proxycfg

package
v1.15.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 23, 2023 License: MPL-2.0 Imports: 39 Imported by: 32

Documentation

Overview

Package proxycfg contains components for sourcing the data required to configure Connect proxies. The Manager provides an API with which proxy services can be registered, and coordinates the fetching (and refreshing) of intentions, upstreams, discovery chain, certificates etc. Consumers such as the xDS server can then subscribe to receive snapshots of this data whenever it changes.

Consul client agents support the configuration of proxies locally registered to them, whereas Consul servers support both this and proxies in the catalog.

The following diagram depicts the component relationships on a server, as this is the more complex mode of operation: 

	               +-------+       1.       +------------+
	               | Local | ◀------------▶ | Local      |
	               | State |                | State Sync |
	               +-------+                +-----+------+
	                 ▲                            |
	                 |     +---------------+      | 2.
	              4. | 4a. | Local         |      |
	                 | +-▶ | Config Source +-+    |
	                 | |   +---------------+ |    |
	                 | |                     ▼    ▼
	+--------+ 3.  +-+-+-----------+ 6.    +----------+ 2a.  +----------+
	| xDS    +---▶ | Catalog       +-----▶ | proxycfg +----▶ | proxycfg |
	| Server | ◀---+ Config Source +-----▶ | Manager  +--+   | State    |
	+--------+  8. +----+----------+ 7.    +----------+  |   +----------+
	                 5. |                                |
	                    ▼                            7a. |   +----------+
	                  +-------+                          +-▶ | proxycfg |
	                  | State |                              | State    |
	                  | Store |                              +----------+
	                  +-------+

1. local.Sync watches the agent's local state for changes.
2. If any sidecar proxy or gateway services are registered to the local agent
   they are sync'd to the proxycfg.Manager.
   2a. proxycfg.Manager creates a state object for the service and begins
       pre-fetching data (go to 8).
3. Client begins a stream and the xDS server calls Watch on its ConfigSource -
   on a client agent this would be a local config source, on a server it would
   be a catalog config source.
4. The catalog config source will check if service is registered locally.
   4a. If the service *is* registered locally it hands off the the local config
      source, which calls Watch on the proxycfg manager (and serves the pre-
      fetched data).
5. Otherwise, it fetches the service from the state store.
6. It calls Watch on the proxycfg manager.
7. It registers the service with the proxycfg manager.
	  7a. See: 2a.
8. xDS server receives snapshots of configuration data whenever it changes.

Index

Constants

View Source 
const (
	DestinationConfigEntryID = "destination:"
	DestinationGatewayID     = "dest-gateway:"
)

Variables

This section is empty.

Functions

func IsTerminalError added in v1.14.0 

func IsTerminalError(err error) bool

IsTerminalError returns whether the given error indicates that the data source is in an irrecoverably broken state so watches should be torn down and retried at a higher level.

func ParseUpstreamIDString added in v1.12.0 

func ParseUpstreamIDString(input string) (typ, dc, name string, meta *acl.EnterpriseMeta, peerName string)

func TerminalError added in v1.14.0 

func TerminalError(err error) error

TerminalError wraps the given error to indicate that the data source is in an irrecoverably broken state (e.g. because the given ACL token has been deleted).

Setting UpdateEvent.Err to a TerminalError causes all watches to be canceled which, in turn, terminates the xDS streams.

func TestCerts 

func TestCerts(t testing.T) (*structs.IndexedCARoots, *structs.IssuedCert)

TestCerts generates a CA and Leaf suitable for returning as mock CA root/leaf cache requests.

func TestCertsForMeshGateway added in v1.13.0 

func TestCertsForMeshGateway(t testing.T) (*structs.IndexedCARoots, *structs.IssuedCert)

TestCertsForMeshGateway generates a CA and Leaf suitable for returning as mock CA root/leaf cache requests in a mesh-gateway for peering.

func TestGatewayNodesDC1 added in v1.6.0 

func TestGatewayNodesDC1(t testing.T) structs.CheckServiceNodes

func TestGatewayNodesDC2 added in v1.6.0 

func TestGatewayNodesDC2(t testing.T) structs.CheckServiceNodes

func TestGatewayNodesDC3 added in v1.6.0 

func TestGatewayNodesDC3(t testing.T) structs.CheckServiceNodes

func TestGatewayNodesDC4Hostname added in v1.8.0 

func TestGatewayNodesDC4Hostname(t testing.T) structs.CheckServiceNodes

func TestGatewayNodesDC5Hostname added in v1.8.0 

func TestGatewayNodesDC5Hostname(t testing.T) structs.CheckServiceNodes

func TestGatewayNodesDC6Hostname added in v1.8.1 

func TestGatewayNodesDC6Hostname(t testing.T) structs.CheckServiceNodes

func TestGatewayServiceGroupBarDC1 added in v1.6.0 

func TestGatewayServiceGroupBarDC1(t testing.T) structs.CheckServiceNodes

func TestGatewayServiceGroupFooDC1 added in v1.6.0 

func TestGatewayServiceGroupFooDC1(t testing.T) structs.CheckServiceNodes

func TestIntentions 

func TestIntentions() structs.Intentions

TestIntentions returns a sample intentions match result useful to mocking service discovery cache results.

func TestLeafForCA 

func TestLeafForCA(t testing.T, ca *structs.CARoot) *structs.IssuedCert

TestLeafForCA generates new Leaf suitable for returning as mock CA leaf cache response, signed by an existing CA.

func TestMeshGatewayLeafForCA added in v1.13.0 

func TestMeshGatewayLeafForCA(t testing.T, ca *structs.CARoot) *structs.IssuedCert

TestMeshGatewayLeafForCA generates new mesh-gateway Leaf suitable for returning as mock CA leaf cache response, signed by an existing CA.

func TestPeerTrustBundles added in v1.13.0 

func TestPeerTrustBundles(t testing.T) *pbpeering.TrustBundleListByServiceResponse

func TestPreparedQueryNodes added in v1.10.2 

func TestPreparedQueryNodes(t testing.T, query string) structs.CheckServiceNodes

TestPreparedQueryNodes returns instances of a service spread across two datacenters. The service instance names use a "-target" suffix to ensure we don't use the prepared query's name for SAN validation. The name of prepared queries won't always match the name of the service they target.

func TestUpstreamNodes 

func TestUpstreamNodes(t testing.T, service string) structs.CheckServiceNodes

TestUpstreamNodes returns a sample service discovery result useful to mocking service discovery cache results.

func TestUpstreamNodesAlternate added in v1.6.0 

func TestUpstreamNodesAlternate(t testing.T) structs.CheckServiceNodes

func TestUpstreamNodesDC2 added in v1.6.0 

func TestUpstreamNodesDC2(t testing.T) structs.CheckServiceNodes

func TestUpstreamNodesInStatus added in v1.6.0 

func TestUpstreamNodesInStatus(t testing.T, status string) structs.CheckServiceNodes

func TestUpstreamNodesInStatusDC2 added in v1.6.0 

func TestUpstreamNodesInStatusDC2(t testing.T, status string) structs.CheckServiceNodes

func UpstreamIDString added in v1.12.0 

func UpstreamIDString(typ, dc, name string, _ *acl.EnterpriseMeta, peerName string) string

func UpstreamsToMap added in v1.12.0 

func UpstreamsToMap(us structs.Upstreams) map[UpstreamID]*structs.Upstream

Types

type APIGatewayListenerKey added in v1.15.0 

type APIGatewayListenerKey = IngressListenerKey

type CARoots added in v1.13.0 

type CARoots interface {
	Notify(ctx context.Context, req *structs.DCSpecificRequest, correlationID string, ch chan<- UpdateEvent) error
}

CARoots is the interface used to consume updates about the CA root certificates.

type CancelFunc 

type CancelFunc func()

CancelFunc is a type for a returned function that can be called to cancel a watch.

type CompiledDiscoveryChain added in v1.13.0 

type CompiledDiscoveryChain interface {
	Notify(ctx context.Context, req *structs.DiscoveryChainRequest, correlationID string, ch chan<- UpdateEvent) error
}

CompiledDiscoveryChain is the interface used to consume updates about the compiled discovery chain for a service.

type ConfigEntry added in v1.13.0 

type ConfigEntry interface {
	Notify(ctx context.Context, req *structs.ConfigEntryQuery, correlationID string, ch chan<- UpdateEvent) error
}

ConfigEntry is the interface used to consume updates about a single config entry.

type ConfigEntryList added in v1.13.0 

type ConfigEntryList interface {
	Notify(ctx context.Context, req *structs.ConfigEntryQuery, correlationID string, ch chan<- UpdateEvent) error
}

ConfigEntryList is the interface used to consume updates about a list of config entries.

type ConfigSnapshot 

type ConfigSnapshot struct {
	Kind                  structs.ServiceKind
	Service               string
	ProxyID               ProxyID
	Address               string
	Port                  int
	ServiceMeta           map[string]string
	TaggedAddresses       map[string]structs.ServiceAddress
	Proxy                 structs.ConnectProxyConfig
	Datacenter            string
	IntentionDefaultAllow bool
	Locality              GatewayKey

	ServerSNIFn ServerSNIFunc
	Roots       *structs.IndexedCARoots

	// connect-proxy specific
	ConnectProxy configSnapshotConnectProxy

	// terminating-gateway specific
	TerminatingGateway configSnapshotTerminatingGateway

	// mesh-gateway specific
	MeshGateway configSnapshotMeshGateway

	// ingress-gateway specific
	IngressGateway configSnapshotIngressGateway

	// api-gateway specific
	APIGateway configSnapshotAPIGateway
}

ConfigSnapshot captures all the resulting config needed for a proxy instance. It is meant to be point-in-time coherent and is used to deliver the current config state to observers who need it to be pushed in (e.g. XDS server).

func TestConfigSnapshot 

func TestConfigSnapshot(t testing.T, nsFn func(ns *structs.NodeService), extraUpdates []UpdateEvent) *ConfigSnapshot

TestConfigSnapshot returns a fully populated snapshot

func TestConfigSnapshotAPIGateway added in v1.15.0 

func TestConfigSnapshotAPIGateway(
	t testing.T,
	variation string,
	nsFn func(ns *structs.NodeService),
	configFn func(entry *structs.APIGatewayConfigEntry, boundEntry *structs.BoundAPIGatewayConfigEntry),
	routes []structs.BoundRoute,
	certificates []structs.InlineCertificateConfigEntry,
	extraUpdates []UpdateEvent,
	additionalEntries ...structs.ConfigEntry,
) *ConfigSnapshot

func TestConfigSnapshotAPIGateway_NilConfigEntry added in v1.15.0 

func TestConfigSnapshotAPIGateway_NilConfigEntry(
	t testing.T,
) *ConfigSnapshot

TestConfigSnapshotAPIGateway_NilConfigEntry is used to test when the update event for the config entry returns nil since this always happens on the first watch if it doesn't exist.

func TestConfigSnapshotDiscoveryChain added in v1.6.0 

func TestConfigSnapshotDiscoveryChain(
	t testing.T,
	variation string,
	enterprise bool,
	nsFn func(ns *structs.NodeService),
	extraUpdates []UpdateEvent,
	additionalEntries ...structs.ConfigEntry,
) *ConfigSnapshot

TestConfigSnapshotDiscoveryChain returns a fully populated snapshot using a discovery chain

func TestConfigSnapshotExposeChecks added in v1.13.0 

func TestConfigSnapshotExposeChecks(t testing.T) *ConfigSnapshot

func TestConfigSnapshotExposeConfig added in v1.6.2 

func TestConfigSnapshotExposeConfig(t testing.T, nsFn func(ns *structs.NodeService)) *ConfigSnapshot

func TestConfigSnapshotGRPCExposeHTTP1 added in v1.8.0 

func TestConfigSnapshotGRPCExposeHTTP1(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGateway added in v1.8.0 

func TestConfigSnapshotIngressGateway(
	t testing.T,
	populateServices bool,
	protocol string,
	variation string,
	nsFn func(ns *structs.NodeService),
	configFn func(entry *structs.IngressGatewayConfigEntry),
	extraUpdates []UpdateEvent,
	additionalEntries ...structs.ConfigEntry,
) *ConfigSnapshot

func TestConfigSnapshotIngressGatewaySDS_GatewayAndListenerLevel added in v1.12.0 

func TestConfigSnapshotIngressGatewaySDS_GatewayAndListenerLevel(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGatewaySDS_GatewayAndListenerLevel_HTTP added in v1.12.0 

func TestConfigSnapshotIngressGatewaySDS_GatewayAndListenerLevel_HTTP(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGatewaySDS_GatewayLevel added in v1.12.0 

func TestConfigSnapshotIngressGatewaySDS_GatewayLevel(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGatewaySDS_GatewayLevel_MixedTLS added in v1.12.0 

func TestConfigSnapshotIngressGatewaySDS_GatewayLevel_MixedTLS(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGatewaySDS_ListenerAndServiceLevel added in v1.12.0 

func TestConfigSnapshotIngressGatewaySDS_ListenerAndServiceLevel(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGatewaySDS_MixedNoTLS added in v1.12.0 

func TestConfigSnapshotIngressGatewaySDS_MixedNoTLS(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGatewaySDS_ServiceLevel added in v1.12.0 

func TestConfigSnapshotIngressGatewaySDS_ServiceLevel(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGatewayWithChain added in v1.12.0 

func TestConfigSnapshotIngressGatewayWithChain(
	t testing.T,
	variant string,
	webEntMeta, fooEntMeta *acl.EnterpriseMeta,
) *ConfigSnapshot

func TestConfigSnapshotIngressGateway_GWTLSListener_MixedHTTP2gRPC added in v1.14.0 

func TestConfigSnapshotIngressGateway_GWTLSListener_MixedHTTP2gRPC(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGateway_MixedListeners added in v1.12.0 

func TestConfigSnapshotIngressGateway_MixedListeners(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGateway_MultiTLSListener_MixedHTTP2gRPC added in v1.14.0 

func TestConfigSnapshotIngressGateway_MultiTLSListener_MixedHTTP2gRPC(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGateway_NilConfigEntry added in v1.15.0 

func TestConfigSnapshotIngressGateway_NilConfigEntry(
	t testing.T,
) *ConfigSnapshot

TestConfigSnapshotIngressGateway_NilConfigEntry is used to test when the update event for the config entry returns nil since this always happens on the first watch if it doesn't exist.

func TestConfigSnapshotIngressGateway_SingleTLSListener added in v1.12.0 

func TestConfigSnapshotIngressGateway_SingleTLSListener(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGateway_SingleTLSListener_GRPC added in v1.14.0 

func TestConfigSnapshotIngressGateway_SingleTLSListener_GRPC(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGateway_SingleTLSListener_HTTP2 added in v1.14.0 

func TestConfigSnapshotIngressGateway_SingleTLSListener_HTTP2(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGateway_TLSMinVersionListenersGatewayDefaults added in v1.12.0 

func TestConfigSnapshotIngressGateway_TLSMinVersionListenersGatewayDefaults(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngressGateway_TLSMixedMinVersionListeners added in v1.12.0 

func TestConfigSnapshotIngressGateway_TLSMixedMinVersionListeners(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngress_GRPCMultipleServices added in v1.10.12 

func TestConfigSnapshotIngress_GRPCMultipleServices(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngress_HTTPMultipleServices added in v1.8.0 

func TestConfigSnapshotIngress_HTTPMultipleServices(t testing.T) *ConfigSnapshot

func TestConfigSnapshotIngress_MultipleListenersDuplicateService added in v1.8.0 

func TestConfigSnapshotIngress_MultipleListenersDuplicateService(t testing.T) *ConfigSnapshot

func TestConfigSnapshotMeshGateway added in v1.6.0 

func TestConfigSnapshotMeshGateway(t testing.T, variant string, nsFn func(ns *structs.NodeService), extraUpdates []UpdateEvent) *ConfigSnapshot

func TestConfigSnapshotPeeredMeshGateway added in v1.13.0 

func TestConfigSnapshotPeeredMeshGateway(t testing.T, variant string, nsFn func(ns *structs.NodeService), extraUpdates []UpdateEvent) *ConfigSnapshot

func TestConfigSnapshotPeering added in v1.13.0 

func TestConfigSnapshotPeering(t testing.T) *ConfigSnapshot

func TestConfigSnapshotPeeringLocalMeshGateway added in v1.14.0 

func TestConfigSnapshotPeeringLocalMeshGateway(t testing.T) *ConfigSnapshot

func TestConfigSnapshotPeeringTProxy added in v1.13.0 

func TestConfigSnapshotPeeringTProxy(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTelemetryCollector added in v1.15.3 

func TestConfigSnapshotTelemetryCollector(t testing.T) *ConfigSnapshot

TestConfigSnapshotTelemetryCollector returns a fully populated snapshot using a discovery chain

func TestConfigSnapshotTerminatingGateway added in v1.8.0 

func TestConfigSnapshotTerminatingGateway(t testing.T, populateServices bool, nsFn func(ns *structs.NodeService), extraUpdates []UpdateEvent) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayDefaultServiceSubset added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayDefaultServiceSubset(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayDestinations added in v1.13.0 

func TestConfigSnapshotTerminatingGatewayDestinations(t testing.T, populateDestinations bool, extraUpdates []UpdateEvent) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayHTTP2 added in v1.12.3 

func TestConfigSnapshotTerminatingGatewayHTTP2(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayHostnameSubsets added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayHostnameSubsets(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayIgnoreExtraResolvers added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayIgnoreExtraResolvers(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayLBConfig added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayLBConfig(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayLBConfigNoHashPolicies added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayLBConfigNoHashPolicies(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewaySNI added in v1.12.0 

func TestConfigSnapshotTerminatingGatewaySNI(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayServiceSubsets added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayServiceSubsets(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayServiceSubsetsWebAndCache added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayServiceSubsetsWebAndCache(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewaySubsetsHTTP2 added in v1.12.3 

func TestConfigSnapshotTerminatingGatewaySubsetsHTTP2(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayWithLambdaService added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayWithLambdaService(t testing.T, extraUpdateEvents ...UpdateEvent) *ConfigSnapshot

func TestConfigSnapshotTerminatingGatewayWithLambdaServiceAndServiceResolvers added in v1.12.0 

func TestConfigSnapshotTerminatingGatewayWithLambdaServiceAndServiceResolvers(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTransparentProxy added in v1.12.0 

func TestConfigSnapshotTransparentProxy(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTransparentProxyCatalogDestinationsOnly added in v1.12.0 

func TestConfigSnapshotTransparentProxyCatalogDestinationsOnly(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTransparentProxyDestination added in v1.13.0 

func TestConfigSnapshotTransparentProxyDestination(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTransparentProxyDestinationHTTP added in v1.13.0 

func TestConfigSnapshotTransparentProxyDestinationHTTP(t testing.T, nsFn func(ns *structs.NodeService)) *ConfigSnapshot

func TestConfigSnapshotTransparentProxyDialDirectly added in v1.12.0 

func TestConfigSnapshotTransparentProxyDialDirectly(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTransparentProxyHTTPUpstream added in v1.12.0 

func TestConfigSnapshotTransparentProxyHTTPUpstream(t testing.T, additionalEntries ...structs.ConfigEntry) *ConfigSnapshot

func TestConfigSnapshotTransparentProxyResolverRedirectUpstream added in v1.12.6 

func TestConfigSnapshotTransparentProxyResolverRedirectUpstream(t testing.T) *ConfigSnapshot

func TestConfigSnapshotTransparentProxyTerminatingGatewayCatalogDestinationsOnly added in v1.12.0 

func TestConfigSnapshotTransparentProxyTerminatingGatewayCatalogDestinationsOnly(t testing.T) *ConfigSnapshot

func (*ConfigSnapshot) Clone 

func (s *ConfigSnapshot) Clone() *ConfigSnapshot

Clone makes a deep copy of the snapshot we can send to other goroutines without worrying that they will racily read or mutate shared maps etc.

func (*ConfigSnapshot) DeepCopy added in v1.13.7 

func (o *ConfigSnapshot) DeepCopy() *ConfigSnapshot

DeepCopy generates a deep copy of *ConfigSnapshot

func (*ConfigSnapshot) GetMeshGatewayEndpoints added in v1.13.0 

func (c *ConfigSnapshot) GetMeshGatewayEndpoints(key GatewayKey) structs.CheckServiceNodes

func (*ConfigSnapshot) Leaf 

func (s *ConfigSnapshot) Leaf() *structs.IssuedCert

func (*ConfigSnapshot) MeshConfig added in v1.12.0 

func (s *ConfigSnapshot) MeshConfig() *structs.MeshConfigEntry

func (*ConfigSnapshot) MeshConfigTLSIncoming added in v1.12.0 

func (s *ConfigSnapshot) MeshConfigTLSIncoming() *structs.MeshDirectionalTLSConfig

func (*ConfigSnapshot) MeshConfigTLSOutgoing added in v1.12.0 

func (s *ConfigSnapshot) MeshConfigTLSOutgoing() *structs.MeshDirectionalTLSConfig

func (*ConfigSnapshot) MeshGatewayValidExportedServices added in v1.13.0 

func (c *ConfigSnapshot) MeshGatewayValidExportedServices() []structs.ServiceName

MeshGatewayValidExportedServices ensures that the following data is present if it exists for a service before it returns that in the set of services to expose.

- peering info - discovery chain

func (*ConfigSnapshot) PeeringTrustBundles added in v1.13.0 

func (s *ConfigSnapshot) PeeringTrustBundles() []*pbpeering.PeeringTrustBundle

func (*ConfigSnapshot) RootPEMs added in v1.13.0 

func (s *ConfigSnapshot) RootPEMs() string

RootPEMs returns all PEM-encoded public certificates for the root CA.

func (*ConfigSnapshot) ToConfigSnapshotUpstreams added in v1.14.0 

func (s *ConfigSnapshot) ToConfigSnapshotUpstreams() (*ConfigSnapshotUpstreams, error)

func (*ConfigSnapshot) Valid 

func (s *ConfigSnapshot) Valid() bool

Valid returns whether or not the snapshot has all required fields filled yet.

type ConfigSnapshotUpstreams added in v1.8.0 

type ConfigSnapshotUpstreams struct {
	Leaf *structs.IssuedCert

	MeshConfig    *structs.MeshConfigEntry
	MeshConfigSet bool

	// DiscoveryChain is a map of UpstreamID -> CompiledDiscoveryChain's, and
	// is used to determine what services could be targeted by this upstream.
	// We then instantiate watches for those targets.
	DiscoveryChain map[UpstreamID]*structs.CompiledDiscoveryChain

	// WatchedDiscoveryChains is a map of UpstreamID -> CancelFunc's
	// in order to cancel any watches when the proxy's configuration is
	// changed. Ingress gateways and transparent proxies need this because
	// discovery chain watches are added and removed through the lifecycle
	// of a single proxycfg state instance.
	WatchedDiscoveryChains map[UpstreamID]context.CancelFunc

	// WatchedUpstreams is a map of UpstreamID -> (map of TargetID ->
	// CancelFunc's) in order to cancel any watches when the configuration is
	// changed.
	WatchedUpstreams map[UpstreamID]map[string]context.CancelFunc

	// WatchedUpstreamEndpoints is a map of UpstreamID -> (map of
	// TargetID -> CheckServiceNodes) and is used to determine the backing
	// endpoints of an upstream.
	WatchedUpstreamEndpoints map[UpstreamID]map[string]structs.CheckServiceNodes

	// UpstreamPeerTrustBundles is a map of (PeerName -> PeeringTrustBundle).
	// It is used to store trust bundles for upstream TLS transport sockets.
	UpstreamPeerTrustBundles watch.Map[PeerName, *pbpeering.PeeringTrustBundle]

	// WatchedGateways is a map of UpstreamID -> (map of GatewayKey.String() ->
	// CancelFunc) in order to cancel watches for mesh gateways
	WatchedGateways map[UpstreamID]map[string]context.CancelFunc

	// WatchedGatewayEndpoints is a map of UpstreamID -> (map of
	// GatewayKey.String() -> CheckServiceNodes) and is used to determine the
	// backing endpoints of a mesh gateway.
	WatchedGatewayEndpoints map[UpstreamID]map[string]structs.CheckServiceNodes

	// WatchedLocalGWEndpoints is used to store the backing endpoints of
	// a local mesh gateway. Currently, this is used by peered upstreams
	// configured with local mesh gateway mode so that they can watch for
	// gateway endpoints.
	//
	// Note that the string form of GatewayKey is used as the key so empty
	// fields can be normalized in OSS.
	//   GatewayKey.String() -> structs.CheckServiceNodes
	WatchedLocalGWEndpoints watch.Map[string, structs.CheckServiceNodes]

	// UpstreamConfig is a map to an upstream's configuration.
	UpstreamConfig map[UpstreamID]*structs.Upstream

	// PassthroughEndpoints is a map of: UpstreamID -> (map of TargetID ->
	// (set of IP addresses)). It contains the upstream endpoints that
	// can be dialed directly by a transparent proxy.
	PassthroughUpstreams map[UpstreamID]map[string]map[string]struct{}

	// PassthroughIndices is a map of: address -> indexedTarget.
	// It is used to track the modify index associated with a passthrough address.
	// Tracking this index helps break ties when a single address is shared by
	// more than one upstream due to a race.
	PassthroughIndices map[string]indexedTarget

	// IntentionUpstreams is a set of upstreams inferred from intentions.
	//
	// This list only applies to proxies registered in 'transparent' mode.
	IntentionUpstreams map[UpstreamID]struct{}

	// PeeredUpstreams is a set of all upstream targets in a local partition.
	//
	// This list only applies to proxies registered in 'transparent' mode.
	PeeredUpstreams map[UpstreamID]struct{}

	// PeerUpstreamEndpoints is a map of UpstreamID -> (set of IP addresses)
	// and used to determine the backing endpoints of an upstream in another
	// peer.
	PeerUpstreamEndpoints watch.Map[UpstreamID, structs.CheckServiceNodes]

	PeerUpstreamEndpointsUseHostnames map[UpstreamID]struct{}
}

TODO(ingress): Can we think of a better for this bag of data? A shared data structure that contains information about discovered upstreams

func (*ConfigSnapshotUpstreams) DeepCopy added in v1.13.7 

func (o *ConfigSnapshotUpstreams) DeepCopy() *ConfigSnapshotUpstreams

DeepCopy generates a deep copy of *ConfigSnapshotUpstreams

func (*ConfigSnapshotUpstreams) PeeredUpstreamIDs added in v1.13.0 

func (u *ConfigSnapshotUpstreams) PeeredUpstreamIDs() []UpstreamID

PeeredUpstreamIDs returns a slice of peered UpstreamIDs from explicit config entries and implicit imported services. Upstreams whose trust bundles have not been stored in the snapshot are ignored.

func (*ConfigSnapshotUpstreams) UpstreamPeerMeta added in v1.13.0 

func (u *ConfigSnapshotUpstreams) UpstreamPeerMeta(uid UpstreamID) (structs.PeeringServiceMeta, bool)

type ControllableCacheType 

type ControllableCacheType struct {
	// contains filtered or unexported fields
}

ControllableCacheType is a cache.Type that simulates a typical blocking RPC but lets us control the responses and when they are delivered easily.

func NewControllableCacheType 

func NewControllableCacheType(t testing.T) *ControllableCacheType

NewControllableCacheType returns a cache.Type that can be controlled for testing.

func (*ControllableCacheType) Fetch 

func (ct *ControllableCacheType) Fetch(opts cache.FetchOptions, req cache.Request) (cache.FetchResult, error)

Fetch implements cache.Type. It simulates blocking or non-blocking queries.

func (*ControllableCacheType) RegisterOptions added in v1.8.0 

func (ct *ControllableCacheType) RegisterOptions() cache.RegisterOptions

func (*ControllableCacheType) Set 

func (ct *ControllableCacheType) Set(key string, value interface{})

Set sets the response value to be returned from subsequent cache gets for the type.

type DNSConfig added in v1.8.0 

type DNSConfig struct {
	Domain    string
	AltDomain string
}

type DataSources added in v1.13.0 

type DataSources struct {
	// CARoots provides updates about the CA root certificates on a notification
	// channel.
	CARoots CARoots

	// CompiledDiscoveryChain provides updates about a service's discovery chain
	// on a notification channel.
	CompiledDiscoveryChain CompiledDiscoveryChain

	// ConfigEntry provides updates about a single config entry on a notification
	// channel.
	ConfigEntry ConfigEntry

	// ConfigEntryList provides updates about a list of config entries on a
	// notification channel.
	ConfigEntryList ConfigEntryList

	// Datacenters provides updates about federated datacenters on a notification
	// channel.
	Datacenters Datacenters

	// FederationStateListMeshGateways is the interface used to consume updates
	// about mesh gateways from the federation state.
	FederationStateListMeshGateways FederationStateListMeshGateways

	// GatewayServices provides updates about a gateway's upstream services on a
	// notification channel.
	GatewayServices GatewayServices

	// ServiceGateways provides updates about a gateway's upstream services on a
	// notification channel.
	ServiceGateways ServiceGateways

	// Health provides service health updates on a notification channel.
	Health Health

	// HTTPChecks provides updates about a service's HTTP and gRPC checks on a
	// notification channel.
	HTTPChecks HTTPChecks

	// Intentions provides intention updates on a notification channel.
	Intentions Intentions

	// IntentionUpstreams provides intention-inferred upstream updates on a
	// notification channel.
	IntentionUpstreams IntentionUpstreams

	// IntentionUpstreamsDestination provides intention-inferred upstream updates on a
	// notification channel.
	IntentionUpstreamsDestination IntentionUpstreams

	// InternalServiceDump provides updates about services of a given kind (e.g.
	// mesh gateways) on a notification channel.
	InternalServiceDump InternalServiceDump

	// LeafCertificate provides updates about the service's leaf certificate on a
	// notification channel.
	LeafCertificate LeafCertificate

	// PeeredUpstreams provides imported-service upstream updates on a
	// notification channel.
	PeeredUpstreams PeeredUpstreams

	// PeeringList provides peering updates on a notification channel.
	PeeringList PeeringList

	// PreparedQuery provides updates about the results of a prepared query.
	PreparedQuery PreparedQuery

	// ResolvedServiceConfig provides updates about a service's resolved config.
	ResolvedServiceConfig ResolvedServiceConfig

	// ServiceList provides updates about the list of all services in a datacenter
	// on a notification channel.
	ServiceList ServiceList

	// TrustBundle provides updates about the trust bundle for a single peer.
	TrustBundle TrustBundle

	// TrustBundleList provides updates about the list of trust bundles for
	// peered clusters that the given proxy is exported to.
	TrustBundleList TrustBundleList

	// ExportedPeeredServices provides updates about the list of all exported
	// services in a datacenter on a notification channel.
	ExportedPeeredServices ExportedPeeredServices

	DataSourcesEnterprise
}

DataSources contains the dependencies used to consume data used to configure proxies.

type DataSourcesEnterprise added in v1.13.0 

type DataSourcesEnterprise struct{}

type Datacenters added in v1.13.0 

type Datacenters interface {
	Notify(ctx context.Context, req *structs.DatacentersRequest, correlationID string, ch chan<- UpdateEvent) error
}

Datacenters is the interface used to consume updates about federated datacenters.

type ExportedPeeredServices added in v1.13.0 

type ExportedPeeredServices interface {
	Notify(ctx context.Context, req *structs.DCSpecificRequest, correlationID string, ch chan<- UpdateEvent) error
}

ExportedPeeredServices is the interface used to consume updates about the list of all services exported to peers in a datacenter.

type FederationStateListMeshGateways added in v1.13.0 

type FederationStateListMeshGateways interface {
	Notify(ctx context.Context, req *structs.DCSpecificRequest, correlationID string, ch chan<- UpdateEvent) error
}

FederationStateListMeshGateways is the interface used to consume updates about mesh gateways from the federation state.

type GatewayKey added in v1.11.0 

type GatewayKey struct {
	Datacenter string
	Partition  string
}

func (GatewayKey) IsEmpty added in v1.11.0 

func (k GatewayKey) IsEmpty() bool

func (GatewayKey) Matches added in v1.11.0 

func (k GatewayKey) Matches(dc, partition string) bool

func (GatewayKey) String added in v1.11.0 

func (k GatewayKey) String() string

type GatewayServices added in v1.13.0 

type GatewayServices interface {
	Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- UpdateEvent) error
}

GatewayServices is the interface used to consume updates about a gateway's upstream services.

type HTTPChecks added in v1.13.0 

type HTTPChecks interface {
	Notify(ctx context.Context, req *cachetype.ServiceHTTPChecksRequest, correlationID string, ch chan<- UpdateEvent) error
}

HTTPChecks is the interface used to consume updates about a service's HTTP and gRPC-based checks (in order to determine which paths to expose through the proxy).

type Health added in v1.10.0 

type Health interface {
	Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- UpdateEvent) error
}

Health is the interface used to consume service health updates.

type IngressListenerKey added in v1.8.0 

type IngressListenerKey struct {
	Protocol string
	Port     int
}

func IngressListenerKeyFromGWService added in v1.11.0 

func IngressListenerKeyFromGWService(s structs.GatewayService) IngressListenerKey

func IngressListenerKeyFromListener added in v1.11.0 

func IngressListenerKeyFromListener(l structs.IngressListener) IngressListenerKey

func (*IngressListenerKey) RouteName added in v1.8.0 

func (k *IngressListenerKey) RouteName() string

type IntentionUpstreams added in v1.13.0 

type IntentionUpstreams interface {
	Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- UpdateEvent) error
}

IntentionUpstreams is the interface used to consume updates about upstreams inferred from service intentions.

type Intentions added in v1.13.0 

type Intentions interface {
	Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- UpdateEvent) error
}

Intentions is the interface used to consume intention updates.

type InternalServiceDump added in v1.13.0 

type InternalServiceDump interface {
	Notify(ctx context.Context, req *structs.ServiceDumpRequest, correlationID string, ch chan<- UpdateEvent) error
}

InternalServiceDump is the interface used to consume updates about services of a given kind (e.g. mesh gateways).

type LeafCertificate added in v1.13.0 

type LeafCertificate interface {
	Notify(ctx context.Context, req *cachetype.ConnectCALeafRequest, correlationID string, ch chan<- UpdateEvent) error
}

LeafCertificate is the interface used to consume updates about a service's leaf certificate.

type Manager 

type Manager struct {
	ManagerConfig
	// contains filtered or unexported fields
}

Manager provides an API with which proxy services can be registered, and coordinates the fetching (and refreshing) of intentions, upstreams, discovery chain, certificates etc.

Consumers such as the xDS server can then subscribe to receive snapshots of this data whenever it changes.

See package docs for more detail.

func NewManager 

func NewManager(cfg ManagerConfig) (*Manager, error)

NewManager constructs a Manager.

func (*Manager) Close 

func (m *Manager) Close() error

Close removes all state and stops all running goroutines.

func (*Manager) Deregister added in v1.13.0 

func (m *Manager) Deregister(id ProxyID, source ProxySource)

Deregister the given proxy service, but only if it was registered by the same source.

func (*Manager) Register added in v1.13.0 

func (m *Manager) Register(id ProxyID, ns *structs.NodeService, source ProxySource, token string, overwrite bool) error

Register and start fetching resources for the given proxy service. If the given service was already registered by a different source (e.g. we began tracking it from the catalog, but then it was registered to the server agent locally) the service will be left as-is unless overwrite is true.

func (*Manager) RegisteredProxies added in v1.13.0 

func (m *Manager) RegisteredProxies(source ProxySource) []ProxyID

RegisteredProxies returns a list of the proxies tracked by Manager, filtered by source.

func (*Manager) SetUpdateRateLimit added in v1.14.0 

func (m *Manager) SetUpdateRateLimit(l rate.Limit)

SetUpdateRateLimit configures the update rate limit (see ManagerConfig).

func (*Manager) UpdateRateLimit added in v1.14.0 

func (m *Manager) UpdateRateLimit() rate.Limit

UpdateRateLimit returns the configured update rate limit (see ManagerConfig).

func (*Manager) Watch 

func (m *Manager) Watch(id ProxyID) (<-chan *ConfigSnapshot, CancelFunc)

Watch registers a watch on a proxy. It might not exist yet in which case this will not fail, but no updates will be delivered until the proxy is registered. If there is already a valid snapshot in memory, it will be delivered immediately.

type ManagerConfig 

type ManagerConfig struct {
	// DataSources contains the dependencies used to consume data used to configure
	// proxies.
	DataSources DataSources
	// source describes the current agent's identity, it's used directly for
	// prepared query discovery but also indirectly as a way to pass current
	// Datacenter name into other request types that need it. This is sufficient
	// for now and cleaner than passing the entire RuntimeConfig.
	Source *structs.QuerySource
	// DNSConfig is the agent's relevant DNS config for any proxies.
	DNSConfig DNSConfig
	// logger is the agent's logger to be used for logging logs.
	Logger          hclog.Logger
	TLSConfigurator *tlsutil.Configurator

	// IntentionDefaultAllow is set by the agent so that we can pass this
	// information to proxies that need to make intention decisions on their
	// own.
	IntentionDefaultAllow bool

	// UpdateRateLimit controls the rate at which config snapshots are delivered
	// when updates are received from data sources. This enables us to reduce the
	// impact of updates to "global" resources (e.g. proxy-defaults and wildcard
	// intentions) that could otherwise saturate system resources, and cause Raft
	// or gossip instability.
	//
	// Defaults to rate.Inf (no rate limit).
	UpdateRateLimit rate.Limit
}

ManagerConfig holds the required external dependencies for a Manager instance. All fields must be set to something valid or the manager will panic. The ManagerConfig is passed by value to NewManager so the passed value can be mutated safely.

type PeerName added in v1.13.0 

type PeerName = string

type PeerServersValue added in v1.14.0 

type PeerServersValue struct {
	Addresses []structs.ServiceAddress
	Index     uint64
	UseCDS    bool
}

func (*PeerServersValue) DeepCopy added in v1.14.0 

func (o *PeerServersValue) DeepCopy() *PeerServersValue

DeepCopy generates a deep copy of *PeerServersValue

type PeeredUpstreams added in v1.13.0 

type PeeredUpstreams interface {
	Notify(ctx context.Context, req *structs.PartitionSpecificRequest, correlationID string, ch chan<- UpdateEvent) error
}

PeeredUpstreams is the interface used to consume updates about upstreams for all peered targets in a given partition.

type PeeringList added in v1.14.0 

type PeeringList interface {
	Notify(ctx context.Context, req *cachetype.PeeringListRequest, correlationID string, ch chan<- UpdateEvent) error
}

PeeringList is the interface used to consume updates about peerings in the cluster or partition

type PeeringServiceValue added in v1.14.0 

type PeeringServiceValue struct {
	Nodes  structs.CheckServiceNodes
	UseCDS bool
}

func (*PeeringServiceValue) DeepCopy added in v1.14.0 

func (o *PeeringServiceValue) DeepCopy() *PeeringServiceValue

DeepCopy generates a deep copy of *PeeringServiceValue

type PreparedQuery added in v1.13.0 

type PreparedQuery interface {
	Notify(ctx context.Context, req *structs.PreparedQueryExecuteRequest, correlationID string, ch chan<- UpdateEvent) error
}

PreparedQuery is the interface used to consume updates about the results of a prepared query.

type ProxyID added in v1.13.0 

type ProxyID struct {
	structs.ServiceID

	// NodeName identifies the node to which the proxy is registered.
	NodeName string

	// Token is used to track watches on the same proxy with different ACL tokens
	// separately, to prevent accidental security bugs.
	//
	// Note: this can be different to the ACL token used for authorization that is
	// passed to Register (e.g. agent-local services are registered ahead-of-time
	// with a token that may be different to the one presented in the xDS stream).
	Token string
}

ProxyID is a handle on a proxy service instance being tracked by Manager.

type ProxySource added in v1.13.0 

type ProxySource string

ProxySource identifies where a proxy service tracked by Manager came from, such as the agent's local state or the catalog. It's used to prevent sources from overwriting each other's registrations.

type ResolvedServiceConfig added in v1.13.0 

type ResolvedServiceConfig interface {
	Notify(ctx context.Context, req *structs.ServiceConfigRequest, correlationID string, ch chan<- UpdateEvent) error
}

ResolvedServiceConfig is the interface used to consume updates about a service's resolved config.

type ServerSNIFunc added in v1.8.0 

type ServerSNIFunc func(dc, nodeName string) string

type ServiceGateways added in v1.13.0 

type ServiceGateways interface {
	Notify(ctx context.Context, req *structs.ServiceSpecificRequest, correlationID string, ch chan<- UpdateEvent) error
}

ServiceGateways is the interface used to consume updates about a service terminating gateways

type ServiceList added in v1.13.0 

type ServiceList interface {
	Notify(ctx context.Context, req *structs.DCSpecificRequest, correlationID string, ch chan<- UpdateEvent) error
}

ServiceList is the interface used to consume updates about the list of all services in a datacenter.

type TestDataSource added in v1.13.0 

type TestDataSource[ReqType cache.Request, ValType any] struct {
	// contains filtered or unexported fields
}

func NewTestDataSource added in v1.13.0 

func NewTestDataSource[ReqType cache.Request, ValType any]() *TestDataSource[ReqType, ValType]

NewTestDataSource creates a test data source that accepts requests to Notify of type RequestType and dispatches UpdateEvents with a result of type ValType.

TODO(agentless): we still depend on cache.Request here because it provides the CacheInfo method used for hashing the request - this won't work when we extract this package into a shared library.

func (*TestDataSource[ReqType, ValType]) LastReq added in v1.13.0 

func (t *TestDataSource[ReqType, ValType]) LastReq() ReqType

LastReq returns the request from the last call to Notify that was received.

func (*TestDataSource[ReqType, ValType]) Notify added in v1.13.0 

func (t *TestDataSource[ReqType, ValType]) Notify(ctx context.Context, req ReqType, correlationID string, ch chan<- UpdateEvent) error

Notify satisfies the interfaces used by Manager to subscribe to data.

func (*TestDataSource[ReqType, ValType]) Set added in v1.13.0 

func (t *TestDataSource[ReqType, ValType]) Set(req ReqType, val ValType) error

Set broadcasts the given value to consumers that subscribed with the given request.

type TestDataSources added in v1.13.0 

type TestDataSources struct {
	CARoots                         *TestDataSource[*structs.DCSpecificRequest, *structs.IndexedCARoots]
	CompiledDiscoveryChain          *TestDataSource[*structs.DiscoveryChainRequest, *structs.DiscoveryChainResponse]
	ConfigEntry                     *TestDataSource[*structs.ConfigEntryQuery, *structs.ConfigEntryResponse]
	ConfigEntryList                 *TestDataSource[*structs.ConfigEntryQuery, *structs.IndexedConfigEntries]
	FederationStateListMeshGateways *TestDataSource[*structs.DCSpecificRequest, *structs.DatacenterIndexedCheckServiceNodes]
	Datacenters                     *TestDataSource[*structs.DatacentersRequest, *[]string]
	GatewayServices                 *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedGatewayServices]
	ServiceGateways                 *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedServiceNodes]
	Health                          *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedCheckServiceNodes]
	HTTPChecks                      *TestDataSource[*cachetype.ServiceHTTPChecksRequest, []structs.CheckType]
	Intentions                      *TestDataSource[*structs.ServiceSpecificRequest, structs.Intentions]
	IntentionUpstreams              *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedServiceList]
	IntentionUpstreamsDestination   *TestDataSource[*structs.ServiceSpecificRequest, *structs.IndexedServiceList]
	InternalServiceDump             *TestDataSource[*structs.ServiceDumpRequest, *structs.IndexedCheckServiceNodes]
	LeafCertificate                 *TestDataSource[*cachetype.ConnectCALeafRequest, *structs.IssuedCert]
	PeeringList                     *TestDataSource[*cachetype.PeeringListRequest, *pbpeering.PeeringListResponse]
	PeeredUpstreams                 *TestDataSource[*structs.PartitionSpecificRequest, *structs.IndexedPeeredServiceList]
	PreparedQuery                   *TestDataSource[*structs.PreparedQueryExecuteRequest, *structs.PreparedQueryExecuteResponse]
	ResolvedServiceConfig           *TestDataSource[*structs.ServiceConfigRequest, *structs.ServiceConfigResponse]
	ServiceList                     *TestDataSource[*structs.DCSpecificRequest, *structs.IndexedServiceList]
	TrustBundle                     *TestDataSource[*cachetype.TrustBundleReadRequest, *pbpeering.TrustBundleReadResponse]
	TrustBundleList                 *TestDataSource[*cachetype.TrustBundleListRequest, *pbpeering.TrustBundleListByServiceResponse]

	TestDataSourcesEnterprise
}

func NewTestDataSources added in v1.13.0 

func NewTestDataSources() *TestDataSources

NewTestDataSources creates a set of data sources that can be used to provide the Manager with data in tests.

func (*TestDataSources) ToDataSources added in v1.13.0 

func (t *TestDataSources) ToDataSources() DataSources

type TestDataSourcesEnterprise added in v1.13.0 

type TestDataSourcesEnterprise struct{}

type TrustBundle added in v1.13.0 

type TrustBundle interface {
	Notify(ctx context.Context, req *cachetype.TrustBundleReadRequest, correlationID string, ch chan<- UpdateEvent) error
}

TrustBundle is the interface used to consume updates about a single peer's trust bundle.

type TrustBundleList added in v1.13.0 

type TrustBundleList interface {
	Notify(ctx context.Context, req *cachetype.TrustBundleListRequest, correlationID string, ch chan<- UpdateEvent) error
}

TrustBundleList is the interface used to consume updates about trust bundles for peered clusters that the given proxy is exported to.

type UpdateEvent added in v1.13.0 

type UpdateEvent struct {
	CorrelationID string
	Result        interface{}
	Err           error
}

UpdateEvent contains new data for a resource we are subscribed to (e.g. an agent cache entry).

type UpstreamID added in v1.12.0 

type UpstreamID struct {
	Type       string
	Name       string
	Datacenter string
	// If Peer is not empty, Namespace refers to the remote
	// peer namespace and Partition refers to the local partition
	Peer string
	acl.EnterpriseMeta
}

func NewUpstreamID added in v1.12.0 

func NewUpstreamID(u *structs.Upstream) UpstreamID

func NewUpstreamIDFromPeeredServiceName added in v1.13.0 

func NewUpstreamIDFromPeeredServiceName(psn structs.PeeredServiceName) UpstreamID

func NewUpstreamIDFromServiceID added in v1.12.0 

func NewUpstreamIDFromServiceID(sid structs.ServiceID) UpstreamID

TODO(peering): confirm we don't need peername here

func NewUpstreamIDFromServiceName added in v1.12.0 

func NewUpstreamIDFromServiceName(sn structs.ServiceName) UpstreamID

func NewUpstreamIDFromTargetID added in v1.12.0 

func NewUpstreamIDFromTargetID(tid string) UpstreamID

func NewWildcardUID added in v1.14.4 

func NewWildcardUID(entMeta *acl.EnterpriseMeta) UpstreamID

func UpstreamIDFromString added in v1.12.0 

func UpstreamIDFromString(input string) UpstreamID

func (UpstreamID) EnvoyID added in v1.12.0 

func (u UpstreamID) EnvoyID() string

EnvoyID returns a string representation that uniquely identifies the upstream in a canonical but human readable way.

This should be used for any situation where we generate identifiers in Envoy xDS structures for this upstream.

This will ensure that generated identifiers for the same thing in OSS and Enterprise render the same and omit default namespaces and partitions.

func (UpstreamID) GoString added in v1.12.0 

func (u UpstreamID) GoString() string

func (UpstreamID) String added in v1.12.0 

func (u UpstreamID) String() string

String encodes the UpstreamID into a string for use in agent cache keys. You can decode it back again using UpstreamIDFromString.

Source Files

View all Source files

Directories

Path Synopsis
internal
watch

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.