consul

package
v1.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 26, 2022 License: MPL-2.0 Imports: 28 Imported by: 243

Documentation

Index

Constants

View Source
const (
	ExamplePolicyID1 = "a7c86856-0af5-4ab5-8834-03f4517e5564"
	ExamplePolicyID2 = "ffa1b66c-967d-4468-8775-c687b5cfc16e"
	ExamplePolicyID3 = "f68f0c36-51f8-4343-97dd-f0d4816c915f"
	ExamplePolicyID4 = "1087ff34-b8a0-9bb3-9430-d2f758f52bd3"
)

Example Consul policies for use in tests.

View Source
const (
	ExampleRoleID1 = "e569a3a8-7dfb-b024-e492-e790fe3c4183"
	ExampleRoleID2 = "88c825f4-d0da-1c2b-0c1c-cc9fe84c4468"
	ExampleRoleID3 = "b19b2058-6205-6dff-d2b0-470f29b8e627"
)

Example Consul roles for use in tests.

View Source
const (
	ExampleOperatorTokenID0 = "de591604-86eb-1e6f-8b44-d4db752921ae"
	ExampleOperatorTokenID1 = "59c219c2-47e4-43f3-bb45-258fd13f59d5"
	ExampleOperatorTokenID2 = "868cc216-e123-4c2b-b362-f4d4c087de8e"
	ExampleOperatorTokenID3 = "6177d1b9-c0f6-4118-b891-d818a3cb80b1"
	ExampleOperatorTokenID4 = "754ae26c-f3cc-e088-d486-9c0d20f5eaea"
	ExampleOperatorTokenID5 = "097cbb45-506b-c79c-ec38-82eb0dc0794a"
)

Example Consul ACL tokens for use in tests. These tokens belong to the default Consul namespace.

View Source
const (
	ExampleOperatorTokenID10 = "ddfe688f-655f-e8dd-1db5-5650eed00aeb"
	ExampleOperatorTokenID11 = "46d09394-598c-1e55-b7fd-64cd2f409707"
	ExampleOperatorTokenID12 = "a041cb88-0f4b-0314-89f6-10e1e093d2e5"
	ExampleOperatorTokenID13 = "cc22a583-243f-3258-14ad-db0e56749657"
	ExampleOperatorTokenID14 = "5b6d0508-13a6-4bc3-33a1-ba1941e1175b"
	ExampleOperatorTokenID15 = "e9db1754-c075-d0fc-0a7e-de1e9e7bff98"
)

Example Consul ACL tokens for use in tests that match the policies as the tokens above, but these belong to the "banana" Consul namespace.

View Source
const (
	ExampleOperatorTokenID20 = "937b3287-557c-5af8-beb0-d62191988719"
	ExampleOperatorTokenID21 = "067fd927-abfb-d98f-b693-bb05dccea565"
	ExampleOperatorTokenID22 = "71f8030f-f6bd-6157-6614-ba6a0bbfba9f"
	ExampleOperatorTokenID23 = "1dfd2982-b7a1-89ec-09b4-74712983d13c"
	ExampleOperatorTokenID24 = "d26dbc2a-d5d8-e3d9-8a38-e05dec499124"
	ExampleOperatorTokenID25 = "dd5a8eef-554c-a1f9-fdb8-f25eb77258bc"
)

Example Consul ACL tokens for use in tests that match the policies as the tokens above, but these belong to the "default" Consul namespace.

View Source
const (

	// DefaultQueryWaitDuration is the max duration the Consul Agent will
	// spend waiting for a response from a Consul Query.
	DefaultQueryWaitDuration = 2 * time.Second

	// ServiceTagHTTP is the tag assigned to HTTP services
	ServiceTagHTTP = "http"

	// ServiceTagRPC is the tag assigned to RPC services
	ServiceTagRPC = "rpc"

	// ServiceTagSerf is the tag assigned to Serf services
	ServiceTagSerf = "serf"
)

Variables

View Source
var (
	ExampleOperatorToken0 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID0,
		AccessorID:  "228865c6-3bf6-6683-df03-06dea2779088 ",
		Description: "Operator Token 0",
		Namespace:   "",
	}

	ExampleOperatorToken1 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID1,
		AccessorID:  "e341bacd-535e-417c-8f45-f88d7faffcaf",
		Description: "Operator Token 1",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID1,
		}},
		Namespace: "",
	}

	ExampleOperatorToken2 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID2,
		AccessorID:  "615b4d77-5164-4ec6-b616-24c0b24ac9cb",
		Description: "Operator Token 2",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID2,
		}},
		Namespace: "",
	}

	ExampleOperatorToken3 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID3,
		AccessorID:  "6b7de0d7-15f7-45b4-95eb-fb775bfe3fdc",
		Description: "Operator Token 3",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID3,
		}},
		Namespace: "",
	}

	ExampleOperatorToken4 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID4,
		AccessorID:  "7b5fdb1a-71e5-f3d8-2cfe-448d973f327d",
		Description: "Operator Token 4",
		Policies:    nil,
		Roles: []*api.ACLTokenRoleLink{{
			ID:   ExampleRoleID1,
			Name: "example-role-1",
		}},
		Namespace: "",
	}

	ExampleOperatorToken5 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID5,
		AccessorID:  "cf39aad5-00c3-af23-cf0b-75d41e12f28d",
		Description: "Operator Token 5",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID4,
		}},
		Namespace: "",
	}

	ExampleOperatorToken10 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID10,
		AccessorID:  "76a2c3b5-5d64-9089-f701-660eec2d3554",
		Description: "Operator Token 0",
		Namespace:   "banana",
	}

	ExampleOperatorToken11 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID11,
		AccessorID:  "40f2a36a-0a65-1972-106c-b2e5dd46d6e8",
		Description: "Operator Token 1",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID1,
		}},
		Namespace: "banana",
	}

	ExampleOperatorToken12 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID12,
		AccessorID:  "894f2c5c-b285-71bf-4acb-6344cecf71f3",
		Description: "Operator Token 2",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID2,
		}},
		Namespace: "banana",
	}

	ExampleOperatorToken13 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID13,
		AccessorID:  "2a81ec0b-692e-845e-f5b8-c33c05e5af22",
		Description: "Operator Token 3",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID3,
		}},
		Namespace: "banana",
	}

	ExampleOperatorToken14 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID14,
		AccessorID:  "4273f1cc-5626-7a77-dc65-1f24af035ed5d",
		Description: "Operator Token 4",
		Policies:    nil,
		Roles: []*api.ACLTokenRoleLink{{
			ID:   ExampleRoleID1,
			Name: "example-role-1",
		}},
		Namespace: "banana",
	}

	ExampleOperatorToken15 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID15,
		AccessorID:  "5b78e186-87d8-c1ad-966f-f5fa87b05c9a",
		Description: "Operator Token 5",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID4,
		}},
		Namespace: "banana",
	}

	ExampleOperatorToken20 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID20,
		AccessorID:  "228865c6-3bf6-6683-df03-06dea2779088",
		Description: "Operator Token 0",

		Namespace: "default",
	}

	ExampleOperatorToken21 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID21,
		AccessorID:  "54d01af9-5036-31d3-296b-b15b941d7aa2",
		Description: "Operator Token 1",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID1,
		}},

		Namespace: "default",
	}

	ExampleOperatorToken22 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID22,
		AccessorID:  "894f2c5c-b285-71bf-4acb-6344cecf71f3",
		Description: "Operator Token 2",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID2,
		}},
		Namespace: "default",
	}

	ExampleOperatorToken23 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID23,
		AccessorID:  "2a81ec0b-692e-845e-f5b8-c33c05e5af22",
		Description: "Operator Token 3",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID3,
		}},
		Namespace: "default",
	}

	ExampleOperatorToken24 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID24,
		AccessorID:  "4273f1cc-5626-7a77-dc65-1f24af035ed5d",
		Description: "Operator Token 4",
		Policies:    nil,
		Roles: []*api.ACLTokenRoleLink{{
			ID:   ExampleRoleID1,
			Name: "example-role-1",
		}},
		Namespace: "default",
	}

	ExampleOperatorToken25 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID25,
		AccessorID:  "5b78e186-87d8-c1ad-966f-f5fa87b05c9a",
		Description: "Operator Token 5",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID4,
		}},
		Namespace: "default",
	}
)

Functions

func BuildAllocServices added in v0.10.2

func MakeCheckID added in v0.10.0

func MakeCheckID(serviceID string, check *structs.ServiceCheck) string

MakeCheckID creates a unique ID for a check.

Example Check ID: _nomad-check-434ae42f9a57c5705344974ac38de2aee0ee089d

func Namespaces added in v1.1.1

func Namespaces(info Self) bool

Namespaces returns true if the "Namespaces" feature is enabled in Consul, and false otherwise. Consul OSS will always return false, and Consul ENT will return false if the license file does not contain the necessary feature.

func NoopRestarter added in v0.10.2

func NoopRestarter() serviceregistration.WorkloadRestarter

func SKU added in v1.1.1

func SKU(info Self) (string, bool)

Types

type ACLsAPI added in v0.10.4

type ACLsAPI interface {
	TokenReadSelf(q *api.QueryOptions) (*api.ACLToken, *api.QueryMeta, error) // for lookup via operator token
	PolicyRead(policyID string, q *api.QueryOptions) (*api.ACLPolicy, *api.QueryMeta, error)
	RoleRead(roleID string, q *api.QueryOptions) (*api.ACLRole, *api.QueryMeta, error)
	TokenCreate(partial *api.ACLToken, q *api.WriteOptions) (*api.ACLToken, *api.WriteMeta, error)
	TokenDelete(accessorID string, q *api.WriteOptions) (*api.WriteMeta, error)
	TokenList(q *api.QueryOptions) ([]*api.ACLTokenListEntry, *api.QueryMeta, error)
}

ACLsAPI is the consul/api.ACL API subset used by Nomad Server.

ACL requirements - acl:write (server only)

type AgentAPI added in v0.6.0

type AgentAPI interface {
	ServicesWithFilterOpts(filter string, q *api.QueryOptions) (map[string]*api.AgentService, error)
	ChecksWithFilterOpts(filter string, q *api.QueryOptions) (map[string]*api.AgentCheck, error)
	CheckRegister(check *api.AgentCheckRegistration) error
	CheckDeregisterOpts(checkID string, q *api.QueryOptions) error
	Self() (map[string]map[string]interface{}, error)
	ServiceRegister(service *api.AgentServiceRegistration) error
	ServiceDeregisterOpts(serviceID string, q *api.QueryOptions) error
	UpdateTTLOpts(id, output, status string, q *api.QueryOptions) error
}

AgentAPI is the consul/api.Agent API used by Nomad.

ACL requirements - agent:read - service:write

type CatalogAPI added in v0.6.0

type CatalogAPI interface {
	Datacenters() ([]string, error)
	Service(service, tag string, q *api.QueryOptions) ([]*api.CatalogService, *api.QueryMeta, error)
}

CatalogAPI is the consul/api.Catalog API used by Nomad.

ACL requirements - node:read (listing datacenters) - service:read

type ConfigAPI added in v0.12.4

type ConfigAPI interface {
	Set(entry api.ConfigEntry, w *api.WriteOptions) (bool, *api.WriteMeta, error)
}

ConfigAPI is the consul/api.ConfigEntries API subset used by Nomad Server.

ACL requirements - operator:write (server only)

type ConnectProxies added in v1.0.0

type ConnectProxies struct {
	// contains filtered or unexported fields
}

ConnectProxies implements SupportedProxiesAPI by using the Consul Agent API.

func NewConnectProxiesClient added in v1.0.0

func NewConnectProxiesClient(agentAPI AgentAPI) *ConnectProxies

func (*ConnectProxies) Proxies added in v1.0.0

func (c *ConnectProxies) Proxies() (map[string][]string, error)

Proxies returns a map of the supported proxies. The proxies are sorted from Consul with the most preferred version as the 0th element.

If Consul is of a version that does not support the API, a nil map is returned with no error.

If Consul cannot be reached an error is returned.

type Features added in v1.1.1

type Features struct {
	Enterprise bool
	Namespaces bool
}

type MockACLsAPI added in v0.10.4

type MockACLsAPI struct {
	// contains filtered or unexported fields
}

MockACLsAPI is a mock of consul.ACLsAPI

func NewMockACLsAPI added in v0.10.4

func NewMockACLsAPI(l hclog.Logger) *MockACLsAPI

func (*MockACLsAPI) PolicyRead added in v0.10.4

func (m *MockACLsAPI) PolicyRead(policyID string, _ *api.QueryOptions) (*api.ACLPolicy, *api.QueryMeta, error)

func (*MockACLsAPI) RoleRead added in v0.10.4

func (m *MockACLsAPI) RoleRead(roleID string, _ *api.QueryOptions) (*api.ACLRole, *api.QueryMeta, error)

func (*MockACLsAPI) SetError added in v0.10.4

func (m *MockACLsAPI) SetError(err error)

SetError is a helper method for configuring an error that will be returned on future calls to mocked methods.

func (*MockACLsAPI) TokenCreate added in v0.10.4

func (m *MockACLsAPI) TokenCreate(token *api.ACLToken, opts *api.WriteOptions) (*api.ACLToken, *api.WriteMeta, error)

TokenCreate is a mock of ACLsAPI.TokenCreate

func (*MockACLsAPI) TokenDelete added in v0.10.4

func (m *MockACLsAPI) TokenDelete(accessorID string, opts *api.WriteOptions) (*api.WriteMeta, error)

TokenDelete is a mock of ACLsAPI.TokenDelete

func (*MockACLsAPI) TokenList added in v0.10.4

TokenList is a mock of ACLsAPI.TokenList

func (*MockACLsAPI) TokenReadSelf added in v0.10.4

func (m *MockACLsAPI) TokenReadSelf(q *api.QueryOptions) (*api.ACLToken, *api.QueryMeta, error)

type MockAgent added in v0.7.0

type MockAgent struct {
	// contains filtered or unexported fields
}

MockAgent is a fake in-memory Consul backend for ServiceClient.

func NewMockAgent added in v0.7.0

func NewMockAgent(f Features) *MockAgent

NewMockAgent that returns all checks as passing.

func (*MockAgent) CheckDeregisterOpts added in v1.1.0

func (c *MockAgent) CheckDeregisterOpts(checkID string, q *api.QueryOptions) error

CheckDeregisterOpts implements AgentAPI

func (*MockAgent) CheckRegister added in v0.7.0

func (c *MockAgent) CheckRegister(check *api.AgentCheckRegistration) error

CheckRegister implements AgentAPI

func (*MockAgent) CheckRegs added in v0.7.1

func (c *MockAgent) CheckRegs() []*api.AgentCheckRegistration

CheckRegs returns the raw AgentCheckRegistrations registered with this mock agent, across all namespaces.

func (*MockAgent) ChecksWithFilterOpts added in v1.1.0

func (c *MockAgent) ChecksWithFilterOpts(_ string, q *api.QueryOptions) (map[string]*api.AgentCheck, error)

ChecksWithFilterOpts implements AgentAPI

func (*MockAgent) Self added in v0.8.0

func (c *MockAgent) Self() (map[string]map[string]interface{}, error)

func (*MockAgent) ServiceDeregisterOpts added in v1.1.0

func (c *MockAgent) ServiceDeregisterOpts(serviceID string, q *api.QueryOptions) error

ServiceDeregisterOpts implements AgentAPI

func (*MockAgent) ServiceRegister added in v0.7.0

func (c *MockAgent) ServiceRegister(service *api.AgentServiceRegistration) error

ServiceRegister implements AgentAPI

func (*MockAgent) ServicesWithFilterOpts added in v1.1.0

func (c *MockAgent) ServicesWithFilterOpts(_ string, q *api.QueryOptions) (map[string]*api.AgentService, error)

ServicesWithFilterOpts implements AgentAPI

func (*MockAgent) SetStatus added in v0.7.0

func (c *MockAgent) SetStatus(s string) string

SetStatus that Checks() should return. Returns old status value.

func (*MockAgent) UpdateTTLOpts added in v1.1.0

func (c *MockAgent) UpdateTTLOpts(id string, output string, status string, q *api.QueryOptions) error

UpdateTTLOpts implements AgentAPI

type MockCatalog added in v0.6.0

type MockCatalog struct {
	// contains filtered or unexported fields
}

MockCatalog can be used for testing where the CatalogAPI is needed.

func NewMockCatalog added in v0.6.0

func NewMockCatalog(l hclog.Logger) *MockCatalog

func (*MockCatalog) Datacenters added in v0.6.0

func (m *MockCatalog) Datacenters() ([]string, error)

func (*MockCatalog) Service added in v0.6.0

func (m *MockCatalog) Service(service, tag string, q *api.QueryOptions) ([]*api.CatalogService, *api.QueryMeta, error)

type MockConfigsAPI added in v0.12.4

type MockConfigsAPI struct {
	// contains filtered or unexported fields
}

func NewMockConfigsAPI added in v0.12.4

func NewMockConfigsAPI(l hclog.Logger) *MockConfigsAPI

func (*MockConfigsAPI) Set added in v0.12.4

Set is a mock of ConfigAPI.Set

func (*MockConfigsAPI) SetError added in v0.12.4

func (m *MockConfigsAPI) SetError(err error)

SetError is a helper method for configuring an error that will be returned on future calls to mocked methods.

type MockNamespaces added in v1.1.0

type MockNamespaces struct {
	// contains filtered or unexported fields
}

MockNamespaces is a mock implementation of NamespaceAPI.

func NewMockNamespaces added in v1.1.0

func NewMockNamespaces(namespaces []string) *MockNamespaces

NewMockNamespaces creates a MockNamespaces with the given namespaces, and will automatically add the "default" namespace if not included.

func (*MockNamespaces) List added in v1.1.0

List implements NamespaceAPI

type MockSupportedProxiesAPI added in v1.0.0

type MockSupportedProxiesAPI struct {
	Value map[string][]string
	Error error
}

ConnectProxies implements SupportedProxiesAPI by mocking the Consul Agent API.

func (MockSupportedProxiesAPI) Proxies added in v1.0.0

func (m MockSupportedProxiesAPI) Proxies() (map[string][]string, error)

type NamespaceAPI added in v1.1.0

type NamespaceAPI interface {
	List(q *api.QueryOptions) ([]*api.Namespace, *api.QueryMeta, error)
}

NamespaceAPI is the consul/api.Namespace API used by Nomad.

ACL requirements - operator:read OR namespace:*:read

type NamespacesClient added in v1.1.0

type NamespacesClient struct {
	// contains filtered or unexported fields
}

NamespacesClient is a wrapper for the Consul NamespacesAPI, that is used to deal with Consul OSS vs Consul Enterprise behavior in listing namespaces.

func NewNamespacesClient added in v1.1.0

func NewNamespacesClient(namespacesAPI NamespaceAPI, agentAPI AgentAPI) *NamespacesClient

NewNamespacesClient returns a NamespacesClient backed by a NamespaceAPI.

func (*NamespacesClient) List added in v1.1.0

func (ns *NamespacesClient) List() ([]string, error)

List returns a list of Consul Namespaces.

type Self added in v1.1.1

type Self = map[string]map[string]interface{}

Self represents the response body from Consul /v1/agent/self API endpoint. Care must always be taken to do type checks when casting, as structure could potentially change over time.

type ServiceClient added in v0.6.0

type ServiceClient struct {
	// contains filtered or unexported fields
}

ServiceClient handles task and agent service registration with Consul.

func NewServiceClient added in v0.6.0

func NewServiceClient(agentAPI AgentAPI, namespacesClient *NamespacesClient, logger hclog.Logger, isNomadClient bool) *ServiceClient

NewServiceClient creates a new Consul ServiceClient from an existing Consul API Client, logger and takes whether the client is being used by a Nomad Client agent. When being used by a Nomad client, this Consul client reconciles all services and checks created by Nomad on behalf of running tasks.

func (*ServiceClient) AllocRegistrations added in v0.6.1

func (c *ServiceClient) AllocRegistrations(allocID string) (*serviceregistration.AllocRegistration, error)

AllocRegistrations returns the registrations for the given allocation. If the allocation has no registrations, the response is a nil object.

func (*ServiceClient) RegisterAgent added in v0.6.0

func (c *ServiceClient) RegisterAgent(role string, services []*structs.Service) error

RegisterAgent registers Nomad agents (client or server). The Service.PortLabel should be a literal port to be parsed with SplitHostPort. Script checks are not supported and will return an error. Registration is asynchronous.

Agents will be deregistered when Shutdown is called.

Note: no need to manually plumb Consul namespace into the agent service registration or its check registrations, because the Nomad Client's Consul Client will already have the Nomad Client's Consul Namespace set on startup.

func (*ServiceClient) RegisterWorkload added in v0.10.2

func (c *ServiceClient) RegisterWorkload(workload *serviceregistration.WorkloadServices) error

RegisterWorkload with Consul. Adds all service entries and checks to Consul.

If the service IP is set it used as the address in the service registration. Checks will always use the IP from the Task struct (host's IP).

Actual communication with Consul is done asynchronously (see Run).

func (*ServiceClient) RemoveWorkload added in v0.10.2

func (c *ServiceClient) RemoveWorkload(workload *serviceregistration.WorkloadServices)

RemoveWorkload from Consul. Removes all service entries and checks.

Actual communication with Consul is done asynchronously (see Run).

func (*ServiceClient) Run added in v0.6.0

func (c *ServiceClient) Run()

Run the Consul main loop which retries operations against Consul. It should be called exactly once.

func (*ServiceClient) Shutdown added in v0.6.0

func (c *ServiceClient) Shutdown() error

Shutdown the Consul client. Update running task registrations and deregister agent from Consul. On first call blocks up to shutdownWait before giving up on syncing operations.

func (*ServiceClient) UpdateTTL added in v0.10.0

func (c *ServiceClient) UpdateTTL(id, namespace, output, status string) error

UpdateTTL is used to update the TTL of a check. Typically this will only be called to heartbeat script checks.

func (*ServiceClient) UpdateWorkload added in v0.10.2

func (c *ServiceClient) UpdateWorkload(old, newWorkload *serviceregistration.WorkloadServices) error

UpdateWorkload in Consul. Does not alter the service if only checks have changed.

DriverNetwork must not change between invocations for the same allocation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL