structs

package
v1.16.102 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 14, 2023 License: MPL-2.0 Imports: 53 Imported by: 0

Documentation

Index

Constants

View Source
const (

	// This policy gives unlimited access to everything. Users
	// may rename if desired but cannot delete or modify the rules.
	ACLPolicyGlobalManagementID   = "00000000-0000-0000-0000-000000000001"
	ACLPolicyGlobalManagementName = "global-management"
	ACLPolicyGlobalManagementDesc = "Builtin Policy that grants unlimited access"

	ACLPolicyGlobalReadOnlyID   = "00000000-0000-0000-0000-000000000002"
	ACLPolicyGlobalReadOnlyName = "builtin/global-read-only"
	ACLPolicyGlobalReadOnlyDesc = "Builtin Policy that grants unlimited read-only access to all components"

	ACLReservedIDPrefix = "00000000-0000-0000-0000-0000000000"
)
View Source
const (
	// BindingRuleBindTypeService is the binding rule bind type that
	// assigns a Service Identity to the token that is created using the value
	// of the computed BindName as the ServiceName like:
	//
	// &ACLToken{
	//   ...other fields...
	//   ServiceIdentities: []*ACLServiceIdentity{
	//     &ACLServiceIdentity{
	//       ServiceName: "<computed BindName>",
	//     },
	//   },
	// }
	BindingRuleBindTypeService = "service"

	// BindingRuleBindTypeRole is the binding rule bind type that only allows
	// the binding rule to function if a role with the given name (BindName)
	// exists at login-time. If it does the token that is created is directly
	// linked to that role like:
	//
	// &ACLToken{
	//   ...other fields...
	//   Roles: []ACLTokenRoleLink{
	//     { Name: "<computed BindName>" }
	//   }
	// }
	//
	// If it does not exist at login-time the rule is ignored.
	BindingRuleBindTypeRole = "role"

	// BindingRuleBindTypeNode is the binding rule bind type that assigns
	// a Node Identity to the token that is created using the value of
	// the computed BindName as the NodeName like:
	//
	// &ACLToken{
	//   ...other fields...
	//   NodeIdentities: []*ACLNodeIdentity{
	//     &ACLNodeIdentity{
	//       NodeName: "<computed BindName>",
	//       Datacenter: "<local datacenter of the binding rule>"
	//     }
	//   }
	// }
	BindingRuleBindTypeNode = "node"
)
View Source
const (
	EnterpriseACLPolicyGlobalManagement = ""
	EnterpriseACLPolicyGlobalReadOnly   = ""
)
View Source
const (
	SerfCheckID           types.CheckID = "serfHealth"
	SerfCheckName                       = "Serf Health Status"
	SerfCheckAliveOutput                = "Agent alive and reachable"
	SerfCheckFailedOutput               = "Agent not live or unreachable"
)

These are used to manage the built-in "serfHealth" check that's attached to every node in the catalog.

View Source
const (
	// These are used to manage the "consul" service that's attached to every
	// Consul server node in the catalog.
	ConsulServiceID   = "consul"
	ConsulServiceName = "consul"
)
View Source
const (
	ServiceDefaults    string = "service-defaults"
	ProxyDefaults      string = "proxy-defaults"
	ServiceRouter      string = "service-router"
	ServiceSplitter    string = "service-splitter"
	ServiceResolver    string = "service-resolver"
	IngressGateway     string = "ingress-gateway"
	TerminatingGateway string = "terminating-gateway"
	ServiceIntentions  string = "service-intentions"
	MeshConfig         string = "mesh"
	ExportedServices   string = "exported-services"
	SamenessGroup      string = "sameness-group"
	APIGateway         string = "api-gateway"
	BoundAPIGateway    string = "bound-api-gateway"
	InlineCertificate  string = "inline-certificate"
	HTTPRoute          string = "http-route"
	TCPRoute           string = "tcp-route"
	// TODO: decide if we want to highlight 'ip' keyword in the name of RateLimitIPConfig
	RateLimitIPConfig string = "control-plane-request-limit"
	JWTProvider       string = "jwt-provider"

	ProxyConfigGlobal string = "global"
	MeshConfigMesh    string = "mesh"

	DefaultServiceProtocol = "tcp"

	ConnectionExactBalance = "exact_balance"
)
View Source
const (
	// Names of Envoy's LB policies
	LBPolicyMaglev       = "maglev"
	LBPolicyRingHash     = "ring_hash"
	LBPolicyRandom       = "random"
	LBPolicyLeastRequest = "least_request"
	LBPolicyRoundRobin   = "round_robin"

	// Names of Envoy's LB policies
	HashPolicyCookie     = "cookie"
	HashPolicyHeader     = "header"
	HashPolicyQueryParam = "query_parameter"
)
View Source
const (
	DefaultLeafCertTTL         = "72h"
	DefaultIntermediateCertTTL = "8760h"  // ~ 1 year = 365 * 24h
	DefaultRootCertTTL         = "87600h" // ~ 10 years = 365 * 24h * 10
)
View Source
const (
	ConsulCAProvider = "consul"
	VaultCAProvider  = "vault"
	AWSCAProvider    = "aws-pca"
)
View Source
const (
	// TODO (freddy) Should we have a TopologySourceMixed when there is a mix of proxy reg and tproxy?
	//				 Currently we label as proxy-registration if ANY instance has the explicit upstream definition.
	// TopologySourceRegistration is used to label upstreams or downstreams from explicit upstream definitions.
	TopologySourceRegistration = "proxy-registration"

	// TopologySourceSpecificIntention is used to label upstreams or downstreams from specific intentions.
	TopologySourceSpecificIntention = "specific-intention"

	// TopologySourceWildcardIntention is used to label upstreams or downstreams from wildcard intentions.
	TopologySourceWildcardIntention = "wildcard-intention"

	// TopologySourceDefaultAllow is used to label upstreams or downstreams from default allow ACL policy.
	TopologySourceDefaultAllow = "default-allow"

	// TopologySourceRoutingConfig is used to label upstreams that are not backed by a service instance
	// and are simply used for routing configurations.
	TopologySourceRoutingConfig = "routing-config"
)
View Source
const (
	UpstreamDestTypeService       = "service"
	UpstreamDestTypePreparedQuery = "prepared_query"
)
View Source
const (
	DiscoveryGraphNodeTypeRouter   = "router"
	DiscoveryGraphNodeTypeSplitter = "splitter"
	DiscoveryGraphNodeTypeResolver = "resolver"
)
View Source
const (
	IntentionDataOriginLegacy        = "legacy"
	IntentionDataOriginConfigEntries = "config"
)
View Source
const (
	RegisterRequestType             MessageType = 0
	DeregisterRequestType                       = 1
	KVSRequestType                              = 2
	SessionRequestType                          = 3
	DeprecatedACLRequestType                    = 4 // Removed with the legacy ACL system
	TombstoneRequestType                        = 5
	CoordinateBatchUpdateType                   = 6
	PreparedQueryRequestType                    = 7
	TxnRequestType                              = 8
	AutopilotRequestType                        = 9
	AreaRequestType                             = 10
	ACLBootstrapRequestType                     = 11
	IntentionRequestType                        = 12
	ConnectCARequestType                        = 13
	ConnectCAProviderStateType                  = 14
	ConnectCAConfigType                         = 15 // FSM snapshots only.
	IndexRequestType                            = 16 // FSM snapshots only.
	ACLTokenSetRequestType                      = 17
	ACLTokenDeleteRequestType                   = 18
	ACLPolicySetRequestType                     = 19
	ACLPolicyDeleteRequestType                  = 20
	ConnectCALeafRequestType                    = 21
	ConfigEntryRequestType                      = 22
	ACLRoleSetRequestType                       = 23
	ACLRoleDeleteRequestType                    = 24
	ACLBindingRuleSetRequestType                = 25
	ACLBindingRuleDeleteRequestType             = 26
	ACLAuthMethodSetRequestType                 = 27
	ACLAuthMethodDeleteRequestType              = 28
	ChunkingStateType                           = 29
	FederationStateRequestType                  = 30
	SystemMetadataRequestType                   = 31
	ServiceVirtualIPRequestType                 = 32
	FreeVirtualIPRequestType                    = 33
	KindServiceNamesType                        = 34
	PeeringWriteType                            = 35
	PeeringDeleteType                           = 36
	PeeringTerminateByIDType                    = 37
	PeeringTrustBundleWriteType                 = 38
	PeeringTrustBundleDeleteType                = 39
	PeeringSecretsWriteType                     = 40
	RaftLogVerifierCheckpoint                   = 41 // Only used for log verifier, no-op on FSM.
	ResourceOperationType                       = 42
	UpdateVirtualIPRequestType                  = 43
)

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

View Source
const (
	// LocalPeerKeyword is a reserved keyword used for indexing in the state store for objects in the local peer.
	LocalPeerKeyword = "~"

	// DefaultPeerKeyword is the PeerName to use to refer to the local
	// cluster's own data, rather than replicated peered data.
	//
	// This may internally be converted into LocalPeerKeyword, but external
	// uses should not use that symbol directly in most cases.
	DefaultPeerKeyword = ""

	// TODOPeerKeyword is the peer keyword to use if you aren't sure if the
	// usage SHOULD be peering-aware yet.
	//
	// TODO(peering): remove this in the future
	TODOPeerKeyword = ""
)
View Source
const (
	// IgnoreUnknownTypeFlag is set along with a MessageType
	// to indicate that the message type can be safely ignored
	// if it is not recognized. This is for future proofing, so
	// that new commands can be added in a way that won't cause
	// old servers to crash when the FSM attempts to process them.
	IgnoreUnknownTypeFlag MessageType = 128

	// NodeMaint is the special key set by a node in maintenance mode.
	NodeMaint = "_node_maintenance"

	// ServiceMaintPrefix is the prefix for a service in maintenance mode.
	ServiceMaintPrefix = "_service_maintenance:"

	// The meta key prefix reserved for Consul's internal use
	MetaKeyReservedPrefix = "consul-"

	// MetaSegmentKey is the node metadata key used to store the node's network segment
	MetaSegmentKey = "consul-network-segment"

	// MetaWANFederationKey is the mesh gateway metadata key that indicates a
	// mesh gateway is usable for wan federation.
	MetaWANFederationKey = "consul-wan-federation"

	// MetaExternalSource is the metadata key used when a resource is managed by a source outside Consul like nomad/k8s
	MetaExternalSource = "external-source"

	// TaggedAddressVirtualIP is the key used to store tagged virtual IPs generated by Consul.
	TaggedAddressVirtualIP = "consul-virtual"

	// MaxLockDelay provides a maximum LockDelay value for
	// a session. Any value above this will not be respected.
	MaxLockDelay = 60 * time.Second

	// JitterFraction is a the limit to the amount of jitter we apply
	// to a user specified MaxQueryTime. We divide the specified time by
	// the fraction. So 16 == 6.25% limit of jitter. This same fraction
	// is applied to the RPCHoldTimeout
	JitterFraction = 16

	// WildcardSpecifier is the string which should be used for specifying a wildcard
	// The exact semantics of the wildcard is left up to the code where its used.
	WildcardSpecifier = "*"

	// MetaConsulVersion is the node metadata key used to store the node's consul version
	MetaConsulVersion = "consul-version"
)
View Source
const (
	TaggedAddressWAN     = "wan"
	TaggedAddressWANIPv4 = "wan_ipv4"
	TaggedAddressWANIPv6 = "wan_ipv6"
	TaggedAddressLAN     = "lan"
	TaggedAddressLANIPv4 = "lan_ipv4"
	TaggedAddressLANIPv6 = "lan_ipv6"
)
View Source
const (
	SessionTTLMax        = 24 * time.Hour
	SessionTTLMultiplier = 2
)
View Source
const (
	KeyringList    KeyringOp = "list"
	KeyringInstall           = "install"
	KeyringUse               = "use"
	KeyringRemove            = "remove"
)
View Source
const (
	SystemMetadataIntentionFormatKey           = "intention-format"
	SystemMetadataIntentionFormatConfigValue   = "config-entry"
	SystemMetadataIntentionFormatLegacyValue   = "legacy"
	SystemMetadataVirtualIPsEnabled            = "virtual-ips"
	SystemMetadataTermGatewayVirtualIPsEnabled = "virtual-ips-term-gateway"
)
View Source
const (
	// IntentionDefaultNamespace is the default namespace value.
	// NOTE(mitchellh): This is only meant to be a temporary constant.
	// When namespaces are introduced, we should delete this constant and
	// fix up all the places where this was used with the proper namespace
	// value.
	IntentionDefaultNamespace = "default"
)
View Source
const MinKeyLength = 2048

Envoy will silently reject any RSA keys that are less than 2048 bytes long https://github.com/envoyproxy/envoy/blob/main/source/extensions/transport_sockets/tls/context_impl.cc#L238

View Source
const (
	// QueryTemplateTypeNamePrefixMatch uses the Name field of the query as
	// a prefix to select the template.
	QueryTemplateTypeNamePrefixMatch = "name_prefix_match"
)
View Source
const ServerManagementTokenAccessorID = "server-management-token"
View Source
const SidecarProxySuffix = "-sidecar-proxy"

Variables

View Source
var (
	ACLPolicyGlobalReadOnlyRules   = fmt.Sprintf(aclPolicyGlobalRulesTemplate, "read") + EnterpriseACLPolicyGlobalReadOnly
	ACLPolicyGlobalManagementRules = fmt.Sprintf(aclPolicyGlobalRulesTemplate, "write") + EnterpriseACLPolicyGlobalManagement

	ACLBuiltinPolicies = map[string]ACLPolicy{
		ACLPolicyGlobalManagementID: {
			ID:          ACLPolicyGlobalManagementID,
			Name:        ACLPolicyGlobalManagementName,
			Description: ACLPolicyGlobalManagementDesc,
			Rules:       ACLPolicyGlobalManagementRules,
		},
		ACLPolicyGlobalReadOnlyID: {
			ID:          ACLPolicyGlobalReadOnlyID,
			Name:        ACLPolicyGlobalReadOnlyName,
			Description: ACLPolicyGlobalReadOnlyDesc,
			Rules:       ACLPolicyGlobalReadOnlyRules,
		},
	}
)
View Source
var (
	ErrNoLeader                   = errors.New(errNoLeader)
	ErrNoDCPath                   = errors.New(errNoDCPath)
	ErrNoServers                  = errors.New(errNoServers)
	ErrNotReadyForConsistentReads = errors.New(errNotReadyForConsistentReads)
	ErrSegmentsNotSupported       = errors.New(errSegmentsNotSupported)
	ErrRPCRateExceeded            = errors.New(errRPCRateExceeded)
	ErrDCNotAvailable             = errors.New(errDCNotAvailable)
	ErrQueryNotFound              = errors.New(errQueryNotFound)
	ErrLeaderNotTracked           = errors.New(errLeaderNotTracked)
)
View Source
var ACLBootstrapInvalidResetIndexErr = errors.New("Invalid ACL bootstrap reset index")

ACLBootstrapInvalidResetIndexErr is returned when bootstrap is requested with a non-zero reset index but the index doesn't match the bootstrap index

View Source
var ACLBootstrapNotAllowedErr = errors.New("ACL bootstrap no longer allowed")

ACLBootstrapNotAllowedErr is returned once we know that a bootstrap can no longer be done since the cluster was bootstrapped

View Source
var IntermediateCertRenewInterval = time.Hour

intermediateCertRenewInterval is the interval at which the expiration of the intermediate cert is checked and renewed if necessary.

View Source
var MaxLeafCertTTL = 365 * 24 * time.Hour
View Source
var MinLeafCertTTL = time.Hour
View Source
var MsgpackHandle = &codec.MsgpackHandle{
	RawToString: true,
	BasicHandle: codec.BasicHandle{
		DecodeOptions: codec.DecodeOptions{
			MapType: reflect.TypeOf(map[string]interface{}{}),
		},
	},
}

MsgpackHandle is a shared handle for encoding/decoding msgpack payloads

View Source
var (
	NodeMaintCheckID = NewCheckID(NodeMaint, nil)
)
View Source
var TestingOldPre1dot7MsgpackHandle = &codec.MsgpackHandle{}

TestingOldPre1dot7MsgpackHandle is the common configuration pre-1.7.0

Functions

func ACLIDReserved added in v1.4.0

func ACLIDReserved(id string) bool

func ChainID added in v1.16.100

func ChainID(opts DiscoveryTargetOpts) string

func Decode

func Decode(buf []byte, out interface{}) error

Decode is used to decode a MsgPack encoded object

func DecodeProto added in v1.16.100

func DecodeProto(buf []byte, pb proto.Message) error

func DefaultEnterpriseMetaInDefaultPartition added in v1.16.100

func DefaultEnterpriseMetaInDefaultPartition() *acl.EnterpriseMeta

TODO(partition): stop using this

func DefaultEnterpriseMetaInPartition added in v1.16.100

func DefaultEnterpriseMetaInPartition(_ string) *acl.EnterpriseMeta

DefaultEnterpriseMetaInPartition stub

func DurationFromProto added in v1.16.100

func DurationFromProto(d *durationpb.Duration) time.Duration

This should only be used for conversions generated by MOG

func DurationPointer added in v1.16.100

func DurationPointer(d time.Duration) *time.Duration

func DurationPointerFromProto added in v1.16.100

func DurationPointerFromProto(d *durationpb.Duration) *time.Duration

This should only be used for conversions generated by MOG

func DurationPointerToProto added in v1.16.100

func DurationPointerToProto(d *time.Duration) *durationpb.Duration

This should only be used for conversions generated by MOG

func DurationToProto added in v1.16.100

func DurationToProto(d time.Duration) *durationpb.Duration

This should only be used for conversions generated by MOG

func Encode

func Encode(t MessageType, msg interface{}) ([]byte, error)

Encode is used to encode a MsgPack object with type prefix

func EncodeProto added in v1.16.100

func EncodeProto(t MessageType, pb proto.Message) ([]byte, error)

func EncodeProtoInterface added in v1.16.100

func EncodeProtoInterface(t MessageType, message interface{}) ([]byte, error)

func IsConsulServiceID added in v1.16.100

func IsConsulServiceID(id ServiceID) bool

func IsErrNoDCPath added in v1.16.100

func IsErrNoDCPath(err error) bool

func IsErrNoLeader added in v1.0.0

func IsErrNoLeader(err error) bool

func IsErrQueryNotFound added in v1.16.100

func IsErrQueryNotFound(err error) bool

func IsErrRPCRateExceeded added in v0.9.3

func IsErrRPCRateExceeded(err error) bool

func IsErrServiceNotFound added in v1.4.1

func IsErrServiceNotFound(err error) bool

func IsHostname added in v1.16.100

func IsHostname(address string) bool

func IsIP added in v1.16.100

func IsIP(address string) bool

func IsProtocolHTTPLike added in v1.16.100

func IsProtocolHTTPLike(protocol string) bool

func IsSerfCheckID added in v1.16.100

func IsSerfCheckID(id CheckID) bool

func IsValidPartitionAndDatacenter added in v1.16.100

func IsValidPartitionAndDatacenter(meta acl.EnterpriseMeta, datacenters []string, primaryDatacenter string) bool

func IsZeroProtoTime added in v1.16.100

func IsZeroProtoTime(t *timestamppb.Timestamp) bool

IsZeroProtoTime returns true if the time is the minimum protobuf timestamp (the Unix epoch).

func NewEnterpriseMetaInDefaultPartition added in v1.16.100

func NewEnterpriseMetaInDefaultPartition(_ string) acl.EnterpriseMeta

TODO(partition): stop using this

func NewEnterpriseMetaWithPartition added in v1.16.100

func NewEnterpriseMetaWithPartition(_, _ string) acl.EnterpriseMeta

func NodeEnterpriseMetaInDefaultPartition added in v1.16.100

func NodeEnterpriseMetaInDefaultPartition() *acl.EnterpriseMeta

TODO(partition): stop using this

func NodeEnterpriseMetaInPartition added in v1.16.100

func NodeEnterpriseMetaInPartition(_ string) *acl.EnterpriseMeta

func NodeNameString added in v1.16.100

func NodeNameString(node string, _ *acl.EnterpriseMeta) string

func NormalizeServiceSplitWeight added in v1.16.100

func NormalizeServiceSplitWeight(weight float32) float32

func ParseDurationFunc added in v1.2.3

func ParseDurationFunc() mapstructure.DecodeHookFunc

ParseDurationFunc is a mapstructure hook for decoding a string or []uint8 into a time.Duration value.

func ParseServiceIDString added in v1.16.100

func ParseServiceIDString(input string) (string, *acl.EnterpriseMeta)

func ParseServiceNameString added in v1.16.100

func ParseServiceNameString(input string) (string, *acl.EnterpriseMeta)

func ReplicationEnterpriseMeta added in v1.16.100

func ReplicationEnterpriseMeta() *acl.EnterpriseMeta

ReplicationEnterpriseMeta stub

func SatisfiesMetaFilters

func SatisfiesMetaFilters(meta map[string]string, filters map[string]string) bool

SatisfiesMetaFilters returns true if the metadata map contains the given filters

func ServiceGatewayVirtualIPTag added in v1.16.100

func ServiceGatewayVirtualIPTag(sn ServiceName) string

func ServiceIDString added in v1.16.100

func ServiceIDString(id string, _ *acl.EnterpriseMeta) string

func TestMsgpackEncodeDecode added in v1.16.100

func TestMsgpackEncodeDecode(t *testing.T, in interface{}, requireEncoderEquality bool)

TestMsgpackEncodeDecode is a test helper to easily write a test to verify msgpack encoding and decoding using two handles is identical.

func TimeFromProto added in v1.16.100

func TimeFromProto(s *timestamppb.Timestamp) time.Time

This should only be used for conversions generated by MOG

func TimeToProto added in v1.16.100

func TimeToProto(s time.Time) *timestamppb.Timestamp

This should only be used for conversions generated by MOG

func Uint8ToString added in v1.2.3

func Uint8ToString(bs []uint8) string

func UniqueID added in v1.16.100

func UniqueID(node string, compoundID string) string

UniqueID is a unique identifier for a service instance within a datacenter by encoding: node/namespace/service_id

Note: We do not have strict character restrictions in all node names, so this should NOT be split on / to retrieve components.

func ValidStatus

func ValidStatus(s string) bool

func ValidateMetaTags added in v1.16.100

func ValidateMetaTags(metaTags map[string]string) error

ValidateMetaTags validates arbitrary key/value pairs from the agent_endpoints

func ValidateNodeMetadata added in v1.16.100

func ValidateNodeMetadata(meta map[string]string, allowConsulPrefix bool) error

ValidateNodeMetadata validates a set of key/value pairs from the agent config for use on a Node.

func ValidateServiceMetadata added in v1.16.100

func ValidateServiceMetadata(kind ServiceKind, meta map[string]string, allowConsulPrefix bool) error

ValidateServiceMetadata validates a set of key/value pairs from the agent config for use on a Service. ValidateMeta validates a set of key/value pairs from the agent config

func ValidateWeights added in v1.2.3

func ValidateWeights(weights *Weights) error

ValidateWeights checks the definition of DNS weight is valid

func WildcardEnterpriseMetaInDefaultPartition added in v1.16.100

func WildcardEnterpriseMetaInDefaultPartition() *acl.EnterpriseMeta

TODO(partition): stop using this

func WildcardEnterpriseMetaInPartition added in v1.16.100

func WildcardEnterpriseMetaInPartition(_ string) *acl.EnterpriseMeta

WildcardEnterpriseMetaInPartition stub

Types

type ACLAuthMethod added in v1.16.100

type ACLAuthMethod struct {
	// Name is a unique identifier for this specific auth method.
	//
	// Immutable once set and only settable during create.
	Name string

	// Type is the type of the auth method this is.
	//
	// Immutable once set and only settable during create.
	Type string

	// DisplayName is an optional name to use instead of the Name field when
	// displaying information about this auth method in any kind of user
	// interface.
	DisplayName string `json:",omitempty"`

	// Description is just an optional bunch of explanatory text.
	Description string `json:",omitempty"`

	// MaxTokenTTL this is the maximum life of a token created by this method.
	MaxTokenTTL time.Duration `json:",omitempty"`

	// TokenLocality defines the kind of token that this auth method produces.
	// This can be either 'local' or 'global'. If empty 'local' is assumed.
	TokenLocality string `json:",omitempty"`

	// Configuration is arbitrary configuration for the auth method. This
	// should only contain primitive values and containers (such as lists and
	// maps).
	Config map[string]interface{}

	// Embedded Enterprise ACL Meta
	acl.EnterpriseMeta `mapstructure:",squash"`

	ACLAuthMethodEnterpriseFields `mapstructure:",squash"`

	// Embedded Raft Metadata
	RaftIndex `hash:"ignore"`
}

func (*ACLAuthMethod) MarshalJSON added in v1.16.100

func (m *ACLAuthMethod) MarshalJSON() ([]byte, error)

func (*ACLAuthMethod) Stub added in v1.16.100

func (*ACLAuthMethod) UnmarshalJSON added in v1.16.100

func (m *ACLAuthMethod) UnmarshalJSON(data []byte) (err error)

type ACLAuthMethodBatchDeleteRequest added in v1.16.100

type ACLAuthMethodBatchDeleteRequest struct {
	AuthMethodNames []string
	// While it may seem odd that AuthMethodNames is associated with a single
	// EnterpriseMeta, it is okay as this struct is only ever used to
	// delete a single entry. This is because AuthMethods unlike tokens, policies
	// and roles are not replicated between datacenters and therefore never
	// batch applied.
	acl.EnterpriseMeta
}

ACLAuthMethodBatchDeleteRequest is used at the Raft layer for batching multiple auth method deletions

type ACLAuthMethodBatchSetRequest added in v1.16.100

type ACLAuthMethodBatchSetRequest struct {
	AuthMethods ACLAuthMethods
}

ACLAuthMethodBatchSetRequest is used at the Raft layer for batching multiple auth method creations and updates

type ACLAuthMethodDeleteRequest added in v1.16.100

type ACLAuthMethodDeleteRequest struct {
	AuthMethodName string // name of the auth method to delete
	Datacenter     string // The datacenter to perform the request within
	acl.EnterpriseMeta
	WriteRequest
}

ACLAuthMethodDeleteRequest is used at the RPC layer deletion requests

func (*ACLAuthMethodDeleteRequest) RequestDatacenter added in v1.16.100

func (r *ACLAuthMethodDeleteRequest) RequestDatacenter() string

type ACLAuthMethodEnterpriseFields added in v1.16.100

type ACLAuthMethodEnterpriseFields struct{}

type ACLAuthMethodEnterpriseMeta added in v1.16.100

type ACLAuthMethodEnterpriseMeta struct{}

func (*ACLAuthMethodEnterpriseMeta) FillWithEnterpriseMeta added in v1.16.100

func (_ *ACLAuthMethodEnterpriseMeta) FillWithEnterpriseMeta(_ *acl.EnterpriseMeta)

func (*ACLAuthMethodEnterpriseMeta) ToEnterpriseMeta added in v1.16.100

func (_ *ACLAuthMethodEnterpriseMeta) ToEnterpriseMeta() *acl.EnterpriseMeta

type ACLAuthMethodGetRequest added in v1.16.100

type ACLAuthMethodGetRequest struct {
	AuthMethodName string // name used for the auth method lookup
	Datacenter     string // The datacenter to perform the request within
	acl.EnterpriseMeta
	QueryOptions
}

ACLAuthMethodGetRequest is used at the RPC layer to perform rule read operations

func (*ACLAuthMethodGetRequest) RequestDatacenter added in v1.16.100

func (r *ACLAuthMethodGetRequest) RequestDatacenter() string

type ACLAuthMethodListRequest added in v1.16.100

type ACLAuthMethodListRequest struct {
	Datacenter string // The datacenter to perform the request within
	acl.EnterpriseMeta
	QueryOptions
}

ACLAuthMethodListRequest is used at the RPC layer to request a listing of auth methods

func (*ACLAuthMethodListRequest) RequestDatacenter added in v1.16.100

func (r *ACLAuthMethodListRequest) RequestDatacenter() string

type ACLAuthMethodListResponse added in v1.16.100

type ACLAuthMethodListResponse struct {
	AuthMethods ACLAuthMethodListStubs
	QueryMeta
}

type ACLAuthMethodListStub added in v1.16.100

type ACLAuthMethodListStub struct {
	Name          string
	Type          string
	DisplayName   string        `json:",omitempty"`
	Description   string        `json:",omitempty"`
	MaxTokenTTL   time.Duration `json:",omitempty"`
	TokenLocality string        `json:",omitempty"`
	CreateIndex   uint64
	ModifyIndex   uint64
	acl.EnterpriseMeta
}

Note: this is a subset of ACLAuthMethod's fields

func (*ACLAuthMethodListStub) MarshalJSON added in v1.16.100

func (m *ACLAuthMethodListStub) MarshalJSON() ([]byte, error)

This is nearly identical to the ACLAuthMethod MarshalJSON Unmarshaling is not implemented because the API is read only

type ACLAuthMethodListStubs added in v1.16.100

type ACLAuthMethodListStubs []*ACLAuthMethodListStub

func (ACLAuthMethodListStubs) Sort added in v1.16.100

func (methods ACLAuthMethodListStubs) Sort()

type ACLAuthMethodResponse added in v1.16.100

type ACLAuthMethodResponse struct {
	AuthMethod *ACLAuthMethod
	QueryMeta
}

ACLAuthMethodResponse returns a single auth method + metadata

type ACLAuthMethodSetRequest added in v1.16.100

type ACLAuthMethodSetRequest struct {
	AuthMethod ACLAuthMethod // The auth method to upsert
	Datacenter string        // The datacenter to perform the request within
	WriteRequest
}

ACLAuthMethodSetRequest is used at the RPC layer for creation and update requests

func (*ACLAuthMethodSetRequest) RequestDatacenter added in v1.16.100

func (r *ACLAuthMethodSetRequest) RequestDatacenter() string

type ACLAuthMethods added in v1.16.100

type ACLAuthMethods []*ACLAuthMethod

func (ACLAuthMethods) Sort added in v1.16.100

func (methods ACLAuthMethods) Sort()

type ACLAuthorizationRequest added in v1.16.100

type ACLAuthorizationRequest struct {
	Resource acl.Resource
	Segment  string `json:",omitempty"`
	Access   string
	acl.EnterpriseMeta
}

type ACLAuthorizationResponse added in v1.16.100

type ACLAuthorizationResponse struct {
	ACLAuthorizationRequest
	Allow bool
}

func CreateACLAuthorizationResponses added in v1.16.100

func CreateACLAuthorizationResponses(authz acl.Authorizer, requests []ACLAuthorizationRequest) ([]ACLAuthorizationResponse, error)

type ACLBindingRule added in v1.16.100

type ACLBindingRule struct {
	// ID is the internal UUID associated with the binding rule
	ID string

	// Description is a human readable description (Optional)
	Description string

	// AuthMethod is the name of the auth method for which this rule applies.
	AuthMethod string

	// Selector is an expression that matches against verified identity
	// attributes returned from the auth method during login.
	Selector string

	// BindType adjusts how this binding rule is applied at login time.  The
	// valid values are:
	//
	//  - BindingRuleBindTypeService = "service"
	//  - BindingRuleBindTypeRole    = "role"
	BindType string

	// BindName is the target of the binding. Can be lightly templated using
	// HIL ${foo} syntax from available field names. How it is used depends
	// upon the BindType.
	BindName string

	// Embedded Enterprise ACL metadata
	acl.EnterpriseMeta `mapstructure:",squash"`

	// Embedded Raft Metadata
	RaftIndex `hash:"ignore"`
}

func (*ACLBindingRule) Clone added in v1.16.100

func (r *ACLBindingRule) Clone() *ACLBindingRule

type ACLBindingRuleBatchDeleteRequest added in v1.16.100

type ACLBindingRuleBatchDeleteRequest struct {
	BindingRuleIDs []string
}

ACLBindingRuleBatchDeleteRequest is used at the Raft layer for batching multiple rule deletions

type ACLBindingRuleBatchSetRequest added in v1.16.100

type ACLBindingRuleBatchSetRequest struct {
	BindingRules ACLBindingRules
}

ACLBindingRuleBatchSetRequest is used at the Raft layer for batching multiple rule creations and updates

type ACLBindingRuleDeleteRequest added in v1.16.100

type ACLBindingRuleDeleteRequest struct {
	BindingRuleID string // id of the rule to delete
	Datacenter    string // The datacenter to perform the request within
	acl.EnterpriseMeta
	WriteRequest
}

ACLBindingRuleDeleteRequest is used at the RPC layer deletion requests

func (*ACLBindingRuleDeleteRequest) RequestDatacenter added in v1.16.100

func (r *ACLBindingRuleDeleteRequest) RequestDatacenter() string

type ACLBindingRuleGetRequest added in v1.16.100

type ACLBindingRuleGetRequest struct {
	BindingRuleID string // id used for the rule lookup
	Datacenter    string // The datacenter to perform the request within
	acl.EnterpriseMeta
	QueryOptions
}

ACLBindingRuleGetRequest is used at the RPC layer to perform rule read operations

func (*ACLBindingRuleGetRequest) RequestDatacenter added in v1.16.100

func (r *ACLBindingRuleGetRequest) RequestDatacenter() string

type ACLBindingRuleListRequest added in v1.16.100

type ACLBindingRuleListRequest struct {
	AuthMethod string // optional filter
	Datacenter string // The datacenter to perform the request within
	acl.EnterpriseMeta
	QueryOptions
}

ACLBindingRuleListRequest is used at the RPC layer to request a listing of rules

func (*ACLBindingRuleListRequest) RequestDatacenter added in v1.16.100

func (r *ACLBindingRuleListRequest) RequestDatacenter() string

type ACLBindingRuleListResponse added in v1.16.100

type ACLBindingRuleListResponse struct {
	BindingRules ACLBindingRules
	QueryMeta
}

type ACLBindingRuleResponse added in v1.16.100

type ACLBindingRuleResponse struct {
	BindingRule *ACLBindingRule
	QueryMeta
}

ACLBindingRuleResponse returns a single binding + metadata

type ACLBindingRuleSetRequest added in v1.16.100

type ACLBindingRuleSetRequest struct {
	BindingRule ACLBindingRule // The rule to upsert
	Datacenter  string         // The datacenter to perform the request within
	WriteRequest
}

ACLBindingRuleSetRequest is used at the RPC layer for creation and update requests

func (*ACLBindingRuleSetRequest) RequestDatacenter added in v1.16.100

func (r *ACLBindingRuleSetRequest) RequestDatacenter() string

type ACLBindingRules added in v1.16.100

type ACLBindingRules []*ACLBindingRule

func (ACLBindingRules) Sort added in v1.16.100

func (rules ACLBindingRules) Sort()

type ACLCaches added in v1.4.0

type ACLCaches struct {
	// contains filtered or unexported fields
}

func NewACLCaches added in v1.4.0

func NewACLCaches(config *ACLCachesConfig) (*ACLCaches, error)

func (*ACLCaches) GetAuthorizer added in v1.4.0

func (c *ACLCaches) GetAuthorizer(id string) *AuthorizerCacheEntry

GetAuthorizer fetches a acl from the cache and returns it

func (*ACLCaches) GetIdentity added in v1.4.0

func (c *ACLCaches) GetIdentity(id string) *IdentityCacheEntry

GetIdentity fetches an identity from the cache and returns it

func (*ACLCaches) GetIdentityWithSecretToken added in v1.16.100

func (c *ACLCaches) GetIdentityWithSecretToken(secretToken string) *IdentityCacheEntry

GetIdentityWithSecretToken fetches the identity with the given secret token from the cache.

func (*ACLCaches) GetParsedPolicy added in v1.4.0

func (c *ACLCaches) GetParsedPolicy(id string) *ParsedPolicyCacheEntry

GetPolicy fetches a policy from the cache and returns it

func (*ACLCaches) GetPolicy added in v1.4.0

func (c *ACLCaches) GetPolicy(policyID string) *PolicyCacheEntry

GetPolicy fetches a policy from the cache and returns it

func (*ACLCaches) GetRole added in v1.16.100

func (c *ACLCaches) GetRole(roleID string) *RoleCacheEntry

GetRole fetches a role from the cache by id and returns it

func (*ACLCaches) Purge added in v1.4.0

func (c *ACLCaches) Purge()

func (*ACLCaches) PutAuthorizer added in v1.4.0

func (c *ACLCaches) PutAuthorizer(id string, authorizer acl.Authorizer)

func (*ACLCaches) PutIdentity added in v1.4.0

func (c *ACLCaches) PutIdentity(id string, ident ACLIdentity)

PutIdentity adds a new identity to the cache

func (*ACLCaches) PutIdentityWithSecretToken added in v1.16.100

func (c *ACLCaches) PutIdentityWithSecretToken(secretToken string, identity ACLIdentity)

PutIdentityWithSecretToken adds a new identity to the cache, keyed by the given secret token (with a prefix to prevent collisions).

func (*ACLCaches) PutParsedPolicy added in v1.4.0

func (c *ACLCaches) PutParsedPolicy(id string, policy *acl.Policy)

func (*ACLCaches) PutPolicy added in v1.4.0

func (c *ACLCaches) PutPolicy(policyId string, policy *ACLPolicy)

func (*ACLCaches) PutRole added in v1.16.100

func (c *ACLCaches) PutRole(roleID string, role *ACLRole)

func (*ACLCaches) RemoveIdentity added in v1.4.0

func (c *ACLCaches) RemoveIdentity(id string)

func (*ACLCaches) RemoveIdentityWithSecretToken added in v1.16.100

func (c *ACLCaches) RemoveIdentityWithSecretToken(secretToken string)

RemoveIdentityWithSecretToken removes the identity from the cache with the given secret token.

func (*ACLCaches) RemovePolicy added in v1.4.0

func (c *ACLCaches) RemovePolicy(policyID string)

func (*ACLCaches) RemoveRole added in v1.16.100

func (c *ACLCaches) RemoveRole(roleID string)

type ACLCachesConfig added in v1.4.0

type ACLCachesConfig struct {
	Identities     int
	Policies       int
	ParsedPolicies int
	Authorizers    int
	Roles          int
}

type ACLIdentity added in v1.4.0

type ACLIdentity interface {
	// ID returns the accessor ID, a string that can be used for logging and
	// telemetry. It is not the secret ID used for authentication.
	ID() string
	SecretToken() string
	PolicyIDs() []string
	RoleIDs() []string
	ServiceIdentityList() []*ACLServiceIdentity
	NodeIdentityList() []*ACLNodeIdentity
	IsExpired(asOf time.Time) bool
	IsLocal() bool
	EnterpriseMetadata() *acl.EnterpriseMeta
}

type ACLInitialTokenBootstrapRequest added in v1.16.100

type ACLInitialTokenBootstrapRequest struct {
	BootstrapSecret string
	Datacenter      string
	QueryOptions
}

func (*ACLInitialTokenBootstrapRequest) RequestDatacenter added in v1.16.100

func (r *ACLInitialTokenBootstrapRequest) RequestDatacenter() string

type ACLLoginParams added in v1.16.100

type ACLLoginParams struct {
	AuthMethod  string
	BearerToken string
	Meta        map[string]string `json:",omitempty"`
	acl.EnterpriseMeta
}

type ACLLoginRequest added in v1.16.100

type ACLLoginRequest struct {
	Auth       *ACLLoginParams
	Datacenter string // The datacenter to perform the request within
	WriteRequest
}

func (*ACLLoginRequest) RequestDatacenter added in v1.16.100

func (r *ACLLoginRequest) RequestDatacenter() string

type ACLLogoutRequest added in v1.16.100

type ACLLogoutRequest struct {
	Datacenter string // The datacenter to perform the request within
	WriteRequest
}

func (*ACLLogoutRequest) RequestDatacenter added in v1.16.100

func (r *ACLLogoutRequest) RequestDatacenter() string

type ACLMode added in v1.4.0

type ACLMode string
const (
	// ACLModeDisabled indicates the ACL system is disabled
	ACLModeDisabled ACLMode = "0"
	// ACLModeEnabled indicates the ACL system is enabled
	ACLModeEnabled ACLMode = "1"
)

type ACLNodeIdentities added in v1.16.100

type ACLNodeIdentities []*ACLNodeIdentity

func (ACLNodeIdentities) Deduplicate added in v1.16.100

func (ids ACLNodeIdentities) Deduplicate() ACLNodeIdentities

Deduplicate returns a new list of node identities without duplicates.

type ACLNodeIdentity added in v1.16.100

type ACLNodeIdentity struct {
	// NodeName identities the Node that this identity authorizes access to
	NodeName string

	// Datacenter is required and specifies the datacenter of the node.
	Datacenter string
}

ACLNodeIdentity represents a high-level grant of all privileges necessary to assume the identity of that node and manage it.

func (*ACLNodeIdentity) AddToHash added in v1.16.100

func (s *ACLNodeIdentity) AddToHash(h hash.Hash)

func (*ACLNodeIdentity) Clone added in v1.16.100

func (s *ACLNodeIdentity) Clone() *ACLNodeIdentity

func (*ACLNodeIdentity) EstimateSize added in v1.16.100

func (s *ACLNodeIdentity) EstimateSize() int

func (*ACLNodeIdentity) SyntheticPolicy added in v1.16.100

func (s *ACLNodeIdentity) SyntheticPolicy(entMeta *acl.EnterpriseMeta) *ACLPolicy

type ACLPolicies added in v1.4.0

type ACLPolicies []*ACLPolicy

func (ACLPolicies) Compile added in v1.4.0

func (policies ACLPolicies) Compile(cache *ACLCaches, entConf *acl.Config) (acl.Authorizer, error)

func (ACLPolicies) HashKey added in v1.4.0

func (policies ACLPolicies) HashKey() string

HashKey returns a consistent hash for a set of policies.

func (ACLPolicies) Sort added in v1.4.0

func (policies ACLPolicies) Sort()

type ACLPolicy

type ACLPolicy struct {
	// This is the internal UUID associated with the policy
	ID string

	// Unique name to reference the policy by.
	//   - Valid Characters: [a-zA-Z0-9-]
	//   - Valid Lengths: 1 - 128
	Name string

	// Human readable description (Optional)
	Description string

	// The rule set (using the updated rule syntax)
	Rules string

	// Datacenters that the policy is valid within.
	//   - No wildcards allowed
	//   - If empty then the policy is valid within all datacenters
	Datacenters []string `json:",omitempty"`

	// Hash of the contents of the policy
	// This does not take into account the ID (which is immutable)
	// nor the raft metadata.
	//
	// This is needed mainly for replication purposes. When replicating from
	// one DC to another keeping the content Hash will allow us to avoid
	// unnecessary calls to the authoritative DC
	Hash []byte

	// Embedded Enterprise ACL Metadata
	acl.EnterpriseMeta `mapstructure:",squash"`

	// Embedded Raft Metadata
	RaftIndex `hash:"ignore"`
}

func (*ACLPolicy) Clone added in v1.4.3

func (p *ACLPolicy) Clone() *ACLPolicy

func (*ACLPolicy) EnterprisePolicyMeta added in v1.16.100

func (p *ACLPolicy) EnterprisePolicyMeta() *acl.EnterprisePolicyMeta

func (*ACLPolicy) EstimateSize added in v1.4.0

func (p *ACLPolicy) EstimateSize() int

func (*ACLPolicy) SetHash added in v1.4.0

func (p *ACLPolicy) SetHash(force bool) []byte

func (*ACLPolicy) Stub added in v1.4.0

func (p *ACLPolicy) Stub() *ACLPolicyListStub

func (*ACLPolicy) UnmarshalJSON added in v1.16.100

func (t *ACLPolicy) UnmarshalJSON(data []byte) error

type ACLPolicyBatchDeleteRequest added in v1.4.0

type ACLPolicyBatchDeleteRequest struct {
	PolicyIDs []string
}

ACLPolicyBatchDeleteRequest is used at the Raft layer for batching multiple policy deletions

This is particularly useful during replication

type ACLPolicyBatchGetRequest added in v1.4.0

type ACLPolicyBatchGetRequest struct {
	PolicyIDs  []string // List of policy ids to fetch
	Datacenter string   // The datacenter to perform the request within
	QueryOptions
}

ACLPolicyBatchGetRequest is used at the RPC layer to request a subset of the policies associated with the token used for retrieval

func (*ACLPolicyBatchGetRequest) RequestDatacenter added in v1.4.0

func (r *ACLPolicyBatchGetRequest) RequestDatacenter() string

type ACLPolicyBatchResponse added in v1.4.0

type ACLPolicyBatchResponse struct {
	Policies []*ACLPolicy
	QueryMeta
}

type ACLPolicyBatchSetRequest added in v1.4.0

type ACLPolicyBatchSetRequest struct {
	Policies ACLPolicies
}

ACLPolicyBatchSetRequest is used at the Raft layer for batching multiple policy creations and updates

This is particularly useful during replication

type ACLPolicyDeleteRequest added in v1.4.0

type ACLPolicyDeleteRequest struct {
	PolicyID   string // The id of the policy to delete
	Datacenter string // The datacenter to perform the request within
	acl.EnterpriseMeta
	WriteRequest
}

ACLPolicyDeleteRequest is used at the RPC layer deletion requests

func (*ACLPolicyDeleteRequest) RequestDatacenter added in v1.4.0

func (r *ACLPolicyDeleteRequest) RequestDatacenter() string

type ACLPolicyGetRequest added in v1.4.0

type ACLPolicyGetRequest struct {
	PolicyID   string // id used for the policy lookup (one of PolicyID or PolicyName is allowed)
	PolicyName string // name used for the policy lookup (one of PolicyID or PolicyName is allowed)
	Datacenter string // The datacenter to perform the request within
	acl.EnterpriseMeta
	QueryOptions
}

ACLPolicyGetRequest is used at the RPC layer to perform policy read operations

func (*ACLPolicyGetRequest) RequestDatacenter added in v1.4.0

func (r *ACLPolicyGetRequest) RequestDatacenter() string

type ACLPolicyListRequest added in v1.4.0

type ACLPolicyListRequest struct {
	Datacenter string // The datacenter to perform the request within
	acl.EnterpriseMeta
	QueryOptions
}

ACLPolicyListRequest is used at the RPC layer to request a listing of policies

func (*ACLPolicyListRequest) RequestDatacenter added in v1.4.0

func (r *ACLPolicyListRequest) RequestDatacenter() string

type ACLPolicyListResponse added in v1.4.0

type ACLPolicyListResponse struct {
	Policies ACLPolicyListStubs
	QueryMeta
}

type ACLPolicyListStub added in v1.4.0

type ACLPolicyListStub struct {
	ID          string
	Name        string
	Description string
	Datacenters []string
	Hash        []byte
	CreateIndex uint64
	ModifyIndex uint64
	acl.EnterpriseMeta
}

type ACLPolicyListStubs added in v1.4.0

type ACLPolicyListStubs []*ACLPolicyListStub

func (ACLPolicyListStubs) Sort added in v1.4.0

func (policies ACLPolicyListStubs) Sort()

type ACLPolicyResponse added in v1.4.0

type ACLPolicyResponse struct {
	Policy *ACLPolicy
	QueryMeta
}

ACLPolicyResponse returns a single policy + metadata

type ACLPolicySetRequest added in v1.4.0

type ACLPolicySetRequest struct {
	Policy     ACLPolicy // The policy to upsert
	Datacenter string    // The datacenter to perform the request within
	WriteRequest
}

ACLPolicySetRequest is used at the RPC layer for creation and update requests

func (*ACLPolicySetRequest) RequestDatacenter added in v1.4.0

func (r *ACLPolicySetRequest) RequestDatacenter() string

type ACLReplicationStatus

type ACLReplicationStatus struct {
	Enabled              bool
	Running              bool
	SourceDatacenter     string
	ReplicationType      ACLReplicationType
	ReplicatedIndex      uint64
	ReplicatedRoleIndex  uint64
	ReplicatedTokenIndex uint64
	LastSuccess          time.Time
	LastError            time.Time
	LastErrorMessage     string
}

ACLReplicationStatus provides information about the health of the ACL replication system.

type ACLReplicationType added in v1.4.0

type ACLReplicationType string
const (
	ACLReplicatePolicies ACLReplicationType = "policies"
	ACLReplicateRoles    ACLReplicationType = "roles"
	ACLReplicateTokens   ACLReplicationType = "tokens"
)

func (ACLReplicationType) SingularNoun added in v1.16.100

func (t ACLReplicationType) SingularNoun() string

type ACLRole added in v1.16.100

type ACLRole struct {
	// ID is the internal UUID associated with the role
	ID string

	// Name is the unique name to reference the role by.
	Name string

	// Description is a human readable description (Optional)
	Description string

	// List of policy links.
	// Note this is the list of IDs and not the names. Prior to role creation
	// the list of policy names gets validated and the policy IDs get stored herein
	Policies []ACLRolePolicyLink `json:",omitempty"`

	// List of services to generate synthetic policies for.
	ServiceIdentities ACLServiceIdentities `json:",omitempty"`

	// List of nodes to generate synthetic policies for.
	NodeIdentities ACLNodeIdentities `json:",omitempty"`

	// Hash of the contents of the role
	// This does not take into account the ID (which is immutable)
	// nor the raft metadata.
	//
	// This is needed mainly for replication purposes. When replicating from
	// one DC to another keeping the content Hash will allow us to avoid
	// unnecessary calls to the authoritative DC
	Hash []byte

	// Embedded Enterprise ACL metadata
	acl.EnterpriseMeta `mapstructure:",squash"`

	// Embedded Raft Metadata
	RaftIndex `hash:"ignore"`
}

func (*ACLRole) Clone added in v1.16.100

func (r *ACLRole) Clone() *ACLRole

func (*ACLRole) EstimateSize added in v1.16.100

func (r *ACLRole) EstimateSize() int

func (*ACLRole) NodeIdentityList added in v1.16.100

func (r *ACLRole) NodeIdentityList() []*ACLNodeIdentity

func (*ACLRole) SetHash added in v1.16.100

func (r *ACLRole) SetHash(force bool) []byte

func (*ACLRole) UnmarshalJSON added in v1.16.100

func (t *ACLRole) UnmarshalJSON(data []byte) error

type ACLRoleBatchDeleteRequest added in v1.16.100

type ACLRoleBatchDeleteRequest struct {
	RoleIDs []string
}

ACLRoleBatchDeleteRequest is used at the Raft layer for batching multiple role deletions

This is particularly useful during replication

type ACLRoleBatchGetRequest added in v1.16.100

type ACLRoleBatchGetRequest struct {
	RoleIDs    []string // List of role ids to fetch
	Datacenter string   // The datacenter to perform the request within
	QueryOptions
}

ACLRoleBatchGetRequest is used at the RPC layer to request a subset of the roles associated with the token used for retrieval

func (*ACLRoleBatchGetRequest) RequestDatacenter added in v1.16.100

func (r *ACLRoleBatchGetRequest) RequestDatacenter() string

type ACLRoleBatchResponse added in v1.16.100

type ACLRoleBatchResponse struct {
	Roles []*ACLRole
	QueryMeta
}

type ACLRoleBatchSetRequest added in v1.16.100

type ACLRoleBatchSetRequest struct {
	Roles             ACLRoles
	AllowMissingLinks bool
}

ACLRoleBatchSetRequest is used at the Raft layer for batching multiple role creations and updates

This is particularly useful during replication

type ACLRoleDeleteRequest added in v1.16.100

type ACLRoleDeleteRequest struct {
	RoleID     string // id of the role to delete
	Datacenter string // The datacenter to perform the request within
	acl.EnterpriseMeta
	WriteRequest
}

ACLRoleDeleteRequest is used at the RPC layer deletion requests

func (*ACLRoleDeleteRequest) RequestDatacenter added in v1.16.100

func (r *ACLRoleDeleteRequest) RequestDatacenter() string

type ACLRoleGetRequest added in v1.16.100

type ACLRoleGetRequest struct {
	RoleID     string // id used for the role lookup (one of RoleID or RoleName is allowed)
	RoleName   string // name used for the role lookup (one of RoleID or RoleName is allowed)
	Datacenter string // The datacenter to perform the request within
	acl.EnterpriseMeta
	QueryOptions
}

ACLRoleGetRequest is used at the RPC layer to perform role read operations

func (*ACLRoleGetRequest) RequestDatacenter added in v1.16.100

func (r *ACLRoleGetRequest) RequestDatacenter() string

type ACLRoleListRequest added in v1.16.100

type ACLRoleListRequest struct {
	Policy     string // Policy filter
	Datacenter string // The datacenter to perform the request within
	acl.EnterpriseMeta
	QueryOptions
}

ACLRoleListRequest is used at the RPC layer to request a listing of roles

func (*ACLRoleListRequest) RequestDatacenter added in v1.16.100

func (r *ACLRoleListRequest) RequestDatacenter() string

type ACLRoleListResponse added in v1.16.100

type ACLRoleListResponse struct {
	Roles ACLRoles
	QueryMeta
}
type ACLRolePolicyLink struct {
	ID   string
	Name string `hash:"ignore"`
}

type ACLRoleResponse added in v1.16.100

type ACLRoleResponse struct {
	Role *ACLRole
	QueryMeta
}

ACLRoleResponse returns a single role + metadata

type ACLRoleSetRequest added in v1.16.100

type ACLRoleSetRequest struct {
	Role       ACLRole // The role to upsert
	Datacenter string  // The datacenter to perform the request within
	WriteRequest
}

ACLRoleSetRequest is used at the RPC layer for creation and update requests

func (*ACLRoleSetRequest) RequestDatacenter added in v1.16.100

func (r *ACLRoleSetRequest) RequestDatacenter() string

type ACLRoles added in v1.16.100

type ACLRoles []*ACLRole

func (ACLRoles) HashKey added in v1.16.100

func (roles ACLRoles) HashKey() string

HashKey returns a consistent hash for a set of roles.

func (ACLRoles) Sort added in v1.16.100

func (roles ACLRoles) Sort()

type ACLServerIdentity added in v1.16.100

type ACLServerIdentity struct {
	// contains filtered or unexported fields
}

func NewACLServerIdentity added in v1.16.100

func NewACLServerIdentity(secretID string) *ACLServerIdentity

func (*ACLServerIdentity) EnterpriseMetadata added in v1.16.100

func (i *ACLServerIdentity) EnterpriseMetadata() *acl.EnterpriseMeta

func (*ACLServerIdentity) ID added in v1.16.100

func (i *ACLServerIdentity) ID() string

func (*ACLServerIdentity) IsExpired added in v1.16.100

func (i *ACLServerIdentity) IsExpired(asOf time.Time) bool

func (*ACLServerIdentity) IsLocal added in v1.16.100

func (i *ACLServerIdentity) IsLocal() bool

func (*ACLServerIdentity) NodeIdentityList added in v1.16.100

func (i *ACLServerIdentity) NodeIdentityList() []*ACLNodeIdentity

func (*ACLServerIdentity) PolicyIDs added in v1.16.100

func (i *ACLServerIdentity) PolicyIDs() []string

func (*ACLServerIdentity) RoleIDs added in v1.16.100

func (i *ACLServerIdentity) RoleIDs() []string

func (*ACLServerIdentity) SecretToken added in v1.16.100

func (i *ACLServerIdentity) SecretToken() string

func (*ACLServerIdentity) ServiceIdentityList added in v1.16.100

func (i *ACLServerIdentity) ServiceIdentityList() []*ACLServiceIdentity

type ACLServiceIdentities added in v1.16.100

type ACLServiceIdentities []*ACLServiceIdentity

func (ACLServiceIdentities) Deduplicate added in v1.16.100

func (ids ACLServiceIdentities) Deduplicate() ACLServiceIdentities

Deduplicate returns a new list of service identities without duplicates. Identities with the same ServiceName but different datacenters will be merged into a single identity with all datacenters.

type ACLServiceIdentity added in v1.16.100

type ACLServiceIdentity struct {
	ServiceName string

	// Datacenters that the synthetic policy will be valid within.
	//   - No wildcards allowed
	//   - If empty then the synthetic policy is valid within all datacenters
	//
	// Only valid for global tokens. It is an error to specify this for local tokens.
	Datacenters []string `json:",omitempty"`
}

ACLServiceIdentity represents a high-level grant of all necessary privileges to assume the identity of the named Service in the Catalog and within Connect.

func (*ACLServiceIdentity) AddToHash added in v1.16.100

func (s *ACLServiceIdentity) AddToHash(h hash.Hash)

func (*ACLServiceIdentity) Clone added in v1.16.100

func (*ACLServiceIdentity) EstimateSize added in v1.16.100

func (s *ACLServiceIdentity) EstimateSize() int

func (*ACLServiceIdentity) SyntheticPolicy added in v1.16.100

func (s *ACLServiceIdentity) SyntheticPolicy(entMeta *acl.EnterpriseMeta) *ACLPolicy

type ACLToken added in v1.4.0

type ACLToken struct {
	// This is the UUID used for tracking and management purposes
	AccessorID string

	// This is the UUID used as the api token by clients
	SecretID string

	// Human readable string to display for the token (Optional)
	Description string

	// List of policy links - nil/empty for legacy tokens or if service identities are in use.
	// Note this is the list of IDs and not the names. Prior to token creation
	// the list of policy names gets validated and the policy IDs get stored herein
	Policies []ACLTokenPolicyLink `json:",omitempty"`

	// List of role links. Note this is the list of IDs and not the names.
	// Prior to token creation the list of role names gets validated and the
	// role IDs get stored herein
	Roles []ACLTokenRoleLink `json:",omitempty"`

	// List of services to generate synthetic policies for.
	ServiceIdentities ACLServiceIdentities `json:",omitempty"`

	// The node identities that this token should be allowed to manage.
	NodeIdentities ACLNodeIdentities `json:",omitempty"`

	// Whether this token is DC local. This means that it will not be synced
	// to the ACL datacenter and replicated to others.
	Local bool

	// AuthMethod is the name of the auth method used to create this token.
	AuthMethod string `json:",omitempty"`

	// ACLAuthMethodEnterpriseMeta is the EnterpriseMeta for the AuthMethod that this token was created from
	ACLAuthMethodEnterpriseMeta

	// ExpirationTime represents the point after which a token should be
	// considered revoked and is eligible for destruction. The zero value
	// represents NO expiration.
	//
	// This is a pointer value so that the zero value is omitted properly
	// during json serialization. time.Time does not respect json omitempty
	// directives unfortunately.
	ExpirationTime *time.Time `json:",omitempty"`

	// ExpirationTTL is a convenience field for helping set ExpirationTime to a
	// value of CreateTime+ExpirationTTL. This can only be set during
	// TokenCreate and is cleared and used to initialize the ExpirationTime
	// field before being persisted to the state store or raft log.
	//
	// This is a string version of a time.Duration like "2m".
	ExpirationTTL time.Duration `json:",omitempty"`

	// The time when this token was created
	CreateTime time.Time `json:",omitempty"`

	// Hash of the contents of the token
	//
	// This is needed mainly for replication purposes. When replicating from
	// one DC to another keeping the content Hash will allow us to avoid
	// unnecessary calls to the authoritative DC
	Hash []byte

	// Embedded Enterprise Metadata
	acl.EnterpriseMeta `mapstructure:",squash"`

	// Embedded Raft Metadata
	RaftIndex
}

func (*ACLToken) Clone added in v1.4.3

func (t *ACLToken) Clone() *ACLToken

func (*ACLToken) EnterpriseMetadata added in v1.16.100

func (t *ACLToken) EnterpriseMetadata() *acl.EnterpriseMeta

func (*ACLToken) EstimateSize added in v1.4.0

func (t *ACLToken) EstimateSize() int

func (*ACLToken) HasExpirationTime added in v1.16.100

func (t *ACLToken) HasExpirationTime() bool

func (*ACLToken) ID added in v1.4.0

func (t *ACLToken) ID() string

func (*ACLToken) IsExpired added in v1.16.100

func (t *ACLToken) IsExpired(asOf time.Time) bool

func (*ACLToken) IsLocal added in v1.16.100

func (t *ACLToken) IsLocal() bool

func (*ACLToken) NodeIdentityList added in v1.16.100

func (t *ACLToken) NodeIdentityList() []*ACLNodeIdentity

func (*ACLToken) PolicyIDs added in v1.4.0

func (t *ACLToken) PolicyIDs() []string

func (*ACLToken) RoleIDs added in v1.16.100

func (t *ACLToken) RoleIDs() []string

func (*ACLToken) SecretToken added in v1.4.0

func (t *ACLToken) SecretToken() string

func (*ACLToken) ServiceIdentityList added in v1.16.100

func (t *ACLToken) ServiceIdentityList() []*ACLServiceIdentity

func (*ACLToken) SetHash added in v1.4.0

func (t *ACLToken) SetHash(force bool) []byte

func (*ACLToken) Stub added in v1.4.0

func (token *ACLToken) Stub() *ACLTokenListStub

func (*ACLToken) UnmarshalJSON added in v1.16.100

func (t *ACLToken) UnmarshalJSON(data []byte) (err error)

type ACLTokenBatchDeleteRequest added in v1.4.0

type ACLTokenBatchDeleteRequest struct {
	TokenIDs []string // Tokens to delete
}

ACLTokenBatchDeleteRequest is used only at the Raft layer for batching multiple token deletions.

This is particularly useful during token replication when multiple tokens need to be removed from the local DCs state.

type ACLTokenBatchGetRequest added in v1.4.0

type ACLTokenBatchGetRequest struct {
	AccessorIDs []string // List of accessor ids to fetch
	Datacenter  string   // The datacenter to perform the request within
	QueryOptions
}

ACLTokenBatchGetRequest is used for reading multiple tokens, this is different from the the token list request in that only tokens with the the requested ids are returned

func (*ACLTokenBatchGetRequest) RequestDatacenter added in v1.4.0

func (r *ACLTokenBatchGetRequest) RequestDatacenter() string

type ACLTokenBatchResponse added in v1.4.0

type ACLTokenBatchResponse struct {
	Tokens   []*ACLToken
	Redacted bool // whether the token secrets were redacted.
	Removed  bool // whether any tokens were completely removed
	QueryMeta
}

ACLTokenBatchResponse returns multiple Tokens associated with the same metadata

type ACLTokenBatchSetRequest added in v1.4.0

type ACLTokenBatchSetRequest struct {
	Tokens               ACLTokens
	CAS                  bool
	AllowMissingLinks    bool
	ProhibitUnprivileged bool
	FromReplication      bool
}

ACLTokenBatchSetRequest is used only at the Raft layer for batching multiple token creation/update operations

This is particularly useful during token replication and during automatic legacy token upgrades.

type ACLTokenBootstrapRequest added in v1.4.0

type ACLTokenBootstrapRequest struct {
	Token      ACLToken // Token to use for bootstrapping
	ResetIndex uint64   // Reset index
}

ACLTokenBootstrapRequest is used only at the Raft layer for ACL bootstrapping

The RPC layer will use ACLInitialTokenBootstrapRequest to indicate that bootstrapping must be performed but the actual token and the resetIndex will be generated by that RPC endpoint

type ACLTokenDeleteRequest added in v1.4.0

type ACLTokenDeleteRequest struct {
	TokenID    string // Accessor ID of the token to delete
	Datacenter string // The datacenter to perform the request within
	acl.EnterpriseMeta
	WriteRequest
}

ACLTokenDeleteRequest is used for token deletion operations at the RPC layer

func (*ACLTokenDeleteRequest) RequestDatacenter added in v1.4.0

func (r *ACLTokenDeleteRequest) RequestDatacenter() string

type ACLTokenExpanded added in v1.16.100

type ACLTokenExpanded struct {
	*ACLToken
	ExpandedTokenInfo
}

type ACLTokenGetRequest added in v1.4.0

type ACLTokenGetRequest struct {
	TokenID     string         // Accessor ID used for the token lookup
	TokenIDType ACLTokenIDType // The Type of ID used to lookup the token
	Expanded    bool
	Datacenter  string // The datacenter to perform the request within
	acl.EnterpriseMeta
	QueryOptions
}

ACLTokenGetRequest is used for token read operations at the RPC layer

func (*ACLTokenGetRequest) RequestDatacenter added in v1.4.0

func (r *ACLTokenGetRequest) RequestDatacenter() string

type ACLTokenIDType added in v1.4.0

type ACLTokenIDType string
const (
	ACLTokenSecret   ACLTokenIDType = "secret"
	ACLTokenAccessor ACLTokenIDType = "accessor"
)

type ACLTokenListRequest added in v1.4.0

type ACLTokenListRequest struct {
	IncludeLocal  bool   // Whether local tokens should be included
	IncludeGlobal bool   // Whether global tokens should be included
	Policy        string // Policy filter
	Role          string // Role filter
	AuthMethod    string // Auth Method filter
	Datacenter    string // The datacenter to perform the request within
	ACLAuthMethodEnterpriseMeta
	acl.EnterpriseMeta
	QueryOptions
}

ACLTokenListRequest is used for token listing operations at the RPC layer

func (*ACLTokenListRequest) RequestDatacenter added in v1.4.0

func (r *ACLTokenListRequest) RequestDatacenter() string

type ACLTokenListResponse added in v1.4.0

type ACLTokenListResponse struct {
	Tokens ACLTokenListStubs
	QueryMeta
}

ACLTokenListResponse is used to return the secret data free stubs of the tokens

type ACLTokenListStub added in v1.4.0

type ACLTokenListStub struct {
	AccessorID        string
	SecretID          string
	Description       string
	Policies          []ACLTokenPolicyLink `json:",omitempty"`
	Roles             []ACLTokenRoleLink   `json:",omitempty"`
	ServiceIdentities ACLServiceIdentities `json:",omitempty"`
	NodeIdentities    ACLNodeIdentities    `json:",omitempty"`
	Local             bool
	AuthMethod        string     `json:",omitempty"`
	ExpirationTime    *time.Time `json:",omitempty"`
	CreateTime        time.Time  `json:",omitempty"`
	Hash              []byte
	CreateIndex       uint64
	ModifyIndex       uint64
	acl.EnterpriseMeta
	ACLAuthMethodEnterpriseMeta
}

type ACLTokenListStubs added in v1.4.0

type ACLTokenListStubs []*ACLTokenListStub

func (ACLTokenListStubs) Sort added in v1.4.0

func (tokens ACLTokenListStubs) Sort()
type ACLTokenPolicyLink struct {
	ID   string
	Name string `hash:"ignore"`
}

type ACLTokenResponse added in v1.4.0

type ACLTokenResponse struct {
	Token            *ACLToken
	Redacted         bool // whether the token's secret was redacted
	SourceDatacenter string

	ExpandedTokenInfo
	QueryMeta
}

ACLTokenResponse returns a single Token + metadata

type ACLTokenRoleLink struct {
	ID   string
	Name string `hash:"ignore"`
}

type ACLTokenSetRequest added in v1.4.0

type ACLTokenSetRequest struct {
	ACLToken   ACLToken // Token to manipulate - I really dislike this name but "Token" is taken in the WriteRequest
	Create     bool     // Used to explicitly mark this request as a creation
	Datacenter string   // The datacenter to perform the request within
	WriteRequest
}

ACLTokenSetRequest is used for token creation and update operations at the RPC layer

func (*ACLTokenSetRequest) RequestDatacenter added in v1.4.0

func (r *ACLTokenSetRequest) RequestDatacenter() string

type ACLTokens added in v1.4.0

type ACLTokens []*ACLToken

ACLTokens is a slice of ACLTokens.

func (ACLTokens) Sort added in v1.4.0

func (tokens ACLTokens) Sort()

type APIGatewayConfigEntry added in v1.16.100

type APIGatewayConfigEntry struct {
	// Kind of the config entry. This will be set to structs.APIGateway.
	Kind string

	// Name is used to match the config entry with its associated API gateway
	// service. This should match the name provided in the service definition.
	Name string

	// Listeners is the set of listener configuration to which an API Gateway
	// might bind.
	Listeners []APIGatewayListener

	// Status is the asynchronous status which an APIGateway propagates to the user.
	Status Status

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

APIGatewayConfigEntry manages the configuration for an API gateway service with the given name.

func (*APIGatewayConfigEntry) CanRead added in v1.16.100

func (e *APIGatewayConfigEntry) CanRead(authz acl.Authorizer) error

func (*APIGatewayConfigEntry) CanWrite added in v1.16.100

func (e *APIGatewayConfigEntry) CanWrite(authz acl.Authorizer) error

func (*APIGatewayConfigEntry) DefaultStatus added in v1.16.100

func (e *APIGatewayConfigEntry) DefaultStatus() Status

func (*APIGatewayConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *APIGatewayConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*APIGatewayConfigEntry) GetKind added in v1.16.100

func (e *APIGatewayConfigEntry) GetKind() string

func (*APIGatewayConfigEntry) GetMeta added in v1.16.100

func (e *APIGatewayConfigEntry) GetMeta() map[string]string

func (*APIGatewayConfigEntry) GetName added in v1.16.100

func (e *APIGatewayConfigEntry) GetName() string

func (*APIGatewayConfigEntry) GetRaftIndex added in v1.16.100

func (e *APIGatewayConfigEntry) GetRaftIndex() *RaftIndex

func (*APIGatewayConfigEntry) GetStatus added in v1.16.100

func (e *APIGatewayConfigEntry) GetStatus() Status

func (*APIGatewayConfigEntry) ListenerIsReady added in v1.16.100

func (e *APIGatewayConfigEntry) ListenerIsReady(name string) bool

func (*APIGatewayConfigEntry) Normalize added in v1.16.100

func (e *APIGatewayConfigEntry) Normalize() error

func (*APIGatewayConfigEntry) SetStatus added in v1.16.100

func (e *APIGatewayConfigEntry) SetStatus(status Status)

func (*APIGatewayConfigEntry) Validate added in v1.16.100

func (e *APIGatewayConfigEntry) Validate() error

type APIGatewayListener added in v1.16.100

type APIGatewayListener struct {
	// Name is the name of the listener in a given gateway. This must be
	// unique within a gateway.
	Name string
	// Hostname is the host name that a listener should be bound to. If
	// unspecified, the listener accepts requests for all hostnames.
	Hostname string
	// Port is the port at which this listener should bind.
	Port int
	// Protocol is the protocol that a listener should use. It must
	// either be http or tcp.
	Protocol APIGatewayListenerProtocol
	// TLS is the TLS settings for the listener.
	TLS APIGatewayTLSConfiguration
}

APIGatewayListener represents an individual listener for an APIGateway

func (*APIGatewayListener) DeepCopy added in v1.16.100

func (o *APIGatewayListener) DeepCopy() *APIGatewayListener

DeepCopy generates a deep copy of *APIGatewayListener

func (APIGatewayListener) GetHostname added in v1.16.100

func (l APIGatewayListener) GetHostname() string

type APIGatewayListenerProtocol added in v1.16.100

type APIGatewayListenerProtocol string

APIGatewayListenerProtocol is the protocol that an APIGateway listener uses

const (
	ListenerProtocolHTTP APIGatewayListenerProtocol = "http"
	ListenerProtocolTCP  APIGatewayListenerProtocol = "tcp"
)

type APIGatewayTLSConfiguration added in v1.16.100

type APIGatewayTLSConfiguration struct {
	// Certificates is a set of references to certificates
	// that a gateway listener uses for TLS termination.
	Certificates []ResourceReference
	// MaxVersion is the maximum TLS version that the listener
	// should support.
	MaxVersion types.TLSVersion
	// MinVersion is the minimum TLS version that the listener
	// should support.
	MinVersion types.TLSVersion
	// CipherSuites is the cipher suites that the listener should support.
	CipherSuites []types.TLSCipherSuite
}

APIGatewayTLSConfiguration specifies the configuration of a listener’s TLS settings.

func (*APIGatewayTLSConfiguration) IsEmpty added in v1.16.100

func (a *APIGatewayTLSConfiguration) IsEmpty() bool

IsEmpty returns true if all values in the struct are nil or empty.

type AWSCAProviderConfig added in v1.16.100

type AWSCAProviderConfig struct {
	CommonCAProviderConfig `mapstructure:",squash"`

	ExistingARN  string
	DeleteOnExit bool
}

type AccessLogsConfig added in v1.16.100

type AccessLogsConfig struct {
	// Enabled turns off all access logging
	Enabled bool `json:",omitempty" alias:"enabled"`

	// DisableListenerLogs turns off just listener logs for connections rejected by Envoy because they don't
	// have a matching listener filter.
	DisableListenerLogs bool `json:",omitempty" alias:"disable_listener_logs"`

	// Type selects the output for logs: "file", "stderr". "stdout"
	Type LogSinkType `json:",omitempty" alias:"type"`

	// Path is the output file to write logs
	Path string `json:",omitempty" alias:"path"`

	// The presence of one format string or the other implies the access log string encoding.
	// Defining Both is invalid.
	JSONFormat string `json:",omitempty" alias:"json_format"`
	TextFormat string `json:",omitempty" alias:"text_format"`
}

AccessLogsConfig contains the associated default settings for all Envoy instances within the datacenter or partition

func (*AccessLogsConfig) IsZero added in v1.16.100

func (c *AccessLogsConfig) IsZero() bool

func (*AccessLogsConfig) ToAPI added in v1.16.100

func (*AccessLogsConfig) Validate added in v1.16.100

func (c *AccessLogsConfig) Validate() error

type AgentRecoveryTokenIdentity added in v1.16.100

type AgentRecoveryTokenIdentity struct {
	// contains filtered or unexported fields
}

func NewAgentRecoveryTokenIdentity added in v1.16.100

func NewAgentRecoveryTokenIdentity(agent string, secretID string) *AgentRecoveryTokenIdentity

func (*AgentRecoveryTokenIdentity) EnterpriseMetadata added in v1.16.100

func (id *AgentRecoveryTokenIdentity) EnterpriseMetadata() *acl.EnterpriseMeta

func (*AgentRecoveryTokenIdentity) ID added in v1.16.100

func (*AgentRecoveryTokenIdentity) IsExpired added in v1.16.100

func (id *AgentRecoveryTokenIdentity) IsExpired(asOf time.Time) bool

func (*AgentRecoveryTokenIdentity) IsLocal added in v1.16.100

func (id *AgentRecoveryTokenIdentity) IsLocal() bool

func (*AgentRecoveryTokenIdentity) NodeIdentityList added in v1.16.100

func (id *AgentRecoveryTokenIdentity) NodeIdentityList() []*ACLNodeIdentity

func (*AgentRecoveryTokenIdentity) PolicyIDs added in v1.16.100

func (id *AgentRecoveryTokenIdentity) PolicyIDs() []string

func (*AgentRecoveryTokenIdentity) RoleIDs added in v1.16.100

func (id *AgentRecoveryTokenIdentity) RoleIDs() []string

func (*AgentRecoveryTokenIdentity) SecretToken added in v1.16.100

func (id *AgentRecoveryTokenIdentity) SecretToken() string

func (*AgentRecoveryTokenIdentity) ServiceIdentityList added in v1.16.100

func (id *AgentRecoveryTokenIdentity) ServiceIdentityList() []*ACLServiceIdentity

type AssignServiceManualVIPsRequest added in v1.16.100

type AssignServiceManualVIPsRequest struct {
	Service    string
	ManualVIPs []string

	DCSpecificRequest
}

type AssignServiceManualVIPsResponse added in v1.16.100

type AssignServiceManualVIPsResponse struct {
	Found          bool
	UnassignedFrom []PeeredServiceName
}

type AuthorizerCacheEntry added in v1.4.0

type AuthorizerCacheEntry struct {
	Authorizer acl.Authorizer
	CacheTime  time.Time
	TTL        time.Duration
}

func (*AuthorizerCacheEntry) Age added in v1.4.0

type AutopilotConfig

type AutopilotConfig struct {
	// CleanupDeadServers controls whether to remove dead servers when a new
	// server is added to the Raft peers.
	CleanupDeadServers bool

	// LastContactThreshold is the limit on the amount of time a server can go
	// without leader contact before being considered unhealthy.
	LastContactThreshold time.Duration

	// MaxTrailingLogs is the amount of entries in the Raft Log that a server can
	// be behind before being considered unhealthy.
	MaxTrailingLogs uint64

	// MinQuorum sets the minimum number of servers required in a cluster
	// before autopilot can prune dead servers.
	MinQuorum uint

	// ServerStabilizationTime is the minimum amount of time a server must be
	// in a stable, healthy state before it can be added to the cluster. Only
	// applicable with Raft protocol version 3 or higher.
	ServerStabilizationTime time.Duration

	// (Enterprise-only) RedundancyZoneTag is the node tag to use for separating
	// servers into zones for redundancy. If left blank, this feature will be disabled.
	RedundancyZoneTag string

	// (Enterprise-only) DisableUpgradeMigration will disable Autopilot's upgrade migration
	// strategy of waiting until enough newer-versioned servers have been added to the
	// cluster before promoting them to voters.
	DisableUpgradeMigration bool

	// (Enterprise-only) UpgradeVersionTag is the node tag to use for version info when
	// performing upgrade migrations. If left blank, the Consul version will be used.
	UpgradeVersionTag string

	// CreateIndex/ModifyIndex store the create/modify indexes of this configuration.
	CreateIndex uint64
	ModifyIndex uint64
}

Autopilotconfig holds the Autopilot configuration for a cluster.

func (*AutopilotConfig) ToAutopilotLibraryConfig added in v1.16.100

func (c *AutopilotConfig) ToAutopilotLibraryConfig() *autopilot.Config

type AutopilotHealthReply added in v1.16.100

type AutopilotHealthReply struct {
	// Healthy is true if all the servers in the cluster are healthy.
	Healthy bool

	// FailureTolerance is the number of healthy servers that could be lost without
	// an outage occurring.
	FailureTolerance int

	// Servers holds the health of each server.
	Servers []AutopilotServerHealth
}

AutopilotHealthReply is a representation of the overall health of the cluster

type AutopilotServerHealth added in v1.16.100

type AutopilotServerHealth struct {
	// ID is the raft ID of the server.
	ID string

	// Name is the node name of the server.
	Name string

	// Address is the address of the server.
	Address string

	// The status of the SerfHealth check for the server.
	SerfStatus serf.MemberStatus

	// Version is the version of the server.
	Version string

	// Leader is whether this server is currently the leader.
	Leader bool

	// LastContact is the time since this node's last contact with the leader.
	LastContact time.Duration

	// LastTerm is the highest leader term this server has a record of in its Raft log.
	LastTerm uint64

	// LastIndex is the last log index this server has a record of in its Raft log.
	LastIndex uint64

	// Healthy is whether or not the server is healthy according to the current
	// Autopilot config.
	Healthy bool

	// Voter is whether this is a voting server.
	Voter bool

	// StableSince is the last time this server's Healthy value changed.
	StableSince time.Time
}

ServerHealth is the health (from the leader's point of view) of a server.

type AutopilotSetConfigRequest

type AutopilotSetConfigRequest struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// Config is the new Autopilot configuration to use.
	Config AutopilotConfig

	// CAS controls whether to use check-and-set semantics for this request.
	CAS bool

	// WriteRequest holds the ACL token to go along with this request.
	WriteRequest
}

AutopilotSetConfigRequest is used by the Operator endpoint to update the current Autopilot configuration of the cluster.

func (*AutopilotSetConfigRequest) RequestDatacenter

func (op *AutopilotSetConfigRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type BoundAPIGatewayConfigEntry added in v1.16.100

type BoundAPIGatewayConfigEntry struct {
	// Kind of the config entry. This will be set to structs.BoundAPIGateway.
	Kind string

	// Name is used to match the config entry with its associated API gateway
	// service. This should match the name provided in the corresponding API
	// gateway service definition.
	Name string

	// Listeners are the valid listeners of an APIGateway with information about
	// what certificates and routes have successfully bound to it.
	Listeners []BoundAPIGatewayListener

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

BoundAPIGatewayConfigEntry manages the configuration for a bound API gateway with the given name. This type is never written from the client. It is only written by the controller in order to represent an API gateway and the resources that are bound to it.

func (*BoundAPIGatewayConfigEntry) CanRead added in v1.16.100

func (e *BoundAPIGatewayConfigEntry) CanRead(authz acl.Authorizer) error

func (*BoundAPIGatewayConfigEntry) CanWrite added in v1.16.100

func (*BoundAPIGatewayConfigEntry) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *BoundAPIGatewayConfigEntry

func (*BoundAPIGatewayConfigEntry) DefaultStatus added in v1.16.100

func (e *BoundAPIGatewayConfigEntry) DefaultStatus() Status

func (*BoundAPIGatewayConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *BoundAPIGatewayConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*BoundAPIGatewayConfigEntry) GetKind added in v1.16.100

func (e *BoundAPIGatewayConfigEntry) GetKind() string

func (*BoundAPIGatewayConfigEntry) GetMeta added in v1.16.100

func (e *BoundAPIGatewayConfigEntry) GetMeta() map[string]string

func (*BoundAPIGatewayConfigEntry) GetName added in v1.16.100

func (e *BoundAPIGatewayConfigEntry) GetName() string

func (*BoundAPIGatewayConfigEntry) GetRaftIndex added in v1.16.100

func (e *BoundAPIGatewayConfigEntry) GetRaftIndex() *RaftIndex

func (*BoundAPIGatewayConfigEntry) GetStatus added in v1.16.100

func (e *BoundAPIGatewayConfigEntry) GetStatus() Status

func (*BoundAPIGatewayConfigEntry) IsInitializedForGateway added in v1.16.100

func (e *BoundAPIGatewayConfigEntry) IsInitializedForGateway(gateway *APIGatewayConfigEntry) bool

IsInitializedForGateway returns whether or not this bound api gateway is initialized with the given api gateway including having corresponding listener entries for the gateway.

func (*BoundAPIGatewayConfigEntry) IsSame added in v1.16.100

func (*BoundAPIGatewayConfigEntry) Normalize added in v1.16.100

func (e *BoundAPIGatewayConfigEntry) Normalize() error

func (*BoundAPIGatewayConfigEntry) SetStatus added in v1.16.100

func (e *BoundAPIGatewayConfigEntry) SetStatus(status Status)

func (*BoundAPIGatewayConfigEntry) Validate added in v1.16.100

func (e *BoundAPIGatewayConfigEntry) Validate() error

type BoundAPIGatewayListener added in v1.16.100

type BoundAPIGatewayListener struct {
	Name         string
	Routes       []ResourceReference
	Certificates []ResourceReference
}

BoundAPIGatewayListener is an API gateway listener with information about the routes and certificates that have successfully bound to it.

func (*BoundAPIGatewayListener) BindRoute added in v1.16.100

func (l *BoundAPIGatewayListener) BindRoute(routeRef ResourceReference) bool

BindRoute is used to create or update a route on the listener. It returns true if the route was able to be bound to the listener. Routes should only bind to listeners with their same section name and protocol. Be sure to check both of these before attempting to bind a route to the listener.

func (*BoundAPIGatewayListener) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *BoundAPIGatewayListener

func (BoundAPIGatewayListener) IsSame added in v1.16.100

func (*BoundAPIGatewayListener) UnbindRoute added in v1.16.100

func (l *BoundAPIGatewayListener) UnbindRoute(route ResourceReference) bool

type BoundRoute added in v1.16.100

type BoundRoute interface {
	ControlledConfigEntry
	GetParents() []ResourceReference
	GetProtocol() APIGatewayListenerProtocol
	GetServiceNames() []ServiceName
}

BoundRoute indicates a route that has parent gateways which can be accessed by calling the GetParents associated function.

type CAConfiguration added in v1.2.0

type CAConfiguration struct {
	// ClusterID is a unique identifier for the cluster
	ClusterID string `json:"-"`

	// Provider is the CA provider implementation to use.
	Provider string

	// Configuration is arbitrary configuration for the provider. This
	// should only contain primitive values and containers (such as lists
	// and maps).
	Config map[string]interface{}

	// State is optionally used by the provider to persist information it needs
	// between reloads like UUIDs of resources it manages. It only supports string
	// values to avoid gotchas with interface{} since this is encoded through
	// msgpack when it's written through raft. For example if providers used a
	// custom struct or even a simple `int` type, msgpack with loose type
	// information during encode/decode and providers will end up getting back
	// different types have have to remember to test multiple variants of state
	// handling to account for cases where it's been through msgpack or not.
	// Keeping this as strings only forces compatibility and leaves the input
	// Providers have to work with unambiguous - they can parse ints or other
	// types as they need. We expect this only to be used to store a handful of
	// identifiers anyway so this is simpler.
	State map[string]string

	// ForceWithoutCrossSigning indicates that the CA reconfiguration should go
	// ahead even if the current CA is unable to cross sign certificates. This
	// risks temporary connection failures during the rollout as new leafs will be
	// rejected by proxies that have not yet observed the new root cert but is the
	// only option if a CA that doesn't support cross signing needs to be
	// reconfigured or mirated away from.
	ForceWithoutCrossSigning bool

	RaftIndex
}

CAConfiguration is the configuration for the current CA plugin.

func (*CAConfiguration) GetCommonConfig added in v1.2.2

func (c *CAConfiguration) GetCommonConfig() (*CommonCAProviderConfig, error)

func (*CAConfiguration) UnmarshalJSON added in v1.16.100

func (c *CAConfiguration) UnmarshalJSON(data []byte) (err error)

type CAConsulProviderState added in v1.2.0

type CAConsulProviderState struct {
	ID               string
	PrivateKey       string
	RootCert         string
	IntermediateCert string

	RaftIndex
}

CAConsulProviderState is used to track the built-in Consul CA provider's state.

type CALeafOp added in v1.4.1

type CALeafOp string

CALeafOp is the operation for a request related to leaf certificates.

const (
	CALeafOpIncrementIndex CALeafOp = "increment-index"
)

type CALeafRequest added in v1.4.1

type CALeafRequest struct {
	// Op is the type of operation being requested. This determines what
	// other fields are required.
	Op CALeafOp

	// Datacenter is the target for this request.
	Datacenter string

	// WriteRequest is a common struct containing ACL tokens and other
	// write-related common elements for requests.
	WriteRequest
}

CALeafRequest is used to modify connect CA leaf data. This is used by the FSM (agent/consul/fsm) to apply changes.

func (*CALeafRequest) RequestDatacenter added in v1.4.1

func (q *CALeafRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type CAOp added in v1.2.0

type CAOp string

CAOp is the operation for a request related to intentions.

const (
	CAOpSetRoots                      CAOp = "set-roots"
	CAOpSetConfig                     CAOp = "set-config"
	CAOpSetProviderState              CAOp = "set-provider-state"
	CAOpDeleteProviderState           CAOp = "delete-provider-state"
	CAOpSetRootsAndConfig             CAOp = "set-roots-config"
	CAOpIncrementProviderSerialNumber CAOp = "increment-provider-serial"
)

type CARequest added in v1.2.0

type CARequest struct {
	// Op is the type of operation being requested. This determines what
	// other fields are required.
	Op CAOp

	// Datacenter is the target for this request.
	Datacenter string

	// Index is used by CAOpSetRoots and CAOpSetConfig for a CAS operation.
	Index uint64

	// Roots is a list of roots. This is used for CAOpSet. One root must
	// always be active.
	Roots []*CARoot

	// Config is the configuration for the current CA plugin.
	Config *CAConfiguration

	// ProviderState is the state for the builtin CA provider.
	ProviderState *CAConsulProviderState

	// WriteRequest is a common struct containing ACL tokens and other
	// write-related common elements for requests.
	WriteRequest
}

CARequest is used to modify connect CA data. This is used by the FSM (agent/consul/fsm) to apply changes.

func (*CARequest) RequestDatacenter added in v1.2.0

func (q *CARequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type CARoot added in v1.2.0

type CARoot struct {
	// ID is a globally unique ID (UUID) representing this CA chain. It is
	// calculated from the SHA1 of the primary CA certificate.
	ID string

	// Name is a human-friendly name for this CA root. This value is
	// opaque to Consul and is not used for anything internally.
	Name string

	// SerialNumber is the x509 serial number of the primary CA certificate.
	SerialNumber uint64

	// SigningKeyID is the connect.HexString encoded id of the public key that
	// corresponds to the private key used to sign leaf certificates in the
	// local datacenter.
	//
	// The value comes from x509.Certificate.SubjectKeyId of the local leaf
	// signing cert.
	//
	// See https://www.rfc-editor.org/rfc/rfc3280#section-4.2.1.1 for more detail.
	SigningKeyID string

	// ExternalTrustDomain is the trust domain this root was generated under. It
	// is usually empty implying "the current cluster trust-domain". It is set
	// only in the case that a cluster changes trust domain and then all old roots
	// that are still trusted have the old trust domain set here.
	//
	// We currently DON'T validate these trust domains explicitly anywhere, see
	// IndexedRoots.TrustDomain doc. We retain this information for debugging and
	// future flexibility.
	ExternalTrustDomain string

	// NotBefore is the x509.Certificate.NotBefore value of the primary CA
	// certificate. This value should generally be a time in the past.
	NotBefore time.Time
	// NotAfter is the  x509.Certificate.NotAfter value of the primary CA
	// certificate. This is the time when the certificate will expire.
	NotAfter time.Time

	// RootCert is the PEM-encoded public certificate for the root CA. The
	// certificate is the same for all federated clusters.
	RootCert string

	// IntermediateCerts is a list of PEM-encoded intermediate certs to
	// attach to any leaf certs signed by this CA. The list may include a
	// certificate cross-signed by an old root CA, any subordinate CAs below the
	// root CA, and the intermediate CA used to sign leaf certificates in the
	// local Datacenter.
	//
	// If the provider which created this root uses an intermediate to sign
	// leaf certificates (Vault provider), or this is a secondary Datacenter then
	// the intermediate used to sign leaf certificates will be the last in the
	// list.
	IntermediateCerts []string

	// SigningCert is the PEM-encoded signing certificate and SigningKey
	// is the PEM-encoded private key for the signing certificate. These
	// may actually be empty if the CA plugin in use manages these for us.
	SigningCert string `json:",omitempty"`
	SigningKey  string `json:",omitempty"`

	// Active is true if this is the current active CA. This must only
	// be true for exactly one CA. For any method that modifies roots in the
	// state store, tests should be written to verify that multiple roots
	// cannot be active.
	Active bool

	// RotatedOutAt is the time at which this CA was removed from the state.
	// This will only be set on roots that have been rotated out from being the
	// active root.
	RotatedOutAt time.Time `json:"-"`

	// PrivateKeyType is the type of the private key used to sign certificates. It
	// may be "rsa" or "ec". This is provided as a convenience to avoid parsing
	// the public key to from the certificate to infer the type.
	PrivateKeyType string

	// PrivateKeyBits is the length of the private key used to sign certificates.
	// This is provided as a convenience to avoid parsing the public key from the
	// certificate to infer the type.
	PrivateKeyBits int

	RaftIndex
}

CARoot represents a root CA certificate that is trusted.

func (*CARoot) Clone added in v1.16.100

func (c *CARoot) Clone() *CARoot

func (*CARoot) DeepCopy added in v1.16.100

func (o *CARoot) DeepCopy() *CARoot

DeepCopy generates a deep copy of *CARoot

type CARoots added in v1.2.0

type CARoots []*CARoot

CARoots is a list of CARoot structures.

func (CARoots) Active added in v1.16.100

func (c CARoots) Active() *CARoot

Active returns the single CARoot that is marked as active, or nil if there is no active root (ex: when they are no roots).

type CASignRequest added in v1.2.0

type CASignRequest struct {
	// Datacenter is the target for this request.
	Datacenter string

	// CSR is the PEM-encoded CSR.
	CSR string

	// WriteRequest is a common struct containing ACL tokens and other
	// write-related common elements for requests.
	WriteRequest
}

CASignRequest is the request for signing a service certificate.

func (*CASignRequest) RequestDatacenter added in v1.2.0

func (q *CASignRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type CatalogContents added in v1.16.100

type CatalogContents struct {
	Nodes    []*Node
	Services []*ServiceNode
	Checks   []*HealthCheck
}

type CatalogSummary added in v1.16.100

type CatalogSummary struct {
	Nodes    []HealthSummary
	Services []HealthSummary
	Checks   []HealthSummary
}

type CheckDefinition

type CheckDefinition struct {
	ID        types.CheckID
	Name      string
	Notes     string
	ServiceID string
	Token     string
	Status    string

	// Copied fields from CheckType without the fields
	// already present in CheckDefinition:
	//
	//   ID (CheckID), Name, Status, Notes
	//
	ScriptArgs                     []string
	HTTP                           string
	H2PING                         string
	H2PingUseTLS                   bool
	Header                         map[string][]string
	Method                         string
	Body                           string
	DisableRedirects               bool
	TCP                            string
	UDP                            string
	Interval                       time.Duration
	DockerContainerID              string
	Shell                          string
	GRPC                           string
	GRPCUseTLS                     bool
	OSService                      string
	TLSServerName                  string
	TLSSkipVerify                  bool
	AliasNode                      string
	AliasService                   string
	Timeout                        time.Duration
	TTL                            time.Duration
	SuccessBeforePassing           int
	FailuresBeforeWarning          int
	FailuresBeforeCritical         int
	DeregisterCriticalServiceAfter time.Duration
	OutputMaxSize                  int

	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
}

CheckDefinition is used to JSON decode the Check definitions

func (*CheckDefinition) CheckType

func (c *CheckDefinition) CheckType() *CheckType

func (*CheckDefinition) HealthCheck

func (c *CheckDefinition) HealthCheck(node string) *HealthCheck

func (*CheckDefinition) UnmarshalJSON added in v1.16.100

func (t *CheckDefinition) UnmarshalJSON(data []byte) (err error)

type CheckID added in v1.16.100

type CheckID struct {
	ID types.CheckID
	acl.EnterpriseMeta
}

func NewCheckID added in v1.16.100

func NewCheckID(id types.CheckID, entMeta *acl.EnterpriseMeta) CheckID

func (CheckID) NamespaceOrDefault added in v1.16.100

func (c CheckID) NamespaceOrDefault() string

NamespaceOrDefault exists because acl.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (CheckID) PartitionOrDefault added in v1.16.100

func (c CheckID) PartitionOrDefault() string

PartitionOrDefault exists because acl.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (CheckID) String added in v1.16.100

func (cid CheckID) String() string

func (CheckID) StringHashMD5 added in v1.16.100

func (cid CheckID) StringHashMD5() string

StringHashMD5 is used mainly to populate part of the filename of a check definition persisted on the local agent (deprecated in favor of StringHashSHA256) Kept around for backwards compatibility

func (CheckID) StringHashSHA256 added in v1.16.100

func (cid CheckID) StringHashSHA256() string

StringHashSHA256 is used mainly to populate part of the filename of a check definition persisted on the local agent

type CheckServiceNode

type CheckServiceNode struct {
	Node    *Node
	Service *NodeService
	Checks  HealthChecks
}

CheckServiceNode is used to provide the node, its service definition, as well as a HealthCheck that is associated.

func TestCheckNodeServiceWithNameInPeer added in v1.16.100

func TestCheckNodeServiceWithNameInPeer(t testing.T, name, dc, peer, ip string, useHostname bool, remoteEntMeta acl.EnterpriseMeta) CheckServiceNode

func (*CheckServiceNode) BestAddress added in v1.16.100

func (csn *CheckServiceNode) BestAddress(wan bool) (uint64, string, int)

func (*CheckServiceNode) CanRead added in v1.16.100

func (*CheckServiceNode) DeepCopy added in v1.16.100

func (o *CheckServiceNode) DeepCopy() *CheckServiceNode

DeepCopy generates a deep copy of *CheckServiceNode

type CheckServiceNodes

type CheckServiceNodes []CheckServiceNode

func (CheckServiceNodes) DeepCopy added in v1.16.100

func (csns CheckServiceNodes) DeepCopy() CheckServiceNodes

func (CheckServiceNodes) Filter

func (nodes CheckServiceNodes) Filter(onlyPassing bool) CheckServiceNodes

Filter removes nodes that are failing health checks (and any non-passing check if that option is selected). Note that this returns the filtered results AND modifies the receiver for performance.

func (CheckServiceNodes) FilterIgnore added in v1.0.7

func (nodes CheckServiceNodes) FilterIgnore(onlyPassing bool,
	ignoreCheckIDs []types.CheckID) CheckServiceNodes

FilterIgnore removes nodes that are failing health checks just like Filter. It also ignores the status of any check with an ID present in ignoreCheckIDs as if that check didn't exist. Note that this returns the filtered results AND modifies the receiver for performance.

func (CheckServiceNodes) ShallowClone added in v1.16.100

func (nodes CheckServiceNodes) ShallowClone() CheckServiceNodes

ShallowClone duplicates the slice and underlying array.

func (CheckServiceNodes) Shuffle

func (nodes CheckServiceNodes) Shuffle()

Shuffle does an in-place random shuffle using the Fisher-Yates algorithm.

func (CheckServiceNodes) ToServiceDump added in v1.16.100

func (nodes CheckServiceNodes) ToServiceDump() ServiceDump

type CheckType

type CheckType struct {
	CheckID types.CheckID
	Name    string
	Status  string
	Notes   string

	ScriptArgs             []string
	HTTP                   string
	H2PING                 string
	H2PingUseTLS           bool
	Header                 map[string][]string
	Method                 string
	Body                   string
	DisableRedirects       bool
	TCP                    string
	UDP                    string
	Interval               time.Duration
	AliasNode              string
	AliasService           string
	DockerContainerID      string
	Shell                  string
	GRPC                   string
	GRPCUseTLS             bool
	OSService              string
	TLSServerName          string
	TLSSkipVerify          bool
	Timeout                time.Duration
	TTL                    time.Duration
	SuccessBeforePassing   int
	FailuresBeforeWarning  int
	FailuresBeforeCritical int

	// Definition fields used when exposing checks through a proxy
	ProxyHTTP string
	ProxyGRPC string

	// DeregisterCriticalServiceAfter, if >0, will cause the associated
	// service, if any, to be deregistered if this check is critical for
	// longer than this duration.
	DeregisterCriticalServiceAfter time.Duration
	OutputMaxSize                  int
}

CheckType is used to create either the CheckMonitor or the CheckTTL. The following types are supported: Script, HTTP, TCP, Docker, TTL, GRPC, Alias, H2PING. Script, HTTP, Docker, TCP, GRPC, and H2PING all require Interval. Only one of the types may to be provided: TTL or Script/Interval or HTTP/Interval or TCP/Interval or Docker/Interval or GRPC/Interval or AliasService or H2PING/Interval. Since types like CheckHTTP and CheckGRPC derive from CheckType, there are helper conversion methods that do the reverse conversion. ie. checkHTTP.CheckType()

func (*CheckType) DeepCopy added in v1.16.100

func (o *CheckType) DeepCopy() *CheckType

DeepCopy generates a deep copy of *CheckType

func (*CheckType) Empty added in v1.0.0

func (c *CheckType) Empty() bool

Empty checks if the CheckType has no fields defined. Empty checks parsed from json configs are filtered out

func (*CheckType) IsAlias added in v1.2.2

func (c *CheckType) IsAlias() bool

IsAlias checks if this is an alias check.

func (*CheckType) IsDocker

func (c *CheckType) IsDocker() bool

IsDocker returns true when checking a docker container.

func (*CheckType) IsGRPC added in v1.0.4

func (c *CheckType) IsGRPC() bool

IsGRPC checks if this is a GRPC type

func (*CheckType) IsH2PING added in v1.16.100

func (c *CheckType) IsH2PING() bool

IsH2PING checks if this is a H2PING type

func (*CheckType) IsHTTP

func (c *CheckType) IsHTTP() bool

IsHTTP checks if this is a HTTP type

func (*CheckType) IsMonitor

func (c *CheckType) IsMonitor() bool

IsMonitor checks if this is a Monitor type

func (*CheckType) IsOSService added in v1.16.100

func (c *CheckType) IsOSService() bool

IsOSService checks if this is a WindowsService/systemd type

func (*CheckType) IsScript

func (c *CheckType) IsScript() bool

IsScript checks if this is a check that execs some kind of script.

func (*CheckType) IsTCP

func (c *CheckType) IsTCP() bool

IsTCP checks if this is a TCP type

func (*CheckType) IsTTL

func (c *CheckType) IsTTL() bool

IsTTL checks if this is a TTL type

func (*CheckType) IsUDP added in v1.16.100

func (c *CheckType) IsUDP() bool

func (*CheckType) Type added in v1.16.100

func (c *CheckType) Type() string

func (*CheckType) UnmarshalJSON added in v1.16.100

func (t *CheckType) UnmarshalJSON(data []byte) (err error)

func (*CheckType) Validate added in v1.0.0

func (c *CheckType) Validate() error

Validate returns an error message if the check is invalid

type CheckTypes

type CheckTypes []*CheckType

type ChecksInStateRequest

type ChecksInStateRequest struct {
	Datacenter      string
	NodeMetaFilters map[string]string
	State           string
	Source          QuerySource

	PeerName           string
	acl.EnterpriseMeta `mapstructure:",squash"`
	QueryOptions
}

ChecksInStateRequest is used to query for checks in a state

func (*ChecksInStateRequest) RequestDatacenter

func (r *ChecksInStateRequest) RequestDatacenter() string

type ClusterDiscoveryType added in v1.16.100

type ClusterDiscoveryType string
const (
	DefaultClockSkewSeconds = 30

	DiscoveryTypeStrictDNS   ClusterDiscoveryType = "STRICT_DNS"
	DiscoveryTypeStatic      ClusterDiscoveryType = "STATIC"
	DiscoveryTypeLogicalDNS  ClusterDiscoveryType = "LOGICAL_DNS"
	DiscoveryTypeEDS         ClusterDiscoveryType = "EDS"
	DiscoveryTypeOriginalDST ClusterDiscoveryType = "ORIGINAL_DST"
)

func (ClusterDiscoveryType) Validate added in v1.16.100

func (d ClusterDiscoveryType) Validate() error

type CommonCAProviderConfig added in v1.2.2

type CommonCAProviderConfig struct {
	LeafCertTTL time.Duration
	RootCertTTL time.Duration

	// IntermediateCertTTL is only valid in the primary datacenter, and determines
	// the duration that any signed intermediates are valid for.
	IntermediateCertTTL time.Duration

	SkipValidate bool

	// CSRMaxPerSecond is a rate limit on processing Connect Certificate Signing
	// Requests on the servers. It applies to all CA providers so can be used to
	// limit rate to an external CA too. 0 disables the rate limit. Defaults to 50
	// which is low enough to prevent overload of a reasonably sized production
	// server while allowing a cluster with 1000 service instances to complete a
	// rotation in 20 seconds. For reference a quad-core 2017 MacBook pro can
	// process 100 signing RPCs a second while using less than half of one core.
	// For large clusters with powerful servers it's advisable to increase this
	// rate or to disable this limit and instead rely on CSRMaxConcurrent to only
	// consume a subset of the server's cores.
	CSRMaxPerSecond float32

	// CSRMaxConcurrent is a limit on how many concurrent CSR signing requests
	// will be processed in parallel. New incoming signing requests will try for
	// `consul.csrSemaphoreWait` (currently 500ms) for a slot before being
	// rejected with a "rate limited" backpressure response. This effectively sets
	// how many CPU cores can be occupied by Connect CA signing activity and
	// should be a (small) subset of your server's available cores to allow other
	// tasks to complete when a barrage of CSRs come in (e.g. after a CA root
	// rotation). Setting to 0 disables the limit, attempting to sign certs
	// immediately in the RPC goroutine. This is 0 by default and CSRMaxPerSecond
	// is used. This is ignored if CSRMaxPerSecond is non-zero.
	CSRMaxConcurrent int

	// PrivateKeyType specifies which type of key the CA should generate. It only
	// applies when the provider is generating its own key and is ignored if the
	// provider already has a key or an external key is provided. Supported values
	// are "ec" or "rsa". "ec" is the default and will generate a NIST P-256
	// Elliptic key.
	PrivateKeyType string

	// PrivateKeyBits specifies the number of bits the CA's private key should
	// use. For RSA, supported values are 2048 and 4096. For EC, supported values
	// are 224, 256, 384 and 521 and correspond to the NIST P-* curve of the same
	// name. As with PrivateKeyType this is only relevant whan the provier is
	// generating new CA keys (root or intermediate).
	PrivateKeyBits int
}

func (CommonCAProviderConfig) Validate added in v1.2.2

func (c CommonCAProviderConfig) Validate() error

type CompiledDiscoveryChain added in v1.16.100

type CompiledDiscoveryChain struct {
	ServiceName string
	Namespace   string // the namespace that the chain was compiled within
	Partition   string // the partition that the chain was compiled within
	Datacenter  string // the datacenter that the chain was compiled within

	// CustomizationHash is a unique hash of any data that affects the
	// compilation of the discovery chain other than config entries or the
	// name/namespace/datacenter evaluation criteria.
	//
	// If set, this value should be used to prefix/suffix any generated load
	// balancer data plane objects to avoid sharing customized and
	// non-customized versions.
	CustomizationHash string `json:",omitempty"`

	// Default indicates if this discovery chain is based on no
	// service-resolver, service-splitter, or service-router config entries.
	Default bool `json:",omitempty"`

	// Protocol is the overall protocol shared by everything in the chain.
	Protocol string `json:",omitempty"`

	// ServiceMeta is the metadata from the underlying service-defaults config
	// entry for the service named ServiceName.
	ServiceMeta map[string]string `json:",omitempty"`

	// EnvoyExtensions has a list of configurations for an extension that patches Envoy resources.
	EnvoyExtensions []EnvoyExtension `json:",omitempty"`

	// StartNode is the first key into the Nodes map that should be followed
	// when walking the discovery chain.
	StartNode string `json:",omitempty"`

	// Nodes contains all nodes available for traversal in the chain keyed by a
	// unique name.  You can walk this by starting with StartNode.
	//
	// NOTE: The names should be treated as opaque values and are only
	// guaranteed to be consistent within a single compilation.
	Nodes map[string]*DiscoveryGraphNode `json:",omitempty"`

	// Targets is a list of all targets used in this chain.
	Targets map[string]*DiscoveryTarget `json:",omitempty"`

	// VirtualIPs is a list of virtual IPs associated with the service.
	AutoVirtualIPs   []string
	ManualVirtualIPs []string
}

CompiledDiscoveryChain is the result from taking a set of related config entries for a single service's discovery chain and restructuring them into a form that is more usable for actual service discovery.

func (*CompiledDiscoveryChain) CompoundServiceName added in v1.16.100

func (c *CompiledDiscoveryChain) CompoundServiceName() ServiceName

func (*CompiledDiscoveryChain) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *CompiledDiscoveryChain

func (*CompiledDiscoveryChain) ID added in v1.16.100

ID returns an ID that encodes the service, namespace, partition, and datacenter. This ID allows us to compare a discovery chain target to the chain upstream itself.

type CompoundResponse

type CompoundResponse interface {
	// Add adds a new response to the compound response
	Add(interface{})

	// New returns an empty response object which can be passed around by
	// reference, and then passed to Add() later on.
	New() interface{}
}

CompoundResponse is an interface for gathering multiple responses. It is used in cross-datacenter RPC calls where more than 1 datacenter is expected to reply.

type Condition added in v1.16.100

type Condition struct {
	// Type is a value from a bounded set of types that an object might have
	Type string
	// Status is a value from a bounded set of statuses that an object might have
	Status string
	// Reason is a value from a bounded set of reasons for a given status
	Reason string
	// Message is a message that gives more detailed information about
	// why a Condition has a given status and reason
	Message string
	// Resource is an optional reference to a resource for which this
	// condition applies
	Resource *ResourceReference
	// LastTransitionTime is the time at which this Condition was created
	LastTransitionTime *time.Time
}

Condition is used for a single message and state associated with an object. For example, a ConfigEntry that references multiple other resources may have different statuses with respect to each of those resources.

func NewGatewayCondition added in v1.16.100

func NewGatewayCondition(name api.GatewayConditionType, status api.ConditionStatus, reason api.GatewayConditionReason, message string, resource ResourceReference) Condition

func NewRouteCondition added in v1.16.100

func NewRouteCondition(name api.RouteConditionType, status api.ConditionStatus, reason api.RouteConditionReason, message string, ref ResourceReference) Condition

NewRouteCondition is a helper to build allowable Conditions for a Route config entry

func (*Condition) IsCondition added in v1.16.100

func (c *Condition) IsCondition(other *Condition) bool

func (*Condition) IsSame added in v1.16.100

func (c *Condition) IsSame(other *Condition) bool

type ConfigEntry added in v1.16.100

type ConfigEntry interface {
	GetKind() string
	GetName() string

	// This is called in the RPC endpoint and can apply defaults or limits.
	Normalize() error
	Validate() error

	// CanRead and CanWrite return whether or not the given Authorizer
	// has permission to read or write to the config entry, respectively.
	// TODO(acl-error-enhancements) This should be resolver.Result or similar but we have to wait until we move things to the acl package
	CanRead(acl.Authorizer) error
	CanWrite(acl.Authorizer) error

	GetMeta() map[string]string
	GetEnterpriseMeta() *acl.EnterpriseMeta
	GetRaftIndex() *RaftIndex
}

ConfigEntry is the interface for centralized configuration stored in Raft. Currently only service-defaults and proxy-defaults are supported.

func DecodeConfigEntry added in v1.16.100

func DecodeConfigEntry(raw map[string]interface{}) (ConfigEntry, error)

DecodeConfigEntry can be used to decode a ConfigEntry from a raw map value. Currently its used in the HTTP API to decode ConfigEntry structs coming from JSON. Unlike some of our custom binary encodings we don't have a preamble including the kind so we will not have a concrete type to decode into. In those cases we must first decode into a map[string]interface{} and then call this function to decode into a concrete type.

There is an 'api' variation of this in command/config/write/config_write.go:newDecodeConfigEntry

func MakeConfigEntry added in v1.16.100

func MakeConfigEntry(kind, name string) (ConfigEntry, error)

type ConfigEntryDeleteResponse added in v1.16.100

type ConfigEntryDeleteResponse struct {
	Deleted bool
}

type ConfigEntryGraphError added in v1.16.100

type ConfigEntryGraphError struct {
	// one of Message or Err should be set
	Message string
	Err     error
}

func (*ConfigEntryGraphError) Error added in v1.16.100

func (e *ConfigEntryGraphError) Error() string

type ConfigEntryListAllRequest added in v1.16.100

type ConfigEntryListAllRequest struct {
	// Kinds should always be set. For backwards compatibility with versions
	// prior to 1.9.0, if this is omitted or left empty it is assumed to mean
	// the subset of config entry kinds that were present in 1.8.0:
	//
	// proxy-defaults, service-defaults, service-resolver, service-splitter,
	// service-router, terminating-gateway, and ingress-gateway.
	Kinds      []string
	Datacenter string

	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	QueryOptions
}

ConfigEntryListAllRequest is used when requesting to list all config entries of a set of kinds.

func (*ConfigEntryListAllRequest) RequestDatacenter added in v1.16.100

func (r *ConfigEntryListAllRequest) RequestDatacenter() string

type ConfigEntryOp added in v1.16.100

type ConfigEntryOp string
const (
	ConfigEntryUpsert              ConfigEntryOp = "upsert"
	ConfigEntryUpsertCAS           ConfigEntryOp = "upsert-cas"
	ConfigEntryUpsertWithStatusCAS ConfigEntryOp = "upsert-with-status-cas"
	ConfigEntryDelete              ConfigEntryOp = "delete"
	ConfigEntryDeleteCAS           ConfigEntryOp = "delete-cas"
)

type ConfigEntryQuery added in v1.16.100

type ConfigEntryQuery struct {
	Kind       string
	Name       string
	Datacenter string

	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	QueryOptions
}

ConfigEntryQuery is used when requesting info about a config entry.

func (*ConfigEntryQuery) CacheInfo added in v1.16.100

func (r *ConfigEntryQuery) CacheInfo() cache.RequestInfo

func (*ConfigEntryQuery) RequestDatacenter added in v1.16.100

func (c *ConfigEntryQuery) RequestDatacenter() string

type ConfigEntryRequest added in v1.16.100

type ConfigEntryRequest struct {
	Op         ConfigEntryOp
	Datacenter string
	Entry      ConfigEntry

	WriteRequest
}

ConfigEntryRequest is used when creating/updating/deleting a ConfigEntry.

func (*ConfigEntryRequest) MarshalBinary added in v1.16.100

func (c *ConfigEntryRequest) MarshalBinary() (data []byte, err error)

func (*ConfigEntryRequest) RequestDatacenter added in v1.16.100

func (c *ConfigEntryRequest) RequestDatacenter() string

func (*ConfigEntryRequest) UnmarshalBinary added in v1.16.100

func (c *ConfigEntryRequest) UnmarshalBinary(data []byte) error

type ConfigEntryResponse added in v1.16.100

type ConfigEntryResponse struct {
	Entry ConfigEntry
	QueryMeta
}

ConfigEntryResponse returns a single ConfigEntry

func (*ConfigEntryResponse) MarshalBinary added in v1.16.100

func (c *ConfigEntryResponse) MarshalBinary() (data []byte, err error)

func (*ConfigEntryResponse) UnmarshalBinary added in v1.16.100

func (c *ConfigEntryResponse) UnmarshalBinary(data []byte) error

type ConnectAuthorizeRequest added in v1.2.0

type ConnectAuthorizeRequest struct {
	// Target is the name of the service that is being requested.
	Target string

	// EnterpriseMeta is the embedded Consul Enterprise specific metadata
	acl.EnterpriseMeta

	// ClientCertURI is a unique identifier for the requesting client. This
	// is currently the URI SAN from the TLS client certificate.
	//
	// ClientCertSerial is a colon-hex-encoded of the serial number for
	// the requesting client cert. This is used to check against revocation
	// lists.
	ClientCertURI    string
	ClientCertSerial string
}

ConnectAuthorizeRequest is the structure of a request to authorize a connection.

func (*ConnectAuthorizeRequest) TargetNamespace added in v1.16.100

func (req *ConnectAuthorizeRequest) TargetNamespace() string

func (*ConnectAuthorizeRequest) TargetPartition added in v1.16.100

func (req *ConnectAuthorizeRequest) TargetPartition() string

type ConnectProxyConfig added in v1.3.0

type ConnectProxyConfig struct {
	// EnvoyExtensions are the list of Envoy extensions configured for the local service.
	EnvoyExtensions []EnvoyExtension `json:",omitempty" alias:"envoy_extensions"`

	// DestinationServiceName is required and is the name of the service to accept
	// traffic for.
	DestinationServiceName string `json:",omitempty" alias:"destination_service_name"`

	// DestinationServiceID is optional and should only be specified for
	// "side-car" style proxies where the proxy is in front of just a single
	// instance of the service. It should be set to the service ID of the instance
	// being represented which must be registered to the same agent. It's valid to
	// provide a service ID that does not yet exist to avoid timing issues when
	// bootstrapping a service with a proxy.
	DestinationServiceID string `json:",omitempty" alias:"destination_service_id"`

	// LocalServiceAddress is the address of the local service instance. It is
	// optional and should only be specified for "side-car" style proxies. It will
	// default to 127.0.0.1 if the proxy is a "side-car" (DestinationServiceID is
	// set) but otherwise will be ignored.
	LocalServiceAddress string `json:",omitempty" alias:"local_service_address"`

	// LocalServicePort is the port of the local service instance. It is optional
	// and should only be specified for "side-car" style proxies. It will default
	// to the registered port for the instance if the proxy is a "side-car"
	// (DestinationServiceID is set) but otherwise will be ignored.
	LocalServicePort int `json:",omitempty" alias:"local_service_port"`

	// LocalServiceSocketPath is the socket of the local service instance. It is optional
	// and should only be specified for "side-car" style proxies.
	LocalServiceSocketPath string `json:",omitempty" alias:"local_service_socket_path"`

	// Mode represents how the proxy's inbound and upstream listeners are dialed.
	Mode ProxyMode

	// Config is the arbitrary configuration data provided with the proxy
	// registration.
	Config map[string]interface{} `json:",omitempty" bexpr:"-"`

	// Upstreams describes any upstream dependencies the proxy instance should
	// setup.
	Upstreams Upstreams `json:",omitempty"`

	// MeshGateway defines the mesh gateway configuration for this upstream
	MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"`

	// Expose defines whether checks or paths are exposed through the proxy
	Expose ExposeConfig `json:",omitempty"`

	// TransparentProxy defines configuration for when the proxy is in
	// transparent mode.
	TransparentProxy TransparentProxyConfig `json:",omitempty" alias:"transparent_proxy"`

	// MutualTLSMode allows configuring the proxy to allow non-mTLS traffic.
	MutualTLSMode MutualTLSMode `json:"-" bexpr:"-"`

	// AccessLogs configures the output and format of Envoy access logs
	AccessLogs AccessLogsConfig `json:",omitempty" alias:"access_logs"`
}

ConnectProxyConfig describes the configuration needed for any proxy managed or unmanaged. It describes a single logical service's listener and optionally upstreams and sidecar-related config for a single instance. To describe a centralized proxy that routed traffic for multiple services, a different one of these would be needed for each, sharing the same LogicalProxyID.

func TestConnectProxyConfig added in v1.3.0

func TestConnectProxyConfig(t testing.T) ConnectProxyConfig

TestConnectProxyConfig returns a ConnectProxyConfig representing a valid Connect proxy.

func (*ConnectProxyConfig) DeepCopy added in v1.16.100

func (o *ConnectProxyConfig) DeepCopy() *ConnectProxyConfig

DeepCopy generates a deep copy of *ConnectProxyConfig

func (*ConnectProxyConfig) MarshalJSON added in v1.16.100

func (c *ConnectProxyConfig) MarshalJSON() ([]byte, error)

func (*ConnectProxyConfig) ToAPI added in v1.3.0

ToAPI returns the api struct with the same fields. We have duplicates to avoid the api package depending on this one which imports a ton of Consul's core which you don't want if you are just trying to use our client in your app.

func (*ConnectProxyConfig) UnmarshalJSON added in v1.16.100

func (t *ConnectProxyConfig) UnmarshalJSON(data []byte) (err error)

type ConsulCAProviderConfig added in v1.2.0

type ConsulCAProviderConfig struct {
	CommonCAProviderConfig `mapstructure:",squash"`

	PrivateKey string
	RootCert   string

	// DisableCrossSigning is really only useful in test code to use the built in
	// provider while exercising logic that depends on the CA provider ability to
	// cross sign. We don't document this config field publicly or make any
	// attempt to parse it from snake case unlike other fields here.
	DisableCrossSigning bool
}

func (*ConsulCAProviderConfig) Validate added in v1.16.100

func (c *ConsulCAProviderConfig) Validate() error

type ControlledConfigEntry added in v1.16.100

type ControlledConfigEntry interface {
	DefaultStatus() Status
	GetStatus() Status
	SetStatus(status Status)
	ConfigEntry
}

ControlledConfigEntry is an optional interface implemented by a ConfigEntry if it is reconciled via a controller and needs to respond with Status values.

type CookieConfig added in v1.16.100

type CookieConfig struct {
	// Generates a session cookie with no expiration.
	Session bool `json:",omitempty"`

	// TTL for generated cookies. Cannot be specified for session cookies.
	TTL time.Duration `json:",omitempty"`

	// The path to set for the cookie
	Path string `json:",omitempty"`
}

CookieConfig contains configuration for the "cookie" hash policy type. This is specified to have Envoy generate a cookie for a client on its first request.

type Coordinate

type Coordinate struct {
	Node      string
	Segment   string
	Partition string `json:",omitempty"` // TODO(partitions): fully thread this needle
	Coord     *coordinate.Coordinate
}

Coordinate stores a node name with its associated network coordinate.

func (*Coordinate) FillAuthzContext added in v1.16.100

func (_ *Coordinate) FillAuthzContext(_ *acl.AuthorizerContext)

func (*Coordinate) GetEnterpriseMeta added in v1.16.100

func (c *Coordinate) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*Coordinate) PartitionOrDefault added in v1.16.100

func (c *Coordinate) PartitionOrDefault() string

type CoordinateUpdateRequest

type CoordinateUpdateRequest struct {
	Datacenter         string
	Node               string
	Segment            string
	Coord              *coordinate.Coordinate
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	WriteRequest
}

CoordinateUpdateRequest is used to update the network coordinate of a given node.

func (*CoordinateUpdateRequest) RequestDatacenter

func (c *CoordinateUpdateRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given update request.

type Coordinates

type Coordinates []*Coordinate

type DCSpecificRequest

type DCSpecificRequest struct {
	Datacenter         string
	NodeMetaFilters    map[string]string
	Source             QuerySource
	PeerName           string
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	QueryOptions
}

DCSpecificRequest is used to query about a specific DC

func (*DCSpecificRequest) CacheInfo added in v1.2.0

func (r *DCSpecificRequest) CacheInfo() cache.RequestInfo

func (*DCSpecificRequest) CacheMinIndex added in v1.2.0

func (r *DCSpecificRequest) CacheMinIndex() uint64

func (*DCSpecificRequest) RequestDatacenter

func (r *DCSpecificRequest) RequestDatacenter() string

type DatacenterIndexedCheckServiceNodes added in v1.16.100

type DatacenterIndexedCheckServiceNodes struct {
	DatacenterNodes map[string]CheckServiceNodes
	QueryMeta
}

type DatacenterMap

type DatacenterMap struct {
	Datacenter  string
	AreaID      types.AreaID
	Coordinates Coordinates
}

DatacenterMap is used to represent a list of nodes with their raw coordinates, associated with a datacenter. Coordinates are only compatible between nodes in the same area.

type DatacentersRequest added in v1.16.100

type DatacentersRequest struct {
	QueryOptions
}

func (*DatacentersRequest) CacheInfo added in v1.16.100

func (r *DatacentersRequest) CacheInfo() cache.RequestInfo

type DeregisterRequest

type DeregisterRequest struct {
	Datacenter         string
	Node               string
	ServiceID          string
	CheckID            types.CheckID
	PeerName           string
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	WriteRequest
}

DeregisterRequest is used for the Catalog.Deregister endpoint to deregister a service, check, or node (only one should be provided). If ServiceID or CheckID are not provided, the entire node is deregistered. If a ServiceID is provided, any associated Checks with that service are also deregistered.

func (*DeregisterRequest) RequestDatacenter

func (r *DeregisterRequest) RequestDatacenter() string

func (*DeregisterRequest) UnmarshalJSON added in v1.16.100

func (r *DeregisterRequest) UnmarshalJSON(data []byte) error

type DestinationConfig added in v1.16.100

type DestinationConfig struct {
	// Addresses of the endpoint; hostname or IP
	Addresses []string `json:",omitempty"`

	// Port allowed within this endpoint
	Port int `json:",omitempty"`
}

DestinationConfig represents a virtual service, i.e. one that is external to Consul

type DirEntries

type DirEntries []*DirEntry

type DirEntry

type DirEntry struct {
	LockIndex uint64
	Key       string
	Flags     uint64
	Value     []byte
	Session   string `json:",omitempty"`

	acl.EnterpriseMeta `bexpr:"-"`
	RaftIndex
}

DirEntry is used to represent a directory entry. This is used for values in our Key-Value store.

func (*DirEntry) Clone

func (d *DirEntry) Clone() *DirEntry

Returns a clone of the given directory entry.

func (*DirEntry) Equal added in v1.16.100

func (d *DirEntry) Equal(o *DirEntry) bool

func (*DirEntry) FillAuthzContext added in v1.16.100

func (_ *DirEntry) FillAuthzContext(_ *acl.AuthorizerContext)

FillAuthzContext stub

func (*DirEntry) IDValue added in v1.16.100

func (d *DirEntry) IDValue() string

IDValue implements the state.singleValueID interface for indexing.

type DiscoveryChainRequest added in v1.16.100

type DiscoveryChainRequest struct {
	Name                 string
	EvaluateInDatacenter string
	EvaluateInNamespace  string
	EvaluateInPartition  string

	// OverrideMeshGateway allows for the mesh gateway setting to be overridden
	// for any resolver in the compiled chain.
	OverrideMeshGateway MeshGatewayConfig

	// OverrideProtocol allows for the final protocol for the chain to be
	// altered.
	//
	// - If the chain ordinarily would be TCP and an L7 protocol is passed here
	// the chain will not include Routers or Splitters.
	//
	// - If the chain ordinarily would be L7 and TCP is passed here the chain
	// will not include Routers or Splitters.
	OverrideProtocol string

	// OverrideConnectTimeout allows for the ConnectTimeout setting to be
	// overridden for any resolver in the compiled chain.
	OverrideConnectTimeout time.Duration

	Datacenter string // where to route the RPC
	QueryOptions
}

DiscoveryChainRequest is used when requesting the discovery chain for a service.

func (*DiscoveryChainRequest) CacheInfo added in v1.16.100

func (r *DiscoveryChainRequest) CacheInfo() cache.RequestInfo

func (*DiscoveryChainRequest) GetEnterpriseMeta added in v1.16.100

func (req *DiscoveryChainRequest) GetEnterpriseMeta() *acl.EnterpriseMeta

GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from fields in the DiscoveryChainRequest

func (*DiscoveryChainRequest) RequestDatacenter added in v1.16.100

func (r *DiscoveryChainRequest) RequestDatacenter() string

func (*DiscoveryChainRequest) WithEnterpriseMeta added in v1.16.100

func (req *DiscoveryChainRequest) WithEnterpriseMeta(_ *acl.EnterpriseMeta)

WithEnterpriseMeta will populate the corresponding fields in the DiscoveryChainRequest from the EnterpriseMeta struct

type DiscoveryChainResponse added in v1.16.100

type DiscoveryChainResponse struct {
	Chain *CompiledDiscoveryChain
	QueryMeta
}

type DiscoveryFailover added in v1.16.100

type DiscoveryFailover struct {
	Targets []string                       `json:",omitempty"`
	Policy  *ServiceResolverFailoverPolicy `json:",omitempty"`
	Regions []string                       `json:",omitempty"`
}

compiled form of ServiceResolverFailover

func (*DiscoveryFailover) DeepCopy added in v1.16.100

func (o *DiscoveryFailover) DeepCopy() *DiscoveryFailover

DeepCopy generates a deep copy of *DiscoveryFailover

type DiscoveryGraphNode added in v1.16.100

type DiscoveryGraphNode struct {
	Type string
	Name string // this is NOT necessarily a service

	// fields for Type==router
	Routes []*DiscoveryRoute `json:",omitempty"`

	// fields for Type==splitter
	Splits []*DiscoverySplit `json:",omitempty"`

	// fields for Type==resolver
	Resolver *DiscoveryResolver `json:",omitempty"`

	// shared by Type==resolver || Type==splitter
	LoadBalancer *LoadBalancer `json:",omitempty"`
}

DiscoveryGraphNode is a single node in the compiled discovery chain.

func (*DiscoveryGraphNode) DeepCopy added in v1.16.100

func (o *DiscoveryGraphNode) DeepCopy() *DiscoveryGraphNode

DeepCopy generates a deep copy of *DiscoveryGraphNode

func (*DiscoveryGraphNode) IsResolver added in v1.16.100

func (s *DiscoveryGraphNode) IsResolver() bool

func (*DiscoveryGraphNode) IsRouter added in v1.16.100

func (s *DiscoveryGraphNode) IsRouter() bool

func (*DiscoveryGraphNode) IsSplitter added in v1.16.100

func (s *DiscoveryGraphNode) IsSplitter() bool

func (*DiscoveryGraphNode) MapKey added in v1.16.100

func (s *DiscoveryGraphNode) MapKey() string

type DiscoveryPrioritizeByLocality added in v1.16.100

type DiscoveryPrioritizeByLocality struct {
	Mode string `json:",omitempty"`
}

compiled form of ServiceResolverPrioritizeByLocality

type DiscoveryResolver added in v1.16.100

type DiscoveryResolver struct {
	Default        bool               `json:",omitempty"`
	ConnectTimeout time.Duration      `json:",omitempty"`
	RequestTimeout time.Duration      `json:",omitempty"`
	Target         string             `json:",omitempty"`
	Failover       *DiscoveryFailover `json:",omitempty"`
}

compiled form of ServiceResolverConfigEntry

func (*DiscoveryResolver) DeepCopy added in v1.16.100

func (o *DiscoveryResolver) DeepCopy() *DiscoveryResolver

DeepCopy generates a deep copy of *DiscoveryResolver

func (*DiscoveryResolver) MarshalJSON added in v1.16.100

func (r *DiscoveryResolver) MarshalJSON() ([]byte, error)

func (*DiscoveryResolver) UnmarshalJSON added in v1.16.100

func (r *DiscoveryResolver) UnmarshalJSON(data []byte) error

type DiscoveryRoute added in v1.16.100

type DiscoveryRoute struct {
	Definition *ServiceRoute `json:",omitempty"`
	NextNode   string        `json:",omitempty"`
}

compiled form of ServiceRoute

func (*DiscoveryRoute) DeepCopy added in v1.16.100

func (o *DiscoveryRoute) DeepCopy() *DiscoveryRoute

DeepCopy generates a deep copy of *DiscoveryRoute

type DiscoverySplit added in v1.16.100

type DiscoverySplit struct {
	Definition *ServiceSplit `json:",omitempty"`
	// Weight is not necessarily a duplicate of Definition.Weight since when
	// multiple splits are compiled down to a single set of splits the effective
	// weight of a split leg might not be the same as in the original definition.
	// Proxies should use this compiled weight. The Definition is provided above
	// for any other significant configuration that the proxy might need to apply
	// to that leg of the split.
	Weight   float32 `json:",omitempty"`
	NextNode string  `json:",omitempty"`
}

compiled form of ServiceSplit

func (*DiscoverySplit) DeepCopy added in v1.16.100

func (o *DiscoverySplit) DeepCopy() *DiscoverySplit

DeepCopy generates a deep copy of *DiscoverySplit

type DiscoveryTarget added in v1.16.100

type DiscoveryTarget struct {
	// ID is a unique identifier for referring to this target in a compiled
	// chain. It should be treated as a per-compile opaque string.
	ID string `json:",omitempty"`

	Service       string    `json:",omitempty"`
	ServiceSubset string    `json:",omitempty"`
	Namespace     string    `json:",omitempty"`
	Partition     string    `json:",omitempty"`
	Datacenter    string    `json:",omitempty"`
	Peer          string    `json:",omitempty"`
	Locality      *Locality `json:",omitempty"`

	MeshGateway      MeshGatewayConfig      `json:",omitempty"`
	Subset           ServiceResolverSubset  `json:",omitempty"`
	TransparentProxy TransparentProxyConfig `json:",omitempty"`

	ConnectTimeout time.Duration `json:",omitempty"`

	// External is true if this target is outside of this consul cluster.
	External bool `json:",omitempty"`

	// SNI is the sni field to use when connecting to this set of endpoints
	// over TLS.
	SNI string `json:",omitempty"`

	// Name is the unique name for this target for use when generating load
	// balancer objects.  This has a structure similar to SNI, but will not be
	// affected by SNI customizations.
	Name string `json:",omitempty"`

	PrioritizeByLocality *DiscoveryPrioritizeByLocality `json:",omitempty"`
}

DiscoveryTarget represents all of the inputs necessary to use a resolver config entry to execute a catalog query to generate a list of service instances during discovery.

func NewDiscoveryTarget added in v1.16.100

func NewDiscoveryTarget(opts DiscoveryTargetOpts) *DiscoveryTarget

func (*DiscoveryTarget) GetEnterpriseMetadata added in v1.16.100

func (t *DiscoveryTarget) GetEnterpriseMetadata() *acl.EnterpriseMeta

func (*DiscoveryTarget) MarshalJSON added in v1.16.100

func (t *DiscoveryTarget) MarshalJSON() ([]byte, error)

func (*DiscoveryTarget) ServiceID added in v1.16.100

func (t *DiscoveryTarget) ServiceID() ServiceID

func (*DiscoveryTarget) ServiceName added in v1.16.100

func (t *DiscoveryTarget) ServiceName() ServiceName

func (*DiscoveryTarget) String added in v1.16.100

func (t *DiscoveryTarget) String() string

func (*DiscoveryTarget) ToDiscoveryTargetOpts added in v1.16.100

func (t *DiscoveryTarget) ToDiscoveryTargetOpts() DiscoveryTargetOpts

func (*DiscoveryTarget) UnmarshalJSON added in v1.16.100

func (t *DiscoveryTarget) UnmarshalJSON(data []byte) error

type DiscoveryTargetOpts added in v1.16.100

type DiscoveryTargetOpts struct {
	Service              string
	ServiceSubset        string
	Namespace            string
	Partition            string
	Datacenter           string
	Peer                 string
	PrioritizeByLocality *DiscoveryPrioritizeByLocality
}

func MergeDiscoveryTargetOpts added in v1.16.100

func MergeDiscoveryTargetOpts(opts ...DiscoveryTargetOpts) DiscoveryTargetOpts

type EnterpriseServiceUsage added in v1.16.100

type EnterpriseServiceUsage struct{}

type EnvoyExtension added in v1.16.100

type EnvoyExtension struct {
	Name          string
	Required      bool
	Arguments     map[string]interface{} `bexpr:"-"`
	ConsulVersion string
	EnvoyVersion  string
}

EnvoyExtension has configuration for an extension that patches Envoy resources.

type EnvoyExtensions added in v1.16.100

type EnvoyExtensions []EnvoyExtension

func (EnvoyExtensions) ToAPI added in v1.16.100

func (es EnvoyExtensions) ToAPI() []api.EnvoyExtension

type EventFireRequest

type EventFireRequest struct {
	Datacenter string
	Name       string
	Payload    []byte

	// Not using WriteRequest so that any server can process
	// the request. It is a bit unusual...
	QueryOptions
}

EventFireRequest is used to ask a server to fire a Serf event. It is a bit odd, since it doesn't depend on the catalog or leader. Any node can respond, so it's not quite like a standard write request. This is used only internally.

func (*EventFireRequest) RequestDatacenter

func (r *EventFireRequest) RequestDatacenter() string

type EventFireResponse

type EventFireResponse struct {
	QueryMeta
}

EventFireResponse is used to respond to a fire request.

type ExpandedTokenInfo added in v1.16.100

type ExpandedTokenInfo struct {
	ExpandedPolicies []*ACLPolicy
	ExpandedRoles    []*ACLRole

	NamespaceDefaultPolicyIDs []string
	NamespaceDefaultRoleIDs   []string

	AgentACLDefaultPolicy string
	AgentACLDownPolicy    string
	ResolvedByAgent       string
}

type ExportedDiscoveryChainInfo added in v1.16.100

type ExportedDiscoveryChainInfo struct {
	// Protocol is the overall protocol associated with this discovery chain.
	Protocol string

	// TCPTargets is the list of discovery chain targets that are reachable by
	// this discovery chain.
	//
	// NOTE: this is only populated if Protocol=tcp.
	TCPTargets []*DiscoveryTarget
}

NOTE: this is not serialized via msgpack so it can be changed without concern.

func (ExportedDiscoveryChainInfo) Equal added in v1.16.100

type ExportedService added in v1.16.100

type ExportedService struct {
	// Name is the name of the service to be exported.
	Name string

	// Namespace is the namespace to export the service from.
	Namespace string `json:",omitempty"`

	// Consumers is a list of downstream consumers of the service to be exported.
	Consumers []ServiceConsumer `json:",omitempty"`
}

ExportedService manages the exporting of a service in the local partition to other partitions.

type ExportedServiceList added in v1.16.100

type ExportedServiceList struct {
	// Services is a list of exported services that apply to both standard
	// service discovery and service mesh.
	Services []ServiceName

	// DiscoChains is a map of service names to their exported discovery chains
	// for service mesh purposes as defined in the exported-services
	// configuration entry.
	DiscoChains map[ServiceName]ExportedDiscoveryChainInfo
}

NOTE: this is not serialized via msgpack so it can be changed without concern.

func (*ExportedServiceList) ListAllDiscoveryChains added in v1.16.100

func (list *ExportedServiceList) ListAllDiscoveryChains() map[ServiceName]ExportedDiscoveryChainInfo

ListAllDiscoveryChains returns all discovery chains (union of Services and DiscoChains).

type ExportedServicesConfigEntry added in v1.16.100

type ExportedServicesConfigEntry struct {
	Name string

	// Services is a list of services to be exported and the list of partitions
	// to expose them to.
	Services []ExportedService `json:",omitempty"`

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

ExportedServicesConfigEntry is the top-level struct for exporting a service to be exposed across other admin partitions.

func (*ExportedServicesConfigEntry) CanRead added in v1.16.100

func (e *ExportedServicesConfigEntry) CanRead(authz acl.Authorizer) error

func (*ExportedServicesConfigEntry) CanWrite added in v1.16.100

func (e *ExportedServicesConfigEntry) CanWrite(authz acl.Authorizer) error

func (*ExportedServicesConfigEntry) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *ExportedServicesConfigEntry

func (*ExportedServicesConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *ExportedServicesConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*ExportedServicesConfigEntry) GetKind added in v1.16.100

func (e *ExportedServicesConfigEntry) GetKind() string

func (*ExportedServicesConfigEntry) GetMeta added in v1.16.100

func (e *ExportedServicesConfigEntry) GetMeta() map[string]string

func (*ExportedServicesConfigEntry) GetName added in v1.16.100

func (e *ExportedServicesConfigEntry) GetName() string

func (*ExportedServicesConfigEntry) GetRaftIndex added in v1.16.100

func (e *ExportedServicesConfigEntry) GetRaftIndex() *RaftIndex

func (*ExportedServicesConfigEntry) MarshalJSON added in v1.16.100

func (e *ExportedServicesConfigEntry) MarshalJSON() ([]byte, error)

MarshalJSON adds the Kind field so that the JSON can be decoded back into the correct type. This method is implemented on the structs type (as apposed to the api type) because that is what the API currently uses to return a response.

func (*ExportedServicesConfigEntry) Normalize added in v1.16.100

func (e *ExportedServicesConfigEntry) Normalize() error

func (*ExportedServicesConfigEntry) Validate added in v1.16.100

func (e *ExportedServicesConfigEntry) Validate() error

type ExposeConfig added in v1.16.100

type ExposeConfig struct {
	// Checks defines whether paths associated with Consul checks will be exposed.
	// This flag triggers exposing all HTTP and GRPC check paths registered for the service.
	Checks bool `json:",omitempty"`

	// Paths is the list of paths exposed through the proxy.
	Paths []ExposePath `json:",omitempty"`
}

ExposeConfig describes HTTP paths to expose through Envoy outside of Connect. Users can expose individual paths and/or all HTTP/GRPC paths for checks.

func (ExposeConfig) Clone added in v1.16.100

func (e ExposeConfig) Clone() ExposeConfig

func (*ExposeConfig) DeepCopy added in v1.16.100

func (o *ExposeConfig) DeepCopy() *ExposeConfig

DeepCopy generates a deep copy of *ExposeConfig

func (*ExposeConfig) Finalize added in v1.16.100

func (e *ExposeConfig) Finalize()

Finalize validates ExposeConfig and sets default values

func (*ExposeConfig) ToAPI added in v1.16.100

func (e *ExposeConfig) ToAPI() api.ExposeConfig

type ExposePath added in v1.16.100

type ExposePath struct {
	// ListenerPort defines the port of the proxy's listener for exposed paths.
	ListenerPort int `json:",omitempty" alias:"listener_port"`

	// Path is the path to expose through the proxy, ie. "/metrics."
	Path string `json:",omitempty"`

	// LocalPathPort is the port that the service is listening on for the given path.
	LocalPathPort int `json:",omitempty" alias:"local_path_port"`

	// Protocol describes the upstream's service protocol.
	// Valid values are "http" and "http2", defaults to "http"
	Protocol string `json:",omitempty"`

	// ParsedFromCheck is set if this path was parsed from a registered check
	ParsedFromCheck bool `json:",omitempty" alias:"parsed_from_check"`
}

func (*ExposePath) ToAPI added in v1.16.100

func (p *ExposePath) ToAPI() api.ExposePath

func (*ExposePath) UnmarshalJSON added in v1.16.100

func (t *ExposePath) UnmarshalJSON(data []byte) (err error)

type FederationState added in v1.16.100

type FederationState struct {
	// Datacenter is the name of the datacenter.
	Datacenter string

	// MeshGateways is a snapshot of the catalog state for all mesh gateways in
	// this datacenter.
	MeshGateways CheckServiceNodes `json:",omitempty"`

	// UpdatedAt keeps track of when this record was modified.
	UpdatedAt time.Time

	// PrimaryModifyIndex is the ModifyIndex of the original data as it exists
	// in the primary datacenter.
	PrimaryModifyIndex uint64

	// RaftIndex is local raft data.
	RaftIndex
}

FederationState defines some WAN federation related state that should be cross-shared between all datacenters joined on the WAN. One record exists per datacenter.

func (*FederationState) IsSame added in v1.16.100

func (c *FederationState) IsSame(other *FederationState) bool

IsSame is used to compare two federation states for the purposes of anti-entropy.

type FederationStateOp added in v1.16.100

type FederationStateOp string

FederationStateOp is the operation for a request related to federation states.

const (
	FederationStateUpsert FederationStateOp = "upsert"
	FederationStateDelete FederationStateOp = "delete"
)

type FederationStateQuery added in v1.16.100

type FederationStateQuery struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// TargetDatacenter is the name of a datacenter to fetch the federation state for.
	TargetDatacenter string

	// Options for queries
	QueryOptions
}

FederationStateQuery is used to query federation states.

func (*FederationStateQuery) RequestDatacenter added in v1.16.100

func (c *FederationStateQuery) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type FederationStateRequest added in v1.16.100

type FederationStateRequest struct {
	// Datacenter is the target for this request.
	Datacenter string

	// Op is the type of operation being requested.
	Op FederationStateOp

	// State is the federation state to upsert or in the case of a delete
	// only the State.Datacenter field should be set.
	State *FederationState

	// WriteRequest is a common struct containing ACL tokens and other
	// write-related common elements for requests.
	WriteRequest
}

FederationStateRequest is used to upsert and delete federation states.

func (*FederationStateRequest) RequestDatacenter added in v1.16.100

func (c *FederationStateRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type FederationStateResponse added in v1.16.100

type FederationStateResponse struct {
	State *FederationState
	QueryMeta
}

FederationStateResponse is the response to a FederationStateQuery request.

type FederationStates added in v1.16.100

type FederationStates []*FederationState

FederationStates is a list of federation states.

func (FederationStates) Sort added in v1.16.100

func (listings FederationStates) Sort()

Sort sorts federation states by their datacenter.

type GatewayService added in v1.16.100

type GatewayService struct {
	Gateway      ServiceName
	Service      ServiceName
	GatewayKind  ServiceKind
	Port         int                `json:",omitempty"`
	Protocol     string             `json:",omitempty"`
	Hosts        []string           `json:",omitempty"`
	CAFile       string             `json:",omitempty"`
	CertFile     string             `json:",omitempty"`
	KeyFile      string             `json:",omitempty"`
	SNI          string             `json:",omitempty"`
	FromWildcard bool               `json:",omitempty"`
	ServiceKind  GatewayServiceKind `json:",omitempty"`
	RaftIndex
}

GatewayService is used to associate gateways with their linked services.

func (*GatewayService) Addresses added in v1.16.100

func (g *GatewayService) Addresses(defaultHosts []string) []string

func (*GatewayService) Clone added in v1.16.100

func (g *GatewayService) Clone() *GatewayService

func (*GatewayService) DeepCopy added in v1.16.100

func (o *GatewayService) DeepCopy() *GatewayService

DeepCopy generates a deep copy of *GatewayService

func (*GatewayService) IsSame added in v1.16.100

func (g *GatewayService) IsSame(o *GatewayService) bool

type GatewayServiceKind added in v1.16.100

type GatewayServiceKind string
const (
	GatewayServiceKindUnknown     GatewayServiceKind = ""
	GatewayServiceKindDestination GatewayServiceKind = "destination"
	GatewayServiceKindService     GatewayServiceKind = "service"
)

type GatewayServiceTLSConfig added in v1.16.100

type GatewayServiceTLSConfig struct {

	// SDS allows configuring TLS certificate from an SDS service.
	SDS *GatewayTLSSDSConfig `json:",omitempty"`
}

func (*GatewayServiceTLSConfig) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *GatewayServiceTLSConfig

type GatewayServices added in v1.16.100

type GatewayServices []*GatewayService

type GatewayTLSConfig added in v1.16.100

type GatewayTLSConfig struct {
	// Indicates that TLS should be enabled for this gateway or listener
	Enabled bool

	// SDS allows configuring TLS certificate from an SDS service.
	SDS *GatewayTLSSDSConfig `json:",omitempty"`

	TLSMinVersion types.TLSVersion `json:",omitempty" alias:"tls_min_version"`
	TLSMaxVersion types.TLSVersion `json:",omitempty" alias:"tls_max_version"`

	// Define a subset of cipher suites to restrict
	// Only applicable to connections negotiated via TLS 1.2 or earlier
	CipherSuites []types.TLSCipherSuite `json:",omitempty" alias:"cipher_suites"`
}

type GatewayTLSSDSConfig added in v1.16.100

type GatewayTLSSDSConfig struct {
	ClusterName  string `json:",omitempty" alias:"cluster_name"`
	CertResource string `json:",omitempty" alias:"cert_resource"`
}

type HTTPFilters added in v1.16.100

type HTTPFilters struct {
	Headers    []HTTPHeaderFilter
	URLRewrite *URLRewrite
}

HTTPFilters specifies a list of filters used to modify a request before it is routed to an upstream.

type HTTPHeaderFilter added in v1.16.100

type HTTPHeaderFilter struct {
	Add    map[string]string
	Remove []string
	Set    map[string]string
}

HTTPHeaderFilter specifies how HTTP headers should be modified.

type HTTPHeaderMatch added in v1.16.100

type HTTPHeaderMatch struct {
	Match HTTPHeaderMatchType
	Name  string
	Value string
}

HTTPHeaderMatch specifies how a match should be done on a request's headers.

type HTTPHeaderMatchType added in v1.16.100

type HTTPHeaderMatchType string

HTTPHeaderMatchType specifies how header matching criteria should be applied to a request.

const (
	HTTPHeaderMatchExact             HTTPHeaderMatchType = "exact"
	HTTPHeaderMatchPrefix            HTTPHeaderMatchType = "prefix"
	HTTPHeaderMatchPresent           HTTPHeaderMatchType = "present"
	HTTPHeaderMatchRegularExpression HTTPHeaderMatchType = "regex"
	HTTPHeaderMatchSuffix            HTTPHeaderMatchType = "suffix"
)

type HTTPHeaderModifiers added in v1.16.100

type HTTPHeaderModifiers struct {
	// Add is a set of name -> value pairs that should be appended to the request
	// or response (i.e. allowing duplicates if the same header already exists).
	Add map[string]string `json:",omitempty"`

	// Set is a set of name -> value pairs that should be added to the request or
	// response, overwriting any existing header values of the same name.
	Set map[string]string `json:",omitempty"`

	// Remove is the set of header names that should be stripped from the request
	// or response.
	Remove []string `json:",omitempty"`
}

HTTPHeaderModifiers is a set of rules for HTTP header modification that should be performed by proxies as the request passes through them. It can operate on either request or response headers depending on the context in which it is used.

func MergeHTTPHeaderModifiers added in v1.16.100

func MergeHTTPHeaderModifiers(base, overrides *HTTPHeaderModifiers) (*HTTPHeaderModifiers, error)

MergeHTTPHeaderModifiers takes a base HTTPHeaderModifiers and merges in field defined in overrides. Precedence is given to the overrides field if there is a collision. The resulting object is returned leaving both base and overrides unchanged. The `Add` field in override also replaces same-named keys of base since we have no way to express multiple adds to the same key. We could change that, but it makes the config syntax more complex for a huge edgecase.

func (*HTTPHeaderModifiers) Clone added in v1.16.100

Clone returns a deep-copy of m unless m is nil

func (*HTTPHeaderModifiers) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *HTTPHeaderModifiers

func (*HTTPHeaderModifiers) IsZero added in v1.16.100

func (m *HTTPHeaderModifiers) IsZero() bool

func (*HTTPHeaderModifiers) Validate added in v1.16.100

func (m *HTTPHeaderModifiers) Validate(protocol string) error

type HTTPMatch added in v1.16.100

type HTTPMatch struct {
	Headers []HTTPHeaderMatch
	Method  HTTPMatchMethod
	Path    HTTPPathMatch
	Query   []HTTPQueryMatch
}

HTTPMatch specifies the criteria that should be used in determining whether or not a request should be routed to a given set of services.

type HTTPMatchMethod added in v1.16.100

type HTTPMatchMethod string

HTTPMatchMethod specifies which type of HTTP verb should be used for matching a given request.

const (
	HTTPMatchMethodAll     HTTPMatchMethod = ""
	HTTPMatchMethodConnect HTTPMatchMethod = "CONNECT"
	HTTPMatchMethodDelete  HTTPMatchMethod = "DELETE"
	HTTPMatchMethodGet     HTTPMatchMethod = "GET"
	HTTPMatchMethodHead    HTTPMatchMethod = "HEAD"
	HTTPMatchMethodOptions HTTPMatchMethod = "OPTIONS"
	HTTPMatchMethodPatch   HTTPMatchMethod = "PATCH"
	HTTPMatchMethodPost    HTTPMatchMethod = "POST"
	HTTPMatchMethodPut     HTTPMatchMethod = "PUT"
	HTTPMatchMethodTrace   HTTPMatchMethod = "TRACE"
)

type HTTPPathMatch added in v1.16.100

type HTTPPathMatch struct {
	Match HTTPPathMatchType
	Value string
}

HTTPPathMatch specifies how a match should be done on a request's path.

type HTTPPathMatchType added in v1.16.100

type HTTPPathMatchType string

HTTPPathMatchType specifies how path matching criteria should be applied to a request.

const (
	HTTPPathMatchExact             HTTPPathMatchType = "exact"
	HTTPPathMatchPrefix            HTTPPathMatchType = "prefix"
	HTTPPathMatchRegularExpression HTTPPathMatchType = "regex"
)

type HTTPQueryMatch added in v1.16.100

type HTTPQueryMatch struct {
	Match HTTPQueryMatchType
	Name  string
	Value string
}

HTTPQueryMatch specifies how a match should be done on a request's query parameters.

type HTTPQueryMatchType added in v1.16.100

type HTTPQueryMatchType string

HTTPQueryMatchType specifies how querys matching criteria should be applied to a request.

const (
	HTTPQueryMatchExact             HTTPQueryMatchType = "exact"
	HTTPQueryMatchPresent           HTTPQueryMatchType = "present"
	HTTPQueryMatchRegularExpression HTTPQueryMatchType = "regex"
)

type HTTPRouteConfigEntry added in v1.16.100

type HTTPRouteConfigEntry struct {
	// Kind of the config entry. This will be set to structs.HTTPRoute.
	Kind string

	// Name is used to match the config entry with its associated set
	// of resources, which may include routers, splitters, filters, etc.
	Name string

	// Parents is a list of gateways that this route should be bound to
	Parents []ResourceReference
	// Rules are a list of HTTP-based routing rules that this route should
	// use for constructing a routing table.
	Rules []HTTPRouteRule
	// Hostnames are the hostnames for which this HTTPRoute should respond to requests.
	Hostnames []string

	Meta map[string]string `json:",omitempty"`
	// Status is the asynchronous reconciliation status which an HTTPRoute propagates to the user.
	Status             Status
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

HTTPRouteConfigEntry manages the configuration for a HTTP route with the given name.

func (*HTTPRouteConfigEntry) CanRead added in v1.16.100

func (e *HTTPRouteConfigEntry) CanRead(authz acl.Authorizer) error

func (*HTTPRouteConfigEntry) CanWrite added in v1.16.100

func (e *HTTPRouteConfigEntry) CanWrite(authz acl.Authorizer) error

func (*HTTPRouteConfigEntry) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *HTTPRouteConfigEntry

func (*HTTPRouteConfigEntry) DefaultStatus added in v1.16.100

func (e *HTTPRouteConfigEntry) DefaultStatus() Status

func (*HTTPRouteConfigEntry) FilteredHostnames added in v1.16.100

func (e *HTTPRouteConfigEntry) FilteredHostnames(listenerHostname string) []string

func (*HTTPRouteConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *HTTPRouteConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*HTTPRouteConfigEntry) GetKind added in v1.16.100

func (e *HTTPRouteConfigEntry) GetKind() string

func (*HTTPRouteConfigEntry) GetMeta added in v1.16.100

func (e *HTTPRouteConfigEntry) GetMeta() map[string]string

func (*HTTPRouteConfigEntry) GetName added in v1.16.100

func (e *HTTPRouteConfigEntry) GetName() string

func (*HTTPRouteConfigEntry) GetParents added in v1.16.100

func (e *HTTPRouteConfigEntry) GetParents() []ResourceReference

func (*HTTPRouteConfigEntry) GetProtocol added in v1.16.100

func (*HTTPRouteConfigEntry) GetRaftIndex added in v1.16.100

func (e *HTTPRouteConfigEntry) GetRaftIndex() *RaftIndex

func (*HTTPRouteConfigEntry) GetServiceNames added in v1.16.100

func (e *HTTPRouteConfigEntry) GetServiceNames() []ServiceName

func (*HTTPRouteConfigEntry) GetServices added in v1.16.100

func (e *HTTPRouteConfigEntry) GetServices() []HTTPService

func (*HTTPRouteConfigEntry) GetStatus added in v1.16.100

func (e *HTTPRouteConfigEntry) GetStatus() Status

func (*HTTPRouteConfigEntry) Normalize added in v1.16.100

func (e *HTTPRouteConfigEntry) Normalize() error

func (*HTTPRouteConfigEntry) SetStatus added in v1.16.100

func (e *HTTPRouteConfigEntry) SetStatus(status Status)

func (*HTTPRouteConfigEntry) Validate added in v1.16.100

func (e *HTTPRouteConfigEntry) Validate() error

type HTTPRouteRule added in v1.16.100

type HTTPRouteRule struct {
	// Filters is a list of HTTP-based filters used to modify a request prior
	// to routing it to the upstream service
	Filters HTTPFilters
	// Matches specified the matching criteria used in the routing table. If a
	// request matches the given HTTPMatch configuration, then traffic is routed
	// to services specified in the Services field.
	Matches []HTTPMatch
	// Services is a list of HTTP-based services to route to if the request matches
	// the rules specified in the Matches field.
	Services []HTTPService
}

HTTPRouteRule specifies the routing rules used to determine what upstream service an HTTP request is routed to.

type HTTPService added in v1.16.100

type HTTPService struct {
	Name string
	// Weight is an arbitrary integer used in calculating how much
	// traffic should be sent to the given service.
	Weight int
	// Filters is a list of HTTP-based filters used to modify a request prior
	// to routing it to the upstream service
	Filters HTTPFilters

	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
}

HTTPService is a service reference for HTTP-based routing rules

func (HTTPService) ServiceName added in v1.16.100

func (s HTTPService) ServiceName() ServiceName

type HashPolicy added in v1.16.100

type HashPolicy struct {
	// Field is the attribute type to hash on.
	// Must be one of "header","cookie", or "query_parameter".
	// Cannot be specified along with SourceIP.
	Field string `json:",omitempty"`

	// FieldValue is the value to hash.
	// ie. header name, cookie name, URL query parameter name
	// Cannot be specified along with SourceIP.
	FieldValue string `json:",omitempty" alias:"field_value"`

	// CookieConfig contains configuration for the "cookie" hash policy type.
	CookieConfig *CookieConfig `json:",omitempty" alias:"cookie_config"`

	// SourceIP determines whether the hash should be of the source IP rather than of a field and field value.
	// Cannot be specified along with Field or FieldValue.
	SourceIP bool `json:",omitempty" alias:"source_ip"`

	// Terminal will short circuit the computation of the hash when multiple hash policies are present.
	// If a hash is computed when a Terminal policy is evaluated,
	// then that hash will be used and subsequent hash policies will be ignored.
	Terminal bool `json:",omitempty"`
}

HashPolicy defines which attributes will be hashed by hash-based LB algorithms

func (*HashPolicy) DeepCopy added in v1.16.100

func (o *HashPolicy) DeepCopy() *HashPolicy

DeepCopy generates a deep copy of *HashPolicy

type HealthCheck

type HealthCheck struct {
	Node        string
	CheckID     types.CheckID // Unique per-node ID
	Name        string        // Check name
	Status      string        // The current check status
	Notes       string        // Additional notes with the status
	Output      string        // Holds output of script runs
	ServiceID   string        // optional associated service
	ServiceName string        // optional service name
	ServiceTags []string      // optional service tags
	Type        string        // Check type: http/ttl/tcp/udp/etc

	Interval string // from definition
	Timeout  string // from definition

	// ExposedPort is the port of the exposed Envoy listener representing the
	// HTTP or GRPC health check of the service.
	ExposedPort int

	// PeerName is the name of the peer the check was imported from.
	// It is empty if the check was registered locally.
	PeerName string `json:",omitempty"`

	Definition HealthCheckDefinition `bexpr:"-"`

	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash" bexpr:"-"`

	RaftIndex `bexpr:"-"`
}

HealthCheck represents a single check on a given node.

func (*HealthCheck) CheckType added in v1.16.100

func (c *HealthCheck) CheckType() *CheckType

func (*HealthCheck) Clone

func (c *HealthCheck) Clone() *HealthCheck

Clone returns a distinct clone of the HealthCheck. Note that the "ServiceTags" and "Definition.Header" field are not deep copied.

func (*HealthCheck) CompoundCheckID added in v1.16.100

func (hc *HealthCheck) CompoundCheckID() CheckID

func (*HealthCheck) CompoundServiceID added in v1.16.100

func (hc *HealthCheck) CompoundServiceID() ServiceID

func (*HealthCheck) DeepCopy added in v1.16.100

func (o *HealthCheck) DeepCopy() *HealthCheck

DeepCopy generates a deep copy of *HealthCheck

func (*HealthCheck) FillAuthzContext added in v1.16.100

func (hc *HealthCheck) FillAuthzContext(ctx *acl.AuthorizerContext)

func (*HealthCheck) IsSame

func (c *HealthCheck) IsSame(other *HealthCheck) bool

IsSame checks if one HealthCheck is the same as another, without looking at the Raft information (that's why we didn't call it IsEqual). This is useful for seeing if an update would be idempotent for all the functional parts of the structure.

func (*HealthCheck) NodeIdentity added in v1.16.100

func (hc *HealthCheck) NodeIdentity() Identity

func (*HealthCheck) PeerOrEmpty added in v1.16.100

func (hc *HealthCheck) PeerOrEmpty() string

func (*HealthCheck) Validate added in v1.16.100

func (_ *HealthCheck) Validate() error

type HealthCheckDefinition added in v1.0.1

type HealthCheckDefinition struct {
	HTTP                           string              `json:",omitempty"`
	TLSServerName                  string              `json:",omitempty"`
	TLSSkipVerify                  bool                `json:",omitempty"`
	Header                         map[string][]string `json:",omitempty"`
	Method                         string              `json:",omitempty"`
	Body                           string              `json:",omitempty"`
	DisableRedirects               bool                `json:",omitempty"`
	TCP                            string              `json:",omitempty"`
	UDP                            string              `json:",omitempty"`
	H2PING                         string              `json:",omitempty"`
	OSService                      string              `json:",omitempty"`
	H2PingUseTLS                   bool                `json:",omitempty"`
	Interval                       time.Duration       `json:",omitempty"`
	OutputMaxSize                  uint                `json:",omitempty"`
	Timeout                        time.Duration       `json:",omitempty"`
	DeregisterCriticalServiceAfter time.Duration       `json:",omitempty"`
	ScriptArgs                     []string            `json:",omitempty"`
	DockerContainerID              string              `json:",omitempty"`
	Shell                          string              `json:",omitempty"`
	GRPC                           string              `json:",omitempty"`
	GRPCUseTLS                     bool                `json:",omitempty"`
	AliasNode                      string              `json:",omitempty"`
	AliasService                   string              `json:",omitempty"`
	TTL                            time.Duration       `json:",omitempty"`
}

func (*HealthCheckDefinition) MarshalJSON added in v1.4.1

func (d *HealthCheckDefinition) MarshalJSON() ([]byte, error)

func (*HealthCheckDefinition) UnmarshalJSON added in v1.4.1

func (t *HealthCheckDefinition) UnmarshalJSON(data []byte) (err error)

type HealthChecks

type HealthChecks []*HealthCheck

HealthChecks is a collection of HealthCheck structs.

type HealthSummary added in v1.16.100

type HealthSummary struct {
	Name string `json:",omitempty"`

	Total    int
	Passing  int
	Warning  int
	Critical int

	acl.EnterpriseMeta
}

func (*HealthSummary) Add added in v1.16.100

func (h *HealthSummary) Add(status string)

type Identity added in v1.16.100

type Identity struct {
	ID string
	acl.EnterpriseMeta
}

Identity of some entity (ex: service, node, check).

TODO: this type should replace ServiceID, ServiceName, and CheckID which all have roughly identical implementations.

type IdentityCacheEntry added in v1.4.0

type IdentityCacheEntry struct {
	Identity  ACLIdentity
	CacheTime time.Time
}

func (*IdentityCacheEntry) Age added in v1.4.0

func (e *IdentityCacheEntry) Age() time.Duration

type IndexedCARoots added in v1.2.0

type IndexedCARoots struct {
	// ActiveRootID is the ID of a root in Roots that is the active CA root.
	// Other roots are still valid if they're in the Roots list but are in
	// the process of being rotated out.
	ActiveRootID string

	// TrustDomain is the identification root for this Consul cluster. All
	// certificates signed by the cluster's CA must have their identifying URI in
	// this domain.
	//
	// This does not include the protocol (currently spiffe://) since we may
	// implement other protocols in future with equivalent semantics. It should be
	// compared against the "authority" section of a URI (i.e. host:port).
	//
	// We need to support migrating a cluster between trust domains to support
	// Multi-DC migration in Enterprise. In this case the current trust domain is
	// here but entries in Roots may also have ExternalTrustDomain set to a
	// non-empty value implying they were previous roots that are still trusted
	// but under a different trust domain.
	//
	// Note that we DON'T validate trust domain during AuthZ since it causes
	// issues of loss of connectivity during migration between trust domains. The
	// only time the additional validation adds value is where the cluster shares
	// an external root (e.g. organization-wide root) with another distinct Consul
	// cluster or PKI system. In this case, x509 Name Constraints can be added to
	// enforce that Consul's CA can only validly sign or trust certs within the
	// same trust-domain. Name constraints as enforced by TLS handshake also allow
	// seamless rotation between trust domains thanks to cross-signing.
	TrustDomain string

	// Roots is a list of root CA certs to trust.
	Roots []*CARoot

	// QueryMeta contains the meta sent via a header. We ignore for JSON
	// so this whole structure can be returned.
	QueryMeta `json:"-"`
}

IndexedCARoots is the list of currently trusted CA Roots.

func (IndexedCARoots) Active added in v1.16.100

func (r IndexedCARoots) Active() *CARoot

func (*IndexedCARoots) DeepCopy added in v1.16.100

func (o *IndexedCARoots) DeepCopy() *IndexedCARoots

DeepCopy generates a deep copy of *IndexedCARoots

type IndexedCheckServiceNodes

type IndexedCheckServiceNodes struct {
	Nodes CheckServiceNodes
	QueryMeta
}

type IndexedConfigEntries added in v1.16.100

type IndexedConfigEntries struct {
	Kind    string
	Entries []ConfigEntry
	QueryMeta
}

IndexedConfigEntries has its own encoding logic which differs from ConfigEntryRequest as it has to send a slice of ConfigEntry.

func (*IndexedConfigEntries) MarshalBinary added in v1.16.100

func (c *IndexedConfigEntries) MarshalBinary() (data []byte, err error)

func (*IndexedConfigEntries) UnmarshalBinary added in v1.16.100

func (c *IndexedConfigEntries) UnmarshalBinary(data []byte) error

type IndexedCoordinate

type IndexedCoordinate struct {
	Coord *coordinate.Coordinate
	QueryMeta
}

IndexedCoordinate is used to represent a single node's coordinate from the state store.

type IndexedCoordinates

type IndexedCoordinates struct {
	Coordinates Coordinates
	QueryMeta
}

IndexedCoordinates is used to represent a list of nodes and their corresponding raw coordinates.

type IndexedDirEntries

type IndexedDirEntries struct {
	Entries DirEntries
	QueryMeta
}

type IndexedExportedServiceList added in v1.16.100

type IndexedExportedServiceList struct {
	Services map[string]ServiceList
	QueryMeta
}

type IndexedFederationStates added in v1.16.100

type IndexedFederationStates struct {
	States FederationStates
	QueryMeta
}

IndexedFederationStates represents the list of all federation states.

type IndexedGatewayServices added in v1.16.100

type IndexedGatewayServices struct {
	Services GatewayServices
	QueryMeta
}

type IndexedGenericConfigEntries added in v1.16.100

type IndexedGenericConfigEntries struct {
	Entries []ConfigEntry
	QueryMeta
}

func (*IndexedGenericConfigEntries) MarshalBinary added in v1.16.100

func (c *IndexedGenericConfigEntries) MarshalBinary() (data []byte, err error)

func (*IndexedGenericConfigEntries) UnmarshalBinary added in v1.16.100

func (c *IndexedGenericConfigEntries) UnmarshalBinary(data []byte) error

type IndexedHealthChecks

type IndexedHealthChecks struct {
	HealthChecks HealthChecks
	QueryMeta
}

type IndexedIntentionMatches added in v1.2.0

type IndexedIntentionMatches struct {
	Matches []Intentions
	QueryMeta
}

IndexedIntentionMatches represents the list of matches for a match query.

type IndexedIntentions added in v1.2.0

type IndexedIntentions struct {
	Intentions Intentions

	// DataOrigin is used to indicate if this query was satisfied against the
	// old legacy intentions ("legacy") memdb table or via config entries
	// ("config"). This is really only of value for the legacy intention
	// replication routine to correctly detect that it should exit.
	DataOrigin string `json:"-"`
	QueryMeta
}

IndexedIntentions represents a list of intentions for RPC responses.

type IndexedKeyList

type IndexedKeyList struct {
	Keys []string
	QueryMeta
}

type IndexedNodeDump

type IndexedNodeDump struct {
	ImportedDump NodeDump
	Dump         NodeDump
	QueryMeta
}

type IndexedNodeServiceList added in v1.16.100

type IndexedNodeServiceList struct {
	NodeServices NodeServiceList
	QueryMeta
}

type IndexedNodeServices

type IndexedNodeServices struct {
	// TODO: This should not be a pointer, see comments in
	// agent/catalog_endpoint.go.
	NodeServices *NodeServices
	QueryMeta
}

type IndexedNodes

type IndexedNodes struct {
	Nodes Nodes
	QueryMeta
}

type IndexedNodesWithGateways added in v1.16.100

type IndexedNodesWithGateways struct {
	ImportedNodes CheckServiceNodes
	Nodes         CheckServiceNodes
	Gateways      GatewayServices
	QueryMeta
}

type IndexedPeeredServiceList added in v1.16.100

type IndexedPeeredServiceList struct {
	Services []PeeredServiceName
	QueryMeta
}

type IndexedPreparedQueries

type IndexedPreparedQueries struct {
	Queries PreparedQueries
	QueryMeta
}

type IndexedServiceDump added in v1.16.100

type IndexedServiceDump struct {
	Dump ServiceDump
	QueryMeta
}

type IndexedServiceList added in v1.16.100

type IndexedServiceList struct {
	Services ServiceList
	QueryMeta
}

type IndexedServiceNodes

type IndexedServiceNodes struct {
	ServiceNodes ServiceNodes
	QueryMeta
}

type IndexedServiceTopology added in v1.16.100

type IndexedServiceTopology struct {
	ServiceTopology *ServiceTopology
	FilteredByACLs  bool
	QueryMeta
}

type IndexedServices

type IndexedServices struct {
	Services Services
	// In various situations we need to know the meta that the services are for - in particular
	// this is needed to be able to properly filter the list based on ACLs
	acl.EnterpriseMeta
	QueryMeta
}

type IndexedSessions

type IndexedSessions struct {
	Sessions Sessions
	QueryMeta
}

type IngressGatewayConfigEntry added in v1.16.100

type IngressGatewayConfigEntry struct {
	// Kind of the config entry. This will be set to structs.IngressGateway.
	Kind string

	// Name is used to match the config entry with its associated ingress gateway
	// service. This should match the name provided in the service definition.
	Name string

	// TLS holds the TLS configuration for this gateway. It would be nicer if it
	// were a pointer so it could be omitempty when read back in JSON but that
	// would be a breaking API change now as we currently always return it.
	TLS GatewayTLSConfig

	// Listeners declares what ports the ingress gateway should listen on, and
	// what services to associated to those ports.
	Listeners []IngressListener

	// Defaults contains default configuration for all upstream service instances
	Defaults *IngressServiceConfig `json:",omitempty"`

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

IngressGatewayConfigEntry manages the configuration for an ingress service with the given name.

func (*IngressGatewayConfigEntry) CanRead added in v1.16.100

func (e *IngressGatewayConfigEntry) CanRead(authz acl.Authorizer) error

func (*IngressGatewayConfigEntry) CanWrite added in v1.16.100

func (e *IngressGatewayConfigEntry) CanWrite(authz acl.Authorizer) error

func (*IngressGatewayConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *IngressGatewayConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*IngressGatewayConfigEntry) GetKind added in v1.16.100

func (e *IngressGatewayConfigEntry) GetKind() string

func (*IngressGatewayConfigEntry) GetMeta added in v1.16.100

func (e *IngressGatewayConfigEntry) GetMeta() map[string]string

func (*IngressGatewayConfigEntry) GetName added in v1.16.100

func (e *IngressGatewayConfigEntry) GetName() string

func (*IngressGatewayConfigEntry) GetRaftIndex added in v1.16.100

func (e *IngressGatewayConfigEntry) GetRaftIndex() *RaftIndex

func (*IngressGatewayConfigEntry) ListRelatedServices added in v1.16.100

func (e *IngressGatewayConfigEntry) ListRelatedServices() []ServiceID

ListRelatedServices implements discoveryChainConfigEntry

For ingress-gateway config entries this only finds services that are explicitly linked in the ingress-gateway config entry. Wildcards will not expand to all services.

This function is used during discovery chain graph validation to prevent erroneous sets of config entries from being created. Wildcard ingress filters out sets with protocol mismatch elsewhere so it isn't an issue here that needs fixing.

func (*IngressGatewayConfigEntry) Normalize added in v1.16.100

func (e *IngressGatewayConfigEntry) Normalize() error

func (*IngressGatewayConfigEntry) Validate added in v1.16.100

func (e *IngressGatewayConfigEntry) Validate() error

type IngressListener added in v1.16.100

type IngressListener struct {
	// Port declares the port on which the ingress gateway should listen for traffic.
	Port int

	// Protocol declares what type of traffic this listener is expected to
	// receive. Depending on the protocol, a listener might support multiplexing
	// services over a single port, or additional discovery chain features. The
	// current supported values are: (tcp | http | http2 | grpc).
	Protocol string

	// TLS config for this listener.
	TLS *GatewayTLSConfig `json:",omitempty"`

	// Services declares the set of services to which the listener forwards
	// traffic.
	//
	// For "tcp" protocol listeners, only a single service is allowed.
	// For "http" listeners, multiple services can be declared.
	Services []IngressService
}

func (*IngressListener) DeepCopy added in v1.16.100

func (o *IngressListener) DeepCopy() *IngressListener

DeepCopy generates a deep copy of *IngressListener

type IngressService added in v1.16.100

type IngressService struct {
	// Name declares the service to which traffic should be forwarded.
	//
	// This can either be a specific service, or the wildcard specifier,
	// "*". If the wildcard specifier is provided, the listener must be of "http"
	// protocol and means that the listener will forward traffic to all services.
	//
	// A name can be specified on multiple listeners, and will be exposed on both
	// of the listeners
	Name string

	// Hosts is a list of hostnames which should be associated to this service on
	// the defined listener. Only allowed on layer 7 protocols, this will be used
	// to route traffic to the service by matching the Host header of the HTTP
	// request.
	//
	// If a host is provided for a service that also has a wildcard specifier
	// defined, the host will override the wildcard-specifier-provided
	// "<service-name>.*" domain for that listener.
	//
	// This cannot be specified when using the wildcard specifier, "*", or when
	// using a "tcp" listener.
	Hosts []string

	// TLS configuration overrides for this service. At least one entry must exist
	// in Hosts to use set and the Listener must also have a default Cert loaded
	// from SDS.
	TLS *GatewayServiceTLSConfig `json:",omitempty"`

	// Allow HTTP header manipulation to be configured.
	RequestHeaders  *HTTPHeaderModifiers `json:",omitempty" alias:"request_headers"`
	ResponseHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"response_headers"`

	MaxConnections        uint32 `json:",omitempty" alias:"max_connections"`
	MaxPendingRequests    uint32 `json:",omitempty" alias:"max_pending_requests"`
	MaxConcurrentRequests uint32 `json:",omitempty" alias:"max_concurrent_requests"`

	// PassiveHealthCheck configuration determines how upstream proxy instances will
	// be monitored for removal from the load balancing pool.
	PassiveHealthCheck *PassiveHealthCheck `json:",omitempty" alias:"passive_health_check"`

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
}

func (*IngressService) ToServiceName added in v1.16.100

func (s *IngressService) ToServiceName() ServiceName

type IngressServiceConfig added in v1.16.100

type IngressServiceConfig struct {
	MaxConnections        uint32
	MaxPendingRequests    uint32
	MaxConcurrentRequests uint32

	// PassiveHealthCheck configuration determines how upstream proxy instances will
	// be monitored for removal from the load balancing pool.
	PassiveHealthCheck *PassiveHealthCheck `json:",omitempty" alias:"passive_health_check"`
}

type InlineCertificateConfigEntry added in v1.16.100

type InlineCertificateConfigEntry struct {
	// Kind of config entry. This will be set to structs.InlineCertificate.
	Kind string

	// Name is used to match the config entry with its associated inline certificate.
	Name string

	// Certificate is the public certificate component of an x509 key pair encoded in raw PEM format.
	Certificate string
	// PrivateKey is the private key component of an x509 key pair encoded in raw PEM format.
	PrivateKey string

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

InlineCertificateConfigEntry manages the configuration for an inline certificate with the given name.

func (*InlineCertificateConfigEntry) CanRead added in v1.16.100

func (*InlineCertificateConfigEntry) CanWrite added in v1.16.100

func (e *InlineCertificateConfigEntry) CanWrite(authz acl.Authorizer) error

func (*InlineCertificateConfigEntry) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *InlineCertificateConfigEntry

func (*InlineCertificateConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *InlineCertificateConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*InlineCertificateConfigEntry) GetKind added in v1.16.100

func (e *InlineCertificateConfigEntry) GetKind() string

func (*InlineCertificateConfigEntry) GetMeta added in v1.16.100

func (e *InlineCertificateConfigEntry) GetMeta() map[string]string

func (*InlineCertificateConfigEntry) GetName added in v1.16.100

func (e *InlineCertificateConfigEntry) GetName() string

func (*InlineCertificateConfigEntry) GetRaftIndex added in v1.16.100

func (e *InlineCertificateConfigEntry) GetRaftIndex() *RaftIndex

func (*InlineCertificateConfigEntry) Hosts added in v1.16.100

func (e *InlineCertificateConfigEntry) Hosts() ([]string, error)

func (*InlineCertificateConfigEntry) Normalize added in v1.16.100

func (e *InlineCertificateConfigEntry) Normalize() error

func (*InlineCertificateConfigEntry) Validate added in v1.16.100

func (e *InlineCertificateConfigEntry) Validate() error

type Intention added in v1.2.0

type Intention struct {
	// ID is the UUID-based ID for the intention, always generated by Consul.
	ID string `json:",omitempty"`

	// Description is a human-friendly description of this intention.
	// It is opaque to Consul and is only stored and transferred in API
	// requests.
	Description string `json:",omitempty"`

	// SourceNS, SourceName are the namespace and name, respectively, of
	// the source service. Either of these may be the wildcard "*", but only
	// the full value can be a wildcard. Partial wildcards are not allowed.
	// The source may also be a non-Consul service, as specified by SourceType.
	//
	// DestinationNS, DestinationName is the same, but for the destination
	// service. The same rules apply. The destination is always a Consul
	// service.
	SourceNS, SourceName           string
	DestinationNS, DestinationName string

	// SourcePartition and DestinationPartition cannot be wildcards "*" and
	// are not compatible with legacy intentions.
	SourcePartition      string `json:",omitempty"`
	DestinationPartition string `json:",omitempty"`

	// SourcePeer cannot be a wildcard "*" and is not compatible with legacy
	// intentions. Cannot be used with SourcePartition, as both represent the
	// same level of tenancy (partition is local to cluster, peer is remote).
	SourcePeer string `json:",omitempty"`

	// SourceSamenessGroup cannot be a wildcard "*" and is not compatible with legacy
	// intentions. Cannot be used with SourcePartition, as both represent the
	// same level of tenancy (sameness group includes both partitions and cluster peers).
	SourceSamenessGroup string `json:",omitempty"`

	// SourceType is the type of the value for the source.
	SourceType IntentionSourceType

	// Action is whether this is an allowlist or denylist intention.
	Action IntentionAction `json:",omitempty"`

	// Permissions is the list of additional L7 attributes that extend the
	// intention definition.
	//
	// NOTE: This field is not editable unless editing the underlying
	// service-intentions config entry directly.
	Permissions []*IntentionPermission `bexpr:"-" json:",omitempty"`

	// JWT specifies JWT authn that applies to incoming requests.
	JWT *IntentionJWTRequirement `bexpr:"-" json:",omitempty"`

	// DefaultAddr is not used.
	// Deprecated: DefaultAddr is not used and may be removed in a future version.
	DefaultAddr string `bexpr:"-" codec:",omitempty" json:",omitempty"`
	// DefaultPort is not used.
	// Deprecated: DefaultPort is not used and may be removed in a future version.
	DefaultPort int `bexpr:"-" codec:",omitempty" json:",omitempty"`

	// Meta is arbitrary metadata associated with the intention. This is
	// opaque to Consul but is served in API responses.
	Meta map[string]string `json:",omitempty"`

	// Precedence is the order that the intention will be applied, with
	// larger numbers being applied first. This is a read-only field, on
	// any intention update it is updated.
	Precedence int

	// CreatedAt and UpdatedAt keep track of when this record was created
	// or modified.
	CreatedAt, UpdatedAt time.Time `mapstructure:"-" bexpr:"-"`

	// Hash of the contents of the intention. This is only necessary for legacy
	// intention replication purposes.
	//
	// This is needed mainly for legacy replication purposes. When replicating
	// from one DC to another keeping the content Hash will allow us to detect
	// content changes more efficiently than checking every single field
	Hash []byte `bexpr:"-" json:",omitempty"`

	RaftIndex `bexpr:"-"`
}

Intention defines an intention for the Connect Service Graph. This defines the allowed or denied behavior of a connection between two services using Connect.

func TestIntention added in v1.2.0

func TestIntention(t testing.T) *Intention

TestIntention returns a valid, uninserted (no ID set) intention.

func (*Intention) CanRead added in v1.16.100

func (ixn *Intention) CanRead(authz acl.Authorizer) bool

func (*Intention) CanWrite added in v1.16.100

func (ixn *Intention) CanWrite(authz acl.Authorizer) bool

func (*Intention) Clone added in v1.16.100

func (t *Intention) Clone() *Intention

func (*Intention) DeepCopy added in v1.16.100

func (o *Intention) DeepCopy() *Intention

DeepCopy generates a deep copy of *Intention

func (*Intention) DestinationEnterpriseMeta added in v1.16.100

func (ixn *Intention) DestinationEnterpriseMeta() *acl.EnterpriseMeta

func (*Intention) DestinationServiceName added in v1.16.100

func (x *Intention) DestinationServiceName() ServiceName

func (*Intention) FillAuthzContext added in v1.16.100

func (_ *Intention) FillAuthzContext(_ *acl.AuthorizerContext, _ bool)

FillAuthzContext can fill in an acl.AuthorizerContext object to setup extra parameters for ACL enforcement. In OSS there is currently nothing extra to be done.

func (*Intention) FillPartitionAndNamespace added in v1.16.100

func (ixn *Intention) FillPartitionAndNamespace(entMeta *acl.EnterpriseMeta, fillDefault bool)

FillPartitionAndNamespace will fill in empty source and destination partition/namespaces. If fillDefault is true, all fields are defaulted when the given enterprise meta does not specify them.

fillDefault MUST be true on servers to ensure that all fields are populated on writes. fillDefault MUST be false on clients so that servers can correctly fill in the namespace/partition of the ACL token.

func (*Intention) HasWildcardDestination added in v1.16.100

func (t *Intention) HasWildcardDestination() bool

func (*Intention) HasWildcardSource added in v1.16.100

func (t *Intention) HasWildcardSource() bool

func (*Intention) LegacyEstimateSize deprecated added in v1.16.100

func (x *Intention) LegacyEstimateSize() int

LegacyEstimateSize returns an estimate (in bytes) of the size of this structure when encoded.

Deprecated: only exists for legacy intention replication during migration to 1.9.0+ cluster.

func (*Intention) MarshalJSON added in v1.16.100

func (t *Intention) MarshalJSON() ([]byte, error)

func (*Intention) SetHash deprecated added in v1.16.100

func (x *Intention) SetHash()

SetHash calculates Intention.Hash from any mutable "content" fields.

The Hash is primarily used for legacy intention replication to determine if an intention has changed and should be updated locally.

Deprecated: this is only used for legacy intention CRUD and replication

func (*Intention) SourceEnterpriseMeta added in v1.16.100

func (ixn *Intention) SourceEnterpriseMeta() *acl.EnterpriseMeta

func (*Intention) SourcePartitionOrDefault added in v1.16.100

func (ixn *Intention) SourcePartitionOrDefault() string

func (*Intention) SourceServiceName added in v1.16.100

func (x *Intention) SourceServiceName() ServiceName

func (*Intention) String added in v1.2.0

func (x *Intention) String() string

String returns a human-friendly string for this intention.

func (*Intention) ToConfigEntry added in v1.16.100

func (x *Intention) ToConfigEntry(legacy bool) *ServiceIntentionsConfigEntry

NOTE this is just used to manipulate user-provided data before an insert The RPC execution will do Normalize + Validate for us.

func (*Intention) ToExact added in v1.16.100

func (t *Intention) ToExact() *IntentionQueryExact

func (*Intention) ToSourceIntention added in v1.16.100

func (x *Intention) ToSourceIntention(legacy bool) *SourceIntention

func (*Intention) UnmarshalJSON added in v1.16.100

func (t *Intention) UnmarshalJSON(data []byte) (err error)

func (*Intention) UpdatePrecedence deprecated added in v1.2.0

func (x *Intention) UpdatePrecedence()

UpdatePrecedence sets the Precedence value based on the fields of this structure.

Deprecated: this is only used for legacy intention CRUD.

func (*Intention) Validate deprecated added in v1.2.0

func (x *Intention) Validate() error

Validate returns an error if the intention is invalid for inserting or updating via the legacy APIs.

Deprecated: this is only used for legacy intention CRUD

type IntentionAction added in v1.2.0

type IntentionAction string

IntentionAction is the action that the intention represents. This can be "allow" or "deny".

const (
	IntentionActionAllow IntentionAction = "allow"
	IntentionActionDeny  IntentionAction = "deny"
)

type IntentionDecisionSummary added in v1.16.100

type IntentionDecisionSummary struct {
	Allowed        bool
	HasPermissions bool
	ExternalSource string
	HasExact       bool
	DefaultAllow   bool
}

IntentionDecisionSummary contains a summary of a set of intentions between two services Currently contains: - Whether all actions are allowed - Whether the matching intention has L7 permissions attached - Whether the intention is managed by an external source like k8s - Whether there is an exact, or wildcard, intention referencing the two services - Whether ACLs are in DefaultAllow mode

type IntentionHTTPHeaderPermission added in v1.16.100

type IntentionHTTPHeaderPermission struct {
	Name    string
	Present bool   `json:",omitempty"`
	Exact   string `json:",omitempty"`
	Prefix  string `json:",omitempty"`
	Suffix  string `json:",omitempty"`
	Regex   string `json:",omitempty"`
	Invert  bool   `json:",omitempty"`
}

type IntentionHTTPPermission added in v1.16.100

type IntentionHTTPPermission struct {
	// PathExact, PathPrefix, and PathRegex are mutually exclusive.
	PathExact  string `json:",omitempty" alias:"path_exact"`
	PathPrefix string `json:",omitempty" alias:"path_prefix"`
	PathRegex  string `json:",omitempty" alias:"path_regex"`

	Header []IntentionHTTPHeaderPermission `json:",omitempty"`

	Methods []string `json:",omitempty"`
}

func (*IntentionHTTPPermission) Clone added in v1.16.100

type IntentionJWTClaimVerification added in v1.16.100

type IntentionJWTClaimVerification struct {
	// Path is the path to the claim in the token JSON.
	Path []string `json:",omitempty"`

	// Value is the expected value at the given path:
	// - If the type at the path is a list then we verify
	//   that this value is contained in the list.
	//
	// - If the type at the path is a string then we verify
	//   that this value matches.
	Value string `json:",omitempty"`
}

func (*IntentionJWTClaimVerification) Clone added in v1.16.100

type IntentionJWTProvider added in v1.16.100

type IntentionJWTProvider struct {
	// Name is the name of the JWT provider. There MUST be a corresponding
	// "jwt-provider" config entry with this name.
	Name string `json:",omitempty"`

	// VerifyClaims is a list of additional claims to verify in a JWT's payload.
	VerifyClaims []*IntentionJWTClaimVerification `json:",omitempty" alias:"verify_claims"`
}

func (*IntentionJWTProvider) Clone added in v1.16.100

func (*IntentionJWTProvider) Validate added in v1.16.100

func (p *IntentionJWTProvider) Validate() error

type IntentionJWTRequirement added in v1.16.100

type IntentionJWTRequirement struct {
	// Providers is a list of providers to consider when verifying a JWT.
	Providers []*IntentionJWTProvider `json:",omitempty"`
}

func (*IntentionJWTRequirement) Clone added in v1.16.100

func (*IntentionJWTRequirement) Validate added in v1.16.100

func (e *IntentionJWTRequirement) Validate() error

type IntentionListRequest added in v1.16.100

type IntentionListRequest struct {
	Datacenter         string
	Legacy             bool `json:"-"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	QueryOptions
}

TODO(peering): add support for listing peer

func (*IntentionListRequest) RequestDatacenter added in v1.16.100

func (r *IntentionListRequest) RequestDatacenter() string

type IntentionMatchEntry added in v1.2.0

type IntentionMatchEntry struct {
	Partition string `json:",omitempty"`
	Namespace string
	Name      string
}

IntentionMatchEntry is a single entry for matching an intention.

func (*IntentionMatchEntry) FillAuthzContext added in v1.16.100

func (_ *IntentionMatchEntry) FillAuthzContext(_ *acl.AuthorizerContext)

FillAuthzContext can fill in an acl.AuthorizerContext object to setup extra parameters for ACL enforcement. In OSS there is currently nothing extra to be done.

func (*IntentionMatchEntry) GetEnterpriseMeta added in v1.16.100

func (e *IntentionMatchEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

type IntentionMatchType added in v1.2.0

type IntentionMatchType string

IntentionMatchType is the target for a match request. For example, matching by source will look for all intentions that match the given source value.

const (
	IntentionMatchSource      IntentionMatchType = "source"
	IntentionMatchDestination IntentionMatchType = "destination"
)

type IntentionMutation added in v1.16.100

type IntentionMutation struct {
	ID          string
	Destination ServiceName
	Source      ServiceName
	// TODO(peering): check if this needs peer field
	Value *SourceIntention
}

type IntentionOp added in v1.2.0

type IntentionOp string

IntentionOp is the operation for a request related to intentions.

const (
	IntentionOpCreate    IntentionOp = "create"
	IntentionOpUpdate    IntentionOp = "update"
	IntentionOpDelete    IntentionOp = "delete"
	IntentionOpDeleteAll IntentionOp = "delete-all" // NOTE: this is only accepted when it comes from the leader, RPCs will reject this
	IntentionOpUpsert    IntentionOp = "upsert"     // config-entry only
)

type IntentionPermission added in v1.16.100

type IntentionPermission struct {
	Action IntentionAction // required: allow|deny

	HTTP *IntentionHTTPPermission `json:",omitempty"`

	JWT *IntentionJWTRequirement `json:",omitempty"`
}

func (*IntentionPermission) Clone added in v1.16.100

func (*IntentionPermission) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *IntentionPermission

func (*IntentionPermission) Validate added in v1.16.100

func (p *IntentionPermission) Validate() error

type IntentionPrecedenceSorter added in v1.2.0

type IntentionPrecedenceSorter Intentions

IntentionPrecedenceSorter takes a list of intentions and sorts them based on the match precedence rules for intentions. The intentions closer to the head of the list have higher precedence. i.e. index 0 has the highest precedence.

func (IntentionPrecedenceSorter) Len added in v1.2.0

func (IntentionPrecedenceSorter) Less added in v1.2.0

func (s IntentionPrecedenceSorter) Less(i, j int) bool

func (IntentionPrecedenceSorter) Swap added in v1.2.0

func (s IntentionPrecedenceSorter) Swap(i, j int)

type IntentionQueryCheck added in v1.2.0

type IntentionQueryCheck struct {
	// SourceNS, SourceName, DestinationNS, and DestinationName are the
	// source and namespace, respectively, for the test. These must be
	// exact values.
	SourceNS, SourceName           string
	DestinationNS, DestinationName string

	// TODO(partitions): check query works with partitions
	SourcePartition      string `json:",omitempty"`
	DestinationPartition string `json:",omitempty"`

	// SourceType is the type of the value for the source.
	SourceType IntentionSourceType
}

IntentionQueryCheck are the parameters for performing a test request.

func (*IntentionQueryCheck) FillAuthzContext added in v1.16.100

func (_ *IntentionQueryCheck) FillAuthzContext(_ *acl.AuthorizerContext)

FillAuthzContext can fill in an acl.AuthorizerContext object to setup extra parameters for ACL enforcement. In OSS there is currently nothing extra to be done.

func (*IntentionQueryCheck) GetACLPrefix added in v1.2.0

func (q *IntentionQueryCheck) GetACLPrefix() (string, bool)

GetACLPrefix returns the prefix to look up the ACL policy for this request, and a boolean noting whether the prefix is valid to check or not. You must check the ok value before using the prefix.

type IntentionQueryCheckResponse added in v1.2.0

type IntentionQueryCheckResponse struct {
	Allowed bool
}

IntentionQueryCheckResponse is the response for a test request.

type IntentionQueryExact added in v1.16.100

type IntentionQueryExact struct {
	SourceNS, SourceName           string
	DestinationNS, DestinationName string

	// TODO(partitions): check query works with partitions
	SourcePartition      string `json:",omitempty"`
	DestinationPartition string `json:",omitempty"`

	SourcePeer          string `json:",omitempty"`
	SourceSamenessGroup string `json:",omitempty"`
}

IntentionQueryExact holds the parameters for performing a lookup of an intention by its unique name instead of its ID.

func (*IntentionQueryExact) DestinationEnterpriseMeta added in v1.16.100

func (e *IntentionQueryExact) DestinationEnterpriseMeta() *acl.EnterpriseMeta

func (*IntentionQueryExact) SourceEnterpriseMeta added in v1.16.100

func (e *IntentionQueryExact) SourceEnterpriseMeta() *acl.EnterpriseMeta

func (*IntentionQueryExact) Validate added in v1.16.100

func (q *IntentionQueryExact) Validate() error

Validate is used to ensure all 4 required parameters are specified.

type IntentionQueryMatch added in v1.2.0

type IntentionQueryMatch struct {
	Type               IntentionMatchType
	Entries            []IntentionMatchEntry
	WithSamenessGroups bool
}

IntentionQueryMatch are the parameters for performing a match request against the state store.

type IntentionQueryRequest added in v1.2.0

type IntentionQueryRequest struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// IntentionID is the ID of a specific intention.
	IntentionID string

	// Match is non-nil if we're performing a match query. A match will
	// find intentions that "match" the given parameters. A match includes
	// resolving wildcards.
	Match *IntentionQueryMatch

	// Check is non-nil if we're performing a test query. A test will
	// return allowed/deny based on an exact match.
	Check *IntentionQueryCheck

	// Exact is non-nil if we're performing a lookup of an intention by its
	// unique name instead of its ID.
	Exact *IntentionQueryExact

	// Options for queries
	QueryOptions
}

IntentionQueryRequest is used to query intentions.

func (*IntentionQueryRequest) CacheInfo added in v1.2.0

func (q *IntentionQueryRequest) CacheInfo() cache.RequestInfo

CacheInfo implements cache.Request

func (*IntentionQueryRequest) RequestDatacenter added in v1.2.0

func (q *IntentionQueryRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type IntentionRequest added in v1.2.0

type IntentionRequest struct {
	// Datacenter is the target for this request.
	Datacenter string

	// Op is the type of operation being requested.
	Op IntentionOp

	// Intention is the intention.
	//
	// This is mutually exclusive with the Mutation field.
	Intention *Intention

	// Mutation is a change to make to an Intention.
	//
	// This is mutually exclusive with the Intention field.
	//
	// This field is only set by the leader before writing to the raft log and
	// is not settable via the API or an RPC.
	Mutation *IntentionMutation

	// WriteRequest is a common struct containing ACL tokens and other
	// write-related common elements for requests.
	WriteRequest
}

IntentionRequest is used to create, update, and delete intentions.

func (*IntentionRequest) RequestDatacenter added in v1.2.0

func (q *IntentionRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type IntentionSourceType added in v1.2.0

type IntentionSourceType string

IntentionSourceType is the type of the source within an intention.

const (
	// IntentionSourceConsul is a service within the Consul catalog.
	IntentionSourceConsul IntentionSourceType = "consul"
)

type IntentionTargetType added in v1.16.100

type IntentionTargetType string
const (
	// IntentionTargetService is a service within the Consul catalog.
	IntentionTargetService IntentionTargetType = "service"
	// IntentionTargetDestination is a destination defined through a service-default config entry.
	IntentionTargetDestination IntentionTargetType = "destination"
)

type Intentions added in v1.2.0

type Intentions []*Intention

Intentions is a list of intentions.

type IssuedCert added in v1.2.0

type IssuedCert struct {
	// SerialNumber is the unique serial number for this certificate.
	// This is encoded in standard hex separated by :.
	SerialNumber string

	// CertPEM is a PEM encoded bundle of a leaf certificate, optionally followed
	// by one or more intermediate certificates that will form a chain of trust
	// back to a root CA.
	//
	// This field is not persisted in the state store, but is present in the
	// sign API response.
	CertPEM string `json:",omitempty"`
	// PrivateKeyPEM is the PEM encoded private key associated with CertPEM.
	PrivateKeyPEM string `json:",omitempty"`

	// Service is the name of the service for which the cert was issued.
	Service string `json:",omitempty"`
	// ServiceURI is the cert URI value.
	ServiceURI string `json:",omitempty"`

	// Agent is the name of the node for which the cert was issued.
	Agent string `json:",omitempty"`
	// AgentURI is the cert URI value.
	AgentURI string `json:",omitempty"`

	// ServerURI is the URI value of a cert issued for a server agent.
	// The same URI is shared by all servers in a Consul datacenter.
	ServerURI string `json:",omitempty"`

	// Kind is the kind of service for which the cert was issued.
	Kind ServiceKind `json:",omitempty"`
	// KindURI is the cert URI value.
	KindURI string `json:",omitempty"`

	// ValidAfter and ValidBefore are the validity periods for the
	// certificate.
	ValidAfter  time.Time
	ValidBefore time.Time

	// EnterpriseMeta is the Consul Enterprise specific metadata
	acl.EnterpriseMeta

	RaftIndex
}

IssuedCert is a certificate that has been issued by a Connect CA.

type JSONWebKeySet added in v1.16.100

type JSONWebKeySet struct {
	// Local specifies a local source for the key set.
	Local *LocalJWKS `json:",omitempty"`

	// Remote specifies how to fetch a key set from a remote server.
	Remote *RemoteJWKS `json:",omitempty"`
}

JSONWebKeySet defines a key set, its location on disk, or the means with which to fetch a key set from a remote server.

Exactly one of Local or Remote must be specified.

func (*JSONWebKeySet) Validate added in v1.16.100

func (jwks *JSONWebKeySet) Validate() error

type JWKSCluster added in v1.16.100

type JWKSCluster struct {
	// DiscoveryType refers to the service discovery type to use for resolving the cluster.
	//
	// This defaults to STRICT_DNS.
	// Other options include STATIC, LOGICAL_DNS, EDS or ORIGINAL_DST.
	DiscoveryType ClusterDiscoveryType `json:",omitempty" alias:"discovery_type"`

	// TLSCertificates refers to the data containing certificate authority certificates to use
	// in verifying a presented peer certificate.
	// If not specified and a peer certificate is presented it will not be verified.
	//
	// Must be either CaCertificateProviderInstance or TrustedCA.
	TLSCertificates *JWKSTLSCertificate `json:",omitempty" alias:"tls_certificates"`

	// The timeout for new network connections to hosts in the cluster.
	// If not set, a default value of 5s will be used.
	ConnectTimeout time.Duration `json:",omitempty" alias:"connect_timeout"`
}

func (*JWKSCluster) Validate added in v1.16.100

func (c *JWKSCluster) Validate() error

type JWKSRetryPolicy added in v1.16.100

type JWKSRetryPolicy struct {
	// NumRetries is the number of times to retry fetching the JWKS.
	// The retry strategy uses jittered exponential backoff with
	// a base interval of 1s and max of 10s.
	//
	// Default value is 0.
	NumRetries int `json:",omitempty" alias:"num_retries"`

	// Backoff policy
	//
	// Defaults to envoy's backoff policy
	RetryPolicyBackOff *RetryPolicyBackOff `json:",omitempty" alias:"retry_policy_back_off"`
}

type JWKSTLSCertProviderInstance added in v1.16.100

type JWKSTLSCertProviderInstance struct {
	// InstanceName refers to the certificate provider instance name
	//
	// The default value is "default".
	InstanceName string `json:",omitempty" alias:"instance_name"`

	// CertificateName is used to specify certificate instances or types. For example, "ROOTCA" to specify
	// a root-certificate (validation context) or "example.com" to specify a certificate for a
	// particular domain.
	//
	// The default value is the empty string.
	CertificateName string `json:",omitempty" alias:"certificate_name"`
}

type JWKSTLSCertTrustedCA added in v1.16.100

type JWKSTLSCertTrustedCA struct {
	Filename            string `json:",omitempty" alias:"filename"`
	EnvironmentVariable string `json:",omitempty" alias:"environment_variable"`
	InlineString        string `json:",omitempty" alias:"inline_string"`
	InlineBytes         []byte `json:",omitempty" alias:"inline_bytes"`
}

JWKSTLSCertTrustedCA defines TLS certificate data containing certificate authority certificates to use in verifying a presented peer certificate.

Exactly one of Filename, EnvironmentVariable, InlineString or InlineBytes must be specified.

func (*JWKSTLSCertTrustedCA) Validate added in v1.16.100

func (c *JWKSTLSCertTrustedCA) Validate() error

type JWKSTLSCertificate added in v1.16.100

type JWKSTLSCertificate struct {
	// CaCertificateProviderInstance Certificate provider instance for fetching TLS certificates.
	CaCertificateProviderInstance *JWKSTLSCertProviderInstance `json:",omitempty" alias:"ca_certificate_provider_instance"`

	// TrustedCA defines TLS certificate data containing certificate authority certificates
	// to use in verifying a presented peer certificate.
	//
	// Exactly one of Filename, EnvironmentVariable, InlineString or InlineBytes must be specified.
	TrustedCA *JWKSTLSCertTrustedCA `json:",omitempty" alias:"trusted_ca"`
}

JWKSTLSCertificate refers to the data containing certificate authority certificates to use in verifying a presented peer certificate. If not specified and a peer certificate is presented it will not be verified.

Must be either CaCertificateProviderInstance or TrustedCA.

func (*JWKSTLSCertificate) Validate added in v1.16.100

func (c *JWKSTLSCertificate) Validate() error

type JWTCacheConfig added in v1.16.100

type JWTCacheConfig struct {
	// Size specifies the maximum number of JWT verification
	// results to cache.
	//
	// Defaults to 0, meaning that JWT caching is disabled.
	Size int `json:",omitempty"`
}

type JWTForwardingConfig added in v1.16.100

type JWTForwardingConfig struct {
	// HeaderName is a header name to use when forwarding a verified
	// JWT to the backend. The verified JWT could have been extracted
	// from any location (query param, header, or cookie).
	//
	// The header value will be base64-URL-encoded, and will not be
	// padded unless PadForwardPayloadHeader is true.
	HeaderName string `json:",omitempty" alias:"header_name"`

	// PadForwardPayloadHeader determines whether padding should be added
	// to the base64 encoded token forwarded with ForwardPayloadHeader.
	//
	// Default value is false.
	PadForwardPayloadHeader bool `alias:"pad_forward_payload_header"`
}

func (*JWTForwardingConfig) Validate added in v1.16.100

func (fc *JWTForwardingConfig) Validate() error

type JWTLocation added in v1.16.100

type JWTLocation struct {
	// Header defines how to extract a JWT from an HTTP request header.
	Header *JWTLocationHeader `json:",omitempty"`

	// QueryParam defines how to extract a JWT from an HTTP request
	// query parameter.
	QueryParam *JWTLocationQueryParam `json:",omitempty" alias:"query_param"`

	// Cookie defines how to extract a JWT from an HTTP request cookie.
	Cookie *JWTLocationCookie `json:",omitempty"`
}

JWTLocation is a location where the JWT could be present in requests.

Only one of Header, QueryParam, or Cookie can be specified.

func (*JWTLocation) Validate added in v1.16.100

func (location *JWTLocation) Validate() error

type JWTLocationCookie added in v1.16.100

type JWTLocationCookie struct {
	// Name is the name of the cookie containing the token.
	Name string `json:",omitempty"`
}

JWTLocationCookie defines how to extract a JWT from an HTTP request cookie.

func (*JWTLocationCookie) Validate added in v1.16.100

func (lc *JWTLocationCookie) Validate() error

type JWTLocationHeader added in v1.16.100

type JWTLocationHeader struct {
	// Name is the name of the header containing the token.
	Name string `json:",omitempty"`

	// ValuePrefix is an optional prefix that precedes the token in the
	// header value.
	// For example, "Bearer " is a standard value prefix for a header named
	// "Authorization", but the prefix is not part of the token itself:
	// "Authorization: Bearer <token>"
	ValuePrefix string `json:",omitempty" alias:"value_prefix"`

	// Forward defines whether the header with the JWT should be
	// forwarded after the token has been verified. If false, the
	// header will not be forwarded to the backend.
	//
	// Default value is false.
	Forward bool `json:",omitempty"`
}

JWTLocationHeader defines how to extract a JWT from an HTTP request header.

func (*JWTLocationHeader) Validate added in v1.16.100

func (lh *JWTLocationHeader) Validate() error

type JWTLocationQueryParam added in v1.16.100

type JWTLocationQueryParam struct {
	// Name is the name of the query param containing the token.
	Name string `json:",omitempty"`
}

JWTLocationQueryParam defines how to extract a JWT from an HTTP request query parameter.

func (*JWTLocationQueryParam) Validate added in v1.16.100

func (qp *JWTLocationQueryParam) Validate() error

type JWTProviderConfigEntry added in v1.16.100

type JWTProviderConfigEntry struct {
	// Kind is the kind of configuration entry and must be "jwt-provider".
	Kind string `json:",omitempty"`

	// Name is the name of the provider being configured.
	Name string `json:",omitempty"`

	// JSONWebKeySet defines a JSON Web Key Set, its location on disk, or the
	// means with which to fetch a key set from a remote server.
	JSONWebKeySet *JSONWebKeySet `json:",omitempty" alias:"json_web_key_set"`

	// Issuer is the entity that must have issued the JWT.
	// This value must match the "iss" claim of the token.
	Issuer string `json:",omitempty"`

	// Audiences is the set of audiences the JWT is allowed to access.
	// If specified, all JWTs verified with this provider must address
	// at least one of these to be considered valid.
	Audiences []string `json:",omitempty"`

	// Locations where the JWT will be present in requests.
	// Envoy will check all of these locations to extract a JWT.
	// If no locations are specified Envoy will default to:
	// 1. Authorization header with Bearer schema:
	//    "Authorization: Bearer <token>"
	// 2. access_token query parameter.
	Locations []*JWTLocation `json:",omitempty"`

	// Forwarding defines rules for forwarding verified JWTs to the backend.
	Forwarding *JWTForwardingConfig `json:",omitempty"`

	// ClockSkewSeconds specifies the maximum allowable time difference
	// from clock skew when validating the "exp" (Expiration) and "nbf"
	// (Not Before) claims.
	//
	// Default value is 30 seconds.
	ClockSkewSeconds int `json:",omitempty" alias:"clock_skew_seconds"`

	// CacheConfig defines configuration for caching the validation
	// result for previously seen JWTs. Caching results can speed up
	// verification when individual tokens are expected to be handled
	// multiple times.
	CacheConfig *JWTCacheConfig `json:",omitempty" alias:"cache_config"`

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

func (*JWTProviderConfigEntry) CanRead added in v1.16.100

func (e *JWTProviderConfigEntry) CanRead(authz acl.Authorizer) error

func (*JWTProviderConfigEntry) CanWrite added in v1.16.100

func (e *JWTProviderConfigEntry) CanWrite(authz acl.Authorizer) error

func (*JWTProviderConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *JWTProviderConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*JWTProviderConfigEntry) GetKind added in v1.16.100

func (e *JWTProviderConfigEntry) GetKind() string

func (*JWTProviderConfigEntry) GetMeta added in v1.16.100

func (e *JWTProviderConfigEntry) GetMeta() map[string]string

func (*JWTProviderConfigEntry) GetName added in v1.16.100

func (e *JWTProviderConfigEntry) GetName() string

func (*JWTProviderConfigEntry) GetRaftIndex added in v1.16.100

func (e *JWTProviderConfigEntry) GetRaftIndex() *RaftIndex

func (*JWTProviderConfigEntry) Normalize added in v1.16.100

func (e *JWTProviderConfigEntry) Normalize() error

func (*JWTProviderConfigEntry) Validate added in v1.16.100

func (e *JWTProviderConfigEntry) Validate() error

type KVSRequest

type KVSRequest struct {
	Datacenter string
	Op         api.KVOp // Which operation are we performing
	DirEnt     DirEntry // Which directory entry
	WriteRequest
}

KVSRequest is used to operate on the Key-Value store

func (*KVSRequest) RequestDatacenter

func (r *KVSRequest) RequestDatacenter() string

type KeyListRequest

type KeyListRequest struct {
	Datacenter string
	Prefix     string
	Seperator  string
	QueryOptions
	acl.EnterpriseMeta
}

KeyListRequest is used to list keys

func (*KeyListRequest) RequestDatacenter

func (r *KeyListRequest) RequestDatacenter() string

type KeyRequest

type KeyRequest struct {
	Datacenter string
	Key        string
	acl.EnterpriseMeta
	QueryOptions
}

KeyRequest is used to request a key, or key prefix

func (*KeyRequest) RequestDatacenter

func (r *KeyRequest) RequestDatacenter() string

type KeyringOp

type KeyringOp string

type KeyringRequest

type KeyringRequest struct {
	Operation   KeyringOp
	Key         string
	Datacenter  string
	Forwarded   bool
	RelayFactor uint8
	LocalOnly   bool
	QueryOptions
}

KeyringRequest encapsulates a request to modify an encryption keyring. It can be used for install, remove, or use key type operations.

func (*KeyringRequest) RequestDatacenter

func (r *KeyringRequest) RequestDatacenter() string

type KeyringResponse

type KeyringResponse struct {
	WAN         bool
	Datacenter  string
	Segment     string
	Partition   string            `json:",omitempty"`
	Messages    map[string]string `json:",omitempty"`
	Keys        map[string]int
	PrimaryKeys map[string]int
	NumNodes    int
	Error       string `json:",omitempty"`
}

KeyringResponse is a unified key response and can be used for install, remove, use, as well as listing key queries.

func (*KeyringResponse) PartitionOrDefault added in v1.16.100

func (r *KeyringResponse) PartitionOrDefault() string

type KeyringResponses

type KeyringResponses struct {
	Responses []*KeyringResponse
	QueryMeta
}

KeyringResponses holds multiple responses to keyring queries. Each datacenter replies independently, and KeyringResponses is used as a container for the set of all responses.

func (*KeyringResponses) Add

func (r *KeyringResponses) Add(v interface{})

func (*KeyringResponses) New

func (r *KeyringResponses) New() interface{}

type LeastRequestConfig added in v1.16.100

type LeastRequestConfig struct {
	// ChoiceCount determines the number of random healthy hosts from which to select the one with the least requests.
	ChoiceCount uint32 `json:",omitempty" alias:"choice_count"`
}

LeastRequestConfig contains configuration for the "least_request" policy type

type LinkedService added in v1.16.100

type LinkedService struct {
	// Name is the name of the service, as defined in Consul's catalog
	Name string `json:",omitempty"`

	// CAFile is the optional path to a CA certificate to use for TLS connections
	// from the gateway to the linked service
	CAFile string `json:",omitempty" alias:"ca_file"`

	// CertFile is the optional path to a client certificate to use for TLS connections
	// from the gateway to the linked service
	CertFile string `json:",omitempty" alias:"cert_file"`

	// KeyFile is the optional path to a private key to use for TLS connections
	// from the gateway to the linked service
	KeyFile string `json:",omitempty" alias:"key_file"`

	// SNI is the optional name to specify during the TLS handshake with a linked service
	SNI string `json:",omitempty"`

	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
}

A LinkedService is a service represented by a terminating gateway

type LoadBalancer added in v1.16.100

type LoadBalancer struct {
	// Policy is the load balancing policy used to select a host
	Policy string `json:",omitempty"`

	// RingHashConfig contains configuration for the "ring_hash" policy type
	RingHashConfig *RingHashConfig `json:",omitempty" alias:"ring_hash_config"`

	// LeastRequestConfig contains configuration for the "least_request" policy type
	LeastRequestConfig *LeastRequestConfig `json:",omitempty" alias:"least_request_config"`

	// HashPolicies is a list of hash policies to use for hashing load balancing algorithms.
	// Hash policies are evaluated individually and combined such that identical lists
	// result in the same hash.
	// If no hash policies are present, or none are successfully evaluated,
	// then a random backend host will be selected.
	HashPolicies []HashPolicy `json:",omitempty" alias:"hash_policies"`
}

LoadBalancer determines the load balancing policy and configuration for services issuing requests to this upstream service.

func (*LoadBalancer) DeepCopy added in v1.16.100

func (o *LoadBalancer) DeepCopy() *LoadBalancer

DeepCopy generates a deep copy of *LoadBalancer

func (*LoadBalancer) IsHashBased added in v1.16.100

func (lb *LoadBalancer) IsHashBased() bool

type LocalJWKS added in v1.16.100

type LocalJWKS struct {
	// JWKS contains a base64 encoded JWKS.
	JWKS string `json:",omitempty"`

	// Filename configures a location on disk where the JWKS can be
	// found. If specified, the file must be present on the disk of ALL
	// proxies with intentions referencing this provider.
	Filename string `json:",omitempty"`
}

LocalJWKS specifies a location for a local JWKS.

Only one of String and Filename can be specified.

func (*LocalJWKS) Validate added in v1.16.100

func (ks *LocalJWKS) Validate() error

type Locality added in v1.16.100

type Locality struct {
	// Region is region the zone belongs to.
	Region string `json:",omitempty"`

	// Zone is the zone the entity is running in.
	Zone string `json:",omitempty"`
}

Locality identifies where a given entity is running.

func (*Locality) GetRegion added in v1.16.100

func (l *Locality) GetRegion() string

func (*Locality) ToAPI added in v1.16.100

func (l *Locality) ToAPI() *api.Locality

ToAPI converts a struct Locality to an API Locality.

type LogSinkType added in v1.16.100

type LogSinkType string
const (
	DefaultLogSinkType LogSinkType = ""
	FileLogSinkType    LogSinkType = "file"
	StdErrLogSinkType  LogSinkType = "stderr"
	StdOutLogSinkType  LogSinkType = "stdout"
)

type MeshConfigEntry added in v1.16.100

type MeshConfigEntry struct {
	// TransparentProxy contains cluster-wide options pertaining to TPROXY mode
	// when enabled.
	TransparentProxy TransparentProxyMeshConfig `alias:"transparent_proxy"`

	// AllowEnablingPermissiveMutualTLS must be true in order to allow setting
	// MutualTLSMode=permissive in either service-defaults or proxy-defaults.
	AllowEnablingPermissiveMutualTLS bool `json:",omitempty" alias:"allow_enabling_permissive_mutual_tls"`

	TLS *MeshTLSConfig `json:",omitempty"`

	HTTP *MeshHTTPConfig `json:",omitempty"`

	Peering *PeeringMeshConfig `json:",omitempty"`

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

func (*MeshConfigEntry) CanRead added in v1.16.100

func (e *MeshConfigEntry) CanRead(authz acl.Authorizer) error

func (*MeshConfigEntry) CanWrite added in v1.16.100

func (e *MeshConfigEntry) CanWrite(authz acl.Authorizer) error

func (*MeshConfigEntry) DeepCopy added in v1.16.100

func (o *MeshConfigEntry) DeepCopy() *MeshConfigEntry

DeepCopy generates a deep copy of *MeshConfigEntry

func (*MeshConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *MeshConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*MeshConfigEntry) GetKind added in v1.16.100

func (e *MeshConfigEntry) GetKind() string

func (*MeshConfigEntry) GetMeta added in v1.16.100

func (e *MeshConfigEntry) GetMeta() map[string]string

func (*MeshConfigEntry) GetName added in v1.16.100

func (e *MeshConfigEntry) GetName() string

func (*MeshConfigEntry) GetRaftIndex added in v1.16.100

func (e *MeshConfigEntry) GetRaftIndex() *RaftIndex

func (*MeshConfigEntry) MarshalJSON added in v1.16.100

func (e *MeshConfigEntry) MarshalJSON() ([]byte, error)

MarshalJSON adds the Kind field so that the JSON can be decoded back into the correct type. This method is implemented on the structs type (as apposed to the api type) because that is what the API currently uses to return a response.

func (*MeshConfigEntry) Normalize added in v1.16.100

func (e *MeshConfigEntry) Normalize() error

func (*MeshConfigEntry) PeerThroughMeshGateways added in v1.16.100

func (e *MeshConfigEntry) PeerThroughMeshGateways() bool

func (*MeshConfigEntry) Validate added in v1.16.100

func (e *MeshConfigEntry) Validate() error

type MeshDirectionalTLSConfig added in v1.16.100

type MeshDirectionalTLSConfig struct {
	TLSMinVersion types.TLSVersion `json:",omitempty" alias:"tls_min_version"`
	TLSMaxVersion types.TLSVersion `json:",omitempty" alias:"tls_max_version"`

	// Define a subset of cipher suites to restrict
	// Only applicable to connections negotiated via TLS 1.2 or earlier
	CipherSuites []types.TLSCipherSuite `json:",omitempty" alias:"cipher_suites"`
}

func (*MeshDirectionalTLSConfig) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *MeshDirectionalTLSConfig

type MeshGatewayConfig added in v1.16.100

type MeshGatewayConfig struct {
	// The Mesh Gateway routing mode
	Mode MeshGatewayMode `json:",omitempty"`
}

MeshGatewayConfig controls how Mesh Gateways are configured and used This is a struct to allow for future additions without having more free-hanging configuration items all over the place

func (*MeshGatewayConfig) IsZero added in v1.16.100

func (c *MeshGatewayConfig) IsZero() bool

func (*MeshGatewayConfig) ToAPI added in v1.16.100

type MeshGatewayMode added in v1.16.100

type MeshGatewayMode string
const (
	// MeshGatewayModeDefault represents no specific mode and should
	// be used to indicate that a different layer of the configuration
	// chain should take precedence
	MeshGatewayModeDefault MeshGatewayMode = ""

	// MeshGatewayModeNone represents that the Upstream Connect connections
	// should be direct and not flow through a mesh gateway.
	MeshGatewayModeNone MeshGatewayMode = "none"

	// MeshGatewayModeLocal represents that the Upstream Connect connections
	// should be made to a mesh gateway in the local datacenter.
	MeshGatewayModeLocal MeshGatewayMode = "local"

	// MeshGatewayModeRemote represents that the Upstream Connect connections
	// should be made to a mesh gateway in a remote datacenter.
	MeshGatewayModeRemote MeshGatewayMode = "remote"
)

func ValidateMeshGatewayMode added in v1.16.100

func ValidateMeshGatewayMode(mode string) (MeshGatewayMode, error)

type MeshHTTPConfig added in v1.16.100

type MeshHTTPConfig struct {
	SanitizeXForwardedClientCert bool `alias:"sanitize_x_forwarded_client_cert"`
}

type MeshTLSConfig added in v1.16.100

type MeshTLSConfig struct {
	Incoming *MeshDirectionalTLSConfig `json:",omitempty"`
	Outgoing *MeshDirectionalTLSConfig `json:",omitempty"`
}

func (*MeshTLSConfig) DeepCopy added in v1.16.100

func (o *MeshTLSConfig) DeepCopy() *MeshTLSConfig

DeepCopy generates a deep copy of *MeshTLSConfig

type MessageType

type MessageType uint8

func (MessageType) String added in v1.16.100

func (m MessageType) String() string

String converts message type int to string

type MutualTLSMode added in v1.16.100

type MutualTLSMode string
const (
	MutualTLSModeDefault    MutualTLSMode = ""
	MutualTLSModeStrict     MutualTLSMode = "strict"
	MutualTLSModePermissive MutualTLSMode = "permissive"
)

type NetworkSegment added in v1.0.0

type NetworkSegment struct {
	// Name is the name of the segment.
	Name string

	// Bind is the bind address for this segment.
	Bind *net.TCPAddr

	// Advertise is the advertise address of this segment.
	Advertise *net.TCPAddr

	// RPCListener is whether to bind a separate RPC listener on the bind address
	// for this segment.
	RPCListener bool
}

(Enterprise-only) NetworkSegment is the configuration for a network segment, which is an isolated serf group on the LAN.

type Node

type Node struct {
	ID              types.NodeID
	Node            string
	Address         string
	Datacenter      string
	Partition       string `json:",omitempty"`
	PeerName        string `json:",omitempty"`
	TaggedAddresses map[string]string
	Meta            map[string]string
	Locality        *Locality `json:",omitempty" bexpr:"-"`

	RaftIndex `bexpr:"-"`
}

Used to return information about a node

func (*Node) BestAddress added in v1.16.100

func (n *Node) BestAddress(wan bool) string

func (*Node) DeepCopy added in v1.16.100

func (o *Node) DeepCopy() *Node

DeepCopy generates a deep copy of *Node

func (*Node) FillAuthzContext added in v1.16.100

func (n *Node) FillAuthzContext(ctx *acl.AuthorizerContext)

func (*Node) GetEnterpriseMeta added in v1.16.100

func (n *Node) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*Node) IsSame added in v1.3.0

func (n *Node) IsSame(other *Node) bool

IsSame return whether nodes are similar without taking into account RaftIndex fields.

func (*Node) OverridePartition added in v1.16.100

func (n *Node) OverridePartition(_ string)

func (*Node) PartitionOrDefault added in v1.16.100

func (n *Node) PartitionOrDefault() string

func (*Node) PeerOrEmpty added in v1.16.100

func (n *Node) PeerOrEmpty() string

func (*Node) ToRegisterRequest added in v1.16.100

func (n *Node) ToRegisterRequest() RegisterRequest

type NodeDump

type NodeDump []*NodeInfo

NodeDump is used to dump all the nodes with all their associated data. This is currently used for the UI only, as it is rather expensive to generate.

type NodeInfo

type NodeInfo struct {
	ID              types.NodeID
	Node            string
	Partition       string `json:",omitempty"`
	PeerName        string `json:",omitempty"`
	Address         string
	TaggedAddresses map[string]string
	Meta            map[string]string
	Services        []*NodeService
	Checks          HealthChecks
}

NodeInfo is used to dump all associated information about a node. This is currently used for the UI only, as it is rather expensive to generate.

func (*NodeInfo) FillAuthzContext added in v1.16.100

func (n *NodeInfo) FillAuthzContext(ctx *acl.AuthorizerContext)

func (*NodeInfo) GetEnterpriseMeta added in v1.16.100

func (n *NodeInfo) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*NodeInfo) PartitionOrDefault added in v1.16.100

func (n *NodeInfo) PartitionOrDefault() string

type NodeService

type NodeService struct {
	// Kind is the kind of service this is. Different kinds of services may
	// have differing validation, DNS behavior, etc. An empty kind will default
	// to the Default kind. See ServiceKind for the full list of kinds.
	Kind ServiceKind `json:",omitempty"`

	ID                string
	Service           string
	Tags              []string
	Address           string
	TaggedAddresses   map[string]ServiceAddress `json:",omitempty"`
	Meta              map[string]string
	Port              int    `json:",omitempty"`
	SocketPath        string `json:",omitempty"` // TODO This might be integrated into Address somehow, but not sure about the ergonomics. Only one of (address,port) or socketpath can be defined.
	Weights           *Weights
	EnableTagOverride bool
	Locality          *Locality `json:",omitempty" bexpr:"-"`

	// Proxy is the configuration set for Kind = connect-proxy. It is mandatory in
	// that case and an error to be set for any other kind. This config is part of
	// a proxy service definition. ProxyConfig may be a more natural name here, but
	// it's confusing for the UX because one of the fields in ConnectProxyConfig is
	// also called just "Config"
	Proxy ConnectProxyConfig

	// Connect are the Connect settings for a service. This is purposely NOT
	// a pointer so that we never have to nil-check this.
	Connect ServiceConnect

	// TODO: rename to reflect that this is used to express future intent to register.
	// LocallyRegisteredAsSidecar is private as it is only used by a local agent
	// state to track if the service was or will be registered from a nested sidecar_service
	// block. We need to track that so we can know whether we need to deregister
	// it automatically too if it's removed from the service definition or if the
	// parent service is deregistered. Relying only on ID would cause us to
	// deregister regular services if they happen to be registered using the same
	// ID scheme as our sidecars do by default. We could use meta but that gets
	// unpleasant because we can't use the consul- prefix from an agent (reserved
	// for use internally but in practice that means within the state store or in
	// responses only), and it leaks the detail publicly which people might rely
	// on which is a bit unpleasant for something that is meant to be config-file
	// syntax sugar. Note this is not translated to ServiceNode and friends and
	// may not be set on a NodeService that isn't the one the agent registered and
	// keeps in it's local state. We never want this rendered in JSON as it's
	// internal only. Right now our agent endpoints return api structs which don't
	// include it but this is a safety net incase we change that or there is
	// somewhere this is used in API output.
	LocallyRegisteredAsSidecar bool `json:"-" bexpr:"-"`

	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash" bexpr:"-"`

	// If not empty, PeerName represents the peer that the NodeService was imported from.
	PeerName string

	RaftIndex `bexpr:"-"`
}

NodeService is a service provided by a node

func TestNodeService added in v1.2.0

func TestNodeService(t testing.T) *NodeService

TestNodeService returns a *NodeService representing a valid regular service: "web".

func TestNodeServiceAPIGateway added in v1.16.100

func TestNodeServiceAPIGateway(t testing.T) *NodeService

func TestNodeServiceExpose added in v1.16.100

func TestNodeServiceExpose(t testing.T) *NodeService

func TestNodeServiceIngressGateway added in v1.16.100

func TestNodeServiceIngressGateway(t testing.T, address string) *NodeService

func TestNodeServiceMeshGateway added in v1.16.100

func TestNodeServiceMeshGateway(t testing.T) *NodeService

TestNodeServiceMeshGateway returns a *NodeService representing a valid Mesh Gateway

func TestNodeServiceMeshGatewayWithAddrs added in v1.16.100

func TestNodeServiceMeshGatewayWithAddrs(t testing.T, address string, port int, lanAddr, wanAddr ServiceAddress) *NodeService

func TestNodeServiceProxy added in v1.2.0

func TestNodeServiceProxy(t testing.T) *NodeService

TestNodeServiceProxy returns a *NodeService representing a valid Connect proxy.

func TestNodeServiceProxyInPartition added in v1.16.100

func TestNodeServiceProxyInPartition(t testing.T, partition string) *NodeService

func TestNodeServiceSidecar added in v1.3.0

func TestNodeServiceSidecar(t testing.T) *NodeService

TestNodeServiceSidecar returns a *NodeService representing a service registration with a nested Sidecar registration.

func TestNodeServiceTerminatingGateway added in v1.16.100

func TestNodeServiceTerminatingGateway(t testing.T, address string) *NodeService

func TestNodeServiceWithName added in v1.16.100

func TestNodeServiceWithName(t testing.T, name string) *NodeService

func (*NodeService) BestAddress added in v1.16.100

func (ns *NodeService) BestAddress(wan bool) (string, int)

func (*NodeService) CompoundServiceID added in v1.16.100

func (ns *NodeService) CompoundServiceID() ServiceID

func (*NodeService) CompoundServiceName added in v1.16.100

func (ns *NodeService) CompoundServiceName() ServiceName

func (*NodeService) DeepCopy added in v1.16.100

func (o *NodeService) DeepCopy() *NodeService

DeepCopy generates a deep copy of *NodeService

func (*NodeService) FillAuthzContext added in v1.16.100

func (ns *NodeService) FillAuthzContext(ctx *acl.AuthorizerContext)

func (*NodeService) IsGateway added in v1.16.100

func (s *NodeService) IsGateway() bool

func (*NodeService) IsSame

func (s *NodeService) IsSame(other *NodeService) bool

IsSame checks if one NodeService is the same as another, without looking at the Raft information (that's why we didn't call it IsEqual). This is useful for seeing if an update would be idempotent for all the functional parts of the structure.

func (*NodeService) IsSidecarProxy added in v1.16.100

func (s *NodeService) IsSidecarProxy() bool

IsSidecarProxy returns true if the NodeService is a sidecar proxy.

func (*NodeService) ToServiceNode

func (s *NodeService) ToServiceNode(node string) *ServiceNode

ToServiceNode converts the given node service to a service node.

func (*NodeService) Validate added in v1.2.0

func (s *NodeService) Validate() error

Validate validates the node service configuration.

NOTE(mitchellh): This currently only validates fields for a ConnectProxy. Historically validation has been directly in the Catalog.Register RPC. ConnectProxy validation was moved here for easier table testing, but other validation still exists in Catalog.Register.

func (*NodeService) ValidateForAgent added in v1.16.100

func (s *NodeService) ValidateForAgent() error

ValidateForAgent does a subset validation, with the assumption that a local agent can assist with missing values.

I.e. in the catalog case, a local agent cannot be assumed to facilitate auto-assignment of port or socket path, so additional checks are needed.

type NodeServiceList added in v1.16.100

type NodeServiceList struct {
	Node     *Node
	Services []*NodeService
}

NodeServiceList represents services provided by Node. Services is a list of services.

type NodeServices

type NodeServices struct {
	Node     *Node
	Services map[string]*NodeService
}

NodeServices represents services provided by Node. Services is a map of service IDs to services.

type NodeSpecificRequest

type NodeSpecificRequest struct {
	Datacenter string
	Node       string
	PeerName   string
	// MergeCentralConfig when set to true returns a service definition merged with
	// the proxy-defaults/global and service-defaults/:service config entries.
	// This can be used to ensure a full service definition is returned in the response
	// especially when the service might not be written into the catalog that way.
	MergeCentralConfig bool

	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	QueryOptions
}

NodeSpecificRequest is used to request the information about a single node

func (*NodeSpecificRequest) CacheInfo added in v1.4.3

func (r *NodeSpecificRequest) CacheInfo() cache.RequestInfo

func (*NodeSpecificRequest) RequestDatacenter

func (r *NodeSpecificRequest) RequestDatacenter() string

type Nodes

type Nodes []*Node

type OpaqueUpstreamConfig added in v1.16.100

type OpaqueUpstreamConfig struct {
	Upstream PeeredServiceName
	Config   map[string]interface{}
}

type OpaqueUpstreamConfigs added in v1.16.100

type OpaqueUpstreamConfigs []OpaqueUpstreamConfig

type OperatorUsageRequest added in v1.16.100

type OperatorUsageRequest struct {
	DCSpecificRequest

	Global bool
}

type ParsedPolicyCacheEntry added in v1.4.0

type ParsedPolicyCacheEntry struct {
	Policy    *acl.Policy
	CacheTime time.Time
}

func (*ParsedPolicyCacheEntry) Age added in v1.4.0

type PartitionSpecificRequest added in v1.16.100

type PartitionSpecificRequest struct {
	Datacenter string

	acl.EnterpriseMeta
	QueryOptions
}

PartitionSpecificRequest is used to query about a specific partition.

func (*PartitionSpecificRequest) CacheInfo added in v1.16.100

func (*PartitionSpecificRequest) RequestDatacenter added in v1.16.100

func (r *PartitionSpecificRequest) RequestDatacenter() string

type PassiveHealthCheck added in v1.16.100

type PassiveHealthCheck struct {
	// Interval between health check analysis sweeps. Each sweep may remove
	// hosts or return hosts to the pool.
	Interval time.Duration `json:",omitempty"`

	// MaxFailures is the count of consecutive failures that results in a host
	// being removed from the pool.
	MaxFailures uint32 `json:",omitempty" alias:"max_failures"`

	// EnforcingConsecutive5xx is the % chance that a host will be actually ejected
	// when an outlier status is detected through consecutive 5xx.
	// This setting can be used to disable ejection or to ramp it up slowly. Defaults to 100.
	EnforcingConsecutive5xx *uint32 `json:",omitempty" alias:"enforcing_consecutive_5xx"`

	// The maximum % of an upstream cluster that can be ejected due to outlier detection.
	// Defaults to 10% but will eject at least one host regardless of the value.
	// TODO: remove me
	MaxEjectionPercent *uint32 `json:",omitempty" alias:"max_ejection_percent"`

	// The base time that a host is ejected for. The real time is equal to the base time
	// multiplied by the number of times the host has been ejected and is capped by
	// max_ejection_time (Default 300s). Defaults to 30000ms or 30s.
	BaseEjectionTime *time.Duration `json:",omitempty" alias:"base_ejection_time"`
}

func (*PassiveHealthCheck) Clone added in v1.16.100

func (chk *PassiveHealthCheck) Clone() *PassiveHealthCheck

func (*PassiveHealthCheck) IsZero added in v1.16.100

func (chk *PassiveHealthCheck) IsZero() bool

func (PassiveHealthCheck) Validate added in v1.16.100

func (chk PassiveHealthCheck) Validate() error

type PeeredServiceName added in v1.16.100

type PeeredServiceName struct {
	ServiceName ServiceName
	Peer        string
}

PeeredServiceName is a basic tuple of ServiceName and peer

func (PeeredServiceName) String added in v1.16.100

func (psn PeeredServiceName) String() string

type PeeringMeshConfig added in v1.16.100

type PeeringMeshConfig struct {
	// PeerThroughMeshGateways determines whether peering traffic between
	// control planes should flow through mesh gateways. If enabled,
	// Consul servers will advertise mesh gateway addresses as their own.
	// Additionally, mesh gateways will configure themselves to expose
	// the local servers using a peering-specific SNI.
	PeerThroughMeshGateways bool `alias:"peer_through_mesh_gateways"`
}

PeeringMeshConfig contains cluster-wide options pertaining to peering.

type PeeringServiceMeta added in v1.16.100

type PeeringServiceMeta struct {
	SNI      []string `json:",omitempty"`
	SpiffeID []string `json:",omitempty"`
	Protocol string   `json:",omitempty"`
}

PeeringServiceMeta is read-only information provided from an exported peer.

func (*PeeringServiceMeta) DeepCopy added in v1.16.100

func (o *PeeringServiceMeta) DeepCopy() *PeeringServiceMeta

DeepCopy generates a deep copy of *PeeringServiceMeta

func (*PeeringServiceMeta) PrimarySNI added in v1.16.100

func (m *PeeringServiceMeta) PrimarySNI() string

type PeeringToken added in v1.16.100

type PeeringToken struct {
	CA                    []string
	ManualServerAddresses []string
	ServerAddresses       []string
	ServerName            string
	PeerID                string
	EstablishmentSecret   string
	Remote                PeeringTokenRemote
}

PeeringToken identifies a peer in order for a connection to be established.

type PeeringTokenRemote added in v1.16.100

type PeeringTokenRemote struct {
	Partition  string
	Datacenter string
	Locality   *Locality
}

type PolicyCacheEntry added in v1.4.0

type PolicyCacheEntry struct {
	Policy    *ACLPolicy
	CacheTime time.Time
}

func (*PolicyCacheEntry) Age added in v1.4.0

func (e *PolicyCacheEntry) Age() time.Duration

type PreparedQueries

type PreparedQueries []*PreparedQuery

type PreparedQuery

type PreparedQuery struct {
	// ID is this UUID-based ID for the query, always generated by Consul.
	ID string

	// Name is an optional friendly name for the query supplied by the
	// user. NOTE - if this feature is used then it will reduce the security
	// of any read ACL associated with this query/service since this name
	// can be used to locate nodes with supplying any ACL.
	Name string

	// Session is an optional session to tie this query's lifetime to. If
	// this is omitted then the query will not expire.
	Session string

	// Token is the ACL token used when the query was created, and it is
	// used when a query is subsequently executed. This token, or a token
	// with management privileges, must be used to change the query later.
	Token string

	// Template is used to configure this query as a template, which will
	// respond to queries based on the Name, and then will be rendered
	// before it is executed.
	Template QueryTemplateOptions

	// Service defines a service query (leaving things open for other types
	// later).
	Service ServiceQuery

	// DNS has options that control how the results of this query are
	// served over DNS.
	DNS QueryDNSOptions

	RaftIndex
}

PreparedQuery defines a complete prepared query, and is the structure we maintain in the state store.

func (*PreparedQuery) GetACLPrefix

func (pq *PreparedQuery) GetACLPrefix() (string, bool)

GetACLPrefix returns the prefix to look up the prepared_query ACL policy for this query, and whether the prefix applies to this query. You always need to check the ok value before using the prefix.

type PreparedQueryExecuteRemoteRequest

type PreparedQueryExecuteRemoteRequest struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// Query is a copy of the query to execute.  We have to ship the entire
	// query over since it won't be present in the remote state store.
	Query PreparedQuery

	// Limit will trim the resulting list down to the given limit.
	Limit int

	// Connect is the same as ExecuteRequest.
	Connect bool

	// QueryOptions (unfortunately named here) controls the consistency
	// settings for the the service lookups.
	QueryOptions
}

PreparedQueryExecuteRemoteRequest is used when running a local query in a remote datacenter.

func (*PreparedQueryExecuteRemoteRequest) RequestDatacenter

func (q *PreparedQueryExecuteRemoteRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type PreparedQueryExecuteRequest

type PreparedQueryExecuteRequest struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// QueryIDOrName is the ID of a query _or_ the name of one, either can
	// be provided.
	QueryIDOrName string

	// Limit will trim the resulting list down to the given limit.
	Limit int

	// Connect will force results to be Connect-enabled nodes for the
	// matching services. This is equivalent in semantics exactly to
	// setting "Connect" in the query template itself, but allows callers
	// to use any prepared query in a Connect setting.
	Connect bool

	// Source is used to sort the results relative to a given node using
	// network coordinates.
	Source QuerySource

	// Agent is used to carry around a reference to the agent which initiated
	// the execute request. Used to distance-sort relative to the local node.
	Agent QuerySource

	// QueryOptions (unfortunately named here) controls the consistency
	// settings for the query lookup itself, as well as the service lookups.
	QueryOptions
}

PreparedQueryExecuteRequest is used to execute a prepared query.

func (*PreparedQueryExecuteRequest) CacheInfo added in v1.3.0

CacheInfo implements cache.Request allowing requests to be cached on agent.

func (*PreparedQueryExecuteRequest) RequestDatacenter

func (q *PreparedQueryExecuteRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type PreparedQueryExecuteResponse

type PreparedQueryExecuteResponse struct {
	// Service is the service that was queried.
	Service string

	// EnterpriseMeta of the service that was queried.
	acl.EnterpriseMeta

	// Nodes has the nodes that were output by the query.
	Nodes CheckServiceNodes

	// DNS has the options for serving these results over DNS.
	DNS QueryDNSOptions

	// Datacenter is the datacenter that these results came from.
	Datacenter string

	// PeerName specifies the cluster peer that these results came from.
	PeerName string

	// Failovers is a count of how many times we had to query a remote
	// datacenter.
	Failovers int

	// QueryMeta has freshness information about the query.
	QueryMeta
}

PreparedQueryExecuteResponse has the results of executing a query.

type PreparedQueryExplainResponse

type PreparedQueryExplainResponse struct {
	// Query has the fully-rendered query.
	Query PreparedQuery

	// QueryMeta has freshness information about the query.
	QueryMeta
}

PreparedQueryExplainResponse has the results when explaining a query/

type PreparedQueryOp

type PreparedQueryOp string
const (
	PreparedQueryCreate PreparedQueryOp = "create"
	PreparedQueryUpdate PreparedQueryOp = "update"
	PreparedQueryDelete PreparedQueryOp = "delete"
)

type PreparedQueryRequest

type PreparedQueryRequest struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// Op is the operation to apply.
	Op PreparedQueryOp

	// Query is the query itself.
	Query *PreparedQuery

	// WriteRequest holds the ACL token to go along with this request.
	WriteRequest
}

QueryRequest is used to create or change prepared queries.

func (*PreparedQueryRequest) RequestDatacenter

func (q *PreparedQueryRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type PreparedQuerySpecificRequest

type PreparedQuerySpecificRequest struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// QueryID is the ID of a query.
	QueryID string

	// QueryOptions (unfortunately named here) controls the consistency
	// settings for the query lookup itself, as well as the service lookups.
	QueryOptions
}

PreparedQuerySpecificRequest is used to get information about a prepared query.

func (*PreparedQuerySpecificRequest) RequestDatacenter

func (q *PreparedQuerySpecificRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type ProxyConfigEntry added in v1.16.100

type ProxyConfigEntry struct {
	Kind                 string
	Name                 string
	Config               map[string]interface{}
	Mode                 ProxyMode                            `json:",omitempty"`
	TransparentProxy     TransparentProxyConfig               `json:",omitempty" alias:"transparent_proxy"`
	MutualTLSMode        MutualTLSMode                        `json:",omitempty" alias:"mutual_tls_mode"`
	MeshGateway          MeshGatewayConfig                    `json:",omitempty" alias:"mesh_gateway"`
	Expose               ExposeConfig                         `json:",omitempty"`
	AccessLogs           AccessLogsConfig                     `json:",omitempty" alias:"access_logs"`
	EnvoyExtensions      EnvoyExtensions                      `json:",omitempty" alias:"envoy_extensions"`
	FailoverPolicy       *ServiceResolverFailoverPolicy       `json:",omitempty" alias:"failover_policy"`
	PrioritizeByLocality *ServiceResolverPrioritizeByLocality `json:",omitempty" alias:"prioritize_by_locality"`

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

ProxyConfigEntry is the top-level struct for global proxy configuration defaults.

func (*ProxyConfigEntry) CanRead added in v1.16.100

func (e *ProxyConfigEntry) CanRead(authz acl.Authorizer) error

func (*ProxyConfigEntry) CanWrite added in v1.16.100

func (e *ProxyConfigEntry) CanWrite(authz acl.Authorizer) error

func (*ProxyConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *ProxyConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*ProxyConfigEntry) GetKind added in v1.16.100

func (e *ProxyConfigEntry) GetKind() string

func (*ProxyConfigEntry) GetMeta added in v1.16.100

func (e *ProxyConfigEntry) GetMeta() map[string]string

func (*ProxyConfigEntry) GetName added in v1.16.100

func (e *ProxyConfigEntry) GetName() string

func (*ProxyConfigEntry) GetRaftIndex added in v1.16.100

func (e *ProxyConfigEntry) GetRaftIndex() *RaftIndex

func (*ProxyConfigEntry) MarshalBinary added in v1.16.100

func (e *ProxyConfigEntry) MarshalBinary() (data []byte, err error)

func (*ProxyConfigEntry) Normalize added in v1.16.100

func (e *ProxyConfigEntry) Normalize() error

func (*ProxyConfigEntry) UnmarshalBinary added in v1.16.100

func (e *ProxyConfigEntry) UnmarshalBinary(data []byte) error

func (*ProxyConfigEntry) Validate added in v1.16.100

func (e *ProxyConfigEntry) Validate() error

type ProxyMode added in v1.16.100

type ProxyMode string
const (
	// ProxyModeDefault represents no specific mode and should
	// be used to indicate that a different layer of the configuration
	// chain should take precedence
	ProxyModeDefault ProxyMode = ""

	// ProxyModeTransparent represents that inbound and outbound application
	// traffic is being captured and redirected through the proxy.
	ProxyModeTransparent ProxyMode = "transparent"

	// ProxyModeDirect represents that the proxy's listeners must be dialed directly
	// by the local application and other proxies.
	ProxyModeDirect ProxyMode = "direct"
)

func ValidateProxyMode added in v1.16.100

func ValidateProxyMode(mode string) (ProxyMode, error)

type QueryBackend added in v1.16.100

type QueryBackend int
const (
	QueryBackendBlocking QueryBackend = iota
	QueryBackendStreaming
)

func QueryBackendFromString added in v1.16.100

func QueryBackendFromString(s string) QueryBackend

func (QueryBackend) GoString added in v1.16.100

func (q QueryBackend) GoString() string

func (QueryBackend) String added in v1.16.100

func (q QueryBackend) String() string

type QueryDNSOptions

type QueryDNSOptions struct {
	// TTL is the time to live for the served DNS results.
	TTL string
}

QueryDNSOptions controls settings when query results are served over DNS.

type QueryFailoverOptions added in v1.16.100

type QueryFailoverOptions struct {
	// NearestN is set to the number of remote datacenters to try, based on
	// network coordinates.
	NearestN int

	// Datacenters is a fixed list of datacenters to try after NearestN. We
	// never try a datacenter multiple times, so those are subtracted from
	// this list before proceeding.
	Datacenters []string

	// Targets is a fixed list of datacenters and peers to try. This field cannot
	// be populated with NearestN or Datacenters.
	Targets []QueryFailoverTarget
}

QueryFailoverOptions sets options about how we fail over if there are no healthy nodes in the local datacenter.

func (*QueryFailoverOptions) AsTargets added in v1.16.100

func (f *QueryFailoverOptions) AsTargets() []QueryFailoverTarget

AsTargets either returns Targets as is or Datacenters converted into Targets.

func (*QueryFailoverOptions) IsEmpty added in v1.16.100

func (f *QueryFailoverOptions) IsEmpty() bool

IsEmpty returns true if the QueryFailoverOptions are empty (not set), false otherwise

type QueryFailoverTarget added in v1.16.100

type QueryFailoverTarget struct {
	// Peer specifies a peer to try during failover.
	Peer string

	// Datacenter specifies a datacenter to try during failover.
	Datacenter string

	acl.EnterpriseMeta
}

type QueryMeta

type QueryMeta struct {
	// Index in the raft log of the latest item returned by the query. If the
	// query did not return any results the Index will be a value that will
	// change when a new item is added.
	Index uint64

	// If AllowStale is used, this is time elapsed since
	// last contact between the follower and leader. This
	// can be used to gauge staleness.
	LastContact time.Duration

	// Used to indicate if there is a known leader node
	KnownLeader bool

	// Consistencylevel returns the consistency used to serve the query
	// Having `discovery_max_stale` on the agent can affect whether
	// the request was served by a leader.
	ConsistencyLevel string

	// NotModified is true when the Index of the query is the same value as the
	// requested MinIndex. It indicates that the entity has not been modified.
	// When NotModified is true, the response will not contain the result of
	// the query.
	NotModified bool

	// Backend used to handle this query, either blocking-query or streaming.
	Backend QueryBackend

	// ResultsFilteredByACLs is true when some of the query's results were
	// filtered out by enforcing ACLs. It may be false because nothing was
	// removed, or because the endpoint does not yet support this flag.
	ResultsFilteredByACLs bool
}

QueryMeta allows a query response to include potentially useful metadata about a query

func (*QueryMeta) GetBackend added in v1.16.100

func (q *QueryMeta) GetBackend() QueryBackend

func (*QueryMeta) GetConsistencyLevel added in v1.16.100

func (m *QueryMeta) GetConsistencyLevel() string

GetConsistencyLevel helps implement the QueryMetaCompat interface

func (*QueryMeta) GetIndex added in v1.16.100

func (m *QueryMeta) GetIndex() uint64

func (*QueryMeta) GetKnownLeader added in v1.16.100

func (m *QueryMeta) GetKnownLeader() bool

GetKnownLeader helps implement the QueryMetaCompat interface

func (*QueryMeta) GetLastContact added in v1.16.100

func (m *QueryMeta) GetLastContact() (time.Duration, error)

GetLastContact helps implement the QueryMetaCompat interface

func (*QueryMeta) GetResultsFilteredByACLs added in v1.16.100

func (q *QueryMeta) GetResultsFilteredByACLs() bool

GetResultsFilteredByACLs is needed to implement the structs.QueryMetaCompat interface.

func (*QueryMeta) SetConsistencyLevel added in v1.16.100

func (q *QueryMeta) SetConsistencyLevel(consistencyLevel string)

SetConsistencyLevel is needed to implement the structs.QueryMetaCompat interface

func (*QueryMeta) SetIndex added in v1.16.100

func (q *QueryMeta) SetIndex(index uint64)

SetIndex is needed to implement the structs.QueryMetaCompat interface

func (*QueryMeta) SetKnownLeader added in v1.16.100

func (q *QueryMeta) SetKnownLeader(knownLeader bool)

SetKnownLeader is needed to implement the structs.QueryMetaCompat interface

func (*QueryMeta) SetLastContact added in v1.16.100

func (q *QueryMeta) SetLastContact(lastContact time.Duration)

SetLastContact is needed to implement the structs.QueryMetaCompat interface

func (*QueryMeta) SetResultsFilteredByACLs added in v1.16.100

func (q *QueryMeta) SetResultsFilteredByACLs(v bool)

SetResultsFilteredByACLs is needed to implement the structs.QueryMetaCompat interface.

type QueryOptions

type QueryOptions struct {
	// Token is the ACL token ID. If not provided, the 'anonymous'
	// token is assumed for backwards compatibility.
	Token string `mapstructure:"x-consul-token,omitempty"`

	// If set, wait until query exceeds given index. Must be provided
	// with MaxQueryTime.
	MinQueryIndex uint64 `mapstructure:"min-query-index,omitempty"`

	// Provided with MinQueryIndex to wait for change.
	MaxQueryTime time.Duration `mapstructure:"max-query-time,omitempty"`

	// If set, any follower can service the request. Results
	// may be arbitrarily stale.
	AllowStale bool `mapstructure:"allow-stale,omitempty"`

	// If set, the leader must verify leadership prior to
	// servicing the request. Prevents a stale read.
	RequireConsistent bool `mapstructure:"require-consistent,omitempty"`

	// If set, the local agent may respond with an arbitrarily stale locally
	// cached response. The semantics differ from AllowStale since the agent may
	// be entirely partitioned from the servers and still considered "healthy" by
	// operators. Stale responses from Servers are also arbitrarily stale, but can
	// provide additional bounds on the last contact time from the leader. It's
	// expected that servers that are partitioned are noticed and replaced in a
	// timely way by operators while the same may not be true for client agents.
	UseCache bool `mapstructure:"use-cache,omitempty"`

	// If set and AllowStale is true, will try first a stale
	// read, and then will perform a consistent read if stale
	// read is older than value.
	MaxStaleDuration time.Duration `mapstructure:"max-stale-duration,omitempty"`

	// MaxAge limits how old a cached value will be returned if UseCache is true.
	// If there is a cached response that is older than the MaxAge, it is treated
	// as a cache miss and a new fetch invoked. If the fetch fails, the error is
	// returned. Clients that wish to allow for stale results on error can set
	// StaleIfError to a longer duration to change this behavior. It is ignored
	// if the endpoint supports background refresh caching. See
	// https://www.consul.io/api/index.html#agent-caching for more details.
	MaxAge time.Duration `mapstructure:"max-age,omitempty"`

	// MustRevalidate forces the agent to fetch a fresh version of a cached
	// resource or at least validate that the cached version is still fresh. It is
	// implied by either max-age=0 or must-revalidate Cache-Control headers. It
	// only makes sense when UseCache is true. We store it since MaxAge = 0 is the
	// default unset value.
	MustRevalidate bool `mapstructure:"must-revalidate,omitempty"`

	// StaleIfError specifies how stale the client will accept a cached response
	// if the servers are unavailable to fetch a fresh one. Only makes sense when
	// UseCache is true and MaxAge is set to a lower, non-zero value. It is
	// ignored if the endpoint supports background refresh caching. See
	// https://www.consul.io/api/index.html#agent-caching for more details.
	StaleIfError time.Duration `mapstructure:"stale-if-error,omitempty"`

	// Filter specifies the go-bexpr filter expression to be used for
	// filtering the data prior to returning a response
	Filter string `mapstructure:"filter,omitempty"`

	// AllowNotModifiedResponse indicates that if the MinIndex matches the
	// QueryMeta.Index, the response can be left empty and QueryMeta.NotModified
	// will be set to true to indicate the result of the query has not changed.
	AllowNotModifiedResponse bool `mapstructure:"allow-not-modified-response,omitempty"`
}

QueryOptions is used to specify various flags for read queries

func (QueryOptions) AllowStaleRead

func (q QueryOptions) AllowStaleRead() bool

func (QueryOptions) BlockingTimeout added in v1.16.100

func (q QueryOptions) BlockingTimeout(maxQueryTime, defaultQueryTime time.Duration) time.Duration

BlockingTimeout implements pool.BlockableQuery

func (QueryOptions) ConsistencyLevel added in v1.0.7

func (q QueryOptions) ConsistencyLevel() string

ConsistencyLevel display the consistency required by a request

func (*QueryOptions) GetAllowStale added in v1.16.100

func (m *QueryOptions) GetAllowStale() bool

GetAllowStale helps implement the QueryOptionsCompat interface

func (*QueryOptions) GetFilter added in v1.16.100

func (m *QueryOptions) GetFilter() string

GetFilter helps implement the QueryOptionsCompat interface

func (*QueryOptions) GetMaxAge added in v1.16.100

func (m *QueryOptions) GetMaxAge() (time.Duration, error)

GetMaxAge helps implement the QueryOptionsCompat interface

func (*QueryOptions) GetMaxQueryTime added in v1.16.100

func (m *QueryOptions) GetMaxQueryTime() (time.Duration, error)

GetMaxQueryTime helps implement the QueryOptionsCompat interface

func (*QueryOptions) GetMaxStaleDuration added in v1.16.100

func (m *QueryOptions) GetMaxStaleDuration() (time.Duration, error)

GetMaxStaleDuration helps implement the QueryOptionsCompat interface

func (*QueryOptions) GetMinQueryIndex added in v1.16.100

func (m *QueryOptions) GetMinQueryIndex() uint64

GetMinQueryIndex helps implement the QueryOptionsCompat interface

func (*QueryOptions) GetMustRevalidate added in v1.16.100

func (m *QueryOptions) GetMustRevalidate() bool

GetMustRevalidate helps implement the QueryOptionsCompat interface

func (*QueryOptions) GetRequireConsistent added in v1.16.100

func (m *QueryOptions) GetRequireConsistent() bool

GetRequireConsistent helps implement the QueryOptionsCompat interface

func (*QueryOptions) GetStaleIfError added in v1.16.100

func (m *QueryOptions) GetStaleIfError() (time.Duration, error)

GetStaleIfError helps implement the QueryOptionsCompat interface

func (*QueryOptions) GetToken added in v1.16.100

func (m *QueryOptions) GetToken() string

GetToken helps implement the QueryOptionsCompat interface

func (*QueryOptions) GetUseCache added in v1.16.100

func (m *QueryOptions) GetUseCache() bool

GetUseCache helps implement the QueryOptionsCompat interface

func (QueryOptions) HasTimedOut added in v1.16.100

func (q QueryOptions) HasTimedOut(start time.Time, rpcHoldTimeout, maxQueryTime, defaultQueryTime time.Duration) (bool, error)

func (QueryOptions) IsRead

func (q QueryOptions) IsRead() bool

IsRead is always true for QueryOption.

func (*QueryOptions) SetAllowStale added in v1.16.100

func (q *QueryOptions) SetAllowStale(allowStale bool)

SetAllowStale is needed to implement the structs.QueryOptionsCompat interface

func (*QueryOptions) SetFilter added in v1.16.100

func (q *QueryOptions) SetFilter(filter string)

SetFilter is needed to implement the structs.QueryOptionsCompat interface

func (*QueryOptions) SetMaxAge added in v1.16.100

func (q *QueryOptions) SetMaxAge(maxAge time.Duration)

SetMaxAge is needed to implement the structs.QueryOptionsCompat interface

func (*QueryOptions) SetMaxQueryTime added in v1.16.100

func (q *QueryOptions) SetMaxQueryTime(maxQueryTime time.Duration)

SetMaxQueryTime is needed to implement the structs.QueryOptionsCompat interface

func (*QueryOptions) SetMaxStaleDuration added in v1.16.100

func (q *QueryOptions) SetMaxStaleDuration(maxStaleDuration time.Duration)

SetMaxStaleDuration is needed to implement the structs.QueryOptionsCompat interface

func (*QueryOptions) SetMinQueryIndex added in v1.16.100

func (q *QueryOptions) SetMinQueryIndex(minQueryIndex uint64)

SetMinQueryIndex is needed to implement the structs.QueryOptionsCompat interface

func (*QueryOptions) SetMustRevalidate added in v1.16.100

func (q *QueryOptions) SetMustRevalidate(mustRevalidate bool)

SetMustRevalidate is needed to implement the structs.QueryOptionsCompat interface

func (*QueryOptions) SetRequireConsistent added in v1.16.100

func (q *QueryOptions) SetRequireConsistent(requireConsistent bool)

SetRequireConsistent is needed to implement the structs.QueryOptionsCompat interface

func (*QueryOptions) SetStaleIfError added in v1.16.100

func (q *QueryOptions) SetStaleIfError(staleIfError time.Duration)

SetStaleIfError is needed to implement the structs.QueryOptionsCompat interface

func (*QueryOptions) SetToken added in v1.16.100

func (q *QueryOptions) SetToken(token string)

SetToken is needed to implement the structs.QueryOptionsCompat interface

func (*QueryOptions) SetTokenSecret added in v1.16.100

func (q *QueryOptions) SetTokenSecret(s string)

func (*QueryOptions) SetUseCache added in v1.16.100

func (q *QueryOptions) SetUseCache(useCache bool)

SetUseCache is needed to implement the structs.QueryOptionsCompat interface

func (QueryOptions) TokenSecret added in v1.4.0

func (q QueryOptions) TokenSecret() string

type QuerySource

type QuerySource struct {
	Datacenter    string
	Segment       string
	Node          string
	NodePartition string `json:",omitempty"`
	Ip            string
}

QuerySource is used to pass along information about the source node in queries so that we can adjust the response based on its network coordinates.

func (QuerySource) NodeEnterpriseMeta added in v1.16.100

func (s QuerySource) NodeEnterpriseMeta() *acl.EnterpriseMeta

func (QuerySource) NodePartitionOrDefault added in v1.16.100

func (s QuerySource) NodePartitionOrDefault() string

type QueryTemplateOptions

type QueryTemplateOptions struct {
	// Type, if non-empty, means that this query is a template. This is
	// set to one of the QueryTemplateType* constants above.
	Type string

	// Regexp is an optional regular expression to use to parse the full
	// name, once the prefix match has selected a template. This can be
	// used to extract parts of the name and choose a service name, set
	// tags, etc.
	Regexp string

	// RemoveEmptyTags, if true, removes empty tags from matched tag list
	RemoveEmptyTags bool
}

QueryTemplateOptions controls settings if this query is a template.

type RPCInfo

type RPCInfo interface {
	RequestDatacenter() string
	IsRead() bool
	AllowStaleRead() bool
	TokenSecret() string
	SetTokenSecret(string)
	HasTimedOut(since time.Time, rpcHoldTimeout, maxQueryTime, defaultQueryTime time.Duration) (bool, error)
}

RPCInfo is used to describe common information about query

type RaftConfigurationResponse

type RaftConfigurationResponse struct {
	// Servers has the list of servers in the Raft configuration.
	Servers []*RaftServer

	// Index has the Raft index of this configuration.
	Index uint64
}

RaftConfigurationResponse is returned when querying for the current Raft configuration.

type RaftIndex

type RaftIndex struct {
	CreateIndex uint64 `bexpr:"-"`
	ModifyIndex uint64 `bexpr:"-"`
}

RaftIndex is used to track the index used while creating or modifying a given struct type.

type RaftRemovePeerRequest

type RaftRemovePeerRequest struct {
	// Datacenter is the target this request is intended for.
	Datacenter string

	// Address is the peer to remove, in the form "IP:port".
	Address raft.ServerAddress

	// ID is the peer ID to remove.
	ID raft.ServerID

	// WriteRequest holds the ACL token to go along with this request.
	WriteRequest
}

RaftRemovePeerRequest is used by the Operator endpoint to apply a Raft operation on a specific Raft peer by address in the form of "IP:port".

func (*RaftRemovePeerRequest) RequestDatacenter

func (op *RaftRemovePeerRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type RaftServer

type RaftServer struct {
	// ID is the unique ID for the server. These are currently the same
	// as the address, but they will be changed to a real GUID in a future
	// release of Consul.
	ID raft.ServerID

	// Node is the node name of the server, as known by Consul, or this
	// will be set to "(unknown)" otherwise.
	Node string

	// Address is the IP:port of the server, used for Raft communications.
	Address raft.ServerAddress

	// Leader is true if this server is the current cluster leader.
	Leader bool

	// Protocol version is the raft protocol version used by the server
	ProtocolVersion string

	// Voter is true if this server has a vote in the cluster. This might
	// be false if the server is staging and still coming online, or if
	// it's a non-voting server, which will be added in a future release of
	// Consul.
	Voter bool

	// LastIndex is the last log index this server has a record of in its Raft log.
	LastIndex uint64
}

RaftServer has information about a server in the Raft configuration.

type RaftStats added in v1.16.100

type RaftStats struct {
	// LastContact is the time since this node's last contact with the leader.
	LastContact string

	// LastTerm is the highest leader term this server has a record of in its Raft log.
	LastTerm uint64

	// LastIndex is the last log index this server has a record of in its Raft log.
	LastIndex uint64
}

RaftStats holds miscellaneous Raft metrics for a server.

func (*RaftStats) ToAutopilotServerStats added in v1.16.100

func (s *RaftStats) ToAutopilotServerStats() *autopilot.ServerStats

type RegisterRequest

type RegisterRequest struct {
	Datacenter      string
	ID              types.NodeID
	Node            string
	Address         string
	TaggedAddresses map[string]string
	NodeMeta        map[string]string
	Service         *NodeService
	Check           *HealthCheck
	Checks          HealthChecks
	Locality        *Locality

	// SkipNodeUpdate can be used when a register request is intended for
	// updating a service and/or checks, but doesn't want to overwrite any
	// node information if the node is already registered. If the node
	// doesn't exist, it will still be created, but if the node exists, any
	// node portion of this update will not apply.
	SkipNodeUpdate bool

	PeerName string

	// EnterpriseMeta is the embedded enterprise metadata
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`

	WriteRequest
	RaftIndex `bexpr:"-"`
}

RegisterRequest is used for the Catalog.Register endpoint to register a node as providing a service. If no service is provided, the node is registered.

func TestRegisterIngressGateway added in v1.16.100

func TestRegisterIngressGateway(t testing.T) *RegisterRequest

TestRegisterIngressGateway returns a RegisterRequest for registering an ingress gateway

func TestRegisterRequest added in v1.2.0

func TestRegisterRequest(t testing.T) *RegisterRequest

TestRegisterRequest returns a RegisterRequest for registering a typical service.

func TestRegisterRequestProxy added in v1.2.0

func TestRegisterRequestProxy(t testing.T) *RegisterRequest

TestRegisterRequestProxy returns a RegisterRequest for registering a Connect proxy.

func (*RegisterRequest) ChangesNode

func (r *RegisterRequest) ChangesNode(node *Node) bool

ChangesNode returns true if the given register request changes the given node, which can be nil. This only looks for changes to the node record itself, not any of the health checks.

func (*RegisterRequest) FillAuthzContext added in v1.16.100

func (_ *RegisterRequest) FillAuthzContext(_ *acl.AuthorizerContext)

FillAuthzContext stub

func (*RegisterRequest) GetEnterpriseMeta added in v1.16.100

func (_ *RegisterRequest) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*RegisterRequest) RequestDatacenter

func (r *RegisterRequest) RequestDatacenter() string

type RemoteACLAuthorizationRequest added in v1.16.100

type RemoteACLAuthorizationRequest struct {
	Datacenter string
	Requests   []ACLAuthorizationRequest
	QueryOptions
}

func (*RemoteACLAuthorizationRequest) RequestDatacenter added in v1.16.100

func (r *RemoteACLAuthorizationRequest) RequestDatacenter() string

type RemoteJWKS added in v1.16.100

type RemoteJWKS struct {
	// URI is the URI of the server to query for the JWKS.
	URI string `json:",omitempty"`

	// RequestTimeoutMs is the number of milliseconds to
	// time out when making a request for the JWKS.
	RequestTimeoutMs int `json:",omitempty" alias:"request_timeout_ms"`

	// CacheDuration is the duration after which cached keys
	// should be expired.
	//
	// Default value from envoy is 10 minutes.
	CacheDuration time.Duration `json:",omitempty" alias:"cache_duration"`

	// FetchAsynchronously indicates that the JWKS should be fetched
	// when a client request arrives. Client requests will be paused
	// until the JWKS is fetched.
	// If false, the proxy listener will wait for the JWKS to be
	// fetched before being activated.
	//
	// Default value is false.
	FetchAsynchronously bool `json:",omitempty" alias:"fetch_asynchronously"`

	// RetryPolicy defines a retry policy for fetching JWKS.
	//
	// There is no retry by default.
	RetryPolicy *JWKSRetryPolicy `json:",omitempty" alias:"retry_policy"`

	// JWKSCluster defines how the specified Remote JWKS URI is to be fetched.
	JWKSCluster *JWKSCluster `json:",omitempty" alias:"jwks_cluster"`
}

RemoteJWKS specifies how to fetch a JWKS from a remote server.

func (*RemoteJWKS) Validate added in v1.16.100

func (ks *RemoteJWKS) Validate() error

type ResourceReference added in v1.16.100

type ResourceReference struct {
	// Kind is the kind of ConfigEntry that this resource refers to.
	Kind string
	// Name is the identifier for the ConfigEntry this resource refers to.
	Name string
	// SectionName is a generic subresource identifier that specifies
	// a subset of the ConfigEntry to which this reference applies. Usage
	// of this field should be up to the controller that leverages it. If
	// unused, this should be blank.
	SectionName string

	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
}

ResourceReference is a reference to a ConfigEntry with an optional reference to a subsection of that ConfigEntry that can be specified as SectionName

func (*ResourceReference) IsSame added in v1.16.100

func (r *ResourceReference) IsSame(other *ResourceReference) bool

func (*ResourceReference) String added in v1.16.100

func (r *ResourceReference) String() string

type RetryPolicyBackOff added in v1.16.100

type RetryPolicyBackOff struct {
	// BaseInterval to be used for the next back off computation
	//
	// The default value from envoy is 1s
	BaseInterval time.Duration `json:",omitempty" alias:"base_interval"`

	// MaxInternal to be used to specify the maximum interval between retries.
	// Optional but should be greater or equal to BaseInterval.
	//
	// Defaults to 10 times BaseInterval
	MaxInterval time.Duration `json:",omitempty" alias:"max_interval"`
}

func (*RetryPolicyBackOff) Validate added in v1.16.100

func (r *RetryPolicyBackOff) Validate() error

type RingHashConfig added in v1.16.100

type RingHashConfig struct {
	// MinimumRingSize determines the minimum number of entries in the hash ring
	MinimumRingSize uint64 `json:",omitempty" alias:"minimum_ring_size"`

	// MaximumRingSize determines the maximum number of entries in the hash ring
	MaximumRingSize uint64 `json:",omitempty" alias:"maximum_ring_size"`
}

RingHashConfig contains configuration for the "ring_hash" policy type

type RoleCacheEntry added in v1.16.100

type RoleCacheEntry struct {
	Role      *ACLRole
	CacheTime time.Time
}

func (*RoleCacheEntry) Age added in v1.16.100

func (e *RoleCacheEntry) Age() time.Duration

type SamenessGroupConfigEntry added in v1.16.100

type SamenessGroupConfigEntry struct {
	Name               string
	DefaultForFailover bool `json:",omitempty" alias:"default_for_failover"`
	IncludeLocal       bool `json:",omitempty" alias:"include_local"`
	Members            []SamenessGroupMember
	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

func (*SamenessGroupConfigEntry) AllMembers added in v1.16.100

AllMembers is an OSS placeholder noop

func (*SamenessGroupConfigEntry) CanRead added in v1.16.100

func (s *SamenessGroupConfigEntry) CanRead(authz acl.Authorizer) error

func (*SamenessGroupConfigEntry) CanWrite added in v1.16.100

func (s *SamenessGroupConfigEntry) CanWrite(authz acl.Authorizer) error

func (*SamenessGroupConfigEntry) GetCreateIndex added in v1.16.100

func (s *SamenessGroupConfigEntry) GetCreateIndex() uint64

func (*SamenessGroupConfigEntry) GetEnterpriseMeta added in v1.16.100

func (s *SamenessGroupConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*SamenessGroupConfigEntry) GetKind added in v1.16.100

func (s *SamenessGroupConfigEntry) GetKind() string

func (*SamenessGroupConfigEntry) GetMeta added in v1.16.100

func (s *SamenessGroupConfigEntry) GetMeta() map[string]string

func (*SamenessGroupConfigEntry) GetModifyIndex added in v1.16.100

func (s *SamenessGroupConfigEntry) GetModifyIndex() uint64

func (*SamenessGroupConfigEntry) GetName added in v1.16.100

func (s *SamenessGroupConfigEntry) GetName() string

func (*SamenessGroupConfigEntry) GetRaftIndex added in v1.16.100

func (s *SamenessGroupConfigEntry) GetRaftIndex() *RaftIndex

func (*SamenessGroupConfigEntry) MarshalJSON added in v1.16.100

func (s *SamenessGroupConfigEntry) MarshalJSON() ([]byte, error)

func (*SamenessGroupConfigEntry) Normalize added in v1.16.100

func (s *SamenessGroupConfigEntry) Normalize() error

func (*SamenessGroupConfigEntry) RelatedPeers added in v1.16.100

func (s *SamenessGroupConfigEntry) RelatedPeers() []string

RelatedPeers is an OSS placeholder noop

func (*SamenessGroupConfigEntry) ToQueryFailoverTargets added in v1.16.100

func (s *SamenessGroupConfigEntry) ToQueryFailoverTargets(namespace string) []QueryFailoverTarget

ToQueryFailoverTargets is an OSS placeholder noop

func (*SamenessGroupConfigEntry) ToServiceResolverFailoverTargets added in v1.16.100

func (s *SamenessGroupConfigEntry) ToServiceResolverFailoverTargets() []ServiceResolverFailoverTarget

ToServiceResolverFailoverTargets is an OSS placeholder noop

func (*SamenessGroupConfigEntry) Validate added in v1.16.100

func (s *SamenessGroupConfigEntry) Validate() error

Validate assures that the sameness-groups are an enterprise only feature

type SamenessGroupMember added in v1.16.100

type SamenessGroupMember struct {
	Partition string `json:",omitempty"`
	Peer      string `json:",omitempty"`
}

type ServiceAddress added in v1.16.100

type ServiceAddress struct {
	Address string
	Port    int
}

Type to hold a address and port of a service

func (ServiceAddress) ToAPIServiceAddress added in v1.16.100

func (a ServiceAddress) ToAPIServiceAddress() api.ServiceAddress

type ServiceCheck added in v1.16.100

type ServiceCheck struct {
	ID        string
	Namespace string
}

type ServiceConfigEntry added in v1.16.100

type ServiceConfigEntry struct {
	Kind                      string
	Name                      string
	Protocol                  string
	Mode                      ProxyMode              `json:",omitempty"`
	TransparentProxy          TransparentProxyConfig `json:",omitempty" alias:"transparent_proxy"`
	MutualTLSMode             MutualTLSMode          `json:",omitempty" alias:"mutual_tls_mode"`
	MeshGateway               MeshGatewayConfig      `json:",omitempty" alias:"mesh_gateway"`
	Expose                    ExposeConfig           `json:",omitempty"`
	ExternalSNI               string                 `json:",omitempty" alias:"external_sni"`
	UpstreamConfig            *UpstreamConfiguration `json:",omitempty" alias:"upstream_config"`
	Destination               *DestinationConfig     `json:",omitempty"`
	MaxInboundConnections     int                    `json:",omitempty" alias:"max_inbound_connections"`
	LocalConnectTimeoutMs     int                    `json:",omitempty" alias:"local_connect_timeout_ms"`
	LocalRequestTimeoutMs     int                    `json:",omitempty" alias:"local_request_timeout_ms"`
	BalanceInboundConnections string                 `json:",omitempty" alias:"balance_inbound_connections"`
	EnvoyExtensions           EnvoyExtensions        `json:",omitempty" alias:"envoy_extensions"`

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

ServiceConfiguration is the top-level struct for the configuration of a service across the entire cluster.

func (*ServiceConfigEntry) CanRead added in v1.16.100

func (e *ServiceConfigEntry) CanRead(authz acl.Authorizer) error

func (*ServiceConfigEntry) CanWrite added in v1.16.100

func (e *ServiceConfigEntry) CanWrite(authz acl.Authorizer) error

func (*ServiceConfigEntry) Clone added in v1.16.100

func (*ServiceConfigEntry) DeepCopy added in v1.16.100

func (o *ServiceConfigEntry) DeepCopy() *ServiceConfigEntry

DeepCopy generates a deep copy of *ServiceConfigEntry

func (*ServiceConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *ServiceConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*ServiceConfigEntry) GetKind added in v1.16.100

func (e *ServiceConfigEntry) GetKind() string

func (*ServiceConfigEntry) GetMeta added in v1.16.100

func (e *ServiceConfigEntry) GetMeta() map[string]string

func (*ServiceConfigEntry) GetName added in v1.16.100

func (e *ServiceConfigEntry) GetName() string

func (*ServiceConfigEntry) GetRaftIndex added in v1.16.100

func (e *ServiceConfigEntry) GetRaftIndex() *RaftIndex

func (*ServiceConfigEntry) Normalize added in v1.16.100

func (e *ServiceConfigEntry) Normalize() error

func (*ServiceConfigEntry) Validate added in v1.16.100

func (e *ServiceConfigEntry) Validate() error

type ServiceConfigRequest added in v1.16.100

type ServiceConfigRequest struct {
	Name       string
	Datacenter string

	// MeshGateway contains the mesh gateway configuration from the requesting proxy's registration
	MeshGateway MeshGatewayConfig

	// Mode indicates how the requesting proxy's listeners are dialed
	Mode ProxyMode

	// UpstreamServiceNames is a list of upstream service names to use for resolving the service config.
	UpstreamServiceNames []PeeredServiceName

	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	QueryOptions
}

ServiceConfigRequest is used when requesting the resolved configuration for a service.

func (*ServiceConfigRequest) CacheInfo added in v1.16.100

func (r *ServiceConfigRequest) CacheInfo() cache.RequestInfo

func (*ServiceConfigRequest) GetLocalUpstreamIDs added in v1.16.100

func (s *ServiceConfigRequest) GetLocalUpstreamIDs() []ServiceID

GetLocalUpstreamIDs returns the list of non-peer service ids for upstreams defined on this request. This is often used for fetching service-defaults config entries.

func (*ServiceConfigRequest) RequestDatacenter added in v1.16.100

func (s *ServiceConfigRequest) RequestDatacenter() string

type ServiceConfigResponse added in v1.16.100

type ServiceConfigResponse struct {
	ProxyConfig      map[string]interface{}
	UpstreamConfigs  OpaqueUpstreamConfigs
	MeshGateway      MeshGatewayConfig      `json:",omitempty"`
	Expose           ExposeConfig           `json:",omitempty"`
	TransparentProxy TransparentProxyConfig `json:",omitempty"`
	MutualTLSMode    MutualTLSMode          `json:",omitempty"`
	Mode             ProxyMode              `json:",omitempty"`
	Destination      DestinationConfig      `json:",omitempty"`
	AccessLogs       AccessLogsConfig       `json:",omitempty"`
	Meta             map[string]string      `json:",omitempty"`
	EnvoyExtensions  []EnvoyExtension       `json:",omitempty"`
	QueryMeta
}

func (*ServiceConfigResponse) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *ServiceConfigResponse

func (*ServiceConfigResponse) MarshalBinary added in v1.16.100

func (r *ServiceConfigResponse) MarshalBinary() (data []byte, err error)

MarshalBinary writes ServiceConfigResponse as msgpack encoded. It's only here because we need custom decoding of the raw interface{} values.

func (*ServiceConfigResponse) UnmarshalBinary added in v1.16.100

func (r *ServiceConfigResponse) UnmarshalBinary(data []byte) error

UnmarshalBinary decodes msgpack encoded ServiceConfigResponse. It used default msgpack encoding but fixes up the uint8 strings and other problems we have with encoding map[string]interface{}.

type ServiceConnect added in v1.2.0

type ServiceConnect struct {
	// Native is true when this service can natively understand Connect.
	Native bool `json:",omitempty"`

	// SidecarService is a nested Service Definition to register at the same time.
	// It's purely a convenience mechanism to allow specifying a sidecar service
	// along with the application service definition. It's nested nature allows
	// all of the fields to be defaulted which can reduce the amount of
	// boilerplate needed to register a sidecar service separately, but the end
	// result is identical to just making a second service registration via any
	// other means.
	SidecarService *ServiceDefinition `json:",omitempty" bexpr:"-"`

	PeerMeta *PeeringServiceMeta `json:",omitempty" bexpr:"-"`
}

ServiceConnect are the shared Connect settings between all service definitions from the agent to the state store.

func (*ServiceConnect) DeepCopy added in v1.16.100

func (o *ServiceConnect) DeepCopy() *ServiceConnect

DeepCopy generates a deep copy of *ServiceConnect

func (*ServiceConnect) UnmarshalJSON added in v1.16.100

func (t *ServiceConnect) UnmarshalJSON(data []byte) (err error)

type ServiceConsumer added in v1.16.100

type ServiceConsumer struct {
	// Partition is the admin partition to export the service to.
	Partition string `json:",omitempty"`

	// Peer is the name of the peer to export the service to.
	Peer string `json:",omitempty" alias:"peer_name"`

	// SamenessGroup is the name of the sameness group to export the service to.
	SamenessGroup string `json:",omitempty" alias:"sameness_group"`
}

ServiceConsumer represents a downstream consumer of the service to be exported. At most one of Partition or Peer must be specified.

type ServiceDefinition

type ServiceDefinition struct {
	Kind              ServiceKind `json:",omitempty"`
	ID                string
	Name              string
	Tags              []string
	Address           string
	TaggedAddresses   map[string]ServiceAddress
	Meta              map[string]string
	Port              int
	SocketPath        string
	Check             CheckType
	Checks            CheckTypes
	Weights           *Weights
	Token             string
	EnableTagOverride bool
	Locality          *Locality

	// Proxy is the configuration set for Kind = connect-proxy. It is mandatory in
	// that case and an error to be set for any other kind. This config is part of
	// a proxy service definition. ProxyConfig may be a more natural name here, but
	// it's confusing for the UX because one of the fields in ConnectProxyConfig is
	// also called just "Config"
	Proxy *ConnectProxyConfig

	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`

	Connect *ServiceConnect
}

ServiceDefinition is used to JSON decode the Service definitions. For documentation on specific fields see NodeService which is better documented.

func TestServiceDefinition added in v1.2.0

func TestServiceDefinition(t testing.T) *ServiceDefinition

TestServiceDefinition returns a ServiceDefinition for a typical service.

func TestServiceDefinitionProxy added in v1.2.0

func TestServiceDefinitionProxy(t testing.T) *ServiceDefinition

TestServiceDefinitionProxy returns a ServiceDefinition for a proxy.

func (*ServiceDefinition) CheckTypes

func (s *ServiceDefinition) CheckTypes() (checks CheckTypes, err error)

func (*ServiceDefinition) DeepCopy added in v1.16.100

func (o *ServiceDefinition) DeepCopy() *ServiceDefinition

DeepCopy generates a deep copy of *ServiceDefinition

func (*ServiceDefinition) NodeService

func (s *ServiceDefinition) NodeService() *NodeService

func (*ServiceDefinition) UnmarshalJSON added in v1.16.100

func (t *ServiceDefinition) UnmarshalJSON(data []byte) (err error)

func (*ServiceDefinition) Validate added in v1.2.0

func (s *ServiceDefinition) Validate() error

Validate validates the service definition. This also calls the underlying Validate method on the NodeService.

NOTE(mitchellh): This currently only validates fields related to Connect and is incomplete with regards to other fields.

type ServiceDump added in v1.16.100

type ServiceDump []*ServiceInfo

type ServiceDumpRequest added in v1.16.100

type ServiceDumpRequest struct {
	Datacenter         string
	ServiceKind        ServiceKind
	UseServiceKind     bool
	Source             QuerySource
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	PeerName           string
	QueryOptions
}

func (*ServiceDumpRequest) CacheInfo added in v1.16.100

func (r *ServiceDumpRequest) CacheInfo() cache.RequestInfo

func (*ServiceDumpRequest) CacheMinIndex added in v1.16.100

func (r *ServiceDumpRequest) CacheMinIndex() uint64

func (*ServiceDumpRequest) RequestDatacenter added in v1.16.100

func (r *ServiceDumpRequest) RequestDatacenter() string

type ServiceID added in v1.16.100

type ServiceID struct {
	ID string
	acl.EnterpriseMeta
}

func NewServiceID added in v1.16.100

func NewServiceID(id string, entMeta *acl.EnterpriseMeta) ServiceID

func ServiceIDFromString added in v1.16.100

func ServiceIDFromString(input string) ServiceID

func (ServiceID) Matches added in v1.16.100

func (sid ServiceID) Matches(other ServiceID) bool

func (ServiceID) String added in v1.16.100

func (sid ServiceID) String() string

func (ServiceID) StringHashSHA256 added in v1.16.100

func (sid ServiceID) StringHashSHA256() string

StringHashSHA256 is used mainly to populate part of the filename of a service definition persisted on the local agent

type ServiceInfo added in v1.16.100

type ServiceInfo struct {
	Node           *Node
	Service        *NodeService
	Checks         HealthChecks
	GatewayService *GatewayService
}

type ServiceIntentionsConfigEntry added in v1.16.100

type ServiceIntentionsConfigEntry struct {
	Kind string
	Name string // formerly DestinationName

	Sources []*SourceIntention

	JWT *IntentionJWTRequirement `json:",omitempty"`

	Meta map[string]string `json:",omitempty"` // formerly Intention.Meta

	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` // formerly DestinationNS
	RaftIndex
}

func MigrateIntentions added in v1.16.100

func MigrateIntentions(ixns Intentions) []*ServiceIntentionsConfigEntry

func (*ServiceIntentionsConfigEntry) CanRead added in v1.16.100

func (*ServiceIntentionsConfigEntry) CanWrite added in v1.16.100

func (e *ServiceIntentionsConfigEntry) CanWrite(authz acl.Authorizer) error

func (*ServiceIntentionsConfigEntry) Clone added in v1.16.100

func (*ServiceIntentionsConfigEntry) DeleteSourceByLegacyID added in v1.16.100

func (e *ServiceIntentionsConfigEntry) DeleteSourceByLegacyID(legacyID string) bool

func (*ServiceIntentionsConfigEntry) DeleteSourceByName added in v1.16.100

func (e *ServiceIntentionsConfigEntry) DeleteSourceByName(sn ServiceName) bool

func (*ServiceIntentionsConfigEntry) DestinationServiceName added in v1.16.100

func (e *ServiceIntentionsConfigEntry) DestinationServiceName() ServiceName

func (*ServiceIntentionsConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *ServiceIntentionsConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*ServiceIntentionsConfigEntry) GetKind added in v1.16.100

func (e *ServiceIntentionsConfigEntry) GetKind() string

func (*ServiceIntentionsConfigEntry) GetMeta added in v1.16.100

func (e *ServiceIntentionsConfigEntry) GetMeta() map[string]string

func (*ServiceIntentionsConfigEntry) GetName added in v1.16.100

func (e *ServiceIntentionsConfigEntry) GetName() string

func (*ServiceIntentionsConfigEntry) GetRaftIndex added in v1.16.100

func (e *ServiceIntentionsConfigEntry) GetRaftIndex() *RaftIndex

func (*ServiceIntentionsConfigEntry) HasAnyPermissions added in v1.16.100

func (e *ServiceIntentionsConfigEntry) HasAnyPermissions() bool

func (*ServiceIntentionsConfigEntry) HasWildcardDestination added in v1.16.100

func (e *ServiceIntentionsConfigEntry) HasWildcardDestination() bool

func (*ServiceIntentionsConfigEntry) LegacyIDFieldsAreAllEmpty added in v1.16.100

func (e *ServiceIntentionsConfigEntry) LegacyIDFieldsAreAllEmpty() bool

func (*ServiceIntentionsConfigEntry) LegacyIDFieldsAreAllSet added in v1.16.100

func (e *ServiceIntentionsConfigEntry) LegacyIDFieldsAreAllSet() bool

func (*ServiceIntentionsConfigEntry) LegacyNormalize added in v1.16.100

func (e *ServiceIntentionsConfigEntry) LegacyNormalize() error

func (*ServiceIntentionsConfigEntry) LegacyValidate added in v1.16.100

func (e *ServiceIntentionsConfigEntry) LegacyValidate() error

func (*ServiceIntentionsConfigEntry) Normalize added in v1.16.100

func (e *ServiceIntentionsConfigEntry) Normalize() error

func (*ServiceIntentionsConfigEntry) ToIntention added in v1.16.100

func (*ServiceIntentionsConfigEntry) ToIntentions added in v1.16.100

func (e *ServiceIntentionsConfigEntry) ToIntentions() Intentions

func (*ServiceIntentionsConfigEntry) UpdateOver added in v1.16.100

func (e *ServiceIntentionsConfigEntry) UpdateOver(rawPrev ConfigEntry) error

func (*ServiceIntentionsConfigEntry) UpdateSourceByLegacyID added in v1.16.100

func (e *ServiceIntentionsConfigEntry) UpdateSourceByLegacyID(legacyID string, update *SourceIntention) bool

func (*ServiceIntentionsConfigEntry) UpsertSourceByName added in v1.16.100

func (e *ServiceIntentionsConfigEntry) UpsertSourceByName(sn ServiceName, upsert *SourceIntention)

func (*ServiceIntentionsConfigEntry) Validate added in v1.16.100

func (e *ServiceIntentionsConfigEntry) Validate() error

type ServiceKind added in v1.2.0

type ServiceKind string

ServiceKind is the kind of service being registered.

const (
	// ServiceKindTypical is a typical, classic Consul service. This is
	// represented by the absence of a value. This was chosen for ease of
	// backwards compatibility: existing services in the catalog would
	// default to the typical service.
	ServiceKindTypical ServiceKind = ""

	// ServiceKindConnectProxy is a proxy for the Consul Service Mesh. This
	// service proxies another service within Consul and speaks the connect
	// protocol.
	ServiceKindConnectProxy ServiceKind = "connect-proxy"

	// ServiceKindMeshGateway is a Mesh Gateway for the Consul Service Mesh.
	// This service will proxy connections based off the SNI header set by other
	// connect proxies
	ServiceKindMeshGateway ServiceKind = "mesh-gateway"

	// ServiceKindTerminatingGateway is a Terminating Gateway for the Consul Service
	// Mesh feature. This service will proxy connections to services outside the mesh.
	ServiceKindTerminatingGateway ServiceKind = "terminating-gateway"

	// ServiceKindIngressGateway is an Ingress Gateway for the Consul Service Mesh.
	// This service allows external traffic to enter the mesh based on
	// centralized configuration.
	ServiceKindIngressGateway ServiceKind = "ingress-gateway"

	// ServiceKindAPIGateway is an API Gateway for the Consul Service Mesh.
	// This service allows external traffic to enter the mesh based on
	// centralized configuration.
	ServiceKindAPIGateway ServiceKind = "api-gateway"

	// ServiceKindDestination is a Destination  for the Consul Service Mesh feature.
	// This service allows external traffic to exit the mesh through a terminating gateway
	// based on centralized configuration.
	ServiceKindDestination ServiceKind = "destination"

	// ServiceKindConnectEnabled is used to indicate whether a service is either
	// connect-native or if the service has a corresponding sidecar. It is used for
	// internal query purposes and should not be exposed to users as a valid Kind
	// option.
	ServiceKindConnectEnabled ServiceKind = "connect-enabled"
)

func (ServiceKind) IsProxy added in v1.16.100

func (k ServiceKind) IsProxy() bool

IsProxy returns whether the ServiceKind is a connect proxy or gateway.

func (ServiceKind) Normalized added in v1.16.100

func (k ServiceKind) Normalized() string

type ServiceList added in v1.16.100

type ServiceList []ServiceName

func (ServiceList) Len added in v1.16.100

func (s ServiceList) Len() int

Len implements sort.Interface.

func (ServiceList) Less added in v1.16.100

func (s ServiceList) Less(i, j int) bool

Less implements sort.Interface.

func (ServiceList) Sort added in v1.16.100

func (s ServiceList) Sort()

func (ServiceList) Swap added in v1.16.100

func (s ServiceList) Swap(i, j int)

Swap implements sort.Interface.

type ServiceName added in v1.16.100

type ServiceName struct {
	Name               string
	acl.EnterpriseMeta `mapstructure:",squash"`
}

func NewServiceName added in v1.16.100

func NewServiceName(name string, entMeta *acl.EnterpriseMeta) ServiceName

func ServiceNameFromString added in v1.16.100

func ServiceNameFromString(input string) ServiceName

func (ServiceName) Matches added in v1.16.100

func (n ServiceName) Matches(o ServiceName) bool

func (ServiceName) String added in v1.16.100

func (n ServiceName) String() string

func (ServiceName) ToServiceID added in v1.16.100

func (n ServiceName) ToServiceID() ServiceID

type ServiceNameWithSamenessGroup added in v1.16.100

type ServiceNameWithSamenessGroup struct {
	SamenessGroup string
	ServiceName
}

type ServiceNode

type ServiceNode struct {
	ID                       types.NodeID
	Node                     string
	Address                  string
	Datacenter               string
	TaggedAddresses          map[string]string
	NodeMeta                 map[string]string
	ServiceKind              ServiceKind
	ServiceID                string
	ServiceName              string
	ServiceTags              []string
	ServiceAddress           string
	ServiceTaggedAddresses   map[string]ServiceAddress `json:",omitempty"`
	ServiceWeights           Weights
	ServiceMeta              map[string]string
	ServicePort              int
	ServiceSocketPath        string
	ServiceEnableTagOverride bool
	ServiceProxy             ConnectProxyConfig
	ServiceConnect           ServiceConnect
	ServiceLocality          *Locality `bexpr:"-"`

	// If not empty, PeerName represents the peer that this ServiceNode was imported from.
	PeerName string `json:",omitempty"`

	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash" bexpr:"-"`

	RaftIndex `bexpr:"-"`
}

ServiceNode represents a node that is part of a service. ID, Address, TaggedAddresses, and NodeMeta are node-related fields that are always empty in the state store and are filled in on the way out by parseServiceNodes(). This is also why PartialClone() skips them, because we know they are blank already so it would be a waste of time to copy them. This is somewhat complicated when the address is really a unix domain socket; technically that will override the address field, but in practice the two use cases should not overlap.

func (*ServiceNode) CompoundServiceID added in v1.16.100

func (sn *ServiceNode) CompoundServiceID() ServiceID

func (*ServiceNode) CompoundServiceName added in v1.16.100

func (sn *ServiceNode) CompoundServiceName() PeeredServiceName

func (*ServiceNode) FillAuthzContext added in v1.16.100

func (s *ServiceNode) FillAuthzContext(ctx *acl.AuthorizerContext)

func (*ServiceNode) IsSameService added in v1.3.0

func (s *ServiceNode) IsSameService(other *ServiceNode) bool

IsSameService checks if one Service of a ServiceNode is the same as another, without looking at the Raft information or Node information (that's why we didn't call it IsEqual). This is useful for seeing if an update would be idempotent for all the functional parts of the structure. In a similar fashion as ToNodeService(), fields related to Node are ignored see ServiceNode for more information.

func (*ServiceNode) NodeIdentity added in v1.16.100

func (s *ServiceNode) NodeIdentity() Identity

func (*ServiceNode) PartialClone

func (s *ServiceNode) PartialClone() *ServiceNode

PartialClone() returns a clone of the given service node, minus the node- related fields that get filled in later, Address and TaggedAddresses.

func (*ServiceNode) PeerOrEmpty added in v1.16.100

func (s *ServiceNode) PeerOrEmpty() string

func (*ServiceNode) ToNodeService

func (s *ServiceNode) ToNodeService() *NodeService

ToNodeService converts the given service node to a node service.

type ServiceNodes

type ServiceNodes []*ServiceNode

type ServiceQuery

type ServiceQuery struct {
	// Service is the service to query.
	Service string

	// SamenessGroup specifies a sameness group to query. The first member of the Sameness Group will
	// be targeted first on PQ execution and subsequent members will be targeted during failover scenarios.
	// This field is mutually exclusive with Failover.
	SamenessGroup string

	// Failover controls what we do if there are no healthy nodes in the
	// local datacenter.
	Failover QueryFailoverOptions

	// If OnlyPassing is true then we will only include nodes with passing
	// health checks (critical AND warning checks will cause a node to be
	// discarded)
	OnlyPassing bool

	// IgnoreCheckIDs is an optional list of health check IDs to ignore when
	// considering which nodes are healthy. It is useful as an emergency measure
	// to temporarily override some health check that is producing false negatives
	// for example.
	IgnoreCheckIDs []types.CheckID

	// Near allows the query to always prefer the node nearest the given
	// node. If the node does not exist, results are returned in their
	// normal randomly-shuffled order. Supplying the magic "_agent" value
	// is supported to sort near the agent which initiated the request.
	Near string

	// Tags are a set of required and/or disallowed tags. If a tag is in
	// this list it must be present. If the tag is preceded with "!" then
	// it is disallowed.
	Tags []string

	// NodeMeta is a map of required node metadata fields. If a key/value
	// pair is in this map it must be present on the node in order for the
	// service entry to be returned.
	NodeMeta map[string]string

	// ServiceMeta is a map of required service metadata fields. If a key/value
	// pair is in this map it must be present on the node in order for the
	// service entry to be returned.
	ServiceMeta map[string]string

	// Connect if true will filter the prepared query results to only
	// include Connect-capable services. These include both native services
	// and proxies for matching services. Note that if a proxy matches,
	// the constraints in the query above (Near, OnlyPassing, etc.) apply
	// to the _proxy_ and not the service being proxied. In practice, proxies
	// should be directly next to their services so this isn't an issue.
	Connect bool

	// If not empty, Peer represents the peer that the service
	// was imported from.
	Peer string

	// EnterpriseMeta is the embedded enterprise metadata
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
}

ServiceQuery is used to query for a set of healthy nodes offering a specific service.

type ServiceResolverConfigEntry added in v1.16.100

type ServiceResolverConfigEntry struct {
	Kind string
	Name string

	// DefaultSubset is the subset to use when no explicit subset is
	// requested. If empty the unnamed subset is used.
	DefaultSubset string `json:",omitempty" alias:"default_subset"`

	// Subsets is a map of subset name to subset definition for all
	// usable named subsets of this service. The map key is the name
	// of the subset and all names must be valid DNS subdomain elements
	// so they can be used in SNI FQDN headers for the Connect Gateways
	// feature.
	//
	// This may be empty, in which case only the unnamed default subset
	// will be usable.
	Subsets map[string]ServiceResolverSubset `json:",omitempty"`

	// Redirect is a service/subset/datacenter/namespace to resolve
	// instead of the requested service (optional).
	//
	// When configured, all occurrences of this resolver in any discovery
	// chain evaluation will be substituted for the supplied redirect
	// EXCEPT when the redirect has already been applied.
	//
	// When substituting the supplied redirect into the discovery chain
	// all other fields beside Kind/Name/Redirect will be ignored.
	Redirect *ServiceResolverRedirect `json:",omitempty"`

	// Failover controls when and how to reroute traffic to an alternate pool
	// of service instances.
	//
	// The map is keyed by the service subset it applies to, and the special
	// string "*" is a wildcard that applies to any subset not otherwise
	// specified here.
	Failover map[string]ServiceResolverFailover `json:",omitempty"`

	// PrioritizeByLocality controls whether the locality of services within the
	// local partition will be used to prioritize connectivity.
	PrioritizeByLocality *ServiceResolverPrioritizeByLocality `json:",omitempty" alias:"prioritize_by_locality"`

	// ConnectTimeout is the timeout for establishing new network connections
	// to this service.
	ConnectTimeout time.Duration `json:",omitempty" alias:"connect_timeout"`

	// RequestTimeout is the timeout for an HTTP request to complete before
	// the connection is automatically terminated. If unspecified, defaults
	// to 15 seconds.
	RequestTimeout time.Duration `json:",omitempty" alias:"request_timeout"`

	// LoadBalancer determines the load balancing policy and configuration for services
	// issuing requests to this upstream service.
	LoadBalancer *LoadBalancer `json:",omitempty" alias:"load_balancer"`

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

ServiceResolverConfigEntry defines which instances of a service should satisfy discovery requests for a given named service.

This config entry represents the next hop of the discovery chain after splitting. If no resolver config is defined the chain assumes 100% of traffic goes to the healthy instances of the default service in the current datacenter+namespace and discovery terminates.

Resolver configs are recursively collected while walking the chain.

Resolver config entries will be valid for services defined with any protocol (in centralized configuration).

func (*ServiceResolverConfigEntry) CanRead added in v1.16.100

func (e *ServiceResolverConfigEntry) CanRead(authz acl.Authorizer) error

func (*ServiceResolverConfigEntry) CanWrite added in v1.16.100

func (e *ServiceResolverConfigEntry) CanWrite(authz acl.Authorizer) error

func (*ServiceResolverConfigEntry) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *ServiceResolverConfigEntry

func (*ServiceResolverConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *ServiceResolverConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*ServiceResolverConfigEntry) GetKind added in v1.16.100

func (e *ServiceResolverConfigEntry) GetKind() string

func (*ServiceResolverConfigEntry) GetMeta added in v1.16.100

func (e *ServiceResolverConfigEntry) GetMeta() map[string]string

func (*ServiceResolverConfigEntry) GetName added in v1.16.100

func (e *ServiceResolverConfigEntry) GetName() string

func (*ServiceResolverConfigEntry) GetRaftIndex added in v1.16.100

func (e *ServiceResolverConfigEntry) GetRaftIndex() *RaftIndex

func (*ServiceResolverConfigEntry) IsDefault added in v1.16.100

func (e *ServiceResolverConfigEntry) IsDefault() bool

func (*ServiceResolverConfigEntry) ListRelatedServices added in v1.16.100

func (e *ServiceResolverConfigEntry) ListRelatedServices() []ServiceID

func (*ServiceResolverConfigEntry) MarshalJSON added in v1.16.100

func (e *ServiceResolverConfigEntry) MarshalJSON() ([]byte, error)

func (*ServiceResolverConfigEntry) Normalize added in v1.16.100

func (e *ServiceResolverConfigEntry) Normalize() error

func (*ServiceResolverConfigEntry) RelatedPeers added in v1.16.100

func (e *ServiceResolverConfigEntry) RelatedPeers() []string

func (*ServiceResolverConfigEntry) RelatedSamenessGroups added in v1.16.100

func (e *ServiceResolverConfigEntry) RelatedSamenessGroups() []string

RelatedSamenessGroups doesn't return anything on open source.

func (*ServiceResolverConfigEntry) SubsetExists added in v1.16.100

func (e *ServiceResolverConfigEntry) SubsetExists(name string) bool

func (*ServiceResolverConfigEntry) ToSamenessDiscoveryTargetOpts added in v1.16.100

func (r *ServiceResolverConfigEntry) ToSamenessDiscoveryTargetOpts() DiscoveryTargetOpts

ToSamenessDiscoveryTargetOpts returns the options required for sameness failover and redirects. These operations should preserve the service name and namespace.

func (*ServiceResolverConfigEntry) UnmarshalJSON added in v1.16.100

func (e *ServiceResolverConfigEntry) UnmarshalJSON(data []byte) error

func (*ServiceResolverConfigEntry) Validate added in v1.16.100

func (e *ServiceResolverConfigEntry) Validate() error

type ServiceResolverFailover added in v1.16.100

type ServiceResolverFailover struct {
	// Service is the service to resolve instead of the default as the failover
	// group of instances (optional).
	//
	// This is a DESTINATION during failover.
	Service string `json:",omitempty"`

	// ServiceSubset is the named subset of the requested service to resolve as
	// the failover group of instances. If empty the default subset for the
	// requested service is used (optional).
	//
	// This is a DESTINATION during failover.
	ServiceSubset string `json:",omitempty" alias:"service_subset"`

	// Namespace is the namespace to resolve the requested service from to form
	// the failover group of instances. If empty the current namespace is used
	// (optional).
	//
	// This is a DESTINATION during failover.
	Namespace string `json:",omitempty"`

	// Datacenters is a fixed list of datacenters to try. We never try a
	// datacenter multiple times, so those are subtracted from this list before
	// proceeding.
	//
	// This is a DESTINATION during failover.
	Datacenters []string `json:",omitempty"`

	// Targets specifies a fixed list of failover targets to try. We never try a
	// target multiple times, so those are subtracted from this list before
	// proceeding.
	//
	// This is a DESTINATION during failover.
	Targets []ServiceResolverFailoverTarget `json:",omitempty"`

	// Policy specifies the exact mechanism used for failover.
	Policy *ServiceResolverFailoverPolicy `json:",omitempty"`

	// SamenessGroup specifies the sameness group to failover to.
	SamenessGroup string `json:",omitempty"`
}

There are some restrictions on what is allowed in here:

- Service, ServiceSubset, Namespace, Datacenters, and Targets cannot all be empty at once. When Targets is defined, the other fields should not be populated.

func (*ServiceResolverFailover) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *ServiceResolverFailover

func (*ServiceResolverFailover) GetEnterpriseMeta added in v1.16.100

func (failover *ServiceResolverFailover) GetEnterpriseMeta(_ *acl.EnterpriseMeta) *acl.EnterpriseMeta

GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from fields in the ServiceResolverFailover

func (*ServiceResolverFailover) ToDiscoveryTargetOpts added in v1.16.100

func (f *ServiceResolverFailover) ToDiscoveryTargetOpts() DiscoveryTargetOpts

func (*ServiceResolverFailover) ValidateEnterprise added in v1.16.100

func (failover *ServiceResolverFailover) ValidateEnterprise() error

ValidateEnterprise validates that enterprise fields are only set with enterprise binaries.

type ServiceResolverFailoverPolicy added in v1.16.100

type ServiceResolverFailoverPolicy struct {
	// Mode specifies the type of failover that will be performed. Valid values are
	// "sequential", "" (equivalent to "sequential") and "order-by-locality".
	Mode    string   `json:",omitempty"`
	Regions []string `json:",omitempty"`
}

func (*ServiceResolverFailoverPolicy) ValidateEnterprise added in v1.16.100

func (f *ServiceResolverFailoverPolicy) ValidateEnterprise() error

ValidateEnterprise validates that enterprise fields are only set with enterprise binaries.

type ServiceResolverFailoverTarget added in v1.16.100

type ServiceResolverFailoverTarget struct {
	// Service specifies the name of the service to try during failover.
	Service string `json:",omitempty"`

	// ServiceSubset specifies the service subset to try during failover.
	ServiceSubset string `json:",omitempty" alias:"service_subset"`

	// Partition specifies the partition to try during failover.
	Partition string `json:",omitempty"`

	// Namespace specifies the namespace to try during failover.
	Namespace string `json:",omitempty"`

	// Datacenter specifies the datacenter to try during failover.
	Datacenter string `json:",omitempty"`

	// Peer specifies the name of the cluster peer to try during failover.
	Peer string `json:",omitempty"`
}

func (*ServiceResolverFailoverTarget) GetEnterpriseMeta added in v1.16.100

func (target *ServiceResolverFailoverTarget) GetEnterpriseMeta(_ *acl.EnterpriseMeta) *acl.EnterpriseMeta

GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from fields in the ServiceResolverFailoverTarget

func (*ServiceResolverFailoverTarget) ToDiscoveryTargetOpts added in v1.16.100

func (t *ServiceResolverFailoverTarget) ToDiscoveryTargetOpts() DiscoveryTargetOpts

func (*ServiceResolverFailoverTarget) ValidateEnterprise added in v1.16.100

func (redir *ServiceResolverFailoverTarget) ValidateEnterprise() error

ValidateEnterprise validates that enterprise fields are only set with enterprise binaries.

type ServiceResolverPrioritizeByLocality added in v1.16.100

type ServiceResolverPrioritizeByLocality struct {
	// Mode specifies the type of prioritization that will be performed
	// when selecting nodes in the local partition.
	// Valid values are: "" (default "none"), "none", and "failover".
	Mode string `json:",omitempty"`
}

func (*ServiceResolverPrioritizeByLocality) ToDiscovery added in v1.16.100

type ServiceResolverRedirect added in v1.16.100

type ServiceResolverRedirect struct {
	// Service is a service to resolve instead of the current service
	// (optional).
	Service string `json:",omitempty"`

	// ServiceSubset is a named subset of the given service to resolve instead
	// of one defined as that service's DefaultSubset If empty the default
	// subset is used (optional).
	//
	// If this is specified at least one of Service, Datacenter, or Namespace
	// should be configured.
	ServiceSubset string `json:",omitempty" alias:"service_subset"`

	// Namespace is the namespace to resolve the service from instead of the
	// current one (optional).
	Namespace string `json:",omitempty"`

	// Partition is the partition to resolve the service from instead of the
	// current one (optional).
	Partition string `json:",omitempty"`

	// Datacenter is the datacenter to resolve the service from instead of the
	// current one (optional).
	Datacenter string `json:",omitempty"`

	// Peer is the name of the cluster peer to resolve the service from instead
	// of the current one (optional).
	Peer string `json:",omitempty"`

	// SamenessGroup is the name of the sameness group to resolve the service from instead
	// of the local partition.
	SamenessGroup string `json:",omitempty"`
}

func (*ServiceResolverRedirect) GetEnterpriseMeta added in v1.16.100

func (redir *ServiceResolverRedirect) GetEnterpriseMeta(_ *acl.EnterpriseMeta) *acl.EnterpriseMeta

GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from fields in the ServiceResolverRedirect

func (*ServiceResolverRedirect) ToDiscoveryTargetOpts added in v1.16.100

func (r *ServiceResolverRedirect) ToDiscoveryTargetOpts() DiscoveryTargetOpts

func (*ServiceResolverRedirect) ValidateEnterprise added in v1.16.100

func (redir *ServiceResolverRedirect) ValidateEnterprise() error

ValidateEnterprise validates that enterprise fields are only set with enterprise binaries.

type ServiceResolverSubset added in v1.16.100

type ServiceResolverSubset struct {
	// Filter specifies the go-bexpr filter expression to be used for selecting
	// instances of the requested service.
	Filter string `json:",omitempty"`

	// OnlyPassing - Specifies the behavior of the resolver's health check
	// filtering. If this is set to false, the results will include instances
	// with checks in the passing as well as the warning states. If this is set
	// to true, only instances with checks in the passing state will be
	// returned. (behaves identically to the similarly named field on prepared
	// queries).
	OnlyPassing bool `json:",omitempty" alias:"only_passing"`
}

ServiceResolverSubset defines a way to select a portion of the Consul catalog during service discovery. Anything that affects the ultimate catalog query performed OR post-processing on the results of that sort of query should be defined here.

type ServiceRoute added in v1.16.100

type ServiceRoute struct {
	Match       *ServiceRouteMatch       `json:",omitempty"`
	Destination *ServiceRouteDestination `json:",omitempty"`
}

ServiceRoute is a single routing rule that routes traffic to the destination when the match criteria applies.

func (*ServiceRoute) DeepCopy added in v1.16.100

func (o *ServiceRoute) DeepCopy() *ServiceRoute

DeepCopy generates a deep copy of *ServiceRoute

type ServiceRouteDestination added in v1.16.100

type ServiceRouteDestination struct {
	// Service is the service to resolve instead of the default service. If
	// empty then the default discovery chain service name is used.
	Service string `json:",omitempty"`

	// ServiceSubset is a named subset of the given service to resolve instead
	// of one defined as that service's DefaultSubset. If empty the default
	// subset is used.
	//
	// If this field is specified then this route is ineligible for further
	// splitting.
	ServiceSubset string `json:",omitempty" alias:"service_subset"`

	// Namespace is the namespace to resolve the service from instead of the
	// current namespace. If empty the current namespace is assumed.
	//
	// If this field is specified then this route is ineligible for further
	// splitting.
	Namespace string `json:",omitempty"`

	// Partition is the partition to resolve the service from instead of the
	// current partition. If empty the current partition is assumed.
	//
	// If this field is specified then this route is ineligible for further
	// splitting.
	Partition string `json:",omitempty"`

	// PrefixRewrite allows for the proxied request to have its matching path
	// prefix modified before being sent to the destination. Described more
	// below in the envoy implementation section.
	PrefixRewrite string `json:",omitempty" alias:"prefix_rewrite"`

	// RequestTimeout is the total amount of time permitted for the entire
	// downstream request (and retries) to be processed.
	RequestTimeout time.Duration `json:",omitempty" alias:"request_timeout"`

	// IdleTimeout is The total amount of time permitted for the request stream
	// to be idle
	IdleTimeout time.Duration `json:",omitempty" alias:"idle_timeout"`

	// NumRetries is the number of times to retry the request when a retryable
	// result occurs. This seems fairly proxy agnostic.
	NumRetries uint32 `json:",omitempty" alias:"num_retries"`

	// RetryOnConnectFailure allows for connection failure errors to trigger a
	// retry. This should be expressible in other proxies as it's just a layer
	// 4 failure bubbling up to layer 7.
	RetryOnConnectFailure bool `json:",omitempty" alias:"retry_on_connect_failure"`

	// RetryOn allows setting envoy specific conditions when a request should
	// be automatically retried.
	RetryOn []string `json:",omitempty" alias:"retry_on"`

	// RetryOnStatusCodes is a flat list of http response status codes that are
	// eligible for retry. This again should be feasible in any reasonable proxy.
	RetryOnStatusCodes []uint32 `json:",omitempty" alias:"retry_on_status_codes"`

	// Allow HTTP header manipulation to be configured.
	RequestHeaders  *HTTPHeaderModifiers `json:",omitempty" alias:"request_headers"`
	ResponseHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"response_headers"`
}

ServiceRouteDestination describes how to proxy the actual matching request to a service.

func (*ServiceRouteDestination) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *ServiceRouteDestination

func (*ServiceRouteDestination) GetEnterpriseMeta added in v1.16.100

func (dest *ServiceRouteDestination) GetEnterpriseMeta(_ *acl.EnterpriseMeta) *acl.EnterpriseMeta

GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from fields in the ServiceRouteDestination

func (*ServiceRouteDestination) HasRetryFeatures added in v1.16.100

func (d *ServiceRouteDestination) HasRetryFeatures() bool

func (*ServiceRouteDestination) MarshalJSON added in v1.16.100

func (e *ServiceRouteDestination) MarshalJSON() ([]byte, error)

func (*ServiceRouteDestination) UnmarshalJSON added in v1.16.100

func (e *ServiceRouteDestination) UnmarshalJSON(data []byte) error

type ServiceRouteHTTPMatch added in v1.16.100

type ServiceRouteHTTPMatch struct {
	PathExact  string `json:",omitempty" alias:"path_exact"`
	PathPrefix string `json:",omitempty" alias:"path_prefix"`
	PathRegex  string `json:",omitempty" alias:"path_regex"`

	Header     []ServiceRouteHTTPMatchHeader     `json:",omitempty"`
	QueryParam []ServiceRouteHTTPMatchQueryParam `json:",omitempty" alias:"query_param"`
	Methods    []string                          `json:",omitempty"`
}

ServiceRouteHTTPMatch is a set of http-specific match criteria.

func (*ServiceRouteHTTPMatch) IsEmpty added in v1.16.100

func (m *ServiceRouteHTTPMatch) IsEmpty() bool

type ServiceRouteHTTPMatchHeader added in v1.16.100

type ServiceRouteHTTPMatchHeader struct {
	Name    string
	Present bool   `json:",omitempty"`
	Exact   string `json:",omitempty"`
	Prefix  string `json:",omitempty"`
	Suffix  string `json:",omitempty"`
	Regex   string `json:",omitempty"`
	Invert  bool   `json:",omitempty"`
}

type ServiceRouteHTTPMatchQueryParam added in v1.16.100

type ServiceRouteHTTPMatchQueryParam struct {
	Name    string
	Present bool   `json:",omitempty"`
	Exact   string `json:",omitempty"`
	Regex   string `json:",omitempty"`
}

type ServiceRouteMatch added in v1.16.100

type ServiceRouteMatch struct {
	HTTP *ServiceRouteHTTPMatch `json:",omitempty"`
}

ServiceRouteMatch is a set of criteria that can match incoming L7 requests.

func (*ServiceRouteMatch) DeepCopy added in v1.16.100

func (o *ServiceRouteMatch) DeepCopy() *ServiceRouteMatch

DeepCopy generates a deep copy of *ServiceRouteMatch

func (*ServiceRouteMatch) IsEmpty added in v1.16.100

func (m *ServiceRouteMatch) IsEmpty() bool

type ServiceRouterConfigEntry added in v1.16.100

type ServiceRouterConfigEntry struct {
	Kind string
	Name string

	// Routes is the list of routes to consider when processing L7 requests.
	// The first rule to match in the list is terminal and stops further
	// evaluation.
	//
	// Traffic that fails to match any of the provided routes will be routed to
	// the default service.
	Routes []ServiceRoute

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

ServiceRouterConfigEntry defines L7 (e.g. http) routing rules for a named service exposed in Connect.

This config entry represents the topmost part of the discovery chain. Only one router config will be used per resolved discovery chain and is not otherwise discovered recursively (unlike splitter and resolver config entries).

Router config entries will be restricted to only services that define their protocol as http-based (in centralized configuration).

func (*ServiceRouterConfigEntry) CanRead added in v1.16.100

func (e *ServiceRouterConfigEntry) CanRead(authz acl.Authorizer) error

func (*ServiceRouterConfigEntry) CanWrite added in v1.16.100

func (e *ServiceRouterConfigEntry) CanWrite(authz acl.Authorizer) error

func (*ServiceRouterConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *ServiceRouterConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*ServiceRouterConfigEntry) GetKind added in v1.16.100

func (e *ServiceRouterConfigEntry) GetKind() string

func (*ServiceRouterConfigEntry) GetMeta added in v1.16.100

func (e *ServiceRouterConfigEntry) GetMeta() map[string]string

func (*ServiceRouterConfigEntry) GetName added in v1.16.100

func (e *ServiceRouterConfigEntry) GetName() string

func (*ServiceRouterConfigEntry) GetRaftIndex added in v1.16.100

func (e *ServiceRouterConfigEntry) GetRaftIndex() *RaftIndex

func (*ServiceRouterConfigEntry) ListRelatedServices added in v1.16.100

func (e *ServiceRouterConfigEntry) ListRelatedServices() []ServiceID

func (*ServiceRouterConfigEntry) Normalize added in v1.16.100

func (e *ServiceRouterConfigEntry) Normalize() error

func (*ServiceRouterConfigEntry) Validate added in v1.16.100

func (e *ServiceRouterConfigEntry) Validate() error

type ServiceSpecificRequest

type ServiceSpecificRequest struct {
	Datacenter string

	// The name of the peer that the requested service was imported from.
	PeerName string

	NodeMetaFilters map[string]string
	ServiceName     string
	ServiceKind     ServiceKind
	// DEPRECATED (singular-service-tag) - remove this when backwards RPC compat
	// with 1.2.x is not required.
	ServiceTag     string
	ServiceTags    []string
	ServiceAddress string
	TagFilter      bool // Controls tag filtering
	Source         QuerySource

	// Connect if true will only search for Connect-compatible services.
	Connect bool

	// Ingress if true will only search for Ingress gateways for the given service.
	Ingress bool

	// MergeCentralConfig when set to true returns a service definition merged with
	// the proxy-defaults/global and service-defaults/:service config entries.
	// This can be used to ensure a full service definition is returned in the response
	// especially when the service might not be written into the catalog that way.
	MergeCentralConfig bool

	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	QueryOptions
}

ServiceSpecificRequest is used to query about a specific service

func (*ServiceSpecificRequest) CacheInfo added in v1.3.0

func (r *ServiceSpecificRequest) CacheInfo() cache.RequestInfo

func (*ServiceSpecificRequest) CacheMinIndex added in v1.3.0

func (r *ServiceSpecificRequest) CacheMinIndex() uint64

func (*ServiceSpecificRequest) RequestDatacenter

func (r *ServiceSpecificRequest) RequestDatacenter() string

type ServiceSplit added in v1.16.100

type ServiceSplit struct {
	// A value between 0 and 100 reflecting what portion of traffic should be
	// directed to this split.
	//
	// The smallest representable weight is 1/10000 or .01%
	//
	// If the split is within epsilon of 100 then the remainder is attributed
	// to the FIRST split.
	Weight float32

	// Service is the service to resolve instead of the default (optional).
	Service string `json:",omitempty"`

	// ServiceSubset is a named subset of the given service to resolve instead
	// of one defined as that service's DefaultSubset. If empty the default
	// subset is used (optional).
	//
	// If this field is specified then this route is ineligible for further
	// splitting.
	ServiceSubset string `json:",omitempty" alias:"service_subset"`

	// Namespace is the namespace to resolve the service from instead of the
	// current namespace. If empty the current namespace is assumed (optional).
	//
	// If this field is specified then this route is ineligible for further
	// splitting.
	Namespace string `json:",omitempty"`

	// Partition is the partition to resolve the service from instead of the
	// current partition. If empty the current partition is assumed (optional).
	//
	// If this field is specified then this route is ineligible for further
	// splitting.
	Partition string `json:",omitempty"`

	// Allow HTTP header manipulation to be configured.
	RequestHeaders  *HTTPHeaderModifiers `json:",omitempty" alias:"request_headers"`
	ResponseHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"response_headers"`
}

ServiceSplit defines how much traffic to send to which set of service instances during a traffic split.

func (*ServiceSplit) GetEnterpriseMeta added in v1.16.100

func (split *ServiceSplit) GetEnterpriseMeta(_ *acl.EnterpriseMeta) *acl.EnterpriseMeta

GetEnterpriseMeta is used to synthesize the EnterpriseMeta struct from fields in the ServiceSplit

func (*ServiceSplit) MergeParent added in v1.16.100

func (s *ServiceSplit) MergeParent(parent *ServiceSplit) (*ServiceSplit, error)

MergeParent is called by the discovery chain compiler when a split directs to another splitter. We refer to the first ServiceSplit as the parent and the ServiceSplits of the second splitter as its children. The parent ends up "flattened" by the compiler, i.e. replaced with its children recursively with the weights modified as necessary.

Since the parent is never included in the output, any request processing config attached to it (e.g. header manipulation) would be lost and not take affect when splitters direct to other splitters. To avoid that, we define a MergeParent operation which is called by the compiler on each child split during flattening. It must merge any request processing configuration from the passed parent into the child such that the end result is equivalent to a request first passing through the parent and then the child. Response handling must occur as if the request first passed through the through the child to the parent.

MergeDefaults leaves both s and parent unchanged and returns a deep copy to avoid confusing issues where config changes after being compiled.

type ServiceSplitterConfigEntry added in v1.16.100

type ServiceSplitterConfigEntry struct {
	Kind string
	Name string

	// Splits is the configurations for the details of the traffic splitting.
	//
	// The sum of weights across all splits must add up to 100.
	//
	// If the split is within epsilon of 100 then the remainder is attributed
	// to the FIRST split.
	Splits []ServiceSplit

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

ServiceSplitterConfigEntry defines how incoming requests are split across different subsets of a single service (like during staged canary rollouts), or perhaps across different services (like during a v2 rewrite or other type of codebase migration).

This config entry represents the next hop of the discovery chain after routing. If no splitter config is defined the chain assumes 100% of traffic goes to the default service and discovery continues on to the resolution hop.

Splitter configs are recursively collected while walking the discovery chain.

Splitter config entries will be restricted to only services that define their protocol as http-based (in centralized configuration).

func (*ServiceSplitterConfigEntry) CanRead added in v1.16.100

func (e *ServiceSplitterConfigEntry) CanRead(authz acl.Authorizer) error

func (*ServiceSplitterConfigEntry) CanWrite added in v1.16.100

func (e *ServiceSplitterConfigEntry) CanWrite(authz acl.Authorizer) error

func (*ServiceSplitterConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *ServiceSplitterConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*ServiceSplitterConfigEntry) GetKind added in v1.16.100

func (e *ServiceSplitterConfigEntry) GetKind() string

func (*ServiceSplitterConfigEntry) GetMeta added in v1.16.100

func (e *ServiceSplitterConfigEntry) GetMeta() map[string]string

func (*ServiceSplitterConfigEntry) GetName added in v1.16.100

func (e *ServiceSplitterConfigEntry) GetName() string

func (*ServiceSplitterConfigEntry) GetRaftIndex added in v1.16.100

func (e *ServiceSplitterConfigEntry) GetRaftIndex() *RaftIndex

func (*ServiceSplitterConfigEntry) ListRelatedServices added in v1.16.100

func (e *ServiceSplitterConfigEntry) ListRelatedServices() []ServiceID

func (*ServiceSplitterConfigEntry) Normalize added in v1.16.100

func (e *ServiceSplitterConfigEntry) Normalize() error

func (*ServiceSplitterConfigEntry) Validate added in v1.16.100

func (e *ServiceSplitterConfigEntry) Validate() error

type ServiceTopology added in v1.16.100

type ServiceTopology struct {
	Upstreams   CheckServiceNodes
	Downstreams CheckServiceNodes

	UpstreamDecisions   map[string]IntentionDecisionSummary
	DownstreamDecisions map[string]IntentionDecisionSummary

	// MetricsProtocol is the protocol of the service being queried
	MetricsProtocol string

	// TransparentProxy describes whether all instances of the proxy
	// service are in transparent mode.
	TransparentProxy bool

	// (Up|Down)streamSources are maps with labels for why each service is being
	// returned. Services can be upstreams or downstreams due to
	// explicit upstream definition or various types of intention policies:
	// specific, wildcard, or default allow.
	UpstreamSources   map[string]string
	DownstreamSources map[string]string
}

type ServiceUsage added in v1.16.100

type ServiceUsage struct {
	Services                 int
	ServiceInstances         int
	ConnectServiceInstances  map[string]int
	BillableServiceInstances int
	Nodes                    int
	EnterpriseServiceUsage
}

ServiceUsage contains all of the usage data related to services

type Services

type Services map[string][]string

Used to return information about a provided services. Maps service name to available tags

type Session

type Session struct {
	ID            string
	Name          string
	Node          string // TODO(partitions): ensure that the entmeta interacts with this node field properly
	LockDelay     time.Duration
	Behavior      SessionBehavior // What to do when session is invalidated
	TTL           string
	NodeChecks    []string
	ServiceChecks []ServiceCheck

	// Deprecated v1.7.0.
	Checks []types.CheckID `json:",omitempty"`

	acl.EnterpriseMeta
	RaftIndex
}

Session is used to represent an open session in the KV store. This issued to associate node checks with acquired locks.

func (*Session) CheckIDs added in v1.16.100

func (s *Session) CheckIDs() []types.CheckID

CheckIDs returns the IDs for all checks associated with a session, regardless of type

func (*Session) IDValue added in v1.16.100

func (s *Session) IDValue() string

IDValue implements the state.singleValueID interface for indexing.

func (*Session) UnmarshalJSON added in v1.16.100

func (s *Session) UnmarshalJSON(data []byte) (err error)

type SessionBehavior

type SessionBehavior string
const (
	SessionKeysRelease SessionBehavior = "release"
	SessionKeysDelete                  = "delete"
)

type SessionOp

type SessionOp string
const (
	SessionCreate  SessionOp = "create"
	SessionDestroy           = "destroy"
)

type SessionRequest

type SessionRequest struct {
	Datacenter string
	Op         SessionOp // Which operation are we performing
	Session    Session   // Which session
	WriteRequest
}

SessionRequest is used to operate on sessions

func (*SessionRequest) RequestDatacenter

func (r *SessionRequest) RequestDatacenter() string

type SessionSpecificRequest

type SessionSpecificRequest struct {
	Datacenter string
	SessionID  string
	// DEPRECATED in 1.7.0
	Session string
	acl.EnterpriseMeta
	QueryOptions
}

SessionSpecificRequest is used to request a session by ID

func (*SessionSpecificRequest) RequestDatacenter

func (r *SessionSpecificRequest) RequestDatacenter() string

type Sessions

type Sessions []*Session

type SignedResponse added in v1.16.100

type SignedResponse struct {
	IssuedCert           IssuedCert     `json:",omitempty"`
	ConnectCARoots       IndexedCARoots `json:",omitempty"`
	ManualCARoots        []string       `json:",omitempty"`
	GossipKey            string         `json:",omitempty"`
	VerifyServerHostname bool           `json:",omitempty"`
}

type SimplifiedIntentions added in v1.16.100

type SimplifiedIntentions Intentions

SimplifiedIntentions contains expanded sameness groups.

type SnapshotOp

type SnapshotOp int
const (
	SnapshotSave SnapshotOp = iota
	SnapshotRestore
)

type SnapshotReplyFn

type SnapshotReplyFn func(reply *SnapshotResponse) error

SnapshotReplyFn gets a peek at the reply before the snapshot streams, which is useful for setting headers.

type SnapshotRequest

type SnapshotRequest struct {
	// Datacenter is the target datacenter for this request. The request
	// will be forwarded if necessary.
	Datacenter string

	// Token is the ACL token to use for the operation. If ACLs are enabled
	// then all operations require a management token.
	Token string

	// If set, any follower can service the request. Results may be
	// arbitrarily stale. Only applies to SnapshotSave.
	AllowStale bool

	// Op is the operation code for the RPC.
	Op SnapshotOp
}

SnapshotRequest is used as a header for a snapshot RPC request. This will precede any streaming data that's part of the request and is JSON-encoded on the wire.

type SnapshotResponse

type SnapshotResponse struct {
	// Error is the overall error status of the RPC request.
	Error string

	// QueryMeta has freshness information about the server that handled the
	// request. It is only filled in for a SnapshotSave.
	QueryMeta
}

SnapshotResponse is used header for a snapshot RPC response. This will precede any streaming data that's part of the request and is JSON-encoded on the wire.

type SourceIntention added in v1.16.100

type SourceIntention struct {
	// Name is the name of the source service. This can be a wildcard "*", but
	// only the full value can be a wildcard. Partial wildcards are not
	// allowed.
	//
	// The source may also be a non-Consul service, as specified by SourceType.
	//
	// formerly Intention.SourceName
	Name string

	// Action is whether this is an allowlist or denylist intention.
	//
	// formerly Intention.Action
	//
	// NOTE: this is mutually exclusive with the Permissions field.
	Action IntentionAction `json:",omitempty"`

	// Permissions is the list of additional L7 attributes that extend the
	// intention definition.
	//
	// Permissions are interpreted in the order represented in the slice. In
	// default-deny mode, deny permissions are logically subtracted from all
	// following allow permissions. Multiple allow permissions are then ORed
	// together.
	//
	// For example:
	//   ["deny /v2/admin", "allow /v2/*", "allow GET /healthz"]
	//
	// Is logically interpreted as:
	//   allow: [
	//     "(/v2/*) AND NOT (/v2/admin)",
	//     "(GET /healthz) AND NOT (/v2/admin)"
	//   ]
	Permissions []*IntentionPermission `json:",omitempty"`

	// Precedence is the order that the intention will be applied, with
	// larger numbers being applied first. This is a read-only field, on
	// any intention update it is updated.
	//
	// Note we will technically decode this over the wire during a write, but
	// we always recompute it on save.
	//
	// formerly Intention.Precedence
	Precedence int

	// LegacyID is manipulated just by the bridging code
	// used as part of backwards compatibility.
	//
	// formerly Intention.ID
	LegacyID string `json:",omitempty" alias:"legacy_id"`

	// Type is the type of the value for the source.
	//
	// formerly Intention.SourceType
	Type IntentionSourceType

	// Description is a human-friendly description of this intention.
	// It is opaque to Consul and is only stored and transferred in API
	// requests.
	//
	// formerly Intention.Description
	Description string `json:",omitempty"`

	// LegacyMeta is arbitrary metadata associated with the intention. This is
	// opaque to Consul but is served in API responses.
	//
	// formerly Intention.Meta
	LegacyMeta map[string]string `json:",omitempty" alias:"legacy_meta"`

	// LegacyCreateTime is formerly Intention.CreatedAt
	LegacyCreateTime *time.Time `json:",omitempty" alias:"legacy_create_time"`
	// LegacyUpdateTime is formerly Intention.UpdatedAt
	LegacyUpdateTime *time.Time `json:",omitempty" alias:"legacy_update_time"`

	// formerly Intention.SourceNS
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`

	// Peer is the name of the remote peer of the source service, if applicable.
	Peer string `json:",omitempty"`

	// SamenessGroup is the name of the sameness group, if applicable.
	SamenessGroup string `json:",omitempty" alias:"sameness_group"`
}

func (*SourceIntention) Clone added in v1.16.100

func (x *SourceIntention) Clone() *SourceIntention

func (*SourceIntention) SourceServiceName added in v1.16.100

func (x *SourceIntention) SourceServiceName() ServiceName

type Status added in v1.16.100

type Status struct {
	// Conditions is the set of condition objects associated with
	// a ConfigEntry status.
	Conditions []Condition
}

Status is used for propagating back asynchronously calculated messages from control loops to a user

func (*Status) DeepCopy added in v1.16.100

func (o *Status) DeepCopy() *Status

DeepCopy generates a deep copy of *Status

func (*Status) MatchesConditionStatus added in v1.16.100

func (s *Status) MatchesConditionStatus(condition Condition) bool

func (Status) SameConditions added in v1.16.100

func (s Status) SameConditions(other Status) bool

type StatusUpdater added in v1.16.100

type StatusUpdater struct {
	// contains filtered or unexported fields
}

func NewStatusUpdater added in v1.16.100

func NewStatusUpdater(entry ControlledConfigEntry) *StatusUpdater

func (*StatusUpdater) ClearConditions added in v1.16.100

func (u *StatusUpdater) ClearConditions()

func (*StatusUpdater) RemoveCondition added in v1.16.100

func (u *StatusUpdater) RemoveCondition(condition Condition)

func (*StatusUpdater) SetCondition added in v1.16.100

func (u *StatusUpdater) SetCondition(condition Condition)

func (*StatusUpdater) UpdateEntry added in v1.16.100

func (u *StatusUpdater) UpdateEntry() (ControlledConfigEntry, bool)

type SystemMetadataEntry added in v1.16.100

type SystemMetadataEntry struct {
	Key   string
	Value string `json:",omitempty"`
	RaftIndex
}

type SystemMetadataOp added in v1.16.100

type SystemMetadataOp string

SystemMetadataOp is the operation for a request related to system metadata.

const (
	SystemMetadataUpsert SystemMetadataOp = "upsert"
	SystemMetadataDelete SystemMetadataOp = "delete"
)

type SystemMetadataRequest added in v1.16.100

type SystemMetadataRequest struct {
	// Datacenter is the target for this request.
	Datacenter string

	// Op is the type of operation being requested.
	Op SystemMetadataOp

	// Entry is the key to modify.
	Entry *SystemMetadataEntry

	// WriteRequest is a common struct containing ACL tokens and other
	// write-related common elements for requests.
	WriteRequest
}

SystemMetadataRequest is used to upsert and delete system metadata.

func (*SystemMetadataRequest) RequestDatacenter added in v1.16.100

func (c *SystemMetadataRequest) RequestDatacenter() string

RequestDatacenter returns the datacenter for a given request.

type TCPRouteConfigEntry added in v1.16.100

type TCPRouteConfigEntry struct {
	// Kind of the config entry. This will be set to structs.TCPRoute.
	Kind string

	// Name is used to match the config entry with its associated set
	// of resources.
	Name string

	// Parents is a list of gateways that this route should be bound to
	Parents []ResourceReference

	// Services is a list of TCP-based services that this should route to.
	// Currently, this must specify at maximum one service.
	Services []TCPService

	Meta map[string]string `json:",omitempty"`
	// Status is the asynchronous reconciliation status which a TCPRoute propagates to the user.
	Status             Status
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

TCPRouteConfigEntry manages the configuration for a TCP route with the given name.

func (*TCPRouteConfigEntry) CanRead added in v1.16.100

func (e *TCPRouteConfigEntry) CanRead(authz acl.Authorizer) error

func (*TCPRouteConfigEntry) CanWrite added in v1.16.100

func (e *TCPRouteConfigEntry) CanWrite(authz acl.Authorizer) error

func (*TCPRouteConfigEntry) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *TCPRouteConfigEntry

func (*TCPRouteConfigEntry) DefaultStatus added in v1.16.100

func (e *TCPRouteConfigEntry) DefaultStatus() Status

func (*TCPRouteConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *TCPRouteConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*TCPRouteConfigEntry) GetKind added in v1.16.100

func (e *TCPRouteConfigEntry) GetKind() string

func (*TCPRouteConfigEntry) GetMeta added in v1.16.100

func (e *TCPRouteConfigEntry) GetMeta() map[string]string

func (*TCPRouteConfigEntry) GetName added in v1.16.100

func (e *TCPRouteConfigEntry) GetName() string

func (*TCPRouteConfigEntry) GetParents added in v1.16.100

func (e *TCPRouteConfigEntry) GetParents() []ResourceReference

func (*TCPRouteConfigEntry) GetProtocol added in v1.16.100

func (*TCPRouteConfigEntry) GetRaftIndex added in v1.16.100

func (e *TCPRouteConfigEntry) GetRaftIndex() *RaftIndex

func (*TCPRouteConfigEntry) GetServiceNames added in v1.16.100

func (e *TCPRouteConfigEntry) GetServiceNames() []ServiceName

func (*TCPRouteConfigEntry) GetServices added in v1.16.100

func (e *TCPRouteConfigEntry) GetServices() []TCPService

func (*TCPRouteConfigEntry) GetStatus added in v1.16.100

func (e *TCPRouteConfigEntry) GetStatus() Status

func (*TCPRouteConfigEntry) Normalize added in v1.16.100

func (e *TCPRouteConfigEntry) Normalize() error

func (*TCPRouteConfigEntry) SetStatus added in v1.16.100

func (e *TCPRouteConfigEntry) SetStatus(status Status)

func (*TCPRouteConfigEntry) Validate added in v1.16.100

func (e *TCPRouteConfigEntry) Validate() error

type TCPService added in v1.16.100

type TCPService struct {
	Name string

	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
}

TCPService is a service reference for a TCPRoute

func (TCPService) ServiceName added in v1.16.100

func (s TCPService) ServiceName() ServiceName

type TerminatingGatewayConfigEntry added in v1.16.100

type TerminatingGatewayConfigEntry struct {
	Kind     string
	Name     string
	Services []LinkedService

	Meta               map[string]string `json:",omitempty"`
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	RaftIndex
}

TerminatingGatewayConfigEntry manages the configuration for a terminating service with the given name.

func (*TerminatingGatewayConfigEntry) CanRead added in v1.16.100

func (*TerminatingGatewayConfigEntry) CanWrite added in v1.16.100

func (*TerminatingGatewayConfigEntry) GetEnterpriseMeta added in v1.16.100

func (e *TerminatingGatewayConfigEntry) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*TerminatingGatewayConfigEntry) GetKind added in v1.16.100

func (*TerminatingGatewayConfigEntry) GetMeta added in v1.16.100

func (e *TerminatingGatewayConfigEntry) GetMeta() map[string]string

func (*TerminatingGatewayConfigEntry) GetName added in v1.16.100

func (*TerminatingGatewayConfigEntry) GetRaftIndex added in v1.16.100

func (e *TerminatingGatewayConfigEntry) GetRaftIndex() *RaftIndex

func (*TerminatingGatewayConfigEntry) Normalize added in v1.16.100

func (e *TerminatingGatewayConfigEntry) Normalize() error

func (*TerminatingGatewayConfigEntry) Validate added in v1.16.100

func (e *TerminatingGatewayConfigEntry) Validate() error

func (*TerminatingGatewayConfigEntry) Warnings added in v1.16.100

func (e *TerminatingGatewayConfigEntry) Warnings() []string

type TombstoneOp

type TombstoneOp string
const (
	TombstoneReap TombstoneOp = "reap"
)

type TombstoneRequest

type TombstoneRequest struct {
	Datacenter string
	Op         TombstoneOp
	ReapIndex  uint64
	WriteRequest
}

TombstoneRequest is used to trigger a reaping of the tombstones

func (*TombstoneRequest) RequestDatacenter

func (r *TombstoneRequest) RequestDatacenter() string

type TransparentProxyConfig added in v1.16.100

type TransparentProxyConfig struct {
	// The port of the listener where outbound application traffic is being redirected to.
	OutboundListenerPort int `json:",omitempty" alias:"outbound_listener_port"`

	// DialedDirectly indicates whether transparent proxies can dial this proxy instance directly.
	// The discovery chain is not considered when dialing a service instance directly.
	// This setting is useful when addressing stateful services, such as a database cluster with a leader node.
	DialedDirectly bool `json:",omitempty" alias:"dialed_directly"`
}

func (*TransparentProxyConfig) IsZero added in v1.16.100

func (c *TransparentProxyConfig) IsZero() bool

func (TransparentProxyConfig) ToAPI added in v1.16.100

type TransparentProxyMeshConfig added in v1.16.100

type TransparentProxyMeshConfig struct {
	// MeshDestinationsOnly can be used to disable the pass-through that
	// allows traffic to destinations outside of the mesh.
	MeshDestinationsOnly bool `alias:"mesh_destinations_only"`
}

TransparentProxyMeshConfig contains cluster-wide options pertaining to TPROXY mode when enabled.

type TxnCheckOp added in v1.4.1

type TxnCheckOp struct {
	Verb  api.CheckOp
	Check HealthCheck
}

TxnCheckOp is used to define a single operation on a health check inside a transaction.

func (*TxnCheckOp) FillAuthzContext added in v1.16.100

func (_ *TxnCheckOp) FillAuthzContext(_ *acl.AuthorizerContext)

OSS Stub

type TxnCheckResult added in v1.4.1

type TxnCheckResult *HealthCheck

TxnCheckResult is used to define the result of a single operation on a session inside a transaction.

type TxnError

type TxnError struct {
	OpIndex int
	What    string
}

TxnError is used to return information about an error for a specific operation.

func (TxnError) Error

func (e TxnError) Error() string

Error returns the string representation of an atomic error.

type TxnErrors

type TxnErrors []*TxnError

TxnErrors is a list of TxnError entries.

type TxnIntentionOp deprecated added in v1.4.0

type TxnIntentionOp IntentionRequest

TxnIntentionOp is used to define a single operation on an Intention inside a transaction.

Deprecated: see TxnOp.Intention description

type TxnKVOp

type TxnKVOp struct {
	Verb   api.KVOp
	DirEnt DirEntry
}

TxnKVOp is used to define a single operation on the KVS inside a transaction.

type TxnKVResult

type TxnKVResult *DirEntry

TxnKVResult is used to define the result of a single operation on the KVS inside a transaction.

type TxnNodeOp added in v1.4.1

type TxnNodeOp struct {
	Verb api.NodeOp
	Node Node
}

TxnNodeOp is used to define a single operation on a node in the catalog inside a transaction.

func (*TxnNodeOp) FillAuthzContext added in v1.16.100

func (op *TxnNodeOp) FillAuthzContext(ctx *acl.AuthorizerContext)

OSS Stub

type TxnNodeResult added in v1.4.1

type TxnNodeResult *Node

TxnNodeResult is used to define the result of a single operation on a node in the catalog inside a transaction.

type TxnOp

type TxnOp struct {
	KV      *TxnKVOp
	Node    *TxnNodeOp
	Service *TxnServiceOp
	Check   *TxnCheckOp
	Session *TxnSessionOp

	// Intention was an internal-only (not exposed in API or RPC)
	// implementation detail of legacy intention replication. This is
	// deprecated but retained for backwards compatibility with versions
	// of consul pre-dating 1.9.0. We need it for two reasons:
	//
	// 1. If a secondary DC is upgraded first, we need to continue to
	//    replicate legacy intentions UNTIL the primary DC is upgraded.
	//    Legacy intention replication exclusively writes using a TxnOp.
	// 2. If we attempt to reprocess raft-log contents pre-dating 1.9.0
	//    (such as when updating a secondary DC) we need to be able to
	//    recreate the state machine from the snapshot and whatever raft logs are
	//    present.
	Intention *TxnIntentionOp
}

TxnOp is used to define a single operation inside a transaction. Only one of the types should be filled out per entry.

type TxnOps

type TxnOps []*TxnOp

TxnOps is a list of operations within a transaction.

type TxnReadRequest

type TxnReadRequest struct {
	Datacenter string
	Ops        TxnOps
	QueryOptions
}

TxnReadRequest is used as a fast path for read-only transactions that don't modify the state store.

func (*TxnReadRequest) RequestDatacenter

func (r *TxnReadRequest) RequestDatacenter() string

type TxnReadResponse

type TxnReadResponse struct {
	TxnResponse
	QueryMeta
}

TxnReadResponse is the structure returned by a TxnReadRequest.

type TxnRequest

type TxnRequest struct {
	Datacenter string
	Ops        TxnOps
	WriteRequest
}

TxnRequest is used to apply multiple operations to the state store in a single transaction

func (*TxnRequest) RequestDatacenter

func (r *TxnRequest) RequestDatacenter() string

type TxnResponse

type TxnResponse struct {
	Results TxnResults
	Errors  TxnErrors
}

TxnResponse is the structure returned by a TxnRequest.

func (TxnResponse) Error added in v1.4.0

func (r TxnResponse) Error() error

Error returns an aggregate of all errors in this TxnResponse.

type TxnResult

type TxnResult struct {
	KV      TxnKVResult      `json:",omitempty"`
	Node    TxnNodeResult    `json:",omitempty"`
	Service TxnServiceResult `json:",omitempty"`
	Check   TxnCheckResult   `json:",omitempty"`
}

TxnResult is used to define the result of a given operation inside a transaction. Only one of the types should be filled out per entry.

type TxnResults

type TxnResults []*TxnResult

TxnResults is a list of TxnResult entries.

type TxnServiceOp added in v1.4.1

type TxnServiceOp struct {
	Verb    api.ServiceOp
	Node    string
	Service NodeService
}

TxnServiceOp is used to define a single operation on a service in the catalog inside a transaction.

func (*TxnServiceOp) FillAuthzContext added in v1.16.100

func (_ *TxnServiceOp) FillAuthzContext(_ *acl.AuthorizerContext)

OSS Stub

type TxnServiceResult added in v1.4.1

type TxnServiceResult *NodeService

TxnServiceResult is used to define the result of a single operation on a service in the catalog inside a transaction.

type TxnSessionOp added in v1.16.100

type TxnSessionOp struct {
	Verb    api.SessionOp
	Session Session
}

TxnSessionOp is used to define a single operation on a session inside a transaction.

type URLRewrite added in v1.16.100

type URLRewrite struct {
	Path string
}

type UpdatableConfigEntry added in v1.16.100

type UpdatableConfigEntry interface {
	// UpdateOver is called from the state machine when an identically named
	// config entry already exists. This lets the config entry optionally
	// choose to use existing information from a config entry (such as
	// CreateTime) to slightly adjust how the update actually happens.
	UpdateOver(prev ConfigEntry) error
	ConfigEntry
}

UpdatableConfigEntry is the optional interface implemented by a ConfigEntry if it wants more control over how the update part of upsert works differently than a straight create. By default without this implementation all upsert operations are replacements.

type Upstream added in v1.3.0

type Upstream struct {
	// Destination fields are the required ones for determining what this upstream
	// points to. Depending on DestinationType some other fields below might
	// further restrict the set of instances allowable.
	//
	// DestinationType would be better as an int constant but even with custom
	// JSON marshallers it causes havoc with all the mapstructure mangling we do
	// on service definitions in various places.
	DestinationType      string `alias:"destination_type"`
	DestinationNamespace string `json:",omitempty" alias:"destination_namespace"`
	DestinationPartition string `json:",omitempty" alias:"destination_partition"`
	DestinationPeer      string `json:",omitempty" alias:"destination_peer"`
	DestinationName      string `alias:"destination_name"`

	// Datacenter that the service discovery request should be run against. Note
	// for prepared queries, the actual results might be from a different
	// datacenter.
	Datacenter string

	// LocalBindAddress is the ip address a side-car proxy should listen on for
	// traffic destined for this upstream service. Default if empty is 127.0.0.1.
	LocalBindAddress string `json:",omitempty" alias:"local_bind_address"`

	// LocalBindPort is the ip address a side-car proxy should listen on for traffic
	// destined for this upstream service. Required.
	LocalBindPort int `json:",omitempty" alias:"local_bind_port"`

	// These are exclusive with LocalBindAddress/LocalBindPort
	LocalBindSocketPath string `json:",omitempty" alias:"local_bind_socket_path"`
	// This might be represented as an int, but because it's octal outputs can be a bit strange.
	LocalBindSocketMode string `json:",omitempty" alias:"local_bind_socket_mode"`

	// Config is an opaque config that is specific to the proxy process being run.
	// It can be used to pass arbitrary configuration for this specific upstream
	// to the proxy.
	Config map[string]interface{} `json:",omitempty" bexpr:"-"`

	// MeshGateway is the configuration for mesh gateway usage of this upstream
	MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"`

	// IngressHosts are a list of hosts that should route to this upstream from an
	// ingress gateway. This cannot and should not be set by a user, it is used
	// internally to store the association of hosts to an upstream service.
	// TODO(banks): we shouldn't need this any more now we pass through full
	// listener config in the ingress snapshot.
	IngressHosts []string `json:"-" bexpr:"-"`

	// CentrallyConfigured indicates whether the upstream was defined in a proxy
	// instance registration or whether it was generated from a config entry.
	CentrallyConfigured bool `json:",omitempty" bexpr:"-"`
}

Upstream represents a single upstream dependency for a service or proxy. It describes the mechanism used to discover instances to communicate with (the Target) as well as any potential client configuration that may be useful such as load balancer options, timeouts etc.

func UpstreamFromAPI added in v1.3.0

func UpstreamFromAPI(u api.Upstream) Upstream

UpstreamFromAPI is a helper for converting api.Upstream to Upstream.

func (*Upstream) DeepCopy added in v1.16.100

func (o *Upstream) DeepCopy() *Upstream

DeepCopy generates a deep copy of *Upstream

func (*Upstream) DestinationID added in v1.16.100

func (us *Upstream) DestinationID() PeeredServiceName

func (*Upstream) GetEnterpriseMeta added in v1.16.100

func (us *Upstream) GetEnterpriseMeta() *acl.EnterpriseMeta

func (*Upstream) HasLocalPortOrSocket added in v1.16.100

func (u *Upstream) HasLocalPortOrSocket() bool

func (*Upstream) String added in v1.3.0

func (us *Upstream) String() string

String returns a representation of this upstream suitable for debugging purposes but nothing relies upon this format.

func (*Upstream) ToAPI added in v1.3.0

func (u *Upstream) ToAPI() api.Upstream

ToAPI returns the api structs with the same fields. We have duplicates to avoid the api package depending on this one which imports a ton of Consul's core which you don't want if you are just trying to use our client in your app.

func (*Upstream) ToKey added in v1.16.100

func (u *Upstream) ToKey() UpstreamKey

ToKey returns a value-type representation that uniquely identifies the upstream in a canonical way. Set and unset values are deliberately handled differently.

These fields should be user-specified explicit values and not inferred values.

func (*Upstream) UnmarshalJSON added in v1.16.100

func (t *Upstream) UnmarshalJSON(data []byte) (err error)

func (*Upstream) UpstreamAddressToString added in v1.16.100

func (u *Upstream) UpstreamAddressToString() string

func (*Upstream) UpstreamIsUnixSocket added in v1.16.100

func (u *Upstream) UpstreamIsUnixSocket() bool

func (*Upstream) Validate added in v1.3.0

func (u *Upstream) Validate() error

Validate sanity checks the struct is valid

type UpstreamConfig added in v1.16.100

type UpstreamConfig struct {
	// Name is only accepted within service-defaults.upstreamConfig.overrides .
	Name string `json:",omitempty"`
	// EnterpriseMeta is only accepted within service-defaults.upstreamConfig.overrides .
	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
	// Peer is only accepted within service-defaults.upstreamConfig.overrides .
	Peer string

	// EnvoyListenerJSON is a complete override ("escape hatch") for the upstream's
	// listener.
	//
	// Note: This escape hatch is NOT compatible with the discovery chain and
	// will be ignored if a discovery chain is active.
	EnvoyListenerJSON string `json:",omitempty" alias:"envoy_listener_json"`

	// EnvoyClusterJSON is a complete override ("escape hatch") for the upstream's
	// cluster. The Connect client TLS certificate and context will be injected
	// overriding any TLS settings present.
	//
	// Note: This escape hatch is NOT compatible with the discovery chain and
	// will be ignored if a discovery chain is active.
	EnvoyClusterJSON string `json:",omitempty" alias:"envoy_cluster_json"`

	// Protocol describes the upstream's service protocol. Valid values are "tcp",
	// "http" and "grpc". Anything else is treated as tcp. The enables protocol
	// aware features like per-request metrics and connection pooling, tracing,
	// routing etc.
	Protocol string `json:",omitempty"`

	// ConnectTimeoutMs is the number of milliseconds to timeout making a new
	// connection to this upstream. Defaults to 5000 (5 seconds) if not set.
	ConnectTimeoutMs int `json:",omitempty" alias:"connect_timeout_ms"`

	// Limits are the set of limits that are applied to the proxy for a specific upstream of a
	// service instance.
	Limits *UpstreamLimits `json:",omitempty"`

	// PassiveHealthCheck configuration determines how upstream proxy instances will
	// be monitored for removal from the load balancing pool.
	PassiveHealthCheck *PassiveHealthCheck `json:",omitempty" alias:"passive_health_check"`

	// MeshGatewayConfig controls how Mesh Gateways are configured and used
	MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway" `

	// BalanceOutboundConnections indicates how the proxy should attempt to distribute
	// connections across worker threads. Only used by envoy proxies.
	BalanceOutboundConnections string `json:",omitempty" alias:"balance_outbound_connections"`
}

func ParseUpstreamConfig added in v1.16.100

func ParseUpstreamConfig(m map[string]interface{}) (UpstreamConfig, error)

ParseUpstreamConfig returns the UpstreamConfig parsed from an opaque map. If an error occurs during parsing it is returned along with the default config this allows caller to choose whether and how to report the error.

func ParseUpstreamConfigNoDefaults added in v1.16.100

func ParseUpstreamConfigNoDefaults(m map[string]interface{}) (UpstreamConfig, error)

func (UpstreamConfig) Clone added in v1.16.100

func (cfg UpstreamConfig) Clone() UpstreamConfig

func (UpstreamConfig) MergeInto added in v1.16.100

func (cfg UpstreamConfig) MergeInto(dst map[string]interface{})

func (*UpstreamConfig) NormalizeWithName added in v1.16.100

func (cfg *UpstreamConfig) NormalizeWithName(entMeta *acl.EnterpriseMeta) error

func (*UpstreamConfig) NormalizeWithoutName added in v1.16.100

func (cfg *UpstreamConfig) NormalizeWithoutName() error

func (*UpstreamConfig) PeeredServiceName added in v1.16.100

func (cfg *UpstreamConfig) PeeredServiceName() PeeredServiceName

func (UpstreamConfig) ValidateWithName added in v1.16.100

func (cfg UpstreamConfig) ValidateWithName() error

func (UpstreamConfig) ValidateWithoutName added in v1.16.100

func (cfg UpstreamConfig) ValidateWithoutName() error

type UpstreamConfiguration added in v1.16.100

type UpstreamConfiguration struct {
	// Overrides is a slice of per-service configuration. The name field is
	// required.
	Overrides []*UpstreamConfig `json:",omitempty"`

	// Defaults contains default configuration for all upstreams of a given
	// service. The name field must be empty.
	Defaults *UpstreamConfig `json:",omitempty"`
}

func (*UpstreamConfiguration) Clone added in v1.16.100

func (*UpstreamConfiguration) DeepCopy added in v1.16.100

DeepCopy generates a deep copy of *UpstreamConfiguration

type UpstreamKey added in v1.16.100

type UpstreamKey struct {
	DestinationType      string
	DestinationName      string
	DestinationPartition string
	DestinationNamespace string
	DestinationPeer      string
	Datacenter           string
}

func (UpstreamKey) String added in v1.16.100

func (k UpstreamKey) String() string

type UpstreamLimits added in v1.16.100

type UpstreamLimits struct {
	// MaxConnections is the maximum number of connections the local proxy can
	// make to the upstream service.
	MaxConnections *int `json:",omitempty" alias:"max_connections"`

	// MaxPendingRequests is the maximum number of requests that will be queued
	// waiting for an available connection. This is mostly applicable to HTTP/1.1
	// clusters since all HTTP/2 requests are streamed over a single
	// connection.
	MaxPendingRequests *int `json:",omitempty" alias:"max_pending_requests"`

	// MaxConcurrentRequests is the maximum number of in-flight requests that will be allowed
	// to the upstream cluster at a point in time. This is mostly applicable to HTTP/2
	// clusters since all HTTP/1.1 requests are limited by MaxConnections.
	MaxConcurrentRequests *int `json:",omitempty" alias:"max_concurrent_requests"`
}

UpstreamLimits describes the limits that are associated with a specific upstream of a service instance.

func (*UpstreamLimits) Clone added in v1.16.100

func (ul *UpstreamLimits) Clone() *UpstreamLimits

func (*UpstreamLimits) IsZero added in v1.16.100

func (ul *UpstreamLimits) IsZero() bool

func (UpstreamLimits) Validate added in v1.16.100

func (ul UpstreamLimits) Validate() error

type Upstreams added in v1.3.0

type Upstreams []Upstream

Upstreams is a list of upstreams. Aliased to allow ToAPI method.

func TestAddDefaultsToUpstreams added in v1.3.0

func TestAddDefaultsToUpstreams(t testing.T, upstreams []Upstream, entMeta acl.EnterpriseMeta) Upstreams

TestAddDefaultsToUpstreams takes an array of upstreams (such as that from TestUpstreams) and adds default values that are populated during registration. Use this for generating the expected Upstreams value after registration.

func TestUpstreams added in v1.3.0

func TestUpstreams(t testing.T, enterprise bool) Upstreams

TestUpstreams returns a set of upstreams to be used in tests exercising most important configuration patterns.

func UpstreamsFromAPI added in v1.3.0

func UpstreamsFromAPI(us []api.Upstream) Upstreams

UpstreamsFromAPI is a helper for converting api.Upstream to Upstream.

func (Upstreams) ToAPI added in v1.3.0

func (us Upstreams) ToAPI() []api.Upstream

ToAPI returns the api structs with the same fields. We have duplicates to avoid the api package depending on this one which imports a ton of Consul's core which you don't want if you are just trying to use our client in your app.

type Usage added in v1.16.100

type Usage struct {
	Usage map[string]ServiceUsage

	QueryMeta
}

type VaultAuthMethod added in v1.16.100

type VaultAuthMethod struct {
	Type      string
	MountPath string `alias:"mount_path"`
	Params    map[string]interface{}
}

type VaultCAProviderConfig added in v1.2.0

type VaultCAProviderConfig struct {
	CommonCAProviderConfig `mapstructure:",squash"`

	Address                  string
	Token                    string
	RootPKIPath              string
	RootPKINamespace         string
	IntermediatePKIPath      string
	IntermediatePKINamespace string
	Namespace                string

	CAFile        string
	CAPath        string
	CertFile      string
	KeyFile       string
	TLSServerName string
	TLSSkipVerify bool

	AuthMethod *VaultAuthMethod `alias:"auth_method"`
}

type WarningConfigEntry added in v1.16.100

type WarningConfigEntry interface {
	Warnings() []string

	ConfigEntry
}

WarningConfigEntry is an optional interface implemented by a ConfigEntry if it wants to be able to emit warnings when it is being upserted.

type Weights added in v1.2.3

type Weights struct {
	Passing int
	Warning int
}

Weights represent the weight used by DNS for a given status

type WriteRequest

type WriteRequest struct {
	// Token is the ACL token ID. If not provided, the 'anonymous'
	// token is assumed for backwards compatibility.
	Token string
}

func (WriteRequest) AllowStaleRead

func (w WriteRequest) AllowStaleRead() bool

func (WriteRequest) HasTimedOut added in v1.16.100

func (w WriteRequest) HasTimedOut(start time.Time, rpcHoldTimeout, _, _ time.Duration) (bool, error)

func (WriteRequest) IsRead

func (w WriteRequest) IsRead() bool

WriteRequest only applies to writes, always false

func (*WriteRequest) SetTokenSecret added in v1.16.100

func (w *WriteRequest) SetTokenSecret(s string)

func (WriteRequest) TokenSecret added in v1.4.0

func (w WriteRequest) TokenSecret() string

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL