xds

package
v1.4.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 4, 2019 License: MPL-2.0 Imports: 34 Imported by: 32

Documentation

Overview

Package xds provides an impementation of a gRPC service that exports Envoy's xDS API for config discovery. Specifically we support the Aggregated Discovery Service (ADS) only as we control all config.

A full description of the XDS protocol can be found at https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md

xds.Server also support ext_authz network filter API to authorize incoming connections to Envoy.

Index

Constants

View Source
const (

	// EndpointType is the TypeURL for Endpoint discovery responses.
	EndpointType = typePrefix + "ClusterLoadAssignment"

	// ClusterType is the TypeURL for Cluster discovery responses.
	ClusterType = typePrefix + "Cluster"

	// RouteType is the TypeURL for Route discovery responses.
	RouteType = typePrefix + "RouteConfiguration"

	// ListenerType is the TypeURL for Listener discovery responses.
	ListenerType = typePrefix + "Listener"

	// PublicListenerName is the name we give the public listener in Envoy config.
	PublicListenerName = "public_listener"

	// LocalAppClusterName is the name we give the local application "cluster" in
	// Envoy config.
	LocalAppClusterName = "local_app"

	// LocalAgentClusterName is the name we give the local agent "cluster" in
	// Envoy config.
	LocalAgentClusterName = "local_agent"

	// DefaultAuthCheckFrequency is the default value for
	// Server.AuthCheckFrequency to use when the zero value is provided.
	DefaultAuthCheckFrequency = 5 * time.Minute
)

Variables

This section is empty.

Functions

func TestCheckRequest

func TestCheckRequest(t testing.T, source, dest string) *envoyauth.CheckRequest

TestCheckRequest creates an envoyauth.CheckRequest with the source and destination service names.

Types

type ACLResolverFunc

type ACLResolverFunc func(id string) (acl.Authorizer, error)

ACLResolverFunc is a shim to resolve ACLs. Since ACL enforcement is so far entirely agent-local and all uses private methods this allows a simple shim to be written in the agent package to allow resolving without tightly coupling this to the agent.

type ADSStream

ADSStream is a shorter way of referring to this thing...

type ConfigManager

type ConfigManager interface {
	Watch(proxyID string) (<-chan *proxycfg.ConfigSnapshot, proxycfg.CancelFunc)
}

ConfigManager is the interface xds.Server requires to consume proxy config updates. It's satisfied normally by the agent's proxycfg.Manager, but allows easier testing without several layers of mocked cache, local state and proxycfg.Manager.

type ConnectAuthz

type ConnectAuthz interface {
	// ConnectAuthorize is implemented by Agent.ConnectAuthorize
	ConnectAuthorize(token string, req *structs.ConnectAuthorizeRequest) (authz bool, reason string, m *cache.ResultMeta, err error)
}

ConnectAuthz is the interface the agent needs to expose to be able to re-use the authorization logic between both APIs.

type Server

type Server struct {
	Logger       *log.Logger
	CfgMgr       ConfigManager
	Authz        ConnectAuthz
	ResolveToken ACLResolverFunc
	// AuthCheckFrequency is how often we should re-check the credentials used
	// during a long-lived gRPC Stream after it has been initially established.
	// This is only used during idle periods of stream interactions (i.e. when
	// there has been no recent DiscoveryRequest).
	AuthCheckFrequency time.Duration
}

Server represents a gRPC server that can handle both XDS and ext_authz requests from Envoy. All of it's public members must be set before the gRPC server is started.

A full description of the XDS protocol can be found at https://github.com/envoyproxy/data-plane-api/blob/master/XDS_PROTOCOL.md

func (*Server) Check

Check implements envoyauthz.AuthorizationServer.

func (*Server) GRPCServer

func (s *Server) GRPCServer(certFile, keyFile string) (*grpc.Server, error)

GRPCServer returns a server instance that can handle XDS and ext_authz requests.

func (*Server) IncrementalAggregatedResources

IncrementalAggregatedResources implements envoydisco.AggregatedDiscoveryServiceServer

func (*Server) Initialize added in v1.4.3

func (s *Server) Initialize()

Initialize will finish configuring the Server for first use.

func (*Server) StreamAggregatedResources

func (s *Server) StreamAggregatedResources(stream ADSStream) error

StreamAggregatedResources implements envoydisco.AggregatedDiscoveryServiceServer. This is the ADS endpoint which is the only xDS API we directly support for now.

type TestADSStream

type TestADSStream struct {
	// contains filtered or unexported fields
}

TestADSStream mocks discovery.AggregatedDiscoveryService_StreamAggregatedResourcesServer to allow testing ADS handler.

func NewTestADSStream

func NewTestADSStream(t testing.T, ctx context.Context) *TestADSStream

NewTestADSStream makes a new TestADSStream

func (*TestADSStream) Context

func (s *TestADSStream) Context() context.Context

Context implements ADSStream

func (*TestADSStream) Recv

func (s *TestADSStream) Recv() (*envoy.DiscoveryRequest, error)

Recv implements ADSStream

func (*TestADSStream) RecvMsg

func (s *TestADSStream) RecvMsg(m interface{}) error

RecvMsg implements ADSStream

func (*TestADSStream) Send

Send implements ADSStream

func (*TestADSStream) SendHeader

func (s *TestADSStream) SendHeader(metadata.MD) error

SendHeader implements ADSStream

func (*TestADSStream) SendMsg

func (s *TestADSStream) SendMsg(m interface{}) error

SendMsg implements ADSStream

func (*TestADSStream) SetHeader

func (s *TestADSStream) SetHeader(metadata.MD) error

SetHeader implements ADSStream

func (*TestADSStream) SetTrailer

func (s *TestADSStream) SetTrailer(metadata.MD)

SetTrailer implements ADSStream

type TestEnvoy

type TestEnvoy struct {
	sync.Mutex
	// contains filtered or unexported fields
}

TestEnvoy is a helper to simulate Envoy ADS requests.

func NewTestEnvoy

func NewTestEnvoy(t testing.T, proxyID, token string) *TestEnvoy

NewTestEnvoy creates a TestEnvoy instance.

func (*TestEnvoy) Close

func (e *TestEnvoy) Close() error

Close closes the client and cancels it's request context.

func (*TestEnvoy) SendReq

func (e *TestEnvoy) SendReq(t testing.T, typeURL string, version, nonce uint64)

SendReq sends a request from the test server.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL