Documentation ¶
Index ¶
- func TestEchoConn(t testing.T, conn net.Conn, prefix string)
- func TestLocalAddr(port int) string
- func UpstreamResolverFromClient(client *api.Client, cfg UpstreamConfig) connect.Resolver
- type AgentConfigWatcher
- type Config
- type ConfigWatcher
- type Conn
- type Listener
- type Proxy
- type PublicListenerConfig
- type StaticConfigWatcher
- type TestTCPServer
- type UpstreamConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func TestEchoConn ¶
TestEchoConn attempts to write some bytes to conn and expects to read them back within a short timeout (10ms). If prefix is not empty we expect it to be poresent at the start of all echoed responses (for example to distinguish between multiple echo server instances).
func TestLocalAddr ¶
TestLocalAddr makes a localhost address on the given port
func UpstreamResolverFromClient ¶
func UpstreamResolverFromClient(client *api.Client, cfg UpstreamConfig) connect.Resolver
UpstreamResolverFromClient returns a ConsulResolver that can resolve the given UpstreamConfig using the provided api.Client dependency.
Types ¶
type AgentConfigWatcher ¶
type AgentConfigWatcher struct {
// contains filtered or unexported fields
}
AgentConfigWatcher watches the local Consul agent for proxy config changes.
func NewAgentConfigWatcher ¶
func NewAgentConfigWatcher(client *api.Client, proxyID string, logger *log.Logger) (*AgentConfigWatcher, error)
NewAgentConfigWatcher creates an AgentConfigWatcher.
func (*AgentConfigWatcher) Close ¶
func (w *AgentConfigWatcher) Close() error
Close frees watcher resources and implements io.Closer
func (*AgentConfigWatcher) Watch ¶
func (w *AgentConfigWatcher) Watch() <-chan *Config
Watch implements ConfigWatcher.
type Config ¶
type Config struct { // Token is the authentication token provided for queries to the local agent. Token string `json:"token" hcl:"token"` // ProxiedServiceName is the name of the service this proxy is representing. // This is the service _name_ and not the service _id_. This allows the // proxy to represent services not present in the local catalog. // // ProxiedServiceNamespace is the namespace of the service this proxy is // representing. ProxiedServiceName string `json:"proxied_service_name" hcl:"proxied_service_name"` ProxiedServiceNamespace string `json:"proxied_service_namespace" hcl:"proxied_service_namespace"` // PublicListener configures the mTLS listener. PublicListener PublicListenerConfig `json:"public_listener" hcl:"public_listener"` // Upstreams configures outgoing proxies for remote connect services. Upstreams []UpstreamConfig `json:"upstreams" hcl:"upstreams"` // Telemetry stores configuration for go-metrics. It is typically populated // from the agent's runtime config via the proxy config endpoint so that the // proxy will log metrics to the same location(s) as the agent. Telemetry lib.TelemetryConfig }
Config is the publicly configurable state for an entire proxy instance. It's mostly used as the format for the local-file config mode which is mostly for dev/testing. In normal use, different parts of this config are pulled from different locations (e.g. command line, agent config endpoint, agent certificate endpoints).
func ParseConfigFile ¶
ParseConfigFile parses proxy configuration from a file for local dev.
type ConfigWatcher ¶
type ConfigWatcher interface { // Watch returns a channel that will deliver new Configs if something external // provokes it. Watch() <-chan *Config }
ConfigWatcher is a simple interface to allow dynamic configurations from plugggable sources.
type Conn ¶
type Conn struct {
// contains filtered or unexported fields
}
Conn represents a single proxied TCP connection.
type Listener ¶
type Listener struct { // Service is the connect service instance to use. Service *connect.Service // contains filtered or unexported fields }
Listener is the implementation of a specific proxy listener. It has pluggable Listen and Dial methods to suit public mTLS vs upstream semantics. It handles the lifecycle of the listener and all connections opened through it
func NewPublicListener ¶
func NewPublicListener(svc *connect.Service, cfg PublicListenerConfig, logger *log.Logger) *Listener
NewPublicListener returns a Listener setup to listen for public mTLS connections and proxy them to the configured local application over TCP.
func NewUpstreamListener ¶
NewUpstreamListener returns a Listener setup to listen locally for TCP connections that are proxied to a discovered Connect service instance.
type Proxy ¶
type Proxy struct {
// contains filtered or unexported fields
}
Proxy implements the built-in connect proxy.
func New ¶
New returns a proxy with the given configuration source.
The ConfigWatcher can be used to update the configuration of the proxy. Whenever a new configuration is detected, the proxy will reconfigure itself.
type PublicListenerConfig ¶
type PublicListenerConfig struct { // BindAddress is the host/IP the public mTLS listener will bind to. // // BindPort is the port the public listener will bind to. BindAddress string `json:"bind_address" hcl:"bind_address" mapstructure:"bind_address"` BindPort int `json:"bind_port" hcl:"bind_port" mapstructure:"bind_port"` // LocalServiceAddress is the host:port for the proxied application. This // should be on loopback or otherwise protected as it's plain TCP. LocalServiceAddress string `json:"local_service_address" hcl:"local_service_address" mapstructure:"local_service_address"` // LocalConnectTimeout is the timeout for establishing connections with the // local backend. Defaults to 1000 (1s). LocalConnectTimeoutMs int `json:"local_connect_timeout_ms" hcl:"local_connect_timeout_ms" mapstructure:"local_connect_timeout_ms"` // HandshakeTimeout is the timeout for incoming mTLS clients to complete a // handshake. Setting this low avoids DOS by malicious clients holding // resources open. Defaults to 10000 (10s). HandshakeTimeoutMs int `json:"handshake_timeout_ms" hcl:"handshake_timeout_ms" mapstructure:"handshake_timeout_ms"` }
PublicListenerConfig contains the parameters needed for the incoming mTLS listener.
type StaticConfigWatcher ¶
type StaticConfigWatcher struct {
// contains filtered or unexported fields
}
StaticConfigWatcher is a simple ConfigWatcher that delivers a static Config once and then never changes it.
func NewStaticConfigWatcher ¶
func NewStaticConfigWatcher(cfg *Config) *StaticConfigWatcher
NewStaticConfigWatcher returns a ConfigWatcher for a config that never changes. It assumes only one "watcher" will ever call Watch. The config is delivered on the first call but will never be delivered again to allow callers to call repeatedly (e.g. select in a loop).
func (*StaticConfigWatcher) Watch ¶
func (sc *StaticConfigWatcher) Watch() <-chan *Config
Watch implements ConfigWatcher on a static configuration for compatibility. It returns itself on the channel once and then leaves it open.
type TestTCPServer ¶
type TestTCPServer struct {
// contains filtered or unexported fields
}
TestTCPServer is a simple TCP echo server for use during tests.
func NewTestTCPServer ¶
func NewTestTCPServer(t testing.T) *TestTCPServer
NewTestTCPServer opens as a listening socket on the given address and returns a TestTCPServer serving requests to it. The server is already started and can be stopped by calling Close().
func (*TestTCPServer) Addr ¶
func (s *TestTCPServer) Addr() net.Addr
Addr returns the address that this server is listening on.
type UpstreamConfig ¶
type UpstreamConfig struct { // LocalAddress is the host/ip to listen on for local app connections. Defaults to 127.0.0.1. LocalBindAddress string `json:"local_bind_address" hcl:"local_bind_address,attr" mapstructure:"local_bind_address"` LocalBindPort int `json:"local_bind_port" hcl:"local_bind_port,attr" mapstructure:"local_bind_port"` // DestinationName is the service name of the destination. DestinationName string `json:"destination_name" hcl:"destination_name,attr" mapstructure:"destination_name"` // DestinationNamespace is the namespace of the destination. DestinationNamespace string `json:"destination_namespace" hcl:"destination_namespace,attr" mapstructure:"destination_namespace"` // DestinationType determines which service discovery method is used to find a // candidate instance to connect to. DestinationType string `json:"destination_type" hcl:"destination_type,attr" mapstructure:"destination_type"` // DestinationDatacenter is the datacenter the destination is in. If empty, // defaults to discovery within the same datacenter. DestinationDatacenter string `json:"destination_datacenter" hcl:"destination_datacenter,attr" mapstructure:"destination_datacenter"` // ConnectTimeout is the timeout for establishing connections with the remote // service instance. Defaults to 10,000 (10s). ConnectTimeoutMs int `json:"connect_timeout_ms" hcl:"connect_timeout_ms,attr" mapstructure:"connect_timeout_ms"` // contains filtered or unexported fields }
UpstreamConfig configures an upstream (outgoing) listener.
func (*UpstreamConfig) String ¶
func (uc *UpstreamConfig) String() string
String returns a string that uniquely identifies the Upstream. Used for identifying the upstream in log output and map keys.