proxycfg

package
v1.12.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 19, 2022 License: MPL-2.0 Imports: 33 Imported by: 32

Documentation

Overview

Package proxycfg provides a component that monitors local agent state for Connect proxy service registrations and maintains the necessary cache state for those proxies locally. Local cache state keeps pull based proxies (e.g. the built in one) performant even on first request/startup, and allows for push-based proxy APIs (e.g. xDS for Envoy) to be notified of updates to the proxy configuration.

The relationship with other agent components looks like this: 

   +------------------------------------------+
   | AGENT                                    |
   |                                          |
   | +--------+  1.  +----------+             |
   | | local  |<-----+ proxycfg |<--------+   |
   | | state  +----->| Manager  |<---+    |   |
   | +--------+  2.  +^---+-----+    |    |   |
   |                5.|   |          |    |   |
   |       +----------+   |  +-------+--+ |4. |
   |       |              +->| proxycfg | |   |
   |       |            3.|  |  State   | |   |
   |       |              |  +----------+ |   |
   |       |              |               |   |
   |       |              |  +----------+ |   |
   |       |              +->| proxycfg +-+   |
   |       |                 |  State   |     |
   |       |                 +----------+     |
   |       |6.                                |
   |  +----v---+                              |
   |  |   xDS  |                              |
   |  | Server |                              |
   |  +--------+                              |
   |                                          |
   +------------------------------------------+

1. Manager watches local state for changes.
2. On local state change manager is notified and iterates through state
   looking for proxy service registrations.
3. For each proxy service registered, the manager maintains a State
   instance, recreating on change, removing when deregistered.
4. State instance copies the parts of the the proxy service registration
   needed to configure proxy, and sets up blocking watches on the local
   agent cache for all remote state needed: root and leaf certs, intentions,
   and service discovery results for the specified upstreams. This ensures
   these results are always in local cache for "pull" based proxies like the
   built-in one.
5. If needed, pull-based proxy config APIs like the xDS server can Watch the
   config for a given proxy service.
6. Watchers get notified every time something changes the current snapshot
   of config for the proxy. That might be changes to the registration,
   certificate rotations, changes to the upstreams required (needing
   different listener config), or changes to the service discovery results
   for any upstream (e.g. new instance of upstream service came up).

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrStopped is returned from Run if the manager instance has already been
	// stopped.
	ErrStopped = errors.New("manager stopped")

	// ErrStarted is returned from Run if the manager instance has already run.
	ErrStarted = errors.New("manager was already run")
)

Functions

func ParseUpstreamIDString added in v1.12.0 

func ParseUpstreamIDString(input string) (typ, dc, name string, meta *acl.EnterpriseMeta)

func TestCacheWithTypes 

func TestCacheWithTypes(t testing.T, types *TestCacheTypes) *cache.Cache

TestCacheWithTypes registers ControllableCacheTypes for all types that proxycfg will watch suitable for testing a proxycfg.State or Manager.

func TestCerts 

func TestCerts(t testing.T) (*structs.IndexedCARoots, *structs.IssuedCert)

TestCerts generates a CA and Leaf suitable for returning as mock CA root/leaf cache requests.

func TestGatewayNodesDC1 added in v1.6.0 

func TestGatewayNodesDC1(t testing.T) structs.CheckServiceNodes

func TestGatewayNodesDC2 added in v1.6.0 

func TestGatewayNodesDC2(t testing.T) structs.CheckServiceNodes

func TestGatewayNodesDC3 added in v1.6.0 

func TestGatewayNodesDC3(t testing.T) structs.CheckServiceNodes

func TestGatewayNodesDC4Hostname added in v1.8.0 

func TestGatewayNodesDC4Hostname(t testing.T) structs.CheckServiceNodes

func TestGatewayNodesDC5Hostname added in v1.8.0 

func TestGatewayNodesDC5Hostname(t testing.T) structs.CheckServiceNodes

func TestGatewayNodesDC6Hostname added in v1.8.1 

func TestGatewayNodesDC6Hostname(t testing.T) structs.CheckServiceNodes

func TestGatewayServiceGroupBarDC1 added in v1.6.0 

func TestGatewayServiceGroupBarDC1(t testing.T) structs.CheckServiceNodes

func TestGatewayServiceGroupFooDC1 added in v1.6.0 

func TestGatewayServiceGroupFooDC1(t testing.T) structs.CheckServiceNodes

func TestIntentions 

func TestIntentions() *structs.IndexedIntentionMatches

TestIntentions returns a sample intentions match result useful to mocking service discovery cache results.

func TestLeafForCA 

func TestLeafForCA(t testing.T, ca *structs.CARoot) *structs.IssuedCert

TestLeafForCA generates new Leaf suitable for returning as mock CA leaf cache response, signed by an existing CA.

func TestPreparedQueryNodes added in v1.10.2 

func TestPreparedQueryNodes(t testing.T, query string) structs.CheckServiceNodes

TestPreparedQueryNodes returns instances of a service spread across two datacenters. The service instance names use a "-target" suffix to ensure we don't use the prepared query's name for SAN validation. The name of prepared queries won't always match the name of the service they target.

func TestUpstreamNodes 

func TestUpstreamNodes(t testing.T, service string) structs.CheckServiceNodes

TestUpstreamNodes returns a sample service discovery result useful to mocking service discovery cache results.

func TestUpstreamNodesAlternate added in v1.6.0 

func TestUpstreamNodesAlternate(t testing.T) structs.CheckServiceNodes

func TestUpstreamNodesDC2 added in v1.6.0 

func TestUpstreamNodesDC2(t testing.T) structs.CheckServiceNodes

func TestUpstreamNodesInStatus added in v1.6.0 

func TestUpstreamNodesInStatus(t testing.T, status string) structs.CheckServiceNodes

func TestUpstreamNodesInStatusDC2 added in v1.6.0 

func TestUpstreamNodesInStatusDC2(t testing.T, status string) structs.CheckServiceNodes

func UpstreamIDString added in v1.12.0 

func UpstreamIDString(typ, dc, name string, _ *acl.EnterpriseMeta) string

func UpstreamsToMap added in v1.12.0 

func UpstreamsToMap(us structs.Upstreams) map[UpstreamID]*structs.Upstream

Types

type CacheNotifier added in v1.6.0 

type CacheNotifier interface {
	Notify(ctx context.Context, t string, r cache.Request,
		correlationID string, ch chan<- cache.UpdateEvent) error
}

type CancelFunc 

type CancelFunc func()

CancelFunc is a type for a returned function that can be called to cancel a watch.

type ConfigSnapshot 

type ConfigSnapshot struct {
	Kind                  structs.ServiceKind
	Service               string
	ProxyID               structs.ServiceID
	Address               string
	Port                  int
	ServiceMeta           map[string]string
	TaggedAddresses       map[string]structs.ServiceAddress
	Proxy                 structs.ConnectProxyConfig
	Datacenter            string
	IntentionDefaultAllow bool
	Locality              GatewayKey

	ServerSNIFn ServerSNIFunc
	Roots       *structs.IndexedCARoots

	// connect-proxy specific
	ConnectProxy configSnapshotConnectProxy

	// terminating-gateway specific
	TerminatingGateway configSnapshotTerminatingGateway

	// mesh-gateway specific
	MeshGateway configSnapshotMeshGateway

	// ingress-gateway specific
	IngressGateway configSnapshotIngressGateway
}

ConfigSnapshot captures all the resulting config needed for a proxy instance. It is meant to be point-in-time coherent and is used to deliver the current config state to observers who need it to be pushed in (e.g. XDS server).

func TestConfigSnapshot 

func TestConfigSnapshot(t testing.T, nsFn func(ns *structs.NodeService), extraUpdates []cache.UpdateEvent) *ConfigSnapshot

TestConfigSnapshot returns a fully populated snapshot

func TestConfigSnapshotDiscoveryChain added in v1.6.0 

func TestConfigSnapshotDiscoveryChain(
	t testing.T,
	variation string,
	nsFn func(ns *structs.NodeService),
	extraUpdates []cache.UpdateEvent,
	additionalEntries ...structs.ConfigEntry,
) *ConfigSnapshot

TestConfigSnapshotDiscoveryChain returns a fully populated snapshot using a discovery chain

func TestConfigSnapshotExposeConfig added in v1.6.2 

func TestConfigSnapshotExposeConfig(t testing.T, nsFn func(ns *structs.NodeService)) *ConfigSnapshot

func TestConfigSnapshotGRPCExposeHTTP1 added in v1.8.0 

func TestConfigSnapshotGRPCExposeHTTP1(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGateway added in v1.8.0 

func TestConfigSnapshotIngressGateway(
	t testing.T,
	populateServices bool,
	protocol string,
	variation string,
	nsFn func(ns *structs.NodeService),
	configFn func(entry *structs.IngressGatewayConfigEntry),
	extraUpdates []cache.UpdateEvent,
	additionalEntries ...structs.ConfigEntry,
) *ConfigSnapshot

func TestConfigSnapshotIngressGatewaySDS_GatewayAndListenerLevel added in v1.12.0 

func TestConfigSnapshotIngressGatewaySDS_GatewayAndListenerLevel(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGatewaySDS_GatewayAndListenerLevel_HTTP added in v1.12.0 

func TestConfigSnapshotIngressGatewaySDS_GatewayAndListenerLevel_HTTP(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGatewaySDS_GatewayLevel added in v1.12.0 

func TestConfigSnapshotIngressGatewaySDS_GatewayLevel(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGatewaySDS_GatewayLevel_MixedTLS added in v1.12.0 

func TestConfigSnapshotIngressGatewaySDS_GatewayLevel_MixedTLS(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGatewaySDS_ListenerAndServiceLevel added in v1.12.0 

func TestConfigSnapshotIngressGatewaySDS_ListenerAndServiceLevel(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGatewaySDS_MixedNoTLS added in v1.12.0 

func TestConfigSnapshotIngressGatewaySDS_MixedNoTLS(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGatewaySDS_ServiceLevel added in v1.12.0 

func TestConfigSnapshotIngressGatewaySDS_ServiceLevel(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGatewayWithChain added in v1.12.0 

func TestConfigSnapshotIngressGatewayWithChain(
	t testing.T,
	variant string,
	webEntMeta, fooEntMeta *acl.EnterpriseMeta,
) *ConfigSnapshot

func TestConfigSnapshotIngressGateway_MixedListeners added in v1.12.0 

func TestConfigSnapshotIngressGateway_MixedListeners(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGateway_SingleTLSListener added in v1.12.0 

func TestConfigSnapshotIngressGateway_SingleTLSListener(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGateway_TLSMinVersionListenersGatewayDefaults added in v1.12.0 

func TestConfigSnapshotIngressGateway_TLSMinVersionListenersGatewayDefaults(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGateway_TLSMixedMinVersionListeners added in v1.12.0 

func TestConfigSnapshotIngressGateway_TLSMixedMinVersionListeners(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngress_GRPCMultipleServices added in v1.10.12 

func TestConfigSnapshotIngress_GRPCMultipleServices(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngress_HTTPMultipleServices added in v1.8.0 

func TestConfigSnapshotIngress_HTTPMultipleServices(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngress_MultipleListenersDuplicateService added in v1.8.0 

func TestConfigSnapshotIngress_MultipleListenersDuplicateService(t testing.T) *ConfigSnapshot

func TestConfigSnapshotMeshGateway added in v1.6.0 

func TestConfigSnapshotMeshGateway(t testing.T, variant string, nsFn func(ns *structs.NodeService), extraUpdates []cache.UpdateEvent) *ConfigSnapshot

func TestConfigSnapshotTerminatingGateway added in v1.8.0 

func TestConfigSnapshotTerminatingGateway(
	t testing.T,
	populateServices bool,
	nsFn func(ns *structs.NodeService),
	extraUpdates []agentcache.UpdateEvent,
) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayDefaultServiceSubset added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayDefaultServiceSubset(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayHTTP2 added in v1.12.3 

func TestConfigSnapshotTerminatingGatewayHTTP2(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayHostnameSubsets added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayHostnameSubsets(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayIgnoreExtraResolvers added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayIgnoreExtraResolvers(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayLBConfig added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayLBConfig(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayLBConfigNoHashPolicies added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayLBConfigNoHashPolicies(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewaySNI added in v1.12.0 

func TestConfigSnapshotTerminatingGatewaySNI(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayServiceSubsets added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayServiceSubsets(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayServiceSubsetsWebAndCache added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayServiceSubsetsWebAndCache(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewaySubsetsHTTP2 added in v1.12.3 

func TestConfigSnapshotTerminatingGatewaySubsetsHTTP2(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayWithLambdaService added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayWithLambdaService(t testing.T, extraUpdateEvents ...agentcache.UpdateEvent) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayWithLambdaServiceAndServiceResolvers added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayWithLambdaServiceAndServiceResolvers(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTransparentProxy added in v1.12.0 

func TestConfigSnapshotTransparentProxy(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTransparentProxyCatalogDestinationsOnly added in v1.12.0 

func TestConfigSnapshotTransparentProxyCatalogDestinationsOnly(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTransparentProxyDialDirectly added in v1.12.0 

func TestConfigSnapshotTransparentProxyDialDirectly(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTransparentProxyHTTPUpstream added in v1.12.0 

func TestConfigSnapshotTransparentProxyHTTPUpstream(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTransparentProxyResolverRedirectUpstream added in v1.12.6 

func TestConfigSnapshotTransparentProxyResolverRedirectUpstream(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTransparentProxyTerminatingGatewayCatalogDestinationsOnly added in v1.12.0 

func TestConfigSnapshotTransparentProxyTerminatingGatewayCatalogDestinationsOnly(t testing.T) *ConfigSnapshot

func (*ConfigSnapshot) Clone 

func (s *ConfigSnapshot) Clone() (*ConfigSnapshot, error)

Clone makes a deep copy of the snapshot we can send to other goroutines without worrying that they will racily read or mutate shared maps etc.

func (*ConfigSnapshot) Leaf 

func (s *ConfigSnapshot) Leaf() *structs.IssuedCert

func (*ConfigSnapshot) MeshConfig added in v1.12.0 

func (s *ConfigSnapshot) MeshConfig() *structs.MeshConfigEntry

func (*ConfigSnapshot) MeshConfigTLSIncoming added in v1.12.0 

func (s *ConfigSnapshot) MeshConfigTLSIncoming() *structs.MeshDirectionalTLSConfig

func (*ConfigSnapshot) MeshConfigTLSOutgoing added in v1.12.0 

func (s *ConfigSnapshot) MeshConfigTLSOutgoing() *structs.MeshDirectionalTLSConfig

func (*ConfigSnapshot) Valid 

func (s *ConfigSnapshot) Valid() bool

Valid returns whether or not the snapshot has all required fields filled yet.

type ConfigSnapshotUpstreams added in v1.8.0 

type ConfigSnapshotUpstreams struct {
	Leaf *structs.IssuedCert

	MeshConfig    *structs.MeshConfigEntry
	MeshConfigSet bool

	// DiscoveryChain is a map of UpstreamID -> CompiledDiscoveryChain's, and
	// is used to determine what services could be targeted by this upstream.
	// We then instantiate watches for those targets.
	DiscoveryChain map[UpstreamID]*structs.CompiledDiscoveryChain

	// WatchedDiscoveryChains is a map of UpstreamID -> CancelFunc's
	// in order to cancel any watches when the proxy's configuration is
	// changed. Ingress gateways and transparent proxies need this because
	// discovery chain watches are added and removed through the lifecycle
	// of a single proxycfg state instance.
	WatchedDiscoveryChains map[UpstreamID]context.CancelFunc

	// WatchedUpstreams is a map of UpstreamID -> (map of TargetID ->
	// CancelFunc's) in order to cancel any watches when the configuration is
	// changed.
	WatchedUpstreams map[UpstreamID]map[string]context.CancelFunc

	// WatchedUpstreamEndpoints is a map of UpstreamID -> (map of
	// TargetID -> CheckServiceNodes) and is used to determine the backing
	// endpoints of an upstream.
	WatchedUpstreamEndpoints map[UpstreamID]map[string]structs.CheckServiceNodes

	// WatchedGateways is a map of UpstreamID -> (map of GatewayKey.String() ->
	// CancelFunc) in order to cancel watches for mesh gateways
	WatchedGateways map[UpstreamID]map[string]context.CancelFunc

	// WatchedGatewayEndpoints is a map of UpstreamID -> (map of
	// GatewayKey.String() -> CheckServiceNodes) and is used to determine the
	// backing endpoints of a mesh gateway.
	WatchedGatewayEndpoints map[UpstreamID]map[string]structs.CheckServiceNodes

	// UpstreamConfig is a map to an upstream's configuration.
	UpstreamConfig map[UpstreamID]*structs.Upstream

	// PassthroughEndpoints is a map of: UpstreamID -> (map of TargetID ->
	// (set of IP addresses)). It contains the upstream endpoints that
	// can be dialed directly by a transparent proxy.
	PassthroughUpstreams map[UpstreamID]map[string]map[string]struct{}

	// PassthroughIndices is a map of: address -> indexedTarget.
	// It is used to track the modify index associated with a passthrough address.
	// Tracking this index helps break ties when a single address is shared by
	// more than one upstream due to a race.
	PassthroughIndices map[string]indexedTarget

	// IntentionUpstreams is a set of upstreams inferred from intentions.
	//
	// This list only applies to proxies registered in 'transparent' mode.
	IntentionUpstreams map[UpstreamID]struct{}
}

TODO(ingress): Can we think of a better for this bag of data? A shared data structure that contains information about discovered upstreams

type ControllableCacheType 

type ControllableCacheType struct {
	// contains filtered or unexported fields
}

ControllableCacheType is a cache.Type that simulates a typical blocking RPC but lets us control the responses and when they are delivered easily.

func NewControllableCacheType 

func NewControllableCacheType(t testing.T) *ControllableCacheType

NewControllableCacheType returns a cache.Type that can be controlled for testing.

func (*ControllableCacheType) Fetch 

func (ct *ControllableCacheType) Fetch(opts cache.FetchOptions, req cache.Request) (cache.FetchResult, error)

Fetch implements cache.Type. It simulates blocking or non-blocking queries.

func (*ControllableCacheType) RegisterOptions added in v1.8.0 

func (ct *ControllableCacheType) RegisterOptions() cache.RegisterOptions

func (*ControllableCacheType) Set 

func (ct *ControllableCacheType) Set(key string, value interface{})

Set sets the response value to be returned from subsequent cache gets for the type.

type DNSConfig added in v1.8.0 

type DNSConfig struct {
	Domain    string
	AltDomain string
}

type GatewayKey added in v1.11.0 

type GatewayKey struct {
	Datacenter string
	Partition  string
}

func (GatewayKey) IsEmpty added in v1.11.0 

func (k GatewayKey) IsEmpty() bool

func (GatewayKey) Matches added in v1.11.0 

func (k GatewayKey) Matches(dc, partition string) bool

func (GatewayKey) String added in v1.11.0 

func (k GatewayKey) String() string

type Health added in v1.10.0 

type Health interface {
	Notify(ctx context.Context, req structs.ServiceSpecificRequest, correlationID string, ch chan<- cache.UpdateEvent) error
}

type IngressListenerKey added in v1.8.0 

type IngressListenerKey struct {
	Protocol string
	Port     int
}

func IngressListenerKeyFromGWService added in v1.11.0 

func IngressListenerKeyFromGWService(s structs.GatewayService) IngressListenerKey

func IngressListenerKeyFromListener added in v1.11.0 

func IngressListenerKeyFromListener(l structs.IngressListener) IngressListenerKey

func (*IngressListenerKey) RouteName added in v1.8.0 

func (k *IngressListenerKey) RouteName() string

type Manager 

type Manager struct {
	ManagerConfig
	// contains filtered or unexported fields
}

Manager is a component that integrates into the agent and manages Connect proxy configuration state. This should not be confused with the deprecated "managed proxy" concept where the agent supervises the actual proxy process. proxycfg.Manager is oblivious to the distinction and manages state for any service registered with Kind == connect-proxy.

The Manager ensures that any Connect proxy registered on the agent has all the state it needs cached locally via the agent cache. State includes certificates, intentions, and service discovery results for any declared upstreams. See package docs for more detail.

func NewManager 

func NewManager(cfg ManagerConfig) (*Manager, error)

NewManager constructs a manager from the provided agent cache.

func (*Manager) Close 

func (m *Manager) Close() error

Close removes all state and stops all running goroutines.

func (*Manager) Run 

func (m *Manager) Run() error

Run is the long-running method that handles state syncing. It should be run in it's own goroutine and will continue until a fatal error is hit or Close is called. Run will return an error if it is called more than once, or called after Close.

func (*Manager) Watch 

func (m *Manager) Watch(proxyID structs.ServiceID) (<-chan *ConfigSnapshot, CancelFunc)

Watch registers a watch on a proxy. It might not exist yet in which case this will not fail, but no updates will be delivered until the proxy is registered. If there is already a valid snapshot in memory, it will be delivered immediately.

type ManagerConfig 

type ManagerConfig struct {
	// Cache is the agent's cache instance that can be used to retrieve, store and
	// monitor state for the proxies.
	Cache *cache.Cache
	// Health provides service health updates on a notification channel.
	Health Health
	// state is the agent's local state to be watched for new proxy registrations.
	State *local.State
	// source describes the current agent's identity, it's used directly for
	// prepared query discovery but also indirectly as a way to pass current
	// Datacenter name into other request types that need it. This is sufficient
	// for now and cleaner than passing the entire RuntimeConfig.
	Source *structs.QuerySource
	// DNSConfig is the agent's relevant DNS config for any proxies.
	DNSConfig DNSConfig
	// logger is the agent's logger to be used for logging logs.
	Logger          hclog.Logger
	TLSConfigurator *tlsutil.Configurator
	// Tokens configured on the local agent. Used to look up the agent token if
	// a service is registered without a token.
	Tokens *token.Store

	// IntentionDefaultAllow is set by the agent so that we can pass this
	// information to proxies that need to make intention decisions on their
	// own.
	IntentionDefaultAllow bool
}

ManagerConfig holds the required external dependencies for a Manager instance. All fields must be set to something valid or the manager will panic. The ManagerConfig is passed by value to NewManager so the passed value can be mutated safely.

type ServerSNIFunc added in v1.8.0 

type ServerSNIFunc func(dc, nodeName string) string

type TestCacheTypes 

type TestCacheTypes struct {
	// contains filtered or unexported fields
}

TestCacheTypes encapsulates all the different cache types proxycfg.State will watch/request for controlling one during testing.

func NewTestCacheTypes 

func NewTestCacheTypes(t testing.T) *TestCacheTypes

NewTestCacheTypes creates a set of ControllableCacheTypes for all types that proxycfg will watch suitable for testing a proxycfg.State or Manager.

type UpstreamID added in v1.12.0 

type UpstreamID struct {
	Type       string
	Name       string
	Datacenter string
	acl.EnterpriseMeta
}

func NewUpstreamID added in v1.12.0 

func NewUpstreamID(u *structs.Upstream) UpstreamID

func NewUpstreamIDFromServiceID added in v1.12.0 

func NewUpstreamIDFromServiceID(sid structs.ServiceID) UpstreamID

func NewUpstreamIDFromServiceName added in v1.12.0 

func NewUpstreamIDFromServiceName(sn structs.ServiceName) UpstreamID

func NewUpstreamIDFromTargetID added in v1.12.0 

func NewUpstreamIDFromTargetID(tid string) UpstreamID

func UpstreamIDFromString added in v1.12.0 

func UpstreamIDFromString(input string) UpstreamID

func (UpstreamID) EnvoyID added in v1.12.0 

func (u UpstreamID) EnvoyID() string

EnvoyID returns a string representation that uniquely identifies the upstream in a canonical but human readable way.

This should be used for any situation where we generate identifiers in Envoy xDS structures for this upstream.

This will ensure that generated identifiers for the same thing in OSS and Enterprise render the same and omit default namespaces and partitions.

func (UpstreamID) GoString added in v1.12.0 

func (u UpstreamID) GoString() string

func (UpstreamID) String added in v1.12.0 

func (u UpstreamID) String() string

String encodes the UpstreamID into a string for use in agent cache keys. You can decode it back again using UpstreamIDFromString.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.