleDeleteRequest ¶ added in v1.5.0
type ACLBindingRuleDeleteRequest struct { BindingRuleID string // id of the rule to delete Datacenter string // The datacenter to perform the request within acl.EnterpriseMeta WriteRequest }
ACLBindingRuleDeleteRequest is used at the RPC layer deletion requests
func (*ACLBindingRuleDeleteRequest) RequestDatacenter ¶ added in v1.5.0
func (r *ACLBindingRuleDeleteRequest) RequestDatacenter() string
type ACLBindingRuleGetRequest ¶ added in v1.5.0
type ACLBindingRuleGetRequest struct { BindingRuleID string // id used for the rule lookup Datacenter string // The datacenter to perform the request within acl.EnterpriseMeta QueryOptions }
ACLBindingRuleGetRequest is used at the RPC layer to perform rule read operations
func (*ACLBindingRuleGetRequest) RequestDatacenter ¶ added in v1.5.0
func (r *ACLBindingRuleGetRequest) RequestDatacenter() string
type ACLBindingRuleListRequest ¶ added in v1.5.0
type ACLBindingRuleListRequest struct { AuthMethod string // optional filter Datacenter string // The datacenter to perform the request within acl.EnterpriseMeta QueryOptions }
ACLBindingRuleListRequest is used at the RPC layer to request a listing of rules
func (*ACLBindingRuleListRequest) RequestDatacenter ¶ added in v1.5.0
func (r *ACLBindingRuleListRequest) RequestDatacenter() string
type ACLBindingRuleListResponse ¶ added in v1.5.0
type ACLBindingRuleListResponse struct { BindingRules ACLBindingRules QueryMeta }
type ACLBindingRuleResponse ¶ added in v1.5.0
type ACLBindingRuleResponse struct { BindingRule *ACLBindingRule QueryMeta }
ACLBindingRuleResponse returns a single binding + metadata
type ACLBindingRuleSetRequest ¶ added in v1.5.0
type ACLBindingRuleSetRequest struct { BindingRule ACLBindingRule // The rule to upsert Datacenter string // The datacenter to perform the request within WriteRequest }
ACLBindingRuleSetRequest is used at the RPC layer for creation and update requests
func (*ACLBindingRuleSetRequest) RequestDatacenter ¶ added in v1.5.0
func (r *ACLBindingRuleSetRequest) RequestDatacenter() string
type ACLBindingRules ¶ added in v1.5.0
type ACLBindingRules []*ACLBindingRule
func (ACLBindingRules) Sort ¶ added in v1.5.0
func (rules ACLBindingRules) Sort()
type ACLCaches ¶ added in v1.4.0
type ACLCaches struct {
// contains filtered or unexported fields
}
func NewACLCaches ¶ added in v1.4.0
func NewACLCaches(config *ACLCachesConfig) (*ACLCaches, error)
func (*ACLCaches) GetAuthorizer ¶ added in v1.4.0
func (c *ACLCaches) GetAuthorizer(id string) *AuthorizerCacheEntry
GetAuthorizer fetches a acl from the cache and returns it
func (*ACLCaches) GetIdentity ¶ added in v1.4.0
func (c *ACLCaches) GetIdentity(id string) *IdentityCacheEntry
GetIdentity fetches an identity from the cache and returns it
func (*ACLCaches) GetParsedPolicy ¶ added in v1.4.0
func (c *ACLCaches) GetParsedPolicy(id string) *ParsedPolicyCacheEntry
GetPolicy fetches a policy from the cache and returns it
func (*ACLCaches) GetPolicy ¶ added in v1.4.0
func (c *ACLCaches) GetPolicy(policyID string) *PolicyCacheEntry
GetPolicy fetches a policy from the cache and returns it
func (*ACLCaches) GetRole ¶ added in v1.5.0
func (c *ACLCaches) GetRole(roleID string) *RoleCacheEntry
GetRole fetches a role from the cache by id and returns it
func (*ACLCaches) PutAuthorizer ¶ added in v1.4.0
func (c *ACLCaches) PutAuthorizer(id string, authorizer acl.Authorizer)
func (*ACLCaches) PutIdentity ¶ added in v1.4.0
func (c *ACLCaches) PutIdentity(id string, ident ACLIdentity)
PutIdentity adds a new identity to the cache
func (*ACLCaches) PutParsedPolicy ¶ added in v1.4.0
func (*ACLCaches) RemoveIdentity ¶ added in v1.4.0
func (*ACLCaches) RemovePolicy ¶ added in v1.4.0
func (*ACLCaches) RemoveRole ¶ added in v1.5.0
type ACLCachesConfig ¶ added in v1.4.0
type ACLIdentity ¶ added in v1.4.0
type ACLIdentity interface { // ID returns the accessor ID, a string that can be used for logging and // telemetry. It is not the secret ID used for authentication. ID() string SecretToken() string PolicyIDs() []string RoleIDs() []string ServiceIdentityList() []*ACLServiceIdentity NodeIdentityList() []*ACLNodeIdentity IsExpired(asOf time.Time) bool IsLocal() bool EnterpriseMetadata() *acl.EnterpriseMeta }
type ACLLoginParams ¶ added in v1.5.0
type ACLLoginRequest ¶ added in v1.5.0
type ACLLoginRequest struct { Auth *ACLLoginParams Datacenter string // The datacenter to perform the request within WriteRequest }
func (*ACLLoginRequest) RequestDatacenter ¶ added in v1.5.0
func (r *ACLLoginRequest) RequestDatacenter() string
type ACLLogoutRequest ¶ added in v1.5.0
type ACLLogoutRequest struct { Datacenter string // The datacenter to perform the request within WriteRequest }
func (*ACLLogoutRequest) RequestDatacenter ¶ added in v1.5.0
func (r *ACLLogoutRequest) RequestDatacenter() string
type ACLNodeIdentity ¶ added in v1.8.1
type ACLNodeIdentity struct { // NodeName identities the Node that this identity authorizes access to NodeName string // Datacenter is required and specifies the datacenter of the node. Datacenter string }
ACLNodeIdentity represents a high-level grant of all privileges necessary to assume the identity of that node and manage it.
func (*ACLNodeIdentity) AddToHash ¶ added in v1.8.1
func (s *ACLNodeIdentity) AddToHash(h hash.Hash)
func (*ACLNodeIdentity) Clone ¶ added in v1.8.1
func (s *ACLNodeIdentity) Clone() *ACLNodeIdentity
func (*ACLNodeIdentity) EstimateSize ¶ added in v1.8.1
func (s *ACLNodeIdentity) EstimateSize() int
func (*ACLNodeIdentity) SyntheticPolicy ¶ added in v1.8.1
func (s *ACLNodeIdentity) SyntheticPolicy(entMeta *acl.EnterpriseMeta) *ACLPolicy
type ACLPolicies ¶ added in v1.4.0
type ACLPolicies []*ACLPolicy
func (ACLPolicies) Compile ¶ added in v1.4.0
func (policies ACLPolicies) Compile(cache *ACLCaches, entConf *acl.Config) (acl.Authorizer, error)
func (ACLPolicies) HashKey ¶ added in v1.4.0
func (policies ACLPolicies) HashKey() string
HashKey returns a consistent hash for a set of policies.
func (ACLPolicies) Sort ¶ added in v1.4.0
func (policies ACLPolicies) Sort()
type ACLPolicy ¶
type ACLPolicy struct { // This is the internal UUID associated with the policy ID string // Unique name to reference the policy by. // - Valid Characters: [a-zA-Z0-9-] // - Valid Lengths: 1 - 128 Name string // Human readable description (Optional) Description string // The rule set (using the updated rule syntax) Rules string // DEPRECATED (ACL-Legacy-Compat) - This is only needed while we support the legacy ACLs Syntax acl.SyntaxVersion `json:"-"` // Datacenters that the policy is valid within. // - No wildcards allowed // - If empty then the policy is valid within all datacenters Datacenters []string `json:",omitempty"` // Hash of the contents of the policy // This does not take into account the ID (which is immutable) // nor the raft metadata. // // This is needed mainly for replication purposes. When replicating from // one DC to another keeping the content Hash will allow us to avoid // unnecessary calls to the authoritative DC Hash []byte // Embedded Enterprise ACL Metadata acl.EnterpriseMeta `mapstructure:",squash"` // Embedded Raft Metadata RaftIndex `hash:"ignore"` }
func (*ACLPolicy) EnterprisePolicyMeta ¶ added in v1.7.0
func (p *ACLPolicy) EnterprisePolicyMeta() *acl.EnterprisePolicyMeta
func (*ACLPolicy) EstimateSize ¶ added in v1.4.0
func (*ACLPolicy) Stub ¶ added in v1.4.0
func (p *ACLPolicy) Stub() *ACLPolicyListStub
func (*ACLPolicy) UnmarshalJSON ¶ added in v1.6.2
type ACLPolicyBatchDeleteRequest ¶ added in v1.4.0
type ACLPolicyBatchDeleteRequest struct {
PolicyIDs []string
}
ACLPolicyBatchDeleteRequest is used at the Raft layer for batching multiple policy deletions
This is particularly useful during replication
type ACLPolicyBatchGetRequest ¶ added in v1.4.0
type ACLPolicyBatchGetRequest struct { PolicyIDs []string // List of policy ids to fetch Datacenter string // The datacenter to perform the request within QueryOptions }
ACLPolicyBatchGetRequest is used at the RPC layer to request a subset of the policies associated with the token used for retrieval
func (*ACLPolicyBatchGetRequest) RequestDatacenter ¶ added in v1.4.0
func (r *ACLPolicyBatchGetRequest) RequestDatacenter() string
type ACLPolicyBatchResponse ¶ added in v1.4.0
type ACLPolicyBatchSetRequest ¶ added in v1.4.0
type ACLPolicyBatchSetRequest struct {
Policies ACLPolicies
}
ACLPolicyBatchSetRequest is used at the Raft layer for batching multiple policy creations and updates
This is particularly useful during replication
type ACLPolicyDeleteRequest ¶ added in v1.4.0
type ACLPolicyDeleteRequest struct { PolicyID string // The id of the policy to delete Datacenter string // The datacenter to perform the request within acl.EnterpriseMeta WriteRequest }
ACLPolicyDeleteRequest is used at the RPC layer deletion requests
func (*ACLPolicyDeleteRequest) RequestDatacenter ¶ added in v1.4.0
func (r *ACLPolicyDeleteRequest) RequestDatacenter() string
type ACLPolicyGetRequest ¶ added in v1.4.0
type ACLPolicyGetRequest struct { PolicyID string // id used for the policy lookup (one of PolicyID or PolicyName is allowed) PolicyName string // name used for the policy lookup (one of PolicyID or PolicyName is allowed) Datacenter string // The datacenter to perform the request within acl.EnterpriseMeta QueryOptions }
ACLPolicyGetRequest is used at the RPC layer to perform policy read operations
func (*ACLPolicyGetRequest) RequestDatacenter ¶ added in v1.4.0
func (r *ACLPolicyGetRequest) RequestDatacenter() string
type ACLPolicyListRequest ¶ added in v1.4.0
type ACLPolicyListRequest struct { Datacenter string // The datacenter to perform the request within acl.EnterpriseMeta QueryOptions }
ACLPolicyListRequest is used at the RPC layer to request a listing of policies
func (*ACLPolicyListRequest) RequestDatacenter ¶ added in v1.4.0
func (r *ACLPolicyListRequest) RequestDatacenter() string
type ACLPolicyListResponse ¶ added in v1.4.0
type ACLPolicyListResponse struct { Policies ACLPolicyListStubs QueryMeta }
type ACLPolicyListStub ¶ added in v1.4.0
type ACLPolicyListStubs ¶ added in v1.4.0
type ACLPolicyListStubs []*ACLPolicyListStub
func (ACLPolicyListStubs) Sort ¶ added in v1.4.0
func (policies ACLPolicyListStubs) Sort()
type ACLPolicyResponse ¶ added in v1.4.0
ACLPolicyResponse returns a single policy + metadata
type ACLPolicySetRequest ¶ added in v1.4.0
type ACLPolicySetRequest struct { Policy ACLPolicy // The policy to upsert Datacenter string // The datacenter to perform the request within WriteRequest }
ACLPolicySetRequest is used at the RPC layer for creation and update requests
func (*ACLPolicySetRequest) RequestDatacenter ¶ added in v1.4.0
func (r *ACLPolicySetRequest) RequestDatacenter() string
type ACLReplicationStatus ¶
type ACLReplicationStatus struct { Enabled bool Running bool SourceDatacenter string ReplicationType ACLReplicationType ReplicatedIndex uint64 ReplicatedRoleIndex uint64 ReplicatedTokenIndex uint64 LastSuccess time.Time LastError time.Time LastErrorMessage string }
ACLReplicationStatus provides information about the health of the ACL replication system.
type ACLReplicationType ¶ added in v1.4.0
type ACLReplicationType string
const ( ACLReplicatePolicies ACLReplicationType = "policies" ACLReplicateRoles ACLReplicationType = "roles" ACLReplicateTokens ACLReplicationType = "tokens" )
func (ACLReplicationType) SingularNoun ¶ added in v1.5.0
func (t ACLReplicationType) SingularNoun() string
type ACLRole ¶ added in v1.5.0
type ACLRole struct { // ID is the internal UUID associated with the role ID string // Name is the unique name to reference the role by. Name string // Description is a human readable description (Optional) Description string // List of policy links. // Note this is the list of IDs and not the names. Prior to role creation // the list of policy names gets validated and the policy IDs get stored herein Policies []ACLRolePolicyLink `json:",omitempty"` // List of services to generate synthetic policies for. ServiceIdentities []*ACLServiceIdentity `json:",omitempty"` // List of nodes to generate synthetic policies for. NodeIdentities []*ACLNodeIdentity `json:",omitempty"` // Hash of the contents of the role // This does not take into account the ID (which is immutable) // nor the raft metadata. // // This is needed mainly for replication purposes. When replicating from // one DC to another keeping the content Hash will allow us to avoid // unnecessary calls to the authoritative DC Hash []byte // Embedded Enterprise ACL metadata acl.EnterpriseMeta `mapstructure:",squash"` // Embedded Raft Metadata RaftIndex `hash:"ignore"` }
func (*ACLRole) EstimateSize ¶ added in v1.5.0
func (*ACLRole) NodeIdentityList ¶ added in v1.8.1
func (r *ACLRole) NodeIdentityList() []*ACLNodeIdentity
func (*ACLRole) UnmarshalJSON ¶ added in v1.6.2
type ACLRoleBatchDeleteRequest ¶ added in v1.5.0
type ACLRoleBatchDeleteRequest struct {
RoleIDs []string
}
ACLRoleBatchDeleteRequest is used at the Raft layer for batching multiple role deletions
This is particularly useful during replication
type ACLRoleBatchGetRequest ¶ added in v1.5.0
type ACLRoleBatchGetRequest struct { RoleIDs []string // List of role ids to fetch Datacenter string // The datacenter to perform the request within QueryOptions }
ACLRoleBatchGetRequest is used at the RPC layer to request a subset of the roles associated with the token used for retrieval
func (*ACLRoleBatchGetRequest) RequestDatacenter ¶ added in v1.5.0
func (r *ACLRoleBatchGetRequest) RequestDatacenter() string
type ACLRoleBatchResponse ¶ added in v1.5.0
type ACLRoleBatchSetRequest ¶ added in v1.5.0
ACLRoleBatchSetRequest is used at the Raft layer for batching multiple role creations and updates
This is particularly useful during replication
type ACLRoleDeleteRequest ¶ added in v1.5.0
type ACLRoleDeleteRequest struct { RoleID string // id of the role to delete Datacenter string // The datacenter to perform the request within acl.EnterpriseMeta WriteRequest }
ACLRoleDeleteRequest is used at the RPC layer deletion requests
func (*ACLRoleDeleteRequest) RequestDatacenter ¶ added in v1.5.0
func (r *ACLRoleDeleteRequest) RequestDatacenter() string
type ACLRoleGetRequest ¶ added in v1.5.0
type ACLRoleGetRequest struct { RoleID string // id used for the role lookup (one of RoleID or RoleName is allowed) RoleName string // name used for the role lookup (one of RoleID or RoleName is allowed) Datacenter string // The datacenter to perform the request within acl.EnterpriseMeta QueryOptions }
ACLRoleGetRequest is used at the RPC layer to perform role read operations
func (*ACLRoleGetRequest) RequestDatacenter ¶ added in v1.5.0
func (r *ACLRoleGetRequest) RequestDatacenter() string
type ACLRoleListRequest ¶ added in v1.5.0
type ACLRoleListRequest struct { Policy string // Policy filter Datacenter string // The datacenter to perform the request within acl.EnterpriseMeta QueryOptions }
ACLRoleListRequest is used at the RPC layer to request a listing of roles
func (*ACLRoleListRequest) RequestDatacenter ¶ added in v1.5.0
func (r *ACLRoleListRequest) RequestDatacenter() string
type ACLRoleListResponse ¶ added in v1.5.0
type ACLRolePolicyLink ¶ added in v1.5.0
type ACLRoleResponse ¶ added in v1.5.0
ACLRoleResponse returns a single role + metadata
type ACLRoleSetRequest ¶ added in v1.5.0
type ACLRoleSetRequest struct { Role ACLRole // The role to upsert Datacenter string // The datacenter to perform the request within WriteRequest }
ACLRoleSetRequest is used at the RPC layer for creation and update requests
func (*ACLRoleSetRequest) RequestDatacenter ¶ added in v1.5.0
func (r *ACLRoleSetRequest) RequestDatacenter() string
type ACLRoles ¶ added in v1.5.0
type ACLRoles []*ACLRole
type ACLServiceIdentity ¶ added in v1.5.0
type ACLServiceIdentity struct { ServiceName string // Datacenters that the synthetic policy will be valid within. // - No wildcards allowed // - If empty then the synthetic policy is valid within all datacenters // // Only valid for global tokens. It is an error to specify this for local tokens. Datacenters []string `json:",omitempty"` }
ACLServiceIdentity represents a high-level grant of all necessary privileges to assume the identity of the named Service in the Catalog and within Connect.
func (*ACLServiceIdentity) AddToHash ¶ added in v1.5.0
func (s *ACLServiceIdentity) AddToHash(h hash.Hash)
func (*ACLServiceIdentity) Clone ¶ added in v1.5.0
func (s *ACLServiceIdentity) Clone() *ACLServiceIdentity
func (*ACLServiceIdentity) EstimateSize ¶ added in v1.5.0
func (s *ACLServiceIdentity) EstimateSize() int
func (*ACLServiceIdentity) SyntheticPolicy ¶ added in v1.5.0
func (s *ACLServiceIdentity) SyntheticPolicy(entMeta *acl.EnterpriseMeta) *ACLPolicy
type ACLToken ¶ added in v1.4.0
type ACLToken struct { // This is the UUID used for tracking and management purposes AccessorID string // This is the UUID used as the api token by clients SecretID string // Human readable string to display for the token (Optional) Description string // List of policy links - nil/empty for legacy tokens or if service identities are in use. // Note this is the list of IDs and not the names. Prior to token creation // the list of policy names gets validated and the policy IDs get stored herein Policies []ACLTokenPolicyLink `json:",omitempty"` // List of role links. Note this is the list of IDs and not the names. // Prior to token creation the list of role names gets validated and the // role IDs get stored herein Roles []ACLTokenRoleLink `json:",omitempty"` // List of services to generate synthetic policies for. ServiceIdentities []*ACLServiceIdentity `json:",omitempty"` // The node identities that this token should be allowed to manage. NodeIdentities []*ACLNodeIdentity `json:",omitempty"` // Type is the V1 Token Type // DEPRECATED (ACL-Legacy-Compat) - remove once we no longer support v1 ACL compat // Even though we are going to auto upgrade management tokens we still // want to be able to have the old APIs operate on the upgraded management tokens // so this field is being kept to identify legacy tokens even after an auto-upgrade Type string `json:"-"` // Rules is the V1 acl rules associated with // DEPRECATED (ACL-Legacy-Compat) - remove once we no longer support v1 ACL compat Rules string `json:",omitempty"` // Whether this token is DC local. This means that it will not be synced // to the ACL datacenter and replicated to others. Local bool // AuthMethod is the name of the auth method used to create this token. AuthMethod string `json:",omitempty"` // ACLAuthMethodEnterpriseMeta is the EnterpriseMeta for the AuthMethod that this token was created from ACLAuthMethodEnterpriseMeta // ExpirationTime represents the point after which a token should be // considered revoked and is eligible for destruction. The zero value // represents NO expiration. // // This is a pointer value so that the zero value is omitted properly // during json serialization. time.Time does not respect json omitempty // directives unfortunately. ExpirationTime *time.Time `json:",omitempty"` // ExpirationTTL is a convenience field for helping set ExpirationTime to a // value of CreateTime+ExpirationTTL. This can only be set during // TokenCreate and is cleared and used to initialize the ExpirationTime // field before being persisted to the state store or raft log. // // This is a string version of a time.Duration like "2m". ExpirationTTL time.Duration `json:",omitempty"` // The time when this token was created CreateTime time.Time `json:",omitempty"` // Hash of the contents of the token // // This is needed mainly for replication purposes. When replicating from // one DC to another keeping the content Hash will allow us to avoid // unnecessary calls to the authoritative DC Hash []byte // Embedded Enterprise Metadata acl.EnterpriseMeta `mapstructure:",squash"` // Embedded Raft Metadata RaftIndex }
func (*ACLToken) EnterpriseMetadata ¶ added in v1.7.0
func (t *ACLToken) EnterpriseMetadata() *acl.EnterpriseMeta
func (*ACLToken) EstimateSize ¶ added in v1.4.0
func (*ACLToken) HasExpirationTime ¶ added in v1.5.0
func (*ACLToken) NodeIdentityList ¶ added in v1.8.1
func (t *ACLToken) NodeIdentityList() []*ACLNodeIdentity
func (*ACLToken) SecretToken ¶ added in v1.4.0
func (*ACLToken) ServiceIdentityList ¶ added in v1.5.0
func (t *ACLToken) ServiceIdentityList() []*ACLServiceIdentity
func (*ACLToken) Stub ¶ added in v1.4.0
func (token *ACLToken) Stub() *ACLTokenListStub
func (*ACLToken) UnmarshalJSON ¶ added in v1.6.2
type ACLTokenBatchDeleteRequest ¶ added in v1.4.0
type ACLTokenBatchDeleteRequest struct {
TokenIDs []string // Tokens to delete
}
ACLTokenBatchDeleteRequest is used only at the Raft layer for batching multiple token deletions.
This is particularly useful during token replication when multiple tokens need to be removed from the local DCs state.
type ACLTokenBatchGetRequest ¶ added in v1.4.0
type ACLTokenBatchGetRequest struct { AccessorIDs []string // List of accessor ids to fetch Datacenter string // The datacenter to perform the request within QueryOptions }
ACLTokenBatchGetRequest is used for reading multiple tokens, this is different from the the token list request in that only tokens with the the requested ids are returned
func (*ACLTokenBatchGetRequest) RequestDatacenter ¶ added in v1.4.0
func (r *ACLTokenBatchGetRequest) RequestDatacenter() string
type ACLTokenBatchResponse ¶ added in v1.4.0
type ACLTokenBatchResponse struct { Tokens []*ACLToken Redacted bool // whether the token secrets were redacted. Removed bool // whether any tokens were completely removed QueryMeta }
ACLTokenBatchResponse returns multiple Tokens associated with the same metadata
type ACLTokenBatchSetRequest ¶ added in v1.4.0
type ACLTokenBatchSetRequest struct { Tokens ACLTokens CAS bool AllowMissingLinks bool ProhibitUnprivileged bool FromReplication bool }
ACLTokenBatchSetRequest is used only at the Raft layer for batching multiple token creation/update operations
This is particularly useful during token replication and during automatic legacy token upgrades.
type ACLTokenBootstrapRequest ¶ added in v1.4.0
type ACLTokenBootstrapRequest struct { Token ACLToken // Token to use for bootstrapping ResetIndex uint64 // Reset index }
ACLTokenBootstrapRequest is used only at the Raft layer for ACL bootstrapping
The RPC layer will use a generic DCSpecificRequest to indicate that bootstrapping must be performed but the actual token and the resetIndex will be generated by that RPC endpoint
type ACLTokenDeleteRequest ¶ added in v1.4.0
type ACLTokenDeleteRequest struct { TokenID string // ID of the token to delete Datacenter string // The datacenter to perform the request within acl.EnterpriseMeta WriteRequest }
ACLTokenDeleteRequest is used for token deletion operations at the RPC layer
func (*ACLTokenDeleteRequest) RequestDatacenter ¶ added in v1.4.0
func (r *ACLTokenDeleteRequest) RequestDatacenter() string
type ACLTokenExpanded ¶ added in v1.12.0
type ACLTokenExpanded struct { *ACLToken ExpandedTokenInfo }
type ACLTokenGetRequest ¶ added in v1.4.0
type ACLTokenGetRequest struct { TokenID string // id used for the token lookup TokenIDType ACLTokenIDType // The Type of ID used to lookup the token Expanded bool Datacenter string // The datacenter to perform the request within acl.EnterpriseMeta QueryOptions }
ACLTokenGetRequest is used for token read operations at the RPC layer
func (*ACLTokenGetRequest) RequestDatacenter ¶ added in v1.4.0
func (r *ACLTokenGetRequest) RequestDatacenter() string
type ACLTokenIDType ¶ added in v1.4.0
type ACLTokenIDType string
const ( ACLTokenSecret ACLTokenIDType = "secret" ACLTokenAccessor ACLTokenIDType = "accessor" )
type ACLTokenListRequest ¶ added in v1.4.0
type ACLTokenListRequest struct { IncludeLocal bool // Whether local tokens should be included IncludeGlobal bool // Whether global tokens should be included Policy string // Policy filter Role string // Role filter AuthMethod string // Auth Method filter Datacenter string // The datacenter to perform the request within ACLAuthMethodEnterpriseMeta acl.EnterpriseMeta QueryOptions }
ACLTokenListRequest is used for token listing operations at the RPC layer
func (*ACLTokenListRequest) RequestDatacenter ¶ added in v1.4.0
func (r *ACLTokenListRequest) RequestDatacenter() string
type ACLTokenListResponse ¶ added in v1.4.0
type ACLTokenListResponse struct { Tokens ACLTokenListStubs QueryMeta }
ACLTokenListResponse is used to return the secret data free stubs of the tokens
type ACLTokenListStub ¶ added in v1.4.0
type ACLTokenListStub struct { AccessorID string SecretID string Description string Policies []ACLTokenPolicyLink `json:",omitempty"` Roles []ACLTokenRoleLink `json:",omitempty"` ServiceIdentities []*ACLServiceIdentity `json:",omitempty"` NodeIdentities []*ACLNodeIdentity `json:",omitempty"` Local bool AuthMethod string `json:",omitempty"` ExpirationTime *time.Time `json:",omitempty"` CreateTime time.Time `json:",omitempty"` Hash []byte CreateIndex uint64 ModifyIndex uint64 Legacy bool `json:",omitempty"` acl.EnterpriseMeta ACLAuthMethodEnterpriseMeta }
type ACLTokenListStubs ¶ added in v1.4.0
type ACLTokenListStubs []*ACLTokenListStub
func (ACLTokenListStubs) Sort ¶ added in v1.4.0
func (tokens ACLTokenListStubs) Sort()
type ACLTokenPolicyLink ¶ added in v1.4.0
type ACLTokenResponse ¶ added in v1.4.0
type ACLTokenResponse struct { Token *ACLToken Redacted bool // whether the token's secret was redacted SourceDatacenter string ExpandedTokenInfo QueryMeta }
ACLTokenResponse returns a single Token + metadata
type ACLTokenRoleLink ¶ added in v1.5.0
type ACLTokenSetRequest ¶ added in v1.4.0
type ACLTokenSetRequest struct { ACLToken ACLToken // Token to manipulate - I really dislike this name but "Token" is taken in the WriteRequest Create bool // Used to explicitly mark this request as a creation Datacenter string // The datacenter to perform the request within WriteRequest }
ACLTokenSetRequest is used for token creation and update operations at the RPC layer
func (*ACLTokenSetRequest) RequestDatacenter ¶ added in v1.4.0
func (r *ACLTokenSetRequest) RequestDatacenter() string
type AWSCAProviderConfig ¶ added in v1.7.0
type AWSCAProviderConfig struct { CommonCAProviderConfig `mapstructure:",squash"` ExistingARN string DeleteOnExit bool }
type AgentRecoveryTokenIdentity ¶ added in v1.12.0
type AgentRecoveryTokenIdentity struct {
// contains filtered or unexported fields
}
func NewAgentRecoveryTokenIdentity ¶ added in v1.12.0
func NewAgentRecoveryTokenIdentity(agent string, secretID string) *AgentRecoveryTokenIdentity
func (*AgentRecoveryTokenIdentity) EnterpriseMetadata ¶ added in v1.12.0
func (id *AgentRecoveryTokenIdentity) EnterpriseMetadata() *acl.EnterpriseMeta
func (*AgentRecoveryTokenIdentity) ID ¶ added in v1.12.0
func (id *AgentRecoveryTokenIdentity) ID() string
func (*AgentRecoveryTokenIdentity) IsExpired ¶ added in v1.12.0
func (id *AgentRecoveryTokenIdentity) IsExpired(asOf time.Time) bool
func (*AgentRecoveryTokenIdentity) IsLocal ¶ added in v1.12.0
func (id *AgentRecoveryTokenIdentity) IsLocal() bool
func (*AgentRecoveryTokenIdentity) NodeIdentityList ¶ added in v1.12.0
func (id *AgentRecoveryTokenIdentity) NodeIdentityList() []*ACLNodeIdentity
func (*AgentRecoveryTokenIdentity) PolicyIDs ¶ added in v1.12.0
func (id *AgentRecoveryTokenIdentity) PolicyIDs() []string
func (*AgentRecoveryTokenIdentity) RoleIDs ¶ added in v1.12.0
func (id *AgentRecoveryTokenIdentity) RoleIDs() []string
func (*AgentRecoveryTokenIdentity) SecretToken ¶ added in v1.12.0
func (id *AgentRecoveryTokenIdentity) SecretToken() string
func (*AgentRecoveryTokenIdentity) ServiceIdentityList ¶ added in v1.12.0
func (id *AgentRecoveryTokenIdentity) ServiceIdentityList() []*ACLServiceIdentity
type AuthorizerCacheEntry ¶ added in v1.4.0
type AuthorizerCacheEntry struct { Authorizer acl.Authorizer CacheTime time.Time TTL time.Duration }
func (*AuthorizerCacheEntry) Age ¶ added in v1.4.0
func (e *AuthorizerCacheEntry) Age() time.Duration
type AutopilotConfig ¶
type AutopilotConfig struct { // CleanupDeadServers controls whether to remove dead servers when a new // server is added to the Raft peers. CleanupDeadServers bool // LastContactThreshold is the limit on the amount of time a server can go // without leader contact before being considered unhealthy. LastContactThreshold time.Duration // MaxTrailingLogs is the amount of entries in the Raft Log that a server can // be behind before being considered unhealthy. MaxTrailingLogs uint64 // MinQuorum sets the minimum number of servers required in a cluster // before autopilot can prune dead servers. MinQuorum uint // ServerStabilizationTime is the minimum amount of time a server must be // in a stable, healthy state before it can be added to the cluster. Only // applicable with Raft protocol version 3 or higher. ServerStabilizationTime time.Duration // (Enterprise-only) RedundancyZoneTag is the node tag to use for separating // servers into zones for redundancy. If left blank, this feature will be disabled. RedundancyZoneTag string // (Enterprise-only) DisableUpgradeMigration will disable Autopilot's upgrade migration // strategy of waiting until enough newer-versioned servers have been added to the // cluster before promoting them to voters. DisableUpgradeMigration bool // (Enterprise-only) UpgradeVersionTag is the node tag to use for version info when // performing upgrade migrations. If left blank, the Consul version will be used. UpgradeVersionTag string // CreateIndex/ModifyIndex store the create/modify indexes of this configuration. CreateIndex uint64 ModifyIndex uint64 }
Autopilotconfig holds the Autopilot configuration for a cluster.
func (*AutopilotConfig) ToAutopilotLibraryConfig ¶ added in v1.9.0
func (c *AutopilotConfig) ToAutopilotLibraryConfig() *autopilot.Config
type AutopilotHealthReply ¶ added in v1.9.0
type AutopilotHealthReply struct { // Healthy is true if all the servers in the cluster are healthy. Healthy bool // FailureTolerance is the number of healthy servers that could be lost without // an outage occurring. FailureTolerance int // Servers holds the health of each server. Servers []AutopilotServerHealth }
AutopilotHealthReply is a representation of the overall health of the cluster
type AutopilotServerHealth ¶ added in v1.9.0
type AutopilotServerHealth struct { // ID is the raft ID of the server. ID string // Name is the node name of the server. Name string // Address is the address of the server. Address string // The status of the SerfHealth check for the server. SerfStatus serf.MemberStatus // Version is the version of the server. Version string // Leader is whether this server is currently the leader. Leader bool // LastContact is the time since this node's last contact with the leader. LastContact time.Duration // LastTerm is the highest leader term this server has a record of in its Raft log. LastTerm uint64 // LastIndex is the last log index this server has a record of in its Raft log. LastIndex uint64 // Healthy is whether or not the server is healthy according to the current // Autopilot config. Healthy bool // Voter is whether this is a voting server. Voter bool // StableSince is the last time this server's Healthy value changed. StableSince time.Time }
ServerHealth is the health (from the leader's point of view) of a server.
type AutopilotSetConfigRequest ¶
type AutopilotSetConfigRequest struct { // Datacenter is the target this request is intended for. Datacenter string // Config is the new Autopilot configuration to use. Config AutopilotConfig // CAS controls whether to use check-and-set semantics for this request. CAS bool // WriteRequest holds the ACL token to go along with this request. WriteRequest }
AutopilotSetConfigRequest is used by the Operator endpoint to update the current Autopilot configuration of the cluster.
func (*AutopilotSetConfigRequest) RequestDatacenter ¶
func (op *AutopilotSetConfigRequest) RequestDatacenter() string
RequestDatacenter returns the datacenter for a given request.
type CAConfiguration ¶ added in v1.2.0
type CAConfiguration struct { // ClusterID is a unique identifier for the cluster ClusterID string `json:"-"` // Provider is the CA provider implementation to use. Provider string // Configuration is arbitrary configuration for the provider. This // should only contain primitive values and containers (such as lists // and maps). Config map[string]interface{} // State is optionally used by the provider to persist information it needs // between reloads like UUIDs of resources it manages. It only supports string // values to avoid gotchas with interface{} since this is encoded through // msgpack when it's written through raft. For example if providers used a // custom struct or even a simple `int` type, msgpack with loose type // information during encode/decode and providers will end up getting back // different types have have to remember to test multiple variants of state // handling to account for cases where it's been through msgpack or not. // Keeping this as strings only forces compatibility and leaves the input // Providers have to work with unambiguous - they can parse ints or other // types as they need. We expect this only to be used to store a handful of // identifiers anyway so this is simpler. State map[string]string // ForceWithoutCrossSigning indicates that the CA reconfiguration should go // ahead even if the current CA is unable to cross sign certificates. This // risks temporary connection failures during the rollout as new leafs will be // rejected by proxies that have not yet observed the new root cert but is the // only option if a CA that doesn't support cross signing needs to be // reconfigured or mirated away from. ForceWithoutCrossSigning bool RaftIndex }
CAConfiguration is the configuration for the current CA plugin.
func (*CAConfiguration) GetCommonConfig ¶ added in v1.2.2
func (c *CAConfiguration) GetCommonConfig() (*CommonCAProviderConfig, error)
func (*CAConfiguration) UnmarshalJSON ¶ added in v1.7.0
func (c *CAConfiguration) UnmarshalJSON(data []byte) (err error)
type CAConsulProviderState ¶ added in v1.2.0
type CAConsulProviderState struct { ID string PrivateKey string RootCert string IntermediateCert string RaftIndex }
CAConsulProviderState is used to track the built-in Consul CA provider's state.
type CALeafOp ¶ added in v1.4.1
type CALeafOp string
CALeafOp is the operation for a request related to leaf certificates.
const (
CALeafOpIncrementIndex CALeafOp = "increment-index"
)
type CALeafRequest ¶ added in v1.4.1
type CALeafRequest struct { // Op is the type of operation being requested. This determines what // other fields are required. Op CALeafOp // Datacenter is the target for this request. Datacenter string // WriteRequest is a common struct containing ACL tokens and other // write-related common elements for requests. WriteRequest }
CALeafRequest is used to modify connect CA leaf data. This is used by the FSM (agent/consul/fsm) to apply changes.
func (*CALeafRequest) RequestDatacenter ¶ added in v1.4.1
func (q *CALeafRequest) RequestDatacenter() string
RequestDatacenter returns the datacenter for a given request.
type CAOp ¶ added in v1.2.0
type CAOp string
CAOp is the operation for a request related to intentions.
type CARequest ¶ added in v1.2.0
type CARequest struct { // Op is the type of operation being requested. This determines what // other fields are required. Op CAOp // Datacenter is the target for this request. Datacenter string // Index is used by CAOpSetRoots and CAOpSetConfig for a CAS operation. Index uint64 // Roots is a list of roots. This is used for CAOpSet. One root must // always be active. Roots []*CARoot // Config is the configuration for the current CA plugin. Config *CAConfiguration // ProviderState is the state for the builtin CA provider. ProviderState *CAConsulProviderState // WriteRequest is a common struct containing ACL tokens and other // write-related common elements for requests. WriteRequest }
CARequest is used to modify connect CA data. This is used by the FSM (agent/consul/fsm) to apply changes.
func (*CARequest) RequestDatacenter ¶ added in v1.2.0
RequestDatacenter returns the datacenter for a given request.
type CARoot ¶ added in v1.2.0
type CARoot struct { // ID is a globally unique ID (UUID) representing this CA chain. It is // calculated from the SHA1 of the primary CA certificate. ID string // Name is a human-friendly name for this CA root. This value is // opaque to Consul and is not used for anything internally. Name string // SerialNumber is the x509 serial number of the primary CA certificate. SerialNumber uint64 // SigningKeyID is the connect.HexString encoded id of the public key that // corresponds to the private key used to sign leaf certificates in the // local datacenter. // // The value comes from x509.Certificate.SubjectKeyId of the local leaf // signing cert. // // See https://www.rfc-editor.org/rfc/rfc3280#section-4.2.1.1 for more detail. SigningKeyID string // ExternalTrustDomain is the trust domain this root was generated under. It // is usually empty implying "the current cluster trust-domain". It is set // only in the case that a cluster changes trust domain and then all old roots // that are still trusted have the old trust domain set here. // // We currently DON'T validate these trust domains explicitly anywhere, see // IndexedRoots.TrustDomain doc. We retain this information for debugging and // future flexibility. ExternalTrustDomain string // NotBefore is the x509.Certificate.NotBefore value of the primary CA // certificate. This value should generally be a time in the past. NotBefore time.Time // NotAfter is the x509.Certificate.NotAfter value of the primary CA // certificate. This is the time when the certificate will expire. NotAfter time.Time // RootCert is the PEM-encoded public certificate for the root CA. The // certificate is the same for all federated clusters. RootCert string // IntermediateCerts is a list of PEM-encoded intermediate certs to // attach to any leaf certs signed by this CA. The list may include a // certificate cross-signed by an old root CA, any subordinate CAs below the // root CA, and the intermediate CA used to sign leaf certificates in the // local Datacenter. // // If the provider which created this root uses an intermediate to sign // leaf certificates (Vault provider), or this is a secondary Datacenter then // the intermediate used to sign leaf certificates will be the last in the // list. IntermediateCerts []string // SigningCert is the PEM-encoded signing certificate and SigningKey // is the PEM-encoded private key for the signing certificate. These // may actually be empty if the CA plugin in use manages these for us. SigningCert string `json:",omitempty"` SigningKey string `json:",omitempty"` // Active is true if this is the current active CA. This must only // be true for exactly one CA. For any method that modifies roots in the // state store, tests should be written to verify that multiple roots // cannot be active. Active bool // RotatedOutAt is the time at which this CA was removed from the state. // This will only be set on roots that have been rotated out from being the // active root. RotatedOutAt time.Time `json:"-"` // PrivateKeyType is the type of the private key used to sign certificates. It // may be "rsa" or "ec". This is provided as a convenience to avoid parsing // the public key to from the certificate to infer the type. PrivateKeyType string // PrivateKeyBits is the length of the private key used to sign certificates. // This is provided as a convenience to avoid parsing the public key from the // certificate to infer the type. PrivateKeyBits int RaftIndex }
CARoot represents a root CA certificate that is trusted.
type CASignRequest ¶ added in v1.2.0
type CASignRequest struct { // Datacenter is the target for this request. Datacenter string // CSR is the PEM-encoded CSR. CSR string // WriteRequest is a common struct containing ACL tokens and other // write-related common elements for requests. WriteRequest }
CASignRequest is the request for signing a service certificate.
func (*CASignRequest) RequestDatacenter ¶ added in v1.2.0
func (q *CASignRequest) RequestDatacenter() string
RequestDatacenter returns the datacenter for a given request.
type CatalogContents ¶ added in v1.12.0
type CatalogContents struct { Nodes []*Node Services []*ServiceNode Checks []*HealthCheck }
type CatalogSummary ¶ added in v1.12.0
type CatalogSummary struct { Nodes []HealthSummary Services []HealthSummary Checks []HealthSummary }
type CheckDefinition ¶
type CheckDefinition struct { ID types.CheckID Name string Notes string ServiceID string Token string Status string // Copied fields from CheckType without the fields // already present in CheckDefinition: // // ID (CheckID), Name, Status, Notes // ScriptArgs []string HTTP string H2PING string H2PingUseTLS bool Header map[string][]string Method string Body string DisableRedirects bool TCP string Interval time.Duration DockerContainerID string Shell string GRPC string GRPCUseTLS bool TLSServerName string TLSSkipVerify bool AliasNode string AliasService string Timeout time.Duration TTL time.Duration SuccessBeforePassing int FailuresBeforeWarning int FailuresBeforeCritical int DeregisterCriticalServiceAfter time.Duration OutputMaxSize int acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` }
CheckDefinition is used to JSON decode the Check definitions
func (*CheckDefinition) CheckType ¶
func (c *CheckDefinition) CheckType() *CheckType
func (*CheckDefinition) HealthCheck ¶
func (c *CheckDefinition) HealthCheck(node string) *HealthCheck
func (*CheckDefinition) UnmarshalJSON ¶ added in v1.6.2
func (t *CheckDefinition) UnmarshalJSON(data []byte) (err error)
type CheckID ¶ added in v1.7.0
type CheckID struct { ID types.CheckID acl.EnterpriseMeta }
func NewCheckID ¶ added in v1.7.0
func NewCheckID(id types.CheckID, entMeta *acl.EnterpriseMeta) CheckID
func (CheckID) NamespaceOrDefault ¶ added in v1.11.0
NamespaceOrDefault exists because acl.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.
func (CheckID) PartitionOrDefault ¶ added in v1.11.0
PartitionOrDefault exists because acl.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.
func (CheckID) StringHashMD5 ¶ added in v1.9.11
StringHashMD5 is used mainly to populate part of the filename of a check definition persisted on the local agent (deprecated in favor of StringHashSHA256) Kept around for backwards compatibility
func (CheckID) StringHashSHA256 ¶ added in v1.9.11
StringHashSHA256 is used mainly to populate part of the filename of a check definition persisted on the local agent
type CheckServiceNode ¶
type CheckServiceNode struct { Node *Node Service *NodeService Checks HealthChecks }
CheckServiceNode is used to provide the node, its service definition, as well as a HealthCheck that is associated.
func (*CheckServiceNode) BestAddress ¶ added in v1.6.0
func (csn *CheckServiceNode) BestAddress(wan bool) (uint64, string, int)
func (*CheckServiceNode) CanRead ¶ added in v1.9.0
func (csn *CheckServiceNode) CanRead(authz acl.Authorizer) acl.EnforcementDecision
type CheckServiceNodes ¶
type CheckServiceNodes []CheckServiceNode
func (CheckServiceNodes) Filter ¶
func (nodes CheckServiceNodes) Filter(onlyPassing bool) CheckServiceNodes
Filter removes nodes that are failing health checks (and any non-passing check if that option is selected). Note that this returns the filtered results AND modifies the receiver for performance.
func (CheckServiceNodes) FilterIgnore ¶ added in v1.0.7
func (nodes CheckServiceNodes) FilterIgnore(onlyPassing bool, ignoreCheckIDs []types.CheckID) CheckServiceNodes
FilterIgnore removes nodes that are failing health checks just like Filter. It also ignores the status of any check with an ID present in ignoreCheckIDs as if that check didn't exist. Note that this returns the filtered results AND modifies the receiver for performance.
func (CheckServiceNodes) ShallowClone ¶ added in v1.8.0
func (nodes CheckServiceNodes) ShallowClone() CheckServiceNodes
ShallowClone duplicates the slice and underlying array.
func (CheckServiceNodes) Shuffle ¶
func (nodes CheckServiceNodes) Shuffle()
Shuffle does an in-place random shuffle using the Fisher-Yates algorithm.
func (CheckServiceNodes) ToServiceDump ¶ added in v1.8.0
func (nodes CheckServiceNodes) ToServiceDump() ServiceDump
type CheckType ¶
type CheckType struct { CheckID types.CheckID Name string Status string Notes string ScriptArgs []string HTTP string H2PING string H2PingUseTLS bool Header map[string][]string Method string Body string DisableRedirects bool TCP string Interval time.Duration AliasNode string AliasService string DockerContainerID string Shell string GRPC string GRPCUseTLS bool TLSServerName string TLSSkipVerify bool Timeout time.Duration TTL time.Duration SuccessBeforePassing int FailuresBeforeWarning int FailuresBeforeCritical int // Definition fields used when exposing checks through a proxy ProxyHTTP string ProxyGRPC string // DeregisterCriticalServiceAfter, if >0, will cause the associated // service, if any, to be deregistered if this check is critical for // longer than this duration. DeregisterCriticalServiceAfter time.Duration OutputMaxSize int }
CheckType is used to create either the CheckMonitor or the CheckTTL. The following types are supported: Script, HTTP, TCP, Docker, TTL, GRPC, Alias, H2PING. Script, HTTP, Docker, TCP, GRPC, and H2PING all require Interval. Only one of the types may to be provided: TTL or Script/Interval or HTTP/Interval or TCP/Interval or Docker/Interval or GRPC/Interval or AliasService or H2PING/Interval. Since types like CheckHTTP and CheckGRPC derive from CheckType, there are helper conversion methods that do the reverse conversion. ie. checkHTTP.CheckType()
func (*CheckType) Empty ¶ added in v1.0.0
Empty checks if the CheckType has no fields defined. Empty checks parsed from json configs are filtered out
func (*CheckType) UnmarshalJSON ¶ added in v1.6.2
type CheckTypes ¶
type CheckTypes []*CheckType
type ChecksInStateRequest ¶
type ChecksInStateRequest struct { Datacenter string NodeMetaFilters map[string]string State string Source QuerySource acl.EnterpriseMeta `mapstructure:",squash"` QueryOptions }
ChecksInStateRequest is used to query for nodes in a state
func (*ChecksInStateRequest) RequestDatacenter ¶
func (r *ChecksInStateRequest) RequestDatacenter() string
type CommonCAProviderConfig ¶ added in v1.2.2
type CommonCAProviderConfig struct { LeafCertTTL time.Duration IntermediateCertTTL time.Duration RootCertTTL time.Duration SkipValidate bool // CSRMaxPerSecond is a rate limit on processing Connect Certificate Signing // Requests on the servers. It applies to all CA providers so can be used to // limit rate to an external CA too. 0 disables the rate limit. Defaults to 50 // which is low enough to prevent overload of a reasonably sized production // server while allowing a cluster with 1000 service instances to complete a // rotation in 20 seconds. For reference a quad-core 2017 MacBook pro can // process 100 signing RPCs a second while using less than half of one core. // For large clusters with powerful servers it's advisable to increase this // rate or to disable this limit and instead rely on CSRMaxConcurrent to only // consume a subset of the server's cores. CSRMaxPerSecond float32 // CSRMaxConcurrent is a limit on how many concurrent CSR signing requests // will be processed in parallel. New incoming signing requests will try for // `consul.csrSemaphoreWait` (currently 500ms) for a slot before being // rejected with a "rate limited" backpressure response. This effectively sets // how many CPU cores can be occupied by Connect CA signing activity and // should be a (small) subset of your server's available cores to allow other // tasks to complete when a barrage of CSRs come in (e.g. after a CA root // rotation). Setting to 0 disables the limit, attempting to sign certs // immediately in the RPC goroutine. This is 0 by default and CSRMaxPerSecond // is used. This is ignored if CSRMaxPerSecond is non-zero. CSRMaxConcurrent int // PrivateKeyType specifies which type of key the CA should generate. It only // applies when the provider is generating its own key and is ignored if the // provider already has a key or an external key is provided. Supported values // are "ec" or "rsa". "ec" is the default and will generate a NIST P-256 // Elliptic key. PrivateKeyType string // PrivateKeyBits specifies the number of bits the CA's private key should // use. For RSA, supported values are 2048 and 4096. For EC, supported values // are 224, 256, 384 and 521 and correspond to the NIST P-* curve of the same // name. As with PrivateKeyType this is only relevant whan the provier is // generating new CA keys (root or intermediate). PrivateKeyBits int }
func (CommonCAProviderConfig) Validate ¶ added in v1.2.2
func (c CommonCAProviderConfig) Validate() error
type CompiledDiscoveryChain ¶ added in v1.6.0
type CompiledDiscoveryChain struct { ServiceName string Namespace string // the namespace that the chain was compiled within Partition string // the partition that the chain was compiled within Datacenter string // the datacenter that the chain was compiled within // CustomizationHash is a unique hash of any data that affects the // compilation of the discovery chain other than config entries or the // name/namespace/datacenter evaluation criteria. // // If set, this value should be used to prefix/suffix any generated load // balancer data plane objects to avoid sharing customized and // non-customized versions. CustomizationHash string `json:",omitempty"` // Default indicates if this discovery chain is based on no // service-resolver, service-splitter, or service-router config entries. Default bool `json:",omitempty"` // Protocol is the overall protocol shared by everything in the chain. Protocol string `json:",omitempty"` // ServiceMeta is the metadata from the underlying service-defaults config // entry for the service named ServiceName. ServiceMeta map[string]string `json:",omitempty"` // StartNode is the first key into the Nodes map that should be followed // when walking the discovery chain. StartNode string `json:",omitempty"` // Nodes contains all nodes available for traversal in the chain keyed by a // unique name. You can walk this by starting with StartNode. // // NOTE: The names should be treated as opaque values and are only // guaranteed to be consistent within a single compilation. Nodes map[string]*DiscoveryGraphNode `json:",omitempty"` // Targets is a list of all targets used in this chain. Targets map[string]*DiscoveryTarget `json:",omitempty"` }
CompiledDiscoveryChain is the result from taking a set of related config entries for a single service's discovery chain and restructuring them into a form that is more usable for actual service discovery.
func (*CompiledDiscoveryChain) CompoundServiceName ¶ added in v1.10.0
func (c *CompiledDiscoveryChain) CompoundServiceName() ServiceName
func (*CompiledDiscoveryChain) ID ¶ added in v1.10.0
func (c *CompiledDiscoveryChain) ID() string
ID returns an ID that encodes the service, namespace, partition, and datacenter. This ID allows us to compare a discovery chain target to the chain upstream itself.
func (*CompiledDiscoveryChain) WillFailoverThroughMeshGateway ¶ added in v1.6.0
func (c *CompiledDiscoveryChain) WillFailoverThroughMeshGateway(node *DiscoveryGraphNode) bool
type CompoundResponse ¶
type CompoundResponse interface { // Add adds a new response to the compound response Add(interface{}) // New returns an empty response object which can be passed around by // reference, and then passed to Add() later on. New() interface{} }
CompoundResponse is an interface for gathering multiple responses. It is used in cross-datacenter RPC calls where more than 1 datacenter is expected to reply.
type ConfigEntry ¶ added in v1.5.0
type ConfigEntry interface { GetKind() string GetName() string // This is called in the RPC endpoint and can apply defaults or limits. Normalize() error Validate() error // CanRead and CanWrite return whether or not the given Authorizer // has permission to read or write to the config entry, respectively. // TODO(acl-error-enhancements) This should be ACLResolveResult or similar but we have to wait until we move things to the acl package CanRead(acl.Authorizer) error CanWrite(acl.Authorizer) error GetMeta() map[string]string GetEnterpriseMeta() *acl.EnterpriseMeta GetRaftIndex() *RaftIndex }
ConfigEntry is the interface for centralized configuration stored in Raft. Currently only service-defaults and proxy-defaults are supported.
func DecodeConfigEntry ¶ added in v1.5.0
func DecodeConfigEntry(raw map[string]interface{}) (ConfigEntry, error)
DecodeConfigEntry can be used to decode a ConfigEntry from a raw map value. Currently its used in the HTTP API to decode ConfigEntry structs coming from JSON. Unlike some of our custom binary encodings we don't have a preamble including the kind so we will not have a concrete type to decode into. In those cases we must first decode into a map[string]interface{} and then call this function to decode into a concrete type.
There is an 'api' variation of this in command/config/write/config_write.go:newDecodeConfigEntry
func MakeConfigEntry ¶ added in v1.5.0
func MakeConfigEntry(kind, name string) (ConfigEntry, error)
type ConfigEntryDeleteResponse ¶ added in v1.11.0
type ConfigEntryDeleteResponse struct {
Deleted bool
}
type ConfigEntryGraphError ¶ added in v1.6.0
type ConfigEntryGraphError struct { // one of Message or Err should be set Message string Err error }
func (*ConfigEntryGraphError) Error ¶ added in v1.6.0
func (e *ConfigEntryGraphError) Error() string
type ConfigEntryListAllRequest ¶ added in v1.9.0
type ConfigEntryListAllRequest struct { // Kinds should always be set. For backwards compatibility with versions // prior to 1.9.0, if this is omitted or left empty it is assumed to mean // the subset of config entry kinds that were present in 1.8.0: // // proxy-defaults, service-defaults, service-resolver, service-splitter, // service-router, terminating-gateway, and ingress-gateway. Kinds []string Datacenter string acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions }
ConfigEntryListAllRequest is used when requesting to list all config entries of a set of kinds.
func (*ConfigEntryListAllRequest) RequestDatacenter ¶ added in v1.9.0
func (r *ConfigEntryListAllRequest) RequestDatacenter() string
type ConfigEntryOp ¶ added in v1.5.0
type ConfigEntryOp string
const ( ConfigEntryUpsert ConfigEntryOp = "upsert" ConfigEntryUpsertCAS ConfigEntryOp = "upsert-cas" ConfigEntryDelete ConfigEntryOp = "delete" ConfigEntryDeleteCAS ConfigEntryOp = "delete-cas" )
type ConfigEntryQuery ¶ added in v1.5.0
type ConfigEntryQuery struct { Kind string Name string Datacenter string acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions }
ConfigEntryQuery is used when requesting info about a config entry.
func (*ConfigEntryQuery) CacheInfo ¶ added in v1.6.0
func (r *ConfigEntryQuery) CacheInfo() cache.RequestInfo
func (*ConfigEntryQuery) RequestDatacenter ¶ added in v1.5.0
func (c *ConfigEntryQuery) RequestDatacenter() string
type ConfigEntryRequest ¶ added in v1.5.0
type ConfigEntryRequest struct { Op ConfigEntryOp Datacenter string Entry ConfigEntry WriteRequest }
ConfigEntryRequest is used when creating/updating/deleting a ConfigEntry.
func (*ConfigEntryRequest) MarshalBinary ¶ added in v1.5.0
func (c *ConfigEntryRequest) MarshalBinary() (data []byte, err error)
func (*ConfigEntryRequest) RequestDatacenter ¶ added in v1.5.0
func (c *ConfigEntryRequest) RequestDatacenter() string
func (*ConfigEntryRequest) UnmarshalBinary ¶ added in v1.5.0
func (c *ConfigEntryRequest) UnmarshalBinary(data []byte) error
type ConfigEntryResponse ¶ added in v1.5.0
type ConfigEntryResponse struct { Entry ConfigEntry QueryMeta }
ConfigEntryResponse returns a single ConfigEntry
func (*ConfigEntryResponse) MarshalBinary ¶ added in v1.5.0
func (c *ConfigEntryResponse) MarshalBinary() (data []byte, err error)
func (*ConfigEntryResponse) UnmarshalBinary ¶ added in v1.5.0
func (c *ConfigEntryResponse) UnmarshalBinary(data []byte) error
type ConnectAuthorizeRequest ¶ added in v1.2.0
type ConnectAuthorizeRequest struct { // Target is the name of the service that is being requested. Target string // EnterpriseMeta is the embedded Consul Enterprise specific metadata acl.EnterpriseMeta // ClientCertURI is a unique identifier for the requesting client. This // is currently the URI SAN from the TLS client certificate. // // ClientCertSerial is a colon-hex-encoded of the serial number for // the requesting client cert. This is used to check against revocation // lists. ClientCertURI string ClientCertSerial string }
ConnectAuthorizeRequest is the structure of a request to authorize a connection.
func (*ConnectAuthorizeRequest) TargetNamespace ¶ added in v1.7.0
func (req *ConnectAuthorizeRequest) TargetNamespace() string
func (*ConnectAuthorizeRequest) TargetPartition ¶ added in v1.11.0
func (req *ConnectAuthorizeRequest) TargetPartition() string
type ConnectProxyConfig ¶ added in v1.3.0
type ConnectProxyConfig struct { // DestinationServiceName is required and is the name of the service to accept // traffic for. DestinationServiceName string `json:",omitempty" alias:"destination_service_name"` // DestinationServiceID is optional and should only be specified for // "side-car" style proxies where the proxy is in front of just a single // instance of the service. It should be set to the service ID of the instance // being represented which must be registered to the same agent. It's valid to // provide a service ID that does not yet exist to avoid timing issues when // bootstrapping a service with a proxy. DestinationServiceID string `json:",omitempty" alias:"destination_service_id"` // LocalServiceAddress is the address of the local service instance. It is // optional and should only be specified for "side-car" style proxies. It will // default to 127.0.0.1 if the proxy is a "side-car" (DestinationServiceID is // set) but otherwise will be ignored. LocalServiceAddress string `json:",omitempty" alias:"local_service_address"` // LocalServicePort is the port of the local service instance. It is optional // and should only be specified for "side-car" style proxies. It will default // to the registered port for the instance if the proxy is a "side-car" // (DestinationServiceID is set) but otherwise will be ignored. LocalServicePort int `json:",omitempty" alias:"local_service_port"` // LocalServiceSocketPath is the socket of the local service instance. It is optional // and should only be specified for "side-car" style proxies. LocalServiceSocketPath string `json:",omitempty" alias:"local_service_socket_path"` // Mode represents how the proxy's inbound and upstream listeners are dialed. Mode ProxyMode // Config is the arbitrary configuration data provided with the proxy // registration. Config map[string]interface{} `json:",omitempty" bexpr:"-"` // Upstreams describes any upstream dependencies the proxy instance should // setup. Upstreams Upstreams `json:",omitempty"` // MeshGateway defines the mesh gateway configuration for this upstream MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"` // Expose defines whether checks or paths are exposed through the proxy Expose ExposeConfig `json:",omitempty"` // TransparentProxy defines configuration for when the proxy is in // transparent mode. TransparentProxy TransparentProxyConfig `json:",omitempty" alias:"transparent_proxy"` }
ConnectProxyConfig describes the configuration needed for any proxy managed or unmanaged. It describes a single logical service's listener and optionally upstreams and sidecar-related config for a single instance. To describe a centralized proxy that routed traffic for multiple services, a different one of these would be needed for each, sharing the same LogicalProxyID.
func TestConnectProxyConfig ¶ added in v1.3.0
func TestConnectProxyConfig(t testing.T) ConnectProxyConfig
TestConnectProxyConfig returns a ConnectProxyConfig representing a valid Connect proxy.
func (*ConnectProxyConfig) MarshalJSON ¶ added in v1.6.0
func (c *ConnectProxyConfig) MarshalJSON() ([]byte, error)
func (*ConnectProxyConfig) ToAPI ¶ added in v1.3.0
func (c *ConnectProxyConfig) ToAPI() *api.AgentServiceConnectProxyConfig
ToAPI returns the api struct with the same fields. We have duplicates to avoid the api package depending on this one which imports a ton of Consul's core which you don't want if you are just trying to use our client in your app.
func (*ConnectProxyConfig) UnmarshalJSON ¶ added in v1.6.2
func (t *ConnectProxyConfig) UnmarshalJSON(data []byte) (err error)
type ConsulCAProviderConfig ¶ added in v1.2.0
type ConsulCAProviderConfig struct { CommonCAProviderConfig `mapstructure:",squash"` PrivateKey string RootCert string // DisableCrossSigning is really only useful in test code to use the built in // provider while exercising logic that depends on the CA provider ability to // cross sign. We don't document this config field publicly or make any // attempt to parse it from snake case unlike other fields here. DisableCrossSigning bool }
func (*ConsulCAProviderConfig) Validate ¶ added in v1.7.0
func (c *ConsulCAProviderConfig) Validate() error
type CookieConfig ¶ added in v1.9.0
type CookieConfig struct { // Generates a session cookie with no expiration. Session bool `json:",omitempty"` // TTL for generated cookies. Cannot be specified for session cookies. TTL time.Duration `json:",omitempty"` // The path to set for the cookie Path string `json:",omitempty"` }
CookieConfig contains configuration for the "cookie" hash policy type. This is specified to have Envoy generate a cookie for a client on its first request.
type Coordinate ¶
type Coordinate struct { Node string Segment string Partition string `json:",omitempty"` // TODO(partitions): fully thread this needle Coord *coordinate.Coordinate }
Coordinate stores a node name with its associated network coordinate.
func (*Coordinate) FillAuthzContext ¶ added in v1.11.0
func (_ *Coordinate) FillAuthzContext(_ *acl.AuthorizerContext)
func (*Coordinate) GetEnterpriseMeta ¶ added in v1.11.0
func (c *Coordinate) GetEnterpriseMeta() *acl.EnterpriseMeta
func (*Coordinate) PartitionOrDefault ¶ added in v1.11.0
func (c *Coordinate) PartitionOrDefault() string
type CoordinateUpdateRequest ¶
type CoordinateUpdateRequest struct { Datacenter string Node string Segment string Coord *coordinate.Coordinate acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` WriteRequest }
CoordinateUpdateRequest is used to update the network coordinate of a given node.
func (*CoordinateUpdateRequest) RequestDatacenter ¶
func (c *CoordinateUpdateRequest) RequestDatacenter() string
RequestDatacenter returns the datacenter for a given update request.
type Coordinates ¶
type Coordinates []*Coordinate
type DCSpecificRequest ¶
type DCSpecificRequest struct { Datacenter string NodeMetaFilters map[string]string Source QuerySource acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions }
DCSpecificRequest is used to query about a specific DC
func (*DCSpecificRequest) CacheInfo ¶ added in v1.2.0
func (r *DCSpecificRequest) CacheInfo() cache.RequestInfo
func (*DCSpecificRequest) CacheMinIndex ¶ added in v1.2.0
func (r *DCSpecificRequest) CacheMinIndex() uint64
func (*DCSpecificRequest) RequestDatacenter ¶
func (r *DCSpecificRequest) RequestDatacenter() string
type DatacenterIndexedCheckServiceNodes ¶ added in v1.8.0
type DatacenterIndexedCheckServiceNodes struct { DatacenterNodes map[string]CheckServiceNodes QueryMeta }
type DatacenterMap ¶
type DatacenterMap struct { Datacenter string AreaID types.AreaID Coordinates Coordinates }
DatacenterMap is used to represent a list of nodes with their raw coordinates, associated with a datacenter. Coordinates are only compatible between nodes in the same area.
type DatacentersRequest ¶ added in v1.6.0
type DatacentersRequest struct {
QueryOptions
}
func (*DatacentersRequest) CacheInfo ¶ added in v1.6.0
func (r *DatacentersRequest) CacheInfo() cache.RequestInfo
type DeregisterRequest ¶
type DeregisterRequest struct { Datacenter string Node string ServiceID string CheckID types.CheckID acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` WriteRequest }
DeregisterRequest is used for the Catalog.Deregister endpoint to deregister a service, check, or node (only one should be provided). If ServiceID or CheckID are not provided, the entire node is deregistered. If a ServiceID is provided, any associated Checks with that service are also deregistered.
func (*DeregisterRequest) RequestDatacenter ¶
func (r *DeregisterRequest) RequestDatacenter() string
func (*DeregisterRequest) UnmarshalJSON ¶ added in v1.7.0
func (r *DeregisterRequest) UnmarshalJSON(data []byte) error
type DirEntries ¶
type DirEntries []*DirEntry
type DirEntry ¶
type DirEntry struct { LockIndex uint64 Key string Flags uint64 Value []byte Session string `json:",omitempty"` acl.EnterpriseMeta `bexpr:"-"` RaftIndex }
DirEntry is used to represent a directory entry. This is used for values in our Key-Value store.
func (*DirEntry) FillAuthzContext ¶ added in v1.7.0
func (_ *DirEntry) FillAuthzContext(_ *acl.AuthorizerContext)
FillAuthzContext stub
type DiscoveryChainRequest ¶ added in v1.6.0
type DiscoveryChainRequest struct { Name string EvaluateInDatacenter string EvaluateInNamespace string EvaluateInPartition string // OverrideMeshGateway allows for the mesh gateway setting to be overridden // for any resolver in the compiled chain. OverrideMeshGateway MeshGatewayConfig // OverrideProtocol allows for the final protocol for the chain to be // altered. // // - If the chain ordinarily would be TCP and an L7 protocol is passed here // the chain will not include Routers or Splitters. // // - If the chain ordinarily would be L7 and TCP is passed here the chain // will not include Routers or Splitters. OverrideProtocol string // OverrideConnectTimeout allows for the ConnectTimeout setting to be // overridden for any resolver in the compiled chain. OverrideConnectTimeout time.Duration Datacenter string // where to route the RPC QueryOptions }
DiscoveryChainRequest is used when requesting the discovery chain for a service.
func (*DiscoveryChainRequest) CacheInfo ¶ added in v1.6.0
func (r *DiscoveryChainRequest) CacheInfo() cache.RequestInfo
func (*DiscoveryChainRequest) GetEnterpriseMeta ¶ added in v1.7.0
func (req *DiscoveryChainRequest) GetEnterpriseMeta() *acl.EnterpriseMeta
GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from fields in the DiscoveryChainRequest
func (*DiscoveryChainRequest) RequestDatacenter ¶ added in v1.6.0
func (r *DiscoveryChainRequest) RequestDatacenter() string
func (*DiscoveryChainRequest) WithEnterpriseMeta ¶ added in v1.7.0
func (req *DiscoveryChainRequest) WithEnterpriseMeta(_ *acl.EnterpriseMeta)
WithEnterpriseMeta will populate the corresponding fields in the DiscoveryChainRequest from the EnterpriseMeta struct
type DiscoveryChainResponse ¶ added in v1.6.0
type DiscoveryChainResponse struct { Chain *CompiledDiscoveryChain QueryMeta }
type DiscoveryFailover ¶ added in v1.6.0
type DiscoveryFailover struct {
Targets []string `json:",omitempty"`
}
compiled form of ServiceResolverFailover
type DiscoveryGraphNode ¶ added in v1.6.0
type DiscoveryGraphNode struct { Type string Name string // this is NOT necessarily a service // fields for Type==router Routes []*DiscoveryRoute `json:",omitempty"` // fields for Type==splitter Splits []*DiscoverySplit `json:",omitempty"` // fields for Type==resolver Resolver *DiscoveryResolver `json:",omitempty"` // shared by Type==resolver || Type==splitter LoadBalancer *LoadBalancer `json:",omitempty"` }
DiscoveryGraphNode is a single node in the compiled discovery chain.
func (*DiscoveryGraphNode) IsResolver ¶ added in v1.6.0
func (s *DiscoveryGraphNode) IsResolver() bool
func (*DiscoveryGraphNode) IsRouter ¶ added in v1.6.0
func (s *DiscoveryGraphNode) IsRouter() bool
func (*DiscoveryGraphNode) IsSplitter ¶ added in v1.6.0
func (s *DiscoveryGraphNode) IsSplitter() bool
func (*DiscoveryGraphNode) MapKey ¶ added in v1.6.0
func (s *DiscoveryGraphNode) MapKey() string
type DiscoveryResolver ¶ added in v1.6.0
type DiscoveryResolver struct { Default bool `json:",omitempty"` ConnectTimeout time.Duration `json:",omitempty"` Target string `json:",omitempty"` Failover *DiscoveryFailover `json:",omitempty"` }
compiled form of ServiceResolverConfigEntry
func (*DiscoveryResolver) MarshalJSON ¶ added in v1.6.0
func (r *DiscoveryResolver) MarshalJSON() ([]byte, error)
func (*DiscoveryResolver) UnmarshalJSON ¶ added in v1.6.0
func (r *DiscoveryResolver) UnmarshalJSON(data []byte) error
type DiscoveryRoute ¶ added in v1.6.0
type DiscoveryRoute struct { Definition *ServiceRoute `json:",omitempty"` NextNode string `json:",omitempty"` }
compiled form of ServiceRoute
type DiscoverySplit ¶ added in v1.6.0
type DiscoverySplit struct { Definition *ServiceSplit `json:",omitempty"` // Weight is not necessarily a duplicate of Definition.Weight since when // multiple splits are compiled down to a single set of splits the effective // weight of a split leg might not be the same as in the original definition. // Proxies should use this compiled weight. The Definition is provided above // for any other significant configuration that the proxy might need to apply // to that leg of the split. Weight float32 `json:",omitempty"` NextNode string `json:",omitempty"` }
compiled form of ServiceSplit
type DiscoveryTarget ¶ added in v1.6.0
type DiscoveryTarget struct { // ID is a unique identifier for referring to this target in a compiled // chain. It should be treated as a per-compile opaque string. ID string `json:",omitempty"` Service string `json:",omitempty"` ServiceSubset string `json:",omitempty"` Namespace string `json:",omitempty"` Partition string `json:",omitempty"` Datacenter string `json:",omitempty"` MeshGateway MeshGatewayConfig `json:",omitempty"` Subset ServiceResolverSubset `json:",omitempty"` ConnectTimeout time.Duration `json:",omitempty"` // External is true if this target is outside of this consul cluster. External bool `json:",omitempty"` // SNI is the sni field to use when connecting to this set of endpoints // over TLS. SNI string `json:",omitempty"` // Name is the unique name for this target for use when generating load // balancer objects. This has a structure similar to SNI, but will not be // affected by SNI customizations. Name string `json:",omitempty"` }
DiscoveryTarget represents all of the inputs necessary to use a resolver config entry to execute a catalog query to generate a list of service instances during discovery.
func NewDiscoveryTarget ¶ added in v1.6.0
func NewDiscoveryTarget(service, serviceSubset, namespace, partition, datacenter string) *DiscoveryTarget
func (*DiscoveryTarget) GetEnterpriseMetadata ¶ added in v1.7.0
func (t *DiscoveryTarget) GetEnterpriseMetadata() *acl.EnterpriseMeta
func (*DiscoveryTarget) MarshalJSON ¶ added in v1.10.10
func (t *DiscoveryTarget) MarshalJSON() ([]byte, error)
func (*DiscoveryTarget) ServiceID ¶ added in v1.7.0
func (t *DiscoveryTarget) ServiceID() ServiceID
func (*DiscoveryTarget) String ¶ added in v1.6.0
func (t *DiscoveryTarget) String() string
func (*DiscoveryTarget) UnmarshalJSON ¶ added in v1.10.10
func (t *DiscoveryTarget) UnmarshalJSON(data []byte) error
type EventFireRequest ¶
type EventFireRequest struct { Datacenter string Name string Payload []byte // Not using WriteRequest so that any server can process // the request. It is a bit unusual... QueryOptions }
EventFireRequest is used to ask a server to fire a Serf event. It is a bit odd, since it doesn't depend on the catalog or leader. Any node can respond, so it's not quite like a standard write request. This is used only internally.
func (*EventFireRequest) RequestDatacenter ¶
func (r *EventFireRequest) RequestDatacenter() string
type EventFireResponse ¶
type EventFireResponse struct {
QueryMeta
}
EventFireResponse is used to respond to a fire request.
type ExpandedTokenInfo ¶ added in v1.12.0
type ExportedService ¶ added in v1.11.0
type ExportedService struct { // Name is the name of the service to be exported. Name string // Namespace is the namespace to export the service from. Namespace string `json:",omitempty"` // Consumers is a list of downstream consumers of the service to be exported. Consumers []ServiceConsumer }
ExportedService manages the exporting of a service in the local partition to other partitions.
type ExportedServicesConfigEntry ¶ added in v1.11.0
type ExportedServicesConfigEntry struct { Name string // Services is a list of services to be exported and the list of partitions // to expose them to. Services []ExportedService Meta map[string]string `json:",omitempty"` acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex }
ExportedServicesConfigEntry is the top-level struct for exporting a service to be exposed across other admin partitions.
func (*ExportedServicesConfigEntry) CanRead ¶ added in v1.11.0
func (e *ExportedServicesConfigEntry) CanRead(authz acl.Authorizer) error
func (*ExportedServicesConfigEntry) CanWrite ¶ added in v1.11.0
func (e *ExportedServicesConfigEntry) CanWrite(authz acl.Authorizer) error
func (*ExportedServicesConfigEntry) Clone ¶ added in v1.11.0
func (e *ExportedServicesConfigEntry) Clone() *ExportedServicesConfigEntry
func (*ExportedServicesConfigEntry) GetEnterpriseMeta ¶ added in v1.11.0
func (e *ExportedServicesConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
func (*ExportedServicesConfigEntry) GetKind ¶ added in v1.11.0
func (e *ExportedServicesConfigEntry) GetKind() string
func (*ExportedServicesConfigEntry) GetMeta ¶ added in v1.11.0
func (e *ExportedServicesConfigEntry) GetMeta() map[string]string
func (*ExportedServicesConfigEntry) GetName ¶ added in v1.11.0
func (e *ExportedServicesConfigEntry) GetName() string
func (*ExportedServicesConfigEntry) GetRaftIndex ¶ added in v1.11.0
func (e *ExportedServicesConfigEntry) GetRaftIndex() *RaftIndex
func (*ExportedServicesConfigEntry) MarshalJSON ¶ added in v1.11.0
func (e *ExportedServicesConfigEntry) MarshalJSON() ([]byte, error)
MarshalJSON adds the Kind field so that the JSON can be decoded back into the correct type. This method is implemented on the structs type (as apposed to the api type) because that is what the API currently uses to return a response.
func (*ExportedServicesConfigEntry) Normalize ¶ added in v1.11.0
func (e *ExportedServicesConfigEntry) Normalize() error
func (*ExportedServicesConfigEntry) ToMap ¶ added in v1.11.0
func (e *ExportedServicesConfigEntry) ToMap() map[string]map[string][]string
func (*ExportedServicesConfigEntry) Validate ¶ added in v1.11.0
func (e *ExportedServicesConfigEntry) Validate() error
type ExposeConfig ¶ added in v1.6.2
type ExposeConfig struct { // Checks defines whether paths associated with Consul checks will be exposed. // This flag triggers exposing all HTTP and GRPC check paths registered for the service. Checks bool `json:",omitempty"` // Paths is the list of paths exposed through the proxy. Paths []ExposePath `json:",omitempty"` }
ExposeConfig describes HTTP paths to expose through Envoy outside of Connect. Users can expose individual paths and/or all HTTP/GRPC paths for checks.
func (ExposeConfig) Clone ¶ added in v1.7.9
func (e ExposeConfig) Clone() ExposeConfig
func (*ExposeConfig) Finalize ¶ added in v1.6.2
func (e *ExposeConfig) Finalize()
Finalize validates ExposeConfig and sets default values
func (*ExposeConfig) ToAPI ¶ added in v1.6.2
func (e *ExposeConfig) ToAPI() api.ExposeConfig
type ExposePath ¶ added in v1.6.2
type ExposePath struct { // ListenerPort defines the port of the proxy's listener for exposed paths. ListenerPort int `json:",omitempty" alias:"listener_port"` // Path is the path to expose through the proxy, ie. "/metrics." Path string `json:",omitempty"` // LocalPathPort is the port that the service is listening on for the given path. LocalPathPort int `json:",omitempty" alias:"local_path_port"` // Protocol describes the upstream's service protocol. // Valid values are "http" and "http2", defaults to "http" Protocol string `json:",omitempty"` // ParsedFromCheck is set if this path was parsed from a registered check ParsedFromCheck bool `json:",omitempty" alias:"parsed_from_check"` }
func (*ExposePath) ToAPI ¶ added in v1.6.2
func (p *ExposePath) ToAPI() api.ExposePath
func (*ExposePath) UnmarshalJSON ¶ added in v1.6.2
func (t *ExposePath) UnmarshalJSON(data []byte) (err error)
type FederationState ¶ added in v1.8.0
type FederationState struct { // Datacenter is the name of the datacenter. Datacenter string // MeshGateways is a snapshot of the catalog state for all mesh gateways in // this datacenter. MeshGateways CheckServiceNodes `json:",omitempty"` // UpdatedAt keeps track of when this record was modified. UpdatedAt time.Time // PrimaryModifyIndex is the ModifyIndex of the original data as it exists // in the primary datacenter. PrimaryModifyIndex uint64 // RaftIndex is local raft data. RaftIndex }
FederationState defines some WAN federation related state that should be cross-shared between all datacenters joined on the WAN. One record exists per datacenter.
func (*FederationState) IsSame ¶ added in v1.8.0
func (c *FederationState) IsSame(other *FederationState) bool
IsSame is used to compare two federation states for the purposes of anti-entropy.
type FederationStateOp ¶ added in v1.8.0
type FederationStateOp string
FederationStateOp is the operation for a request related to federation states.
const ( FederationStateUpsert FederationStateOp = "upsert" FederationStateDelete FederationStateOp = "delete" )
type FederationStateQuery ¶ added in v1.8.0
type FederationStateQuery struct { // Datacenter is the target this request is intended for. Datacenter string // TargetDatacenter is the name of a datacenter to fetch the federation state for. TargetDatacenter string // Options for queries QueryOptions }
FederationStateQuery is used to query federation states.
func (*FederationStateQuery) RequestDatacenter ¶ added in v1.8.0
func (c *FederationStateQuery) RequestDatacenter() string
RequestDatacenter returns the datacenter for a given request.
type FederationStateRequest ¶ added in v1.8.0
type FederationStateRequest struct { // Datacenter is the target for this request. Datacenter string // Op is the type of operation being requested. Op FederationStateOp // State is the federation state to upsert or in the case of a delete // only the State.Datacenter field should be set. State *FederationState // WriteRequest is a common struct containing ACL tokens and other // write-related common elements for requests. WriteRequest }
FederationStateRequest is used to upsert and delete federation states.
func (*FederationStateRequest) RequestDatacenter ¶ added in v1.8.0
func (c *FederationStateRequest) RequestDatacenter() string
RequestDatacenter returns the datacenter for a given request.
type FederationStateResponse ¶ added in v1.8.0
type FederationStateResponse struct { State *FederationState QueryMeta }
FederationStateResponse is the response to a FederationStateQuery request.
type FederationStates ¶ added in v1.8.0
type FederationStates []*FederationState
FederationStates is a list of federation states.
func (FederationStates) Sort ¶ added in v1.8.0
func (listings FederationStates) Sort()
Sort sorts federation states by their datacenter.
type GatewayService ¶ added in v1.8.0
type GatewayService struct { Gateway ServiceName Service ServiceName GatewayKind ServiceKind Port int `json:",omitempty"` Protocol string `json:",omitempty"` Hosts []string `json:",omitempty"` CAFile string `json:",omitempty"` CertFile string `json:",omitempty"` KeyFile string `json:",omitempty"` SNI string `json:",omitempty"` FromWildcard bool `json:",omitempty"` RaftIndex }
GatewayService is used to associate gateways with their linked services.
func (*GatewayService) Addresses ¶ added in v1.8.1
func (g *GatewayService) Addresses(defaultHosts []string) []string
func (*GatewayService) Clone ¶ added in v1.8.0
func (g *GatewayService) Clone() *GatewayService
func (*GatewayService) IsSame ¶ added in v1.8.0
func (g *GatewayService) IsSame(o *GatewayService) bool
type GatewayServiceTLSConfig ¶ added in v1.11.0
type GatewayServiceTLSConfig struct { // SDS allows configuring TLS certificate from an SDS service. SDS *GatewayTLSSDSConfig `json:",omitempty"` }
type GatewayServices ¶ added in v1.8.0
type GatewayServices []*GatewayService
type GatewayTLSConfig ¶ added in v1.8.0
type GatewayTLSConfig struct { // Indicates that TLS should be enabled for this gateway or listener Enabled bool // SDS allows configuring TLS certificate from an SDS service. SDS *GatewayTLSSDSConfig `json:",omitempty"` TLSMinVersion types.TLSVersion `json:",omitempty" alias:"tls_min_version"` TLSMaxVersion types.TLSVersion `json:",omitempty" alias:"tls_max_version"` // Define a subset of cipher suites to restrict // Only applicable to connections negotiated via TLS 1.2 or earlier CipherSuites []types.TLSCipherSuite `json:",omitempty" alias:"cipher_suites"` }
type GatewayTLSSDSConfig ¶ added in v1.11.0
type HTTPHeaderModifiers ¶ added in v1.11.0
type HTTPHeaderModifiers struct { // Add is a set of name -> value pairs that should be appended to the request // or response (i.e. allowing duplicates if the same header already exists). Add map[string]string `json:",omitempty"` // Set is a set of name -> value pairs that should be added to the request or // response, overwriting any existing header values of the same name. Set map[string]string `json:",omitempty"` // Remove is the set of header names that should be stripped from the request // or response. Remove []string `json:",omitempty"` }
HTTPHeaderModifiers is a set of rules for HTTP header modification that should be performed by proxies as the request passes through them. It can operate on either request or response headers depending on the context in which it is used.
func MergeHTTPHeaderModifiers ¶ added in v1.11.0
func MergeHTTPHeaderModifiers(base, overrides *HTTPHeaderModifiers) (*HTTPHeaderModifiers, error)
MergeHTTPHeaderModifiers takes a base HTTPHeaderModifiers and merges in field defined in overrides. Precedence is given to the overrides field if there is a collision. The resulting object is returned leaving both base and overrides unchanged. The `Add` field in override also replaces same-named keys of base since we have no way to express multiple adds to the same key. We could change that, but it makes the config syntax more complex for a huge edgecase.
func (*HTTPHeaderModifiers) Clone ¶ added in v1.11.0
func (m *HTTPHeaderModifiers) Clone() (*HTTPHeaderModifiers, error)
Clone returns a deep-copy of m unless m is nil
func (*HTTPHeaderModifiers) IsZero ¶ added in v1.11.0
func (m *HTTPHeaderModifiers) IsZero() bool
func (*HTTPHeaderModifiers) Validate ¶ added in v1.11.0
func (m *HTTPHeaderModifiers) Validate(protocol string) error
type HashPolicy ¶ added in v1.9.0
type HashPolicy struct { // Field is the attribute type to hash on. // Must be one of "header","cookie", or "query_parameter". // Cannot be specified along with SourceIP. Field string `json:",omitempty"` // FieldValue is the value to hash. // ie. header name, cookie name, URL query parameter name // Cannot be specified along with SourceIP. FieldValue string `json:",omitempty" alias:"field_value"` // CookieConfig contains configuration for the "cookie" hash policy type. CookieConfig *CookieConfig `json:",omitempty" alias:"cookie_config"` // SourceIP determines whether the hash should be of the source IP rather than of a field and field value. // Cannot be specified along with Field or FieldValue. SourceIP bool `json:",omitempty" alias:"source_ip"` // Terminal will short circuit the computation of the hash when multiple hash policies are present. // If a hash is computed when a Terminal policy is evaluated, // then that hash will be used and subsequent hash policies will be ignored. Terminal bool `json:",omitempty"` }
HashPolicy defines which attributes will be hashed by hash-based LB algorithms
type HealthCheck ¶
type HealthCheck struct { Node string CheckID types.CheckID // Unique per-node ID Name string // Check name Status string // The current check status Notes string // Additional notes with the status Output string // Holds output of script runs ServiceID string // optional associated service ServiceName string // optional service name ServiceTags []string // optional service tags Type string // Check type: http/ttl/tcp/etc Interval string // from definition Timeout string // from definition // ExposedPort is the port of the exposed Envoy listener representing the // HTTP or GRPC health check of the service. ExposedPort int Definition HealthCheckDefinition `bexpr:"-"` acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash" bexpr:"-"` RaftIndex `bexpr:"-"` }
HealthCheck represents a single check on a given node.
func (*HealthCheck) CheckType ¶ added in v1.6.2
func (c *HealthCheck) CheckType() *CheckType
func (*HealthCheck) Clone ¶
func (c *HealthCheck) Clone() *HealthCheck
Clone returns a distinct clone of the HealthCheck. Note that the "ServiceTags" and "Definition.Header" field are not deep copied.
func (*HealthCheck) CompoundCheckID ¶ added in v1.7.0
func (hc *HealthCheck) CompoundCheckID() CheckID
func (*HealthCheck) CompoundServiceID ¶ added in v1.7.0
func (hc *HealthCheck) CompoundServiceID() ServiceID
func (*HealthCheck) IsSame ¶
func (c *HealthCheck) IsSame(other *HealthCheck) bool
IsSame checks if one HealthCheck is the same as another, without looking at the Raft information (that's why we didn't call it IsEqual). This is useful for seeing if an update would be idempotent for all the functional parts of the structure.
func (*HealthCheck) NodeIdentity ¶ added in v1.10.0
func (hc *HealthCheck) NodeIdentity() Identity
func (*HealthCheck) Validate ¶ added in v1.7.0
func (_ *HealthCheck) Validate() error
type HealthCheckDefinition ¶ added in v1.0.1
type HealthCheckDefinition struct { HTTP string `json:",omitempty"` TLSServerName string `json:",omitempty"` TLSSkipVerify bool `json:",omitempty"` Header map[string][]string `json:",omitempty"` Method string `json:",omitempty"` Body string `json:",omitempty"` DisableRedirects bool `json:",omitempty"` TCP string `json:",omitempty"` H2PING string `json:",omitempty"` H2PingUseTLS bool `json:",omitempty"` Interval time.Duration `json:",omitempty"` OutputMaxSize uint `json:",omitempty"` Timeout time.Duration `json:",omitempty"` DeregisterCriticalServiceAfter time.Duration `json:",omitempty"` ScriptArgs []string `json:",omitempty"` DockerContainerID string `json:",omitempty"` Shell string `json:",omitempty"` GRPC string `json:",omitempty"` GRPCUseTLS bool `json:",omitempty"` AliasNode string `json:",omitempty"` AliasService string `json:",omitempty"` TTL time.Duration `json:",omitempty"` }
func (*HealthCheckDefinition) MarshalJSON ¶ added in v1.4.1
func (d *HealthCheckDefinition) MarshalJSON() ([]byte, error)
func (*HealthCheckDefinition) UnmarshalJSON ¶ added in v1.4.1
func (t *HealthCheckDefinition) UnmarshalJSON(data []byte) (err error)
type HealthChecks ¶
type HealthChecks []*HealthCheck
HealthChecks is a collection of HealthCheck structs.
type HealthSummary ¶ added in v1.12.0
type HealthSummary struct { Name string `json:",omitempty"` Total int Passing int Warning int Critical int acl.EnterpriseMeta }
func (*HealthSummary) Add ¶ added in v1.12.0
func (h *HealthSummary) Add(status string)
type Identity ¶ added in v1.10.0
type Identity struct { ID string acl.EnterpriseMeta }
Identity of some entity (ex: service, node, check).
TODO: this type should replace ServiceID, ServiceName, and CheckID which all have roughly identical implementations.
type IdentityCacheEntry ¶ added in v1.4.0
type IdentityCacheEntry struct { Identity ACLIdentity CacheTime time.Time }
func (*IdentityCacheEntry) Age ¶ added in v1.4.0
func (e *IdentityCacheEntry) Age() time.Duration
type IndexedCARoots ¶ added in v1.2.0
type IndexedCARoots struct { // ActiveRootID is the ID of a root in Roots that is the active CA root. // Other roots are still valid if they're in the Roots list but are in // the process of being rotated out. ActiveRootID string // TrustDomain is the identification root for this Consul cluster. All // certificates signed by the cluster's CA must have their identifying URI in // this domain. // // This does not include the protocol (currently spiffe://) since we may // implement other protocols in future with equivalent semantics. It should be // compared against the "authority" section of a URI (i.e. host:port). // // We need to support migrating a cluster between trust domains to support // Multi-DC migration in Enterprise. In this case the current trust domain is // here but entries in Roots may also have ExternalTrustDomain set to a // non-empty value implying they were previous roots that are still trusted // but under a different trust domain. // // Note that we DON'T validate trust domain during AuthZ since it causes // issues of loss of connectivity during migration between trust domains. The // only time the additional validation adds value is where the cluster shares // an external root (e.g. organization-wide root) with another distinct Consul // cluster or PKI system. In this case, x509 Name Constraints can be added to // enforce that Consul's CA can only validly sign or trust certs within the // same trust-domain. Name constraints as enforced by TLS handshake also allow // seamless rotation between trust domains thanks to cross-signing. TrustDomain string // Roots is a list of root CA certs to trust. Roots []*CARoot // QueryMeta contains the meta sent via a header. We ignore for JSON // so this whole structure can be returned. QueryMeta `json:"-"` }
IndexedCARoots is the list of currently trusted CA Roots.
func (IndexedCARoots) Active ¶ added in v1.9.14
func (r IndexedCARoots) Active() *CARoot
type IndexedCheckServiceNodes ¶
type IndexedCheckServiceNodes struct { Nodes CheckServiceNodes QueryMeta }
type IndexedConfigEntries ¶ added in v1.5.0
type IndexedConfigEntries struct { Kind string Entries []ConfigEntry QueryMeta }
IndexedConfigEntries has its own encoding logic which differs from ConfigEntryRequest as it has to send a slice of ConfigEntry.
func (*IndexedConfigEntries) MarshalBinary ¶ added in v1.5.0
func (c *IndexedConfigEntries) MarshalBinary() (data []byte, err error)
func (*IndexedConfigEntries) UnmarshalBinary ¶ added in v1.5.0
func (c *IndexedConfigEntries) UnmarshalBinary(data []byte) error
type IndexedCoordinate ¶
type IndexedCoordinate struct { Coord *coordinate.Coordinate QueryMeta }
IndexedCoordinate is used to represent a single node's coordinate from the state store.
type IndexedCoordinates ¶
type IndexedCoordinates struct { Coordinates Coordinates QueryMeta }
IndexedCoordinates is used to represent a list of nodes and their corresponding raw coordinates.
type IndexedDirEntries ¶
type IndexedDirEntries struct { Entries DirEntries QueryMeta }
type IndexedFederationStates ¶ added in v1.8.0
type IndexedFederationStates struct { States FederationStates QueryMeta }
IndexedFederationStates represents the list of all federation states.
type IndexedGatewayServices ¶ added in v1.8.0
type IndexedGatewayServices struct { Services GatewayServices QueryMeta }
type IndexedGenericConfigEntries ¶ added in v1.5.0
type IndexedGenericConfigEntries struct { Entries []ConfigEntry QueryMeta }
func (*IndexedGenericConfigEntries) MarshalBinary ¶ added in v1.5.0
func (c *IndexedGenericConfigEntries) MarshalBinary() (data []byte, err error)
func (*IndexedGenericConfigEntries) UnmarshalBinary ¶ added in v1.5.0
func (c *IndexedGenericConfigEntries) UnmarshalBinary(data []byte) error
type IndexedHealthChecks ¶
type IndexedHealthChecks struct { HealthChecks HealthChecks QueryMeta }
type IndexedIntentionMatches ¶ added in v1.2.0
type IndexedIntentionMatches struct { Matches []Intentions QueryMeta }
IndexedIntentionMatches represents the list of matches for a match query.
type IndexedIntentions ¶ added in v1.2.0
type IndexedIntentions struct { Intentions Intentions // DataOrigin is used to indicate if this query was satisfied against the // old legacy intentions ("legacy") memdb table or via config entries // ("config"). This is really only of value for the legacy intention // replication routine to correctly detect that it should exit. DataOrigin string `json:"-"` QueryMeta }
IndexedIntentions represents a list of intentions for RPC responses.
type IndexedKeyList ¶
type IndexedNodeDump ¶
type IndexedNodeServiceList ¶ added in v1.7.0
type IndexedNodeServiceList struct { NodeServices NodeServiceList QueryMeta }
type IndexedNodeServices ¶
type IndexedNodeServices struct { // TODO: This should not be a pointer, see comments in // agent/catalog_endpoint.go. NodeServices *NodeServices QueryMeta }
type IndexedNodes ¶
type IndexedNodesWithGateways ¶ added in v1.9.0
type IndexedNodesWithGateways struct { Nodes CheckServiceNodes Gateways GatewayServices QueryMeta }
type IndexedPreparedQueries ¶
type IndexedPreparedQueries struct { Queries PreparedQueries QueryMeta }
type IndexedServiceDump ¶ added in v1.8.0
type IndexedServiceDump struct { Dump ServiceDump QueryMeta }
type IndexedServiceList ¶ added in v1.7.0
type IndexedServiceList struct { Services ServiceList QueryMeta }
type IndexedServiceNodes ¶
type IndexedServiceNodes struct { ServiceNodes ServiceNodes QueryMeta }
type IndexedServiceTopology ¶ added in v1.9.0
type IndexedServiceTopology struct { ServiceTopology *ServiceTopology FilteredByACLs bool QueryMeta }
type IndexedServices ¶
type IndexedServices struct { Services Services // In various situations we need to know the meta that the services are for - in particular // this is needed to be able to properly filter the list based on ACLs acl.EnterpriseMeta QueryMeta }
type IndexedSessions ¶
type IngressGatewayConfigEntry ¶ added in v1.8.0
type IngressGatewayConfigEntry struct { // Kind of the config entry. This will be set to structs.IngressGateway. Kind string // Name is used to match the config entry with its associated ingress gateway // service. This should match the name provided in the service definition. Name string // TLS holds the TLS configuration for this gateway. It would be nicer if it // were a pointer so it could be omitempty when read back in JSON but that // would be a breaking API change now as we currently always return it. TLS GatewayTLSConfig // Listeners declares what ports the ingress gateway should listen on, and // what services to associated to those ports. Listeners []IngressListener Meta map[string]string `json:",omitempty"` acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex }
IngressGatewayConfigEntry manages the configuration for an ingress service with the given name.
func (*IngressGatewayConfigEntry) CanRead ¶ added in v1.8.0
func (e *IngressGatewayConfigEntry) CanRead(authz acl.Authorizer) error
func (*IngressGatewayConfigEntry) CanWrite ¶ added in v1.8.0
func (e *IngressGatewayConfigEntry) CanWrite(authz acl.Authorizer) error
func (*IngressGatewayConfigEntry) GetEnterpriseMeta ¶ added in v1.8.0
func (e *IngressGatewayConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
func (*IngressGatewayConfigEntry) GetKind ¶ added in v1.8.0
func (e *IngressGatewayConfigEntry) GetKind() string
func (*IngressGatewayConfigEntry) GetMeta ¶ added in v1.8.4
func (e *IngressGatewayConfigEntry) GetMeta() map[string]string
func (*IngressGatewayConfigEntry) GetName ¶ added in v1.8.0
func (e *IngressGatewayConfigEntry) GetName() string
func (*IngressGatewayConfigEntry) GetRaftIndex ¶ added in v1.8.0
func (e *IngressGatewayConfigEntry) GetRaftIndex() *RaftIndex
func (*IngressGatewayConfigEntry) ListRelatedServices ¶ added in v1.8.4
func (e *IngressGatewayConfigEntry) ListRelatedServices() []ServiceID
ListRelatedServices implements discoveryChainConfigEntry
For ingress-gateway config entries this only finds services that are explicitly linked in the ingress-gateway config entry. Wildcards will not expand to all services.
This function is used during discovery chain graph validation to prevent erroneous sets of config entries from being created. Wildcard ingress filters out sets with protocol mismatch elsewhere so it isn't an issue here that needs fixing.
func (*IngressGatewayConfigEntry) Normalize ¶ added in v1.8.0
func (e *IngressGatewayConfigEntry) Normalize() error
func (*IngressGatewayConfigEntry) Validate ¶ added in v1.8.0
func (e *IngressGatewayConfigEntry) Validate() error
type IngressListener ¶ added in v1.8.0
type IngressListener struct { // Port declares the port on which the ingress gateway should listen for traffic. Port int // Protocol declares what type of traffic this listener is expected to // receive. Depending on the protocol, a listener might support multiplexing // services over a single port, or additional discovery chain features. The // current supported values are: (tcp | http | http2 | grpc). Protocol string // TLS config for this listener. TLS *GatewayTLSConfig `json:",omitempty"` // Services declares the set of services to which the listener forwards // traffic. // // For "tcp" protocol listeners, only a single service is allowed. // For "http" listeners, multiple services can be declared. Services []IngressService }
type IngressService ¶ added in v1.8.0
type IngressService struct { // Name declares the service to which traffic should be forwarded. // // This can either be a specific service, or the wildcard specifier, // "*". If the wildcard specifier is provided, the listener must be of "http" // protocol and means that the listener will forward traffic to all services. // // A name can be specified on multiple listeners, and will be exposed on both // of the listeners Name string // Hosts is a list of hostnames which should be associated to this service on // the defined listener. Only allowed on layer 7 protocols, this will be used // to route traffic to the service by matching the Host header of the HTTP // request. // // If a host is provided for a service that also has a wildcard specifier // defined, the host will override the wildcard-specifier-provided // "<service-name>.*" domain for that listener. // // This cannot be specified when using the wildcard specifier, "*", or when // using a "tcp" listener. Hosts []string // TLS configuration overrides for this service. At least one entry must exist // in Hosts to use set and the Listener must also have a default Cert loaded // from SDS. TLS *GatewayServiceTLSConfig `json:",omitempty"` // Allow HTTP header manipulation to be configured. RequestHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"request_headers"` ResponseHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"response_headers"` Meta map[string]string `json:",omitempty"` acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` }
func (*IngressService) ToServiceName ¶ added in v1.8.0
func (s *IngressService) ToServiceName() ServiceName
type Intention ¶ added in v1.2.0
type Intention struct { // ID is the UUID-based ID for the intention, always generated by Consul. ID string `json:",omitempty"` // Description is a human-friendly description of this intention. // It is opaque to Consul and is only stored and transferred in API // requests. Description string `json:",omitempty"` // SourceNS, SourceName are the namespace and name, respectively, of // the source service. Either of these may be the wildcard "*", but only // the full value can be a wildcard. Partial wildcards are not allowed. // The source may also be a non-Consul service, as specified by SourceType. // // DestinationNS, DestinationName is the same, but for the destination // service. The same rules apply. The destination is always a Consul // service. SourceNS, SourceName string DestinationNS, DestinationName string // SourcePartition and DestinationPartition cannot be wildcards "*" and // are not compatible with legacy intentions. SourcePartition string `json:",omitempty"` DestinationPartition string `json:",omitempty"` // SourceType is the type of the value for the source. SourceType IntentionSourceType // Action is whether this is an allowlist or denylist intention. Action IntentionAction `json:",omitempty"` // Permissions is the list of additional L7 attributes that extend the // intention definition. // // NOTE: This field is not editable unless editing the underlying // service-intentions config entry directly. Permissions []*IntentionPermission `bexpr:"-" json:",omitempty"` // DefaultAddr is not used. // Deprecated: DefaultAddr is not used and may be removed in a future version. DefaultAddr string `bexpr:"-" codec:",omitempty" json:",omitempty"` // DefaultPort is not used. // Deprecated: DefaultPort is not used and may be removed in a future version. DefaultPort int `bexpr:"-" codec:",omitempty" json:",omitempty"` // Meta is arbitrary metadata associated with the intention. This is // opaque to Consul but is served in API responses. Meta map[string]string `json:",omitempty"` // Precedence is the order that the intention will be applied, with // larger numbers being applied first. This is a read-only field, on // any intention update it is updated. Precedence int // CreatedAt and UpdatedAt keep track of when this record was created // or modified. CreatedAt, UpdatedAt time.Time `mapstructure:"-" bexpr:"-"` // Hash of the contents of the intention. This is only necessary for legacy // intention replication purposes. // // This is needed mainly for legacy replication purposes. When replicating // from one DC to another keeping the content Hash will allow us to detect // content changes more efficiently than checking every single field Hash []byte `bexpr:"-" json:",omitempty"` RaftIndex `bexpr:"-"` }
Intention defines an intention for the Connect Service Graph. This defines the allowed or denied behavior of a connection between two services using Connect.
func TestIntention ¶ added in v1.2.0
func TestIntention(t testing.T) *Intention
TestIntention returns a valid, uninserted (no ID set) intention.
func (*Intention) CanRead ¶ added in v1.7.0
func (ixn *Intention) CanRead(authz acl.Authorizer) bool
func (*Intention) CanWrite ¶ added in v1.7.0
func (ixn *Intention) CanWrite(authz acl.Authorizer) bool
func (*Intention) DestinationEnterpriseMeta ¶ added in v1.9.0
func (ixn *Intention) DestinationEnterpriseMeta() *acl.EnterpriseMeta
func (*Intention) DestinationServiceName ¶ added in v1.9.0
func (x *Intention) DestinationServiceName() ServiceName
func (*Intention) FillAuthzContext ¶ added in v1.7.0
func (_ *Intention) FillAuthzContext(_ *acl.AuthorizerContext, _ bool)
FillAuthzContext can fill in an acl.AuthorizerContext object to setup extra parameters for ACL enforcement. In OSS there is currently nothing extra to be done.
func (*Intention) FillPartitionAndNamespace ¶ added in v1.11.0
func (ixn *Intention) FillPartitionAndNamespace(entMeta *acl.EnterpriseMeta, fillDefault bool)
FillPartitionAndNamespace will fill in empty source and destination partition/namespaces. If fillDefault is true, all fields are defaulted when the given enterprise meta does not specify them.
fillDefault MUST be true on servers to ensure that all fields are populated on writes. fillDefault MUST be false on clients so that servers can correctly fill in the namespace/partition of the ACL token.
func (*Intention) HasWildcardDestination ¶ added in v1.10.0
func (*Intention) HasWildcardSource ¶ added in v1.10.0
func (*Intention) LegacyEstimateSize
deprecated
added in
v1.9.0
func (*Intention) MarshalJSON ¶ added in v1.9.0
func (*Intention) SetHash
deprecated
added in
v1.6.0
func (x *Intention) SetHash()
SetHash calculates Intention.Hash from any mutable "content" fields.
The Hash is primarily used for legacy intention replication to determine if an intention has changed and should be updated locally.
Deprecated: this is only used for legacy intention CRUD and replication
func (*Intention) SourceEnterpriseMeta ¶ added in v1.9.0
func (ixn *Intention) SourceEnterpriseMeta() *acl.EnterpriseMeta
func (*Intention) SourceServiceName ¶ added in v1.9.0
func (x *Intention) SourceServiceName() ServiceName
func (*Intention) String ¶ added in v1.2.0
String returns a human-friendly string for this intention.
func (*Intention) ToConfigEntry ¶ added in v1.9.0
func (x *Intention) ToConfigEntry(legacy bool) *ServiceIntentionsConfigEntry
NOTE this is just used to manipulate user-provided data before an insert The RPC execution will do Normalize + Validate for us.
func (*Intention) ToExact ¶ added in v1.9.0
func (t *Intention) ToExact() *IntentionQueryExact
func (*Intention) ToSourceIntention ¶ added in v1.9.0
func (x *Intention) ToSourceIntention(legacy bool) *SourceIntention
func (*Intention) UnmarshalJSON ¶ added in v1.6.2
func (*Intention) UpdatePrecedence
deprecated
added in
v1.2.0
func (x *Intention) UpdatePrecedence()
UpdatePrecedence sets the Precedence value based on the fields of this structure.
Deprecated: this is only used for legacy intention CRUD.
type IntentionAction ¶ added in v1.2.0
type IntentionAction string
IntentionAction is the action that the intention represents. This can be "allow" or "deny".
const ( IntentionActionAllow IntentionAction = "allow" IntentionActionDeny IntentionAction = "deny" )
type IntentionDecisionSummary ¶ added in v1.9.0
type IntentionDecisionSummary struct { Allowed bool HasPermissions bool ExternalSource string HasExact bool DefaultAllow bool }
IntentionDecisionSummary contains a summary of a set of intentions between two services Currently contains: - Whether all actions are allowed - Whether the matching intention has L7 permissions attached - Whether the intention is managed by an external source like k8s - Whether there is an exact, or wildcard, intention referencing the two services - Whether ACLs are in DefaultAllow mode
type IntentionHTTPHeaderPermission ¶ added in v1.9.0
type IntentionHTTPPermission ¶ added in v1.9.0
type IntentionHTTPPermission struct { // PathExact, PathPrefix, and PathRegex are mutually exclusive. PathExact string `json:",omitempty" alias:"path_exact"` PathPrefix string `json:",omitempty" alias:"path_prefix"` PathRegex string `json:",omitempty" alias:"path_regex"` Header []IntentionHTTPHeaderPermission `json:",omitempty"` Methods []string `json:",omitempty"` }
func (*IntentionHTTPPermission) Clone ¶ added in v1.9.0
func (p *IntentionHTTPPermission) Clone() *IntentionHTTPPermission
type IntentionListRequest ¶ added in v1.9.0
type IntentionListRequest struct { Datacenter string Legacy bool `json:"-"` acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions }
func (*IntentionListRequest) RequestDatacenter ¶ added in v1.9.0
func (r *IntentionListRequest) RequestDatacenter() string
type IntentionMatchEntry ¶ added in v1.2.0
type IntentionMatchEntry struct { Partition string `json:",omitempty"` Namespace string Name string }
IntentionMatchEntry is a single entry for matching an intention.
func (*IntentionMatchEntry) FillAuthzContext ¶ added in v1.7.0
func (_ *IntentionMatchEntry) FillAuthzContext(_ *acl.AuthorizerContext)
FillAuthzContext can fill in an acl.AuthorizerContext object to setup extra parameters for ACL enforcement. In OSS there is currently nothing extra to be done.
func (*IntentionMatchEntry) GetEnterpriseMeta ¶ added in v1.9.0
func (e *IntentionMatchEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
type IntentionMatchType ¶ added in v1.2.0
type IntentionMatchType string
IntentionMatchType is the target for a match request. For example, matching by source will look for all intentions that match the given source value.
const ( IntentionMatchSource IntentionMatchType = "source" IntentionMatchDestination IntentionMatchType = "destination" )
type IntentionMutation ¶ added in v1.9.0
type IntentionMutation struct { ID string Destination ServiceName Source ServiceName Value *SourceIntention }
type IntentionOp ¶ added in v1.2.0
type IntentionOp string
IntentionOp is the operation for a request related to intentions.
const ( IntentionOpCreate IntentionOp = "create" IntentionOpUpdate IntentionOp = "update" IntentionOpDelete IntentionOp = "delete" IntentionOpDeleteAll IntentionOp = "delete-all" // NOTE: this is only accepted when it comes from the leader, RPCs will reject this IntentionOpUpsert IntentionOp = "upsert" // config-entry only )
type IntentionPermission ¶ added in v1.9.0
type IntentionPermission struct { Action IntentionAction // required: allow|deny HTTP *IntentionHTTPPermission `json:",omitempty"` }
func (*IntentionPermission) Clone ¶ added in v1.9.0
func (p *IntentionPermission) Clone() *IntentionPermission
type IntentionPrecedenceSorter ¶ added in v1.2.0
type IntentionPrecedenceSorter Intentions
IntentionPrecedenceSorter takes a list of intentions and sorts them based on the match precedence rules for intentions. The intentions closer to the head of the list have higher precedence. i.e. index 0 has the highest precedence.
func (IntentionPrecedenceSorter) Len ¶ added in v1.2.0
func (s IntentionPrecedenceSorter) Len() int
func (IntentionPrecedenceSorter) Less ¶ added in v1.2.0
func (s IntentionPrecedenceSorter) Less(i, j int) bool
func (IntentionPrecedenceSorter) Swap ¶ added in v1.2.0
func (s IntentionPrecedenceSorter) Swap(i, j int)
type IntentionQueryCheck ¶ added in v1.2.0
type IntentionQueryCheck struct { // SourceNS, SourceName, DestinationNS, and DestinationName are the // source and namespace, respectively, for the test. These must be // exact values. SourceNS, SourceName string DestinationNS, DestinationName string // TODO(partitions): check query works with partitions SourcePartition string `json:",omitempty"` DestinationPartition string `json:",omitempty"` // SourceType is the type of the value for the source. SourceType IntentionSourceType }
IntentionQueryCheck are the parameters for performing a test request.
func (*IntentionQueryCheck) FillAuthzContext ¶ added in v1.7.0
func (_ *IntentionQueryCheck) FillAuthzContext(_ *acl.AuthorizerContext)
FillAuthzContext can fill in an acl.AuthorizerContext object to setup extra parameters for ACL enforcement. In OSS there is currently nothing extra to be done.
func (*IntentionQueryCheck) GetACLPrefix ¶ added in v1.2.0
func (q *IntentionQueryCheck) GetACLPrefix() (string, bool)
GetACLPrefix returns the prefix to look up the ACL policy for this request, and a boolean noting whether the prefix is valid to check or not. You must check the ok value before using the prefix.
type IntentionQueryCheckResponse ¶ added in v1.2.0
type IntentionQueryCheckResponse struct {
Allowed bool
}
IntentionQueryCheckResponse is the response for a test request.
type IntentionQueryExact ¶ added in v1.9.0
type IntentionQueryExact struct {
SourceNS, SourceName string
DestinationNS, DestinationName string
// TODO(partitions): check query works with partitions
SourcePartition string `json:",omitempty"`
DestinationPartition string `json:",omitempty"`
}
IntentionQueryExact holds the parameters for performing a lookup of an intention by its unique name instead of its ID.
func (*IntentionQueryExact) DestinationEnterpriseMeta ¶ added in v1.9.0
func (e *IntentionQueryExact) DestinationEnterpriseMeta() *acl.EnterpriseMeta
func (*IntentionQueryExact) SourceEnterpriseMeta ¶ added in v1.9.0
func (e *IntentionQueryExact) SourceEnterpriseMeta() *acl.EnterpriseMeta
func (*IntentionQueryExact) Validate ¶ added in v1.9.0
func (q *IntentionQueryExact) Validate() error
Validate is used to ensure all 4 required parameters are specified.
type IntentionQueryMatch ¶ added in v1.2.0
type IntentionQueryMatch struct { Type IntentionMatchType Entries []IntentionMatchEntry }
IntentionQueryMatch are the parameters for performing a match request against the state store.
type IntentionQueryRequest ¶ added in v1.2.0
type IntentionQueryRequest struct { // Datacenter is the target this request is intended for. Datacenter string // IntentionID is the ID of a specific intention. IntentionID string // Match is non-nil if we're performing a match query. A match will // find intentions that "match" the given parameters. A match includes // resolving wildcards. Match *IntentionQueryMatch // Check is non-nil if we're performing a test query. A test will // return allowed/deny based on an exact match. Check *IntentionQueryCheck // Exact is non-nil if we're performing a lookup of an intention by its // unique name instead of its ID. Exact *IntentionQueryExact // Options for queries QueryOptions }
IntentionQueryRequest is used to query intentions.
func (*IntentionQueryRequest) CacheInfo ¶ added in v1.2.0
func (q *IntentionQueryRequest) CacheInfo() cache.RequestInfo
CacheInfo implements cache.Request
func (*IntentionQueryRequest) RequestDatacenter ¶ added in v1.2.0
func (q *IntentionQueryRequest) RequestDatacenter() string
RequestDatacenter returns the datacenter for a given request.
type IntentionRequest ¶ added in v1.2.0
type IntentionRequest struct { // Datacenter is the target for this request. Datacenter string // Op is the type of operation being requested. Op IntentionOp // Intention is the intention. // // This is mutually exclusive with the Mutation field. Intention *Intention // Mutation is a change to make to an Intention. // // This is mutually exclusive with the Intention field. // // This field is only set by the leader before writing to the raft log and // is not settable via the API or an RPC. Mutation *IntentionMutation // WriteRequest is a common struct containing ACL tokens and other // write-related common elements for requests. WriteRequest }
IntentionRequest is used to create, update, and delete intentions.
func (*IntentionRequest) RequestDatacenter ¶ added in v1.2.0
func (q *IntentionRequest) RequestDatacenter() string
RequestDatacenter returns the datacenter for a given request.
type IntentionSourceType ¶ added in v1.2.0
type IntentionSourceType string
IntentionSourceType is the type of the source within an intention.
const ( // IntentionSourceConsul is a service within the Consul catalog. IntentionSourceConsul IntentionSourceType = "consul" )
type IssuedCert ¶ added in v1.2.0
type IssuedCert struct { // SerialNumber is the unique serial number for this certificate. // This is encoded in standard hex separated by :. SerialNumber string // CertPEM is a PEM encoded bundle of a leaf certificate, optionally followed // by one or more intermediate certificates that will form a chain of trust // back to a root CA. // // This field is not persisted in the state store, but is present in the // sign API response. CertPEM string `json:",omitempty"` // PrivateKeyPEM is the PEM encoded private key associated with CertPEM. PrivateKeyPEM string `json:",omitempty"` // Service is the name of the service for which the cert was issued. // ServiceURI is the cert URI value. Service string `json:",omitempty"` ServiceURI string `json:",omitempty"` // Agent is the name of the node for which the cert was issued. // AgentURI is the cert URI value. Agent string `json:",omitempty"` AgentURI string `json:",omitempty"` // ValidAfter and ValidBefore are the validity periods for the // certificate. ValidAfter time.Time ValidBefore time.Time // EnterpriseMeta is the Consul Enterprise specific metadata acl.EnterpriseMeta RaftIndex }
IssuedCert is a certificate that has been issued by a Connect CA.
type KVSRequest ¶
type KVSRequest struct { Datacenter string Op api.KVOp // Which operation are we performing DirEnt DirEntry // Which directory entry WriteRequest }
KVSRequest is used to operate on the Key-Value store
func (*KVSRequest) RequestDatacenter ¶
func (r *KVSRequest) RequestDatacenter() string
type KeyListRequest ¶
type KeyListRequest struct { Datacenter string Prefix string Seperator string QueryOptions acl.EnterpriseMeta }
KeyListRequest is used to list keys
func (*KeyListRequest) RequestDatacenter ¶
func (r *KeyListRequest) RequestDatacenter() string
type KeyRequest ¶
type KeyRequest struct { Datacenter string Key string acl.EnterpriseMeta QueryOptions }
KeyRequest is used to request a key, or key prefix
func (*KeyRequest) RequestDatacenter ¶
func (r *KeyRequest) RequestDatacenter() string
type KeyringRequest ¶
type KeyringRequest struct { Operation KeyringOp Key string Datacenter string Forwarded bool RelayFactor uint8 LocalOnly bool QueryOptions }
KeyringRequest encapsulates a request to modify an encryption keyring. It can be used for install, remove, or use key type operations.
func (*KeyringRequest) RequestDatacenter ¶
func (r *KeyringRequest) RequestDatacenter() string
type KeyringResponse ¶
type KeyringResponse struct { WAN bool Datacenter string Segment string Partition string `json:",omitempty"` Messages map[string]string `json:",omitempty"` Keys map[string]int PrimaryKeys map[string]int NumNodes int Error string `json:",omitempty"` }
KeyringResponse is a unified key response and can be used for install, remove, use, as well as listing key queries.
func (*KeyringResponse) PartitionOrDefault ¶ added in v1.11.0
func (r *KeyringResponse) PartitionOrDefault() string
type KeyringResponses ¶
type KeyringResponses struct { Responses []*KeyringResponse QueryMeta }
KeyringResponses holds multiple responses to keyring queries. Each datacenter replies independently, and KeyringResponses is used as a container for the set of all responses.
func (*KeyringResponses) Add ¶
func (r *KeyringResponses) Add(v interface{})
func (*KeyringResponses) New ¶
func (r *KeyringResponses) New() interface{}
type LeastRequestConfig ¶ added in v1.9.0
type LeastRequestConfig struct { // ChoiceCount determines the number of random healthy hosts from which to select the one with the least requests. ChoiceCount uint32 `json:",omitempty" alias:"choice_count"` }
LeastRequestConfig contains configuration for the "least_request" policy type
type LinkedService ¶ added in v1.8.0
type LinkedService struct { // Name is the name of the service, as defined in Consul's catalog Name string `json:",omitempty"` // CAFile is the optional path to a CA certificate to use for TLS connections // from the gateway to the linked service CAFile string `json:",omitempty" alias:"ca_file"` // CertFile is the optional path to a client certificate to use for TLS connections // from the gateway to the linked service CertFile string `json:",omitempty" alias:"cert_file"` // KeyFile is the optional path to a private key to use for TLS connections // from the gateway to the linked service KeyFile string `json:",omitempty" alias:"key_file"` // SNI is the optional name to specify during the TLS handshake with a linked service SNI string `json:",omitempty"` acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` }
A LinkedService is a service represented by a terminating gateway
type LoadBalancer ¶ added in v1.9.0
type LoadBalancer struct { // Policy is the load balancing policy used to select a host Policy string `json:",omitempty"` // RingHashConfig contains configuration for the "ring_hash" policy type RingHashConfig *RingHashConfig `json:",omitempty" alias:"ring_hash_config"` // LeastRequestConfig contains configuration for the "least_request" policy type LeastRequestConfig *LeastRequestConfig `json:",omitempty" alias:"least_request_config"` // HashPolicies is a list of hash policies to use for hashing load balancing algorithms. // Hash policies are evaluated individually and combined such that identical lists // result in the same hash. // If no hash policies are present, or none are successfully evaluated, // then a random backend host will be selected. HashPolicies []HashPolicy `json:",omitempty" alias:"hash_policies"` }
LoadBalancer determines the load balancing policy and configuration for services issuing requests to this upstream service.
func (*LoadBalancer) IsHashBased ¶ added in v1.9.0
func (lb *LoadBalancer) IsHashBased() bool
type MeshConfigEntry ¶ added in v1.10.0
type MeshConfigEntry struct { // TransparentProxy contains cluster-wide options pertaining to TPROXY mode // when enabled. TransparentProxy TransparentProxyMeshConfig `alias:"transparent_proxy"` TLS *MeshTLSConfig `json:",omitempty"` Meta map[string]string `json:",omitempty"` acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex }
func (*MeshConfigEntry) CanRead ¶ added in v1.10.0
func (e *MeshConfigEntry) CanRead(authz acl.Authorizer) error
func (*MeshConfigEntry) CanWrite ¶ added in v1.10.0
func (e *MeshConfigEntry) CanWrite(authz acl.Authorizer) error
func (*MeshConfigEntry) GetEnterpriseMeta ¶ added in v1.10.0
func (e *MeshConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
func (*MeshConfigEntry) GetKind ¶ added in v1.10.0
func (e *MeshConfigEntry) GetKind() string
func (*MeshConfigEntry) GetMeta ¶ added in v1.10.0
func (e *MeshConfigEntry) GetMeta() map[string]string
func (*MeshConfigEntry) GetName ¶ added in v1.10.0
func (e *MeshConfigEntry) GetName() string
func (*MeshConfigEntry) GetRaftIndex ¶ added in v1.10.0
func (e *MeshConfigEntry) GetRaftIndex() *RaftIndex
func (*MeshConfigEntry) MarshalJSON ¶ added in v1.10.0
func (e *MeshConfigEntry) MarshalJSON() ([]byte, error)
MarshalJSON adds the Kind field so that the JSON can be decoded back into the correct type. This method is implemented on the structs type (as apposed to the api type) because that is what the API currently uses to return a response.
func (*MeshConfigEntry) Normalize ¶ added in v1.10.0
func (e *MeshConfigEntry) Normalize() error
func (*MeshConfigEntry) Validate ¶ added in v1.10.0
func (e *MeshConfigEntry) Validate() error
type MeshDirectionalTLSConfig ¶ added in v1.12.0
type MeshDirectionalTLSConfig struct { TLSMinVersion types.TLSVersion `json:",omitempty" alias:"tls_min_version"` TLSMaxVersion types.TLSVersion `json:",omitempty" alias:"tls_max_version"` // Define a subset of cipher suites to restrict // Only applicable to connections negotiated via TLS 1.2 or earlier CipherSuites []types.TLSCipherSuite `json:",omitempty" alias:"cipher_suites"` }
type MeshGatewayConfig ¶ added in v1.6.0
type MeshGatewayConfig struct { // The Mesh Gateway routing mode Mode MeshGatewayMode `json:",omitempty"` }
MeshGatewayConfig controls how Mesh Gateways are configured and used This is a struct to allow for future additions without having more free-hanging configuration items all over the place
func (*MeshGatewayConfig) IsZero ¶ added in v1.6.0
func (c *MeshGatewayConfig) IsZero() bool
func (*MeshGatewayConfig) OverlayWith ¶ added in v1.6.0
func (base *MeshGatewayConfig) OverlayWith(overlay MeshGatewayConfig) MeshGatewayConfig
func (*MeshGatewayConfig) ToAPI ¶ added in v1.6.0
func (c *MeshGatewayConfig) ToAPI() api.MeshGatewayConfig
type MeshGatewayMode ¶ added in v1.6.0
type MeshGatewayMode string
const ( // MeshGatewayModeDefault represents no specific mode and should // be used to indicate that a different layer of the configuration // chain should take precedence MeshGatewayModeDefault MeshGatewayMode = "" // MeshGatewayModeNone represents that the Upstream Connect connections // should be direct and not flow through a mesh gateway. MeshGatewayModeNone MeshGatewayMode = "none" // MeshGatewayModeLocal represents that the Upstream Connect connections // should be made to a mesh gateway in the local datacenter. MeshGatewayModeLocal MeshGatewayMode = "local" // MeshGatewayModeRemote represents that the Upstream Connect connections // should be made to a mesh gateway in a remote datacenter. MeshGatewayModeRemote MeshGatewayMode = "remote" )
func ValidateMeshGatewayMode ¶ added in v1.6.0
func ValidateMeshGatewayMode(mode string) (MeshGatewayMode, error)
type MeshTLSConfig ¶ added in v1.12.0
type MeshTLSConfig struct { Incoming *MeshDirectionalTLSConfig `json:",omitempty"` Outgoing *MeshDirectionalTLSConfig `json:",omitempty"` }
type MessageType ¶
type MessageType uint8
func (MessageType) String ¶ added in v1.9.0
func (m MessageType) String() string
String converts message type int to string
type NetworkSegment ¶ added in v1.0.0
type NetworkSegment struct { // Name is the name of the segment. Name string // Bind is the bind address for this segment. Bind *net.TCPAddr // Advertise is the advertise address of this segment. Advertise *net.TCPAddr // RPCListener is whether to bind a separate RPC listener on the bind address // for this segment. RPCListener bool }
(Enterprise-only) NetworkSegment is the configuration for a network segment, which is an isolated serf group on the LAN.
type Node ¶
type Node struct { ID types.NodeID Node string Address string Datacenter string Partition string `json:",omitempty"` TaggedAddresses map[string]string Meta map[string]string RaftIndex `bexpr:"-"` }
Used to return information about a node
func (*Node) BestAddress ¶ added in v1.6.0
func (*Node) FillAuthzContext ¶ added in v1.11.0
func (_ *Node) FillAuthzContext(_ *acl.AuthorizerContext)
FillAuthzContext stub
func (*Node) GetEnterpriseMeta ¶ added in v1.11.0
func (n *Node) GetEnterpriseMeta() *acl.EnterpriseMeta
func (*Node) IsSame ¶ added in v1.3.0
IsSame return whether nodes are similar without taking into account RaftIndex fields.
func (*Node) PartitionOrDefault ¶ added in v1.11.0
type NodeDump ¶
type NodeDump []*NodeInfo
NodeDump is used to dump all the nodes with all their associated data. This is currently used for the UI only, as it is rather expensive to generate.
type NodeInfo ¶
type NodeInfo struct { ID types.NodeID Node string Partition string `json:",omitempty"` Address string TaggedAddresses map[string]string Meta map[string]string Services []*NodeService Checks HealthChecks }
NodeInfo is used to dump all associated information about a node. This is currently used for the UI only, as it is rather expensive to generate.
func (*NodeInfo) FillAuthzContext ¶ added in v1.11.0
func (_ *NodeInfo) FillAuthzContext(_ *acl.AuthorizerContext)
func (*NodeInfo) GetEnterpriseMeta ¶ added in v1.11.0
func (n *NodeInfo) GetEnterpriseMeta() *acl.EnterpriseMeta
func (*NodeInfo) PartitionOrDefault ¶ added in v1.11.0
type NodeService ¶
type NodeService struct { // Kind is the kind of service this is. Different kinds of services may // have differing validation, DNS behavior, etc. An empty kind will default // to the Default kind. See ServiceKind for the full list of kinds. Kind ServiceKind `json:",omitempty"` ID string Service string Tags []string Address string TaggedAddresses map[string]ServiceAddress `json:",omitempty"` Meta map[string]string Port int `json:",omitempty"` SocketPath string `json:",omitempty"` // TODO This might be integrated into Address somehow, but not sure about the ergonomics. Only one of (address,port) or socketpath can be defined. Weights *Weights EnableTagOverride bool // Proxy is the configuration set for Kind = connect-proxy. It is mandatory in // that case and an error to be set for any other kind. This config is part of // a proxy service definition. ProxyConfig may be a more natural name here, but // it's confusing for the UX because one of the fields in ConnectProxyConfig is // also called just "Config" Proxy ConnectProxyConfig // Connect are the Connect settings for a service. This is purposely NOT // a pointer so that we never have to nil-check this. Connect ServiceConnect // LocallyRegisteredAsSidecar is private as it is only used by a local agent // state to track if the service was registered from a nested sidecar_service // block. We need to track that so we can know whether we need to deregister // it automatically too if it's removed from the service definition or if the // parent service is deregistered. Relying only on ID would cause us to // deregister regular services if they happen to be registered using the same // ID scheme as our sidecars do by default. We could use meta but that gets // unpleasant because we can't use the consul- prefix from an agent (reserved // for use internally but in practice that means within the state store or in // responses only), and it leaks the detail publicly which people might rely // on which is a bit unpleasant for something that is meant to be config-file // syntax sugar. Note this is not translated to ServiceNode and friends and // may not be set on a NodeService that isn't the one the agent registered and // keeps in it's local state. We never want this rendered in JSON as it's // internal only. Right now our agent endpoints return api structs which don't // include it but this is a safety net incase we change that or there is // somewhere this is used in API output. LocallyRegisteredAsSidecar bool `json:"-" bexpr:"-"` acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash" bexpr:"-"` RaftIndex `bexpr:"-"` }
NodeService is a service provided by a node
func TestNodeService ¶ added in v1.2.0
func TestNodeService(t testing.T) *NodeService
TestNodeService returns a *NodeService representing a valid regular service: "web".
func TestNodeServiceExpose ¶ added in v1.6.2
func TestNodeServiceExpose(t testing.T) *NodeService
func TestNodeServiceIngressGateway ¶ added in v1.8.0
func TestNodeServiceIngressGateway(t testing.T, address string) *NodeService
func TestNodeServiceMeshGateway ¶ added in v1.6.0
func TestNodeServiceMeshGateway(t testing.T) *NodeService
TestNodeServiceMeshGateway returns a *NodeService representing a valid Mesh Gateway
func TestNodeServiceMeshGatewayWithAddrs ¶ added in v1.6.0
func TestNodeServiceMeshGatewayWithAddrs(t testing.T, address string, port int, lanAddr, wanAddr ServiceAddress) *NodeService
func TestNodeServiceProxy ¶ added in v1.2.0
func TestNodeServiceProxy(t testing.T) *NodeService
TestNodeServiceProxy returns a *NodeService representing a valid Connect proxy.
func TestNodeServiceProxyInPartition ¶ added in v1.11.0
func TestNodeServiceProxyInPartition(t testing.T, partition string) *NodeService
func TestNodeServiceSidecar ¶ added in v1.3.0
func TestNodeServiceSidecar(t testing.T) *NodeService
TestNodeServiceSidecar returns a *NodeService representing a service registration with a nested Sidecar registration.
func TestNodeServiceTerminatingGateway ¶ added in v1.8.0
func TestNodeServiceTerminatingGateway(t testing.T, address string) *NodeService
func TestNodeServiceWithName ¶ added in v1.10.2
func TestNodeServiceWithName(t testing.T, name string) *NodeService
func (*NodeService) BestAddress ¶ added in v1.6.0
func (ns *NodeService) BestAddress(wan bool) (string, int)
func (*NodeService) CompoundServiceID ¶ added in v1.7.0
func (ns *NodeService) CompoundServiceID() ServiceID
func (*NodeService) CompoundServiceName ¶ added in v1.7.0
func (ns *NodeService) CompoundServiceName() ServiceName
func (*NodeService) IsGateway ¶ added in v1.8.0
func (s *NodeService) IsGateway() bool
func (*NodeService) IsSame ¶
func (s *NodeService) IsSame(other *NodeService) bool
IsSame checks if one NodeService is the same as another, without looking at the Raft information (that's why we didn't call it IsEqual). This is useful for seeing if an update would be idempotent for all the functional parts of the structure.
func (*NodeService) IsSidecarProxy ¶ added in v1.5.0
func (s *NodeService) IsSidecarProxy() bool
IsSidecarProxy returns true if the NodeService is a sidecar proxy.
func (*NodeService) ToServiceNode ¶
func (s *NodeService) ToServiceNode(node string) *ServiceNode
ToServiceNode converts the given node service to a service node.
func (*NodeService) Validate ¶ added in v1.2.0
func (s *NodeService) Validate() error
Validate validates the node service configuration.
NOTE(mitchellh): This currently only validates fields for a ConnectProxy. Historically validation has been directly in the Catalog.Register RPC. ConnectProxy validation was moved here for easier table testing, but other validation still exists in Catalog.Register.
type NodeServiceList ¶ added in v1.7.0
type NodeServiceList struct { Node *Node Services []*NodeService }
NodeServiceList represents services provided by Node. Services is a list of services.
type NodeServices ¶
type NodeServices struct { Node *Node Services map[string]*NodeService }
NodeServices represents services provided by Node. Services is a map of service IDs to services.
type NodeSpecificRequest ¶
type NodeSpecificRequest struct { Datacenter string Node string acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions }
NodeSpecificRequest is used to request the information about a single node
func (*NodeSpecificRequest) CacheInfo ¶ added in v1.4.3
func (r *NodeSpecificRequest) CacheInfo() cache.RequestInfo
func (*NodeSpecificRequest) RequestDatacenter ¶
func (r *NodeSpecificRequest) RequestDatacenter() string
type OpaqueUpstreamConfig ¶ added in v1.10.0
type OpaqueUpstreamConfigs ¶ added in v1.10.0
type OpaqueUpstreamConfigs []OpaqueUpstreamConfig
func (OpaqueUpstreamConfigs) GetUpstreamConfig ¶ added in v1.10.0
func (configs OpaqueUpstreamConfigs) GetUpstreamConfig(sid ServiceID) (config map[string]interface{}, found bool)
type ParsedPolicyCacheEntry ¶ added in v1.4.0
func (*ParsedPolicyCacheEntry) Age ¶ added in v1.4.0
func (e *ParsedPolicyCacheEntry) Age() time.Duration
type PassiveHealthCheck ¶ added in v1.10.0
type PassiveHealthCheck struct { // Interval between health check analysis sweeps. Each sweep may remove // hosts or return hosts to the pool. Interval time.Duration `json:",omitempty"` // MaxFailures is the count of consecutive failures that results in a host // being removed from the pool. MaxFailures uint32 `json:",omitempty" alias:"max_failures"` }
func (*PassiveHealthCheck) Clone ¶ added in v1.10.0
func (chk *PassiveHealthCheck) Clone() *PassiveHealthCheck
func (*PassiveHealthCheck) IsZero ¶ added in v1.10.0
func (chk *PassiveHealthCheck) IsZero() bool
func (PassiveHealthCheck) Validate ¶ added in v1.10.0
func (chk PassiveHealthCheck) Validate() error
type PolicyCacheEntry ¶ added in v1.4.0
func (*PolicyCacheEntry) Age ¶ added in v1.4.0
func (e *PolicyCacheEntry) Age() time.Duration
type PreparedQueries ¶
type PreparedQueries []*PreparedQuery
type PreparedQuery ¶
type PreparedQuery struct { // ID is this UUID-based ID for the query, always generated by Consul. ID string // Name is an optional friendly name for the query supplied by the // user. NOTE - if this feature is used then it will reduce the security // of any read ACL associated with this query/service since this name // can be used to locate nodes with supplying any ACL. Name string // Session is an optional session to tie this query's lifetime to. If // this is omitted then the query will not expire. Session string // Token is the ACL token used when the query was created, and it is // used when a query is subsequently executed. This token, or a token // with management privileges, must be used to change the query later. Token string // Template is used to configure this query as a template, which will // respond to queries based on the Name, and then will be rendered // before it is executed. Template QueryTemplateOptions // Service defines a service query (leaving things open for other types // later). Service ServiceQuery // DNS has options that control how the results of this query are // served over DNS. DNS QueryDNSOptions RaftIndex }
PreparedQuery defines a complete prepared query, and is the structure we maintain in the state store.
func (*PreparedQuery) GetACLPrefix ¶
func (pq *PreparedQuery) GetACLPrefix() (string, bool)
GetACLPrefix returns the prefix to look up the prepared_query ACL policy for this query, and whether the prefix applies to this query. You always need to check the ok value before using the prefix.
type PreparedQueryExecuteRemoteRequest ¶
type PreparedQueryExecuteRemoteRequest struct { // Datacenter is the target this request is intended for. Datacenter string // Query is a copy of the query to execute. We have to ship the entire // query over since it won't be present in the remote state store. Query PreparedQuery // Limit will trim the resulting list down to the given limit. Limit int // Connect is the same as ExecuteRequest. Connect bool // QueryOptions (unfortunately named here) controls the consistency // settings for the the service lookups. QueryOptions }
PreparedQueryExecuteRemoteRequest is used when running a local query in a remote datacenter.
func (*PreparedQueryExecuteRemoteRequest) RequestDatacenter ¶
func (q *PreparedQueryExecuteRemoteRequest) RequestDatacenter() string
RequestDatacenter returns the datacenter for a given request.
type PreparedQueryExecuteRequest ¶
type PreparedQueryExecuteRequest struct { // Datacenter is the target this request is intended for. Datacenter string // QueryIDOrName is the ID of a query _or_ the name of one, either can // be provided. QueryIDOrName string // Limit will trim the resulting list down to the given limit. Limit int // Connect will force results to be Connect-enabled nodes for the // matching services. This is equivalent in semantics exactly to // setting "Connect" in the query template itself, but allows callers // to use any prepared query in a Connect setting. Connect bool // Source is used to sort the results relative to a given node using // network coordinates. Source QuerySource // Agent is used to carry around a reference to the agent which initiated // the execute request. Used to distance-sort relative to the local node. Agent QuerySource // QueryOptions (unfortunately named here) controls the consistency // settings for the query lookup itself, as well as the service lookups. QueryOptions }
PreparedQueryExecuteRequest is used to execute a prepared query.
func (*PreparedQueryExecuteRequest) CacheInfo ¶ added in v1.3.0
func (q *PreparedQueryExecuteRequest) CacheInfo() cache.RequestInfo
CacheInfo implements cache.Request allowing requests to be cached on agent.
func (*PreparedQueryExecuteRequest) RequestDatacenter ¶
func (q *PreparedQueryExecuteRequest) RequestDatacenter() string
RequestDatacenter returns the datacenter for a given request.
type PreparedQueryExecuteResponse ¶
type PreparedQueryExecuteResponse struct { // Service is the service that was queried. Service string // EnterpriseMeta of the service that was queried. acl.EnterpriseMeta // Nodes has the nodes that were output by the query. Nodes CheckServiceNodes // DNS has the options for serving these results over DNS. DNS QueryDNSOptions // Datacenter is the datacenter that these results came from. Datacenter string // Failovers is a count of how many times we had to query a remote // datacenter. Failovers int // QueryMeta has freshness information about the query. QueryMeta }
PreparedQueryExecuteResponse has the results of executing a query.
type PreparedQueryExplainResponse ¶
type PreparedQueryExplainResponse struct { // Query has the fully-rendered query. Query PreparedQuery // QueryMeta has freshness information about the query. QueryMeta }
PreparedQueryExplainResponse has the results when explaining a query/
type PreparedQueryOp ¶
type PreparedQueryOp string
const ( PreparedQueryCreate PreparedQueryOp = "create" PreparedQueryUpdate PreparedQueryOp = "update" PreparedQueryDelete PreparedQueryOp = "delete" )
type PreparedQueryRequest ¶
type PreparedQueryRequest struct { // Datacenter is the target this request is intended for. Datacenter string // Op is the operation to apply. Op PreparedQueryOp // Query is the query itself. Query *PreparedQuery // WriteRequest holds the ACL token to go along with this request. WriteRequest }
QueryRequest is used to create or change prepared queries.
func (*PreparedQueryRequest) RequestDatacenter ¶
func (q *PreparedQueryRequest) RequestDatacenter() string
RequestDatacenter returns the datacenter for a given request.
type PreparedQuerySpecificRequest ¶
type PreparedQuerySpecificRequest struct { // Datacenter is the target this request is intended for. Datacenter string // QueryID is the ID of a query. QueryID string // QueryOptions (unfortunately named here) controls the consistency // settings for the query lookup itself, as well as the service lookups. QueryOptions }
PreparedQuerySpecificRequest is used to get information about a prepared query.
func (*PreparedQuerySpecificRequest) RequestDatacenter ¶
func (q *PreparedQuerySpecificRequest) RequestDatacenter() string
RequestDatacenter returns the datacenter for a given request.
type ProxyConfigEntry ¶ added in v1.5.0
type ProxyConfigEntry struct { Kind string Name string Config map[string]interface{} Mode ProxyMode `json:",omitempty"` TransparentProxy TransparentProxyConfig `json:",omitempty" alias:"transparent_proxy"` MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"` Expose ExposeConfig `json:",omitempty"` Meta map[string]string `json:",omitempty"` acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex }
ProxyConfigEntry is the top-level struct for global proxy configuration defaults.
func (*ProxyConfigEntry) CanRead ¶ added in v1.5.0
func (e *ProxyConfigEntry) CanRead(authz acl.Authorizer) error
func (*ProxyConfigEntry) CanWrite ¶ added in v1.5.0
func (e *ProxyConfigEntry) CanWrite(authz acl.Authorizer) error
func (*ProxyConfigEntry) GetEnterpriseMeta ¶ added in v1.7.0
func (e *ProxyConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
func (*ProxyConfigEntry) GetKind ¶ added in v1.5.0
func (e *ProxyConfigEntry) GetKind() string
func (*ProxyConfigEntry) GetMeta ¶ added in v1.8.4
func (e *ProxyConfigEntry) GetMeta() map[string]string
func (*ProxyConfigEntry) GetName ¶ added in v1.5.0
func (e *ProxyConfigEntry) GetName() string
func (*ProxyConfigEntry) GetRaftIndex ¶ added in v1.5.0
func (e *ProxyConfigEntry) GetRaftIndex() *RaftIndex
func (*ProxyConfigEntry) MarshalBinary ¶ added in v1.5.0
func (e *ProxyConfigEntry) MarshalBinary() (data []byte, err error)
func (*ProxyConfigEntry) Normalize ¶ added in v1.5.0
func (e *ProxyConfigEntry) Normalize() error
func (*ProxyConfigEntry) UnmarshalBinary ¶ added in v1.5.0
func (e *ProxyConfigEntry) UnmarshalBinary(data []byte) error
func (*ProxyConfigEntry) Validate ¶ added in v1.5.0
func (e *ProxyConfigEntry) Validate() error
type ProxyMode ¶ added in v1.10.0
type ProxyMode string
const ( // ProxyModeDefault represents no specific mode and should // be used to indicate that a different layer of the configuration // chain should take precedence ProxyModeDefault ProxyMode = "" // ProxyModeTransparent represents that inbound and outbound application // traffic is being captured and redirected through the proxy. ProxyModeTransparent ProxyMode = "transparent" // ProxyModeDirect represents that the proxy's listeners must be dialed directly // by the local application and other proxies. ProxyModeDirect ProxyMode = "direct" )
func ValidateProxyMode ¶ added in v1.10.0
type QueryBackend ¶ added in v1.10.1
type QueryBackend int
const ( QueryBackendBlocking QueryBackend = iota QueryBackendStreaming )
func (QueryBackend) String ¶ added in v1.10.1
func (q QueryBackend) String() string
type QueryDNSOptions ¶
type QueryDNSOptions struct { // TTL is the time to live for the served DNS results. TTL string }
QueryDNSOptions controls settings when query results are served over DNS.
type QueryDatacenterOptions ¶
type QueryDatacenterOptions struct { // NearestN is set to the number of remote datacenters to try, based on // network coordinates. NearestN int // Datacenters is a fixed list of datacenters to try after NearestN. We // never try a datacenter multiple times, so those are subtracted from // this list before proceeding. Datacenters []string }
QueryDatacenterOptions sets options about how we fail over if there are no healthy nodes in the local datacenter.
type QueryMeta ¶
type QueryMeta struct { // Index in the raft log of the latest item returned by the query. If the // query did not return any results the Index will be a value that will // change when a new item is added. Index uint64 // If AllowStale is used, this is time elapsed since // last contact between the follower and leader. This // can be used to gauge staleness. LastContact time.Duration // Used to indicate if there is a known leader node KnownLeader bool // Consistencylevel returns the consistency used to serve the query // Having `discovery_max_stale` on the agent can affect whether // the request was served by a leader. ConsistencyLevel string // NotModified is true when the Index of the query is the same value as the // requested MinIndex. It indicates that the entity has not been modified. // When NotModified is true, the response will not contain the result of // the query. NotModified bool // Backend used to handle this query, either blocking-query or streaming. Backend QueryBackend // ResultsFilteredByACLs is true when some of the query's results were // filtered out by enforcing ACLs. It may be false because nothing was // removed, or because the endpoint does not yet support this flag. ResultsFilteredByACLs bool }
QueryMeta allows a query response to include potentially useful metadata about a query
func (*QueryMeta) GetBackend ¶ added in v1.10.1
func (q *QueryMeta) GetBackend() QueryBackend
func (*QueryMeta) GetConsistencyLevel ¶ added in v1.7.0
GetConsistencyLevel helps implement the QueryMetaCompat interface
func (*QueryMeta) GetKnownLeader ¶ added in v1.7.0
GetKnownLeader helps implement the QueryMetaCompat interface
func (*QueryMeta) GetLastContact ¶ added in v1.7.0
GetLastContact helps implement the QueryMetaCompat interface
func (*QueryMeta) GetResultsFilteredByACLs ¶ added in v1.11.0
GetResultsFilteredByACLs is needed to implement the structs.QueryMetaCompat interface.
func (*QueryMeta) SetConsistencyLevel ¶ added in v1.7.0
SetConsistencyLevel is needed to implement the structs.QueryMetaCompat interface
func (*QueryMeta) SetIndex ¶ added in v1.7.0
SetIndex is needed to implement the structs.QueryMetaCompat interface
func (*QueryMeta) SetKnownLeader ¶ added in v1.7.0
SetKnownLeader is needed to implement the structs.QueryMetaCompat interface
func (*QueryMeta) SetLastContact ¶ added in v1.7.0
SetLastContact is needed to implement the structs.QueryMetaCompat interface
func (*QueryMeta) SetResultsFilteredByACLs ¶ added in v1.11.0
SetResultsFilteredByACLs is needed to implement the structs.QueryMetaCompat interface.
type QueryOptions ¶
type QueryOptions struct { // Token is the ACL token ID. If not provided, the 'anonymous' // token is assumed for backwards compatibility. Token string // If set, wait until query exceeds given index. Must be provided // with MaxQueryTime. MinQueryIndex uint64 // Provided with MinQueryIndex to wait for change. MaxQueryTime time.Duration // If set, any follower can service the request. Results // may be arbitrarily stale. AllowStale bool // If set, the leader must verify leadership prior to // servicing the request. Prevents a stale read. RequireConsistent bool // If set, the local agent may respond with an arbitrarily stale locally // cached response. The semantics differ from AllowStale since the agent may // be entirely partitioned from the servers and still considered "healthy" by // operators. Stale responses from Servers are also arbitrarily stale, but can // provide additional bounds on the last contact time from the leader. It's // expected that servers that are partitioned are noticed and replaced in a // timely way by operators while the same may not be true for client agents. UseCache bool // If set and AllowStale is true, will try first a stale // read, and then will perform a consistent read if stale // read is older than value. MaxStaleDuration time.Duration // MaxAge limits how old a cached value will be returned if UseCache is true. // If there is a cached response that is older than the MaxAge, it is treated // as a cache miss and a new fetch invoked. If the fetch fails, the error is // returned. Clients that wish to allow for stale results on error can set // StaleIfError to a longer duration to change this behavior. It is ignored // if the endpoint supports background refresh caching. See // https://www.consul.io/api/index.html#agent-caching for more details. MaxAge time.Duration // MustRevalidate forces the agent to fetch a fresh version of a cached // resource or at least validate that the cached version is still fresh. It is // implied by either max-age=0 or must-revalidate Cache-Control headers. It // only makes sense when UseCache is true. We store it since MaxAge = 0 is the // default unset value. MustRevalidate bool // StaleIfError specifies how stale the client will accept a cached response // if the servers are unavailable to fetch a fresh one. Only makes sense when // UseCache is true and MaxAge is set to a lower, non-zero value. It is // ignored if the endpoint supports background refresh caching. See // https://www.consul.io/api/index.html#agent-caching for more details. StaleIfError time.Duration // Filter specifies the go-bexpr filter expression to be used for // filtering the data prior to returning a response Filter string // AllowNotModifiedResponse indicates that if the MinIndex matches the // QueryMeta.Index, the response can be left empty and QueryMeta.NotModified // will be set to true to indicate the result of the query has not changed. AllowNotModifiedResponse bool }
QueryOptions is used to specify various flags for read queries
func (QueryOptions) AllowStaleRead ¶
func (q QueryOptions) AllowStaleRead() bool
func (QueryOptions) ConsistencyLevel ¶ added in v1.0.7
func (q QueryOptions) ConsistencyLevel() string
ConsistencyLevel display the consistency required by a request
func (*QueryOptions) GetAllowStale ¶ added in v1.7.0
func (m *QueryOptions) GetAllowStale() bool
GetAllowStale helps implement the QueryOptionsCompat interface
func (*QueryOptions) GetFilter ¶ added in v1.7.0
func (m *QueryOptions) GetFilter() string
GetFilter helps implement the QueryOptionsCompat interface
func (*QueryOptions) GetMaxAge ¶ added in v1.7.0
func (m *QueryOptions) GetMaxAge() (time.Duration, error)
GetMaxAge helps implement the QueryOptionsCompat interface
func (*QueryOptions) GetMaxQueryTime ¶ added in v1.7.0
func (m *QueryOptions) GetMaxQueryTime() (time.Duration, error)
GetMaxQueryTime helps implement the QueryOptionsCompat interface
func (*QueryOptions) GetMaxStaleDuration ¶ added in v1.7.0
func (m *QueryOptions) GetMaxStaleDuration() (time.Duration, error)
GetMaxStaleDuration helps implement the QueryOptionsCompat interface
func (*QueryOptions) GetMinQueryIndex ¶ added in v1.7.0
func (m *QueryOptions) GetMinQueryIndex() uint64
GetMinQueryIndex helps implement the QueryOptionsCompat interface
func (*QueryOptions) GetMustRevalidate ¶ added in v1.7.0
func (m *QueryOptions) GetMustRevalidate() bool
GetMustRevalidate helps implement the QueryOptionsCompat interface
func (*QueryOptions) GetRequireConsistent ¶ added in v1.7.0
func (m *QueryOptions) GetRequireConsistent() bool
GetRequireConsistent helps implement the QueryOptionsCompat interface
func (*QueryOptions) GetStaleIfError ¶ added in v1.7.0
func (m *QueryOptions) GetStaleIfError() (time.Duration, error)
GetStaleIfError helps implement the QueryOptionsCompat interface
func (*QueryOptions) GetToken ¶ added in v1.7.0
func (m *QueryOptions) GetToken() string
GetToken helps implement the QueryOptionsCompat interface
func (*QueryOptions) GetUseCache ¶ added in v1.7.0
func (m *QueryOptions) GetUseCache() bool
GetUseCache helps implement the QueryOptionsCompat interface
func (QueryOptions) HasTimedOut ¶ added in v1.11.0
func (QueryOptions) IsRead ¶
func (q QueryOptions) IsRead() bool
IsRead is always true for QueryOption.
func (*QueryOptions) SetAllowStale ¶ added in v1.7.0
func (q *QueryOptions) SetAllowStale(allowStale bool)
SetAllowStale is needed to implement the structs.QueryOptionsCompat interface
func (*QueryOptions) SetFilter ¶ added in v1.7.0
func (q *QueryOptions) SetFilter(filter string)
SetFilter is needed to implement the structs.QueryOptionsCompat interface
func (*QueryOptions) SetMaxAge ¶ added in v1.7.0
func (q *QueryOptions) SetMaxAge(maxAge time.Duration)
SetMaxAge is needed to implement the structs.QueryOptionsCompat interface
func (*QueryOptions) SetMaxQueryTime ¶ added in v1.7.0
func (q *QueryOptions) SetMaxQueryTime(maxQueryTime time.Duration)
SetMaxQueryTime is needed to implement the structs.QueryOptionsCompat interface
func (*QueryOptions) SetMaxStaleDuration ¶ added in v1.7.0
func (q *QueryOptions) SetMaxStaleDuration(maxStaleDuration time.Duration)
SetMaxStaleDuration is needed to implement the structs.QueryOptionsCompat interface
func (*QueryOptions) SetMinQueryIndex ¶ added in v1.7.0
func (q *QueryOptions) SetMinQueryIndex(minQueryIndex uint64)
SetMinQueryIndex is needed to implement the structs.QueryOptionsCompat interface
func (*QueryOptions) SetMustRevalidate ¶ added in v1.7.0
func (q *QueryOptions) SetMustRevalidate(mustRevalidate bool)
SetMustRevalidate is needed to implement the structs.QueryOptionsCompat interface
func (*QueryOptions) SetRequireConsistent ¶ added in v1.7.0
func (q *QueryOptions) SetRequireConsistent(requireConsistent bool)
SetRequireConsistent is needed to implement the structs.QueryOptionsCompat interface
func (*QueryOptions) SetStaleIfError ¶ added in v1.7.0
func (q *QueryOptions) SetStaleIfError(staleIfError time.Duration)
SetStaleIfError is needed to implement the structs.QueryOptionsCompat interface
func (*QueryOptions) SetToken ¶ added in v1.7.0
func (q *QueryOptions) SetToken(token string)
SetToken is needed to implement the structs.QueryOptionsCompat interface
func (*QueryOptions) SetTokenSecret ¶ added in v1.8.0
func (q *QueryOptions) SetTokenSecret(s string)
func (*QueryOptions) SetUseCache ¶ added in v1.7.0
func (q *QueryOptions) SetUseCache(useCache bool)
SetUseCache is needed to implement the structs.QueryOptionsCompat interface
func (QueryOptions) TokenSecret ¶ added in v1.4.0
func (q QueryOptions) TokenSecret() string
type QuerySource ¶
type QuerySource struct { Datacenter string Segment string Node string NodePartition string `json:",omitempty"` Ip string }
QuerySource is used to pass along information about the source node in queries so that we can adjust the response based on its network coordinates.
func (QuerySource) NodeEnterpriseMeta ¶ added in v1.11.0
func (s QuerySource) NodeEnterpriseMeta() *acl.EnterpriseMeta
func (QuerySource) NodePartitionOrDefault ¶ added in v1.11.0
func (s QuerySource) NodePartitionOrDefault() string
type QueryTemplateOptions ¶
type QueryTemplateOptions struct { // Type, if non-empty, means that this query is a template. This is // set to one of the QueryTemplateType* constants above. Type string // Regexp is an optional regular expression to use to parse the full // name, once the prefix match has selected a template. This can be // used to extract parts of the name and choose a service name, set // tags, etc. Regexp string // RemoveEmptyTags, if true, removes empty tags from matched tag list RemoveEmptyTags bool }
QueryTemplateOptions controls settings if this query is a template.
type RPCInfo ¶
type RPCInfo interface { RequestDatacenter() string IsRead() bool AllowStaleRead() bool TokenSecret() string SetTokenSecret(string) HasTimedOut(since time.Time, rpcHoldTimeout, maxQueryTime, defaultQueryTime time.Duration) (bool, error) }
RPCInfo is used to describe common information about query
type RaftConfigurationResponse ¶
type RaftConfigurationResponse struct { // Servers has the list of servers in the Raft configuration. Servers []*RaftServer // Index has the Raft index of this configuration. Index uint64 }
RaftConfigurationResponse is returned when querying for the current Raft configuration.
type RaftIndex ¶
RaftIndex is used to track the index used while creating or modifying a given struct type.
type RaftRemovePeerRequest ¶
type RaftRemovePeerRequest struct { // Datacenter is the target this request is intended for. Datacenter string // Address is the peer to remove, in the form "IP:port". Address raft.ServerAddress // ID is the peer ID to remove. ID raft.ServerID // WriteRequest holds the ACL token to go along with this request. WriteRequest }
RaftRemovePeerRequest is used by the Operator endpoint to apply a Raft operation on a specific Raft peer by address in the form of "IP:port".
func (*RaftRemovePeerRequest) RequestDatacenter ¶
func (op *RaftRemovePeerRequest) RequestDatacenter() string
RequestDatacenter returns the datacenter for a given request.
type RaftServer ¶
type RaftServer struct { // ID is the unique ID for the server. These are currently the same // as the address, but they will be changed to a real GUID in a future // release of Consul. ID raft.ServerID // Node is the node name of the server, as known by Consul, or this // will be set to "(unknown)" otherwise. Node string // Address is the IP:port of the server, used for Raft communications. Address raft.ServerAddress // Leader is true if this server is the current cluster leader. Leader bool // Protocol version is the raft protocol version used by the server ProtocolVersion string // Voter is true if this server has a vote in the cluster. This might // be false if the server is staging and still coming online, or if // it's a non-voting server, which will be added in a future release of // Consul. Voter bool }
RaftServer has information about a server in the Raft configuration.
type RaftStats ¶ added in v1.9.0
type RaftStats struct { // LastContact is the time since this node's last contact with the leader. LastContact string // LastTerm is the highest leader term this server has a record of in its Raft log. LastTerm uint64 // LastIndex is the last log index this server has a record of in its Raft log. LastIndex uint64 }
RaftStats holds miscellaneous Raft metrics for a server.
func (*RaftStats) ToAutopilotServerStats ¶ added in v1.9.0
func (s *RaftStats) ToAutopilotServerStats() *autopilot.ServerStats
type RegisterRequest ¶
type RegisterRequest struct { Datacenter string ID types.NodeID Node string Address string TaggedAddresses map[string]string NodeMeta map[string]string Service *NodeService Check *HealthCheck Checks HealthChecks // SkipNodeUpdate can be used when a register request is intended for // updating a service and/or checks, but doesn't want to overwrite any // node information if the node is already registered. If the node // doesn't exist, it will still be created, but if the node exists, any // node portion of this update will not apply. SkipNodeUpdate bool // EnterpriseMeta is the embedded enterprise metadata acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` WriteRequest RaftIndex `bexpr:"-"` }
RegisterRequest is used for the Catalog.Register endpoint to register a node as providing a service. If no service is provided, the node is registered.
func TestRegisterIngressGateway ¶ added in v1.8.0
func TestRegisterIngressGateway(t testing.T) *RegisterRequest
TestRegisterIngressGateway returns a RegisterRequest for registering an ingress gateway
func TestRegisterRequest ¶ added in v1.2.0
func TestRegisterRequest(t testing.T) *RegisterRequest
TestRegisterRequest returns a RegisterRequest for registering a typical service.
func TestRegisterRequestProxy ¶ added in v1.2.0
func TestRegisterRequestProxy(t testing.T) *RegisterRequest
TestRegisterRequestProxy returns a RegisterRequest for registering a Connect proxy.
func (*RegisterRequest) ChangesNode ¶
func (r *RegisterRequest) ChangesNode(node *Node) bool
ChangesNode returns true if the given register request changes the given node, which can be nil. This only looks for changes to the node record itself, not any of the health checks.
func (*RegisterRequest) FillAuthzContext ¶ added in v1.7.0
func (_ *RegisterRequest) FillAuthzContext(_ *acl.AuthorizerContext)
FillAuthzContext stub
func (*RegisterRequest) GetEnterpriseMeta ¶ added in v1.7.0
func (_ *RegisterRequest) GetEnterpriseMeta() *acl.EnterpriseMeta
func (*RegisterRequest) RequestDatacenter ¶
func (r *RegisterRequest) RequestDatacenter() string
type RemoteACLAuthorizationRequest ¶ added in v1.7.0
type RemoteACLAuthorizationRequest struct { Datacenter string Requests []ACLAuthorizationRequest QueryOptions }
func (*RemoteACLAuthorizationRequest) RequestDatacenter ¶ added in v1.7.0
func (r *RemoteACLAuthorizationRequest) RequestDatacenter() string
type RingHashConfig ¶ added in v1.9.0
type RingHashConfig struct { // MinimumRingSize determines the minimum number of entries in the hash ring MinimumRingSize uint64 `json:",omitempty" alias:"minimum_ring_size"` // MaximumRingSize determines the maximum number of entries in the hash ring MaximumRingSize uint64 `json:",omitempty" alias:"maximum_ring_size"` }
RingHashConfig contains configuration for the "ring_hash" policy type
type RoleCacheEntry ¶ added in v1.5.0
func (*RoleCacheEntry) Age ¶ added in v1.5.0
func (e *RoleCacheEntry) Age() time.Duration
type ServiceAddress ¶ added in v1.6.0
Type to hold a address and port of a service
func (ServiceAddress) ToAPIServiceAddress ¶ added in v1.6.0
func (a ServiceAddress) ToAPIServiceAddress() api.ServiceAddress
type ServiceCheck ¶ added in v1.7.0
type ServiceConfigEntry ¶ added in v1.5.0
type ServiceConfigEntry struct { Kind string Name string Protocol string Mode ProxyMode `json:",omitempty"` TransparentProxy TransparentProxyConfig `json:",omitempty" alias:"transparent_proxy"` MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"` Expose ExposeConfig `json:",omitempty"` ExternalSNI string `json:",omitempty" alias:"external_sni"` UpstreamConfig *UpstreamConfiguration `json:",omitempty" alias:"upstream_config"` Meta map[string]string `json:",omitempty"` acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex }
ServiceConfiguration is the top-level struct for the configuration of a service across the entire cluster.
func (*ServiceConfigEntry) CanRead ¶ added in v1.5.0
func (e *ServiceConfigEntry) CanRead(authz acl.Authorizer) error
func (*ServiceConfigEntry) CanWrite ¶ added in v1.5.0
func (e *ServiceConfigEntry) CanWrite(authz acl.Authorizer) error
func (*ServiceConfigEntry) Clone ¶ added in v1.7.9
func (e *ServiceConfigEntry) Clone() *ServiceConfigEntry
func (*ServiceConfigEntry) GetEnterpriseMeta ¶ added in v1.7.0
func (e *ServiceConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
func (*ServiceConfigEntry) GetKind ¶ added in v1.5.0
func (e *ServiceConfigEntry) GetKind() string
func (*ServiceConfigEntry) GetMeta ¶ added in v1.8.4
func (e *ServiceConfigEntry) GetMeta() map[string]string
func (*ServiceConfigEntry) GetName ¶ added in v1.5.0
func (e *ServiceConfigEntry) GetName() string
func (*ServiceConfigEntry) GetRaftIndex ¶ added in v1.5.0
func (e *ServiceConfigEntry) GetRaftIndex() *RaftIndex
func (*ServiceConfigEntry) Normalize ¶ added in v1.5.0
func (e *ServiceConfigEntry) Normalize() error
func (*ServiceConfigEntry) Validate ¶ added in v1.5.0
func (e *ServiceConfigEntry) Validate() error
type ServiceConfigRequest ¶ added in v1.5.0
type ServiceConfigRequest struct { Name string Datacenter string // MeshGateway contains the mesh gateway configuration from the requesting proxy's registration MeshGateway MeshGatewayConfig // Mode indicates how the requesting proxy's listeners are dialed Mode ProxyMode UpstreamIDs []ServiceID // DEPRECATED // Upstreams is a list of upstream service names to use for resolving the service config // UpstreamIDs should be used instead which can encode more than just the name to // uniquely identify a service. Upstreams []string acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions }
ServiceConfigRequest is used when requesting the resolved configuration for a service.
func (*ServiceConfigRequest) CacheInfo ¶ added in v1.5.0
func (r *ServiceConfigRequest) CacheInfo() cache.RequestInfo
func (*ServiceConfigRequest) RequestDatacenter ¶ added in v1.5.0
func (s *ServiceConfigRequest) RequestDatacenter() string
type ServiceConfigResponse ¶ added in v1.5.0
type ServiceConfigResponse struct { ProxyConfig map[string]interface{} UpstreamConfigs map[string]map[string]interface{} UpstreamIDConfigs OpaqueUpstreamConfigs MeshGateway MeshGatewayConfig `json:",omitempty"` Expose ExposeConfig `json:",omitempty"` TransparentProxy TransparentProxyConfig `json:",omitempty"` Mode ProxyMode `json:",omitempty"` Meta map[string]string `json:",omitempty"` QueryMeta }
func (*ServiceConfigResponse) MarshalBinary ¶ added in v1.5.0
func (r *ServiceConfigResponse) MarshalBinary() (data []byte, err error)
MarshalBinary writes ServiceConfigResponse as msgpack encoded. It's only here because we need custom decoding of the raw interface{} values.
func (*ServiceConfigResponse) UnmarshalBinary ¶ added in v1.5.0
func (r *ServiceConfigResponse) UnmarshalBinary(data []byte) error
UnmarshalBinary decodes msgpack encoded ServiceConfigResponse. It used default msgpack encoding but fixes up the uint8 strings and other problems we have with encoding map[string]interface{}.
type ServiceConnect ¶ added in v1.2.0
type ServiceConnect struct { // Native is true when this service can natively understand Connect. Native bool `json:",omitempty"` // SidecarService is a nested Service Definition to register at the same time. // It's purely a convenience mechanism to allow specifying a sidecar service // along with the application service definition. It's nested nature allows // all of the fields to be defaulted which can reduce the amount of // boilerplate needed to register a sidecar service separately, but the end // result is identical to just making a second service registration via any // other means. SidecarService *ServiceDefinition `json:",omitempty" bexpr:"-"` }
ServiceConnect are the shared Connect settings between all service definitions from the agent to the state store.
func (*ServiceConnect) UnmarshalJSON ¶ added in v1.6.2
func (t *ServiceConnect) UnmarshalJSON(data []byte) (err error)
type ServiceConsumer ¶ added in v1.11.0
type ServiceConsumer struct { // Partition is the admin partition to export the service to. Partition string }
ServiceConsumer represents a downstream consumer of the service to be exported.
type ServiceDefinition ¶
type ServiceDefinition struct { Kind ServiceKind `json:",omitempty"` ID string Name string Tags []string Address string TaggedAddresses map[string]ServiceAddress Meta map[string]string Port int SocketPath string Check CheckType Checks CheckTypes Weights *Weights Token string EnableTagOverride bool // Proxy is the configuration set for Kind = connect-proxy. It is mandatory in // that case and an error to be set for any other kind. This config is part of // a proxy service definition. ProxyConfig may be a more natural name here, but // it's confusing for the UX because one of the fields in ConnectProxyConfig is // also called just "Config" Proxy *ConnectProxyConfig acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` Connect *ServiceConnect }
ServiceDefinition is used to JSON decode the Service definitions. For documentation on specific fields see NodeService which is better documented.
func TestServiceDefinition ¶ added in v1.2.0
func TestServiceDefinition(t testing.T) *ServiceDefinition
TestServiceDefinition returns a ServiceDefinition for a typical service.
func TestServiceDefinitionProxy ¶ added in v1.2.0
func TestServiceDefinitionProxy(t testing.T) *ServiceDefinition
TestServiceDefinitionProxy returns a ServiceDefinition for a proxy.
func (*ServiceDefinition) CheckTypes ¶
func (s *ServiceDefinition) CheckTypes() (checks CheckTypes, err error)
func (*ServiceDefinition) NodeService ¶
func (s *ServiceDefinition) NodeService() *NodeService
func (*ServiceDefinition) UnmarshalJSON ¶ added in v1.6.2
func (t *ServiceDefinition) UnmarshalJSON(data []byte) (err error)
func (*ServiceDefinition) Validate ¶ added in v1.2.0
func (s *ServiceDefinition) Validate() error
Validate validates the service definition. This also calls the underlying Validate method on the NodeService.
NOTE(mitchellh): This currently only validates fields related to Connect and is incomplete with regards to other fields.
type ServiceDump ¶ added in v1.8.0
type ServiceDump []*ServiceInfo
type ServiceDumpRequest ¶ added in v1.6.0
type ServiceDumpRequest struct { Datacenter string ServiceKind ServiceKind UseServiceKind bool Source QuerySource acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions }
func (*ServiceDumpRequest) CacheInfo ¶ added in v1.6.0
func (r *ServiceDumpRequest) CacheInfo() cache.RequestInfo
func (*ServiceDumpRequest) CacheMinIndex ¶ added in v1.6.0
func (r *ServiceDumpRequest) CacheMinIndex() uint64
func (*ServiceDumpRequest) RequestDatacenter ¶ added in v1.6.0
func (r *ServiceDumpRequest) RequestDatacenter() string
type ServiceID ¶ added in v1.7.0
type ServiceID struct { ID string acl.EnterpriseMeta }
func NewServiceID ¶ added in v1.7.0
func NewServiceID(id string, entMeta *acl.EnterpriseMeta) ServiceID
func ServiceIDFromString ¶ added in v1.7.0
func (ServiceID) StringHashSHA256 ¶ added in v1.9.11
StringHashSHA256 is used mainly to populate part of the filename of a service definition persisted on the local agent
type ServiceInfo ¶ added in v1.7.0
type ServiceInfo struct { Node *Node Service *NodeService Checks HealthChecks GatewayService *GatewayService }
type ServiceIntentionsConfigEntry ¶ added in v1.9.0
type ServiceIntentionsConfigEntry struct { Kind string Name string // formerly DestinationName Sources []*SourceIntention Meta map[string]string `json:",omitempty"` // formerly Intention.Meta acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` // formerly DestinationNS RaftIndex }
func MigrateIntentions ¶ added in v1.9.0
func MigrateIntentions(ixns Intentions) []*ServiceIntentionsConfigEntry
func (*ServiceIntentionsConfigEntry) CanRead ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) CanRead(authz acl.Authorizer) error
func (*ServiceIntentionsConfigEntry) CanWrite ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) CanWrite(authz acl.Authorizer) error
func (*ServiceIntentionsConfigEntry) Clone ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) Clone() *ServiceIntentionsConfigEntry
func (*ServiceIntentionsConfigEntry) DeleteSourceByLegacyID ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) DeleteSourceByLegacyID(legacyID string) bool
func (*ServiceIntentionsConfigEntry) DeleteSourceByName ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) DeleteSourceByName(sn ServiceName) bool
func (*ServiceIntentionsConfigEntry) DestinationServiceName ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) DestinationServiceName() ServiceName
func (*ServiceIntentionsConfigEntry) GetEnterpriseMeta ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
func (*ServiceIntentionsConfigEntry) GetKind ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) GetKind() string
func (*ServiceIntentionsConfigEntry) GetMeta ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) GetMeta() map[string]string
func (*ServiceIntentionsConfigEntry) GetName ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) GetName() string
func (*ServiceIntentionsConfigEntry) GetRaftIndex ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) GetRaftIndex() *RaftIndex
func (*ServiceIntentionsConfigEntry) HasAnyPermissions ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) HasAnyPermissions() bool
func (*ServiceIntentionsConfigEntry) HasWildcardDestination ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) HasWildcardDestination() bool
func (*ServiceIntentionsConfigEntry) LegacyIDFieldsAreAllEmpty ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) LegacyIDFieldsAreAllEmpty() bool
func (*ServiceIntentionsConfigEntry) LegacyIDFieldsAreAllSet ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) LegacyIDFieldsAreAllSet() bool
func (*ServiceIntentionsConfigEntry) LegacyNormalize ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) LegacyNormalize() error
func (*ServiceIntentionsConfigEntry) LegacyValidate ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) LegacyValidate() error
func (*ServiceIntentionsConfigEntry) Normalize ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) Normalize() error
func (*ServiceIntentionsConfigEntry) ToIntention ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) ToIntention(src *SourceIntention) *Intention
func (*ServiceIntentionsConfigEntry) ToIntentions ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) ToIntentions() Intentions
func (*ServiceIntentionsConfigEntry) UpdateOver ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) UpdateOver(rawPrev ConfigEntry) error
func (*ServiceIntentionsConfigEntry) UpdateSourceByLegacyID ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) UpdateSourceByLegacyID(legacyID string, update *SourceIntention) bool
func (*ServiceIntentionsConfigEntry) UpsertSourceByName ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) UpsertSourceByName(sn ServiceName, upsert *SourceIntention)
func (*ServiceIntentionsConfigEntry) Validate ¶ added in v1.9.0
func (e *ServiceIntentionsConfigEntry) Validate() error
type ServiceKind ¶ added in v1.2.0
type ServiceKind string
ServiceKind is the kind of service being registered.
const ( // ServiceKindTypical is a typical, classic Consul service. This is // represented by the absence of a value. This was chosen for ease of // backwards compatibility: existing services in the catalog would // default to the typical service. ServiceKindTypical ServiceKind = "" // ServiceKindConnectProxy is a proxy for the Connect feature. This // service proxies another service within Consul and speaks the connect // protocol. ServiceKindConnectProxy ServiceKind = "connect-proxy" // ServiceKindMeshGateway is a Mesh Gateway for the Connect feature. This // service will proxy connections based off the SNI header set by other // connect proxies ServiceKindMeshGateway ServiceKind = "mesh-gateway" // ServiceKindTerminatingGateway is a Terminating Gateway for the Connect // feature. This service will proxy connections to services outside the mesh. ServiceKindTerminatingGateway ServiceKind = "terminating-gateway" // ServiceKindIngressGateway is an Ingress Gateway for the Connect feature. // This service allows external traffic to enter the mesh based on // centralized configuration. ServiceKindIngressGateway ServiceKind = "ingress-gateway" )
func (ServiceKind) Normalized ¶ added in v1.11.0
func (k ServiceKind) Normalized() string
type ServiceList ¶ added in v1.7.0
type ServiceList []ServiceName
type ServiceName ¶ added in v1.8.0
type ServiceName struct { Name string acl.EnterpriseMeta }
func NewServiceName ¶ added in v1.8.0
func NewServiceName(name string, entMeta *acl.EnterpriseMeta) ServiceName
func ServiceNameFromString ¶ added in v1.8.0
func ServiceNameFromString(input string) ServiceName
func (ServiceName) Matches ¶ added in v1.8.0
func (n ServiceName) Matches(o ServiceName) bool
func (ServiceName) String ¶ added in v1.8.0
func (n ServiceName) String() string
func (ServiceName) ToServiceID ¶ added in v1.8.0
func (n ServiceName) ToServiceID() ServiceID
type ServiceNode ¶
type ServiceNode struct { ID types.NodeID Node string Address string Datacenter string TaggedAddresses map[string]string NodeMeta map[string]string ServiceKind ServiceKind ServiceID string ServiceName string ServiceTags []string ServiceAddress string ServiceTaggedAddresses map[string]ServiceAddress `json:",omitempty"` ServiceWeights Weights ServiceMeta map[string]string ServicePort int ServiceSocketPath string ServiceEnableTagOverride bool ServiceProxy ConnectProxyConfig ServiceConnect ServiceConnect acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash" bexpr:"-"` RaftIndex `bexpr:"-"` }
ServiceNode represents a node that is part of a service. ID, Address, TaggedAddresses, and NodeMeta are node-related fields that are always empty in the state store and are filled in on the way out by parseServiceNodes(). This is also why PartialClone() skips them, because we know they are blank already so it would be a waste of time to copy them. This is somewhat complicated when the address is really a unix domain socket; technically that will override the address field, but in practice the two use cases should not overlap.
func (*ServiceNode) CompoundServiceID ¶ added in v1.7.0
func (sn *ServiceNode) CompoundServiceID() ServiceID
func (*ServiceNode) CompoundServiceName ¶ added in v1.7.0
func (sn *ServiceNode) CompoundServiceName() ServiceName
func (*ServiceNode) IsSameService ¶ added in v1.3.0
func (s *ServiceNode) IsSameService(other *ServiceNode) bool
IsSameService checks if one Service of a ServiceNode is the same as another, without looking at the Raft information or Node information (that's why we didn't call it IsEqual). This is useful for seeing if an update would be idempotent for all the functional parts of the structure. In a similar fashion as ToNodeService(), fields related to Node are ignored see ServiceNode for more information.
func (*ServiceNode) NodeIdentity ¶ added in v1.10.0
func (s *ServiceNode) NodeIdentity() Identity
func (*ServiceNode) PartialClone ¶
func (s *ServiceNode) PartialClone() *ServiceNode
PartialClone() returns a clone of the given service node, minus the node- related fields that get filled in later, Address and TaggedAddresses.
func (*ServiceNode) ToNodeService ¶
func (s *ServiceNode) ToNodeService() *NodeService
ToNodeService converts the given service node to a node service.
type ServiceNodes ¶
type ServiceNodes []*ServiceNode
type ServiceQuery ¶
type ServiceQuery struct { // Service is the service to query. Service string // Failover controls what we do if there are no healthy nodes in the // local datacenter. Failover QueryDatacenterOptions // If OnlyPassing is true then we will only include nodes with passing // health checks (critical AND warning checks will cause a node to be // discarded) OnlyPassing bool // IgnoreCheckIDs is an optional list of health check IDs to ignore when // considering which nodes are healthy. It is useful as an emergency measure // to temporarily override some health check that is producing false negatives // for example. IgnoreCheckIDs []types.CheckID // Near allows the query to always prefer the node nearest the given // node. If the node does not exist, results are returned in their // normal randomly-shuffled order. Supplying the magic "_agent" value // is supported to sort near the agent which initiated the request. Near string // Tags are a set of required and/or disallowed tags. If a tag is in // this list it must be present. If the tag is preceded with "!" then // it is disallowed. Tags []string // NodeMeta is a map of required node metadata fields. If a key/value // pair is in this map it must be present on the node in order for the // service entry to be returned. NodeMeta map[string]string // ServiceMeta is a map of required service metadata fields. If a key/value // pair is in this map it must be present on the node in order for the // service entry to be returned. ServiceMeta map[string]string // Connect if true will filter the prepared query results to only // include Connect-capable services. These include both native services // and proxies for matching services. Note that if a proxy matches, // the constraints in the query above (Near, OnlyPassing, etc.) apply // to the _proxy_ and not the service being proxied. In practice, proxies // should be directly next to their services so this isn't an issue. Connect bool // EnterpriseMeta is the embedded enterprise metadata acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` }
ServiceQuery is used to query for a set of healthy nodes offering a specific service.
type ServiceResolverConfigEntry ¶ added in v1.6.0
type ServiceResolverConfigEntry struct { Kind string Name string // DefaultSubset is the subset to use when no explicit subset is // requested. If empty the unnamed subset is used. DefaultSubset string `json:",omitempty" alias:"default_subset"` // Subsets is a map of subset name to subset definition for all // usable named subsets of this service. The map key is the name // of the subset and all names must be valid DNS subdomain elements // so they can be used in SNI FQDN headers for the Connect Gateways // feature. // // This may be empty, in which case only the unnamed default subset // will be usable. Subsets map[string]ServiceResolverSubset `json:",omitempty"` // Redirect is a service/subset/datacenter/namespace to resolve // instead of the requested service (optional). // // When configured, all occurrences of this resolver in any discovery // chain evaluation will be substituted for the supplied redirect // EXCEPT when the redirect has already been applied. // // When substituting the supplied redirect into the discovery chain // all other fields beside Kind/Name/Redirect will be ignored. Redirect *ServiceResolverRedirect `json:",omitempty"` // Failover controls when and how to reroute traffic to an alternate pool // of service instances. // // The map is keyed by the service subset it applies to, and the special // string "*" is a wildcard that applies to any subset not otherwise // specified here. Failover map[string]ServiceResolverFailover `json:",omitempty"` // ConnectTimeout is the timeout for establishing new network connections // to this service. ConnectTimeout time.Duration `json:",omitempty" alias:"connect_timeout"` // LoadBalancer determines the load balancing policy and configuration for services // issuing requests to this upstream service. LoadBalancer *LoadBalancer `json:",omitempty" alias:"load_balancer"` Meta map[string]string `json:",omitempty"` acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex }
ServiceResolverConfigEntry defines which instances of a service should satisfy discovery requests for a given named service.
This config entry represents the next hop of the discovery chain after splitting. If no resolver config is defined the chain assumes 100% of traffic goes to the healthy instances of the default service in the current datacenter+namespace and discovery terminates.
Resolver configs are recursively collected while walking the chain.
Resolver config entries will be valid for services defined with any protocol (in centralized configuration).
func (*ServiceResolverConfigEntry) CanRead ¶ added in v1.6.0
func (e *ServiceResolverConfigEntry) CanRead(authz acl.Authorizer) error
func (*ServiceResolverConfigEntry) CanWrite ¶ added in v1.6.0
func (e *ServiceResolverConfigEntry) CanWrite(authz acl.Authorizer) error
func (*ServiceResolverConfigEntry) GetEnterpriseMeta ¶ added in v1.7.0
func (e *ServiceResolverConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
func (*ServiceResolverConfigEntry) GetKind ¶ added in v1.6.0
func (e *ServiceResolverConfigEntry) GetKind() string
func (*ServiceResolverConfigEntry) GetMeta ¶ added in v1.8.4
func (e *ServiceResolverConfigEntry) GetMeta() map[string]string
func (*ServiceResolverConfigEntry) GetName ¶ added in v1.6.0
func (e *ServiceResolverConfigEntry) GetName() string
func (*ServiceResolverConfigEntry) GetRaftIndex ¶ added in v1.6.0
func (e *ServiceResolverConfigEntry) GetRaftIndex() *RaftIndex
func (*ServiceResolverConfigEntry) IsDefault ¶ added in v1.6.0
func (e *ServiceResolverConfigEntry) IsDefault() bool
func (*ServiceResolverConfigEntry) ListRelatedServices ¶ added in v1.6.0
func (e *ServiceResolverConfigEntry) ListRelatedServices() []ServiceID
func (*ServiceResolverConfigEntry) MarshalJSON ¶ added in v1.6.0
func (e *ServiceResolverConfigEntry) MarshalJSON() ([]byte, error)
func (*ServiceResolverConfigEntry) Normalize ¶ added in v1.6.0
func (e *ServiceResolverConfigEntry) Normalize() error
func (*ServiceResolverConfigEntry) SubsetExists ¶ added in v1.6.0
func (e *ServiceResolverConfigEntry) SubsetExists(name string) bool
func (*ServiceResolverConfigEntry) UnmarshalJSON ¶ added in v1.6.0
func (e *ServiceResolverConfigEntry) UnmarshalJSON(data []byte) error
func (*ServiceResolverConfigEntry) Validate ¶ added in v1.6.0
func (e *ServiceResolverConfigEntry) Validate() error
type ServiceResolverFailover ¶ added in v1.6.0
type ServiceResolverFailover struct { // Service is the service to resolve instead of the default as the failover // group of instances (optional). // // This is a DESTINATION during failover. Service string `json:",omitempty"` // ServiceSubset is the named subset of the requested service to resolve as // the failover group of instances. If empty the default subset for the // requested service is used (optional). // // This is a DESTINATION during failover. ServiceSubset string `json:",omitempty" alias:"service_subset"` // Namespace is the namespace to resolve the requested service from to form // the failover group of instances. If empty the current namespace is used // (optional). // // This is a DESTINATION during failover. Namespace string `json:",omitempty"` // Datacenters is a fixed list of datacenters to try. We never try a // datacenter multiple times, so those are subtracted from this list before // proceeding. // // This is a DESTINATION during failover. Datacenters []string `json:",omitempty"` }
There are some restrictions on what is allowed in here:
- Service, ServiceSubset, Namespace, and Datacenters cannot all be empty at once.
func (*ServiceResolverFailover) GetEnterpriseMeta ¶ added in v1.7.0
func (failover *ServiceResolverFailover) GetEnterpriseMeta(_ *acl.EnterpriseMeta) *acl.EnterpriseMeta
GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from fields in the ServiceResolverFailover
type ServiceResolverRedirect ¶ added in v1.6.0
type ServiceResolverRedirect struct { // Service is a service to resolve instead of the current service // (optional). Service string `json:",omitempty"` // ServiceSubset is a named subset of the given service to resolve instead // of one defined as that service's DefaultSubset If empty the default // subset is used (optional). // // If this is specified at least one of Service, Datacenter, or Namespace // should be configured. ServiceSubset string `json:",omitempty" alias:"service_subset"` // Namespace is the namespace to resolve the service from instead of the // current one (optional). Namespace string `json:",omitempty"` // Partition is the partition to resolve the service from instead of the // current one (optional). Partition string `json:",omitempty"` // Datacenter is the datacenter to resolve the service from instead of the // current one (optional). Datacenter string `json:",omitempty"` }
func (*ServiceResolverRedirect) GetEnterpriseMeta ¶ added in v1.7.0
func (redir *ServiceResolverRedirect) GetEnterpriseMeta(_ *acl.EnterpriseMeta) *acl.EnterpriseMeta
GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from fields in the ServiceResolverRedirect
type ServiceResolverSubset ¶ added in v1.6.0
type ServiceResolverSubset struct { // Filter specifies the go-bexpr filter expression to be used for selecting // instances of the requested service. Filter string `json:",omitempty"` // OnlyPassing - Specifies the behavior of the resolver's health check // filtering. If this is set to false, the results will include instances // with checks in the passing as well as the warning states. If this is set // to true, only instances with checks in the passing state will be // returned. (behaves identically to the similarly named field on prepared // queries). OnlyPassing bool `json:",omitempty" alias:"only_passing"` }
ServiceResolverSubset defines a way to select a portion of the Consul catalog during service discovery. Anything that affects the ultimate catalog query performed OR post-processing on the results of that sort of query should be defined here.
type ServiceRoute ¶ added in v1.6.0
type ServiceRoute struct { Match *ServiceRouteMatch `json:",omitempty"` Destination *ServiceRouteDestination `json:",omitempty"` }
ServiceRoute is a single routing rule that routes traffic to the destination when the match criteria applies.
type ServiceRouteDestination ¶ added in v1.6.0
type ServiceRouteDestination struct { // Service is the service to resolve instead of the default service. If // empty then the default discovery chain service name is used. Service string `json:",omitempty"` // ServiceSubset is a named subset of the given service to resolve instead // of one defined as that service's DefaultSubset. If empty the default // subset is used. // // If this field is specified then this route is ineligible for further // splitting. ServiceSubset string `json:",omitempty" alias:"service_subset"` // Namespace is the namespace to resolve the service from instead of the // current namespace. If empty the current namespace is assumed. // // If this field is specified then this route is ineligible for further // splitting. Namespace string `json:",omitempty"` // Partition is the partition to resolve the service from instead of the // current partition. If empty the current partition is assumed. // // If this field is specified then this route is ineligible for further // splitting. Partition string `json:",omitempty"` // PrefixRewrite allows for the proxied request to have its matching path // prefix modified before being sent to the destination. Described more // below in the envoy implementation section. PrefixRewrite string `json:",omitempty" alias:"prefix_rewrite"` // RequestTimeout is the total amount of time permitted for the entire // downstream request (and retries) to be processed. RequestTimeout time.Duration `json:",omitempty" alias:"request_timeout"` // NumRetries is the number of times to retry the request when a retryable // result occurs. This seems fairly proxy agnostic. NumRetries uint32 `json:",omitempty" alias:"num_retries"` // RetryOnConnectFailure allows for connection failure errors to trigger a // retry. This should be expressible in other proxies as it's just a layer // 4 failure bubbling up to layer 7. RetryOnConnectFailure bool `json:",omitempty" alias:"retry_on_connect_failure"` // RetryOnStatusCodes is a flat list of http response status codes that are // eligible for retry. This again should be feasible in any reasonable proxy. RetryOnStatusCodes []uint32 `json:",omitempty" alias:"retry_on_status_codes"` // Allow HTTP header manipulation to be configured. RequestHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"request_headers"` ResponseHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"response_headers"` }
ServiceRouteDestination describes how to proxy the actual matching request to a service.
func (*ServiceRouteDestination) GetEnterpriseMeta ¶ added in v1.7.0
func (dest *ServiceRouteDestination) GetEnterpriseMeta(_ *acl.EnterpriseMeta) *acl.EnterpriseMeta
GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from fields in the ServiceRouteDestination
func (*ServiceRouteDestination) HasRetryFeatures ¶ added in v1.6.0
func (d *ServiceRouteDestination) HasRetryFeatures() bool
func (*ServiceRouteDestination) MarshalJSON ¶ added in v1.6.0
func (e *ServiceRouteDestination) MarshalJSON() ([]byte, error)
func (*ServiceRouteDestination) UnmarshalJSON ¶ added in v1.6.0
func (e *ServiceRouteDestination) UnmarshalJSON(data []byte) error
type ServiceRouteHTTPMatch ¶ added in v1.6.0
type ServiceRouteHTTPMatch struct { PathExact string `json:",omitempty" alias:"path_exact"` PathPrefix string `json:",omitempty" alias:"path_prefix"` PathRegex string `json:",omitempty" alias:"path_regex"` Header []ServiceRouteHTTPMatchHeader `json:",omitempty"` QueryParam []ServiceRouteHTTPMatchQueryParam `json:",omitempty" alias:"query_param"` Methods []string `json:",omitempty"` }
ServiceRouteHTTPMatch is a set of http-specific match criteria.
func (*ServiceRouteHTTPMatch) IsEmpty ¶ added in v1.6.0
func (m *ServiceRouteHTTPMatch) IsEmpty() bool
type ServiceRouteHTTPMatchHeader ¶ added in v1.6.0
type ServiceRouteHTTPMatchQueryParam ¶ added in v1.6.0
type ServiceRouteMatch ¶ added in v1.6.0
type ServiceRouteMatch struct {
HTTP *ServiceRouteHTTPMatch `json:",omitempty"`
}
ServiceRouteMatch is a set of criteria that can match incoming L7 requests.
func (*ServiceRouteMatch) IsEmpty ¶ added in v1.6.0
func (m *ServiceRouteMatch) IsEmpty() bool
type ServiceRouterConfigEntry ¶ added in v1.6.0
type ServiceRouterConfigEntry struct { Kind string Name string // Routes is the list of routes to consider when processing L7 requests. // The first rule to match in the list is terminal and stops further // evaluation. // // Traffic that fails to match any of the provided routes will be routed to // the default service. Routes []ServiceRoute Meta map[string]string `json:",omitempty"` acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex }
ServiceRouterConfigEntry defines L7 (e.g. http) routing rules for a named service exposed in Connect.
This config entry represents the topmost part of the discovery chain. Only one router config will be used per resolved discovery chain and is not otherwise discovered recursively (unlike splitter and resolver config entries).
Router config entries will be restricted to only services that define their protocol as http-based (in centralized configuration).
func (*ServiceRouterConfigEntry) CanRead ¶ added in v1.6.0
func (e *ServiceRouterConfigEntry) CanRead(authz acl.Authorizer) error
func (*ServiceRouterConfigEntry) CanWrite ¶ added in v1.6.0
func (e *ServiceRouterConfigEntry) CanWrite(authz acl.Authorizer) error
func (*ServiceRouterConfigEntry) GetEnterpriseMeta ¶ added in v1.7.0
func (e *ServiceRouterConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
func (*ServiceRouterConfigEntry) GetKind ¶ added in v1.6.0
func (e *ServiceRouterConfigEntry) GetKind() string
func (*ServiceRouterConfigEntry) GetMeta ¶ added in v1.8.4
func (e *ServiceRouterConfigEntry) GetMeta() map[string]string
func (*ServiceRouterConfigEntry) GetName ¶ added in v1.6.0
func (e *ServiceRouterConfigEntry) GetName() string
func (*ServiceRouterConfigEntry) GetRaftIndex ¶ added in v1.6.0
func (e *ServiceRouterConfigEntry) GetRaftIndex() *RaftIndex
func (*ServiceRouterConfigEntry) ListRelatedServices ¶ added in v1.6.0
func (e *ServiceRouterConfigEntry) ListRelatedServices() []ServiceID
func (*ServiceRouterConfigEntry) Normalize ¶ added in v1.6.0
func (e *ServiceRouterConfigEntry) Normalize() error
func (*ServiceRouterConfigEntry) Validate ¶ added in v1.6.0
func (e *ServiceRouterConfigEntry) Validate() error
type ServiceSpecificRequest ¶
type ServiceSpecificRequest struct { Datacenter string NodeMetaFilters map[string]string ServiceName string ServiceKind ServiceKind // DEPRECATED (singular-service-tag) - remove this when backwards RPC compat // with 1.2.x is not required. ServiceTag string ServiceTags []string ServiceAddress string TagFilter bool // Controls tag filtering Source QuerySource // Connect if true will only search for Connect-compatible services. Connect bool // Ingress if true will only search for Ingress gateways for the given service. Ingress bool acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` QueryOptions }
ServiceSpecificRequest is used to query about a specific service
func (*ServiceSpecificRequest) CacheInfo ¶ added in v1.3.0
func (r *ServiceSpecificRequest) CacheInfo() cache.RequestInfo
func (*ServiceSpecificRequest) CacheMinIndex ¶ added in v1.3.0
func (r *ServiceSpecificRequest) CacheMinIndex() uint64
func (*ServiceSpecificRequest) RequestDatacenter ¶
func (r *ServiceSpecificRequest) RequestDatacenter() string
type ServiceSplit ¶ added in v1.6.0
type ServiceSplit struct { // A value between 0 and 100 reflecting what portion of traffic should be // directed to this split. // // The smallest representable weight is 1/10000 or .01% // // If the split is within epsilon of 100 then the remainder is attributed // to the FIRST split. Weight float32 // Service is the service to resolve instead of the default (optional). Service string `json:",omitempty"` // ServiceSubset is a named subset of the given service to resolve instead // of one defined as that service's DefaultSubset. If empty the default // subset is used (optional). // // If this field is specified then this route is ineligible for further // splitting. ServiceSubset string `json:",omitempty" alias:"service_subset"` // Namespace is the namespace to resolve the service from instead of the // current namespace. If empty the current namespace is assumed (optional). // // If this field is specified then this route is ineligible for further // splitting. Namespace string `json:",omitempty"` // Partition is the partition to resolve the service from instead of the // current partition. If empty the current partition is assumed (optional). // // If this field is specified then this route is ineligible for further // splitting. Partition string `json:",omitempty"` // Allow HTTP header manipulation to be configured. RequestHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"request_headers"` ResponseHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"response_headers"` }
ServiceSplit defines how much traffic to send to which set of service instances during a traffic split.
func (*ServiceSplit) GetEnterpriseMeta ¶ added in v1.7.0
func (split *ServiceSplit) GetEnterpriseMeta(_ *acl.EnterpriseMeta) *acl.EnterpriseMeta
GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from fields in the ServiceSplit
func (*ServiceSplit) MergeParent ¶ added in v1.11.0
func (s *ServiceSplit) MergeParent(parent *ServiceSplit) (*ServiceSplit, error)
MergeParent is called by the discovery chain compiler when a split directs to another splitter. We refer to the first ServiceSplit as the parent and the ServiceSplits of the second splitter as its children. The parent ends up "flattened" by the compiler, i.e. replaced with its children recursively with the weights modified as necessary.
Since the parent is never included in the output, any request processing config attached to it (e.g. header manipulation) would be lost and not take affect when splitters direct to other splitters. To avoid that, we define a MergeParent operation which is called by the compiler on each child split during flattening. It must merge any request processing configuration from the passed parent into the child such that the end result is equivalent to a request first passing through the parent and then the child. Response handling must occur as if the request first passed through the through the child to the parent.
MergeDefaults leaves both s and parent unchanged and returns a deep copy to avoid confusing issues where config changes after being compiled.
type ServiceSplitterConfigEntry ¶ added in v1.6.0
type ServiceSplitterConfigEntry struct { Kind string Name string // Splits is the configurations for the details of the traffic splitting. // // The sum of weights across all splits must add up to 100. // // If the split is within epsilon of 100 then the remainder is attributed // to the FIRST split. Splits []ServiceSplit Meta map[string]string `json:",omitempty"` acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex }
ServiceSplitterConfigEntry defines how incoming requests are split across different subsets of a single service (like during staged canary rollouts), or perhaps across different services (like during a v2 rewrite or other type of codebase migration).
This config entry represents the next hop of the discovery chain after routing. If no splitter config is defined the chain assumes 100% of traffic goes to the default service and discovery continues on to the resolution hop.
Splitter configs are recursively collected while walking the discovery chain.
Splitter config entries will be restricted to only services that define their protocol as http-based (in centralized configuration).
func (*ServiceSplitterConfigEntry) CanRead ¶ added in v1.6.0
func (e *ServiceSplitterConfigEntry) CanRead(authz acl.Authorizer) error
func (*ServiceSplitterConfigEntry) CanWrite ¶ added in v1.6.0
func (e *ServiceSplitterConfigEntry) CanWrite(authz acl.Authorizer) error
func (*ServiceSplitterConfigEntry) GetEnterpriseMeta ¶ added in v1.7.0
func (e *ServiceSplitterConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
func (*ServiceSplitterConfigEntry) GetKind ¶ added in v1.6.0
func (e *ServiceSplitterConfigEntry) GetKind() string
func (*ServiceSplitterConfigEntry) GetMeta ¶ added in v1.8.4
func (e *ServiceSplitterConfigEntry) GetMeta() map[string]string
func (*ServiceSplitterConfigEntry) GetName ¶ added in v1.6.0
func (e *ServiceSplitterConfigEntry) GetName() string
func (*ServiceSplitterConfigEntry) GetRaftIndex ¶ added in v1.6.0
func (e *ServiceSplitterConfigEntry) GetRaftIndex() *RaftIndex
func (*ServiceSplitterConfigEntry) ListRelatedServices ¶ added in v1.6.0
func (e *ServiceSplitterConfigEntry) ListRelatedServices() []ServiceID
func (*ServiceSplitterConfigEntry) Normalize ¶ added in v1.6.0
func (e *ServiceSplitterConfigEntry) Normalize() error
func (*ServiceSplitterConfigEntry) Validate ¶ added in v1.6.0
func (e *ServiceSplitterConfigEntry) Validate() error
type ServiceTopology ¶ added in v1.9.0
type ServiceTopology struct { Upstreams CheckServiceNodes Downstreams CheckServiceNodes UpstreamDecisions map[string]IntentionDecisionSummary DownstreamDecisions map[string]IntentionDecisionSummary // MetricsProtocol is the protocol of the service being queried MetricsProtocol string // TransparentProxy describes whether all instances of the proxy // service are in transparent mode. TransparentProxy bool // (Up|Down)streamSources are maps with labels for why each service is being // returned. Services can be upstreams or downstreams due to // explicit upstream definition or various types of intention policies: // specific, wildcard, or default allow. UpstreamSources map[string]string DownstreamSources map[string]string }
type Services ¶
Used to return information about a provided services. Maps service name to available tags
type Session ¶
type Session struct { ID string Name string Node string // TODO(partitions): ensure that the entmeta interacts with this node field properly LockDelay time.Duration Behavior SessionBehavior // What to do when session is invalidated TTL string NodeChecks []string ServiceChecks []ServiceCheck // Deprecated v1.7.0. Checks []types.CheckID `json:",omitempty"` acl.EnterpriseMeta RaftIndex }
Session is used to represent an open session in the KV store. This issued to associate node checks with acquired locks.
func (*Session) CheckIDs ¶ added in v1.7.0
CheckIDs returns the IDs for all checks associated with a session, regardless of type
func (*Session) IDValue ¶ added in v1.11.0
IDValue implements the state.singleValueID interface for indexing.
func (*Session) UnmarshalJSON ¶ added in v1.6.2
type SessionBehavior ¶
type SessionBehavior string
const ( SessionKeysRelease SessionBehavior = "release" SessionKeysDelete = "delete" )
type SessionOp ¶
type SessionOp string
const ( SessionCreate SessionOp = "create" SessionDestroy = "destroy" )
type SessionRequest ¶
type SessionRequest struct { Datacenter string Op SessionOp // Which operation are we performing Session Session // Which session WriteRequest }
SessionRequest is used to operate on sessions
func (*SessionRequest) RequestDatacenter ¶
func (r *SessionRequest) RequestDatacenter() string
type SessionSpecificRequest ¶
type SessionSpecificRequest struct { Datacenter string SessionID string // DEPRECATED in 1.7.0 Session string acl.EnterpriseMeta QueryOptions }
SessionSpecificRequest is used to request a session by ID
func (*SessionSpecificRequest) RequestDatacenter ¶
func (r *SessionSpecificRequest) RequestDatacenter() string
type SignedResponse ¶ added in v1.5.2
type SignedResponse struct { IssuedCert IssuedCert `json:",omitempty"` ConnectCARoots IndexedCARoots `json:",omitempty"` ManualCARoots []string `json:",omitempty"` GossipKey string `json:",omitempty"` VerifyServerHostname bool `json:",omitempty"` }
type SnapshotReplyFn ¶
type SnapshotReplyFn func(reply *SnapshotResponse) error
SnapshotReplyFn gets a peek at the reply before the snapshot streams, which is useful for setting headers.
type SnapshotRequest ¶
type SnapshotRequest struct { // Datacenter is the target datacenter for this request. The request // will be forwarded if necessary. Datacenter string // Token is the ACL token to use for the operation. If ACLs are enabled // then all operations require a management token. Token string // If set, any follower can service the request. Results may be // arbitrarily stale. Only applies to SnapshotSave. AllowStale bool // Op is the operation code for the RPC. Op SnapshotOp }
SnapshotRequest is used as a header for a snapshot RPC request. This will precede any streaming data that's part of the request and is JSON-encoded on the wire.
type SnapshotResponse ¶
type SnapshotResponse struct { // Error is the overall error status of the RPC request. Error string // QueryMeta has freshness information about the server that handled the // request. It is only filled in for a SnapshotSave. QueryMeta }
SnapshotResponse is used header for a snapshot RPC response. This will precede any streaming data that's part of the request and is JSON-encoded on the wire.
type SourceIntention ¶ added in v1.9.0
type SourceIntention struct { // Name is the name of the source service. This can be a wildcard "*", but // only the full value can be a wildcard. Partial wildcards are not // allowed. // // The source may also be a non-Consul service, as specified by SourceType. // // formerly Intention.SourceName Name string // Action is whether this is an allowlist or denylist intention. // // formerly Intention.Action // // NOTE: this is mutually exclusive with the Permissions field. Action IntentionAction `json:",omitempty"` // Permissions is the list of additional L7 attributes that extend the // intention definition. // // Permissions are interpreted in the order represented in the slice. In // default-deny mode, deny permissions are logically subtracted from all // following allow permissions. Multiple allow permissions are then ORed // together. // // For example: // ["deny /v2/admin", "allow /v2/*", "allow GET /healthz"] // // Is logically interpreted as: // allow: [ // "(/v2/*) AND NOT (/v2/admin)", // "(GET /healthz) AND NOT (/v2/admin)" // ] Permissions []*IntentionPermission `json:",omitempty"` // Precedence is the order that the intention will be applied, with // larger numbers being applied first. This is a read-only field, on // any intention update it is updated. // // Note we will technically decode this over the wire during a write, but // we always recompute it on save. // // formerly Intention.Precedence Precedence int // LegacyID is manipulated just by the bridging code // used as part of backwards compatibility. // // formerly Intention.ID LegacyID string `json:",omitempty" alias:"legacy_id"` // Type is the type of the value for the source. // // formerly Intention.SourceType Type IntentionSourceType // Description is a human-friendly description of this intention. // It is opaque to Consul and is only stored and transferred in API // requests. // // formerly Intention.Description Description string `json:",omitempty"` // LegacyMeta is arbitrary metadata associated with the intention. This is // opaque to Consul but is served in API responses. // // formerly Intention.Meta LegacyMeta map[string]string `json:",omitempty" alias:"legacy_meta"` // LegacyCreateTime is formerly Intention.CreatedAt LegacyCreateTime *time.Time `json:",omitempty" alias:"legacy_create_time"` // LegacyUpdateTime is formerly Intention.UpdatedAt LegacyUpdateTime *time.Time `json:",omitempty" alias:"legacy_update_time"` // formerly Intention.SourceNS acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` }
func (*SourceIntention) Clone ¶ added in v1.9.0
func (x *SourceIntention) Clone() *SourceIntention
func (*SourceIntention) SourceServiceName ¶ added in v1.9.0
func (x *SourceIntention) SourceServiceName() ServiceName
type SystemMetadataEntry ¶ added in v1.9.0
type SystemMetadataOp ¶ added in v1.9.0
type SystemMetadataOp string
SystemMetadataOp is the operation for a request related to system metadata.
const ( SystemMetadataUpsert SystemMetadataOp = "upsert" SystemMetadataDelete SystemMetadataOp = "delete" )
type SystemMetadataRequest ¶ added in v1.9.0
type SystemMetadataRequest struct { // Datacenter is the target for this request. Datacenter string // Op is the type of operation being requested. Op SystemMetadataOp // Entry is the key to modify. Entry *SystemMetadataEntry // WriteRequest is a common struct containing ACL tokens and other // write-related common elements for requests. WriteRequest }
SystemMetadataRequest is used to upsert and delete system metadata.
func (*SystemMetadataRequest) RequestDatacenter ¶ added in v1.9.0
func (c *SystemMetadataRequest) RequestDatacenter() string
RequestDatacenter returns the datacenter for a given request.
type TerminatingGatewayConfigEntry ¶ added in v1.8.0
type TerminatingGatewayConfigEntry struct { Kind string Name string Services []LinkedService Meta map[string]string `json:",omitempty"` acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` RaftIndex }
TerminatingGatewayConfigEntry manages the configuration for a terminating service with the given name.
func (*TerminatingGatewayConfigEntry) CanRead ¶ added in v1.8.0
func (e *TerminatingGatewayConfigEntry) CanRead(authz acl.Authorizer) error
func (*TerminatingGatewayConfigEntry) CanWrite ¶ added in v1.8.0
func (e *TerminatingGatewayConfigEntry) CanWrite(authz acl.Authorizer) error
func (*TerminatingGatewayConfigEntry) GetEnterpriseMeta ¶ added in v1.8.0
func (e *TerminatingGatewayConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta
func (*TerminatingGatewayConfigEntry) GetKind ¶ added in v1.8.0
func (e *TerminatingGatewayConfigEntry) GetKind() string
func (*TerminatingGatewayConfigEntry) GetMeta ¶ added in v1.8.4
func (e *TerminatingGatewayConfigEntry) GetMeta() map[string]string
func (*TerminatingGatewayConfigEntry) GetName ¶ added in v1.8.0
func (e *TerminatingGatewayConfigEntry) GetName() string
func (*TerminatingGatewayConfigEntry) GetRaftIndex ¶ added in v1.8.0
func (e *TerminatingGatewayConfigEntry) GetRaftIndex() *RaftIndex
func (*TerminatingGatewayConfigEntry) Normalize ¶ added in v1.8.0
func (e *TerminatingGatewayConfigEntry) Normalize() error
func (*TerminatingGatewayConfigEntry) Validate ¶ added in v1.8.0
func (e *TerminatingGatewayConfigEntry) Validate() error
func (*TerminatingGatewayConfigEntry) Warnings ¶ added in v1.9.17
func (e *TerminatingGatewayConfigEntry) Warnings() []string
type TombstoneRequest ¶
type TombstoneRequest struct { Datacenter string Op TombstoneOp ReapIndex uint64 WriteRequest }
TombstoneRequest is used to trigger a reaping of the tombstones
func (*TombstoneRequest) RequestDatacenter ¶
func (r *TombstoneRequest) RequestDatacenter() string
type TransparentProxyConfig ¶ added in v1.10.0
type TransparentProxyConfig struct { // The port of the listener where outbound application traffic is being redirected to. OutboundListenerPort int `json:",omitempty" alias:"outbound_listener_port"` // DialedDirectly indicates whether transparent proxies can dial this proxy instance directly. // The discovery chain is not considered when dialing a service instance directly. // This setting is useful when addressing stateful services, such as a database cluster with a leader node. DialedDirectly bool `json:",omitempty" alias:"dialed_directly"` }
func (*TransparentProxyConfig) IsZero ¶ added in v1.10.0
func (c *TransparentProxyConfig) IsZero() bool
func (TransparentProxyConfig) ToAPI ¶ added in v1.10.0
func (c TransparentProxyConfig) ToAPI() *api.TransparentProxyConfig
type TransparentProxyMeshConfig ¶ added in v1.10.0
type TransparentProxyMeshConfig struct { // MeshDestinationsOnly can be used to disable the pass-through that // allows traffic to destinations outside of the mesh. MeshDestinationsOnly bool `alias:"mesh_destinations_only"` }
TransparentProxyMeshConfig contains cluster-wide options pertaining to TPROXY mode when enabled.
type TxnCheckOp ¶ added in v1.4.1
type TxnCheckOp struct { Verb api.CheckOp Check HealthCheck }
TxnCheckOp is used to define a single operation on a health check inside a transaction.
func (*TxnCheckOp) FillAuthzContext ¶ added in v1.7.0
func (_ *TxnCheckOp) FillAuthzContext(_ *acl.AuthorizerContext)
OSS Stub
type TxnCheckResult ¶ added in v1.4.1
type TxnCheckResult *HealthCheck
TxnCheckResult is used to define the result of a single operation on a session inside a transaction.
type TxnIntentionOp
deprecated
added in
v1.4.0
type TxnIntentionOp IntentionRequest
TxnIntentionOp is used to define a single operation on an Intention inside a transaction.
Deprecated: see TxnOp.Intention description
type TxnKVResult ¶
type TxnKVResult *DirEntry
TxnKVResult is used to define the result of a single operation on the KVS inside a transaction.
type TxnNodeOp ¶ added in v1.4.1
TxnNodeOp is used to define a single operation on a node in the catalog inside a transaction.
func (*TxnNodeOp) FillAuthzContext ¶ added in v1.7.0
func (op *TxnNodeOp) FillAuthzContext(ctx *acl.AuthorizerContext)
OSS Stub
type TxnNodeResult ¶ added in v1.4.1
type TxnNodeResult *Node
TxnNodeResult is used to define the result of a single operation on a node in the catalog inside a transaction.
type TxnOp ¶
type TxnOp struct { KV *TxnKVOp Node *TxnNodeOp Service *TxnServiceOp Check *TxnCheckOp Session *TxnSessionOp // Intention was an internal-only (not exposed in API or RPC) // implementation detail of legacy intention replication. This is // deprecated but retained for backwards compatibility with versions // of consul pre-dating 1.9.0. We need it for two reasons: // // 1. If a secondary DC is upgraded first, we need to continue to // replicate legacy intentions UNTIL the primary DC is upgraded. // Legacy intention replication exclusively writes using a TxnOp. // 2. If we attempt to reprocess raft-log contents pre-dating 1.9.0 // (such as when updating a secondary DC) we need to be able to // recreate the state machine from the snapshot and whatever raft logs are // present. Intention *TxnIntentionOp }
TxnOp is used to define a single operation inside a transaction. Only one of the types should be filled out per entry.
type TxnReadRequest ¶
type TxnReadRequest struct { Datacenter string Ops TxnOps QueryOptions }
TxnReadRequest is used as a fast path for read-only transactions that don't modify the state store.
func (*TxnReadRequest) RequestDatacenter ¶
func (r *TxnReadRequest) RequestDatacenter() string
type TxnReadResponse ¶
type TxnReadResponse struct { TxnResponse QueryMeta }
TxnReadResponse is the structure returned by a TxnReadRequest.
type TxnRequest ¶
type TxnRequest struct { Datacenter string Ops TxnOps WriteRequest }
TxnRequest is used to apply multiple operations to the state store in a single transaction
func (*TxnRequest) RequestDatacenter ¶
func (r *TxnRequest) RequestDatacenter() string
type TxnResponse ¶
type TxnResponse struct { Results TxnResults Errors TxnErrors }
TxnResponse is the structure returned by a TxnRequest.
func (TxnResponse) Error ¶ added in v1.4.0
func (r TxnResponse) Error() error
Error returns an aggregate of all errors in this TxnResponse.
type TxnResult ¶
type TxnResult struct { KV TxnKVResult `json:",omitempty"` Node TxnNodeResult `json:",omitempty"` Service TxnServiceResult `json:",omitempty"` Check TxnCheckResult `json:",omitempty"` }
TxnResult is used to define the result of a given operation inside a transaction. Only one of the types should be filled out per entry.
type TxnServiceOp ¶ added in v1.4.1
type TxnServiceOp struct { Verb api.ServiceOp Node string Service NodeService }
TxnServiceOp is used to define a single operation on a service in the catalog inside a transaction.
func (*TxnServiceOp) FillAuthzContext ¶ added in v1.7.0
func (_ *TxnServiceOp) FillAuthzContext(_ *acl.AuthorizerContext)
OSS Stub
type TxnServiceResult ¶ added in v1.4.1
type TxnServiceResult *NodeService
TxnServiceResult is used to define the result of a single operation on a service in the catalog inside a transaction.
type TxnSessionOp ¶ added in v1.7.0
TxnSessionOp is used to define a single operation on a session inside a transaction.
type UpdatableConfigEntry ¶ added in v1.9.0
type UpdatableConfigEntry interface { // UpdateOver is called from the state machine when an identically named // config entry already exists. This lets the config entry optionally // choose to use existing information from a config entry (such as // CreateTime) to slightly adjust how the update actually happens. UpdateOver(prev ConfigEntry) error ConfigEntry }
UpdatableConfigEntry is the optional interface implemented by a ConfigEntry if it wants more control over how the update part of upsert works differently than a straight create. By default without this implementation all upsert operations are replacements.
type Upstream ¶ added in v1.3.0
type Upstream struct { // Destination fields are the required ones for determining what this upstream // points to. Depending on DestinationType some other fields below might // further restrict the set of instances allowable. // // DestinationType would be better as an int constant but even with custom // JSON marshallers it causes havoc with all the mapstructure mangling we do // on service definitions in various places. DestinationType string `alias:"destination_type"` DestinationNamespace string `json:",omitempty" alias:"destination_namespace"` DestinationPartition string `json:",omitempty" alias:"destination_partition"` DestinationName string `alias:"destination_name"` // Datacenter that the service discovery request should be run against. Note // for prepared queries, the actual results might be from a different // datacenter. Datacenter string // LocalBindAddress is the ip address a side-car proxy should listen on for // traffic destined for this upstream service. Default if empty is 127.0.0.1. LocalBindAddress string `json:",omitempty" alias:"local_bind_address"` // LocalBindPort is the ip address a side-car proxy should listen on for traffic // destined for this upstream service. Required. LocalBindPort int `json:",omitempty" alias:"local_bind_port"` // These are exclusive with LocalBindAddress/LocalBindPort LocalBindSocketPath string `json:",omitempty" alias:"local_bind_socket_path"` // This might be represented as an int, but because it's octal outputs can be a bit strange. LocalBindSocketMode string `json:",omitempty" alias:"local_bind_socket_mode"` // Config is an opaque config that is specific to the proxy process being run. // It can be used to pass arbitrary configuration for this specific upstream // to the proxy. Config map[string]interface{} `json:",omitempty" bexpr:"-"` // MeshGateway is the configuration for mesh gateway usage of this upstream MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"` // IngressHosts are a list of hosts that should route to this upstream from an // ingress gateway. This cannot and should not be set by a user, it is used // internally to store the association of hosts to an upstream service. // TODO(banks): we shouldn't need this any more now we pass through full // listener config in the ingress snapshot. IngressHosts []string `json:"-" bexpr:"-"` // CentrallyConfigured indicates whether the upstream was defined in a proxy // instance registration or whether it was generated from a config entry. CentrallyConfigured bool `json:",omitempty" bexpr:"-"` }
Upstream represents a single upstream dependency for a service or proxy. It describes the mechanism used to discover instances to communicate with (the Target) as well as any potential client configuration that may be useful such as load balancer options, timeouts etc.
func UpstreamFromAPI ¶ added in v1.3.0
UpstreamFromAPI is a helper for converting api.Upstream to Upstream.
func (*Upstream) DestinationID ¶ added in v1.7.0
func (*Upstream) GetEnterpriseMeta ¶ added in v1.7.0
func (us *Upstream) GetEnterpriseMeta() *acl.EnterpriseMeta
func (*Upstream) HasLocalPortOrSocket ¶ added in v1.10.0
func (*Upstream) String ¶ added in v1.3.0
String returns a representation of this upstream suitable for debugging purposes but nothing relies upon this format.
func (*Upstream) ToAPI ¶ added in v1.3.0
ToAPI returns the api structs with the same fields. We have duplicates to avoid the api package depending on this one which imports a ton of Consul's core which you don't want if you are just trying to use our client in your app.
func (*Upstream) ToKey ¶ added in v1.6.0
func (u *Upstream) ToKey() UpstreamKey
ToKey returns a value-type representation that uniquely identifies the upstream in a canonical way. Set and unset values are deliberately handled differently.
These fields should be user-specificed explicit values and not inferred values.
func (*Upstream) UnmarshalJSON ¶ added in v1.6.2
func (*Upstream) UpstreamAddressToString ¶ added in v1.10.0
func (*Upstream) UpstreamIsUnixSocket ¶ added in v1.10.0
type UpstreamConfig ¶ added in v1.7.0
type UpstreamConfig struct { // Name is only accepted within a service-defaults config entry. Name string `json:",omitempty"` // EnterpriseMeta is only accepted within a service-defaults config entry. acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` // EnvoyListenerJSON is a complete override ("escape hatch") for the upstream's // listener. // // Note: This escape hatch is NOT compatible with the discovery chain and // will be ignored if a discovery chain is active. EnvoyListenerJSON string `json:",omitempty" alias:"envoy_listener_json"` // EnvoyClusterJSON is a complete override ("escape hatch") for the upstream's // cluster. The Connect client TLS certificate and context will be injected // overriding any TLS settings present. // // Note: This escape hatch is NOT compatible with the discovery chain and // will be ignored if a discovery chain is active. EnvoyClusterJSON string `json:",omitempty" alias:"envoy_cluster_json"` // Protocol describes the upstream's service protocol. Valid values are "tcp", // "http" and "grpc". Anything else is treated as tcp. The enables protocol // aware features like per-request metrics and connection pooling, tracing, // routing etc. Protocol string `json:",omitempty"` // ConnectTimeoutMs is the number of milliseconds to timeout making a new // connection to this upstream. Defaults to 5000 (5 seconds) if not set. ConnectTimeoutMs int `json:",omitempty" alias:"connect_timeout_ms"` // Limits are the set of limits that are applied to the proxy for a specific upstream of a // service instance. Limits *UpstreamLimits `json:",omitempty"` // PassiveHealthCheck configuration determines how upstream proxy instances will // be monitored for removal from the load balancing pool. PassiveHealthCheck *PassiveHealthCheck `json:",omitempty" alias:"passive_health_check"` // MeshGatewayConfig controls how Mesh Gateways are configured and used MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway" ` }
func ParseUpstreamConfig ¶ added in v1.10.0
func ParseUpstreamConfig(m map[string]interface{}) (UpstreamConfig, error)
ParseUpstreamConfig returns the UpstreamConfig parsed from an opaque map. If an error occurs during parsing it is returned along with the default config this allows caller to choose whether and how to report the error.
func ParseUpstreamConfigNoDefaults ¶ added in v1.10.0
func ParseUpstreamConfigNoDefaults(m map[string]interface{}) (UpstreamConfig, error)
func (UpstreamConfig) Clone ¶ added in v1.10.0
func (cfg UpstreamConfig) Clone() UpstreamConfig
func (UpstreamConfig) MergeInto ¶ added in v1.10.0
func (cfg UpstreamConfig) MergeInto(dst map[string]interface{})
func (*UpstreamConfig) NormalizeWithName ¶ added in v1.10.0
func (cfg *UpstreamConfig) NormalizeWithName(entMeta *acl.EnterpriseMeta) error
func (*UpstreamConfig) NormalizeWithoutName ¶ added in v1.10.0
func (cfg *UpstreamConfig) NormalizeWithoutName() error
func (*UpstreamConfig) ServiceID ¶ added in v1.10.0
func (cfg *UpstreamConfig) ServiceID() ServiceID
func (*UpstreamConfig) ServiceName ¶ added in v1.10.0
func (cfg *UpstreamConfig) ServiceName() ServiceName
func (UpstreamConfig) ValidateWithName ¶ added in v1.10.0
func (cfg UpstreamConfig) ValidateWithName() error
func (UpstreamConfig) ValidateWithoutName ¶ added in v1.10.0
func (cfg UpstreamConfig) ValidateWithoutName() error
type UpstreamConfiguration ¶ added in v1.10.0
type UpstreamConfiguration struct { // Overrides is a slice of per-service configuration. The name field is // required. Overrides []*UpstreamConfig `json:",omitempty"` // Defaults contains default configuration for all upstreams of a given // service. The name field must be empty. Defaults *UpstreamConfig `json:",omitempty"` }
func (*UpstreamConfiguration) Clone ¶ added in v1.10.0
func (c *UpstreamConfiguration) Clone() *UpstreamConfiguration
type UpstreamKey ¶ added in v1.6.0
type UpstreamKey struct { DestinationType string DestinationName string DestinationPartition string DestinationNamespace string Datacenter string }
func (UpstreamKey) String ¶ added in v1.6.0
func (k UpstreamKey) String() string
type UpstreamLimits ¶ added in v1.10.0
type UpstreamLimits struct { // MaxConnections is the maximum number of connections the local proxy can // make to the upstream service. MaxConnections *int `json:",omitempty" alias:"max_connections"` // MaxPendingRequests is the maximum number of requests that will be queued // waiting for an available connection. This is mostly applicable to HTTP/1.1 // clusters since all HTTP/2 requests are streamed over a single // connection. MaxPendingRequests *int `json:",omitempty" alias:"max_pending_requests"` // MaxConcurrentRequests is the maximum number of in-flight requests that will be allowed // to the upstream cluster at a point in time. This is mostly applicable to HTTP/2 // clusters since all HTTP/1.1 requests are limited by MaxConnections. MaxConcurrentRequests *int `json:",omitempty" alias:"max_concurrent_requests"` }
UpstreamLimits describes the limits that are associated with a specific upstream of a service instance.
func (*UpstreamLimits) Clone ¶ added in v1.10.0
func (ul *UpstreamLimits) Clone() *UpstreamLimits
func (*UpstreamLimits) IsZero ¶ added in v1.10.0
func (ul *UpstreamLimits) IsZero() bool
func (UpstreamLimits) Validate ¶ added in v1.10.0
func (ul UpstreamLimits) Validate() error
type Upstreams ¶ added in v1.3.0
type Upstreams []Upstream
Upstreams is a list of upstreams. Aliased to allow ToAPI method.
func TestAddDefaultsToUpstreams ¶ added in v1.3.0
func TestAddDefaultsToUpstreams(t testing.T, upstreams []Upstream, entMeta acl.EnterpriseMeta) Upstreams
TestAddDefaultsToUpstreams takes an array of upstreams (such as that from TestUpstreams) and adds default values that are populated during registration. Use this for generating the expected Upstreams value after registration.
func TestUpstreams ¶ added in v1.3.0
func TestUpstreams(t testing.T) Upstreams
TestUpstreams returns a set of upstreams to be used in tests exercising most important configuration patterns.
func UpstreamsFromAPI ¶ added in v1.3.0
UpstreamsFromAPI is a helper for converting api.Upstream to Upstream.
type VaultAuthMethod ¶ added in v1.11.0
type VaultCAProviderConfig ¶ added in v1.2.0
type VaultCAProviderConfig struct { CommonCAProviderConfig `mapstructure:",squash"` Address string Token string RootPKIPath string IntermediatePKIPath string Namespace string CAFile string CAPath string CertFile string KeyFile string TLSServerName string TLSSkipVerify bool AuthMethod *VaultAuthMethod `alias:"auth_method"` }
type WarningConfigEntry ¶ added in v1.9.17
type WarningConfigEntry interface { Warnings() []string ConfigEntry }
WarningConfigEntry is an optional interface implemented by a ConfigEntry if it wants to be able to emit warnings when it is being upserted.
type WriteRequest ¶
type WriteRequest struct { // Token is the ACL token ID. If not provided, the 'anonymous' // token is assumed for backwards compatibility. Token string }
func (WriteRequest) AllowStaleRead ¶
func (w WriteRequest) AllowStaleRead() bool
func (WriteRequest) HasTimedOut ¶ added in v1.11.0
func (WriteRequest) IsRead ¶
func (w WriteRequest) IsRead() bool
WriteRequest only applies to writes, always false
func (*WriteRequest) SetTokenSecret ¶ added in v1.8.0
func (w *WriteRequest) SetTokenSecret(s string)
func (WriteRequest) TokenSecret ¶ added in v1.4.0
func (w WriteRequest) TokenSecret() string
Source Files ¶
- acl.go
- acl_cache.go
- acl_oss.go
- auto_encrypt.go
- autopilot.go
- autopilot_oss.go
- catalog.go
- catalog_oss.go
- check_definition.go
- check_type.go
- config_entry.go
- config_entry_discoverychain.go
- config_entry_discoverychain_oss.go
- config_entry_exports.go
- config_entry_gateways.go
- config_entry_intentions.go
- config_entry_intentions_oss.go
- config_entry_mesh.go
- config_entry_mesh_oss.go
- config_entry_oss.go
- connect.go
- connect_ca.go
- connect_oss.go
- connect_proxy_config.go
- connect_proxy_config_oss.go
- discovery_chain.go
- discovery_chain_oss.go
- errors.go
- federation_state.go
- identity.go
- intention.go
- intention_oss.go
- operator.go
- prepared_query.go
- protobuf_compat.go
- sanitize_oss.go
- service_definition.go
- snapshot.go
- structs.go
- structs_oss.go
- system_metadata.go
- testing.go
- testing_catalog.go
- testing_connect_proxy_config.go
- testing_intention.go
- testing_service_definition.go
- txn.go