proxycfgglue

package
v1.16.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 29, 2024 License: MPL-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CacheCARoots

func CacheCARoots(c *cache.Cache) proxycfg.CARoots

CacheCARoots satisfies the proxycfg.CARoots interface by sourcing data from the agent cache.

Note: there isn't a server-local equivalent of this data source because "agentless" proxies obtain certificates via SDS served by consul-dataplane. If SDS is not supported on consul-dataplane, data is sourced from the server agent cache even for "agentless" proxies.

func CacheCompiledDiscoveryChain

func CacheCompiledDiscoveryChain(c *cache.Cache) proxycfg.CompiledDiscoveryChain

CacheCompiledDiscoveryChain satisfies the proxycfg.CompiledDiscoveryChain interface by sourcing data from the agent cache.

func CacheConfigEntry

func CacheConfigEntry(c *cache.Cache) proxycfg.ConfigEntry

CacheConfigEntry satisfies the proxycfg.ConfigEntry interface by sourcing data from the agent cache.

func CacheConfigEntryList

func CacheConfigEntryList(c *cache.Cache) proxycfg.ConfigEntryList

CacheConfigEntryList satisfies the proxycfg.ConfigEntryList interface by sourcing data from the agent cache.

func CacheDatacenters

func CacheDatacenters(c *cache.Cache) proxycfg.Datacenters

CacheDatacenters satisfies the proxycfg.Datacenters interface by sourcing data from the agent cache.

Note: there isn't a server-local equivalent of this data source because it relies on polling (so a more efficient method isn't available).

func CacheExportedPeeredServices

func CacheExportedPeeredServices(c *cache.Cache) proxycfg.ExportedPeeredServices

CacheExportedPeeredServices satisfies the proxycfg.ExportedPeeredServices interface by sourcing data from the agent cache.

func CacheFederationStateListMeshGateways

func CacheFederationStateListMeshGateways(c *cache.Cache) proxycfg.FederationStateListMeshGateways

CacheFederationStateListMeshGateways satisfies the proxycfg.FederationStateListMeshGateways interface by sourcing data from the agent cache.

func CacheGatewayServices

func CacheGatewayServices(c *cache.Cache) proxycfg.GatewayServices

CacheGatewayServices satisfies the proxycfg.GatewayServices interface by sourcing data from the agent cache.

func CacheHTTPChecks

func CacheHTTPChecks(c *cache.Cache) proxycfg.HTTPChecks

CacheHTTPChecks satisifies the proxycfg.HTTPChecks interface by sourcing data from the agent cache.

func CacheIntentionUpstreams

func CacheIntentionUpstreams(c *cache.Cache) proxycfg.IntentionUpstreams

CacheIntentionUpstreams satisfies the proxycfg.IntentionUpstreams interface by sourcing upstreams for the given service, inferred from intentions, from the agent cache.

func CacheIntentionUpstreamsDestination

func CacheIntentionUpstreamsDestination(c *cache.Cache) proxycfg.IntentionUpstreams

CacheIntentionUpstreamsDestination satisfies the proxycfg.IntentionUpstreams interface by sourcing upstreams for the given destination, inferred from intentions, from the agent cache.

func CacheIntentions

func CacheIntentions(c *cache.Cache) proxycfg.Intentions

CacheIntentions satisfies the proxycfg.Intentions interface by sourcing data from the agent cache.

func CacheInternalServiceDump

func CacheInternalServiceDump(c *cache.Cache) proxycfg.InternalServiceDump

CacheInternalServiceDump satisfies the proxycfg.InternalServiceDump interface by sourcing data from the agent cache.

func CachePeeredUpstreams

func CachePeeredUpstreams(c *cache.Cache) proxycfg.PeeredUpstreams

CachePeeredUpstreams satisfies the proxycfg.PeeredUpstreams interface by sourcing data from the agent cache.

func CachePeeringList

func CachePeeringList(c *cache.Cache) proxycfg.PeeringList

CachePeeringList satisfies the proxycfg.PeeringList interface by sourcing data from the agent cache.

func CachePrepraredQuery

func CachePrepraredQuery(c *cache.Cache) proxycfg.PreparedQuery

CachePrepraredQuery satisfies the proxycfg.PreparedQuery interface by sourcing data from the agent cache.

Note: there isn't a server-local equivalent of this data source because it relies on polling (so a more efficient method isn't available).

func CacheResolvedServiceConfig

func CacheResolvedServiceConfig(c *cache.Cache) proxycfg.ResolvedServiceConfig

CacheResolvedServiceConfig satisfies the proxycfg.ResolvedServiceConfig interface by sourcing data from the agent cache.

func CacheServiceGateways

func CacheServiceGateways(c *cache.Cache) proxycfg.GatewayServices

CacheServiceGateways satisfies the proxycfg.ServiceGateways interface by sourcing data from the agent cache.

func CacheServiceList

func CacheServiceList(c *cache.Cache) proxycfg.ServiceList

CacheServiceList satisfies the proxycfg.ServiceList interface by sourcing data from the agent cache.

func CacheTrustBundle

func CacheTrustBundle(c *cache.Cache) proxycfg.TrustBundle

CacheTrustBundle satisfies the proxycfg.TrustBundle interface by sourcing data from the agent cache.

func CacheTrustBundleList

func CacheTrustBundleList(c *cache.Cache) proxycfg.TrustBundleList

CacheTrustBundleList satisfies the proxycfg.TrustBundleList interface by sourcing data from the agent cache.

func ClientHealth

func ClientHealth(client *health.Client) proxycfg.Health

ClientHealth satisfies the proxycfg.Health interface by sourcing data from the given health.Client.

func LocalLeafCerts

func LocalLeafCerts(m *leafcert.Manager) proxycfg.LeafCertificate

LocalLeafCerts satisfies the proxycfg.LeafCertificate interface by sourcing data from the given leafcert.Manager.

func ServerCompiledDiscoveryChain

func ServerCompiledDiscoveryChain(deps ServerDataSourceDeps, remoteSource proxycfg.CompiledDiscoveryChain) proxycfg.CompiledDiscoveryChain

ServerCompiledDiscoveryChain satisfies the proxycfg.CompiledDiscoveryChain interface by sourcing data from a blocking query against the server's state store.

Requests for services in remote datacenters will be delegated to the given remoteSource (i.e. CacheCompiledDiscoveryChain).

func ServerConfigEntry

func ServerConfigEntry(deps ServerDataSourceDeps) proxycfg.ConfigEntry

ServerConfigEntry satisfies the proxycfg.ConfigEntry interface by sourcing data from a local materialized view (backed by an EventPublisher subscription).

func ServerConfigEntryList

func ServerConfigEntryList(deps ServerDataSourceDeps) proxycfg.ConfigEntryList

ServerConfigEntryList satisfies the proxycfg.ConfigEntry interface by sourcing data from a local materialized view (backed by an EventPublisher subscription).

func ServerExportedPeeredServices

func ServerExportedPeeredServices(deps ServerDataSourceDeps) proxycfg.ExportedPeeredServices

ServerExportedPeeredServices satisifies the proxycfg.ExportedPeeredServices interface by sourcing data from a blocking query against the server's state store.

func ServerFederationStateListMeshGateways

func ServerFederationStateListMeshGateways(deps ServerDataSourceDeps) proxycfg.FederationStateListMeshGateways

ServerFederationStateListMeshGateways satisfies the proxycfg.FederationStateListMeshGateways interface by sourcing data from a blocking query against the server's state store.

func ServerGatewayServices

func ServerGatewayServices(deps ServerDataSourceDeps) proxycfg.GatewayServices

ServerGatewayServices satisfies the proxycfg.GatewayServices interface by sourcing data from a blocking query against the server's state store.

func ServerHTTPChecks

func ServerHTTPChecks(deps ServerDataSourceDeps, nodeName string, cacheSource proxycfg.HTTPChecks, localState *local.State) proxycfg.HTTPChecks

ServerHTTPChecks satisifies the proxycfg.HTTPChecks interface. It sources data from the server agent cache if the service exists in the local state, else it is a no-op since the checks can only be performed by local agents.

func ServerHealth

func ServerHealth(deps ServerDataSourceDeps, remoteSource proxycfg.Health) proxycfg.Health

ServerHealth satisfies the proxycfg.Health interface by sourcing data from a local materialized view (backed by an EventPublisher subscription).

Requests for services in remote datacenters will be delegated to the given remoteSource (i.e. ClientHealth).

func ServerHealthBlocking

func ServerHealthBlocking(deps ServerDataSourceDeps, remoteSource proxycfg.Health) *serverHealthBlocking

ServerHealthBlocking exists due to a bug with the streaming backend and its interaction with ACLs. Whenever an exported-services config entry is modified, this is effectively an ACL change. Assume the following situation:

  • no services are exported
  • an upstream watch to service X is spawned
  • the streaming backend filters out data for service X (because it's not exported yet)
  • service X is finally exported

In this situation, the streaming backend does not trigger a refresh of its data. This means that any events that were supposed to have been received prior to the export are NOT backfilled, and the watches never see service X spawning.

We currently have decided to not trigger a stream refresh in this situation due to the potential for a thundering herd effect (touching exports would cause a re-fetch of all watches for that partition, potentially). Therefore, this local blocking-query approach exists for agentless.

It's also worth noting that the streaming subscription is currently bypassed most of the time with agentful, because proxycfg has a `req.Source.Node != ""` which prevents the `streamingEnabled` check from passing. This means that while agents should technically have this same issue, they don't experience it with mesh health watches.

func ServerIntentionUpstreams

func ServerIntentionUpstreams(deps ServerDataSourceDeps) proxycfg.IntentionUpstreams

ServerIntentionUpstreams satisfies the proxycfg.IntentionUpstreams interface by sourcing upstreams for the given service, inferred from intentions, from the server's state store.

func ServerIntentionUpstreamsDestination

func ServerIntentionUpstreamsDestination(deps ServerDataSourceDeps) proxycfg.IntentionUpstreams

ServerIntentionUpstreamsDestination satisfies the proxycfg.IntentionUpstreams interface by sourcing upstreams for the given destination, inferred from intentions, from the server's state store.

func ServerIntentions

func ServerIntentions(deps ServerDataSourceDeps) proxycfg.Intentions

ServerIntentions satisfies the proxycfg.Intentions interface by sourcing data from local materialized views (backed by EventPublisher subscriptions).

func ServerInternalServiceDump

func ServerInternalServiceDump(deps ServerDataSourceDeps, remoteSource proxycfg.InternalServiceDump) proxycfg.InternalServiceDump

ServerInternalServiceDump satisfies the proxycfg.InternalServiceDump interface by sourcing data from a blocking query against the server's state store.

func ServerPeeredUpstreams

func ServerPeeredUpstreams(deps ServerDataSourceDeps) proxycfg.PeeredUpstreams

ServerPeeredUpstreams satisfies the proxycfg.PeeredUpstreams interface by sourcing data from a blocking query against the server's state store.

func ServerPeeringList

func ServerPeeringList(deps ServerDataSourceDeps) proxycfg.PeeringList

ServerPeeringList satisfies the proxycfg.PeeringList interface by sourcing data from a blocking query against the server's state store.

func ServerResolvedServiceConfig

func ServerResolvedServiceConfig(deps ServerDataSourceDeps, remoteSource proxycfg.ResolvedServiceConfig) proxycfg.ResolvedServiceConfig

ServerResolvedServiceConfig satisfies the proxycfg.ResolvedServiceConfig interface by sourcing data from a blocking query against the server's state store.

func ServerServiceList

func ServerServiceList(deps ServerDataSourceDeps, remoteSource proxycfg.ServiceList) proxycfg.ServiceList

func ServerTrustBundle

func ServerTrustBundle(deps ServerDataSourceDeps) proxycfg.TrustBundle

ServerTrustBundle satisfies the proxycfg.TrustBundle interface by sourcing data from a blocking query against the server's state store.

func ServerTrustBundleList

func ServerTrustBundleList(deps ServerDataSourceDeps) proxycfg.TrustBundleList

ServerTrustBundleList satisfies the proxycfg.TrustBundle interface by sourcing data from a blocking query against the server's state store.

Types

type ServerDataSourceDeps

type ServerDataSourceDeps struct {
	Datacenter     string
	ViewStore      *submatview.Store
	EventPublisher *stream.EventPublisher
	Logger         hclog.Logger
	ACLResolver    submatview.ACLResolver
	GetStore       func() Store
}

ServerDataSourceDeps contains the dependencies needed for sourcing data from server-local sources (e.g. materialized views).

type Store

type Store interface {
	watch.StateStore

	ExportedServicesForAllPeersByName(ws memdb.WatchSet, dc string, entMeta acl.EnterpriseMeta) (uint64, map[string]structs.ServiceList, error)
	FederationStateList(ws memdb.WatchSet) (uint64, []*structs.FederationState, error)
	GatewayServices(ws memdb.WatchSet, gateway string, entMeta *acl.EnterpriseMeta) (uint64, structs.GatewayServices, error)
	IntentionMatchOne(ws memdb.WatchSet, entry structs.IntentionMatchEntry, matchType structs.IntentionMatchType, destinationType structs.IntentionTargetType) (uint64, structs.SimplifiedIntentions, error)
	IntentionTopology(ws memdb.WatchSet, target structs.ServiceName, downstreams bool, defaultDecision acl.EnforcementDecision, intentionTarget structs.IntentionTargetType) (uint64, structs.ServiceList, error)
	ReadResolvedServiceConfigEntries(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, upstreamIDs []structs.ServiceID, proxyMode structs.ProxyMode) (uint64, *configentry.ResolvedServiceConfigSet, error)
	ServiceDiscoveryChain(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, req discoverychain.CompileRequest) (uint64, *structs.CompiledDiscoveryChain, *configentry.DiscoveryChainSet, error)
	ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind bool, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error)
	PeeringList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.Peering, error)
	PeeringTrustBundleRead(ws memdb.WatchSet, q state.Query) (uint64, *pbpeering.PeeringTrustBundle, error)
	PeeringTrustBundleList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error)
	TrustBundleListByService(ws memdb.WatchSet, service, dc string, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error)
	VirtualIPsForAllImportedServices(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []state.ServiceVirtualIP, error)
	CheckConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error)
	CheckIngressServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error)
	CheckServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error)
}

Store is the state store interface required for server-local data sources.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL