structs

package
v1.6.0-beta1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 8, 2019 License: MPL-2.0 Imports: 36 Imported by: 703

Documentation

Index

Constants

View Source
const (

	// This policy gives unlimited access to everything. Users
	// may rename if desired but cannot delete or modify the rules.
	ACLPolicyGlobalManagementID = "00000000-0000-0000-0000-000000000001"
	ACLPolicyGlobalManagement   = `` /* 340-byte string literal not displayed */

	// This is the policy ID for anonymous access. This is configurable by the
	// user.
	ACLTokenAnonymousID = "00000000-0000-0000-0000-000000000002"

	ACLReservedPrefix = "00000000-0000-0000-0000-0000000000"
)
View Source
const (
	// BindingRuleBindTypeService is the binding rule bind type that
	// assigns a Service Identity to the token that is created using the value
	// of the computed BindName as the ServiceName like:
	//
	// &ACLToken{
	//   ...other fields...
	//   ServiceIdentities: []*ACLServiceIdentity{
	//     &ACLServiceIdentity{
	//       ServiceName: "<computed BindName>",
	//     },
	//   },
	// }
	BindingRuleBindTypeService = "service"

	// BindingRuleBindTypeRole is the binding rule bind type that only allows
	// the binding rule to function if a role with the given name (BindName)
	// exists at login-time. If it does the token that is created is directly
	// linked to that role like:
	//
	// &ACLToken{
	//   ...other fields...
	//   Roles: []ACLTokenRoleLink{
	//     { Name: "<computed BindName>" }
	//   }
	// }
	//
	// If it does not exist at login-time the rule is ignored.
	BindingRuleBindTypeRole = "role"
)
View Source
const (
	// ACLTokenTypeClient tokens have rules applied
	ACLTokenTypeClient = "client"

	// ACLTokenTypeManagement tokens have an always allow policy, so they can
	// make other tokens and can access all resources.
	ACLTokenTypeManagement = "management"

	// ACLTokenTypeNone
	ACLTokenTypeNone = ""
)
View Source
const (
	SerfCheckID           types.CheckID = "serfHealth"
	SerfCheckName                       = "Serf Health Status"
	SerfCheckAliveOutput                = "Agent alive and reachable"
	SerfCheckFailedOutput               = "Agent not live or unreachable"
)

These are used to manage the built-in "serfHealth" check that's attached to every node in the catalog.

View Source
const (
	// These are used to manage the "consul" service that's attached to every
	// Consul server node in the catalog.
	ConsulServiceID   = "consul"
	ConsulServiceName = "consul"
)
View Source
const (
	ServiceDefaults string = "service-defaults"
	ProxyDefaults   string = "proxy-defaults"
	ServiceRouter   string = "service-router"
	ServiceSplitter string = "service-splitter"
	ServiceResolver string = "service-resolver"

	ProxyConfigGlobal string = "global"

	DefaultServiceProtocol = "tcp"
)
View Source
const (
	ConsulCAProvider = "consul"
	VaultCAProvider  = "vault"
)
View Source
const (
	UpstreamDestTypeService       = "service"
	UpstreamDestTypePreparedQuery = "prepared_query"
)
View Source
const (
	DiscoveryGraphNodeTypeRouter        = "router"
	DiscoveryGraphNodeTypeSplitter      = "splitter"
	DiscoveryGraphNodeTypeGroupResolver = "group-resolver"
)
View Source
const (
	// IntentionWildcard is the wildcard value.
	IntentionWildcard = "*"

	// IntentionDefaultNamespace is the default namespace value.
	// NOTE(mitchellh): This is only meant to be a temporary constant.
	// When namespaces are introduced, we should delete this constant and
	// fix up all the places where this was used with the proper namespace
	// value.
	IntentionDefaultNamespace = "default"
)
View Source
const (
	RegisterRequestType             MessageType = 0
	DeregisterRequestType                       = 1
	KVSRequestType                              = 2
	SessionRequestType                          = 3
	ACLRequestType                              = 4 // DEPRECATED (ACL-Legacy-Compat)
	TombstoneRequestType                        = 5
	CoordinateBatchUpdateType                   = 6
	PreparedQueryRequestType                    = 7
	TxnRequestType                              = 8
	AutopilotRequestType                        = 9
	AreaRequestType                             = 10
	ACLBootstrapRequestType                     = 11
	IntentionRequestType                        = 12
	ConnectCARequestType                        = 13
	ConnectCAProviderStateType                  = 14
	ConnectCAConfigType                         = 15 // FSM snapshots only.
	IndexRequestType                            = 16 // FSM snapshots only.
	ACLTokenSetRequestType                      = 17
	ACLTokenDeleteRequestType                   = 18
	ACLPolicySetRequestType                     = 19
	ACLPolicyDeleteRequestType                  = 20
	ConnectCALeafRequestType                    = 21
	ConfigEntryRequestType                      = 22
	ACLRoleSetRequestType                       = 23
	ACLRoleDeleteRequestType                    = 24
	ACLBindingRuleSetRequestType                = 25
	ACLBindingRuleDeleteRequestType             = 26
	ACLAuthMethodSetRequestType                 = 27
	ACLAuthMethodDeleteRequestType              = 28
)

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

View Source
const (
	// IgnoreUnknownTypeFlag is set along with a MessageType
	// to indicate that the message type can be safely ignored
	// if it is not recognized. This is for future proofing, so
	// that new commands can be added in a way that won't cause
	// old servers to crash when the FSM attempts to process them.
	IgnoreUnknownTypeFlag MessageType = 128

	// NodeMaint is the special key set by a node in maintenance mode.
	NodeMaint = "_node_maintenance"

	// ServiceMaintPrefix is the prefix for a service in maintenance mode.
	ServiceMaintPrefix = "_service_maintenance:"

	// MetaSegmentKey is the node metadata key used to store the node's network segment
	MetaSegmentKey = "consul-network-segment"

	// MaxLockDelay provides a maximum LockDelay value for
	// a session. Any value above this will not be respected.
	MaxLockDelay = 60 * time.Second
)
View Source
const (
	SessionTTLMax        = 24 * time.Hour
	SessionTTLMultiplier = 2
)
View Source
const (
	KeyringList    KeyringOp = "list"
	KeyringInstall           = "install"
	KeyringUse               = "use"
	KeyringRemove            = "remove"
)
View Source
const (
	// QueryTemplateTypeNamePrefixMatch uses the Name field of the query as
	// a prefix to select the template.
	QueryTemplateTypeNamePrefixMatch = "name_prefix_match"
)

Variables

View Source
var (
	ErrNoLeader                   = errors.New(errNoLeader)
	ErrNoDCPath                   = errors.New(errNoDCPath)
	ErrNoServers                  = errors.New(errNoServers)
	ErrNotReadyForConsistentReads = errors.New(errNotReadyForConsistentReads)
	ErrSegmentsNotSupported       = errors.New(errSegmentsNotSupported)
	ErrRPCRateExceeded            = errors.New(errRPCRateExceeded)
)
View Source
var ACLBootstrapInvalidResetIndexErr = errors.New("Invalid ACL bootstrap reset index")

ACLBootstrapInvalidResetIndexErr is returned when bootstrap is requested with a non-zero reset index but the index doesn't match the bootstrap index

View Source
var ACLBootstrapNotAllowedErr = errors.New("ACL bootstrap no longer allowed")

ACLBootstrapNotAllowedErr is returned once we know that a bootstrap can no longer be done since the cluster was bootstrapped

View Source
var ACLBootstrapNotInitializedErr = errors.New("ACL bootstrap not initialized, need to force a leader election and ensure all Consul servers support this feature")

ACLBootstrapNotInitializedErr is returned when a bootstrap is attempted but we haven't yet initialized ACL bootstrap. It provides some guidance to operators on how to proceed.

Functions

func ACLIDReserved added in v1.4.0

func ACLIDReserved(id string) bool

func Decode

func Decode(buf []byte, out interface{}) error

Decode is used to decode a MsgPack encoded object

func Encode

func Encode(t MessageType, msg interface{}) ([]byte, error)

Encode is used to encode a MsgPack object with type prefix

func IsErrNoLeader added in v1.0.0

func IsErrNoLeader(err error) bool

func IsErrRPCRateExceeded added in v0.9.3

func IsErrRPCRateExceeded(err error) bool

func IsErrServiceNotFound added in v1.4.1

func IsErrServiceNotFound(err error) bool

func NormalizeServiceSplitWeight added in v1.6.0

func NormalizeServiceSplitWeight(weight float32) float32

func ParseDurationFunc added in v1.2.3

func ParseDurationFunc() mapstructure.DecodeHookFunc

ParseDurationFunc is a mapstructure hook for decoding a string or []uint8 into a time.Duration value.

func SanitizeLegacyACLToken added in v1.4.0

func SanitizeLegacyACLToken(token *ACLToken)

SanitizeLegacyACLToken does nothing in the OSS builds. It does not mutate the input argument at all.

In enterprise builds this hook is necessary to support fixing old multiline HCL strings in legacy token Sentinel policies into heredocs. If the token was updated and previously had a Hash set, this will also update it.

DEPRECATED (ACL-Legacy-Compat)

func SanitizeLegacyACLTokenRules added in v1.4.0

func SanitizeLegacyACLTokenRules(rules string) string

SanitizeLegacyACLTokenRules does nothing in the OSS builds. It always returns an empty string.

In enterprise builds this hook is necessary to support fixing any old multiline HCL strings in legacy token Sentinel policies into heredocs.

DEPRECATED (ACL-Legacy-Compat)

func SatisfiesMetaFilters

func SatisfiesMetaFilters(meta map[string]string, filters map[string]string) bool

SatisfiesMetaFilters returns true if the metadata map contains the given filters

func Uint8ToString added in v1.2.3

func Uint8ToString(bs []uint8) string

func ValidStatus

func ValidStatus(s string) bool

func ValidateConfigEntryKind added in v1.5.0

func ValidateConfigEntryKind(kind string) bool

func ValidateMetadata

func ValidateMetadata(meta map[string]string, allowConsulPrefix bool) error

ValidateMeta validates a set of key/value pairs from the agent config

func ValidateWeights added in v1.2.3

func ValidateWeights(weights *Weights) error

ValidateWeights checks the definition of DNS weight is valid

Types

type ACL

type ACL struct {
	ID    string
	Name  string
	Type  string
	Rules string

	RaftIndex
}

ACL is used to represent a token and its rules

func (*ACL) Convert added in v1.4.0

func (a *ACL) Convert() *ACLToken

Convert does a 1-1 mapping of the ACLCompat structure to its ACLToken equivalent. This will NOT fill in the other ACLToken fields or perform any other upgrade (other than correcting an older HCL syntax that is no longer supported).

func (*ACL) IsSame

func (a *ACL) IsSame(other *ACL) bool

IsSame checks if one ACL is the same as another, without looking at the Raft information (that's why we didn't call it IsEqual). This is useful for seeing if an update would be idempotent for all the functional parts of the structure.

type ACLAuthMethod added in v1.5.0

type ACLAuthMethod struct {
	// Name is a unique identifier for this specific auth method.
	//
	// Immutable once set and only settable during create.
	Name string

	// Type is the type of the auth method this is.
	//
	// Immutable once set and only settable during create.
	Type string

	// Description is just an optional bunch of explanatory text.
	Description string

	// Configuration is arbitrary configuration for the auth method. This
	// should only contain primitive values and containers (such as lists and
	// maps).
	Config map[string]interface{}

	// Embedded Raft Metadata
	RaftIndex `hash:"ignore"`
}

func (*ACLAuthMethod) Stub added in v1.5.0

type ACLAuthMethodBatchDeleteRequest added in v1.5.0

type ACLAuthMethodBatchDeleteRequest struct {
	AuthMethodNames []string
}

ACLAuthMethodBatchDeleteRequest is used at the Raft layer for batching multiple auth method deletions

type ACLAuthMethodBatchSetRequest added in v1.5.0

type ACLAuthMethodBatchSetRequest struct {
	AuthMethods ACLAuthMethods
}

ACLAuthMethodBatchSetRequest is used at the Raft layer for batching multiple auth method creations and updates

type ACLAuthMethodDeleteRequest added in v1.5.0

type ACLAuthMethodDeleteRequest struct {
	AuthMethodName string // name of the auth method to delete
	Datacenter     string // The datacenter to perform the request within
	WriteRequest
}

ACLAuthMethodDeleteRequest is used at the RPC layer deletion requests

func (*ACLAuthMethodDeleteRequest) RequestDatacenter added in v1.5.0

func (r *ACLAuthMethodDeleteRequest) RequestDatacenter() string

type ACLAuthMethodGetRequest added in v1.5.0

type ACLAuthMethodGetRequest struct {
	AuthMethodName string // name used for the auth method lookup
	Datacenter     string // The datacenter to perform the request within
	QueryOptions
}

ACLAuthMethodGetRequest is used at the RPC layer to perform rule read operations

func (*ACLAuthMethodGetRequest) RequestDatacenter added in v1.5.0

func (r *ACLAuthMethodGetRequest) RequestDatacenter() string

type ACLAuthMethodListRequest added in v1.5.0

type ACLAuthMethodListRequest struct {
	Datacenter string // The datacenter to perform the request within
	QueryOptions
}

ACLAuthMethodListRequest is used at the RPC layer to request a listing of auth methods

func (*ACLAuthMethodListRequest) RequestDatacenter added in v1.5.0

func (r *ACLAuthMethodListRequest) RequestDatacenter() string

type ACLAuthMethodListResponse added in v1.5.0

type ACLAuthMethodListResponse struct {
	AuthMethods ACLAuthMethodListStubs
	QueryMeta
}

type ACLAuthMethodListStub added in v1.5.0

type ACLAuthMethodListStub struct {
	Name        string
	Description string
	Type        string
	CreateIndex uint64
	ModifyIndex uint64
}

type ACLAuthMethodListStubs added in v1.5.0

type ACLAuthMethodListStubs []*ACLAuthMethodListStub

func (ACLAuthMethodListStubs) Sort added in v1.5.0

func (methods ACLAuthMethodListStubs) Sort()

type ACLAuthMethodResponse added in v1.5.0

type ACLAuthMethodResponse struct {
	AuthMethod *ACLAuthMethod
	QueryMeta
}

ACLAuthMethodResponse returns a single auth method + metadata

type ACLAuthMethodSetRequest added in v1.5.0

type ACLAuthMethodSetRequest struct {
	AuthMethod ACLAuthMethod // The auth method to upsert
	Datacenter string        // The datacenter to perform the request within
	WriteRequest
}

ACLAuthMethodSetRequest is used at the RPC layer for creation and update requests

func (*ACLAuthMethodSetRequest) RequestDatacenter added in v1.5.0

func (r *ACLAuthMethodSetRequest) RequestDatacenter() string

type ACLAuthMethods added in v1.5.0

type ACLAuthMethods []*ACLAuthMethod

func (ACLAuthMethods) Sort added in v1.5.0

func (methods ACLAuthMethods) Sort()

type ACLBindingRule added in v1.5.0

type ACLBindingRule struct {
	// ID is the internal UUID associated with the binding rule
	ID string

	// Description is a human readable description (Optional)
	Description string

	// AuthMethod is the name of the auth method for which this rule applies.
	AuthMethod string

	// Selector is an expression that matches against verified identity
	// attributes returned from the auth method during login.
	Selector string

	// BindType adjusts how this binding rule is applied at login time.  The
	// valid values are:
	//
	//  - BindingRuleBindTypeService = "service"
	//  - BindingRuleBindTypeRole    = "role"
	BindType string

	// BindName is the target of the binding. Can be lightly templated using
	// HIL ${foo} syntax from available field names. How it is used depends
	// upon the BindType.
	BindName string

	// Embedded Raft Metadata
	RaftIndex `hash:"ignore"`
}

func (*ACLBindingRule) Clone added in v1.5.0

func (r *ACLBindingRule) Clone() *ACLBindingRule

type ACLBindingRuleBatchDeleteRequest added in v1.5.0

type ACLBindingRuleBatchDeleteRequest struct {
	BindingRuleIDs []string
}

ACLBindingRuleBatchDeleteRequest is used at the Raft layer for batching multiple rule deletions

type ACLBindingRuleBatchSetRequest added in v1.5.0

type ACLBindingRuleBatchSetRequest struct {
	BindingRules ACLBindingRules
}

ACLBindingRuleBatchSetRequest is used at the Raft layer for batching multiple rule creations and updates

type ACLBindingRuleDeleteRequest added in v1.5.0

type ACLBindingRuleDeleteRequest struct {
	BindingRuleID string // id of the rule to delete
	Datacenter    string // The datacenter to perform the request within
	WriteRequest
}

ACLBindingRuleDeleteRequest is used at the RPC layer deletion requests

func (*ACLBindingRuleDeleteRequest) RequestDatacenter added in v1.5.0

func (r *ACLBindingRuleDeleteRequest) RequestDatacenter() string

type ACLBindingRuleGetRequest added in v1.5.0

type ACLBindingRuleGetRequest struct {
	BindingRuleID string // id used for the rule lookup
	Datacenter    string // The datacenter to perform the request within
	QueryOptions
}

ACLBindingRuleGetRequest is used at the RPC layer to perform rule read operations

func (*ACLBindingRuleGetRequest) RequestDatacenter added in v1.5.0

func (r *ACLBindingRuleGetRequest) RequestDatacenter() string

type ACLBindingRuleListRequest added in v1.5.0

type ACLBindingRuleListRequest struct {
	AuthMethod string // optional filter
	Datacenter string // The datacenter to perform the request within
	QueryOptions
}

ACLBindingRuleListRequest is used at the RPC layer to request a listing of rules

func (*ACLBindingRuleListRequest) RequestDatacenter added in v1.5.0

func (r *ACLBindingRuleListRequest) RequestDatacenter() string

type ACLBindingRuleListResponse added in v1.5.0

type ACLBindingRuleListResponse struct {
	BindingRules ACLBindingRules
	QueryMeta
}

type ACLBindingRuleResponse added in v1.5.0

type ACLBindingRuleResponse struct {
	BindingRule *ACLBindingRule
	QueryMeta
}

ACLBindingRuleResponse returns a single binding + metadata

type ACLBindingRuleSetRequest added in v1.5.0

type ACLBindingRuleSetRequest struct {
	BindingRule ACLBindingRule // The rule to upsert
	Datacenter  string         // The datacenter to perform the request within
	WriteRequest
}

ACLBindingRuleSetRequest is used at the RPC layer for creation and update requests

func (*ACLBindingRuleSetRequest) RequestDatacenter added in v1.5.0

func (r *ACLBindingRuleSetRequest) RequestDatacenter() string

type ACLBindingRules added in v1.5.0

type ACLBindingRules []*ACLBindingRule

func (ACLBindingRules) Sort added in v1.5.0

func (rules ACLBindingRules) Sort()

type ACLBootstrap

type ACLBootstrap struct {
	// AllowBootstrap will only be true if no existing management tokens
	// have been found.
	AllowBootstrap bool

	RaftIndex
}

ACLBootstrap keeps track of whether bootstrapping ACLs is allowed for a cluster.

type ACLCaches added in v1.4.0

type ACLCaches struct {
	// contains filtered or unexported fields
}

func NewACLCaches added in v1.4.0

func NewACLCaches(config *ACLCachesConfig) (*ACLCaches, error)

func (*ACLCaches) GetAuthorizer added in v1.4.0

func (c *ACLCaches) GetAuthorizer(id string) *AuthorizerCacheEntry

GetAuthorizer fetches a acl from the cache and returns it

func (*ACLCaches) GetIdentity added in v1.4.0

func (c *ACLCaches) GetIdentity(id string) *IdentityCacheEntry

GetIdentity fetches an identity from the cache and returns it

func (*ACLCaches) GetParsedPolicy added in v1.4.0

func (c *ACLCaches) GetParsedPolicy(id string) *ParsedPolicyCacheEntry

GetPolicy fetches a policy from the cache and returns it

func (*ACLCaches) GetPolicy added in v1.4.0

func (c *ACLCaches) GetPolicy(policyID string) *PolicyCacheEntry

GetPolicy fetches a policy from the cache and returns it

func (*ACLCaches) GetRole added in v1.5.0

func (c *ACLCaches) GetRole(roleID string) *RoleCacheEntry

GetRole fetches a role from the cache by id and returns it

func (*ACLCaches) Purge added in v1.4.0

func (c *ACLCaches) Purge()

func (*ACLCaches) PutAuthorizer added in v1.4.0

func (c *ACLCaches) PutAuthorizer(id string, authorizer acl.Authorizer)

func (*ACLCaches) PutAuthorizerWithTTL added in v1.4.0

func (c *ACLCaches) PutAuthorizerWithTTL(id string, authorizer acl.Authorizer, ttl time.Duration)

func (*ACLCaches) PutIdentity added in v1.4.0

func (c *ACLCaches) PutIdentity(id string, ident ACLIdentity)

PutIdentity adds a new identity to the cache

func (*ACLCaches) PutParsedPolicy added in v1.4.0

func (c *ACLCaches) PutParsedPolicy(id string, policy *acl.Policy)

func (*ACLCaches) PutPolicy added in v1.4.0

func (c *ACLCaches) PutPolicy(policyId string, policy *ACLPolicy)

func (*ACLCaches) PutRole added in v1.5.0

func (c *ACLCaches) PutRole(roleID string, role *ACLRole)

func (*ACLCaches) RemoveIdentity added in v1.4.0

func (c *ACLCaches) RemoveIdentity(id string)

func (*ACLCaches) RemovePolicy added in v1.4.0

func (c *ACLCaches) RemovePolicy(policyID string)

func (*ACLCaches) RemoveRole added in v1.5.0

func (c *ACLCaches) RemoveRole(roleID string)

type ACLCachesConfig added in v1.4.0

type ACLCachesConfig struct {
	Identities     int
	Policies       int
	ParsedPolicies int
	Authorizers    int
	Roles          int
}

type ACLIdentity added in v1.4.0

type ACLIdentity interface {
	// ID returns a string that can be used for logging and telemetry. This should not
	// contain any secret data used for authentication
	ID() string
	SecretToken() string
	PolicyIDs() []string
	RoleIDs() []string
	EmbeddedPolicy() *ACLPolicy
	ServiceIdentityList() []*ACLServiceIdentity
	IsExpired(asOf time.Time) bool
}

type ACLLoginParams added in v1.5.0

type ACLLoginParams struct {
	AuthMethod  string
	BearerToken string
	Meta        map[string]string `json:",omitempty"`
}

type ACLLoginRequest added in v1.5.0

type ACLLoginRequest struct {
	Auth       *ACLLoginParams
	Datacenter string // The datacenter to perform the request within
	WriteRequest
}

func (*ACLLoginRequest) RequestDatacenter added in v1.5.0

func (r *ACLLoginRequest) RequestDatacenter() string

type ACLLogoutRequest added in v1.5.0

type ACLLogoutRequest struct {
	Datacenter string // The datacenter to perform the request within
	WriteRequest
}

func (*ACLLogoutRequest) RequestDatacenter added in v1.5.0

func (r *ACLLogoutRequest) RequestDatacenter() string

type ACLMode added in v1.4.0

type ACLMode string
const (
	// ACLs are disabled by configuration
	ACLModeDisabled ACLMode = "0"
	// ACLs are enabled
	ACLModeEnabled ACLMode = "1"
	// DEPRECATED (ACL-Legacy-Compat) - only needed while legacy ACLs are supported
	// ACLs are enabled and using legacy ACLs
	ACLModeLegacy ACLMode = "2"
	// DEPRECATED (ACL-Legacy-Compat) - only needed while legacy ACLs are supported
	// ACLs are assumed enabled but not being advertised
	ACLModeUnknown ACLMode = "3"
)

type ACLOp

type ACLOp string

ACLOp is used in RPCs to encode ACL operations.

const (
	// ACLSet creates or updates a token.
	ACLSet ACLOp = "set"

	// ACLDelete deletes a token.
	ACLDelete ACLOp = "delete"
)
const (
	// ACLBootstrapInit is used to perform a scan for existing tokens which
	// will decide whether bootstrapping is allowed for a cluster. This is
	// initiated by the leader when it steps up, if necessary.
	ACLBootstrapInit ACLOp = "bootstrap-init"

	// ACLBootstrapNow is used to perform a one-time ACL bootstrap operation on
	// a cluster to get the first management token.
	ACLBootstrapNow ACLOp = "bootstrap-now"

	// ACLForceSet is deprecated, but left for backwards compatibility.
	ACLForceSet ACLOp = "force-set"
)

type ACLPolicies added in v1.4.0

type ACLPolicies []*ACLPolicy

func (ACLPolicies) Compile added in v1.4.0

func (policies ACLPolicies) Compile(parent acl.Authorizer, cache *ACLCaches, sentinel sentinel.Evaluator) (acl.Authorizer, error)

func (ACLPolicies) HashKey added in v1.4.0

func (policies ACLPolicies) HashKey() string

HashKey returns a consistent hash for a set of policies.

func (ACLPolicies) Merge added in v1.4.0

func (policies ACLPolicies) Merge(cache *ACLCaches, sentinel sentinel.Evaluator) (*acl.Policy, error)

func (ACLPolicies) Sort added in v1.4.0

func (policies ACLPolicies) Sort()

type ACLPolicy

type ACLPolicy struct {
	// This is the internal UUID associated with the policy
	ID string

	// Unique name to reference the policy by.
	//   - Valid Characters: [a-zA-Z0-9-]
	//   - Valid Lengths: 1 - 128
	Name string

	// Human readable description (Optional)
	Description string

	// The rule set (using the updated rule syntax)
	Rules string

	// DEPRECATED (ACL-Legacy-Compat) - This is only needed while we support the legacy ACLs
	Syntax acl.SyntaxVersion `json:"-"`

	// Datacenters that the policy is valid within.
	//   - No wildcards allowed
	//   - If empty then the policy is valid within all datacenters
	Datacenters []string `json:",omitempty"`

	// Hash of the contents of the policy
	// This does not take into account the ID (which is immutable)
	// nor the raft metadata.
	//
	// This is needed mainly for replication purposes. When replicating from
	// one DC to another keeping the content Hash will allow us to avoid
	// unnecessary calls to the authoritative DC
	Hash []byte

	// Embedded Raft Metadata
	RaftIndex `hash:"ignore"`
}

func (*ACLPolicy) Clone added in v1.4.3

func (p *ACLPolicy) Clone() *ACLPolicy

func (*ACLPolicy) EstimateSize added in v1.4.0

func (p *ACLPolicy) EstimateSize() int

func (*ACLPolicy) SetHash added in v1.4.0

func (p *ACLPolicy) SetHash(force bool) []byte

func (*ACLPolicy) Stub added in v1.4.0

func (p *ACLPolicy) Stub() *ACLPolicyListStub

type ACLPolicyBatchDeleteRequest added in v1.4.0

type ACLPolicyBatchDeleteRequest struct {
	PolicyIDs []string
}

ACLPolicyBatchDeleteRequest is used at the Raft layer for batching multiple policy deletions

This is particularly useful during replication

type ACLPolicyBatchGetRequest added in v1.4.0

type ACLPolicyBatchGetRequest struct {
	PolicyIDs  []string // List of policy ids to fetch
	Datacenter string   // The datacenter to perform the request within
	QueryOptions
}

ACLPolicyBatchGetRequest is used at the RPC layer to request a subset of the policies associated with the token used for retrieval

func (*ACLPolicyBatchGetRequest) RequestDatacenter added in v1.4.0

func (r *ACLPolicyBatchGetRequest) RequestDatacenter() string

type ACLPolicyBatchResponse added in v1.4.0

type ACLPolicyBatchResponse struct {
	Policies []*ACLPolicy
	QueryMeta
}

type ACLPolicyBatchSetRequest added in v1.4.0

type ACLPolicyBatchSetRequest struct {
	Policies ACLPolicies
}

ACLPolicyBatchSetRequest is used at the Raft layer for batching multiple policy creations and updates

This is particularly useful during replication

type ACLPolicyDeleteRequest added in v1.4.0

type ACLPolicyDeleteRequest struct {
	PolicyID   string // The id of the policy to delete
	Datacenter string // The datacenter to perform the request within
	WriteRequest
}

ACLPolicyDeleteRequest is used at the RPC layer deletion requests

func (*ACLPolicyDeleteRequest) RequestDatacenter added in v1.4.0

func (r *ACLPolicyDeleteRequest) RequestDatacenter() string

type ACLPolicyGetRequest added in v1.4.0

type ACLPolicyGetRequest struct {
	PolicyID   string // id used for the policy lookup
	Datacenter string // The datacenter to perform the request within
	QueryOptions
}

ACLPolicyGetRequest is used at the RPC layer to perform policy read operations

func (*ACLPolicyGetRequest) RequestDatacenter added in v1.4.0

func (r *ACLPolicyGetRequest) RequestDatacenter() string

type ACLPolicyIDType added in v1.4.0

type ACLPolicyIDType string
const (
	ACLPolicyName ACLPolicyIDType = "name"
	ACLPolicyID   ACLPolicyIDType = "id"
)

type ACLPolicyListRequest added in v1.4.0

type ACLPolicyListRequest struct {
	Datacenter string // The datacenter to perform the request within
	QueryOptions
}

ACLPolicyListRequest is used at the RPC layer to request a listing of policies

func (*ACLPolicyListRequest) RequestDatacenter added in v1.4.0

func (r *ACLPolicyListRequest) RequestDatacenter() string

type ACLPolicyListResponse added in v1.4.0

type ACLPolicyListResponse struct {
	Policies ACLPolicyListStubs
	QueryMeta
}

type ACLPolicyListStub added in v1.4.0

type ACLPolicyListStub struct {
	ID          string
	Name        string
	Description string
	Datacenters []string
	Hash        []byte
	CreateIndex uint64
	ModifyIndex uint64
}

type ACLPolicyListStubs added in v1.4.0

type ACLPolicyListStubs []*ACLPolicyListStub

func (ACLPolicyListStubs) Sort added in v1.4.0

func (policies ACLPolicyListStubs) Sort()

type ACLPolicyResolveLegacyRequest added in v1.4.0

type ACLPolicyResolveLegacyRequest struct {
	Datacenter string // The Datacenter the RPC may be sent to
	ACL        string // The Tokens Secret ID
	ETag       string // Caching ETag to prevent resending the policy when not needed
	QueryOptions
}

ACLPolicyResolveLegacyRequest is used to request an ACL by Token SecretID, conditionally filtering on an ID

func (*ACLPolicyResolveLegacyRequest) RequestDatacenter added in v1.4.0

func (r *ACLPolicyResolveLegacyRequest) RequestDatacenter() string

RequestDatacenter returns the DC this request is targeted to.

type ACLPolicyResolveLegacyResponse added in v1.4.0

type ACLPolicyResolveLegacyResponse struct {
	ETag   string
	Parent string
	Policy *acl.Policy
	TTL    time.Duration
	QueryMeta
}

type ACLPolicyResponse added in v1.4.0

type ACLPolicyResponse struct {
	Policy *ACLPolicy
	QueryMeta
}

ACLPolicyResponse returns a single policy + metadata

type ACLPolicySetRequest added in v1.4.0

type ACLPolicySetRequest struct {
	Policy     ACLPolicy // The policy to upsert
	Datacenter string    // The datacenter to perform the request within
	WriteRequest
}

ACLPolicySetRequest is used at the RPC layer for creation and update requests

func (*ACLPolicySetRequest) RequestDatacenter added in v1.4.0

func (r *ACLPolicySetRequest) RequestDatacenter() string

type ACLReplicationStatus

type ACLReplicationStatus struct {
	Enabled              bool
	Running              bool
	SourceDatacenter     string
	ReplicationType      ACLReplicationType
	ReplicatedIndex      uint64
	ReplicatedRoleIndex  uint64
	ReplicatedTokenIndex uint64
	LastSuccess          time.Time
	LastError            time.Time
}

ACLReplicationStatus provides information about the health of the ACL replication system.

type ACLReplicationType added in v1.4.0

type ACLReplicationType string
const (
	ACLReplicateLegacy   ACLReplicationType = "legacy"
	ACLReplicatePolicies ACLReplicationType = "policies"
	ACLReplicateRoles    ACLReplicationType = "roles"
	ACLReplicateTokens   ACLReplicationType = "tokens"
)

func (ACLReplicationType) SingularNoun added in v1.5.0

func (t ACLReplicationType) SingularNoun() string

type ACLRequest

type ACLRequest struct {
	Datacenter string
	Op         ACLOp
	ACL        ACL
	WriteRequest
}

ACLRequest is used to create, update or delete an ACL

func (*ACLRequest) RequestDatacenter

func (r *ACLRequest) RequestDatacenter() string

type ACLRequests

type ACLRequests []*ACLRequest

ACLRequests is a list of ACL change requests.

type ACLRole added in v1.5.0

type ACLRole struct {
	// ID is the internal UUID associated with the role
	ID string

	// Name is the unique name to reference the role by.
	Name string

	// Description is a human readable description (Optional)
	Description string

	// List of policy links.
	// Note this is the list of IDs and not the names. Prior to role creation
	// the list of policy names gets validated and the policy IDs get stored herein
	Policies []ACLRolePolicyLink `json:",omitempty"`

	// List of services to generate synthetic policies for.
	ServiceIdentities []*ACLServiceIdentity `json:",omitempty"`

	// Hash of the contents of the role
	// This does not take into account the ID (which is immutable)
	// nor the raft metadata.
	//
	// This is needed mainly for replication purposes. When replicating from
	// one DC to another keeping the content Hash will allow us to avoid
	// unnecessary calls to the authoritative DC
	Hash []byte

	// Embedded Raft Metadata
	RaftIndex `hash:"ignore"`
}

func (*ACLRole) Clone added in v1.5.0

func (r *ACLRole) Clone() *ACLRole

func (*ACLRole) EstimateSize added in v1.5.0

func (r *ACLRole) EstimateSize() int

func (*ACLRole) SetHash added in v1.5.0

func (r *ACLRole) SetHash(force bool) []byte

type ACLRoleBatchDeleteRequest added in v1.5.0

type ACLRoleBatchDeleteRequest struct {
	RoleIDs []string
}

ACLRoleBatchDeleteRequest is used at the Raft layer for batching multiple role deletions

This is particularly useful during replication

type ACLRoleBatchGetRequest added in v1.5.0

type ACLRoleBatchGetRequest struct {
	RoleIDs    []string // List of role ids to fetch
	Datacenter string   // The datacenter to perform the request within
	QueryOptions
}

ACLRoleBatchGetRequest is used at the RPC layer to request a subset of the roles associated with the token used for retrieval

func (*ACLRoleBatchGetRequest) RequestDatacenter added in v1.5.0

func (r *ACLRoleBatchGetRequest) RequestDatacenter() string

type ACLRoleBatchResponse added in v1.5.0

type ACLRoleBatchResponse struct {
	Roles []*ACLRole
	QueryMeta
}

type ACLRoleBatchSetRequest added in v1.5.0

type ACLRoleBatchSetRequest struct {
	Roles             ACLRoles
	AllowMissingLinks bool
}

ACLRoleBatchSetRequest is used at the Raft layer for batching multiple role creations and updates

This is particularly useful during replication

type ACLRoleDeleteRequest added in v1.5.0

type ACLRoleDeleteRequest struct {
	RoleID     string // id of the role to delete
	Datacenter string // The datacenter to perform the request within
	WriteRequest
}

ACLRoleDeleteRequest is used at the RPC layer deletion requests

func (*ACLRoleDeleteRequest) RequestDatacenter added in v1.5.0

func (r *ACLRoleDeleteRequest) RequestDatacenter() string

type ACLRoleGetRequest added in v1.5.0

type ACLRoleGetRequest struct {
	RoleID     string // id used for the role lookup (one of RoleID or RoleName is allowed)
	RoleName   string // name used for the role lookup (one of RoleID or RoleName is allowed)
	Datacenter string // The datacenter to perform the request within
	QueryOptions
}

ACLRoleGetRequest is used at the RPC layer to perform role read operations

func (*ACLRoleGetRequest) RequestDatacenter added in v1.5.0

func (r *ACLRoleGetRequest) RequestDatacenter() string

type ACLRoleListRequest added in v1.5.0

type ACLRoleListRequest struct {
	Policy     string // Policy filter
	Datacenter string // The datacenter to perform the request within
	QueryOptions
}

ACLRoleListRequest is used at the RPC layer to request a listing of roles

func (*ACLRoleListRequest) RequestDatacenter added in v1.5.0

func (r *ACLRoleListRequest) RequestDatacenter() string

type ACLRoleListResponse added in v1.5.0

type ACLRoleListResponse struct {
	Roles ACLRoles
	QueryMeta
}
type ACLRolePolicyLink struct {
	ID   string
	Name string `hash:"ignore"`
}

type ACLRoleResponse added in v1.5.0

type ACLRoleResponse struct {
	Role *ACLRole
	QueryMeta
}

ACLRoleResponse returns a single role + metadata

type ACLRoleSetRequest added in v1.5.0

type ACLRoleSetRequest struct {
	Role       ACLRole // The role to upsert
	Datacenter string  // The datacenter to perform the request within
	WriteRequest
}

ACLRoleSetRequest is used at the RPC layer for creation and update requests

func (*ACLRoleSetRequest) RequestDatacenter added in v1.5.0

func (r *ACLRoleSetRequest) RequestDatacenter() string

type ACLRoles added in v1.5.0

type ACLRoles []*ACLRole

func (ACLRoles) HashKey added in v1.5.0

func (roles ACLRoles) HashKey() string

HashKey returns a consistent hash for a set of roles.

func (ACLRoles) Sort added in v1.5.0

func (roles ACLRoles) Sort()

type ACLServiceIdentity added in v1.5.0

type ACLServiceIdentity struct {
	ServiceName string

	// Datacenters that the synthetic policy will be valid within.
	//   - No wildcards allowed
	//   - If empty then the synthetic policy is valid within all datacenters
	//
	// Only valid for global tokens. It is an error to specify this for local tokens.
	Datacenters []string `json:",omitempty"`
}

ACLServiceIdentity represents a high-level grant of all necessary privileges to assume the identity of the named Service in the Catalog and within Connect.

func (*ACLServiceIdentity) AddToHash added in v1.5.0

func (s *ACLServiceIdentity) AddToHash(h hash.Hash)

func (*ACLServiceIdentity) Clone added in v1.5.0

func (*ACLServiceIdentity) EstimateSize added in v1.5.0

func (s *ACLServiceIdentity) EstimateSize() int

func (*ACLServiceIdentity) SyntheticPolicy added in v1.5.0

func (s *ACLServiceIdentity) SyntheticPolicy() *ACLPolicy

type ACLSpecificRequest

type ACLSpecificRequest struct {
	Datacenter string
	ACL        string
	QueryOptions
}

ACLSpecificRequest is used to request an ACL by ID

func (*ACLSpecificRequest) RequestDatacenter

func (r *ACLSpecificRequest) RequestDatacenter() string

RequestDatacenter returns the DC this request is targeted to.

type ACLToken added in v1.4.0

type ACLToken struct {
	// This is the UUID used for tracking and management purposes
	AccessorID string

	// This is the UUID used as the api token by clients
	SecretID string

	// Human readable string to display for the token (Optional)
	Description string

	// List of policy links - nil/empty for legacy tokens or if service identities are in use.
	// Note this is the list of IDs and not the names. Prior to token creation
	// the list of policy names gets validated and the policy IDs get stored herein
	Policies []ACLTokenPolicyLink `json:",omitempty"`

	// List of role links. Note this is the list of IDs and not the names.
	// Prior to token creation the list of role names gets validated and the
	// role IDs get stored herein
	Roles []ACLTokenRoleLink `json:",omitempty"`

	// List of services to generate synthetic policies for.
	ServiceIdentities []*ACLServiceIdentity `json:",omitempty"`

	// Type is the V1 Token Type
	// DEPRECATED (ACL-Legacy-Compat) - remove once we no longer support v1 ACL compat
	// Even though we are going to auto upgrade management tokens we still
	// want to be able to have the old APIs operate on the upgraded management tokens
	// so this field is being kept to identify legacy tokens even after an auto-upgrade
	Type string `json:"-"`

	// Rules is the V1 acl rules associated with
	// DEPRECATED (ACL-Legacy-Compat) - remove once we no longer support v1 ACL compat
	Rules string `json:",omitempty"`

	// Whether this token is DC local. This means that it will not be synced
	// to the ACL datacenter and replicated to others.
	Local bool

	// AuthMethod is the name of the auth method used to create this token.
	AuthMethod string `json:",omitempty"`

	// ExpirationTime represents the point after which a token should be
	// considered revoked and is eligible for destruction. The zero value
	// represents NO expiration.
	//
	// This is a pointer value so that the zero value is omitted properly
	// during json serialization. time.Time does not respect json omitempty
	// directives unfortunately.
	ExpirationTime *time.Time `json:",omitempty"`

	// ExpirationTTL is a convenience field for helping set ExpirationTime to a
	// value of CreateTime+ExpirationTTL. This can only be set during
	// TokenCreate and is cleared and used to initialize the ExpirationTime
	// field before being persisted to the state store or raft log.
	//
	// This is a string version of a time.Duration like "2m".
	ExpirationTTL time.Duration `json:",omitempty"`

	// The time when this token was created
	CreateTime time.Time `json:",omitempty"`

	// Hash of the contents of the token
	//
	// This is needed mainly for replication purposes. When replicating from
	// one DC to another keeping the content Hash will allow us to avoid
	// unnecessary calls to the authoritative DC
	Hash []byte

	// Embedded Raft Metadata
	RaftIndex
}

func (*ACLToken) Clone added in v1.4.3

func (t *ACLToken) Clone() *ACLToken

func (*ACLToken) Convert added in v1.4.0

func (tok *ACLToken) Convert() (*ACL, error)

Convert attempts to convert an ACLToken into an ACLCompat.

func (*ACLToken) EmbeddedPolicy added in v1.4.0

func (t *ACLToken) EmbeddedPolicy() *ACLPolicy

func (*ACLToken) EstimateSize added in v1.4.0

func (t *ACLToken) EstimateSize() int

func (*ACLToken) HasExpirationTime added in v1.5.0

func (t *ACLToken) HasExpirationTime() bool

func (*ACLToken) ID added in v1.4.0

func (t *ACLToken) ID() string

func (*ACLToken) IsExpired added in v1.5.0

func (t *ACLToken) IsExpired(asOf time.Time) bool

func (*ACLToken) PolicyIDs added in v1.4.0

func (t *ACLToken) PolicyIDs() []string

func (*ACLToken) RoleIDs added in v1.5.0

func (t *ACLToken) RoleIDs() []string

func (*ACLToken) SecretToken added in v1.4.0

func (t *ACLToken) SecretToken() string

func (*ACLToken) ServiceIdentityList added in v1.5.0

func (t *ACLToken) ServiceIdentityList() []*ACLServiceIdentity

func (*ACLToken) SetHash added in v1.4.0

func (t *ACLToken) SetHash(force bool) []byte

func (*ACLToken) Stub added in v1.4.0

func (token *ACLToken) Stub() *ACLTokenListStub

func (*ACLToken) UsesNonLegacyFields added in v1.5.0

func (t *ACLToken) UsesNonLegacyFields() bool

type ACLTokenBatchDeleteRequest added in v1.4.0

type ACLTokenBatchDeleteRequest struct {
	TokenIDs []string // Tokens to delete
}

ACLTokenBatchDeleteRequest is used only at the Raft layer for batching multiple token deletions.

This is particularly useful during token replication when multiple tokens need to be removed from the local DCs state.

type ACLTokenBatchGetRequest added in v1.4.0

type ACLTokenBatchGetRequest struct {
	AccessorIDs []string // List of accessor ids to fetch
	Datacenter  string   // The datacenter to perform the request within
	QueryOptions
}

ACLTokenBatchGetRequest is used for reading multiple tokens, this is different from the the token list request in that only tokens with the the requested ids are returned

func (*ACLTokenBatchGetRequest) RequestDatacenter added in v1.4.0

func (r *ACLTokenBatchGetRequest) RequestDatacenter() string

type ACLTokenBatchResponse added in v1.4.0

type ACLTokenBatchResponse struct {
	Tokens   []*ACLToken
	Redacted bool // whether the token secrets were redacted.
	QueryMeta
}

ACLTokenBatchResponse returns multiple Tokens associated with the same metadata

type ACLTokenBatchSetRequest added in v1.4.0

type ACLTokenBatchSetRequest struct {
	Tokens               ACLTokens
	CAS                  bool
	AllowMissingLinks    bool
	ProhibitUnprivileged bool
}

ACLTokenBatchSetRequest is used only at the Raft layer for batching multiple token creation/update operations

This is particularly useful during token replication and during automatic legacy token upgrades.

type ACLTokenBootstrapRequest added in v1.4.0

type ACLTokenBootstrapRequest struct {
	Token      ACLToken // Token to use for bootstrapping
	ResetIndex uint64   // Reset index
}

ACLTokenBootstrapRequest is used only at the Raft layer for ACL bootstrapping

The RPC layer will use a generic DCSpecificRequest to indicate that bootstrapping must be performed but the actual token and the resetIndex will be generated by that RPC endpoint

type ACLTokenDeleteRequest added in v1.4.0

type ACLTokenDeleteRequest struct {
	TokenID    string // ID of the token to delete
	Datacenter string // The datacenter to perform the request within
	WriteRequest
}

ACLTokenDeleteRequest is used for token deletion operations at the RPC layer

func (*ACLTokenDeleteRequest) RequestDatacenter added in v1.4.0

func (r *ACLTokenDeleteRequest) RequestDatacenter() string

type ACLTokenGetRequest added in v1.4.0

type ACLTokenGetRequest struct {
	TokenID     string         // id used for the token lookup
	TokenIDType ACLTokenIDType // The Type of ID used to lookup the token
	Datacenter  string         // The datacenter to perform the request within
	QueryOptions
}

ACLTokenGetRequest is used for token read operations at the RPC layer

func (*ACLTokenGetRequest) RequestDatacenter added in v1.4.0

func (r *ACLTokenGetRequest) RequestDatacenter() string

type ACLTokenIDType added in v1.4.0

type ACLTokenIDType string
const (
	ACLTokenSecret   ACLTokenIDType = "secret"
	ACLTokenAccessor ACLTokenIDType = "accessor"
)

type ACLTokenListRequest added in v1.4.0

type ACLTokenListRequest struct {
	IncludeLocal  bool   // Whether local tokens should be included
	IncludeGlobal bool   // Whether global tokens should be included
	Policy        string // Policy filter
	Role          string // Role filter
	AuthMethod    string // Auth Method filter
	Datacenter    string // The datacenter to perform the request within
	QueryOptions
}

ACLTokenListRequest is used for token listing operations at the RPC layer

func (*ACLTokenListRequest) RequestDatacenter added in v1.4.0

func (r *ACLTokenListRequest) RequestDatacenter() string

type ACLTokenListResponse added in v1.4.0

type ACLTokenListResponse struct {
	Tokens ACLTokenListStubs
	QueryMeta
}

ACLTokenListResponse is used to return the secret data free stubs of the tokens

type ACLTokenListStub added in v1.4.0

type ACLTokenListStub struct {
	AccessorID        string
	Description       string
	Policies          []ACLTokenPolicyLink  `json:",omitempty"`
	Roles             []ACLTokenRoleLink    `json:",omitempty"`
	ServiceIdentities []*ACLServiceIdentity `json:",omitempty"`
	Local             bool
	AuthMethod        string     `json:",omitempty"`
	ExpirationTime    *time.Time `json:",omitempty"`
	CreateTime        time.Time  `json:",omitempty"`
	Hash              []byte
	CreateIndex       uint64
	ModifyIndex       uint64
	Legacy            bool `json:",omitempty"`
}

type ACLTokenListStubs added in v1.4.0

type ACLTokenListStubs []*ACLTokenListStub

func (ACLTokenListStubs) Sort added in v1.4.0

func (tokens ACLTokenListStubs) Sort()
type ACLTokenPolicyLink struct {
	ID   string
	Name string `hash:"ignore"`
}

type ACLTokenResponse added in v1.4.0

type ACLTokenResponse struct {
	Token    *ACLToken
	Redacted bool // whether the token's secret was redacted
	QueryMeta
}

ACLTokenResponse returns a single Token + metadata

type ACLTokenRoleLink struct {
	ID   string
	Name string `hash:"ignore"`
}

type ACLTokenSetRequest added in v1.4.0

type ACLTokenSetRequest struct {
	ACLToken   ACLToken // Token to manipulate - I really dislike this name but "Token" is taken in the WriteRequest
	Create     bool     // Used to explicitly mark this request as a creation
	Datacenter string   // The datacenter to perform the request within
	WriteRequest
}

ACLTokenSetRequest is used for token creation and update operations at the RPC layer

func (*ACLTokenSetRequest) RequestDatacenter added in v1.4.0

func (r *ACLTokenSetRequest) RequestDatacenter() string

type ACLTokens added in v1.4.0

type ACLTokens []*ACLToken

ACLTokens is a slice of ACLTokens.

func (ACLTokens) Sort added in v1.4.0

func (tokens ACLTokens) Sort()

type ACLs

type ACLs []*ACL

ACLs is a slice of ACLs.

type AuthorizerCacheEntry added in v1.4.0

type AuthorizerCacheEntry struct {
	Authorizer acl.Authorizer
	CacheTime  time.Time
	TTL        time.Duration
}

func (*AuthorizerCacheEntry) Age added in v1.4.0

type AutopilotSetConfigRequest

type AutopilotSetConfigRequest struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// Config is the new Autopilot configuration to use.
	Config autopilot.Config

	// CAS controls whether to use check-and-set semantics for this request.
	CAS bool

	// WriteRequest holds the ACL token to go along with this request.
	WriteRequest
}

AutopilotSetConfigRequest is used by the Operator endpoint to update the current Autopilot configuration of the cluster.

func (*AutopilotSetConfigRequest) RequestDatacenter

func (op *AutopilotSetConfigRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type CAConfiguration added in v1.2.0

type CAConfiguration struct {
	// ClusterID is a unique identifier for the cluster
	ClusterID string `json:"-"`

	// Provider is the CA provider implementation to use.
	Provider string

	// Configuration is arbitrary configuration for the provider. This
	// should only contain primitive values and containers (such as lists
	// and maps).
	Config map[string]interface{}

	RaftIndex
}

CAConfiguration is the configuration for the current CA plugin.

func (*CAConfiguration) GetCommonConfig added in v1.2.2

func (c *CAConfiguration) GetCommonConfig() (*CommonCAProviderConfig, error)

type CAConsulProviderState added in v1.2.0

type CAConsulProviderState struct {
	ID               string
	PrivateKey       string
	RootCert         string
	IntermediateCert string

	RaftIndex
}

CAConsulProviderState is used to track the built-in Consul CA provider's state.

type CALeafOp added in v1.4.1

type CALeafOp string

CALeafOp is the operation for a request related to leaf certificates.

const (
	CALeafOpIncrementIndex CALeafOp = "increment-index"
)

type CALeafRequest added in v1.4.1

type CALeafRequest struct {
	// Op is the type of operation being requested. This determines what
	// other fields are required.
	Op CALeafOp

	// Datacenter is the target for this request.
	Datacenter string

	// WriteRequest is a common struct containing ACL tokens and other
	// write-related common elements for requests.
	WriteRequest
}

CALeafRequest is used to modify connect CA leaf data. This is used by the FSM (agent/consul/fsm) to apply changes.

func (*CALeafRequest) RequestDatacenter added in v1.4.1

func (q *CALeafRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type CAOp added in v1.2.0

type CAOp string

CAOp is the operation for a request related to intentions.

const (
	CAOpSetRoots            CAOp = "set-roots"
	CAOpSetConfig           CAOp = "set-config"
	CAOpSetProviderState    CAOp = "set-provider-state"
	CAOpDeleteProviderState CAOp = "delete-provider-state"
	CAOpSetRootsAndConfig   CAOp = "set-roots-config"
)

type CARequest added in v1.2.0

type CARequest struct {
	// Op is the type of operation being requested. This determines what
	// other fields are required.
	Op CAOp

	// Datacenter is the target for this request.
	Datacenter string

	// Index is used by CAOpSetRoots and CAOpSetConfig for a CAS operation.
	Index uint64

	// Roots is a list of roots. This is used for CAOpSet. One root must
	// always be active.
	Roots []*CARoot

	// Config is the configuration for the current CA plugin.
	Config *CAConfiguration

	// ProviderState is the state for the builtin CA provider.
	ProviderState *CAConsulProviderState

	// WriteRequest is a common struct containing ACL tokens and other
	// write-related common elements for requests.
	WriteRequest
}

CARequest is used to modify connect CA data. This is used by the FSM (agent/consul/fsm) to apply changes.

func (*CARequest) RequestDatacenter added in v1.2.0

func (q *CARequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type CARoot added in v1.2.0

type CARoot struct {
	// ID is a globally unique ID (UUID) representing this CA root.
	ID string

	// Name is a human-friendly name for this CA root. This value is
	// opaque to Consul and is not used for anything internally.
	Name string

	// SerialNumber is the x509 serial number of the certificate.
	SerialNumber uint64

	// SigningKeyID is the ID of the public key that corresponds to the private
	// key used to sign the certificate. Is is the HexString format of the raw
	// AuthorityKeyID bytes.
	SigningKeyID string

	// ExternalTrustDomain is the trust domain this root was generated under. It
	// is usually empty implying "the current cluster trust-domain". It is set
	// only in the case that a cluster changes trust domain and then all old roots
	// that are still trusted have the old trust domain set here.
	//
	// We currently DON'T validate these trust domains explicitly anywhere, see
	// IndexedRoots.TrustDomain doc. We retain this information for debugging and
	// future flexibility.
	ExternalTrustDomain string

	// Time validity bounds.
	NotBefore time.Time
	NotAfter  time.Time

	// RootCert is the PEM-encoded public certificate.
	RootCert string

	// IntermediateCerts is a list of PEM-encoded intermediate certs to
	// attach to any leaf certs signed by this CA.
	IntermediateCerts []string

	// SigningCert is the PEM-encoded signing certificate and SigningKey
	// is the PEM-encoded private key for the signing certificate. These
	// may actually be empty if the CA plugin in use manages these for us.
	SigningCert string `json:",omitempty"`
	SigningKey  string `json:",omitempty"`

	// Active is true if this is the current active CA. This must only
	// be true for exactly one CA. For any method that modifies roots in the
	// state store, tests should be written to verify that multiple roots
	// cannot be active.
	Active bool

	// RotatedOutAt is the time at which this CA was removed from the state.
	// This will only be set on roots that have been rotated out from being the
	// active root.
	RotatedOutAt time.Time `json:"-"`

	RaftIndex
}

CARoot represents a root CA certificate that is trusted.

type CARoots added in v1.2.0

type CARoots []*CARoot

CARoots is a list of CARoot structures.

type CASignRequest added in v1.2.0

type CASignRequest struct {
	// Datacenter is the target for this request.
	Datacenter string

	// CSR is the PEM-encoded CSR.
	CSR string

	// WriteRequest is a common struct containing ACL tokens and other
	// write-related common elements for requests.
	WriteRequest
}

CASignRequest is the request for signing a service certificate.

func (*CASignRequest) RequestDatacenter added in v1.2.0

func (q *CASignRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type CheckDefinition

type CheckDefinition struct {
	ID        types.CheckID
	Name      string
	Notes     string
	ServiceID string
	Token     string
	Status    string

	// Copied fields from CheckType without the fields
	// already present in CheckDefinition:
	//
	//   ID (CheckID), Name, Status, Notes
	//
	ScriptArgs                     []string
	HTTP                           string
	Header                         map[string][]string
	Method                         string
	TCP                            string
	Interval                       time.Duration
	DockerContainerID              string
	Shell                          string
	GRPC                           string
	GRPCUseTLS                     bool
	TLSSkipVerify                  bool
	AliasNode                      string
	AliasService                   string
	Timeout                        time.Duration
	TTL                            time.Duration
	DeregisterCriticalServiceAfter time.Duration
	OutputMaxSize                  int
}

CheckDefinition is used to JSON decode the Check definitions

func (*CheckDefinition) CheckType

func (c *CheckDefinition) CheckType() *CheckType

func (*CheckDefinition) HealthCheck

func (c *CheckDefinition) HealthCheck(node string) *HealthCheck

type CheckServiceNode

type CheckServiceNode struct {
	Node    *Node
	Service *NodeService
	Checks  HealthChecks
}

CheckServiceNode is used to provide the node, its service definition, as well as a HealthCheck that is associated.

func (*CheckServiceNode) BestAddress added in v1.6.0

func (csn *CheckServiceNode) BestAddress(wan bool) (string, int)

type CheckServiceNodes

type CheckServiceNodes []CheckServiceNode

func (CheckServiceNodes) Filter

func (nodes CheckServiceNodes) Filter(onlyPassing bool) CheckServiceNodes

Filter removes nodes that are failing health checks (and any non-passing check if that option is selected). Note that this returns the filtered results AND modifies the receiver for performance.

func (CheckServiceNodes) FilterIgnore added in v1.0.7

func (nodes CheckServiceNodes) FilterIgnore(onlyPassing bool,
	ignoreCheckIDs []types.CheckID) CheckServiceNodes

FilterIgnore removes nodes that are failing health checks just like Filter. It also ignores the status of any check with an ID present in ignoreCheckIDs as if that check didn't exist. Note that this returns the filtered results AND modifies the receiver for performance.

func (CheckServiceNodes) Shuffle

func (nodes CheckServiceNodes) Shuffle()

Shuffle does an in-place random shuffle using the Fisher-Yates algorithm.

type CheckType

type CheckType struct {
	CheckID types.CheckID
	Name    string
	Status  string
	Notes   string

	ScriptArgs        []string
	HTTP              string
	Header            map[string][]string
	Method            string
	TCP               string
	Interval          time.Duration
	AliasNode         string
	AliasService      string
	DockerContainerID string
	Shell             string
	GRPC              string
	GRPCUseTLS        bool
	TLSSkipVerify     bool
	Timeout           time.Duration
	TTL               time.Duration

	// DeregisterCriticalServiceAfter, if >0, will cause the associated
	// service, if any, to be deregistered if this check is critical for
	// longer than this duration.
	DeregisterCriticalServiceAfter time.Duration
	OutputMaxSize                  int
}

CheckType is used to create either the CheckMonitor or the CheckTTL. The following types are supported: Script, HTTP, TCP, Docker, TTL, GRPC, Alias. Script, HTTP, Docker, TCP and GRPC all require Interval. Only one of the types may to be provided: TTL or Script/Interval or HTTP/Interval or TCP/Interval or Docker/Interval or GRPC/Interval or AliasService.

func (*CheckType) Empty added in v1.0.0

func (c *CheckType) Empty() bool

Empty checks if the CheckType has no fields defined. Empty checks parsed from json configs are filtered out

func (*CheckType) IsAlias added in v1.2.2

func (c *CheckType) IsAlias() bool

IsAlias checks if this is an alias check.

func (*CheckType) IsDocker

func (c *CheckType) IsDocker() bool

IsDocker returns true when checking a docker container.

func (*CheckType) IsGRPC added in v1.0.4

func (c *CheckType) IsGRPC() bool

IsGRPC checks if this is a GRPC type

func (*CheckType) IsHTTP

func (c *CheckType) IsHTTP() bool

IsHTTP checks if this is a HTTP type

func (*CheckType) IsMonitor

func (c *CheckType) IsMonitor() bool

IsMonitor checks if this is a Monitor type

func (*CheckType) IsScript

func (c *CheckType) IsScript() bool

IsScript checks if this is a check that execs some kind of script.

func (*CheckType) IsTCP

func (c *CheckType) IsTCP() bool

IsTCP checks if this is a TCP type

func (*CheckType) IsTTL

func (c *CheckType) IsTTL() bool

IsTTL checks if this is a TTL type

func (*CheckType) Validate added in v1.0.0

func (c *CheckType) Validate() error

Validate returns an error message if the check is invalid

type CheckTypes

type CheckTypes []*CheckType

type ChecksInStateRequest

type ChecksInStateRequest struct {
	Datacenter      string
	NodeMetaFilters map[string]string
	State           string
	Source          QuerySource
	QueryOptions
}

ChecksInStateRequest is used to query for nodes in a state

func (*ChecksInStateRequest) RequestDatacenter

func (r *ChecksInStateRequest) RequestDatacenter() string

type CommonCAProviderConfig added in v1.2.2

type CommonCAProviderConfig struct {
	LeafCertTTL time.Duration

	SkipValidate bool

	// CSRMaxPerSecond is a rate limit on processing Connect Certificate Signing
	// Requests on the servers. It applies to all CA providers so can be used to
	// limit rate to an external CA too. 0 disables the rate limit. Defaults to 50
	// which is low enough to prevent overload of a reasonably sized production
	// server while allowing a cluster with 1000 service instances to complete a
	// rotation in 20 seconds. For reference a quad-core 2017 MacBook pro can
	// process 100 signing RPCs a second while using less than half of one core.
	// For large clusters with powerful servers it's advisable to increase this
	// rate or to disable this limit and instead rely on CSRMaxConcurrent to only
	// consume a subset of the server's cores.
	CSRMaxPerSecond float32

	// CSRMaxConcurrent is a limit on how many concurrent CSR signing requests
	// will be processed in parallel. New incoming signing requests will try for
	// `consul.csrSemaphoreWait` (currently 500ms) for a slot before being
	// rejected with a "rate limited" backpressure response. This effectively sets
	// how many CPU cores can be occupied by Connect CA signing activity and
	// should be a (small) subset of your server's available cores to allow other
	// tasks to complete when a barrage of CSRs come in (e.g. after a CA root
	// rotation). Setting to 0 disables the limit, attempting to sign certs
	// immediately in the RPC goroutine. This is 0 by default and CSRMaxPerSecond
	// is used. This is ignored if CSRMaxPerSecond is non-zero.
	CSRMaxConcurrent int
}

func (CommonCAProviderConfig) Validate added in v1.2.2

func (c CommonCAProviderConfig) Validate() error

type CompiledDiscoveryChain added in v1.6.0

type CompiledDiscoveryChain struct {
	ServiceName string
	Namespace   string // the namespace that the chain was compiled within
	Datacenter  string // the datacenter that the chain was compiled within

	Protocol string // overall protocol shared by everything in the chain

	// Node is the top node in the chain.
	//
	// If this is a router or splitter then in envoy this renders as an http
	// route object.
	//
	// If this is a group resolver then in envoy this renders as a default
	// wildcard http route object.
	Node *DiscoveryGraphNode `json:",omitempty"`

	// GroupResolverNodes respresents all unique service instance groups that
	// need to be represented. For envoy these render as Clusters.
	//
	// Omitted from JSON because DiscoveryTarget is not a encoding.TextMarshaler.
	GroupResolverNodes map[DiscoveryTarget]*DiscoveryGraphNode `json:"-"`

	// TODO(rb): not sure if these two fields are actually necessary but I'll know when I get into xDS
	Resolvers map[string]*ServiceResolverConfigEntry `json:",omitempty"`
	Targets   []DiscoveryTarget                      `json:",omitempty"`
}

CompiledDiscoveryChain is the result from taking a set of related config entries for a single service's discovery chain and restructuring them into a form that is more usable for actual service discovery.

func (*CompiledDiscoveryChain) IsDefault added in v1.6.0

func (c *CompiledDiscoveryChain) IsDefault() bool

type CompoundResponse

type CompoundResponse interface {
	// Add adds a new response to the compound response
	Add(interface{})

	// New returns an empty response object which can be passed around by
	// reference, and then passed to Add() later on.
	New() interface{}
}

CompoundResponse is an interface for gathering multiple responses. It is used in cross-datacenter RPC calls where more than 1 datacenter is expected to reply.

type ConfigEntry added in v1.5.0

type ConfigEntry interface {
	GetKind() string
	GetName() string

	// This is called in the RPC endpoint and can apply defaults or limits.
	Normalize() error
	Validate() error

	// CanRead and CanWrite return whether or not the given Authorizer
	// has permission to read or write to the config entry, respectively.
	CanRead(acl.Authorizer) bool
	CanWrite(acl.Authorizer) bool

	GetRaftIndex() *RaftIndex
}

ConfigEntry is the interface for centralized configuration stored in Raft. Currently only service-defaults and proxy-defaults are supported.

func DecodeConfigEntry added in v1.5.0

func DecodeConfigEntry(raw map[string]interface{}) (ConfigEntry, error)

DecodeConfigEntry can be used to decode a ConfigEntry from a raw map value. Currently its used in the HTTP API to decode ConfigEntry structs coming from JSON. Unlike some of our custom binary encodings we don't have a preamble including the kind so we will not have a concrete type to decode into. In those cases we must first decode into a map[string]interface{} and then call this function to decode into a concrete type.

func MakeConfigEntry added in v1.5.0

func MakeConfigEntry(kind, name string) (ConfigEntry, error)

type ConfigEntryGraphError added in v1.6.0

type ConfigEntryGraphError struct {
	// one of Message or Err should be set
	Message string
	Err     error
}

func (*ConfigEntryGraphError) Error added in v1.6.0

func (e *ConfigEntryGraphError) Error() string

type ConfigEntryKindName added in v1.6.0

type ConfigEntryKindName struct {
	Kind string
	Name string
}

ConfigEntryKindName is a value type useful for maps. You can use:

map[ConfigEntryKindName]Payload

instead of:

map[string]map[string]Payload

type ConfigEntryOp added in v1.5.0

type ConfigEntryOp string
const (
	ConfigEntryUpsert    ConfigEntryOp = "upsert"
	ConfigEntryUpsertCAS ConfigEntryOp = "upsert-cas"
	ConfigEntryDelete    ConfigEntryOp = "delete"
)

type ConfigEntryQuery added in v1.5.0

type ConfigEntryQuery struct {
	Kind       string
	Name       string
	Datacenter string

	QueryOptions
}

ConfigEntryQuery is used when requesting info about a config entry.

func (*ConfigEntryQuery) CacheInfo added in v1.6.0

func (r *ConfigEntryQuery) CacheInfo() cache.RequestInfo

func (*ConfigEntryQuery) RequestDatacenter added in v1.5.0

func (c *ConfigEntryQuery) RequestDatacenter() string

type ConfigEntryRequest added in v1.5.0

type ConfigEntryRequest struct {
	Op         ConfigEntryOp
	Datacenter string
	Entry      ConfigEntry

	WriteRequest
}

ConfigEntryRequest is used when creating/updating/deleting a ConfigEntry.

func (*ConfigEntryRequest) MarshalBinary added in v1.5.0

func (c *ConfigEntryRequest) MarshalBinary() (data []byte, err error)

func (*ConfigEntryRequest) RequestDatacenter added in v1.5.0

func (c *ConfigEntryRequest) RequestDatacenter() string

func (*ConfigEntryRequest) UnmarshalBinary added in v1.5.0

func (c *ConfigEntryRequest) UnmarshalBinary(data []byte) error

type ConfigEntryResponse added in v1.5.0

type ConfigEntryResponse struct {
	Entry ConfigEntry
	QueryMeta
}

ConfigEntryResponse returns a single ConfigEntry

func (*ConfigEntryResponse) MarshalBinary added in v1.5.0

func (c *ConfigEntryResponse) MarshalBinary() (data []byte, err error)

func (*ConfigEntryResponse) UnmarshalBinary added in v1.5.0

func (c *ConfigEntryResponse) UnmarshalBinary(data []byte) error

type ConnectAuthorizeRequest added in v1.2.0

type ConnectAuthorizeRequest struct {
	// Target is the name of the service that is being requested.
	Target string

	// ClientCertURI is a unique identifier for the requesting client. This
	// is currently the URI SAN from the TLS client certificate.
	//
	// ClientCertSerial is a colon-hex-encoded of the serial number for
	// the requesting client cert. This is used to check against revocation
	// lists.
	ClientCertURI    string
	ClientCertSerial string
}

ConnectAuthorizeRequest is the structure of a request to authorize a connection.

type ConnectConfiguration added in v1.5.0

type ConnectConfiguration struct {
	SidecarProxy bool
}

type ConnectManagedProxy added in v1.2.0

type ConnectManagedProxy struct {
	// ExecMode is one of daemon or script.
	ExecMode ProxyExecMode

	// Command is the command to execute. Empty defaults to self-invoking the same
	// consul binary with proxy subcomand for ProxyExecModeDaemon and is an error
	// for ProxyExecModeScript.
	Command []string

	// Config is the arbitrary configuration data provided with the registration.
	Config map[string]interface{}

	// Upstreams are the dependencies the proxy should setup outgoing listeners for.
	Upstreams Upstreams

	// ProxyService is a pointer to the local proxy's service record for
	// convenience. The proxies ID and name etc. can be read from there. It may be
	// nil if the agent is starting up and hasn't registered the service yet. We
	// ignore it when calculating the hash value since the only thing that effects
	// the proxy's config is the ID of the target service which is already
	// represented below.
	ProxyService *NodeService `hash:"ignore"`

	// TargetServiceID is the ID of the target service on the localhost. It may
	// not exist yet since bootstrapping is allowed to happen in either order.
	TargetServiceID string
}

ConnectManagedProxy represents the agent-local state for a configured proxy instance. This is never stored or sent to the servers and is only used to store the config for the proxy that the agent needs to track. For now it's really generic with only the fields the agent needs to act on defined while the rest of the proxy config is passed as opaque bag of attributes to support arbitrary config params for third-party proxy integrations. "External" proxies by definition register themselves and manage their own config externally so are never represented in agent state.

func (*ConnectManagedProxy) ParseConfig added in v1.2.0

ParseConfig attempts to read the fields we care about from the otherwise opaque config map. They are all optional but it may fail if one is specified but an invalid value.

type ConnectManagedProxyConfig added in v1.2.0

type ConnectManagedProxyConfig struct {
	BindAddress         string `mapstructure:"bind_address"`
	BindPort            int    `mapstructure:"bind_port"`
	LocalServiceAddress string `mapstructure:"local_service_address"`
	LocalServicePort    int    `mapstructure:"local_service_port"`
}

ConnectManagedProxyConfig represents the parts of the proxy config the agent needs to understand. It's bad UX to make the user specify these separately just to make parsing simpler for us so this encapsulates the fields in ConnectManagedProxy.Config that we care about. They are all optional anyway and this is used to decode them with mapstructure.

type ConnectProxyConfig added in v1.3.0

type ConnectProxyConfig struct {
	// DestinationServiceName is required and is the name of the service to accept
	// traffic for.
	DestinationServiceName string `json:",omitempty"`

	// DestinationServiceID is optional and should only be specified for
	// "side-car" style proxies where the proxy is in front of just a single
	// instance of the service. It should be set to the service ID of the instance
	// being represented which must be registered to the same agent. It's valid to
	// provide a service ID that does not yet exist to avoid timing issues when
	// bootstrapping a service with a proxy.
	DestinationServiceID string `json:",omitempty"`

	// LocalServiceAddress is the address of the local service instance. It is
	// optional and should only be specified for "side-car" style proxies. It will
	// default to 127.0.0.1 if the proxy is a "side-car" (DestinationServiceID is
	// set) but otherwise will be ignored.
	LocalServiceAddress string `json:",omitempty"`

	// LocalServicePort is the port of the local service instance. It is optional
	// and should only be specified for "side-car" style proxies. It will default
	// to the registered port for the instance if the proxy is a "side-car"
	// (DestinationServiceID is set) but otherwise will be ignored.
	LocalServicePort int `json:",omitempty"`

	// Config is the arbitrary configuration data provided with the proxy
	// registration.
	Config map[string]interface{} `json:",omitempty" bexpr:"-"`

	// Upstreams describes any upstream dependencies the proxy instance should
	// setup.
	Upstreams Upstreams `json:",omitempty"`

	// MeshGateway defines the mesh gateway configuration for this upstream
	MeshGateway MeshGatewayConfig `json:",omitempty"`
}

ConnectProxyConfig describes the configuration needed for any proxy managed or unmanaged. It describes a single logical service's listener and optionally upstreams and sidecar-related config for a single instance. To describe a centralized proxy that routed traffic for multiple services, a different one of these would be needed for each, sharing the same LogicalProxyID.

func TestConnectProxyConfig added in v1.3.0

func TestConnectProxyConfig(t testing.T) ConnectProxyConfig

TestConnectProxyConfig returns a ConnectProxyConfig representing a valid Connect proxy.

func (*ConnectProxyConfig) ToAPI added in v1.3.0

ToAPI returns the api struct with the same fields. We have duplicates to avoid the api package depending on this one which imports a ton of Consul's core which you don't want if you are just trying to use our client in your app.

type ConsulCAProviderConfig added in v1.2.0

type ConsulCAProviderConfig struct {
	CommonCAProviderConfig `mapstructure:",squash"`

	PrivateKey     string
	RootCert       string
	RotationPeriod time.Duration
}

type Coordinate

type Coordinate struct {
	Node    string
	Segment string
	Coord   *coordinate.Coordinate
}

Coordinate stores a node name with its associated network coordinate.

type CoordinateUpdateRequest

type CoordinateUpdateRequest struct {
	Datacenter string
	Node       string
	Segment    string
	Coord      *coordinate.Coordinate
	WriteRequest
}

CoordinateUpdateRequest is used to update the network coordinate of a given node.

func (*CoordinateUpdateRequest) RequestDatacenter

func (c *CoordinateUpdateRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given update request.

type Coordinates

type Coordinates []*Coordinate

type DCSpecificRequest

type DCSpecificRequest struct {
	Datacenter      string
	NodeMetaFilters map[string]string
	Source          QuerySource
	QueryOptions
}

DCSpecificRequest is used to query about a specific DC

func (*DCSpecificRequest) CacheInfo added in v1.2.0

func (r *DCSpecificRequest) CacheInfo() cache.RequestInfo

func (*DCSpecificRequest) CacheMinIndex added in v1.2.0

func (r *DCSpecificRequest) CacheMinIndex() uint64

func (*DCSpecificRequest) RequestDatacenter

func (r *DCSpecificRequest) RequestDatacenter() string

type DatacenterMap

type DatacenterMap struct {
	Datacenter  string
	AreaID      types.AreaID
	Coordinates Coordinates
}

DatacenterMap is used to represent a list of nodes with their raw coordinates, associated with a datacenter. Coordinates are only compatible between nodes in the same area.

type DatacentersRequest added in v1.6.0

type DatacentersRequest struct {
	QueryOptions
}

func (*DatacentersRequest) CacheInfo added in v1.6.0

func (r *DatacentersRequest) CacheInfo() cache.RequestInfo

type DeregisterRequest

type DeregisterRequest struct {
	Datacenter string
	Node       string
	ServiceID  string
	CheckID    types.CheckID
	WriteRequest
}

DeregisterRequest is used for the Catalog.Deregister endpoint to deregister a node as providing a service. If no service is provided the entire node is deregistered.

func (*DeregisterRequest) RequestDatacenter

func (r *DeregisterRequest) RequestDatacenter() string

type DirEntries

type DirEntries []*DirEntry

type DirEntry

type DirEntry struct {
	LockIndex uint64
	Key       string
	Flags     uint64
	Value     []byte
	Session   string `json:",omitempty"`

	RaftIndex
}

DirEntry is used to represent a directory entry. This is used for values in our Key-Value store.

func (*DirEntry) Clone

func (d *DirEntry) Clone() *DirEntry

Returns a clone of the given directory entry.

func (*DirEntry) Equal added in v1.6.0

func (d *DirEntry) Equal(o *DirEntry) bool

type DiscoveryChainConfigEntries added in v1.6.0

type DiscoveryChainConfigEntries struct {
	Routers     map[string]*ServiceRouterConfigEntry
	Splitters   map[string]*ServiceSplitterConfigEntry
	Resolvers   map[string]*ServiceResolverConfigEntry
	Services    map[string]*ServiceConfigEntry
	GlobalProxy *ProxyConfigEntry
}

DiscoveryChainConfigEntries wraps just the raw cross-referenced config entries. None of these are defaulted.

func (*DiscoveryChainConfigEntries) AddResolvers added in v1.6.0

func (e *DiscoveryChainConfigEntries) AddResolvers(entries ...*ServiceResolverConfigEntry)

AddResolvers adds resolver configs. Convenience function for testing.

func (*DiscoveryChainConfigEntries) AddRouters added in v1.6.0

func (e *DiscoveryChainConfigEntries) AddRouters(entries ...*ServiceRouterConfigEntry)

AddRouters adds router configs. Convenience function for testing.

func (*DiscoveryChainConfigEntries) AddServices added in v1.6.0

func (e *DiscoveryChainConfigEntries) AddServices(entries ...*ServiceConfigEntry)

AddServices adds service configs. Convenience function for testing.

func (*DiscoveryChainConfigEntries) AddSplitters added in v1.6.0

func (e *DiscoveryChainConfigEntries) AddSplitters(entries ...*ServiceSplitterConfigEntry)

AddSplitters adds splitter configs. Convenience function for testing.

func (*DiscoveryChainConfigEntries) GetResolver added in v1.6.0

func (*DiscoveryChainConfigEntries) GetRouter added in v1.6.0

func (*DiscoveryChainConfigEntries) GetService added in v1.6.0

func (*DiscoveryChainConfigEntries) GetSplitter added in v1.6.0

func (*DiscoveryChainConfigEntries) IsChainEmpty added in v1.6.0

func (e *DiscoveryChainConfigEntries) IsChainEmpty() bool

func (*DiscoveryChainConfigEntries) IsEmpty added in v1.6.0

func (e *DiscoveryChainConfigEntries) IsEmpty() bool

type DiscoveryChainRequest added in v1.6.0

type DiscoveryChainRequest struct {
	Name       string
	Datacenter string

	QueryOptions
}

DiscoveryChainRequest is used when requesting the discovery chain for a service.

func (*DiscoveryChainRequest) CacheInfo added in v1.6.0

func (r *DiscoveryChainRequest) CacheInfo() cache.RequestInfo

func (*DiscoveryChainRequest) RequestDatacenter added in v1.6.0

func (r *DiscoveryChainRequest) RequestDatacenter() string

type DiscoveryChainResponse added in v1.6.0

type DiscoveryChainResponse struct {
	ConfigEntries *DiscoveryChainConfigEntries `json:",omitempty"` // TODO(rb): remove these?
	Chain         *CompiledDiscoveryChain      `json:",omitempty"`
	QueryMeta
}

TODO(rb): either fix the compiled results, or take the derived data and stash it here in a json/msgpack-friendly way?

type DiscoveryFailover added in v1.6.0

type DiscoveryFailover struct {
	Definition *ServiceResolverFailover `json:",omitempty"`
	Targets    []DiscoveryTarget        `json:",omitempty"`
}

compiled form of ServiceResolverFailover TODO(rb): figure out how to get mesh gateways in here

type DiscoveryGraphNode added in v1.6.0

type DiscoveryGraphNode struct {
	Type string
	Name string // default chain/service name at this spot

	// fields for Type==router
	Routes []*DiscoveryRoute `json:",omitempty"`

	// fields for Type==splitter
	Splits []*DiscoverySplit `json:",omitempty"`

	// fields for Type==group-resolver
	GroupResolver *DiscoveryGroupResolver `json:",omitempty"`
}

DiscoveryGraphNode is a single node of the compiled discovery chain.

type DiscoveryGroupResolver

type DiscoveryGroupResolver struct {
	Definition     *ServiceResolverConfigEntry `json:",omitempty"`
	Default        bool                        `json:",omitempty"`
	ConnectTimeout time.Duration               `json:",omitempty"`
	MeshGateway    MeshGatewayConfig           `json:",omitempty"`
	Target         DiscoveryTarget             `json:",omitempty"`
	Failover       *DiscoveryFailover          `json:",omitempty"`
}

compiled form of ServiceResolverConfigEntry but customized per non-failover target

type DiscoveryRoute added in v1.6.0

type DiscoveryRoute struct {
	Definition      *ServiceRoute       `json:",omitempty"`
	DestinationNode *DiscoveryGraphNode `json:",omitempty"`
}

compiled form of ServiceRoute

type DiscoverySplit added in v1.6.0

type DiscoverySplit struct {
	Weight float32             `json:",omitempty"`
	Node   *DiscoveryGraphNode `json:",omitempty"`
}

compiled form of ServiceSplit

type DiscoveryTarget added in v1.6.0

type DiscoveryTarget struct {
	Service       string `json:",omitempty"`
	ServiceSubset string `json:",omitempty"`
	Namespace     string `json:",omitempty"`
	Datacenter    string `json:",omitempty"`
}

DiscoveryTarget represents all of the inputs necessary to use a resolver config entry to execute a catalog query to generate a list of service instances during discovery.

This is a value type so it can be used as a map key.

func (DiscoveryTarget) CopyAndModify

func (t DiscoveryTarget) CopyAndModify(
	service,
	serviceSubset,
	namespace,
	datacenter string,
) DiscoveryTarget

CopyAndModify will duplicate the target and selectively modify it given the requested inputs.

func (DiscoveryTarget) IsEmpty

func (t DiscoveryTarget) IsEmpty() bool

func (DiscoveryTarget) MarshalText

func (t DiscoveryTarget) MarshalText() (text []byte, err error)

MarshalText implements encoding.TextMarshaler.

This should also not include any colons for embedding that happens elsewhere.

This should NOT return any errors.

func (DiscoveryTarget) String added in v1.6.0

func (t DiscoveryTarget) String() string

func (*DiscoveryTarget) UnmarshalText

func (t *DiscoveryTarget) UnmarshalText(text []byte) error

UnmarshalText implements encoding.TextUnmarshaler.

type DiscoveryTargets

type DiscoveryTargets []DiscoveryTarget

func (DiscoveryTargets) Sort

func (targets DiscoveryTargets) Sort()

type EventFireRequest

type EventFireRequest struct {
	Datacenter string
	Name       string
	Payload    []byte

	// Not using WriteRequest so that any server can process
	// the request. It is a bit unusual...
	QueryOptions
}

EventFireRequest is used to ask a server to fire a Serf event. It is a bit odd, since it doesn't depend on the catalog or leader. Any node can respond, so it's not quite like a standard write request. This is used only internally.

func (*EventFireRequest) RequestDatacenter

func (r *EventFireRequest) RequestDatacenter() string

type EventFireResponse

type EventFireResponse struct {
	QueryMeta
}

EventFireResponse is used to respond to a fire request.

type HealthCheck

type HealthCheck struct {
	Node        string
	CheckID     types.CheckID // Unique per-node ID
	Name        string        // Check name
	Status      string        // The current check status
	Notes       string        // Additional notes with the status
	Output      string        // Holds output of script runs
	ServiceID   string        // optional associated service
	ServiceName string        // optional service name
	ServiceTags []string      // optional service tags

	Definition HealthCheckDefinition `bexpr:"-"`

	RaftIndex `bexpr:"-"`
}

HealthCheck represents a single check on a given node

func (*HealthCheck) Clone

func (c *HealthCheck) Clone() *HealthCheck

Clone returns a distinct clone of the HealthCheck. Note that the "ServiceTags" and "Definition.Header" field are not deep copied.

func (*HealthCheck) IsSame

func (c *HealthCheck) IsSame(other *HealthCheck) bool

IsSame checks if one HealthCheck is the same as another, without looking at the Raft information (that's why we didn't call it IsEqual). This is useful for seeing if an update would be idempotent for all the functional parts of the structure.

type HealthCheckDefinition added in v1.0.1

type HealthCheckDefinition struct {
	HTTP                           string              `json:",omitempty"`
	TLSSkipVerify                  bool                `json:",omitempty"`
	Header                         map[string][]string `json:",omitempty"`
	Method                         string              `json:",omitempty"`
	TCP                            string              `json:",omitempty"`
	Interval                       time.Duration       `json:",omitempty"`
	OutputMaxSize                  uint                `json:",omitempty"`
	Timeout                        time.Duration       `json:",omitempty"`
	DeregisterCriticalServiceAfter time.Duration       `json:",omitempty"`
}

func (*HealthCheckDefinition) MarshalJSON added in v1.4.1

func (d *HealthCheckDefinition) MarshalJSON() ([]byte, error)

func (*HealthCheckDefinition) UnmarshalJSON added in v1.4.1

func (d *HealthCheckDefinition) UnmarshalJSON(data []byte) error

type HealthChecks

type HealthChecks []*HealthCheck

HealthChecks is a collection of HealthCheck structs.

type IdentityCacheEntry added in v1.4.0

type IdentityCacheEntry struct {
	Identity  ACLIdentity
	CacheTime time.Time
}

func (*IdentityCacheEntry) Age added in v1.4.0

func (e *IdentityCacheEntry) Age() time.Duration

type IndexedACLs

type IndexedACLs struct {
	ACLs ACLs
	QueryMeta
}

IndexedACLs has tokens along with the Raft metadata about them.

type IndexedCARoots added in v1.2.0

type IndexedCARoots struct {
	// ActiveRootID is the ID of a root in Roots that is the active CA root.
	// Other roots are still valid if they're in the Roots list but are in
	// the process of being rotated out.
	ActiveRootID string

	// TrustDomain is the identification root for this Consul cluster. All
	// certificates signed by the cluster's CA must have their identifying URI in
	// this domain.
	//
	// This does not include the protocol (currently spiffe://) since we may
	// implement other protocols in future with equivalent semantics. It should be
	// compared against the "authority" section of a URI (i.e. host:port).
	//
	// We need to support migrating a cluster between trust domains to support
	// Multi-DC migration in Enterprise. In this case the current trust domain is
	// here but entries in Roots may also have ExternalTrustDomain set to a
	// non-empty value implying they were previous roots that are still trusted
	// but under a different trust domain.
	//
	// Note that we DON'T validate trust domain during AuthZ since it causes
	// issues of loss of connectivity during migration between trust domains. The
	// only time the additional validation adds value is where the cluster shares
	// an external root (e.g. organization-wide root) with another distinct Consul
	// cluster or PKI system. In this case, x509 Name Constraints can be added to
	// enforce that Consul's CA can only validly sign or trust certs within the
	// same trust-domain. Name constraints as enforced by TLS handshake also allow
	// seamless rotation between trust domains thanks to cross-signing.
	TrustDomain string

	// Roots is a list of root CA certs to trust.
	Roots []*CARoot

	// QueryMeta contains the meta sent via a header. We ignore for JSON
	// so this whole structure can be returned.
	QueryMeta `json:"-"`
}

IndexedCARoots is the list of currently trusted CA Roots.

type IndexedCheckServiceNodes

type IndexedCheckServiceNodes struct {
	Nodes CheckServiceNodes
	QueryMeta
}

type IndexedConfigEntries added in v1.5.0

type IndexedConfigEntries struct {
	Kind    string
	Entries []ConfigEntry
	QueryMeta
}

IndexedConfigEntries has its own encoding logic which differs from ConfigEntryRequest as it has to send a slice of ConfigEntry.

func (*IndexedConfigEntries) MarshalBinary added in v1.5.0

func (c *IndexedConfigEntries) MarshalBinary() (data []byte, err error)

func (*IndexedConfigEntries) UnmarshalBinary added in v1.5.0

func (c *IndexedConfigEntries) UnmarshalBinary(data []byte) error

type IndexedCoordinate

type IndexedCoordinate struct {
	Coord *coordinate.Coordinate
	QueryMeta
}

IndexedCoordinate is used to represent a single node's coordinate from the state store.

type IndexedCoordinates

type IndexedCoordinates struct {
	Coordinates Coordinates
	QueryMeta
}

IndexedCoordinates is used to represent a list of nodes and their corresponding raw coordinates.

type IndexedDirEntries

type IndexedDirEntries struct {
	Entries DirEntries
	QueryMeta
}

type IndexedGenericConfigEntries added in v1.5.0

type IndexedGenericConfigEntries struct {
	Entries []ConfigEntry
	QueryMeta
}

func (*IndexedGenericConfigEntries) MarshalBinary added in v1.5.0

func (c *IndexedGenericConfigEntries) MarshalBinary() (data []byte, err error)

func (*IndexedGenericConfigEntries) UnmarshalBinary added in v1.5.0

func (c *IndexedGenericConfigEntries) UnmarshalBinary(data []byte) error

type IndexedHealthChecks

type IndexedHealthChecks struct {
	HealthChecks HealthChecks
	QueryMeta
}

type IndexedIntentionMatches added in v1.2.0

type IndexedIntentionMatches struct {
	Matches []Intentions
	QueryMeta
}

IndexedIntentionMatches represents the list of matches for a match query.

type IndexedIntentions added in v1.2.0

type IndexedIntentions struct {
	Intentions Intentions
	QueryMeta
}

IndexedIntentions represents a list of intentions for RPC responses.

type IndexedKeyList

type IndexedKeyList struct {
	Keys []string
	QueryMeta
}

type IndexedNodeDump

type IndexedNodeDump struct {
	Dump NodeDump
	QueryMeta
}

type IndexedNodeServices

type IndexedNodeServices struct {
	// TODO: This should not be a pointer, see comments in
	// agent/catalog_endpoint.go.
	NodeServices *NodeServices
	QueryMeta
}

type IndexedNodes

type IndexedNodes struct {
	Nodes Nodes
	QueryMeta
}

type IndexedPreparedQueries

type IndexedPreparedQueries struct {
	Queries PreparedQueries
	QueryMeta
}

type IndexedServiceNodes

type IndexedServiceNodes struct {
	ServiceNodes ServiceNodes
	QueryMeta
}

type IndexedServices

type IndexedServices struct {
	Services Services
	QueryMeta
}

type IndexedSessions

type IndexedSessions struct {
	Sessions Sessions
	QueryMeta
}

type Intention added in v1.2.0

type Intention struct {
	// ID is the UUID-based ID for the intention, always generated by Consul.
	ID string

	// Description is a human-friendly description of this intention.
	// It is opaque to Consul and is only stored and transferred in API
	// requests.
	Description string

	// SourceNS, SourceName are the namespace and name, respectively, of
	// the source service. Either of these may be the wildcard "*", but only
	// the full value can be a wildcard. Partial wildcards are not allowed.
	// The source may also be a non-Consul service, as specified by SourceType.
	//
	// DestinationNS, DestinationName is the same, but for the destination
	// service. The same rules apply. The destination is always a Consul
	// service.
	SourceNS, SourceName           string
	DestinationNS, DestinationName string

	// SourceType is the type of the value for the source.
	SourceType IntentionSourceType

	// Action is whether this is a whitelist or blacklist intention.
	Action IntentionAction

	// DefaultAddr, DefaultPort of the local listening proxy (if any) to
	// make this connection.
	DefaultAddr string
	DefaultPort int

	// Meta is arbitrary metadata associated with the intention. This is
	// opaque to Consul but is served in API responses.
	Meta map[string]string

	// Precedence is the order that the intention will be applied, with
	// larger numbers being applied first. This is a read-only field, on
	// any intention update it is updated.
	Precedence int

	// CreatedAt and UpdatedAt keep track of when this record was created
	// or modified.
	CreatedAt, UpdatedAt time.Time `mapstructure:"-"`

	// Hash of the contents of the intention
	//
	// This is needed mainly for replication purposes. When replicating from
	// one DC to another keeping the content Hash will allow us to detect
	// content changes more efficiently than checking every single field
	Hash []byte

	RaftIndex
}

Intention defines an intention for the Connect Service Graph. This defines the allowed or denied behavior of a connection between two services using Connect.

func TestIntention added in v1.2.0

func TestIntention(t testing.T) *Intention

TestIntention returns a valid, uninserted (no ID set) intention.

func (*Intention) EstimateSize added in v1.4.0

func (x *Intention) EstimateSize() int

EstimateSize returns an estimate (in bytes) of the size of this structure when encoded.

func (*Intention) GetACLPrefix added in v1.2.0

func (x *Intention) GetACLPrefix() (string, bool)

GetACLPrefix returns the prefix to look up the ACL policy for this intention, and a boolean noting whether the prefix is valid to check or not. You must check the ok value before using the prefix.

func (*Intention) SetHash added in v1.6.0

func (x *Intention) SetHash(force bool) []byte

func (*Intention) String added in v1.2.0

func (x *Intention) String() string

String returns a human-friendly string for this intention.

func (*Intention) UpdatePrecedence added in v1.2.0

func (x *Intention) UpdatePrecedence()

UpdatePrecedence sets the Precedence value based on the fields of this structure.

func (*Intention) Validate added in v1.2.0

func (x *Intention) Validate() error

Validate returns an error if the intention is invalid for inserting or updating.

type IntentionAction added in v1.2.0

type IntentionAction string

IntentionAction is the action that the intention represents. This can be "allow" or "deny" to whitelist or blacklist intentions.

const (
	IntentionActionAllow IntentionAction = "allow"
	IntentionActionDeny  IntentionAction = "deny"
)

type IntentionMatchEntry added in v1.2.0

type IntentionMatchEntry struct {
	Namespace string
	Name      string
}

IntentionMatchEntry is a single entry for matching an intention.

type IntentionMatchType added in v1.2.0

type IntentionMatchType string

IntentionMatchType is the target for a match request. For example, matching by source will look for all intentions that match the given source value.

const (
	IntentionMatchSource      IntentionMatchType = "source"
	IntentionMatchDestination IntentionMatchType = "destination"
)

type IntentionOp added in v1.2.0

type IntentionOp string

IntentionOp is the operation for a request related to intentions.

const (
	IntentionOpCreate IntentionOp = "create"
	IntentionOpUpdate IntentionOp = "update"
	IntentionOpDelete IntentionOp = "delete"
)

type IntentionPrecedenceSorter added in v1.2.0

type IntentionPrecedenceSorter Intentions

IntentionPrecedenceSorter takes a list of intentions and sorts them based on the match precedence rules for intentions. The intentions closer to the head of the list have higher precedence. i.e. index 0 has the highest precedence.

func (IntentionPrecedenceSorter) Len added in v1.2.0

func (IntentionPrecedenceSorter) Less added in v1.2.0

func (s IntentionPrecedenceSorter) Less(i, j int) bool

func (IntentionPrecedenceSorter) Swap added in v1.2.0

func (s IntentionPrecedenceSorter) Swap(i, j int)

type IntentionQueryCheck added in v1.2.0

type IntentionQueryCheck struct {
	// SourceNS, SourceName, DestinationNS, and DestinationName are the
	// source and namespace, respectively, for the test. These must be
	// exact values.
	SourceNS, SourceName           string
	DestinationNS, DestinationName string

	// SourceType is the type of the value for the source.
	SourceType IntentionSourceType
}

IntentionQueryCheck are the parameters for performing a test request.

func (*IntentionQueryCheck) GetACLPrefix added in v1.2.0

func (q *IntentionQueryCheck) GetACLPrefix() (string, bool)

GetACLPrefix returns the prefix to look up the ACL policy for this request, and a boolean noting whether the prefix is valid to check or not. You must check the ok value before using the prefix.

type IntentionQueryCheckResponse added in v1.2.0

type IntentionQueryCheckResponse struct {
	Allowed bool
}

IntentionQueryCheckResponse is the response for a test request.

type IntentionQueryMatch added in v1.2.0

type IntentionQueryMatch struct {
	Type    IntentionMatchType
	Entries []IntentionMatchEntry
}

IntentionQueryMatch are the parameters for performing a match request against the state store.

type IntentionQueryRequest added in v1.2.0

type IntentionQueryRequest struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// IntentionID is the ID of a specific intention.
	IntentionID string

	// Match is non-nil if we're performing a match query. A match will
	// find intentions that "match" the given parameters. A match includes
	// resolving wildcards.
	Match *IntentionQueryMatch

	// Check is non-nil if we're performing a test query. A test will
	// return allowed/deny based on an exact match.
	Check *IntentionQueryCheck

	// Options for queries
	QueryOptions
}

IntentionQueryRequest is used to query intentions.

func (*IntentionQueryRequest) CacheInfo added in v1.2.0

func (q *IntentionQueryRequest) CacheInfo() cache.RequestInfo

CacheInfo implements cache.Request

func (*IntentionQueryRequest) RequestDatacenter added in v1.2.0

func (q *IntentionQueryRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type IntentionRequest added in v1.2.0

type IntentionRequest struct {
	// Datacenter is the target for this request.
	Datacenter string

	// Op is the type of operation being requested.
	Op IntentionOp

	// Intention is the intention.
	Intention *Intention

	// WriteRequest is a common struct containing ACL tokens and other
	// write-related common elements for requests.
	WriteRequest
}

IntentionRequest is used to create, update, and delete intentions.

func (*IntentionRequest) RequestDatacenter added in v1.2.0

func (q *IntentionRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type IntentionSourceType added in v1.2.0

type IntentionSourceType string

IntentionSourceType is the type of the source within an intention.

const (
	// IntentionSourceConsul is a service within the Consul catalog.
	IntentionSourceConsul IntentionSourceType = "consul"
)

type Intentions added in v1.2.0

type Intentions []*Intention

Intentions is a list of intentions.

type IssuedCert added in v1.2.0

type IssuedCert struct {
	// SerialNumber is the unique serial number for this certificate.
	// This is encoded in standard hex separated by :.
	SerialNumber string

	// CertPEM and PrivateKeyPEM are the PEM-encoded certificate and private
	// key for that cert, respectively. This should not be stored in the
	// state store, but is present in the sign API response.
	CertPEM       string `json:",omitempty"`
	PrivateKeyPEM string `json:",omitempty"`

	// Service is the name of the service for which the cert was issued.
	// ServiceURI is the cert URI value.
	Service    string `json:",omitempty"`
	ServiceURI string `json:",omitempty"`

	// Agent is the name of the node for which the cert was issued.
	// AgentURI is the cert URI value.
	Agent    string `json:",omitempty"`
	AgentURI string `json:",omitempty"`

	// ValidAfter and ValidBefore are the validity periods for the
	// certificate.
	ValidAfter  time.Time
	ValidBefore time.Time

	RaftIndex
}

IssuedCert is a certificate that has been issued by a Connect CA.

type KVSRequest

type KVSRequest struct {
	Datacenter string
	Op         api.KVOp // Which operation are we performing
	DirEnt     DirEntry // Which directory entry
	WriteRequest
}

KVSRequest is used to operate on the Key-Value store

func (*KVSRequest) RequestDatacenter

func (r *KVSRequest) RequestDatacenter() string

type KeyListRequest

type KeyListRequest struct {
	Datacenter string
	Prefix     string
	Seperator  string
	QueryOptions
}

KeyListRequest is used to list keys

func (*KeyListRequest) RequestDatacenter

func (r *KeyListRequest) RequestDatacenter() string

type KeyRequest

type KeyRequest struct {
	Datacenter string
	Key        string
	QueryOptions
}

KeyRequest is used to request a key, or key prefix

func (*KeyRequest) RequestDatacenter

func (r *KeyRequest) RequestDatacenter() string

type KeyringOp

type KeyringOp string

type KeyringRequest

type KeyringRequest struct {
	Operation   KeyringOp
	Key         string
	Datacenter  string
	Forwarded   bool
	RelayFactor uint8
	QueryOptions
}

KeyringRequest encapsulates a request to modify an encryption keyring. It can be used for install, remove, or use key type operations.

func (*KeyringRequest) RequestDatacenter

func (r *KeyringRequest) RequestDatacenter() string

type KeyringResponse

type KeyringResponse struct {
	WAN        bool
	Datacenter string
	Segment    string
	Messages   map[string]string `json:",omitempty"`
	Keys       map[string]int
	NumNodes   int
	Error      string `json:",omitempty"`
}

KeyringResponse is a unified key response and can be used for install, remove, use, as well as listing key queries.

type KeyringResponses

type KeyringResponses struct {
	Responses []*KeyringResponse
	QueryMeta
}

KeyringResponses holds multiple responses to keyring queries. Each datacenter replies independently, and KeyringResponses is used as a container for the set of all responses.

func (*KeyringResponses) Add

func (r *KeyringResponses) Add(v interface{})

func (*KeyringResponses) New

func (r *KeyringResponses) New() interface{}

type MeshGatewayConfig added in v1.6.0

type MeshGatewayConfig struct {
	// The Mesh Gateway routing mode
	Mode MeshGatewayMode `json:",omitempty"`
}

MeshGatewayConfig controls how Mesh Gateways are configured and used This is a struct to allow for future additions without having more free-hanging configuration items all over the place

func (*MeshGatewayConfig) ToAPI added in v1.6.0

type MeshGatewayMode added in v1.6.0

type MeshGatewayMode string
const (
	// MeshGatewayModeDefault represents no specific mode and should
	// be used to indicate that a different layer of the configuration
	// chain should take precedence
	MeshGatewayModeDefault MeshGatewayMode = ""

	// MeshGatewayModeNone represents that the Upstream Connect connections
	// should be direct and not flow through a mesh gateway.
	MeshGatewayModeNone MeshGatewayMode = "none"

	// MeshGatewayModeLocal represents that the Upstrea Connect connections
	// should be made to a mesh gateway in the local datacenter. This is
	MeshGatewayModeLocal MeshGatewayMode = "local"

	// MeshGatewayModeRemote represents that the Upstream Connect connections
	// should be made to a mesh gateway in a remote datacenter.
	MeshGatewayModeRemote MeshGatewayMode = "remote"
)

type MessageType

type MessageType uint8

type NetworkSegment added in v1.0.0

type NetworkSegment struct {
	// Name is the name of the segment.
	Name string

	// Bind is the bind address for this segment.
	Bind *net.TCPAddr

	// Advertise is the advertise address of this segment.
	Advertise *net.TCPAddr

	// RPCListener is whether to bind a separate RPC listener on the bind address
	// for this segment.
	RPCListener bool
}

(Enterprise-only) NetworkSegment is the configuration for a network segment, which is an isolated serf group on the LAN.

type Node

type Node struct {
	ID              types.NodeID
	Node            string
	Address         string
	Datacenter      string
	TaggedAddresses map[string]string
	Meta            map[string]string

	RaftIndex `bexpr:"-"`
}

Used to return information about a node

func (*Node) BestAddress added in v1.6.0

func (n *Node) BestAddress(wan bool) string

func (*Node) IsSame added in v1.3.0

func (n *Node) IsSame(other *Node) bool

IsSame return whether nodes are similar without taking into account RaftIndex fields.

type NodeDump

type NodeDump []*NodeInfo

NodeDump is used to dump all the nodes with all their associated data. This is currently used for the UI only, as it is rather expensive to generate.

type NodeInfo

type NodeInfo struct {
	ID              types.NodeID
	Node            string
	Address         string
	TaggedAddresses map[string]string
	Meta            map[string]string
	Services        []*NodeService
	Checks          HealthChecks
}

NodeInfo is used to dump all associated information about a node. This is currently used for the UI only, as it is rather expensive to generate.

type NodeService

type NodeService struct {
	// Kind is the kind of service this is. Different kinds of services may
	// have differing validation, DNS behavior, etc. An empty kind will default
	// to the Default kind. See ServiceKind for the full list of kinds.
	Kind ServiceKind `json:",omitempty"`

	ID                string
	Service           string
	Tags              []string
	Address           string
	TaggedAddresses   map[string]ServiceAddress `json:",omitempty"`
	Meta              map[string]string
	Port              int
	Weights           *Weights
	EnableTagOverride bool

	// ProxyDestination is DEPRECATED in favor of Proxy.DestinationServiceName.
	// It's retained since this struct is used to parse input for
	// /catalog/register but nothing else internal should use it - once
	// request/config definitions are passes all internal uses of NodeService
	// should have this empty and use the Proxy.DestinationServiceNames field
	// below.
	//
	// It used to store the name of the service that this service is a Connect
	// proxy for. This is only valid if Kind is "connect-proxy". The destination
	// may be a service that isn't present in the catalog. This is expected and
	// allowed to allow for proxies to come up earlier than their target services.
	// DEPRECATED (ProxyDestination) - remove this when removing ProxyDestination
	ProxyDestination string `bexpr:"-"`

	// Proxy is the configuration set for Kind = connect-proxy. It is mandatory in
	// that case and an error to be set for any other kind. This config is part of
	// a proxy service definition and is distinct from but shares some fields with
	// the Connect.Proxy which configures a managed proxy as part of the actual
	// service's definition. This duplication is ugly but seemed better than the
	// alternative which was to re-use the same struct fields for both cases even
	// though the semantics are different and the non-shred fields make no sense
	// in the other case. ProxyConfig may be a more natural name here, but it's
	// confusing for the UX because one of the fields in ConnectProxyConfig is
	// also called just "Config"
	Proxy ConnectProxyConfig

	// Connect are the Connect settings for a service. This is purposely NOT
	// a pointer so that we never have to nil-check this.
	Connect ServiceConnect

	// LocallyRegisteredAsSidecar is private as it is only used by a local agent
	// state to track if the service was registered from a nested sidecar_service
	// block. We need to track that so we can know whether we need to deregister
	// it automatically too if it's removed from the service definition or if the
	// parent service is deregistered. Relying only on ID would cause us to
	// deregister regular services if they happen to be registered using the same
	// ID scheme as our sidecars do by default. We could use meta but that gets
	// unpleasant because we can't use the consul- prefix from an agent (reserved
	// for use internally but in practice that means within the state store or in
	// responses only), and it leaks the detail publicly which people might rely
	// on which is a bit unpleasant for something that is meant to be config-file
	// syntax sugar. Note this is not translated to ServiceNode and friends and
	// may not be set on a NodeService that isn't the one the agent registered and
	// keeps in it's local state. We never want this rendered in JSON as it's
	// internal only. Right now our agent endpoints return api structs which don't
	// include it but this is a safety net incase we change that or there is
	// somewhere this is used in API output.
	LocallyRegisteredAsSidecar bool `json:"-" bexpr:"-"`

	RaftIndex `bexpr:"-"`
}

NodeService is a service provided by a node

func TestNodeService added in v1.2.0

func TestNodeService(t testing.T) *NodeService

TestNodeService returns a *NodeService representing a valid regular service.

func TestNodeServiceMeshGateway added in v1.6.0

func TestNodeServiceMeshGateway(t testing.T) *NodeService

TestNodeServiceMeshGateway returns a *NodeService representing a valid Mesh Gateway

func TestNodeServiceMeshGatewayWithAddrs added in v1.6.0

func TestNodeServiceMeshGatewayWithAddrs(t testing.T, address string, port int, lanAddr, wanAddr ServiceAddress) *NodeService

func TestNodeServiceProxy added in v1.2.0

func TestNodeServiceProxy(t testing.T) *NodeService

TestNodeServiceProxy returns a *NodeService representing a valid Connect proxy.

func TestNodeServiceSidecar added in v1.3.0

func TestNodeServiceSidecar(t testing.T) *NodeService

TestNodeServiceSidecar returns a *NodeService representing a service registration with a nested Sidecar registration.

func (*NodeService) BestAddress added in v1.6.0

func (ns *NodeService) BestAddress(wan bool) (string, int)

func (*NodeService) IsMeshGateway added in v1.6.0

func (s *NodeService) IsMeshGateway() bool

func (*NodeService) IsSame

func (s *NodeService) IsSame(other *NodeService) bool

IsSame checks if one NodeService is the same as another, without looking at the Raft information (that's why we didn't call it IsEqual). This is useful for seeing if an update would be idempotent for all the functional parts of the structure.

func (*NodeService) IsSidecarProxy added in v1.5.0

func (s *NodeService) IsSidecarProxy() bool

IsSidecarProxy returns true if the NodeService is a sidecar proxy.

func (*NodeService) ToServiceNode

func (s *NodeService) ToServiceNode(node string) *ServiceNode

ToServiceNode converts the given node service to a service node.

func (*NodeService) Validate added in v1.2.0

func (s *NodeService) Validate() error

Validate validates the node service configuration.

NOTE(mitchellh): This currently only validates fields for a ConnectProxy. Historically validation has been directly in the Catalog.Register RPC. ConnectProxy validation was moved here for easier table testing, but other validation still exists in Catalog.Register.

type NodeServices

type NodeServices struct {
	Node     *Node
	Services map[string]*NodeService
}

type NodeSpecificRequest

type NodeSpecificRequest struct {
	Datacenter string
	Node       string
	QueryOptions
}

NodeSpecificRequest is used to request the information about a single node

func (*NodeSpecificRequest) CacheInfo added in v1.4.3

func (r *NodeSpecificRequest) CacheInfo() cache.RequestInfo

func (*NodeSpecificRequest) RequestDatacenter

func (r *NodeSpecificRequest) RequestDatacenter() string

type Nodes

type Nodes []*Node

type ParsedPolicyCacheEntry added in v1.4.0

type ParsedPolicyCacheEntry struct {
	Policy    *acl.Policy
	CacheTime time.Time
}

func (*ParsedPolicyCacheEntry) Age added in v1.4.0

type PolicyCacheEntry added in v1.4.0

type PolicyCacheEntry struct {
	Policy    *ACLPolicy
	CacheTime time.Time
}

func (*PolicyCacheEntry) Age added in v1.4.0

func (e *PolicyCacheEntry) Age() time.Duration

type PreparedQueries

type PreparedQueries []*PreparedQuery

type PreparedQuery

type PreparedQuery struct {
	// ID is this UUID-based ID for the query, always generated by Consul.
	ID string

	// Name is an optional friendly name for the query supplied by the
	// user. NOTE - if this feature is used then it will reduce the security
	// of any read ACL associated with this query/service since this name
	// can be used to locate nodes with supplying any ACL.
	Name string

	// Session is an optional session to tie this query's lifetime to. If
	// this is omitted then the query will not expire.
	Session string

	// Token is the ACL token used when the query was created, and it is
	// used when a query is subsequently executed. This token, or a token
	// with management privileges, must be used to change the query later.
	Token string

	// Template is used to configure this query as a template, which will
	// respond to queries based on the Name, and then will be rendered
	// before it is executed.
	Template QueryTemplateOptions

	// Service defines a service query (leaving things open for other types
	// later).
	Service ServiceQuery

	// DNS has options that control how the results of this query are
	// served over DNS.
	DNS QueryDNSOptions

	RaftIndex
}

PreparedQuery defines a complete prepared query, and is the structure we maintain in the state store.

func (*PreparedQuery) GetACLPrefix

func (pq *PreparedQuery) GetACLPrefix() (string, bool)

GetACLPrefix returns the prefix to look up the prepared_query ACL policy for this query, and whether the prefix applies to this query. You always need to check the ok value before using the prefix.

type PreparedQueryExecuteRemoteRequest

type PreparedQueryExecuteRemoteRequest struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// Query is a copy of the query to execute.  We have to ship the entire
	// query over since it won't be present in the remote state store.
	Query PreparedQuery

	// Limit will trim the resulting list down to the given limit.
	Limit int

	// Connect is the same as ExecuteRequest.
	Connect bool

	// QueryOptions (unfortunately named here) controls the consistency
	// settings for the the service lookups.
	QueryOptions
}

PreparedQueryExecuteRemoteRequest is used when running a local query in a remote datacenter.

func (*PreparedQueryExecuteRemoteRequest) RequestDatacenter

func (q *PreparedQueryExecuteRemoteRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type PreparedQueryExecuteRequest

type PreparedQueryExecuteRequest struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// QueryIDOrName is the ID of a query _or_ the name of one, either can
	// be provided.
	QueryIDOrName string

	// Limit will trim the resulting list down to the given limit.
	Limit int

	// Connect will force results to be Connect-enabled nodes for the
	// matching services. This is equivalent in semantics exactly to
	// setting "Connect" in the query template itself, but allows callers
	// to use any prepared query in a Connect setting.
	Connect bool

	// Source is used to sort the results relative to a given node using
	// network coordinates.
	Source QuerySource

	// Agent is used to carry around a reference to the agent which initiated
	// the execute request. Used to distance-sort relative to the local node.
	Agent QuerySource

	// QueryOptions (unfortunately named here) controls the consistency
	// settings for the query lookup itself, as well as the service lookups.
	QueryOptions
}

PreparedQueryExecuteRequest is used to execute a prepared query.

func (*PreparedQueryExecuteRequest) CacheInfo added in v1.3.0

CacheInfo implements cache.Request allowing requests to be cached on agent.

func (*PreparedQueryExecuteRequest) RequestDatacenter

func (q *PreparedQueryExecuteRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type PreparedQueryExecuteResponse

type PreparedQueryExecuteResponse struct {
	// Service is the service that was queried.
	Service string

	// Nodes has the nodes that were output by the query.
	Nodes CheckServiceNodes

	// DNS has the options for serving these results over DNS.
	DNS QueryDNSOptions

	// Datacenter is the datacenter that these results came from.
	Datacenter string

	// Failovers is a count of how many times we had to query a remote
	// datacenter.
	Failovers int

	// QueryMeta has freshness information about the query.
	QueryMeta
}

PreparedQueryExecuteResponse has the results of executing a query.

type PreparedQueryExplainResponse

type PreparedQueryExplainResponse struct {
	// Query has the fully-rendered query.
	Query PreparedQuery

	// QueryMeta has freshness information about the query.
	QueryMeta
}

PreparedQueryExplainResponse has the results when explaining a query/

type PreparedQueryOp

type PreparedQueryOp string
const (
	PreparedQueryCreate PreparedQueryOp = "create"
	PreparedQueryUpdate PreparedQueryOp = "update"
	PreparedQueryDelete PreparedQueryOp = "delete"
)

type PreparedQueryRequest

type PreparedQueryRequest struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// Op is the operation to apply.
	Op PreparedQueryOp

	// Query is the query itself.
	Query *PreparedQuery

	// WriteRequest holds the ACL token to go along with this request.
	WriteRequest
}

QueryRequest is used to create or change prepared queries.

func (*PreparedQueryRequest) RequestDatacenter

func (q *PreparedQueryRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type PreparedQuerySpecificRequest

type PreparedQuerySpecificRequest struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// QueryID is the ID of a query.
	QueryID string

	// QueryOptions (unfortunately named here) controls the consistency
	// settings for the query lookup itself, as well as the service lookups.
	QueryOptions
}

PreparedQuerySpecificRequest is used to get information about a prepared query.

func (*PreparedQuerySpecificRequest) RequestDatacenter

func (q *PreparedQuerySpecificRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type ProxyConfigEntry added in v1.5.0

type ProxyConfigEntry struct {
	Kind        string
	Name        string
	Config      map[string]interface{}
	MeshGateway MeshGatewayConfig `json:",omitempty"`

	RaftIndex
}

ProxyConfigEntry is the top-level struct for global proxy configuration defaults.

func (*ProxyConfigEntry) CanRead added in v1.5.0

func (e *ProxyConfigEntry) CanRead(rule acl.Authorizer) bool

func (*ProxyConfigEntry) CanWrite added in v1.5.0

func (e *ProxyConfigEntry) CanWrite(rule acl.Authorizer) bool

func (*ProxyConfigEntry) GetKind added in v1.5.0

func (e *ProxyConfigEntry) GetKind() string

func (*ProxyConfigEntry) GetName added in v1.5.0

func (e *ProxyConfigEntry) GetName() string

func (*ProxyConfigEntry) GetRaftIndex added in v1.5.0

func (e *ProxyConfigEntry) GetRaftIndex() *RaftIndex

func (*ProxyConfigEntry) MarshalBinary added in v1.5.0

func (e *ProxyConfigEntry) MarshalBinary() (data []byte, err error)

func (*ProxyConfigEntry) Normalize added in v1.5.0

func (e *ProxyConfigEntry) Normalize() error

func (*ProxyConfigEntry) UnmarshalBinary added in v1.5.0

func (e *ProxyConfigEntry) UnmarshalBinary(data []byte) error

func (*ProxyConfigEntry) Validate added in v1.5.0

func (e *ProxyConfigEntry) Validate() error

type ProxyExecMode added in v1.2.0

type ProxyExecMode int

ProxyExecMode encodes the mode for running a managed connect proxy.

const (
	// ProxyExecModeUnspecified uses the global default proxy mode.
	ProxyExecModeUnspecified ProxyExecMode = iota

	// ProxyExecModeDaemon executes a proxy process as a supervised daemon.
	ProxyExecModeDaemon

	// ProxyExecModeScript executes a proxy config script on each change to it's
	// config.
	ProxyExecModeScript

	// ProxyExecModeTest tracks the start/stop of the proxy in-memory
	// and is only used for tests. This shouldn't be set outside of tests,
	// but even if it is it has no external effect.
	ProxyExecModeTest
)

func NewProxyExecMode added in v1.2.0

func NewProxyExecMode(raw string) (ProxyExecMode, error)

NewProxyExecMode returns the proper ProxyExecMode for the given string value.

func (ProxyExecMode) String added in v1.2.0

func (m ProxyExecMode) String() string

String implements Stringer

type QueryDNSOptions

type QueryDNSOptions struct {
	// TTL is the time to live for the served DNS results.
	TTL string
}

QueryDNSOptions controls settings when query results are served over DNS.

type QueryDatacenterOptions

type QueryDatacenterOptions struct {
	// NearestN is set to the number of remote datacenters to try, based on
	// network coordinates.
	NearestN int

	// Datacenters is a fixed list of datacenters to try after NearestN. We
	// never try a datacenter multiple times, so those are subtracted from
	// this list before proceeding.
	Datacenters []string
}

QueryDatacenterOptions sets options about how we fail over if there are no healthy nodes in the local datacenter.

type QueryMeta

type QueryMeta struct {
	// This is the index associated with the read
	Index uint64

	// If AllowStale is used, this is time elapsed since
	// last contact between the follower and leader. This
	// can be used to gauge staleness.
	LastContact time.Duration

	// Used to indicate if there is a known leader node
	KnownLeader bool

	// Consistencylevel returns the consistency used to serve the query
	// Having `discovery_max_stale` on the agent can affect whether
	// the request was served by a leader.
	ConsistencyLevel string
}

QueryMeta allows a query response to include potentially useful metadata about a query

type QueryOptions

type QueryOptions struct {
	// Token is the ACL token ID. If not provided, the 'anonymous'
	// token is assumed for backwards compatibility.
	Token string

	// If set, wait until query exceeds given index. Must be provided
	// with MaxQueryTime.
	MinQueryIndex uint64

	// Provided with MinQueryIndex to wait for change.
	MaxQueryTime time.Duration

	// If set, any follower can service the request. Results
	// may be arbitrarily stale.
	AllowStale bool

	// If set, the leader must verify leadership prior to
	// servicing the request. Prevents a stale read.
	RequireConsistent bool

	// If set, the local agent may respond with an arbitrarily stale locally
	// cached response. The semantics differ from AllowStale since the agent may
	// be entirely partitioned from the servers and still considered "healthy" by
	// operators. Stale responses from Servers are also arbitrarily stale, but can
	// provide additional bounds on the last contact time from the leader. It's
	// expected that servers that are partitioned are noticed and replaced in a
	// timely way by operators while the same may not be true for client agents.
	UseCache bool

	// If set and AllowStale is true, will try first a stale
	// read, and then will perform a consistent read if stale
	// read is older than value.
	MaxStaleDuration time.Duration

	// MaxAge limits how old a cached value will be returned if UseCache is true.
	// If there is a cached response that is older than the MaxAge, it is treated
	// as a cache miss and a new fetch invoked. If the fetch fails, the error is
	// returned. Clients that wish to allow for stale results on error can set
	// StaleIfError to a longer duration to change this behavior. It is ignored
	// if the endpoint supports background refresh caching. See
	// https://www.consul.io/api/index.html#agent-caching for more details.
	MaxAge time.Duration

	// MustRevalidate forces the agent to fetch a fresh version of a cached
	// resource or at least validate that the cached version is still fresh. It is
	// implied by either max-age=0 or must-revalidate Cache-Control headers. It
	// only makes sense when UseCache is true. We store it since MaxAge = 0 is the
	// default unset value.
	MustRevalidate bool

	// StaleIfError specifies how stale the client will accept a cached response
	// if the servers are unavailable to fetch a fresh one. Only makes sense when
	// UseCache is true and MaxAge is set to a lower, non-zero value. It is
	// ignored if the endpoint supports background refresh caching. See
	// https://www.consul.io/api/index.html#agent-caching for more details.
	StaleIfError time.Duration

	// Filter specifies the go-bexpr filter expression to be used for
	// filtering the data prior to returning a response
	Filter string
}

QueryOptions is used to specify various flags for read queries

func (QueryOptions) AllowStaleRead

func (q QueryOptions) AllowStaleRead() bool

func (QueryOptions) ConsistencyLevel added in v1.0.7

func (q QueryOptions) ConsistencyLevel() string

ConsistencyLevel display the consistency required by a request

func (QueryOptions) IsRead

func (q QueryOptions) IsRead() bool

IsRead is always true for QueryOption.

func (QueryOptions) TokenSecret added in v1.4.0

func (q QueryOptions) TokenSecret() string

type QuerySource

type QuerySource struct {
	Datacenter string
	Segment    string
	Node       string
	Ip         string
}

QuerySource is used to pass along information about the source node in queries so that we can adjust the response based on its network coordinates.

type QueryTemplateOptions

type QueryTemplateOptions struct {
	// Type, if non-empty, means that this query is a template. This is
	// set to one of the QueryTemplateType* constants above.
	Type string

	// Regexp is an optional regular expression to use to parse the full
	// name, once the prefix match has selected a template. This can be
	// used to extract parts of the name and choose a service name, set
	// tags, etc.
	Regexp string

	// RemoveEmptyTags, if true, removes empty tags from matched tag list
	RemoveEmptyTags bool
}

QueryTemplateOptions controls settings if this query is a template.

type RPCInfo

type RPCInfo interface {
	RequestDatacenter() string
	IsRead() bool
	AllowStaleRead() bool
	TokenSecret() string
}

RPCInfo is used to describe common information about query

type RaftConfigurationResponse

type RaftConfigurationResponse struct {
	// Servers has the list of servers in the Raft configuration.
	Servers []*RaftServer

	// Index has the Raft index of this configuration.
	Index uint64
}

RaftConfigurationResponse is returned when querying for the current Raft configuration.

type RaftIndex

type RaftIndex struct {
	CreateIndex uint64 `bexpr:"-"`
	ModifyIndex uint64 `bexpr:"-"`
}

RaftIndex is used to track the index used while creating or modifying a given struct type.

type RaftRemovePeerRequest

type RaftRemovePeerRequest struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// Address is the peer to remove, in the form "IP:port".
	Address raft.ServerAddress

	// ID is the peer ID to remove.
	ID raft.ServerID

	// WriteRequest holds the ACL token to go along with this request.
	WriteRequest
}

RaftRemovePeerRequest is used by the Operator endpoint to apply a Raft operation on a specific Raft peer by address in the form of "IP:port".

func (*RaftRemovePeerRequest) RequestDatacenter

func (op *RaftRemovePeerRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type RaftServer

type RaftServer struct {
	// ID is the unique ID for the server. These are currently the same
	// as the address, but they will be changed to a real GUID in a future
	// release of Consul.
	ID raft.ServerID

	// Node is the node name of the server, as known by Consul, or this
	// will be set to "(unknown)" otherwise.
	Node string

	// Address is the IP:port of the server, used for Raft communications.
	Address raft.ServerAddress

	// Leader is true if this server is the current cluster leader.
	Leader bool

	// Protocol version is the raft protocol version used by the server
	ProtocolVersion string

	// Voter is true if this server has a vote in the cluster. This might
	// be false if the server is staging and still coming online, or if
	// it's a non-voting server, which will be added in a future release of
	// Consul.
	Voter bool
}

RaftServer has information about a server in the Raft configuration.

type RegisterRequest

type RegisterRequest struct {
	Datacenter      string
	ID              types.NodeID
	Node            string
	Address         string
	TaggedAddresses map[string]string
	NodeMeta        map[string]string
	Service         *NodeService
	Check           *HealthCheck
	Checks          HealthChecks

	// SkipNodeUpdate can be used when a register request is intended for
	// updating a service and/or checks, but doesn't want to overwrite any
	// node information if the node is already registered. If the node
	// doesn't exist, it will still be created, but if the node exists, any
	// node portion of this update will not apply.
	SkipNodeUpdate bool

	WriteRequest
}

RegisterRequest is used for the Catalog.Register endpoint to register a node as providing a service. If no service is provided, the node is registered.

func TestRegisterRequest added in v1.2.0

func TestRegisterRequest(t testing.T) *RegisterRequest

TestRegisterRequest returns a RegisterRequest for registering a typical service.

func TestRegisterRequestProxy added in v1.2.0

func TestRegisterRequestProxy(t testing.T) *RegisterRequest

TestRegisterRequestProxy returns a RegisterRequest for registering a Connect proxy.

func (*RegisterRequest) ChangesNode

func (r *RegisterRequest) ChangesNode(node *Node) bool

ChangesNode returns true if the given register request changes the given node, which can be nil. This only looks for changes to the node record itself, not any of the health checks.

func (*RegisterRequest) RequestDatacenter

func (r *RegisterRequest) RequestDatacenter() string

type RoleCacheEntry added in v1.5.0

type RoleCacheEntry struct {
	Role      *ACLRole
	CacheTime time.Time
}

func (*RoleCacheEntry) Age added in v1.5.0

func (e *RoleCacheEntry) Age() time.Duration

type ServiceAddress added in v1.6.0

type ServiceAddress struct {
	Address string
	Port    int
}

Type to hold a address and port of a service

func (ServiceAddress) ToAPIServiceAddress added in v1.6.0

func (a ServiceAddress) ToAPIServiceAddress() api.ServiceAddress

type ServiceConfigEntry added in v1.5.0

type ServiceConfigEntry struct {
	Kind        string
	Name        string
	Protocol    string
	MeshGateway MeshGatewayConfig `json:",omitempty"`

	RaftIndex
}

ServiceConfiguration is the top-level struct for the configuration of a service across the entire cluster.

func (*ServiceConfigEntry) CanRead added in v1.5.0

func (e *ServiceConfigEntry) CanRead(rule acl.Authorizer) bool

func (*ServiceConfigEntry) CanWrite added in v1.5.0

func (e *ServiceConfigEntry) CanWrite(rule acl.Authorizer) bool

func (*ServiceConfigEntry) GetKind added in v1.5.0

func (e *ServiceConfigEntry) GetKind() string

func (*ServiceConfigEntry) GetName added in v1.5.0

func (e *ServiceConfigEntry) GetName() string

func (*ServiceConfigEntry) GetRaftIndex added in v1.5.0

func (e *ServiceConfigEntry) GetRaftIndex() *RaftIndex

func (*ServiceConfigEntry) Normalize added in v1.5.0

func (e *ServiceConfigEntry) Normalize() error

func (*ServiceConfigEntry) Validate added in v1.5.0

func (e *ServiceConfigEntry) Validate() error

type ServiceConfigRequest added in v1.5.0

type ServiceConfigRequest struct {
	Name       string
	Datacenter string
	Upstreams  []string

	QueryOptions
}

ServiceConfigRequest is used when requesting the resolved configuration for a service.

func (*ServiceConfigRequest) CacheInfo added in v1.5.0

func (r *ServiceConfigRequest) CacheInfo() cache.RequestInfo

func (*ServiceConfigRequest) RequestDatacenter added in v1.5.0

func (s *ServiceConfigRequest) RequestDatacenter() string

type ServiceConfigResponse added in v1.5.0

type ServiceConfigResponse struct {
	ProxyConfig     map[string]interface{}
	UpstreamConfigs map[string]map[string]interface{}
	MeshGateway     MeshGatewayConfig `json:",omitempty"`
	QueryMeta
}

func (*ServiceConfigResponse) MarshalBinary added in v1.5.0

func (r *ServiceConfigResponse) MarshalBinary() (data []byte, err error)

MarshalBinary writes ServiceConfigResponse as msgpack encoded. It's only here because we need custom decoding of the raw interface{} values.

func (*ServiceConfigResponse) UnmarshalBinary added in v1.5.0

func (r *ServiceConfigResponse) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes msgpack encoded ServiceConfigResponse. It used default msgpack encoding but fixes up the uint8 strings and other problems we have with encoding map[string]interface{}.

type ServiceConnect added in v1.2.0

type ServiceConnect struct {
	// Native is true when this service can natively understand Connect.
	Native bool `json:",omitempty"`

	// DEPRECATED(managed-proxies) - Remove with the rest of managed proxies
	// Proxy configures a connect proxy instance for the service. This is
	// only used for agent service definitions and is invalid for non-agent
	// (catalog API) definitions.
	Proxy *ServiceDefinitionConnectProxy `json:",omitempty" bexpr:"-"`

	// SidecarService is a nested Service Definition to register at the same time.
	// It's purely a convenience mechanism to allow specifying a sidecar service
	// along with the application service definition. It's nested nature allows
	// all of the fields to be defaulted which can reduce the amount of
	// boilerplate needed to register a sidecar service separately, but the end
	// result is identical to just making a second service registration via any
	// other means.
	SidecarService *ServiceDefinition `json:",omitempty" bexpr:"-"`
}

ServiceConnect are the shared Connect settings between all service definitions from the agent to the state store.

type ServiceDefinition

type ServiceDefinition struct {
	Kind              ServiceKind `json:",omitempty"`
	ID                string
	Name              string
	Tags              []string
	Address           string
	TaggedAddresses   map[string]ServiceAddress
	Meta              map[string]string
	Port              int
	Check             CheckType
	Checks            CheckTypes
	Weights           *Weights
	Token             string
	EnableTagOverride bool
	// DEPRECATED (ProxyDestination) - remove this when removing ProxyDestination
	// ProxyDestination is deprecated in favor of Proxy.DestinationServiceName
	ProxyDestination string `json:",omitempty"`

	// Proxy is the configuration set for Kind = connect-proxy. It is mandatory in
	// that case and an error to be set for any other kind. This config is part of
	// a proxy service definition and is distinct from but shares some fields with
	// the Connect.Proxy which configures a managed proxy as part of the actual
	// service's definition. This duplication is ugly but seemed better than the
	// alternative which was to re-use the same struct fields for both cases even
	// though the semantics are different and the non-shared fields make no sense
	// in the other case. ProxyConfig may be a more natural name here, but it's
	// confusing for the UX because one of the fields in ConnectProxyConfig is
	// also called just "Config"
	Proxy *ConnectProxyConfig

	Connect *ServiceConnect
}

ServiceDefinition is used to JSON decode the Service definitions. For documentation on specific fields see NodeService which is better documented.

func TestServiceDefinition added in v1.2.0

func TestServiceDefinition(t testing.T) *ServiceDefinition

TestServiceDefinition returns a ServiceDefinition for a typical service.

func TestServiceDefinitionProxy added in v1.2.0

func TestServiceDefinitionProxy(t testing.T) *ServiceDefinition

TestServiceDefinitionProxy returns a ServiceDefinition for a proxy.

func (*ServiceDefinition) CheckTypes

func (s *ServiceDefinition) CheckTypes() (checks CheckTypes, err error)

func (*ServiceDefinition) ConnectManagedProxy added in v1.2.0

func (s *ServiceDefinition) ConnectManagedProxy() (*ConnectManagedProxy, error)

ConnectManagedProxy returns a ConnectManagedProxy from the ServiceDefinition if one is configured validly. Note that is may return nil if no proxy is configured and will also return nil error in this case too as it's an expected case. The error returned indicates that there was an attempt to configure a proxy made but that it was invalid input, e.g. invalid "exec_mode".

func (*ServiceDefinition) NodeService

func (s *ServiceDefinition) NodeService() *NodeService

func (*ServiceDefinition) Validate added in v1.2.0

func (s *ServiceDefinition) Validate() error

Validate validates the service definition. This also calls the underlying Validate method on the NodeService.

NOTE(mitchellh): This currently only validates fields related to Connect and is incomplete with regards to other fields.

type ServiceDefinitionConnectProxy added in v1.2.0

type ServiceDefinitionConnectProxy struct {
	Command   []string               `json:",omitempty"`
	ExecMode  string                 `json:",omitempty"`
	Config    map[string]interface{} `json:",omitempty"`
	Upstreams []Upstream             `json:",omitempty"`
}

ServiceDefinitionConnectProxy is the connect proxy config within a service registration. Note this is duplicated in config.ServiceConnectProxy and needs to be kept in sync.

func (*ServiceDefinitionConnectProxy) MarshalJSON added in v1.2.0

func (p *ServiceDefinitionConnectProxy) MarshalJSON() ([]byte, error)

type ServiceDumpRequest added in v1.6.0

type ServiceDumpRequest struct {
	Datacenter     string
	ServiceKind    ServiceKind
	UseServiceKind bool
	Source         QuerySource
	QueryOptions
}

func (*ServiceDumpRequest) CacheInfo added in v1.6.0

func (r *ServiceDumpRequest) CacheInfo() cache.RequestInfo

func (*ServiceDumpRequest) CacheMinIndex added in v1.6.0

func (r *ServiceDumpRequest) CacheMinIndex() uint64

func (*ServiceDumpRequest) RequestDatacenter added in v1.6.0

func (r *ServiceDumpRequest) RequestDatacenter() string

type ServiceKind added in v1.2.0

type ServiceKind string

ServiceKind is the kind of service being registered.

const (
	// ServiceKindTypical is a typical, classic Consul service. This is
	// represented by the absence of a value. This was chosen for ease of
	// backwards compatibility: existing services in the catalog would
	// default to the typical service.
	ServiceKindTypical ServiceKind = ""

	// ServiceKindConnectProxy is a proxy for the Connect feature. This
	// service proxies another service within Consul and speaks the connect
	// protocol.
	ServiceKindConnectProxy ServiceKind = "connect-proxy"

	// ServiceKindMeshGateway is a Mesh Gateway for the Connect feature. This
	// service will proxy connections based off the SNI header set by other
	// connect proxies
	ServiceKindMeshGateway ServiceKind = "mesh-gateway"
)

func ServiceKindFromString added in v1.6.0

func ServiceKindFromString(kind string) (ServiceKind, error)

type ServiceNode

type ServiceNode struct {
	ID                       types.NodeID
	Node                     string
	Address                  string
	Datacenter               string
	TaggedAddresses          map[string]string
	NodeMeta                 map[string]string
	ServiceKind              ServiceKind
	ServiceID                string
	ServiceName              string
	ServiceTags              []string
	ServiceAddress           string
	ServiceTaggedAddresses   map[string]ServiceAddress `json:",omitempty"`
	ServiceWeights           Weights
	ServiceMeta              map[string]string
	ServicePort              int
	ServiceEnableTagOverride bool
	// DEPRECATED (ProxyDestination) - remove this when removing ProxyDestination
	ServiceProxyDestination string `bexpr:"-"`
	ServiceProxy            ConnectProxyConfig
	ServiceConnect          ServiceConnect

	RaftIndex `bexpr:"-"`
}

ServiceNode represents a node that is part of a service. ID, Address, TaggedAddresses, and NodeMeta are node-related fields that are always empty in the state store and are filled in on the way out by parseServiceNodes(). This is also why PartialClone() skips them, because we know they are blank already so it would be a waste of time to copy them.

func (*ServiceNode) IsSameService added in v1.3.0

func (s *ServiceNode) IsSameService(other *ServiceNode) bool

IsSameService checks if one Service of a ServiceNode is the same as another, without looking at the Raft information or Node information (that's why we didn't call it IsEqual). This is useful for seeing if an update would be idempotent for all the functional parts of the structure. In a similar fashion as ToNodeService(), fields related to Node are ignored see ServiceNode for more information.

func (*ServiceNode) PartialClone

func (s *ServiceNode) PartialClone() *ServiceNode

PartialClone() returns a clone of the given service node, minus the node- related fields that get filled in later, Address and TaggedAddresses.

func (*ServiceNode) ToNodeService

func (s *ServiceNode) ToNodeService() *NodeService

ToNodeService converts the given service node to a node service.

type ServiceNodes

type ServiceNodes []*ServiceNode

type ServiceQuery

type ServiceQuery struct {
	// Service is the service to query.
	Service string

	// Failover controls what we do if there are no healthy nodes in the
	// local datacenter.
	Failover QueryDatacenterOptions

	// If OnlyPassing is true then we will only include nodes with passing
	// health checks (critical AND warning checks will cause a node to be
	// discarded)
	OnlyPassing bool

	// IgnoreCheckIDs is an optional list of health check IDs to ignore when
	// considering which nodes are healthy. It is useful as an emergency measure
	// to temporarily override some health check that is producing false negatives
	// for example.
	IgnoreCheckIDs []types.CheckID

	// Near allows the query to always prefer the node nearest the given
	// node. If the node does not exist, results are returned in their
	// normal randomly-shuffled order. Supplying the magic "_agent" value
	// is supported to sort near the agent which initiated the request.
	Near string

	// Tags are a set of required and/or disallowed tags. If a tag is in
	// this list it must be present. If the tag is preceded with "!" then
	// it is disallowed.
	Tags []string

	// NodeMeta is a map of required node metadata fields. If a key/value
	// pair is in this map it must be present on the node in order for the
	// service entry to be returned.
	NodeMeta map[string]string

	// ServiceMeta is a map of required service metadata fields. If a key/value
	// pair is in this map it must be present on the node in order for the
	// service entry to be returned.
	ServiceMeta map[string]string

	// Connect if true will filter the prepared query results to only
	// include Connect-capable services. These include both native services
	// and proxies for matching services. Note that if a proxy matches,
	// the constraints in the query above (Near, OnlyPassing, etc.) apply
	// to the _proxy_ and not the service being proxied. In practice, proxies
	// should be directly next to their services so this isn't an issue.
	Connect bool
}

ServiceQuery is used to query for a set of healthy nodes offering a specific service.

type ServiceResolverConfigEntry added in v1.6.0

type ServiceResolverConfigEntry struct {
	Kind string
	Name string

	// DefaultSubset is the subset to use when no explicit subset is
	// requested. If empty the unnamed subset is used.
	DefaultSubset string `json:",omitempty"`

	// Subsets is a map of subset name to subset definition for all
	// usable named subsets of this service. The map key is the name
	// of the subset and all names must be valid DNS subdomain elements
	// so they can be used in SNI FQDN headers for the Connect Gateways
	// feature.
	//
	// This may be empty, in which case only the unnamed default subset
	// will be usable.
	Subsets map[string]ServiceResolverSubset `json:",omitempty"`

	// Redirect is a service/subset/datacenter/namespace to resolve
	// instead of the requested service (optional).
	//
	// When configured, all occurrences of this resolver in any discovery
	// chain evaluation will be substituted for the supplied redirect
	// EXCEPT when the redirect has already been applied.
	//
	// When substituting the supplied redirect into the discovery chain
	// all other fields beside Kind/Name/Redirect will be ignored.
	Redirect *ServiceResolverRedirect `json:",omitempty"`

	// Failover controls when and how to reroute traffic to an alternate pool
	// of service instances.
	//
	// The map is keyed by the service subset it applies to, and the special
	// string "*" is a wildcard that applies to any subset not otherwise
	// specified here.
	Failover map[string]ServiceResolverFailover `json:",omitempty"`

	// ConnectTimeout is the timeout for establishing new network connections
	// to this service.
	ConnectTimeout time.Duration `json:",omitempty"`

	RaftIndex
}

ServiceResolverConfigEntry defines which instances of a service should satisfy discovery requests for a given named service.

This config entry represents the next hop of the discovery chain after splitting. If no resolver config is defined the chain assumes 100% of traffic goes to the healthy instances of the default service in the current datacenter+namespace and discovery terminates.

Resolver configs are recursively collected while walking the chain.

Resolver config entries will be valid for services defined with any protocol (in centralized configuration).

func (*ServiceResolverConfigEntry) CanRead added in v1.6.0

func (e *ServiceResolverConfigEntry) CanRead(rule acl.Authorizer) bool

func (*ServiceResolverConfigEntry) CanWrite added in v1.6.0

func (e *ServiceResolverConfigEntry) CanWrite(rule acl.Authorizer) bool

func (*ServiceResolverConfigEntry) GetKind added in v1.6.0

func (e *ServiceResolverConfigEntry) GetKind() string

func (*ServiceResolverConfigEntry) GetName added in v1.6.0

func (e *ServiceResolverConfigEntry) GetName() string

func (*ServiceResolverConfigEntry) GetRaftIndex added in v1.6.0

func (e *ServiceResolverConfigEntry) GetRaftIndex() *RaftIndex

func (*ServiceResolverConfigEntry) IsDefault added in v1.6.0

func (e *ServiceResolverConfigEntry) IsDefault() bool

func (*ServiceResolverConfigEntry) ListRelatedServices added in v1.6.0

func (e *ServiceResolverConfigEntry) ListRelatedServices() []string

func (*ServiceResolverConfigEntry) Normalize added in v1.6.0

func (e *ServiceResolverConfigEntry) Normalize() error

func (*ServiceResolverConfigEntry) SubsetExists added in v1.6.0

func (e *ServiceResolverConfigEntry) SubsetExists(name string) bool

func (*ServiceResolverConfigEntry) Validate added in v1.6.0

func (e *ServiceResolverConfigEntry) Validate() error

type ServiceResolverFailover added in v1.6.0

type ServiceResolverFailover struct {
	// Service is the service to resolve instead of the default as the failover
	// group of instances (optional).
	//
	// This is a DESTINATION during failover.
	Service string `json:",omitempty"`

	// ServiceSubset is the named subset of the requested service to resolve as
	// the failover group of instances. If empty the default subset for the
	// requested service is used (optional).
	//
	// This is a DESTINATION during failover.
	ServiceSubset string `json:",omitempty"`

	// Namespace is the namespace to resolve the requested service from to form
	// the failover group of instances. If empty the current namespace is used
	// (optional).
	//
	// This is a DESTINATION during failover.
	Namespace string `json:",omitempty"`

	// Datacenters is a fixed list of datacenters to try after NearestN.  We
	// never try a datacenter multiple times, so those are subtracted from this
	// list before proceeding.
	//
	// This is a DESTINATION during failover.
	Datacenters []string `json:",omitempty"`

	// OverprovisioningFactor is a pass through for envoy's
	// overprovisioning_factor value.
	//
	// If omitted the overprovisioning factor value will be set so high as to
	// imply binary failover (all or nothing).
	OverprovisioningFactor int `json:",omitempty"`
}

There are some restrictions on what is allowed in here:

  • Service, ServiceSubset, Namespace, NearestN, and Datacenters cannot all be empty at once.

- Both 'NearestN' and 'Datacenters' may be specified at once.

type ServiceResolverRedirect added in v1.6.0

type ServiceResolverRedirect struct {
	// Service is a service to resolve instead of the current service
	// (optional).
	Service string `json:",omitempty"`

	// ServiceSubset is a named subset of the given service to resolve instead
	// of one defined as that service's DefaultSubset If empty the default
	// subset is used (optional).
	//
	// If this is specified at least one of Service, Datacenter, or Namespace
	// should be configured.
	ServiceSubset string `json:",omitempty"`

	// Namespace is the namespace to resolve the service from instead of the
	// current one (optional).
	Namespace string `json:",omitempty"`

	// Datacenter is the datacenter to resolve the service from instead of the
	// current one (optional).
	Datacenter string `json:",omitempty"`
}

type ServiceResolverSubset added in v1.6.0

type ServiceResolverSubset struct {
	// Filter specifies the go-bexpr filter expression to be used for selecting
	// instances of the requested service.
	Filter string `json:",omitempty"`

	// OnlyPassing - Specifies the behavior of the resolver's health check
	// filtering. If this is set to false, the results will include instances
	// with checks in the passing as well as the warning states. If this is set
	// to true, only instances with checks in the passing state will be
	// returned. (behaves identically to the similarly named field on prepared
	// queries).
	OnlyPassing bool `json:",omitempty"`
}

ServiceResolverSubset defines a way to select a portion of the Consul catalog during service discovery. Anything that affects the ultimate catalog query performed OR post-processing on the results of that sort of query should be defined here.

type ServiceRoute added in v1.6.0

type ServiceRoute struct {
	Match       *ServiceRouteMatch       `json:",omitempty"`
	Destination *ServiceRouteDestination `json:",omitempty"`
}

ServiceRoute is a single routing rule that routes traffic to the destination when the match criteria applies.

type ServiceRouteDestination added in v1.6.0

type ServiceRouteDestination struct {
	// Service is the service to resolve instead of the default service. If
	// empty then the default discovery chain service name is used.
	Service string `json:",omitempty"`

	// ServiceSubset is a named subset of the given service to resolve instead
	// of one defined as that service's DefaultSubset. If empty the default
	// subset is used.
	//
	// If this field is specified then this route is ineligible for further
	// splitting.
	ServiceSubset string `json:",omitempty"`

	// Namespace is the namespace to resolve the service from instead of the
	// current namespace. If empty the current namespace is assumed.
	//
	// If this field is specified then this route is ineligible for further
	// splitting.
	Namespace string `json:",omitempty"`

	// PrefixRewrite allows for the proxied request to have its matching path
	// prefix modified before being sent to the destination. Described more
	// below in the envoy implementation section.
	PrefixRewrite string `json:",omitempty"`

	// RequestTimeout is the total amount of time permitted for the entire
	// downstream request (and retries) to be processed.
	RequestTimeout time.Duration `json:",omitempty"`

	// NumRetries is the number of times to retry the request when a retryable
	// result occurs. This seems fairly proxy agnostic.
	NumRetries uint32 `json:",omitempty"`

	// RetryOnConnectFailure allows for connection failure errors to trigger a
	// retry. This should be expressible in other proxies as it's just a layer
	// 4 failure bubbling up to layer 7.
	RetryOnConnectFailure bool `json:",omitempty"`

	// RetryOnStatusCodes is a flat list of http response status codes that are
	// eligible for retry. This again should be feasible in any sane proxy.
	RetryOnStatusCodes []uint32 `json:",omitempty"`
}

ServiceRouteDestination describes how to proxy the actual matching request to a service.

type ServiceRouteHTTPMatch added in v1.6.0

type ServiceRouteHTTPMatch struct {
	PathExact  string `json:",omitempty"`
	PathPrefix string `json:",omitempty"`
	PathRegex  string `json:",omitempty"`

	Header     []ServiceRouteHTTPMatchHeader     `json:",omitempty"`
	QueryParam []ServiceRouteHTTPMatchQueryParam `json:",omitempty"`
}

ServiceRouteHTTPMatch is a set of http-specific match criteria.

func (*ServiceRouteHTTPMatch) IsEmpty added in v1.6.0

func (m *ServiceRouteHTTPMatch) IsEmpty() bool

type ServiceRouteHTTPMatchHeader added in v1.6.0

type ServiceRouteHTTPMatchHeader struct {
	Name    string
	Present bool   `json:",omitempty"`
	Exact   string `json:",omitempty"`
	Prefix  string `json:",omitempty"`
	Suffix  string `json:",omitempty"`
	Regex   string `json:",omitempty"`
	Invert  bool   `json:",omitempty"`
}

type ServiceRouteHTTPMatchQueryParam added in v1.6.0

type ServiceRouteHTTPMatchQueryParam struct {
	Name  string
	Value string `json:",omitempty"`
	Regex bool   `json:",omitempty"`
}

type ServiceRouteMatch added in v1.6.0

type ServiceRouteMatch struct {
	HTTP *ServiceRouteHTTPMatch `json:",omitempty"`
}

ServiceRouteMatch is a set of criteria that can match incoming L7 requests.

func (*ServiceRouteMatch) IsEmpty added in v1.6.0

func (m *ServiceRouteMatch) IsEmpty() bool

type ServiceRouterConfigEntry added in v1.6.0

type ServiceRouterConfigEntry struct {
	Kind string
	Name string

	// Routes is the list of routes to consider when processing L7 requests.
	// The first rule to match in the list is terminal and stops further
	// evaluation.
	//
	// Traffic that fails to match any of the provided routes will be routed to
	// the default service.
	Routes []ServiceRoute

	RaftIndex
}

ServiceRouterConfigEntry defines L7 (e.g. http) routing rules for a named service exposed in Connect.

This config entry represents the topmost part of the discovery chain. Only one router config will be used per resolved discovery chain and is not otherwise discovered recursively (unlike splitter and resolver config entries).

Router config entries will be restricted to only services that define their protocol as http-based (in centralized configuration).

func (*ServiceRouterConfigEntry) CanRead added in v1.6.0

func (e *ServiceRouterConfigEntry) CanRead(rule acl.Authorizer) bool

func (*ServiceRouterConfigEntry) CanWrite added in v1.6.0

func (e *ServiceRouterConfigEntry) CanWrite(rule acl.Authorizer) bool

func (*ServiceRouterConfigEntry) GetKind added in v1.6.0

func (e *ServiceRouterConfigEntry) GetKind() string

func (*ServiceRouterConfigEntry) GetName added in v1.6.0

func (e *ServiceRouterConfigEntry) GetName() string

func (*ServiceRouterConfigEntry) GetRaftIndex added in v1.6.0

func (e *ServiceRouterConfigEntry) GetRaftIndex() *RaftIndex

func (*ServiceRouterConfigEntry) ListRelatedServices added in v1.6.0

func (e *ServiceRouterConfigEntry) ListRelatedServices() []string

func (*ServiceRouterConfigEntry) Normalize added in v1.6.0

func (e *ServiceRouterConfigEntry) Normalize() error

func (*ServiceRouterConfigEntry) Validate added in v1.6.0

func (e *ServiceRouterConfigEntry) Validate() error

type ServiceSpecificRequest

type ServiceSpecificRequest struct {
	Datacenter      string
	NodeMetaFilters map[string]string
	ServiceName     string
	// DEPRECATED (singular-service-tag) - remove this when backwards RPC compat
	// with 1.2.x is not required.
	ServiceTag     string
	ServiceTags    []string
	ServiceAddress string
	TagFilter      bool // Controls tag filtering
	Source         QuerySource

	// Connect if true will only search for Connect-compatible services.
	Connect bool

	QueryOptions
}

ServiceSpecificRequest is used to query about a specific service

func (*ServiceSpecificRequest) CacheInfo added in v1.3.0

func (r *ServiceSpecificRequest) CacheInfo() cache.RequestInfo

func (*ServiceSpecificRequest) CacheMinIndex added in v1.3.0

func (r *ServiceSpecificRequest) CacheMinIndex() uint64

func (*ServiceSpecificRequest) RequestDatacenter

func (r *ServiceSpecificRequest) RequestDatacenter() string

type ServiceSplit added in v1.6.0

type ServiceSplit struct {
	// A value between 0 and 100 reflecting what portion of traffic should be
	// directed to this split.
	//
	// The smallest representable weight is 1/10000 or .01%
	//
	// If the split is within epsilon of 100 then the remainder is attributed
	// to the FIRST split.
	Weight float32

	// Service is the service to resolve instead of the default (optional).
	Service string `json:",omitempty"`

	// ServiceSubset is a named subset of the given service to resolve instead
	// of one defined as that service's DefaultSubset. If empty the default
	// subset is used (optional).
	//
	// If this field is specified then this route is ineligible for further
	// splitting.
	ServiceSubset string `json:",omitempty"`

	// Namespace is the namespace to resolve the service from instead of the
	// current namespace. If empty the current namespace is assumed (optional).
	//
	// If this field is specified then this route is ineligible for further
	// splitting.
	Namespace string `json:",omitempty"`
}

ServiceSplit defines how much traffic to send to which set of service instances during a traffic split.

type ServiceSplitterConfigEntry added in v1.6.0

type ServiceSplitterConfigEntry struct {
	Kind string
	Name string

	// Splits is the configurations for the details of the traffic splitting.
	//
	// The sum of weights across all splits must add up to 100.
	//
	// If the split is within epsilon of 100 then the remainder is attributed
	// to the FIRST split.
	Splits []ServiceSplit

	RaftIndex
}

ServiceSplitterConfigEntry defines how incoming requests are split across different subsets of a single service (like during staged canary rollouts), or perhaps across different services (like during a v2 rewrite or other type of codebase migration).

This config entry represents the next hop of the discovery chain after routing. If no splitter config is defined the chain assumes 100% of traffic goes to the default service and discovery continues on to the resolution hop.

Splitter configs are recursively collected while walking the discovery chain.

Splitter config entries will be restricted to only services that define their protocol as http-based (in centralized configuration).

func (*ServiceSplitterConfigEntry) CanRead added in v1.6.0

func (e *ServiceSplitterConfigEntry) CanRead(rule acl.Authorizer) bool

func (*ServiceSplitterConfigEntry) CanWrite added in v1.6.0

func (e *ServiceSplitterConfigEntry) CanWrite(rule acl.Authorizer) bool

func (*ServiceSplitterConfigEntry) GetKind added in v1.6.0

func (e *ServiceSplitterConfigEntry) GetKind() string

func (*ServiceSplitterConfigEntry) GetName added in v1.6.0

func (e *ServiceSplitterConfigEntry) GetName() string

func (*ServiceSplitterConfigEntry) GetRaftIndex added in v1.6.0

func (e *ServiceSplitterConfigEntry) GetRaftIndex() *RaftIndex

func (*ServiceSplitterConfigEntry) ListRelatedServices added in v1.6.0

func (e *ServiceSplitterConfigEntry) ListRelatedServices() []string

func (*ServiceSplitterConfigEntry) Normalize added in v1.6.0

func (e *ServiceSplitterConfigEntry) Normalize() error

func (*ServiceSplitterConfigEntry) Validate added in v1.6.0

func (e *ServiceSplitterConfigEntry) Validate() error

type Services

type Services map[string][]string

Used to return information about a provided services. Maps service name to available tags

type Session

type Session struct {
	ID        string
	Name      string
	Node      string
	Checks    []types.CheckID
	LockDelay time.Duration
	Behavior  SessionBehavior // What to do when session is invalidated
	TTL       string

	RaftIndex
}

Session is used to represent an open session in the KV store. This issued to associate node checks with acquired locks.

type SessionBehavior

type SessionBehavior string
const (
	SessionKeysRelease SessionBehavior = "release"
	SessionKeysDelete                  = "delete"
)

type SessionOp

type SessionOp string
const (
	SessionCreate  SessionOp = "create"
	SessionDestroy           = "destroy"
)

type SessionRequest

type SessionRequest struct {
	Datacenter string
	Op         SessionOp // Which operation are we performing
	Session    Session   // Which session
	WriteRequest
}

SessionRequest is used to operate on sessions

func (*SessionRequest) RequestDatacenter

func (r *SessionRequest) RequestDatacenter() string

type SessionSpecificRequest

type SessionSpecificRequest struct {
	Datacenter string
	Session    string
	QueryOptions
}

SessionSpecificRequest is used to request a session by ID

func (*SessionSpecificRequest) RequestDatacenter

func (r *SessionSpecificRequest) RequestDatacenter() string

type Sessions

type Sessions []*Session

type SignedResponse added in v1.5.2

type SignedResponse struct {
	IssuedCert           IssuedCert     `json:",omitempty"`
	ConnectCARoots       IndexedCARoots `json:",omitempty"`
	ManualCARoots        []string       `json:",omitempty"`
	GossipKey            string         `json:",omitempty"`
	VerifyServerHostname bool           `json:",omitempty"`
}

type SnapshotOp

type SnapshotOp int
const (
	SnapshotSave SnapshotOp = iota
	SnapshotRestore
)

type SnapshotReplyFn

type SnapshotReplyFn func(reply *SnapshotResponse) error

SnapshotReplyFn gets a peek at the reply before the snapshot streams, which is useful for setting headers.

type SnapshotRequest

type SnapshotRequest struct {
	// Datacenter is the target datacenter for this request. The request
	// will be forwarded if necessary.
	Datacenter string

	// Token is the ACL token to use for the operation. If ACLs are enabled
	// then all operations require a management token.
	Token string

	// If set, any follower can service the request. Results may be
	// arbitrarily stale. Only applies to SnapshotSave.
	AllowStale bool

	// Op is the operation code for the RPC.
	Op SnapshotOp
}

SnapshotRequest is used as a header for a snapshot RPC request. This will precede any streaming data that's part of the request and is JSON-encoded on the wire.

type SnapshotResponse

type SnapshotResponse struct {
	// Error is the overall error status of the RPC request.
	Error string

	// QueryMeta has freshness information about the server that handled the
	// request. It is only filled in for a SnapshotSave.
	QueryMeta
}

SnapshotResponse is used header for a snapshot RPC response. This will precede any streaming data that's part of the request and is JSON-encoded on the wire.

type TombstoneOp

type TombstoneOp string
const (
	TombstoneReap TombstoneOp = "reap"
)

type TombstoneRequest

type TombstoneRequest struct {
	Datacenter string
	Op         TombstoneOp
	ReapIndex  uint64
	WriteRequest
}

TombstoneRequest is used to trigger a reaping of the tombstones

func (*TombstoneRequest) RequestDatacenter

func (r *TombstoneRequest) RequestDatacenter() string

type TxnCheckOp added in v1.4.1

type TxnCheckOp struct {
	Verb  api.CheckOp
	Check HealthCheck
}

TxnCheckOp is used to define a single operation on a health check inside a transaction.

type TxnCheckResult added in v1.4.1

type TxnCheckResult *HealthCheck

TxnCheckResult is used to define the result of a single operation on a health check inside a transaction.

type TxnError

type TxnError struct {
	OpIndex int
	What    string
}

TxnError is used to return information about an error for a specific operation.

func (TxnError) Error

func (e TxnError) Error() string

Error returns the string representation of an atomic error.

type TxnErrors

type TxnErrors []*TxnError

TxnErrors is a list of TxnError entries.

type TxnIntentionOp added in v1.4.0

type TxnIntentionOp IntentionRequest

TxnKVOp is used to define a single operation on an Intention inside a transaction.

type TxnKVOp

type TxnKVOp struct {
	Verb   api.KVOp
	DirEnt DirEntry
}

TxnKVOp is used to define a single operation on the KVS inside a transaction.

type TxnKVResult

type TxnKVResult *DirEntry

TxnKVResult is used to define the result of a single operation on the KVS inside a transaction.

type TxnNodeOp added in v1.4.1

type TxnNodeOp struct {
	Verb api.NodeOp
	Node Node
}

TxnNodeOp is used to define a single operation on a node in the catalog inside a transaction.

type TxnNodeResult added in v1.4.1

type TxnNodeResult *Node

TxnNodeResult is used to define the result of a single operation on a node in the catalog inside a transaction.

type TxnOp

type TxnOp struct {
	KV        *TxnKVOp
	Intention *TxnIntentionOp
	Node      *TxnNodeOp
	Service   *TxnServiceOp
	Check     *TxnCheckOp
}

TxnOp is used to define a single operation inside a transaction. Only one of the types should be filled out per entry.

type TxnOps

type TxnOps []*TxnOp

TxnOps is a list of operations within a transaction.

type TxnReadRequest

type TxnReadRequest struct {
	Datacenter string
	Ops        TxnOps
	QueryOptions
}

TxnReadRequest is used as a fast path for read-only transactions that don't modify the state store.

func (*TxnReadRequest) RequestDatacenter

func (r *TxnReadRequest) RequestDatacenter() string

type TxnReadResponse

type TxnReadResponse struct {
	TxnResponse
	QueryMeta
}

TxnReadResponse is the structure returned by a TxnReadRequest.

type TxnRequest

type TxnRequest struct {
	Datacenter string
	Ops        TxnOps
	WriteRequest
}

TxnRequest is used to apply multiple operations to the state store in a single transaction

func (*TxnRequest) RequestDatacenter

func (r *TxnRequest) RequestDatacenter() string

type TxnResponse

type TxnResponse struct {
	Results TxnResults
	Errors  TxnErrors
}

TxnResponse is the structure returned by a TxnRequest.

func (TxnResponse) Error added in v1.4.0

func (r TxnResponse) Error() error

Error returns an aggregate of all errors in this TxnResponse.

type TxnResult

type TxnResult struct {
	KV      TxnKVResult      `json:",omitempty"`
	Node    TxnNodeResult    `json:",omitempty"`
	Service TxnServiceResult `json:",omitempty"`
	Check   TxnCheckResult   `json:",omitempty"`
}

TxnResult is used to define the result of a given operation inside a transaction. Only one of the types should be filled out per entry.

type TxnResults

type TxnResults []*TxnResult

TxnResults is a list of TxnResult entries.

type TxnServiceOp added in v1.4.1

type TxnServiceOp struct {
	Verb    api.ServiceOp
	Node    string
	Service NodeService
}

TxnServiceOp is used to define a single operation on a service in the catalog inside a transaction.

type TxnServiceResult added in v1.4.1

type TxnServiceResult *NodeService

TxnServiceResult is used to define the result of a single operation on a service in the catalog inside a transaction.

type Upstream added in v1.3.0

type Upstream struct {
	// Destination fields are the required ones for determining what this upstream
	// points to. Depending on DestinationType some other fields below might
	// further restrict the set of instances allowable.
	//
	// DestinationType would be better as an int constant but even with custom
	// JSON marshallers it causes havoc with all the mapstructure mangling we do
	// on service definitions in various places.
	DestinationType      string
	DestinationNamespace string `json:",omitempty"`
	DestinationName      string

	// Datacenter that the service discovery request should be run against. Note
	// for prepared queries, the actual results might be from a different
	// datacenter.
	Datacenter string

	// LocalBindAddress is the ip address a side-car proxy should listen on for
	// traffic destined for this upstream service. Default if empty is 127.0.0.1.
	LocalBindAddress string `json:",omitempty"`

	// LocalBindPort is the ip address a side-car proxy should listen on for traffic
	// destined for this upstream service. Required.
	LocalBindPort int

	// Config is an opaque config that is specific to the proxy process being run.
	// It can be used to pass arbitrary configuration for this specific upstream
	// to the proxy.
	Config map[string]interface{} `bexpr:"-"`

	// MeshGateway is the configuration for mesh gateway usage of this upstream
	MeshGateway MeshGatewayConfig `json:",omitempty"`
}

Upstream represents a single upstream dependency for a service or proxy. It describes the mechanism used to discover instances to communicate with (the Target) as well as any potential client configuration that may be useful such as load balancer options, timeouts etc.

func UpstreamFromAPI added in v1.3.0

func UpstreamFromAPI(u api.Upstream) Upstream

UpstreamFromAPI is a helper for converting api.Upstream to Upstream.

func (*Upstream) Identifier added in v1.3.0

func (u *Upstream) Identifier() string

Identifier returns a string representation that uniquely identifies the upstream in a canonical but human readable way.

func (*Upstream) String added in v1.3.0

func (u *Upstream) String() string

String implements Stringer by returning the Identifier.

func (*Upstream) ToAPI added in v1.3.0

func (u *Upstream) ToAPI() api.Upstream

ToAPI returns the api structs with the same fields. We have duplicates to avoid the api package depending on this one which imports a ton of Consul's core which you don't want if you are just trying to use our client in your app.

func (*Upstream) Validate added in v1.3.0

func (u *Upstream) Validate() error

Validate sanity checks the struct is valid

type Upstreams added in v1.3.0

type Upstreams []Upstream

Upstreams is a list of upstreams. Aliased to allow ToAPI method.

func TestAddDefaultsToUpstreams added in v1.3.0

func TestAddDefaultsToUpstreams(t testing.T, upstreams []Upstream) Upstreams

TestAddDefaultsToUpstreams takes an array of upstreams (such as that from TestUpstreams) and adds default values that are populated during refigistration. Use this for generating the expected Upstreams value after registration.

func TestUpstreams added in v1.3.0

func TestUpstreams(t testing.T) Upstreams

TestUpstreams returns a set of upstreams to be used in tests exercising most important configuration patterns.

func UpstreamsFromAPI added in v1.3.0

func UpstreamsFromAPI(us []api.Upstream) Upstreams

UpstreamsFromAPI is a helper for converting api.Upstream to Upstream.

func (Upstreams) ToAPI added in v1.3.0

func (us Upstreams) ToAPI() []api.Upstream

ToAPI returns the api structs with the same fields. We have duplicates to avoid the api package depending on this one which imports a ton of Consul's core which you don't want if you are just trying to use our client in your app.

type VaultCAProviderConfig added in v1.2.0

type VaultCAProviderConfig struct {
	CommonCAProviderConfig `mapstructure:",squash"`

	Address             string
	Token               string
	RootPKIPath         string
	IntermediatePKIPath string

	CAFile        string
	CAPath        string
	CertFile      string
	KeyFile       string
	TLSServerName string
	TLSSkipVerify bool
}

type Weights added in v1.2.3

type Weights struct {
	Passing int
	Warning int
}

Weights represent the weight used by DNS for a given status

type WriteRequest

type WriteRequest struct {
	// Token is the ACL token ID. If not provided, the 'anonymous'
	// token is assumed for backwards compatibility.
	Token string
}

func (WriteRequest) AllowStaleRead

func (w WriteRequest) AllowStaleRead() bool

func (WriteRequest) IsRead

func (w WriteRequest) IsRead() bool

WriteRequest only applies to writes, always false

func (WriteRequest) TokenSecret added in v1.4.0

func (w WriteRequest) TokenSecret() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL