consul

package
v1.16.109 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 14, 2023 License: MPL-2.0 Imports: 135 Imported by: 0

Documentation

Overview

The snapshot endpoint is a special non-RPC endpoint that supports streaming for taking and restoring snapshots for disaster recovery. This gets wired directly into Consul's stream handler, and a new TCP connection is made for each request.

This also includes a SnapshotRPC() function, which acts as a lightweight client that knows the details of the stream protocol.

Index

Constants

View Source 
const (
	DefaultDC          = "dc1"
	DefaultRPCPort     = 8300
	DefaultLANSerfPort = 8301
	DefaultWANSerfPort = 8302

	// DefaultRaftMultiplier is used as a baseline Raft configuration that
	// will be reliable on a very basic server. See docs/install/performance.html
	// for information on how this value was obtained.
	DefaultRaftMultiplier uint = 5

	// MaxRaftMultiplier is a fairly arbitrary upper bound that limits the
	// amount of performance detuning that's possible.
	MaxRaftMultiplier uint = 10

	// LogStoreBackend* are well-known string values used to configure different
	// log store backends.
	LogStoreBackendBoltDB = "boltdb"
	LogStoreBackendWAL    = "wal"
)
View Source 
const (
	DefaultRPCProtocol = 2

	ProtocolVersionMin uint8 = 2

	// Version 3 added support for network coordinates but we kept the
	// default protocol version at 2 to ease the transition to this new
	// feature. A Consul agent speaking version 2 of the protocol will
	// attempt to send its coordinates to a server who understands version
	// 3 or greater.
	ProtocolVersion2Compatible = 2

	ProtocolVersionMax = 3
)

These are the protocol versions that Consul can _understand_. These are Consul-level protocol versions, that are used to configure the Serf protocol versions.

View Source 
const (
	PoolKindPartition = "partition"
	PoolKindSegment   = "segment"
)
View Source 
const (
	LeaderTransferMinVersion = "1.6.0"
)
View Source 
const MaximumManualVIPsPerService = 8
View Source 
const ServerMetadataFile = "server_metadata.json"

ServerMetadataFile is the name of the file on disk that server metadata should be written to.

View Source 
const (
	// StatusReap is used to update the status of a node if we
	// are handling a EventMemberReap
	StatusReap = serf.MemberStatus(-1)
)

Variables

View Source 
var (
	// Err strings. net/rpc doesn't have a way to transport typed/rich errors so
	// we currently rely on sniffing the error string in a few cases where we need
	// to change client behavior. These are the canonical error strings to use.
	// Note though that client code can't use `err == consul.Err*` directly since
	// the error returned by RPC will be a plain error.errorString created by
	// net/rpc client so will not be the same _instance_ that this package
	// variable points to. Clients need to compare using `err.Error() ==
	// consul.ErrRateLimited.Error()` which is very sad. Short of replacing our
	// RPC mechanism it's hard to know how to make that much better though.
	ErrConnectNotEnabled    = errors.New("Connect must be enabled in order to use this endpoint")
	ErrRateLimited          = errors.New("Rate limit reached, try again later") // Note: we depend on this error message in the gRPC ConnectCA.Sign endpoint (see: isRateLimitError).
	ErrNotPrimaryDatacenter = errors.New("not the primary datacenter")
	ErrStateReadOnly        = errors.New("CA Provider State is read-only")
)
View Source 
var ACLCounters = []prometheus.CounterDefinition{
	{
		Name: []string{"acl", "token", "cache_hit"},
		Help: "Increments if Consul is able to resolve a token's identity, or a legacy token, from the cache.",
	},
	{
		Name: []string{"acl", "token", "cache_miss"},
		Help: "Increments if Consul cannot resolve a token's identity, or a legacy token, from the cache.",
	},
}
View Source 
var ACLEndpointSummaries = []prometheus.SummaryDefinition{
	{
		Name: []string{"acl", "token", "clone"},
		Help: "",
	},
	{
		Name: []string{"acl", "token", "upsert"},
		Help: "",
	},
	{
		Name: []string{"acl", "token", "delete"},
		Help: "",
	},
	{
		Name: []string{"acl", "policy", "upsert"},
		Help: "",
	},
	{
		Name: []string{"acl", "policy", "delete"},
		Help: "",
	},
	{
		Name: []string{"acl", "policy", "delete"},
		Help: "",
	},
	{
		Name: []string{"acl", "role", "upsert"},
		Help: "",
	},
	{
		Name: []string{"acl", "role", "delete"},
		Help: "",
	},
	{
		Name: []string{"acl", "bindingrule", "upsert"},
		Help: "",
	},
	{
		Name: []string{"acl", "bindingrule", "delete"},
		Help: "",
	},
	{
		Name: []string{"acl", "authmethod", "upsert"},
		Help: "",
	},
	{
		Name: []string{"acl", "authmethod", "delete"},
		Help: "",
	},
	{
		Name: []string{"acl", "login"},
		Help: "",
	},
	{
		Name: []string{"acl", "login"},
		Help: "",
	},
	{
		Name: []string{"acl", "logout"},
		Help: "",
	},
	{
		Name: []string{"acl", "logout"},
		Help: "",
	},
}
View Source 
var ACLSummaries = []prometheus.SummaryDefinition{
	{
		Name: []string{"acl", "ResolveToken"},
		Help: "This measures the time it takes to resolve an ACL token.",
	},
}
View Source 
var AutopilotGauges = []prometheus.GaugeDefinition{
	{
		Name: []string{"autopilot", "failure_tolerance"},
		Help: "Tracks the number of voting servers that the cluster can lose while continuing to function.",
	},
	{
		Name: []string{"autopilot", "healthy"},
		Help: "Tracks the overall health of the local server cluster. 1 if all servers are healthy, 0 if one or more are unhealthy.",
	},
}
View Source 
var CatalogCounters = []prometheus.CounterDefinition{
	{
		Name: []string{"catalog", "service", "query"},
		Help: "Increments for each catalog query for the given service.",
	},
	{
		Name: []string{"catalog", "connect", "query"},
		Help: "Increments for each connect-based catalog query for the given service.",
	},
	{
		Name: []string{"catalog", "service", "query-tag"},
		Help: "Increments for each catalog query for the given service with the given tag.",
	},
	{
		Name: []string{"catalog", "connect", "query-tag"},
		Help: "Increments for each connect-based catalog query for the given service with the given tag.",
	},
	{
		Name: []string{"catalog", "service", "query-tags"},
		Help: "Increments for each catalog query for the given service with the given tags.",
	},
	{
		Name: []string{"catalog", "connect", "query-tags"},
		Help: "Increments for each connect-based catalog query for the given service with the given tags.",
	},
	{
		Name: []string{"catalog", "service", "not-found"},
		Help: "Increments for each catalog query where the given service could not be found.",
	},
	{
		Name: []string{"catalog", "connect", "not-found"},
		Help: "Increments for each connect-based catalog query where the given service could not be found.",
	},
}
View Source 
var CatalogSummaries = []prometheus.SummaryDefinition{
	{
		Name: []string{"catalog", "deregister"},
		Help: "Measures the time it takes to complete a catalog deregister operation.",
	},
	{
		Name: []string{"catalog", "register"},
		Help: "Measures the time it takes to complete a catalog register operation.",
	},
}
View Source 
var ClientCounters = []prometheus.CounterDefinition{
	{
		Name: []string{"client", "rpc"},
		Help: "Increments whenever a Consul agent makes an RPC request to a Consul server.",
	},
	{
		Name: []string{"client", "rpc", "exceeded"},
		Help: "Increments whenever a Consul agent makes an RPC request to a Consul server gets rate limited by that agent's limits configuration.",
	},
	{
		Name: []string{"client", "rpc", "failed"},
		Help: "Increments whenever a Consul agent makes an RPC request to a Consul server and fails.",
	},
}
View Source 
var ConfigSummaries = []prometheus.SummaryDefinition{
	{
		Name: []string{"config_entry", "apply"},
		Help: "",
	},
	{
		Name: []string{"config_entry", "get"},
		Help: "",
	},
	{
		Name: []string{"config_entry", "list"},
		Help: "",
	},
	{
		Name: []string{"config_entry", "listAll"},
		Help: "",
	},
	{
		Name: []string{"config_entry", "delete"},
		Help: "",
	},
	{
		Name: []string{"config_entry", "resolve_service_config"},
		Help: "",
	},
}
View Source 
var (
	DefaultRPCAddr = &net.TCPAddr{IP: net.ParseIP("0.0.0.0"), Port: DefaultRPCPort}
)
View Source 
var (
	ErrAutoEncryptAllowTLSNotEnabled = errors.New("AutoEncrypt.AllowTLS must be enabled in order to use this endpoint")
)
View Source 
var ErrChunkingResubmit = errors.New("please resubmit call for rechunking")
View Source 
var (
	// ErrIntentionNotFound is returned if the intention lookup failed.
	ErrIntentionNotFound = errors.New("Intention not found")
)
View Source 
var ErrIntentionsNotUpgradedYet = errors.New("Intentions are read only while being upgraded to config entries")
View Source 
var (
	ErrWANFederationDisabled = fmt.Errorf("WAN Federation is disabled")
)
View Source 
var FederationStateSummaries = []prometheus.SummaryDefinition{
	{
		Name: []string{"federation_state", "apply"},
		Help: "",
	},
	{
		Name: []string{"federation_state", "get"},
		Help: "",
	},
	{
		Name: []string{"federation_state", "list"},
		Help: "",
	},
	{
		Name: []string{"federation_state", "list_mesh_gateways"},
		Help: "",
	},
}
View Source 
var IntentionSummaries = []prometheus.SummaryDefinition{
	{
		Name: []string{"consul", "intention", "apply"},
		Help: "Deprecated - please use intention_apply",
	},
	{
		Name: []string{"intention", "apply"},
		Help: "",
	},
}
View Source 
var InvalidNodeName = invalidSegmentName
View Source 
var KVSummaries = []prometheus.SummaryDefinition{
	{
		Name: []string{"kvs", "apply"},
		Help: "Measures the time it takes to complete an update to the KV store.",
	},
}
View Source 
var LeaderCertExpirationGauges = []prometheus.GaugeDefinition{
	{
		Name: metricsKeyMeshRootCAExpiry,
		Help: "Seconds until the service mesh root certificate expires. Updated every hour",
	},
	{
		Name: metricsKeyMeshActiveSigningCAExpiry,
		Help: "Seconds until the service mesh signing certificate expires. Updated every hour",
	},
}
View Source 
var LeaderPeeringMetrics = []prometheus.GaugeDefinition{
	{
		Name: leaderExportedServicesCountKeyDeprecated,
		Help: fmt.Sprint("Deprecated - please use ", strings.Join(leaderExportedServicesCountKey, "_")),
	},
	{
		Name: leaderExportedServicesCountKey,
		Help: "A gauge that tracks how many services are exported for the peering. " +
			"The labels are \"peer_name\", \"peer_id\" and, for enterprise, \"partition\". " +
			"We emit this metric every 9 seconds",
	},
	{
		Name: leaderHealthyPeeringKeyDeprecated,
		Help: fmt.Sprint("Deprecated - please use ", strings.Join(leaderExportedServicesCountKey, "_")),
	},
	{
		Name: leaderHealthyPeeringKey,
		Help: "A gauge that tracks how if a peering is healthy (1) or not (0). " +
			"The labels are \"peer_name\", \"peer_id\" and, for enterprise, \"partition\". " +
			"We emit this metric every 9 seconds",
	},
}
View Source 
var LeaderSummaries = []prometheus.SummaryDefinition{
	{
		Name: []string{"leader", "barrier"},
		Help: "Measures the time spent waiting for the raft barrier upon gaining leadership.",
	},
	{
		Name: []string{"leader", "reconcileMember"},
		Help: "Measures the time spent updating the raft store for a single serf member's information.",
	},
	{
		Name: []string{"leader", "reapTombstones"},
		Help: "Measures the time spent clearing tombstones.",
	},
}
View Source 
var PreparedQuerySummaries = []prometheus.SummaryDefinition{
	{
		Name: []string{"prepared-query", "apply"},
		Help: "Measures the time it takes to apply a prepared query update.",
	},
	{
		Name: []string{"prepared-query", "explain"},
		Help: "Measures the time it takes to process a prepared query explain request.",
	},
	{
		Name: []string{"prepared-query", "execute"},
		Help: "Measures the time it takes to process a prepared query execute request.",
	},
	{
		Name: []string{"prepared-query", "execute_remote"},
		Help: "Measures the time it takes to process a prepared query execute request that was forwarded to another datacenter.",
	},
}
View Source 
var RPCCounters = []prometheus.CounterDefinition{
	{
		Name: []string{"rpc", "accept_conn"},
		Help: "Increments when a server accepts an RPC connection.",
	},
	{
		Name: []string{"rpc", "raft_handoff"},
		Help: "Increments when a server accepts a Raft-related RPC connection.",
	},
	{
		Name: []string{"rpc", "request_error"},
		Help: "Increments when a server returns an error from an RPC request.",
	},
	{
		Name: []string{"rpc", "request"},
		Help: "Increments when a server receives a Consul-related RPC request.",
	},
	{
		Name: []string{"rpc", "cross-dc"},
		Help: "Increments when a server sends a (potentially blocking) cross datacenter RPC query.",
	},
	{
		Name: []string{"rpc", "query"},
		Help: "Increments when a server receives a read request, indicating the rate of new read queries.",
	},
}
View Source 
var RPCGauges = []prometheus.GaugeDefinition{
	{
		Name: []string{"rpc", "queries_blocking"},
		Help: "Shows the current number of in-flight blocking queries the server is handling.",
	},
}
View Source 
var RPCSummaries = []prometheus.SummaryDefinition{
	{
		Name: []string{"rpc", "consistentRead"},
		Help: "Measures the time spent confirming that a consistent read can be performed.",
	},
}
View Source 
var ReplicationGauges = []prometheus.GaugeDefinition{
	{
		Name: []string{"leader", "replication", "acl-policies", "status"},
		Help: "Tracks the current health of ACL policy replication on the leader",
	},
	{
		Name: []string{"leader", "replication", "acl-policies", "index"},
		Help: "Tracks the index of ACL policies in the primary that the secondary has successfully replicated",
	},
	{
		Name: []string{"leader", "replication", "acl-tokens", "status"},
		Help: "Tracks the current health of ACL token replication on the leader",
	},
	{
		Name: []string{"leader", "replication", "acl-tokens", "index"},
		Help: "Tracks the index of ACL tokens in the primary that the secondary has successfully replicated",
	},
	{
		Name: []string{"leader", "replication", "acl-roles", "status"},
		Help: "Tracks the current health of ACL role replication on the leader",
	},
	{
		Name: []string{"leader", "replication", "acl-roles", "index"},
		Help: "Tracks the index of ACL roles in the primary that the secondary has successfully replicated",
	},
	{
		Name: []string{"leader", "replication", "config-entries", "status"},
		Help: "Tracks the current health of config entry replication on the leader",
	},
	{
		Name: []string{"leader", "replication", "config-entries", "index"},
		Help: "Tracks the index of config entries in the primary that the secondary has successfully replicated",
	},
	{
		Name: []string{"leader", "replication", "federation-state", "status"},
		Help: "Tracks the current health of federation state replication on the leader",
	},
	{
		Name: []string{"leader", "replication", "federation-state", "index"},
		Help: "Tracks the index of federation states in the primary that the secondary has successfully replicated",
	},
	{
		Name: []string{"leader", "replication", "namespaces", "status"},
		Help: "Tracks the current health of federation state replication on the leader",
	},
	{
		Name: []string{"leader", "replication", "namespaces", "index"},
		Help: "Tracks the index of federation states in the primary that the secondary has successfully replicated",
	},
}
View Source 
var SegmentOSSSummaries = []prometheus.SummaryDefinition{
	{
		Name: []string{"leader", "reconcile"},
		Help: "Measures the time spent updating the raft store from the serf member information.",
	},
}
View Source 
var SessionEndpointSummaries = []prometheus.SummaryDefinition{
	{
		Name: []string{"session", "apply"},
		Help: "Measures the time spent applying a session update.",
	},
	{
		Name: []string{"session", "renew"},
		Help: "Measures the time spent renewing a session.",
	},
}
View Source 
var SessionGauges = []prometheus.GaugeDefinition{
	{
		Name: []string{"session_ttl", "active"},
		Help: "Tracks the active number of sessions being tracked.",
	},
	{
		Name: []string{"raft", "applied_index"},
		Help: "Represents the raft applied index.",
	},
	{
		Name: []string{"raft", "last_index"},
		Help: "Represents the raft last index.",
	},
}
View Source 
var SessionSummaries = []prometheus.SummaryDefinition{
	{
		Name: []string{"session_ttl", "invalidate"},
		Help: "Measures the time spent invalidating an expired session.",
	},
}
View Source 
var TxnSummaries = []prometheus.SummaryDefinition{
	{
		Name: []string{"txn", "apply"},
		Help: "Measures the time spent applying a transaction operation.",
	},
	{
		Name: []string{"txn", "read"},
		Help: "Measures the time spent returning a read transaction.",
	},
}

Functions

func CanServersUnderstandProtocol 

func CanServersUnderstandProtocol(members []serf.Member, version uint8) (bool, error)

CanServersUnderstandProtocol checks to see if all the servers in the given list understand the given protocol version. If there are no servers in the list then this will return false.

func CloneSerfLANConfig added in v1.16.100 

func CloneSerfLANConfig(base *serf.Config) *serf.Config

CloneSerfLANConfig clones an existing serf.Config used on the LAN by reconstructing it from defaults and re-applying changes made in the agent configs.

This function is tricky to keep from rotting so we enforce that it MUST work by cloning our own serf LAN configuration on startup and only using the cloned one so any configs we need to change have to be changed here for them to work at all.

func ConfiguredIncomingRPCLimiter added in v1.16.100 

func ConfiguredIncomingRPCLimiter(ctx context.Context, serverLogger hclog.InterceptLogger, consulCfg *Config) *rpcRate.Handler

func ContextWithRemoteAddr added in v1.16.100 

func ContextWithRemoteAddr(ctx context.Context, addr net.Addr) context.Context

func FilterDirEnt 

func FilterDirEnt(authorizer acl.Authorizer, ent structs.DirEntries) structs.DirEntries

FilterDirEnt is used to filter a list of directory entries by applying an ACL policy

func FilterEntries 

func FilterEntries(f Filter) int

FilterEntries is used to do an inplace filter of a slice. This has cost proportional to the list length.

func FilterTxnResults 

func FilterTxnResults(authorizer acl.Authorizer, results structs.TxnResults) structs.TxnResults

FilterTxnResults is used to filter a list of transaction results by applying an ACL policy.

func IsACLRemoteError added in v1.4.0 

func IsACLRemoteError(err error) bool

func OpenServerMetadata added in v1.16.100 

func OpenServerMetadata(filename string) (io.WriteCloser, error)

OpenServerMetadata is a helper function for opening the server metadata file with the correct permissions.

func RemoteAddrFromContext added in v1.16.100 

func RemoteAddrFromContext(ctx context.Context) (net.Addr, bool)

func ServersInDCMeetMinimumVersion added in v1.16.100 

func ServersInDCMeetMinimumVersion(provider checkServersProvider, datacenter string, minVersion *version.Version) (ok bool, found bool)

ServersInDCMeetMinimumVersion returns whether the given alive servers from a particular datacenter are at least on the given Consul version. This also returns whether any alive or failed servers are known in that datacenter (ignoring left and leaving ones)

func ServersInDCMeetRequirements added in v1.16.100 

func ServersInDCMeetRequirements(provider checkServersProvider, datacenter string, meetsRequirements serverRequirementFn) (ok bool, found bool)

ServersInDCMeetRequirements returns whether the given server members meet the requirements as defined by the callback function and whether at least one server remains unfiltered by the requirements function.

func SnapshotRPC 

func SnapshotRPC(
	connPool *pool.ConnPool,
	dc string,
	nodeName string,
	addr net.Addr,
	args *structs.SnapshotRequest,
	in io.Reader,
	reply *structs.SnapshotResponse,
) (io.ReadCloser, error)

SnapshotRPC is a streaming client function for performing a snapshot RPC request to a remote server. It will create a fresh connection for each request, send the request header, and then stream in any data from the reader (for a restore). It will then parse the received response header, and if there's no error will return an io.ReadCloser (that you must close) with the streaming output (for a snapshot). If the reply contains an error, this will always return an error as well, so you don't need to check the error inside the filled-in reply.

func WriteServerMetadata added in v1.16.100 

func WriteServerMetadata(w io.Writer) error

WriteServerMetadata writes server metadata to a file in JSON format.

Types

type ACL 

type ACL struct {
	// contains filtered or unexported fields
}

ACL endpoint is used to manipulate ACLs

func (*ACL) AuthMethodDelete added in v1.16.100 

func (a *ACL) AuthMethodDelete(args *structs.ACLAuthMethodDeleteRequest, reply *bool) error

func (*ACL) AuthMethodList added in v1.16.100 

func (a *ACL) AuthMethodList(args *structs.ACLAuthMethodListRequest, reply *structs.ACLAuthMethodListResponse) error

func (*ACL) AuthMethodRead added in v1.16.100 

func (a *ACL) AuthMethodRead(args *structs.ACLAuthMethodGetRequest, reply *structs.ACLAuthMethodResponse) error

func (*ACL) AuthMethodSet added in v1.16.100 

func (a *ACL) AuthMethodSet(args *structs.ACLAuthMethodSetRequest, reply *structs.ACLAuthMethod) error

func (*ACL) Authorize added in v1.16.100 

func (a *ACL) Authorize(args *structs.RemoteACLAuthorizationRequest, reply *[]structs.ACLAuthorizationResponse) error

func (*ACL) BindingRuleDelete added in v1.16.100 

func (a *ACL) BindingRuleDelete(args *structs.ACLBindingRuleDeleteRequest, reply *bool) error

func (*ACL) BindingRuleList added in v1.16.100 

func (a *ACL) BindingRuleList(args *structs.ACLBindingRuleListRequest, reply *structs.ACLBindingRuleListResponse) error

func (*ACL) BindingRuleRead added in v1.16.100 

func (a *ACL) BindingRuleRead(args *structs.ACLBindingRuleGetRequest, reply *structs.ACLBindingRuleResponse) error

func (*ACL) BindingRuleSet added in v1.16.100 

func (a *ACL) BindingRuleSet(args *structs.ACLBindingRuleSetRequest, reply *structs.ACLBindingRule) error

func (*ACL) BootstrapTokens added in v1.4.0 

func (a *ACL) BootstrapTokens(args *structs.ACLInitialTokenBootstrapRequest, reply *structs.ACLToken) error

BootstrapTokens is used to perform a one-time ACL bootstrap operation on a cluster to get the first management token.

func (*ACL) Login added in v1.16.100 

func (a *ACL) Login(args *structs.ACLLoginRequest, reply *structs.ACLToken) error

func (*ACL) Logout added in v1.16.100 

func (a *ACL) Logout(args *structs.ACLLogoutRequest, reply *bool) error

func (*ACL) PolicyBatchRead added in v1.4.0 

func (a *ACL) PolicyBatchRead(args *structs.ACLPolicyBatchGetRequest, reply *structs.ACLPolicyBatchResponse) error

func (*ACL) PolicyDelete added in v1.4.0 

func (a *ACL) PolicyDelete(args *structs.ACLPolicyDeleteRequest, reply *string) error

func (*ACL) PolicyList added in v1.4.0 

func (a *ACL) PolicyList(args *structs.ACLPolicyListRequest, reply *structs.ACLPolicyListResponse) error

func (*ACL) PolicyRead added in v1.4.0 

func (a *ACL) PolicyRead(args *structs.ACLPolicyGetRequest, reply *structs.ACLPolicyResponse) error

func (*ACL) PolicyResolve added in v1.4.0 

func (a *ACL) PolicyResolve(args *structs.ACLPolicyBatchGetRequest, reply *structs.ACLPolicyBatchResponse) error

PolicyResolve is used to retrieve a subset of the policies associated with a given token The policy ids in the args simply act as a filter on the policy set assigned to the token

func (*ACL) PolicySet added in v1.4.0 

func (a *ACL) PolicySet(args *structs.ACLPolicySetRequest, reply *structs.ACLPolicy) error

func (*ACL) ReplicationStatus 

func (a *ACL) ReplicationStatus(args *structs.DCSpecificRequest,
	reply *structs.ACLReplicationStatus) error

ReplicationStatus is used to retrieve the current ACL replication status.

func (*ACL) RoleBatchRead added in v1.16.100 

func (a *ACL) RoleBatchRead(args *structs.ACLRoleBatchGetRequest, reply *structs.ACLRoleBatchResponse) error

func (*ACL) RoleDelete added in v1.16.100 

func (a *ACL) RoleDelete(args *structs.ACLRoleDeleteRequest, reply *string) error

func (*ACL) RoleList added in v1.16.100 

func (a *ACL) RoleList(args *structs.ACLRoleListRequest, reply *structs.ACLRoleListResponse) error

func (*ACL) RoleRead added in v1.16.100 

func (a *ACL) RoleRead(args *structs.ACLRoleGetRequest, reply *structs.ACLRoleResponse) error

func (*ACL) RoleResolve added in v1.16.100 

func (a *ACL) RoleResolve(args *structs.ACLRoleBatchGetRequest, reply *structs.ACLRoleBatchResponse) error

RoleResolve is used to retrieve a subset of the roles associated with a given token The role ids in the args simply act as a filter on the role set assigned to the token

func (*ACL) RoleSet added in v1.16.100 

func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) error

func (*ACL) TokenBatchRead added in v1.4.0 

func (a *ACL) TokenBatchRead(args *structs.ACLTokenBatchGetRequest, reply *structs.ACLTokenBatchResponse) error

func (*ACL) TokenClone added in v1.4.0 

func (a *ACL) TokenClone(args *structs.ACLTokenSetRequest, reply *structs.ACLToken) error

func (*ACL) TokenDelete added in v1.4.0 

func (a *ACL) TokenDelete(args *structs.ACLTokenDeleteRequest, reply *string) error

func (*ACL) TokenList added in v1.4.0 

func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTokenListResponse) error

func (*ACL) TokenRead added in v1.4.0 

func (a *ACL) TokenRead(args *structs.ACLTokenGetRequest, reply *structs.ACLTokenResponse) error

func (*ACL) TokenSet added in v1.4.0 

func (a *ACL) TokenSet(args *structs.ACLTokenSetRequest, reply *structs.ACLToken) error

type ACLRemoteError added in v1.4.0 

type ACLRemoteError struct {
	Err error
}

func (ACLRemoteError) Error added in v1.4.0 

func (e ACLRemoteError) Error() string

type ACLResolver added in v1.4.0 

type ACLResolver struct {
	// contains filtered or unexported fields
}

ACLResolver is the type to handle all your token and policy resolution needs.

Supports:

  • Resolving tokens locally via the ACLResolverBackend
  • Resolving policies locally via the ACLResolverBackend
  • Resolving roles locally via the ACLResolverBackend
  • Resolving legacy tokens remotely via an ACL.GetPolicy RPC
  • Resolving tokens remotely via an ACL.TokenRead RPC
  • Resolving policies remotely via an ACL.PolicyResolve RPC
  • Resolving roles remotely via an ACL.RoleResolve RPC

Remote Resolution: 

Remote resolution can be done synchronously or asynchronously depending
on the ACLDownPolicy in the Config passed to the resolver.

When the down policy is set to async-cache and we have already cached values
then go routines will be spawned to perform the RPCs in the background
and then will update the cache with either the positive or negative result.

When the down policy is set to extend-cache or the token/policy/role is not already
cached then the same go routines are spawned to do the RPCs in the background.
However in this mode channels are created to receive the results of the RPC
and are registered with the resolver. Those channels are immediately read/blocked
upon.

func NewACLResolver added in v1.4.0 

func NewACLResolver(config *ACLResolverConfig) (*ACLResolver, error)

func (*ACLResolver) ACLsEnabled added in v1.4.0 

func (r *ACLResolver) ACLsEnabled() bool

func (*ACLResolver) Close added in v1.16.100 

func (r *ACLResolver) Close()

func (*ACLResolver) ResolveToken added in v1.4.0 

func (r *ACLResolver) ResolveToken(tokenSecretID string) (resolver.Result, error)

ResolveToken to an acl.Authorizer and structs.ACLIdentity. The acl.Authorizer can be used to check permissions granted to the token using its secret, and the ACLIdentity describes the token and any defaults applied to it.

func (*ACLResolver) ResolveTokenAndDefaultMeta added in v1.16.100 

func (r *ACLResolver) ResolveTokenAndDefaultMeta(
	tokenSecretID string,
	entMeta *acl.EnterpriseMeta,
	authzContext *acl.AuthorizerContext,
) (resolver.Result, error)

type ACLResolverBackend added in v1.16.100 

type ACLResolverBackend interface {
	ACLDatacenter() string
	ResolveIdentityFromToken(token string) (bool, structs.ACLIdentity, error)
	ResolvePolicyFromID(policyID string) (bool, *structs.ACLPolicy, error)
	ResolveRoleFromID(roleID string) (bool, *structs.ACLRole, error)
	IsServerManagementToken(token string) bool
	// TODO: separate methods for each RPC call (there are 4)
	RPC(ctx context.Context, method string, args interface{}, reply interface{}) error
	EnterpriseACLResolverDelegate
}

type ACLResolverConfig added in v1.4.0 

type ACLResolverConfig struct {
	// TODO: rename this field?
	Config ACLResolverSettings
	Logger hclog.Logger

	// CacheConfig is a pass through configuration for ACL cache limits
	CacheConfig *structs.ACLCachesConfig

	// Backend is used to retrieve data from the state store, or perform RPCs
	// to fetch data from other Datacenters.
	Backend ACLResolverBackend

	// DisableDuration is the length of time to leave ACLs disabled when an RPC
	// request to a server indicates that the ACL system is disabled. If set to
	// 0 then ACLs will not be disabled locally. This value is always set to 0 on
	// Servers.
	DisableDuration time.Duration

	// ACLConfig is the configuration necessary to pass through to the acl package when creating authorizers
	// and when authorizing access
	ACLConfig *acl.Config

	// Tokens is the token store of locally managed tokens
	Tokens *token.Store
}

ACLResolverConfig holds all the configuration necessary to create an ACLResolver

type ACLResolverSettings added in v1.16.100 

type ACLResolverSettings struct {
	ACLsEnabled    bool
	Datacenter     string
	NodeName       string
	EnterpriseMeta acl.EnterpriseMeta

	// ACLPolicyTTL is used to control the time-to-live of cached ACL policies. This has
	// a major impact on performance. By default, it is set to 30 seconds.
	ACLPolicyTTL time.Duration
	// ACLTokenTTL is used to control the time-to-live of cached ACL tokens. This has
	// a major impact on performance. By default, it is set to 30 seconds.
	ACLTokenTTL time.Duration
	// ACLRoleTTL is used to control the time-to-live of cached ACL roles. This has
	// a major impact on performance. By default, it is set to 30 seconds.
	ACLRoleTTL time.Duration

	// ACLDownPolicy is used to control the ACL interaction when we cannot
	// reach the PrimaryDatacenter and the token is not in the cache.
	// There are the following modes:
	//   * allow - Allow all requests
	//   * deny - Deny all requests
	//   * extend-cache - Ignore the cache expiration, and allow cached
	//                    ACL's to be used to service requests. This
	//                    is the default. If the ACL is not in the cache,
	//                    this acts like deny.
	//   * async-cache - Same behavior as extend-cache, but perform ACL
	//                   Lookups asynchronously when cache TTL is expired.
	ACLDownPolicy string

	// ACLDefaultPolicy is used to control the ACL interaction when
	// there is no defined policy. This can be "allow" which means
	// ACLs are used to deny-list, or "deny" which means ACLs are
	// allow-lists.
	ACLDefaultPolicy string
}

TODO: rename the fields to remove the ACL prefix

type AutoConfig added in v1.16.100 

type AutoConfig struct {
	// contains filtered or unexported fields
}

AutoConfig endpoint is used for cluster auto configuration operations

func NewAutoConfig added in v1.16.100 

func NewAutoConfig(conf *Config, tlsConfigurator *tlsutil.Configurator, backend AutoConfigBackend, authz AutoConfigAuthorizer) *AutoConfig

func (*AutoConfig) InitialConfiguration added in v1.16.100 

func (ac *AutoConfig) InitialConfiguration(req *pbautoconf.AutoConfigRequest, resp *pbautoconf.AutoConfigResponse) error

AgentAutoConfig will authorize the incoming request and then generate the configuration to push down to the client

type AutoConfigAuthorizer added in v1.16.100 

type AutoConfigAuthorizer interface {
	// Authorizes the request and returns a struct containing the various
	// options for how to generate the configuration.
	Authorize(*pbautoconf.AutoConfigRequest) (AutoConfigOptions, error)
}

type AutoConfigBackend added in v1.16.100 

type AutoConfigBackend interface {
	CreateACLToken(template *structs.ACLToken) (*structs.ACLToken, error)
	DatacenterJoinAddresses(partition, segment string) ([]string, error)
	ForwardRPC(method string, info structs.RPCInfo, reply interface{}) (bool, error)
	GetCARoots() (*structs.IndexedCARoots, error)
	SignCertificate(csr *x509.CertificateRequest, id connect.CertURI) (*structs.IssuedCert, error)
}

type AutoConfigOptions added in v1.16.100 

type AutoConfigOptions struct {
	NodeName    string
	SegmentName string
	Partition   string

	CSR      *x509.CertificateRequest
	SpiffeID *connect.SpiffeIDAgent
}

func (AutoConfigOptions) PartitionOrDefault added in v1.16.100 

func (opts AutoConfigOptions) PartitionOrDefault() string

type AutoEncrypt added in v1.16.100 

type AutoEncrypt struct {
	// contains filtered or unexported fields
}

func (*AutoEncrypt) Sign added in v1.16.100 

func (a *AutoEncrypt) Sign(
	args *structs.CASignRequest,
	reply *structs.SignedResponse) error

Sign signs a certificate for an agent.

type AutopilotDelegate added in v1.0.3 

type AutopilotDelegate struct {
	// contains filtered or unexported fields
}

AutopilotDelegate is a Consul delegate for autopilot operations.

func (*AutopilotDelegate) AutopilotConfig added in v1.0.3 

func (d *AutopilotDelegate) AutopilotConfig() *autopilot.Config

func (*AutopilotDelegate) FetchServerStats added in v1.16.100 

func (d *AutopilotDelegate) FetchServerStats(ctx context.Context, servers map[raft.ServerID]*autopilot.Server) map[raft.ServerID]*autopilot.ServerStats

func (*AutopilotDelegate) KnownServers added in v1.16.100 

func (d *AutopilotDelegate) KnownServers() map[raft.ServerID]*autopilot.Server

func (*AutopilotDelegate) NotifyState added in v1.16.100 

func (d *AutopilotDelegate) NotifyState(state *autopilot.State)

func (*AutopilotDelegate) RemoveFailedServer added in v1.16.100 

func (d *AutopilotDelegate) RemoveFailedServer(srv *autopilot.Server)

type CAManager added in v1.16.100 

type CAManager struct {
	// contains filtered or unexported fields
}

CAManager is a wrapper around CA operations such as updating roots, an intermediate or the configuration. All operations should go through the CAManager in order to avoid data races.

func NewCAManager added in v1.16.100 

func NewCAManager(delegate caServerDelegate, leaderRoutineManager *routine.Manager, logger hclog.Logger, config *Config) *CAManager

func (*CAManager) AuthorizeAndSignCertificate added in v1.16.100 

func (c *CAManager) AuthorizeAndSignCertificate(csr *x509.CertificateRequest, authz acl.Authorizer) (*structs.IssuedCert, error)

AuthorizeAndSignCertificate signs a leaf certificate for the service or agent identified by the SPIFFE ID in the given CSR's SAN. It performs authorization using the given acl.Authorizer.

func (*CAManager) Initialize added in v1.16.100 

func (c *CAManager) Initialize() (reterr error)

Initialize sets up the CA provider when gaining leadership, either bootstrapping the CA if this is the primary DC or making a remote RPC for intermediate signing if this is a secondary DC.

func (*CAManager) RenewIntermediate added in v1.16.100 

func (c *CAManager) RenewIntermediate(ctx context.Context) error

RenewIntermediate checks the intermediate cert for expiration. If more than half the time a cert is valid has passed, it will try to renew it.

func (*CAManager) SignCertificate added in v1.16.100 

func (c *CAManager) SignCertificate(csr *x509.CertificateRequest, spiffeID connect.CertURI) (*structs.IssuedCert, error)

func (*CAManager) Start added in v1.16.100 

func (c *CAManager) Start(ctx context.Context)

func (*CAManager) Stop added in v1.16.100 

func (c *CAManager) Stop()

func (*CAManager) UpdateConfiguration added in v1.16.100 

func (c *CAManager) UpdateConfiguration(args *structs.CARequest) (reterr error)

type Catalog 

type Catalog struct {
	// contains filtered or unexported fields
}

Catalog endpoint is used to manipulate the service catalog

func (*Catalog) Deregister 

func (c *Catalog) Deregister(args *structs.DeregisterRequest, reply *struct{}) error

Deregister a service or check in a node, or the entire node itself.

If a ServiceID is provided in the request, any associated Checks with that service are also deregistered.

If a ServiceID or CheckID is not provided in the request, the entire node is deregistered.

func (*Catalog) GatewayServices added in v1.16.100 

func (c *Catalog) GatewayServices(args *structs.ServiceSpecificRequest, reply *structs.IndexedGatewayServices) error

func (*Catalog) ListDatacenters 

func (c *Catalog) ListDatacenters(args *structs.DatacentersRequest, reply *[]string) error

ListDatacenters is used to query for the list of known datacenters

func (*Catalog) ListNodes 

func (c *Catalog) ListNodes(args *structs.DCSpecificRequest, reply *structs.IndexedNodes) error

ListNodes is used to query the nodes in a DC.

func (*Catalog) ListServices 

func (c *Catalog) ListServices(args *structs.DCSpecificRequest, reply *structs.IndexedServices) error

ListServices is used to query the services in a DC. Returns services as a map of service names to available tags.

func (*Catalog) NodeServiceList added in v1.16.100 

func (c *Catalog) NodeServiceList(args *structs.NodeSpecificRequest, reply *structs.IndexedNodeServiceList) error

NodeServiceList returns all the services registered as part of a node. Returns NodeServices as a list of services.

func (*Catalog) NodeServices 

func (c *Catalog) NodeServices(args *structs.NodeSpecificRequest, reply *structs.IndexedNodeServices) error

NodeServices returns all the services registered as part of a node. Returns NodeServices as a map of service IDs to services.

func (*Catalog) Register 

func (c *Catalog) Register(args *structs.RegisterRequest, reply *struct{}) error

Register a service and/or check(s) in a node, creating the node if it doesn't exist. It is valid to pass no service or checks to simply create the node itself.

func (*Catalog) ServiceList added in v1.16.100 

func (c *Catalog) ServiceList(args *structs.DCSpecificRequest, reply *structs.IndexedServiceList) error

ServiceList is used to query the services in a DC. Returns services as a list of ServiceNames.

func (*Catalog) ServiceNodes 

func (c *Catalog) ServiceNodes(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceNodes) error

ServiceNodes returns all the nodes registered as part of a service.

func (*Catalog) VirtualIPForService added in v1.16.100 

func (c *Catalog) VirtualIPForService(args *structs.ServiceSpecificRequest, reply *string) error

type CertExpirationMonitor added in v1.16.100 

type CertExpirationMonitor struct {
	Key []string
	// Labels to be emitted along with the metric. It is very important that these
	// labels be included in the pre-declaration as well. Otherwise, if
	// telemetry.prometheus_retention_time is less than certExpirationMonitorInterval
	// then the metrics will expire before they are emitted again.
	Labels []metrics.Label
	Logger hclog.Logger
	// Query is called at each interval. It should return 2 durations, the full
	// lifespan of the certificate (NotBefore -> NotAfter) and the duration
	// until the certificate expires (Now -> NotAfter), or an error if the
	// query failed.
	Query func() (time.Duration, time.Duration, error)
}

func (CertExpirationMonitor) Monitor added in v1.16.100 

func (m CertExpirationMonitor) Monitor(ctx context.Context) error

type Client 

type Client struct {

	// acls is used to resolve tokens to effective policies
	*ACLResolver

	// embedded struct to hold all the enterprise specific data
	EnterpriseClient
	// contains filtered or unexported fields
}

Client is Consul client which uses RPC to communicate with the services for service discovery, health checking, and DC forwarding.

func NewClient 

func NewClient(config *Config, deps Deps) (*Client, error)

NewClient creates and returns a Client

func (*Client) AgentEnterpriseMeta added in v1.16.100 

func (c *Client) AgentEnterpriseMeta() *acl.EnterpriseMeta

func (*Client) AgentLocalMember added in v1.16.100 

func (c *Client) AgentLocalMember() serf.Member

AgentLocalMember is used to retrieve the LAN member for the local node.

func (*Client) CheckServers added in v1.16.100 

func (c *Client) CheckServers(datacenter string, fn func(*metadata.Server) bool)

CheckServers implements the checkServersProvider interface for the Client

func (*Client) GetLANCoordinate 

func (c *Client) GetLANCoordinate() (lib.CoordinateSet, error)

GetLANCoordinate returns the coordinate of the node in the LAN gossip pool.

  • Clients return a single coordinate for the single gossip pool they are in (default, segment, or partition).

  • Servers return one coordinate for their canonical gossip pool (i.e. default partition/segment) and one per segment they are also ancillary members of.

NOTE: servers do not emit coordinates for partitioned gossip pools they are ancillary members of.

NOTE: This assumes coordinates are enabled, so check that before calling.

func (*Client) JoinLAN 

func (c *Client) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (int, error)

JoinLAN is used to have Consul join the inner-DC pool The target address should be another node inside the DC listening on the Serf LAN address

func (*Client) KeyManagerLAN 

func (c *Client) KeyManagerLAN() *serf.KeyManager

KeyManagerLAN returns the LAN Serf keyring manager

func (*Client) LANMembers 

func (c *Client) LANMembers(filter LANMemberFilter) ([]serf.Member, error)

LANMembers returns the LAN members for one of:

- the requested partition - the requested segment - all segments

This is limited to segments and partitions that the node is a member of.

func (*Client) LANMembersInAgentPartition added in v1.16.100 

func (c *Client) LANMembersInAgentPartition() []serf.Member

LANMembersInAgentPartition returns the LAN members for this agent's canonical serf pool. For clients this is the only pool that exists. For servers it's the pool in the default segment and the default partition.

func (*Client) Leave 

func (c *Client) Leave() error

Leave is used to prepare for a graceful shutdown.

func (*Client) RPC 

func (c *Client) RPC(ctx context.Context, method string, args interface{}, reply interface{}) error

RPC is used to forward an RPC call to a consul server, or fail if no servers

func (*Client) ReloadConfig added in v1.2.0 

func (c *Client) ReloadConfig(config ReloadableConfig) error

ReloadConfig is used to have the Client do an online reload of relevant configuration information

func (*Client) RemoveFailedNode 

func (c *Client) RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error

RemoveFailedNode is used to remove a failed node from the cluster.

func (*Client) Shutdown 

func (c *Client) Shutdown() error

Shutdown is used to shutdown the client

func (*Client) SnapshotRPC 

func (c *Client) SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer,
	replyFn structs.SnapshotReplyFn) error

SnapshotRPC sends the snapshot request to one of the servers, reading from the streaming input and writing to the streaming output depending on the operation.

func (*Client) Stats 

func (c *Client) Stats() map[string]map[string]string

Stats is used to return statistics for debugging and insight for various sub-systems

type CloudConfig added in v1.16.100 

type CloudConfig struct {
	ManagementToken string
}

type Config 

type Config struct {
	// Bootstrap mode is used to bring up the first Consul server.
	// It is required so that it can elect a leader without any
	// other nodes being present
	Bootstrap bool

	// BootstrapExpect mode is used to automatically bring up a collection of
	// Consul servers. This can be used to automatically bring up a collection
	// of nodes.
	BootstrapExpect int

	// Datacenter is the datacenter this Consul server represents.
	Datacenter string

	// PrimaryDatacenter is the authoritative datacenter for features like ACLs
	// and Connect.
	PrimaryDatacenter string

	// DataDir is the directory to store our state in.
	DataDir string

	// DefaultQueryTime is the amount of time a blocking query will wait before
	// Consul will force a response. This value can be overridden by the 'wait'
	// query parameter.
	DefaultQueryTime time.Duration

	// MaxQueryTime is the maximum amount of time a blocking query can wait
	// before Consul will force a response. Consul applies jitter to the wait
	// time. The jittered time will be capped to MaxQueryTime.
	MaxQueryTime time.Duration

	// DevMode is used to enable a development server mode.
	DevMode bool

	// NodeID is a unique identifier for this node across space and time.
	NodeID types.NodeID

	// Node name is the name we use to advertise. Defaults to hostname.
	NodeName string

	// RaftConfig is the configuration used for Raft in the local DC
	RaftConfig *raft.Config

	// (Enterprise-only) ReadReplica is used to prevent this server from being added
	// as a voting member of the Raft cluster.
	ReadReplica bool

	// NotifyListen is called after the RPC listener has been configured.
	// RPCAdvertise will be set to the listener address if it hasn't been
	// configured at this point.
	NotifyListen func()

	// RPCAddr is the RPC address used by Consul. This should be reachable
	// by the WAN and LAN
	RPCAddr *net.TCPAddr

	// RPCAdvertise is the address that is advertised to other nodes for
	// the RPC endpoint. This can differ from the RPC address, if for example
	// the RPCAddr is unspecified "0.0.0.0:8300", but this address must be
	// reachable. If RPCAdvertise is nil then it will be set to the Listener
	// address after the listening socket is configured.
	RPCAdvertise *net.TCPAddr

	// RPCSrcAddr is the source address for outgoing RPC connections.
	RPCSrcAddr *net.TCPAddr

	// GRPCPort is the port the public gRPC server listens on.
	GRPCPort int

	// GRPCTLSPort is the port the public gRPC TLS server listens on.
	GRPCTLSPort int

	// (Enterprise-only) The network segment this agent is part of.
	Segment string

	// (Enterprise-only) Segments is a list of network segments for a server to
	// bind on.
	Segments []NetworkSegment

	// SerfLANConfig is the configuration for the intra-dc serf
	SerfLANConfig *serf.Config

	// SerfWANConfig is the configuration for the cross-dc serf
	SerfWANConfig *serf.Config

	// SerfFloodInterval controls how often we attempt to flood local Serf
	// Consul servers into the global areas (WAN and user-defined areas in
	// Consul Enterprise).
	SerfFloodInterval time.Duration

	// ReconcileInterval controls how often we reconcile the strongly
	// consistent store with the Serf info. This is used to handle nodes
	// that are force removed, as well as intermittent unavailability during
	// leader election.
	ReconcileInterval time.Duration

	// ProtocolVersion is the protocol version to speak. This must be between
	// ProtocolVersionMin and ProtocolVersionMax.
	ProtocolVersion uint8

	TLSConfig tlsutil.Config

	// RejoinAfterLeave controls our interaction with Serf.
	// When set to false (default), a leave causes a Consul to not rejoin
	// the cluster until an explicit join is received. If this is set to
	// true, we ignore the leave, and rejoin the cluster on start.
	RejoinAfterLeave bool

	// AdvertiseReconnectTimeout is the duration after which this node should be
	// assumed to not be returning and thus should be reaped within Serf. This
	// can only be set for Client agents
	AdvertiseReconnectTimeout time.Duration

	// Build is a string that is gossiped around, and can be used to help
	// operators track which versions are actively deployed
	Build string

	ACLResolverSettings ACLResolverSettings

	// ACLEnabled is used to enable ACLs
	ACLsEnabled bool

	// ACLInitialManagementToken is used to bootstrap the ACL system. It should be specified
	// on the servers in the PrimaryDatacenter. When the leader comes online, it ensures
	// that the initial management token is available. This provides the initial token.
	ACLInitialManagementToken string

	// ACLTokenReplication is used to enabled token replication.
	//
	// By default policy-only replication is enabled. When token
	// replication is off and the primary datacenter is not
	// yet upgraded to the new ACLs no replication will be performed
	ACLTokenReplication bool

	// ACLReplicationRate is the max number of replication rounds that can
	// be run per second. Note that either 1 or 2 RPCs are used during each replication
	// round
	ACLReplicationRate int

	// ACLReplicationBurst is how many replication RPCs can be bursted after a
	// period of idleness
	ACLReplicationBurst int

	// ACLReplicationApplyLimit is the max number of replication-related
	// apply operations that we allow during a one second period. This is
	// used to limit the amount of Raft bandwidth used for replication.
	ACLReplicationApplyLimit int

	// ACLEnableKeyListPolicy is used to gate enforcement of the new "list" policy that
	// protects listing keys by prefix. This behavior is opt-in
	// by default in Consul 1.0 and later.
	ACLEnableKeyListPolicy bool

	AutoConfigEnabled              bool
	AutoConfigIntroToken           string
	AutoConfigIntroTokenFile       string
	AutoConfigServerAddresses      []string
	AutoConfigDNSSANs              []string
	AutoConfigIPSANs               []net.IP
	AutoConfigAuthzEnabled         bool
	AutoConfigAuthzAuthMethod      structs.ACLAuthMethod
	AutoConfigAuthzClaimAssertions []string
	AutoConfigAuthzAllowReuse      bool

	// TombstoneTTL is used to control how long KV tombstones are retained.
	// This provides a window of time when the X-Consul-Index is monotonic.
	// Outside this window, the index may not be monotonic. This is a result
	// of a few trade-offs:
	// 1) The index is defined by the data view and not globally. This is a
	// performance optimization that prevents any write from incrementing the
	// index for all data views.
	// 2) Tombstones are not kept indefinitely, since otherwise storage required
	// is also monotonic. This prevents deletes from reducing the disk space
	// used.
	// In theory, neither of these are intrinsic limitations, however for the
	// purposes of building a practical system, they are reasonable trade-offs.
	//
	// It is also possible to set this to an incredibly long time, thereby
	// simulating infinite retention. This is not recommended, however.
	//
	TombstoneTTL time.Duration

	// TombstoneTTLGranularity is used to control how granular the timers are
	// for the Tombstone GC. This is used to batch the GC of many keys together
	// to reduce overhead. It is unlikely a user would ever need to tune this.
	TombstoneTTLGranularity time.Duration

	// Minimum Session TTL
	SessionTTLMin time.Duration

	// maxTokenExpirationDuration is the maximum difference allowed between
	// ACLToken CreateTime and ExpirationTime values if ExpirationTime is set
	// on a token.
	ACLTokenMaxExpirationTTL time.Duration

	// ACLTokenMinExpirationTTL is the minimum difference allowed between
	// ACLToken CreateTime and ExpirationTime values if ExpirationTime is set
	// on a token.
	ACLTokenMinExpirationTTL time.Duration

	// ServerUp callback can be used to trigger a notification that
	// a Consul server is now up and known about.
	ServerUp func()

	// UserEventHandler callback can be used to handle incoming
	// user events. This function should not block.
	UserEventHandler func(serf.UserEvent)

	// ConfigReplicationRate is the max number of replication rounds that can
	// be run per second. Note that either 1 or 2 RPCs are used during each replication
	// round
	ConfigReplicationRate int

	// ConfigReplicationBurst is how many replication rounds can be bursted after a
	// period of idleness
	ConfigReplicationBurst int

	// ConfigReplicationApply limit is the max number of replication-related
	// apply operations that we allow during a one second period. This is
	// used to limit the amount of Raft bandwidth used for replication.
	ConfigReplicationApplyLimit int

	// FederationStateReplicationRate is the max number of replication rounds that can
	// be run per second. Note that either 1 or 2 RPCs are used during each replication
	// round
	FederationStateReplicationRate int

	// FederationStateReplicationBurst is how many replication rounds can be bursted after a
	// period of idleness
	FederationStateReplicationBurst int

	// FederationStateReplicationApply limit is the max number of replication-related
	// apply operations that we allow during a one second period. This is
	// used to limit the amount of Raft bandwidth used for replication.
	FederationStateReplicationApplyLimit int

	// CoordinateUpdatePeriod controls how long a server batches coordinate
	// updates before applying them in a Raft transaction. A larger period
	// leads to fewer Raft transactions, but also the stored coordinates
	// being more stale.
	CoordinateUpdatePeriod time.Duration

	// CoordinateUpdateBatchSize controls the maximum number of updates a
	// server batches before applying them in a Raft transaction.
	CoordinateUpdateBatchSize int

	// CoordinateUpdateMaxBatches controls the maximum number of batches we
	// are willing to apply in one period. After this limit we will issue a
	// warning and discard the remaining updates.
	CoordinateUpdateMaxBatches int

	// CheckOutputMaxSize control the max size of output of checks
	CheckOutputMaxSize int

	// RequestLimitsMode will disable or enable rate limiting.  If not disabled, it
	// enforces the action that will occur when RequestLimitsReadRate
	// or RequestLimitsWriteRate is exceeded.  The default value of "disabled" will
	// prevent any rate limiting from occuring.  A value of "enforce" will block
	// the request from processings by returning an error.  A value of
	// "permissive" will not block the request and will allow the request to
	// continue processing.
	RequestLimitsMode string

	// RequestLimitsReadRate controls how frequently RPC, gRPC, and HTTP
	// queries are allowed to happen. In any large enough time interval, rate
	// limiter limits the rate to RequestLimitsReadRate tokens per second.
	RequestLimitsReadRate rate.Limit

	// RequestLimitsWriteRate controls how frequently RPC, gRPC, and HTTP
	// writes are allowed to happen. In any large enough time interval, rate
	// limiter limits the rate to RequestLimitsWriteRate tokens per second.
	RequestLimitsWriteRate rate.Limit

	// RPCHandshakeTimeout limits how long we will wait for the initial magic byte
	// on an RPC client connection. It also governs how long we will wait for a
	// TLS handshake when TLS is configured however the timout applies separately
	// for the initial magic byte and the TLS handshake and inner magic byte.
	RPCHandshakeTimeout time.Duration

	// RPCHoldTimeout is how long an RPC can be "held" before it is errored.
	// This is used to paper over a loss of leadership by instead holding RPCs,
	// so that the caller experiences a slow response rather than an error.
	// This period is meant to be long enough for a leader election to take
	// place, and a small jitter is applied to avoid a thundering herd.
	RPCHoldTimeout time.Duration

	// RPCClientTimeout limits how long a client is allowed to read from an RPC
	// connection. This is used to set an upper bound for non-blocking queries to
	// eventually terminate so that RPC connections are not held indefinitely.
	// Blocking queries will use MaxQueryTime and DefaultQueryTime to calculate
	// their own timeouts.
	RPCClientTimeout time.Duration

	// RPCRateLimit and RPCMaxBurst control how frequently RPC calls are allowed
	// to happen. In any large enough time interval, rate limiter limits the
	// rate to RPCRateLimit tokens per second, with a maximum burst size of
	// RPCMaxBurst events. As a special case, if RPCRateLimit == Inf (the infinite
	// rate), RPCMaxBurst is ignored.
	//
	// See https://en.wikipedia.org/wiki/Token_bucket for more about token
	// buckets.
	RPCRateLimit rate.Limit
	RPCMaxBurst  int

	// RPCMaxConnsPerClient is the limit of how many concurrent connections are
	// allowed from a single source IP.
	RPCMaxConnsPerClient int

	// LeaveDrainTime is used to wait after a server has left the LAN Serf
	// pool for RPCs to drain and new requests to be sent to other servers.
	LeaveDrainTime time.Duration

	// AutopilotConfig is used to apply the initial autopilot config when
	// bootstrapping.
	AutopilotConfig *structs.AutopilotConfig

	// ServerHealthInterval is the frequency with which the health of the
	// servers in the cluster will be updated.
	ServerHealthInterval time.Duration

	// AutopilotInterval is the frequency with which the leader will perform
	// autopilot tasks, such as promoting eligible non-voters and removing
	// dead servers.
	AutopilotInterval time.Duration

	// MetricsReportingInterval is the frequency with which the server will
	// report usage metrics to the configured go-metrics Sinks.
	MetricsReportingInterval time.Duration

	// ConnectEnabled is whether to enable Connect features such as the CA.
	ConnectEnabled bool

	// ConnectMeshGatewayWANFederationEnabled determines if wan federation of
	// datacenters should exclusively traverse mesh gateways.
	ConnectMeshGatewayWANFederationEnabled bool

	// DisableFederationStateAntiEntropy solely exists for use in unit tests to
	// disable a background routine.
	DisableFederationStateAntiEntropy bool

	// OverrideInitialSerfTags solely exists for use in unit tests to ensure
	// that a serf tag is initially set to a known value, rather than the
	// default to test some consul upgrade scenarios with fewer races.
	OverrideInitialSerfTags func(tags map[string]string)

	// CAConfig is used to apply the initial Connect CA configuration when
	// bootstrapping.
	CAConfig *structs.CAConfiguration

	// ConfigEntryBootstrap contains a list of ConfigEntries to ensure are created
	// If entries of the same Kind/Name exist already these will not update them.
	ConfigEntryBootstrap []structs.ConfigEntry

	// AutoEncryptAllowTLS is whether to enable the server responding to
	// AutoEncrypt.Sign requests.
	AutoEncryptAllowTLS bool

	RPCConfig RPCConfig

	LogStoreConfig RaftLogStoreConfig

	// PeeringEnabled enables cluster peering.
	PeeringEnabled bool

	PeeringTestAllowPeerRegistrations bool

	Locality *structs.Locality

	Cloud CloudConfig

	Reporting Reporting

	// Embedded Consul Enterprise specific configuration
	*EnterpriseConfig

	// ServerRejoinAgeMax is used to specify the duration of time a server
	// is allowed to be down/offline before a startup operation is refused.
	ServerRejoinAgeMax time.Duration
}

Config is used to configure the server

func DefaultConfig 

func DefaultConfig() *Config

DefaultConfig returns a default configuration.

func (*Config) AgentEnterpriseMeta added in v1.16.100 

func (c *Config) AgentEnterpriseMeta() *acl.EnterpriseMeta

func (*Config) CheckACL 

func (c *Config) CheckACL() error

CheckACL validates the ACL configuration. TODO: move this to ACLResolverSettings

func (*Config) CheckProtocolVersion 

func (c *Config) CheckProtocolVersion() error

CheckProtocolVersion validates the protocol version.

func (*Config) InPrimaryDatacenter added in v1.16.100 

func (c *Config) InPrimaryDatacenter() bool

type ConfigEntry added in v1.16.100 

type ConfigEntry struct {
	// contains filtered or unexported fields
}

The ConfigEntry endpoint is used to query centralized config information

func (*ConfigEntry) Apply added in v1.16.100 

func (c *ConfigEntry) Apply(args *structs.ConfigEntryRequest, reply *bool) error

Apply does an upsert of the given config entry.

func (*ConfigEntry) Delete added in v1.16.100 

func (c *ConfigEntry) Delete(args *structs.ConfigEntryRequest, reply *structs.ConfigEntryDeleteResponse) error

Delete deletes a config entry.

func (*ConfigEntry) Get added in v1.16.100 

func (c *ConfigEntry) Get(args *structs.ConfigEntryQuery, reply *structs.ConfigEntryResponse) error

Get returns a single config entry by Kind/Name.

func (*ConfigEntry) List added in v1.16.100 

func (c *ConfigEntry) List(args *structs.ConfigEntryQuery, reply *structs.IndexedConfigEntries) error

List returns all the config entries of the given kind. If Kind is blank, all existing config entries will be returned.

func (*ConfigEntry) ListAll added in v1.16.100 

func (c *ConfigEntry) ListAll(args *structs.ConfigEntryListAllRequest, reply *structs.IndexedGenericConfigEntries) error

ListAll returns all the known configuration entries

func (*ConfigEntry) ResolveServiceConfig added in v1.16.100 

func (c *ConfigEntry) ResolveServiceConfig(args *structs.ServiceConfigRequest, reply *structs.ServiceConfigResponse) error

ResolveServiceConfig

type ConnectCA added in v1.2.0 

type ConnectCA struct {
	// contains filtered or unexported fields
}

ConnectCA manages the Connect CA.

func (*ConnectCA) ConfigurationGet added in v1.2.0 

func (s *ConnectCA) ConfigurationGet(
	args *structs.DCSpecificRequest,
	reply *structs.CAConfiguration) error

ConfigurationGet returns the configuration for the CA.

func (*ConnectCA) ConfigurationSet added in v1.2.0 

func (s *ConnectCA) ConfigurationSet(
	args *structs.CARequest,
	reply *interface{}) error

ConfigurationSet updates the configuration for the CA.

func (*ConnectCA) Roots added in v1.2.0 

func (s *ConnectCA) Roots(
	args *structs.DCSpecificRequest,
	reply *structs.IndexedCARoots) error

Roots returns the currently trusted root certificates.

func (*ConnectCA) Sign added in v1.2.0 

func (s *ConnectCA) Sign(
	args *structs.CASignRequest,
	reply *structs.IssuedCert) error

Sign signs a certificate for a service.

func (*ConnectCA) SignIntermediate added in v1.16.100 

func (s *ConnectCA) SignIntermediate(
	args *structs.CASignRequest,
	reply *string) error

SignIntermediate signs an intermediate certificate for a remote datacenter.

type Coordinate 

type Coordinate struct {
	// contains filtered or unexported fields
}

Coordinate manages queries and updates for network coordinates.

func NewCoordinate 

func NewCoordinate(srv *Server, logger hclog.Logger) *Coordinate

NewCoordinate returns a new Coordinate endpoint.

func (*Coordinate) ListDatacenters 

func (c *Coordinate) ListDatacenters(args *struct{}, reply *[]structs.DatacenterMap) error

ListDatacenters returns the list of datacenters and their respective nodes and the raw coordinates of those nodes (if no coordinates are available for any of the nodes, the node list may be empty). This endpoint will not return information about the LAN network area.

func (*Coordinate) ListNodes 

func (c *Coordinate) ListNodes(args *structs.DCSpecificRequest, reply *structs.IndexedCoordinates) error

ListNodes returns the list of nodes with their raw network coordinates (if no coordinates are available for a node it won't appear in this list).

func (*Coordinate) Node added in v1.0.1 

func (c *Coordinate) Node(args *structs.NodeSpecificRequest, reply *structs.IndexedCoordinates) error

Node returns the raw coordinates for a single node.

func (*Coordinate) Update 

func (c *Coordinate) Update(args *structs.CoordinateUpdateRequest, reply *struct{}) (err error)

Update inserts or updates the LAN coordinate of a node.

type Deps added in v1.16.100 

type Deps struct {
	EventPublisher   *stream.EventPublisher
	Logger           hclog.InterceptLogger
	TLSConfigurator  *tlsutil.Configurator
	Tokens           *token.Store
	Router           *router.Router
	ConnPool         *pool.ConnPool
	GRPCConnPool     GRPCClientConner
	LeaderForwarder  LeaderForwarder
	XDSStreamLimiter *limiter.SessionLimiter
	// GetNetRPCInterceptorFunc, if not nil, sets the net/rpc rpc.ServerServiceCallInterceptor on
	// the server side to record metrics around the RPC requests. If nil, no interceptor is added to
	// the rpc server.
	GetNetRPCInterceptorFunc func(recorder *middleware.RequestRecorder) rpc.ServerServiceCallInterceptor
	// NewRequestRecorderFunc provides a middleware.RequestRecorder for the server to use; it cannot be nil
	NewRequestRecorderFunc func(logger hclog.Logger, isLeader func() bool, localDC string) *middleware.RequestRecorder

	// HCP contains the dependencies required when integrating with the HashiCorp Cloud Platform
	HCP hcp.Deps

	Experiments []string

	EnterpriseDeps
}

type DiscoveryChain added in v1.16.100 

type DiscoveryChain struct {
	// contains filtered or unexported fields
}

func (*DiscoveryChain) Get added in v1.16.100 

func (c *DiscoveryChain) Get(args *structs.DiscoveryChainRequest, reply *structs.DiscoveryChainResponse) error

type EmptyReadRequest added in v1.16.100 

type EmptyReadRequest struct{}

EmptyReadRequest implements the interface used by middleware.RequestRecorder to communicate properties of requests.

func (EmptyReadRequest) IsRead added in v1.16.100 

func (e EmptyReadRequest) IsRead() bool

type EnterpriseACLResolverDelegate added in v1.16.100 

type EnterpriseACLResolverDelegate interface{}

EnterpriseACLResolverDelegate stub

type EnterpriseClient added in v1.2.0 

type EnterpriseClient struct{}

type EnterpriseConfig added in v1.16.100 

type EnterpriseConfig struct{}

func DefaultEnterpriseConfig added in v1.16.100 

func DefaultEnterpriseConfig() *EnterpriseConfig

type EnterpriseDeps added in v1.16.100 

type EnterpriseDeps struct{}

type EnterpriseServer added in v1.2.0 

type EnterpriseServer struct{}

type FederationState added in v1.16.100 

type FederationState struct {
	// contains filtered or unexported fields
}

FederationState endpoint is used to manipulate federation states from all datacenters.

func (*FederationState) Apply added in v1.16.100 

func (c *FederationState) Apply(args *structs.FederationStateRequest, reply *bool) error

func (*FederationState) Get added in v1.16.100 

func (c *FederationState) Get(args *structs.FederationStateQuery, reply *structs.FederationStateResponse) error

func (*FederationState) List added in v1.16.100 

func (c *FederationState) List(args *structs.DCSpecificRequest, reply *structs.IndexedFederationStates) error

List is the endpoint meant to be used by consul servers performing replication.

func (*FederationState) ListMeshGateways added in v1.16.100 

func (c *FederationState) ListMeshGateways(args *structs.DCSpecificRequest, reply *structs.DatacenterIndexedCheckServiceNodes) error

ListMeshGateways is the endpoint meant to be used by proxies only interested in the discovery info for dialing mesh gateways. Analogous to catalog endpoints.

type FederationStateReplicator added in v1.16.100 

type FederationStateReplicator struct {
	// contains filtered or unexported fields
}

func (*FederationStateReplicator) DiffRemoteAndLocalState added in v1.16.100 

func (r *FederationStateReplicator) DiffRemoteAndLocalState(localRaw interface{}, remoteRaw interface{}, lastRemoteIndex uint64) (*IndexReplicatorDiff, error)

DiffRemoteAndLocalState implements IndexReplicatorDelegate.

func (*FederationStateReplicator) FetchLocal added in v1.16.100 

func (r *FederationStateReplicator) FetchLocal() (int, interface{}, error)

FetchLocal implements IndexReplicatorDelegate.

func (*FederationStateReplicator) FetchRemote added in v1.16.100 

func (r *FederationStateReplicator) FetchRemote(lastRemoteIndex uint64) (int, interface{}, uint64, error)

FetchRemote implements IndexReplicatorDelegate.

func (*FederationStateReplicator) MetricName added in v1.16.100 

func (r *FederationStateReplicator) MetricName() string

MetricName implements IndexReplicatorDelegate.

func (*FederationStateReplicator) PerformDeletions added in v1.16.100 

func (r *FederationStateReplicator) PerformDeletions(ctx context.Context, deletionsRaw interface{}) (exit bool, err error)

PerformDeletions implements IndexReplicatorDelegate.

func (*FederationStateReplicator) PerformUpdates added in v1.16.100 

func (r *FederationStateReplicator) PerformUpdates(ctx context.Context, updatesRaw interface{}) (exit bool, err error)

PerformUpdates implements IndexReplicatorDelegate.

func (*FederationStateReplicator) PluralNoun added in v1.16.100 

func (r *FederationStateReplicator) PluralNoun() string

PluralNoun implements IndexReplicatorDelegate.

func (*FederationStateReplicator) SingularNoun added in v1.16.100 

func (r *FederationStateReplicator) SingularNoun() string

SingularNoun implements IndexReplicatorDelegate.

type Filter 

type Filter interface {
	Len() int
	Filter(int) bool
	Move(dst, src, span int)
}

Filter interface is used with FilterEntries to do an in-place filter of a slice.

type FunctionReplicator added in v1.16.100 

type FunctionReplicator struct {
	ReplicateFn ReplicatorFunc
	Name        string
}

func (*FunctionReplicator) MetricName added in v1.16.100 

func (r *FunctionReplicator) MetricName() string

func (*FunctionReplicator) Replicate added in v1.16.100 

func (r *FunctionReplicator) Replicate(ctx context.Context, lastRemoteIndex uint64, logger hclog.Logger) (uint64, bool, error)

type GRPCClientConner added in v1.16.100 

type GRPCClientConner interface {
	ClientConn(datacenter string) (*grpc.ClientConn, error)
	ClientConnLeader() (*grpc.ClientConn, error)
	SetGatewayResolver(func(string) string)
}

type GatewayLocator added in v1.16.100 

type GatewayLocator struct {
	// contains filtered or unexported fields
}

GatewayLocator assists in selecting an appropriate mesh gateway when wan federation via mesh gateways is enabled.

This is exclusively used by the consul server itself when it needs to tunnel RPC or gossip through a mesh gateway to reach its ultimate destination.

During secondary datacenter bootstrapping there is a phase where it is impossible for mesh gateways in the secondary datacenter to register themselves into the catalog to be discovered by the servers, so the servers maintain references for the mesh gateways in the primary in addition to its own local mesh gateways.

After initial datacenter federation the primary mesh gateways are only used in extreme fallback situations (basically re-bootstrapping).

For all other operations a consul server will ALWAYS contact a local mesh gateway to ultimately forward the request through a remote mesh gateway to reach its destination.

func NewGatewayLocator added in v1.16.100 

func NewGatewayLocator(
	logger hclog.Logger,
	srv serverDelegate,
	datacenter string,
	primaryDatacenter string,
) *GatewayLocator

func (*GatewayLocator) DialPrimaryThroughLocalGateway added in v1.16.100 

func (g *GatewayLocator) DialPrimaryThroughLocalGateway() bool

DialPrimaryThroughLocalGateway determines if we should dial the primary's mesh gateways directly or use our local mesh gateways (if they are up).

Generally the system has three states:

1. Servers dial primary MGWs using fallback addresses from the agent config. 2. Servers dial primary MGWs using replicated federation state data. 3. Servers dial primary MGWs indirectly through local MGWs.

After initial bootstrapping most communication should go through (3). If the local mesh gateways are not coming up for chicken/egg problems (mostly the kind that arise from secondary datacenter bootstrapping) then (2) is useful to solve the chicken/egg problem and get back to (3). In the worst case where we completely lost communication with the primary AND all of their old mesh gateway addresses are changed then we need to go all the way back to square one and re-bootstrap via (1).

Since both (1) and (2) are meant to be temporary we simplify things and make the system only consider two overall configurations: (1+2, with the addresses being unioned) or (3).

This method returns true if in state (3) and false if in state (1+2).

func (*GatewayLocator) PickGateway added in v1.16.100 

func (g *GatewayLocator) PickGateway(dc string) string

PickGateway returns the address for a gateway suitable for reaching the provided datacenter.

func (*GatewayLocator) PrimaryGatewayFallbackAddresses added in v1.16.100 

func (g *GatewayLocator) PrimaryGatewayFallbackAddresses() []string

PrimaryGatewayFallbackAddresses returns the current set of discovered fallback addresses for the mesh gateways in the primary datacenter.

func (*GatewayLocator) PrimaryMeshGatewayAddressesReadyCh added in v1.16.100 

func (g *GatewayLocator) PrimaryMeshGatewayAddressesReadyCh() <-chan struct{}

PrimaryMeshGatewayAddressesReadyCh returns a channel that will be closed when federation state replication ships back at least one primary mesh gateway (not via fallback config).

func (*GatewayLocator) RefreshPrimaryGatewayFallbackAddresses added in v1.16.100 

func (g *GatewayLocator) RefreshPrimaryGatewayFallbackAddresses(addrs []string)

RefreshPrimaryGatewayFallbackAddresses is used to update the list of current fallback addresses for locating mesh gateways in the primary datacenter.

func (*GatewayLocator) Run added in v1.16.100 

func (g *GatewayLocator) Run(ctx context.Context)

func (*GatewayLocator) SetLastFederationStateReplicationError added in v1.16.100 

func (g *GatewayLocator) SetLastFederationStateReplicationError(err error, fromReplication bool)

SetLastFederationStateReplicationError is used to indicate if the federation state replication loop has succeeded (nil) or failed during the last execution.

Rather than introduce a completely new mechanism to periodically probe that our chosen mesh-gateway configuration can reach the primary's servers (like a ping or status RPC) we cheat and use the federation state replicator goroutine's success or failure as a proxy.

func (*GatewayLocator) SetUseReplicationSignal added in v1.16.100 

func (g *GatewayLocator) SetUseReplicationSignal(newValue bool)

type Health 

type Health struct {
	// contains filtered or unexported fields
}

Health endpoint is used to query the health information

func (*Health) ChecksInState 

func (h *Health) ChecksInState(args *structs.ChecksInStateRequest,
	reply *structs.IndexedHealthChecks) error

ChecksInState is used to get all the checks in a given state

func (*Health) NodeChecks 

func (h *Health) NodeChecks(args *structs.NodeSpecificRequest,
	reply *structs.IndexedHealthChecks) error

NodeChecks is used to get all the checks for a node

func (*Health) ServiceChecks 

func (h *Health) ServiceChecks(args *structs.ServiceSpecificRequest,
	reply *structs.IndexedHealthChecks) error

ServiceChecks is used to get all the checks for a service

func (*Health) ServiceNodes 

func (h *Health) ServiceNodes(args *structs.ServiceSpecificRequest, reply *structs.IndexedCheckServiceNodes) error

ServiceNodes returns all the nodes registered as part of a service including health info

type IndexReplicator added in v1.16.100 

type IndexReplicator struct {
	Delegate IndexReplicatorDelegate
	Logger   hclog.Logger
}

func (*IndexReplicator) MetricName added in v1.16.100 

func (r *IndexReplicator) MetricName() string

func (*IndexReplicator) Replicate added in v1.16.100 

func (r *IndexReplicator) Replicate(ctx context.Context, lastRemoteIndex uint64, _ hclog.Logger) (uint64, bool, error)

type IndexReplicatorDelegate added in v1.16.100 

type IndexReplicatorDelegate interface {
	// SingularNoun is the singular form of the item being replicated.
	SingularNoun() string

	// PluralNoun is the plural form of the item being replicated.
	PluralNoun() string

	// Name to use when emitting metrics
	MetricName() string

	// FetchRemote retrieves items newer than the provided index from the
	// remote datacenter (for diffing purposes).
	FetchRemote(lastRemoteIndex uint64) (int, interface{}, uint64, error)

	// FetchLocal retrieves items from the current datacenter (for diffing
	// purposes).
	FetchLocal() (int, interface{}, error)

	DiffRemoteAndLocalState(local interface{}, remote interface{}, lastRemoteIndex uint64) (*IndexReplicatorDiff, error)

	PerformDeletions(ctx context.Context, deletions interface{}) (exit bool, err error)

	PerformUpdates(ctx context.Context, updates interface{}) (exit bool, err error)
}

type IndexReplicatorDiff added in v1.16.100 

type IndexReplicatorDiff struct {
	NumUpdates   int
	Updates      interface{}
	NumDeletions int
	Deletions    interface{}
}

type Intention added in v1.2.0 

type Intention struct {
	// contains filtered or unexported fields
}

Intention manages the Connect intentions.

func (*Intention) Apply added in v1.2.0 

func (s *Intention) Apply(args *structs.IntentionRequest, reply *string) error

Apply creates or updates an intention in the data store.

func (*Intention) Check added in v1.2.0 

func (s *Intention) Check(args *structs.IntentionQueryRequest, reply *structs.IntentionQueryCheckResponse) error

Check tests a source/destination and returns whether it would be allowed or denied based on the current ACL configuration.

NOTE: This endpoint treats any L7 intentions as DENY.

Note: Whenever the logic for this method is changed, you should take a look at the agent authorize endpoint (agent/agent_endpoint.go) since the logic there is similar.

func (*Intention) Get added in v1.2.0 

func (s *Intention) Get(args *structs.IntentionQueryRequest, reply *structs.IndexedIntentions) error

Get returns a single intention by ID.

func (*Intention) List added in v1.2.0 

func (s *Intention) List(args *structs.IntentionListRequest, reply *structs.IndexedIntentions) error

List returns all the intentions.

func (*Intention) Match added in v1.2.0 

func (s *Intention) Match(args *structs.IntentionQueryRequest, reply *structs.IndexedIntentionMatches) error

Match returns the set of intentions that match the given source/destination.

type Internal 

type Internal struct {
	// contains filtered or unexported fields
}

Internal endpoint is used to query the miscellaneous info that does not necessarily fit into the other systems. It is also used to hold undocumented APIs that users should not rely on.

func (*Internal) AssignManualServiceVIPs added in v1.16.100 

func (m *Internal) AssignManualServiceVIPs(args *structs.AssignServiceManualVIPsRequest, reply *structs.AssignServiceManualVIPsResponse) error

AssignManualServiceVIPs allows for assigning virtual IPs to a service manually, so that they can be returned along with discovery chain information for use by transparent proxies.

func (*Internal) CatalogOverview added in v1.16.100 

func (m *Internal) CatalogOverview(args *structs.DCSpecificRequest, reply *structs.CatalogSummary) error

func (*Internal) EventFire 

func (m *Internal) EventFire(args *structs.EventFireRequest,
	reply *structs.EventFireResponse) error

EventFire is a bit of an odd endpoint, but it allows for a cross-DC RPC call to fire an event. The primary use case is to enable user events being triggered in a remote DC.

func (*Internal) ExportedPeeredServices added in v1.16.100 

func (m *Internal) ExportedPeeredServices(args *structs.DCSpecificRequest, reply *structs.IndexedExportedServiceList) error

ExportedPeeredServices is used to query the exported services for peers. Returns services as a map of ServiceNames by peer. To get exported services for a single peer, use ExportedServicesForPeer.

func (*Internal) ExportedServicesForPeer added in v1.16.100 

func (m *Internal) ExportedServicesForPeer(args *structs.ServiceDumpRequest, reply *structs.IndexedServiceList) error

ExportedServicesForPeer returns a list of Service names that are exported for a given peer.

func (*Internal) GatewayIntentions added in v1.16.100 

func (m *Internal) GatewayIntentions(args *structs.IntentionQueryRequest, reply *structs.IndexedIntentions) error

GatewayIntentions Match returns the set of intentions that match the given source/destination.

func (*Internal) GatewayServiceDump added in v1.16.100 

func (m *Internal) GatewayServiceDump(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceDump) error

GatewayServiceDump returns all the nodes for services associated with a gateway along with their gateway config

func (*Internal) IntentionUpstreams added in v1.16.100 

func (m *Internal) IntentionUpstreams(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceList) error

IntentionUpstreams returns a service's upstreams which are inferred from intentions. If intentions allow a connection from the target to some candidate service, the candidate service is considered an upstream of the target.

func (*Internal) IntentionUpstreamsDestination added in v1.16.100 

func (m *Internal) IntentionUpstreamsDestination(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceList) error

IntentionUpstreamsDestination returns a service's upstreams which are inferred from intentions. If intentions allow a connection from the target to some candidate destination, the candidate destination is considered an upstream of the target. This performs the same logic as IntentionUpstreams endpoint but for destination upstreams only.

func (*Internal) KeyringOperation 

func (m *Internal) KeyringOperation(
	args *structs.KeyringRequest,
	reply *structs.KeyringResponses) error

KeyringOperation will query the WAN and LAN gossip keyrings of all nodes.

func (*Internal) NodeDump 

func (m *Internal) NodeDump(args *structs.DCSpecificRequest,
	reply *structs.IndexedNodeDump) error

NodeDump is used to generate information about all of the nodes.

func (*Internal) NodeInfo 

func (m *Internal) NodeInfo(args *structs.NodeSpecificRequest,
	reply *structs.IndexedNodeDump) error

NodeInfo is used to retrieve information about a specific node.

func (*Internal) PeeredUpstreams added in v1.16.100 

func (m *Internal) PeeredUpstreams(args *structs.PartitionSpecificRequest, reply *structs.IndexedPeeredServiceList) error

PeeredUpstreams returns all imported services as upstreams for any service in a given partition. Cluster peering does not replicate intentions so all imported services are considered potential upstreams.

func (*Internal) ServiceDump added in v1.16.100 

func (m *Internal) ServiceDump(args *structs.ServiceDumpRequest, reply *structs.IndexedNodesWithGateways) error

func (*Internal) ServiceGateways added in v1.16.100 

func (m *Internal) ServiceGateways(args *structs.ServiceSpecificRequest, reply *structs.IndexedCheckServiceNodes) error

ServiceGateways returns all the nodes for services associated with a gateway along with their gateway config

func (*Internal) ServiceTopology added in v1.16.100 

func (m *Internal) ServiceTopology(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceTopology) error

type KVS 

type KVS struct {
	// contains filtered or unexported fields
}

KVS endpoint is used to manipulate the Key-Value store

func (*KVS) Apply 

func (k *KVS) Apply(args *structs.KVSRequest, reply *bool) error

Apply is used to apply a KVS update request to the data store.

func (*KVS) Get 

func (k *KVS) Get(args *structs.KeyRequest, reply *structs.IndexedDirEntries) error

Get is used to lookup a single key.

func (*KVS) List 

func (k *KVS) List(args *structs.KeyRequest, reply *structs.IndexedDirEntries) error

List is used to list all keys with a given prefix.

func (*KVS) ListKeys 

func (k *KVS) ListKeys(args *structs.KeyListRequest, reply *structs.IndexedKeyList) error

ListKeys is used to list all keys with a given prefix to a separator. An optional separator may be specified, which can be used to slice off a part of the response so that only a subset of the prefix is returned. In this mode, the keys which are omitted are still counted in the returned index.

type LANMemberFilter added in v1.16.100 

type LANMemberFilter struct {
	Partition   string
	Segment     string
	AllSegments bool
}

func (LANMemberFilter) PartitionOrDefault added in v1.16.100 

func (f LANMemberFilter) PartitionOrDefault() string

func (LANMemberFilter) Validate added in v1.16.100 

func (f LANMemberFilter) Validate() error

type LeaderForwarder added in v1.16.100 

type LeaderForwarder interface {
	// UpdateLeaderAddr updates the leader address in the local DC's resolver.
	UpdateLeaderAddr(datacenter, addr string)
}

type License added in v1.16.100 

type License struct {
	Enabled bool
}

type NetworkSegment added in v0.9.3 

type NetworkSegment struct {
	Name       string
	Bind       string
	Port       int
	Advertise  string
	RPCAddr    *net.TCPAddr
	SerfConfig *serf.Config
}

(Enterprise-only) NetworkSegment is the address and port configuration for a network segment.

type Operator 

type Operator struct {
	// contains filtered or unexported fields
}

Operator endpoint is used to perform low-level operator tasks for Consul.

func (*Operator) AutopilotGetConfiguration 

func (op *Operator) AutopilotGetConfiguration(args *structs.DCSpecificRequest, reply *structs.AutopilotConfig) error

AutopilotGetConfiguration is used to retrieve the current Autopilot configuration.

func (*Operator) AutopilotSetConfiguration 

func (op *Operator) AutopilotSetConfiguration(args *structs.AutopilotSetConfigRequest, reply *bool) error

AutopilotSetConfiguration is used to set the current Autopilot configuration.

func (*Operator) AutopilotState added in v1.16.100 

func (op *Operator) AutopilotState(args *structs.DCSpecificRequest, reply *autopilot.State) error

func (*Operator) RaftGetConfiguration 

func (op *Operator) RaftGetConfiguration(args *structs.DCSpecificRequest, reply *structs.RaftConfigurationResponse) error

RaftGetConfiguration is used to retrieve the current Raft configuration.

func (*Operator) RaftRemovePeerByAddress 

func (op *Operator) RaftRemovePeerByAddress(args *structs.RaftRemovePeerRequest, reply *struct{}) error

RaftRemovePeerByAddress is used to kick a stale peer (one that it in the Raft quorum but no longer known to Serf or the catalog) by address in the form of "IP:port". The reply argument is not used, but it required to fulfill the RPC interface.

func (*Operator) RaftRemovePeerByID 

func (op *Operator) RaftRemovePeerByID(args *structs.RaftRemovePeerRequest, reply *struct{}) error

RaftRemovePeerByID is used to kick a stale peer (one that is in the Raft quorum but no longer known to Serf or the catalog) by address in the form of "IP:port". The reply argument is not used, but is required to fulfill the RPC interface.

func (*Operator) ServerHealth 

func (op *Operator) ServerHealth(args *structs.DCSpecificRequest, reply *structs.AutopilotHealthReply) error

ServerHealth is used to get the current health of the servers.

func (*Operator) Usage added in v1.16.100 

func (op *Operator) Usage(args *structs.OperatorUsageRequest, reply *structs.Usage) error

Usage returns counts for service usage within catalog.

type OperatorBackend added in v1.16.100 

type OperatorBackend struct {
	// contains filtered or unexported fields
}

func NewOperatorBackend added in v1.16.100 

func NewOperatorBackend(srv *Server) *OperatorBackend

NewOperatorBackend returns a operator.Backend implementation that is bound to the given server.

func (*OperatorBackend) ResolveTokenAndDefaultMeta added in v1.16.100 

func (op *OperatorBackend) ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzCtx *acl.AuthorizerContext) (resolver.Result, error)

func (*OperatorBackend) TransferLeader added in v1.16.100 

func (op *OperatorBackend) TransferLeader(_ context.Context, request *pboperator.TransferLeaderRequest) (*pboperator.TransferLeaderResponse, error)

type OverviewManager added in v1.16.100 

type OverviewManager struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

func NewOverviewManager added in v1.16.100 

func NewOverviewManager(logger hclog.Logger, sp usagemetrics.StateProvider, interval time.Duration) *OverviewManager

func (*OverviewManager) GetCurrentSummary added in v1.16.100 

func (m *OverviewManager) GetCurrentSummary() *structs.CatalogSummary

func (*OverviewManager) Run added in v1.16.100 

func (m *OverviewManager) Run(ctx context.Context)

type PeeringBackend added in v1.16.100 

type PeeringBackend struct {
	// contains filtered or unexported fields
}

func NewPeeringBackend added in v1.16.100 

func NewPeeringBackend(srv *Server) *PeeringBackend

NewPeeringBackend returns a peering.Backend implementation that is bound to the given server.

func (*PeeringBackend) CatalogDeregister added in v1.16.100 

func (b *PeeringBackend) CatalogDeregister(req *structs.DeregisterRequest) error

func (*PeeringBackend) CatalogRegister added in v1.16.100 

func (b *PeeringBackend) CatalogRegister(req *structs.RegisterRequest) error

func (*PeeringBackend) CheckPeeringUUID added in v1.16.100 

func (b *PeeringBackend) CheckPeeringUUID(id string) (bool, error)

func (*PeeringBackend) DecodeToken added in v1.16.100 

func (b *PeeringBackend) DecodeToken(tokRaw []byte) (*structs.PeeringToken, error)

DecodeToken decodes a peering token from a base64-encoded JSON byte array (for now).

func (*PeeringBackend) EncodeToken added in v1.16.100 

func (b *PeeringBackend) EncodeToken(tok *structs.PeeringToken) ([]byte, error)

EncodeToken encodes a peering token as a bas64-encoded representation of JSON (for now).

func (*PeeringBackend) EnterpriseCheckNamespaces added in v1.16.100 

func (b *PeeringBackend) EnterpriseCheckNamespaces(namespace string) error

func (*PeeringBackend) EnterpriseCheckPartitions added in v1.16.100 

func (b *PeeringBackend) EnterpriseCheckPartitions(partition string) error

func (*PeeringBackend) GetDialAddresses added in v1.16.100 

func (b *PeeringBackend) GetDialAddresses(logger hclog.Logger, ws memdb.WatchSet, peerID string) (*ring.Ring, *ring.Ring, error)

GetDialAddresses returns: the addresses to cycle through when dialing a peer's servers, an optional buffer of just gateway addresses, and an optional error. The resulting ring buffer is front-loaded with the local mesh gateway addresses if they are present.

func (*PeeringBackend) GetLeaderAddress added in v1.16.100 

func (b *PeeringBackend) GetLeaderAddress() string

GetLeaderAddress provides the best hint for the current address of the leader. There is no guarantee that this is the actual address of the leader.

func (*PeeringBackend) GetLocalServerAddresses added in v1.16.100 

func (b *PeeringBackend) GetLocalServerAddresses() ([]string, error)

GetLocalServerAddresses looks up server or mesh gateway addresses from the state store for a peer to dial.

func (*PeeringBackend) GetTLSMaterials added in v1.16.100 

func (b *PeeringBackend) GetTLSMaterials(generatingToken bool) (string, []string, error)

GetTLSMaterials returns the TLS materials for the dialer to dial the acceptor using TLS. It returns the server name to validate, and the CA certificate to validate with.

func (*PeeringBackend) IsLeader added in v1.16.100 

func (b *PeeringBackend) IsLeader() bool

func (*PeeringBackend) PeerThroughMeshGateways added in v1.16.100 

func (b *PeeringBackend) PeerThroughMeshGateways(ws memdb.WatchSet) (bool, error)

PeerThroughMeshGateways determines if the config entry to enable peering control plane traffic through a mesh gateway is set to enable.

func (*PeeringBackend) PeeringSecretsWrite added in v1.16.100 

func (b *PeeringBackend) PeeringSecretsWrite(req *pbpeering.SecretsWriteRequest) error

func (*PeeringBackend) PeeringTerminateByID added in v1.16.100 

func (b *PeeringBackend) PeeringTerminateByID(req *pbpeering.PeeringTerminateByIDRequest) error

TODO(peering): This needs RPC metrics interceptor since it's not triggered by an RPC.

func (*PeeringBackend) PeeringTrustBundleWrite added in v1.16.100 

func (b *PeeringBackend) PeeringTrustBundleWrite(req *pbpeering.PeeringTrustBundleWriteRequest) error

func (*PeeringBackend) PeeringWrite added in v1.16.100 

func (b *PeeringBackend) PeeringWrite(req *pbpeering.PeeringWriteRequest) error

func (*PeeringBackend) ResolveTokenAndDefaultMeta added in v1.16.100 

func (b *PeeringBackend) ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzCtx *acl.AuthorizerContext) (resolver.Result, error)

func (*PeeringBackend) SetLeaderAddress added in v1.16.100 

func (b *PeeringBackend) SetLeaderAddress(addr string)

SetLeaderAddress is called on a raft.LeaderObservation in a go routine in the consul server; see trackLeaderChanges()

func (*PeeringBackend) Store added in v1.16.100 

func (b *PeeringBackend) Store() peering.Store

func (*PeeringBackend) Subscribe added in v1.16.100 

func (s *PeeringBackend) Subscribe(req *stream.SubscribeRequest) (*stream.Subscription, error)

func (*PeeringBackend) ValidateProposedPeeringSecret added in v1.16.100 

func (b *PeeringBackend) ValidateProposedPeeringSecret(id string) (bool, error)

type PreparedQuery 

type PreparedQuery struct {
	// contains filtered or unexported fields
}

PreparedQuery manages the prepared query endpoint.

func (*PreparedQuery) Apply 

func (p *PreparedQuery) Apply(args *structs.PreparedQueryRequest, reply *string) (err error)

Apply is used to apply a modifying request to the data store. This should only be used for operations that modify the data. The ID of the session is returned in the reply.

func (*PreparedQuery) Execute 

func (p *PreparedQuery) Execute(args *structs.PreparedQueryExecuteRequest,
	reply *structs.PreparedQueryExecuteResponse) error

Execute runs a prepared query and returns the results. This will perform the failover logic if no local results are available. This is typically called as part of a DNS lookup, or when executing prepared queries from the HTTP API.

func (*PreparedQuery) ExecuteRemote 

func (p *PreparedQuery) ExecuteRemote(args *structs.PreparedQueryExecuteRemoteRequest,
	reply *structs.PreparedQueryExecuteResponse) error

ExecuteRemote is used when a local node doesn't have any instances of a service available and needs to probe remote DCs. This sends the full query over since the remote side won't have it in its state store, and this doesn't do the failover logic since that's already being run on the originating DC. We don't want things to fan out further than one level.

func (*PreparedQuery) Explain 

func (p *PreparedQuery) Explain(args *structs.PreparedQueryExecuteRequest,
	reply *structs.PreparedQueryExplainResponse) error

Explain resolves a prepared query and returns the (possibly rendered template) to the caller. This is useful for letting operators figure out which query is picking up a given name. We can also add additional info about how the query will be executed here.

func (*PreparedQuery) Get 

func (p *PreparedQuery) Get(args *structs.PreparedQuerySpecificRequest,
	reply *structs.IndexedPreparedQueries) error

Get returns a single prepared query by ID.

func (*PreparedQuery) List 

func (p *PreparedQuery) List(args *structs.DCSpecificRequest, reply *structs.IndexedPreparedQueries) error

List returns all the prepared queries.

type RPCConfig added in v1.16.100 

type RPCConfig struct {
	EnableStreaming bool
}

RPCConfig settings for the RPC server

TODO: move many settings to this struct.

type RaftBoltDBConfig added in v1.16.100 

type RaftBoltDBConfig struct {
	NoFreelistSync bool
}

type RaftLayer 

type RaftLayer struct {
	// contains filtered or unexported fields
}

RaftLayer implements the raft.StreamLayer interface, so that we can use a single RPC layer for Raft and Consul

func NewRaftLayer 

func NewRaftLayer(src, addr net.Addr, tlsWrap tlsutil.Wrapper, tlsFunc func(raft.ServerAddress) bool) *RaftLayer

NewRaftLayer is used to initialize a new RaftLayer which can be used as a StreamLayer for Raft. If a tlsConfig is provided, then the connection will use TLS.

func (*RaftLayer) Accept 

func (l *RaftLayer) Accept() (net.Conn, error)

Accept is used to return connection which are dialed to be used with the Raft layer

func (*RaftLayer) Addr 

func (l *RaftLayer) Addr() net.Addr

Addr is used to return the address of the listener

func (*RaftLayer) Close 

func (l *RaftLayer) Close() error

Close is used to stop listening for Raft connections

func (*RaftLayer) Dial 

func (l *RaftLayer) Dial(address raft.ServerAddress, timeout time.Duration) (net.Conn, error)

Dial is used to create a new outgoing connection

func (*RaftLayer) Handoff 

func (l *RaftLayer) Handoff(c net.Conn) error

Handoff is used to hand off a connection to the RaftLayer. This allows it to be Accept()'ed

type RaftLogStoreConfig added in v1.16.100 

type RaftLogStoreConfig struct {
	Backend         string
	DisableLogCache bool
	Verification    RaftLogStoreVerificationConfig
	BoltDB          RaftBoltDBConfig
	WAL             WALConfig
}

type RaftLogStoreVerificationConfig added in v1.16.100 

type RaftLogStoreVerificationConfig struct {
	Enabled  bool
	Interval time.Duration
}

type ReloadableConfig added in v1.16.100 

type ReloadableConfig struct {
	RequestLimits         *RequestLimits
	RPCClientTimeout      time.Duration
	RPCRateLimit          rate.Limit
	RPCMaxBurst           int
	RPCMaxConnsPerClient  int
	ConfigEntryBootstrap  []structs.ConfigEntry
	RaftSnapshotThreshold int
	RaftSnapshotInterval  time.Duration
	RaftTrailingLogs      int
	HeartbeatTimeout      time.Duration
	ElectionTimeout       time.Duration
	Reporting             Reporting
}

ReloadableConfig is the configuration that is passed to ReloadConfig when application config is reloaded.

type Replicator added in v1.16.100 

type Replicator struct {
	// contains filtered or unexported fields
}

func NewReplicator added in v1.16.100 

func NewReplicator(config *ReplicatorConfig) (*Replicator, error)

func (*Replicator) Index added in v1.16.100 

func (r *Replicator) Index() uint64

func (*Replicator) Run added in v1.16.100 

func (r *Replicator) Run(ctx context.Context) error

type ReplicatorConfig added in v1.16.100 

type ReplicatorConfig struct {
	// Name to be used in various logging
	Name string
	// Delegate to perform each round of replication
	Delegate ReplicatorDelegate
	// The number of replication rounds per second that are allowed
	Rate int
	// The number of replication rounds that can be done in a burst
	Burst int
	// Minimum number of RPC failures to ignore before backing off
	MinFailures uint
	// Maximum wait time between failing RPCs
	MaxRetryWait time.Duration
	// Where to send our logs
	Logger hclog.Logger
	// Function to use for determining if an error should be suppressed
	SuppressErrorLog func(err error) bool
}

type ReplicatorDelegate added in v1.16.100 

type ReplicatorDelegate interface {
	Replicate(ctx context.Context, lastRemoteIndex uint64, logger hclog.Logger) (index uint64, exit bool, err error)
	MetricName() string
}

type ReplicatorFunc added in v1.16.100 

type ReplicatorFunc func(ctx context.Context, lastRemoteIndex uint64, logger hclog.Logger) (index uint64, exit bool, err error)

type Reporting added in v1.16.100 

type Reporting struct {
	License License
}

type RequestLimits added in v1.16.100 

type RequestLimits struct {
	Mode      consulrate.Mode
	ReadRate  rate.Limit
	WriteRate rate.Limit
}

RequestLimits is configuration for serverrate limiting that is a part of ReloadableConfig.

type Server 

type Server struct {

	// acls is used to resolve tokens to effective policies
	*ACLResolver

	// Listener is used to listen for incoming connections
	Listener net.Listener

	// embedded struct to hold all the enterprise specific data
	EnterpriseServer
	// contains filtered or unexported fields
}

Server is Consul server which manages the service discovery, health checking, DC forwarding, Raft, and multiple Serf pools.

func NewServer 

func NewServer(config *Config, flat Deps, externalGRPCServer *grpc.Server, incomingRPCLimiter rpcRate.RequestLimitsHandler, serverLogger hclog.InterceptLogger) (*Server, error)

NewServer is used to construct a new Consul server from the configuration and extra options, potentially returning an error.

func (*Server) AgentEnterpriseMeta added in v1.16.100 

func (s *Server) AgentEnterpriseMeta() *acl.EnterpriseMeta

func (*Server) AgentLocalMember added in v1.16.100 

func (s *Server) AgentLocalMember() serf.Member

AgentLocalMember is used to retrieve the LAN member for the local node.

func (*Server) CheckServers added in v1.16.100 

func (s *Server) CheckServers(datacenter string, fn func(*metadata.Server) bool)

CheckServers implements the checkServersProvider interface for the Server

func (*Server) ConsistentRead added in v1.16.100 

func (s *Server) ConsistentRead() error

ConsistentRead is used to ensure we do not perform a stale read. This is done by verifying leadership before the read.

func (*Server) DatacenterSupportsFederationStates added in v1.16.100 

func (s *Server) DatacenterSupportsFederationStates() bool

func (*Server) DatacenterSupportsIntentionsAsConfigEntries added in v1.16.100 

func (s *Server) DatacenterSupportsIntentionsAsConfigEntries() bool

func (*Server) DecrementBlockingQueries added in v1.16.100 

func (s *Server) DecrementBlockingQueries() uint64

func (*Server) DoWithLANSerfs added in v1.16.100 

func (s *Server) DoWithLANSerfs(
	fn func(name, poolKind string, pool *serf.Serf) error,
	errorFn func(name, poolKind string, err error) error,
) error

func (*Server) FSM added in v1.16.100 

func (s *Server) FSM() *fsm.FSM

func (*Server) Flood 

func (s *Server) Flood(addrFn router.FloodAddrFn, dstSerf *serf.Serf)

Flood is a long-running goroutine that floods servers from the LAN to the given global Serf instance, such as the WAN. This will exit once either of the Serf instances are shut down.

func (*Server) FloodNotify 

func (s *Server) FloodNotify()

FloodNotify lets all the waiting Flood goroutines know that some change may have affected them.

func (*Server) ForwardGRPC added in v1.16.100 

func (s *Server) ForwardGRPC(connPool GRPCClientConner, info structs.RPCInfo, f func(*grpc.ClientConn) error) (handled bool, err error)

ForwardGRPC is used to potentially forward an RPC request to a remote DC or to the local leader depending upon the request.

Returns a bool of if forwarding was performed, as well as any error. If false is returned (with no error) it is assumed that the current server should handle the request.

func (*Server) ForwardRPC added in v1.16.100 

func (s *Server) ForwardRPC(method string, info structs.RPCInfo, reply interface{}) (bool, error)

ForwardRPC is used to potentially forward an RPC request to a remote DC or to the local leader depending upon the request.

Returns a bool of if forwarding was performed, as well as any error. If false is returned (with no error) it is assumed that the current server should handle the request.

func (*Server) GetLANCoordinate 

func (s *Server) GetLANCoordinate() (lib.CoordinateSet, error)

GetLANCoordinate returns the coordinate of the node in the LAN gossip pool.

  • Clients return a single coordinate for the single gossip pool they are in (default, segment, or partition).

  • Servers return one coordinate for their canonical gossip pool (i.e. default partition/segment) and one per segment they are also ancillary members of.

NOTE: servers do not emit coordinates for partitioned gossip pools they are ancillary members of.

NOTE: This assumes coordinates are enabled, so check that before calling.

func (*Server) GetMatchingLANCoordinate added in v1.16.100 

func (s *Server) GetMatchingLANCoordinate(_, _ string) (*coordinate.Coordinate, error)

func (*Server) GetPeeringBackend added in v1.16.100 

func (s *Server) GetPeeringBackend() peering.Backend

GetPeeringBackend is a test helper.

func (*Server) GetShutdownChannel added in v1.16.100 

func (s *Server) GetShutdownChannel() chan struct{}

func (*Server) GetState added in v1.16.100 

func (s *Server) GetState() *state.Store

func (*Server) GetSystemMetadata added in v1.16.100 

func (s *Server) GetSystemMetadata(key string) (string, error)

func (*Server) InPrimaryDatacenter added in v1.16.100 

func (s *Server) InPrimaryDatacenter() bool

func (*Server) IncrementBlockingQueries added in v1.16.100 

func (s *Server) IncrementBlockingQueries() uint64

func (*Server) IsLeader 

func (s *Server) IsLeader() bool

IsLeader checks if this server is the cluster leader

func (*Server) IsServer added in v1.16.100 

func (s *Server) IsServer(addr string) bool

IsServer checks if this addr is of a server

func (*Server) JoinLAN 

func (s *Server) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (int, error)

JoinLAN is used to have Consul join the inner-DC pool The target address should be another node inside the DC listening on the Serf LAN address

func (*Server) JoinWAN 

func (s *Server) JoinWAN(addrs []string) (int, error)

JoinWAN is used to have Consul join the cross-WAN Consul ring The target address should be another node listening on the Serf WAN address

func (*Server) KeyManagerLAN 

func (s *Server) KeyManagerLAN() *serf.KeyManager

KeyManagerLAN returns the LAN Serf keyring manager

func (*Server) KeyManagerWAN 

func (s *Server) KeyManagerWAN() *serf.KeyManager

KeyManagerWAN returns the WAN Serf keyring manager

func (*Server) LANMembers 

func (s *Server) LANMembers(filter LANMemberFilter) ([]serf.Member, error)

LANMembers returns the LAN members for one of:

- the requested partition - the requested segment - all segments

This is limited to segments and partitions that the node is a member of.

func (*Server) LANMembersInAgentPartition added in v1.16.100 

func (s *Server) LANMembersInAgentPartition() []serf.Member

LANMembersInAgentPartition returns the LAN members for this agent's canonical serf pool. For clients this is the only pool that exists. For servers it's the pool in the default segment and the default partition.

func (*Server) LANSegmentAddr added in v0.9.3 

func (s *Server) LANSegmentAddr(name string) string

LANSegmentAddr is used to return the address used for the given LAN segment.

func (*Server) LANSendUserEvent added in v1.16.100 

func (s *Server) LANSendUserEvent(name string, payload []byte, coalesce bool) error

func (*Server) LeaderLastContact added in v1.16.100 

func (s *Server) LeaderLastContact() time.Time

LeaderLastContact returns the time of last contact by a leader. This only makes sense if we are currently a follower.

func (*Server) Leave 

func (s *Server) Leave() error

Leave is used to prepare for a graceful shutdown.

func (*Server) LocalTokensEnabled added in v1.4.0 

func (s *Server) LocalTokensEnabled() bool

func (*Server) PickRandomMeshGatewaySuitableForDialing added in v1.16.100 

func (s *Server) PickRandomMeshGatewaySuitableForDialing(dc string) string

PickRandomMeshGatewaySuitableForDialing is a convenience function used for writing tests.

func (*Server) PrimaryGatewayFallbackAddresses added in v1.16.100 

func (s *Server) PrimaryGatewayFallbackAddresses() []string

PrimaryGatewayFallbackAddresses returns the current set of discovered fallback addresses for the mesh gateways in the primary datacenter.

func (*Server) PrimaryMeshGatewayAddressesReadyCh added in v1.16.100 

func (s *Server) PrimaryMeshGatewayAddressesReadyCh() <-chan struct{}

PrimaryMeshGatewayAddressesReadyCh returns a channel that will be closed when federation state replication ships back at least one primary mesh gateway (not via fallback config).

func (*Server) RPC 

func (s *Server) RPC(ctx context.Context, method string, args interface{}, reply interface{}) error

RPC is used to make a local RPC call

func (*Server) RPCQueryTimeout added in v1.16.100 

func (s *Server) RPCQueryTimeout(queryTimeout time.Duration) time.Duration

RPCQueryTimeout calculates the timeout for the query, ensures it is constrained to the configured limit, and adds jitter to prevent multiple blocking queries from all timing out at the same time.

func (*Server) RefreshPrimaryGatewayFallbackAddresses added in v1.16.100 

func (s *Server) RefreshPrimaryGatewayFallbackAddresses(addrs []string)

RefreshPrimaryGatewayFallbackAddresses is used to update the list of current fallback addresses for locating mesh gateways in the primary datacenter.

func (*Server) RegisterEndpoint 

func (s *Server) RegisterEndpoint(name string, handler interface{}) error

RegisterEndpoint is used to substitute an endpoint for testing.

func (*Server) ReloadConfig added in v1.2.0 

func (s *Server) ReloadConfig(config ReloadableConfig) error

ReloadConfig is used to have the Server do an online reload of relevant configuration information

func (*Server) RemoveFailedNode 

func (s *Server) RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error

RemoveFailedNode is used to remove a failed node from the cluster.

func (*Server) RemoveFailedNodeWAN added in v1.16.100 

func (s *Server) RemoveFailedNodeWAN(wanNode string, prune bool, entMeta *acl.EnterpriseMeta) error

RemoveFailedNodeWAN is used to remove a failed node from the WAN cluster.

func (*Server) ResolveIdentityFromToken added in v1.4.0 

func (s *Server) ResolveIdentityFromToken(token string) (bool, structs.ACLIdentity, error)

ResolveIdentityFromToken retrieves a token's full identity given its secretID. TODO: why does some code call this directly instead of using ACLResolver.ResolveTokenToIdentity ?

func (*Server) SetQueryMeta added in v1.16.100 

func (s *Server) SetQueryMeta(m blockingquery.ResponseMeta, token string)

SetQueryMeta is used to populate the QueryMeta data for an RPC call

Note: This method must be called *after* filtering query results with ACLs.

func (*Server) SetSystemMetadataKey added in v1.16.100 

func (s *Server) SetSystemMetadataKey(key, val string) error

func (*Server) Shutdown 

func (s *Server) Shutdown() error

Shutdown is used to shutdown the server

func (*Server) SnapshotRPC 

func (s *Server) SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer,
	replyFn structs.SnapshotReplyFn) error

SnapshotRPC dispatches the given snapshot request, reading from the streaming input and writing to the streaming output depending on the operation.

func (*Server) Stats 

func (s *Server) Stats() map[string]map[string]string

Stats is used to return statistics for debugging and insight for various sub-systems

func (*Server) WANMembers 

func (s *Server) WANMembers() []serf.Member

WANMembers is used to return the members of the WAN cluster

type ServerLookup added in v0.9.3 

type ServerLookup struct {
	// contains filtered or unexported fields
}

ServerLookup encapsulates looking up servers by id and address

func NewServerLookup added in v0.9.3 

func NewServerLookup() *ServerLookup

func (*ServerLookup) AddServer added in v0.9.3 

func (sl *ServerLookup) AddServer(server *metadata.Server)

func (*ServerLookup) CheckServers added in v1.16.100 

func (sl *ServerLookup) CheckServers(fn func(srv *metadata.Server) bool)

func (*ServerLookup) RemoveServer added in v0.9.3 

func (sl *ServerLookup) RemoveServer(server *metadata.Server)

func (*ServerLookup) Server added in v0.9.3 

func (sl *ServerLookup) Server(addr raft.ServerAddress) *metadata.Server

Server looks up the server by address, returns a boolean if not found

func (*ServerLookup) ServerAddr added in v0.9.3 

func (sl *ServerLookup) ServerAddr(id raft.ServerID) (raft.ServerAddress, error)

Implements the ServerAddressProvider interface

func (*ServerLookup) Servers added in v0.9.3 

func (sl *ServerLookup) Servers() []*metadata.Server

type ServerMetadata added in v1.16.100 

type ServerMetadata struct {
	// LastSeenUnix is the timestamp a server was last seen, in Unix format.
	LastSeenUnix int64 `json:"last_seen_unix"`
}

ServerMetadata represents specific metadata about a running server.

func ReadServerMetadata added in v1.16.100 

func ReadServerMetadata(filename string) (*ServerMetadata, error)

ReadServerMetadata is a helper function for reading the contents of a server metadata file and unmarshaling the data from JSON.

func (*ServerMetadata) IsLastSeenStale added in v1.16.100 

func (md *ServerMetadata) IsLastSeenStale(d time.Duration) bool

IsLastSeenStale checks whether the last seen timestamp is older than a given duration.

type ServerMetadataReadFunc added in v1.16.100 

type ServerMetadataReadFunc func(filename string) (*ServerMetadata, error)

type Session 

type Session struct {
	// contains filtered or unexported fields
}

Session endpoint is used to manipulate sessions for KV

func (*Session) Apply 

func (s *Session) Apply(args *structs.SessionRequest, reply *string) error

Apply is used to apply a modifying request to the data store. This should only be used for operations that modify the data

func (*Session) Get 

func (s *Session) Get(args *structs.SessionSpecificRequest,
	reply *structs.IndexedSessions) error

Get is used to retrieve a single session

func (*Session) List 

func (s *Session) List(args *structs.SessionSpecificRequest,
	reply *structs.IndexedSessions) error

List is used to list all the active sessions

func (*Session) NodeSessions 

func (s *Session) NodeSessions(args *structs.NodeSpecificRequest,
	reply *structs.IndexedSessions) error

NodeSessions is used to get all the sessions for a particular node

func (*Session) Renew 

func (s *Session) Renew(args *structs.SessionSpecificRequest,
	reply *structs.IndexedSessions) error

Renew is used to renew the TTL on a single session

type SessionTimers added in v0.9.0 

type SessionTimers struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

SessionTimers provides a map of named timers which is safe for concurrent use.

func NewSessionTimers added in v0.9.0 

func NewSessionTimers() *SessionTimers

func (*SessionTimers) Del added in v0.9.0 

func (t *SessionTimers) Del(id string)

Del removes the timer with the given id.

func (*SessionTimers) Get added in v0.9.0 

func (t *SessionTimers) Get(id string) *time.Timer

Get returns the timer with the given id or nil.

func (*SessionTimers) Len added in v0.9.0 

func (t *SessionTimers) Len() int

Len returns the number of registered timers.

func (*SessionTimers) ResetOrCreate added in v0.9.0 

func (t *SessionTimers) ResetOrCreate(id string, ttl time.Duration, afterFunc func())

ResetOrCreate sets the ttl of the timer with the given id or creates a new one if it does not exist.

func (*SessionTimers) Set added in v0.9.0 

func (t *SessionTimers) Set(id string, tm *time.Timer)

Set stores the timer under given id. If tm is nil the timer with the given id is removed.

func (*SessionTimers) Stop added in v0.9.0 

func (t *SessionTimers) Stop(id string)

Stop stops the timer with the given id and removes it.

func (*SessionTimers) StopAll added in v0.9.0 

func (t *SessionTimers) StopAll()

StopAll stops and removes all registered timers.

type StatsFetcher 

type StatsFetcher struct {
	// contains filtered or unexported fields
}

StatsFetcher has two functions for autopilot. First, lets us fetch all the stats in parallel so we are taking a sample as close to the same time as possible, since we are comparing time-sensitive info for the health check. Second, it bounds the time so that one slow RPC can't hold up the health check loop; as a side effect of how it implements this, it also limits to a single in-flight RPC to any given server, so goroutines don't accumulate as we run the health check fairly frequently.

func NewStatsFetcher 

func NewStatsFetcher(logger hclog.Logger, pool *pool.ConnPool, datacenter string) *StatsFetcher

NewStatsFetcher returns a stats fetcher.

func (*StatsFetcher) Fetch 

func (f *StatsFetcher) Fetch(ctx context.Context, servers map[raft.ServerID]*autopilot.Server) map[raft.ServerID]*autopilot.ServerStats

Fetch will attempt to query all the servers in parallel.

type Status 

type Status struct {
	// contains filtered or unexported fields
}

Status endpoint is used to check on server status

func (*Status) Leader 

func (s *Status) Leader(args *structs.DCSpecificRequest, reply *string) error

Leader is used to get the address of the leader

func (*Status) Peers 

func (s *Status) Peers(args *structs.DCSpecificRequest, reply *[]string) error

Peers is used to get all the Raft peers

func (*Status) Ping 

func (s *Status) Ping(args EmptyReadRequest, reply *struct{}) error

Ping is used to just check for connectivity

func (*Status) RaftStats 

func (s *Status) RaftStats(args EmptyReadRequest, reply *structs.RaftStats) error

RaftStats is used by Autopilot to query the raft stats of the local server.

type Txn 

type Txn struct {
	// contains filtered or unexported fields
}

Txn endpoint is used to perform multi-object atomic transactions.

func (*Txn) Apply 

func (t *Txn) Apply(args *structs.TxnRequest, reply *structs.TxnResponse) error

Apply is used to apply multiple operations in a single, atomic transaction.

func (*Txn) Read 

func (t *Txn) Read(args *structs.TxnReadRequest, reply *structs.TxnReadResponse) error

Read is used to perform a read-only transaction that doesn't modify the state store. This is much more scalable since it doesn't go through Raft and supports staleness, so this should be preferred if you're just performing reads.

type ValidateConfigUpdater added in v1.16.100 

type ValidateConfigUpdater interface {
	// ValidateConfigUpdate should return an error if the next configuration is
	// incompatible with the previous configuration.
	//
	// TODO: use better types after https://github.com/hernad/consul/issues/12238
	ValidateConfigUpdate(previous, next map[string]interface{}) error
}

ValidateConfigUpdater is an optional interface that may be implemented by a ca.Provider. If the provider implements this interface, the ValidateConfigurationUpdate will be called when a user attempts to change the CA configuration, and the provider type has not changed from the previous configuration.

type WALConfig added in v1.16.100 

type WALConfig struct {
	SegmentSize int
}

Source Files

View all Source files

Directories

Path Synopsis
awsauth
kubeauth
ssoauth
testauth
queue
Package rate implements server-side RPC rate limiting.
 Package rate implements server-side RPC rate limiting.
Package stream provides a publish/subscribe system for events produced by changes to the state store.
 Package stream provides a publish/subscribe system for events produced by changes to the state store.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.