consul

package
v0.0.0-...-ae3a0a2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 14, 2022 License: MPL-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ExamplePolicyID1 = "a7c86856-0af5-4ab5-8834-03f4517e5564"
	ExamplePolicyID2 = "ffa1b66c-967d-4468-8775-c687b5cfc16e"
	ExamplePolicyID3 = "f68f0c36-51f8-4343-97dd-f0d4816c915f"
	ExamplePolicyID4 = "1087ff34-b8a0-9bb3-9430-d2f758f52bd3"
)

Example Consul policies for use in tests.

View Source 
const (
	ExampleRoleID1 = "e569a3a8-7dfb-b024-e492-e790fe3c4183"
	ExampleRoleID2 = "88c825f4-d0da-1c2b-0c1c-cc9fe84c4468"
	ExampleRoleID3 = "b19b2058-6205-6dff-d2b0-470f29b8e627"
)

Example Consul roles for use in tests.

View Source 
const (
	ExampleOperatorTokenID0 = "de591604-86eb-1e6f-8b44-d4db752921ae"
	ExampleOperatorTokenID1 = "59c219c2-47e4-43f3-bb45-258fd13f59d5"
	ExampleOperatorTokenID2 = "868cc216-e123-4c2b-b362-f4d4c087de8e"
	ExampleOperatorTokenID3 = "6177d1b9-c0f6-4118-b891-d818a3cb80b1"
	ExampleOperatorTokenID4 = "754ae26c-f3cc-e088-d486-9c0d20f5eaea"
	ExampleOperatorTokenID5 = "097cbb45-506b-c79c-ec38-82eb0dc0794a"
)

Example Consul ACL tokens for use in tests. These tokens belong to the default Consul namespace.

View Source 
const (
	ExampleOperatorTokenID10 = "ddfe688f-655f-e8dd-1db5-5650eed00aeb"
	ExampleOperatorTokenID11 = "46d09394-598c-1e55-b7fd-64cd2f409707"
	ExampleOperatorTokenID12 = "a041cb88-0f4b-0314-89f6-10e1e093d2e5"
	ExampleOperatorTokenID13 = "cc22a583-243f-3258-14ad-db0e56749657"
	ExampleOperatorTokenID14 = "5b6d0508-13a6-4bc3-33a1-ba1941e1175b"
	ExampleOperatorTokenID15 = "e9db1754-c075-d0fc-0a7e-de1e9e7bff98"
)

Example Consul ACL tokens for use in tests that match the policies as the tokens above, but these belong to the "banana" Consul namespace.

View Source 
const (
	ExampleOperatorTokenID20 = "937b3287-557c-5af8-beb0-d62191988719"
	ExampleOperatorTokenID21 = "067fd927-abfb-d98f-b693-bb05dccea565"
	ExampleOperatorTokenID22 = "71f8030f-f6bd-6157-6614-ba6a0bbfba9f"
	ExampleOperatorTokenID23 = "1dfd2982-b7a1-89ec-09b4-74712983d13c"
	ExampleOperatorTokenID24 = "d26dbc2a-d5d8-e3d9-8a38-e05dec499124"
	ExampleOperatorTokenID25 = "dd5a8eef-554c-a1f9-fdb8-f25eb77258bc"
)

Example Consul ACL tokens for use in tests that match the policies as the tokens above, but these belong to the "default" Consul namespace.

View Source 
const (

	// DefaultQueryWaitDuration is the max duration the Consul Agent will
	// spend waiting for a response from a Consul Query.
	DefaultQueryWaitDuration = 2 * time.Second

	// ServiceTagHTTP is the tag assigned to HTTP services
	ServiceTagHTTP = "http"

	// ServiceTagRPC is the tag assigned to RPC services
	ServiceTagRPC = "rpc"

	// ServiceTagSerf is the tag assigned to Serf services
	ServiceTagSerf = "serf"
)

Variables

View Source 
var (
	ExampleOperatorToken0 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID0,
		AccessorID:  "228865c6-3bf6-6683-df03-06dea2779088 ",
		Description: "Operator Token 0",
		Namespace:   "",
	}

	ExampleOperatorToken1 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID1,
		AccessorID:  "e341bacd-535e-417c-8f45-f88d7faffcaf",
		Description: "Operator Token 1",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID1,
		}},
		Namespace: "",
	}

	ExampleOperatorToken2 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID2,
		AccessorID:  "615b4d77-5164-4ec6-b616-24c0b24ac9cb",
		Description: "Operator Token 2",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID2,
		}},
		Namespace: "",
	}

	ExampleOperatorToken3 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID3,
		AccessorID:  "6b7de0d7-15f7-45b4-95eb-fb775bfe3fdc",
		Description: "Operator Token 3",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID3,
		}},
		Namespace: "",
	}

	ExampleOperatorToken4 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID4,
		AccessorID:  "7b5fdb1a-71e5-f3d8-2cfe-448d973f327d",
		Description: "Operator Token 4",
		Policies:    nil,
		Roles: []*api.ACLTokenRoleLink{{
			ID:   ExampleRoleID1,
			Name: "example-role-1",
		}},
		Namespace: "",
	}

	ExampleOperatorToken5 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID5,
		AccessorID:  "cf39aad5-00c3-af23-cf0b-75d41e12f28d",
		Description: "Operator Token 5",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID4,
		}},
		Namespace: "",
	}

	ExampleOperatorToken10 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID10,
		AccessorID:  "76a2c3b5-5d64-9089-f701-660eec2d3554",
		Description: "Operator Token 0",
		Namespace:   "banana",
	}

	ExampleOperatorToken11 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID11,
		AccessorID:  "40f2a36a-0a65-1972-106c-b2e5dd46d6e8",
		Description: "Operator Token 1",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID1,
		}},
		Namespace: "banana",
	}

	ExampleOperatorToken12 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID12,
		AccessorID:  "894f2c5c-b285-71bf-4acb-6344cecf71f3",
		Description: "Operator Token 2",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID2,
		}},
		Namespace: "banana",
	}

	ExampleOperatorToken13 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID13,
		AccessorID:  "2a81ec0b-692e-845e-f5b8-c33c05e5af22",
		Description: "Operator Token 3",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID3,
		}},
		Namespace: "banana",
	}

	ExampleOperatorToken14 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID14,
		AccessorID:  "4273f1cc-5626-7a77-dc65-1f24af035ed5d",
		Description: "Operator Token 4",
		Policies:    nil,
		Roles: []*api.ACLTokenRoleLink{{
			ID:   ExampleRoleID1,
			Name: "example-role-1",
		}},
		Namespace: "banana",
	}

	ExampleOperatorToken15 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID15,
		AccessorID:  "5b78e186-87d8-c1ad-966f-f5fa87b05c9a",
		Description: "Operator Token 5",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID4,
		}},
		Namespace: "banana",
	}

	ExampleOperatorToken20 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID20,
		AccessorID:  "228865c6-3bf6-6683-df03-06dea2779088",
		Description: "Operator Token 0",

		Namespace: "default",
	}

	ExampleOperatorToken21 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID21,
		AccessorID:  "54d01af9-5036-31d3-296b-b15b941d7aa2",
		Description: "Operator Token 1",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID1,
		}},

		Namespace: "default",
	}

	ExampleOperatorToken22 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID22,
		AccessorID:  "894f2c5c-b285-71bf-4acb-6344cecf71f3",
		Description: "Operator Token 2",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID2,
		}},
		Namespace: "default",
	}

	ExampleOperatorToken23 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID23,
		AccessorID:  "2a81ec0b-692e-845e-f5b8-c33c05e5af22",
		Description: "Operator Token 3",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID3,
		}},
		Namespace: "default",
	}

	ExampleOperatorToken24 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID24,
		AccessorID:  "4273f1cc-5626-7a77-dc65-1f24af035ed5d",
		Description: "Operator Token 4",
		Policies:    nil,
		Roles: []*api.ACLTokenRoleLink{{
			ID:   ExampleRoleID1,
			Name: "example-role-1",
		}},
		Namespace: "default",
	}

	ExampleOperatorToken25 = &api.ACLToken{
		SecretID:    ExampleOperatorTokenID25,
		AccessorID:  "5b78e186-87d8-c1ad-966f-f5fa87b05c9a",
		Description: "Operator Token 5",
		Policies: []*api.ACLTokenPolicyLink{{
			ID: ExamplePolicyID4,
		}},
		Namespace: "default",
	}
)

Functions

func BuildAllocServices 

func BuildAllocServices(
	node *structs.Node, alloc *structs.Allocation, restarter serviceregistration.WorkloadRestarter) *serviceregistration.WorkloadServices

func MakeCheckID 

func MakeCheckID(serviceID string, check *structs.ServiceCheck) string

MakeCheckID creates a unique ID for a check. 

Example Check ID: _nomad-check-434ae42f9a57c5705344974ac38de2aee0ee089d

func Namespaces 

func Namespaces(info Self) bool

Namespaces returns true if the "Namespaces" feature is enabled in Consul, and false otherwise. Consul OSS will always return false, and Consul ENT will return false if the license file does not contain the necessary feature.

func NoopRestarter 

func NoopRestarter() serviceregistration.WorkloadRestarter

func SKU 

func SKU(info Self) (string, bool)

Types

type ACLsAPI 

type ACLsAPI interface {
	TokenReadSelf(q *api.QueryOptions) (*api.ACLToken, *api.QueryMeta, error) // for lookup via operator token
	PolicyRead(policyID string, q *api.QueryOptions) (*api.ACLPolicy, *api.QueryMeta, error)
	RoleRead(roleID string, q *api.QueryOptions) (*api.ACLRole, *api.QueryMeta, error)
	TokenCreate(partial *api.ACLToken, q *api.WriteOptions) (*api.ACLToken, *api.WriteMeta, error)
	TokenDelete(accessorID string, q *api.WriteOptions) (*api.WriteMeta, error)
	TokenList(q *api.QueryOptions) ([]*api.ACLTokenListEntry, *api.QueryMeta, error)
}

ACLsAPI is the consul/api.ACL API subset used by Nomad Server.

ACL requirements - acl:write (server only)

type AgentAPI 

type AgentAPI interface {
	CheckRegister(check *api.AgentCheckRegistration) error
	CheckDeregisterOpts(checkID string, q *api.QueryOptions) error
	ChecksWithFilterOpts(filter string, q *api.QueryOptions) (map[string]*api.AgentCheck, error)
	UpdateTTLOpts(id, output, status string, q *api.QueryOptions) error

	ServiceRegister(service *api.AgentServiceRegistration) error
	ServiceDeregisterOpts(serviceID string, q *api.QueryOptions) error
	ServicesWithFilterOpts(filter string, q *api.QueryOptions) (map[string]*api.AgentService, error)

	Self() (map[string]map[string]interface{}, error)
}

AgentAPI is the consul/api.Agent API used by Nomad.

ACL requirements - agent:read - service:write

type CatalogAPI 

type CatalogAPI interface {
	Datacenters() ([]string, error)
	Service(service, tag string, q *api.QueryOptions) ([]*api.CatalogService, *api.QueryMeta, error)
}

CatalogAPI is the consul/api.Catalog API used by Nomad.

ACL requirements - node:read (listing datacenters) - service:read

type ConfigAPI 

type ConfigAPI interface {
	Set(entry api.ConfigEntry, w *api.WriteOptions) (bool, *api.WriteMeta, error)
}

ConfigAPI is the consul/api.ConfigEntries API subset used by Nomad Server.

ACL requirements - operator:write (server only)

type ConnectProxies 

type ConnectProxies struct {
	// contains filtered or unexported fields
}

ConnectProxies implements SupportedProxiesAPI by using the Consul Agent API.

func NewConnectProxiesClient 

func NewConnectProxiesClient(agentAPI AgentAPI) *ConnectProxies

func (*ConnectProxies) Proxies 

func (c *ConnectProxies) Proxies() (map[string][]string, error)

Proxies returns a map of the supported proxies. The proxies are sorted from Consul with the most preferred version as the 0th element.

If Consul is of a version that does not support the API, a nil map is returned with no error.

If Consul cannot be reached an error is returned.

type Features 

type Features struct {
	Enterprise bool
	Namespaces bool
}

type MockACLsAPI 

type MockACLsAPI struct {
	// contains filtered or unexported fields
}

MockACLsAPI is a mock of consul.ACLsAPI

func NewMockACLsAPI 

func NewMockACLsAPI(l hclog.Logger) *MockACLsAPI

func (*MockACLsAPI) PolicyRead 

func (m *MockACLsAPI) PolicyRead(policyID string, _ *api.QueryOptions) (*api.ACLPolicy, *api.QueryMeta, error)

func (*MockACLsAPI) RoleRead 

func (m *MockACLsAPI) RoleRead(roleID string, _ *api.QueryOptions) (*api.ACLRole, *api.QueryMeta, error)

func (*MockACLsAPI) SetError 

func (m *MockACLsAPI) SetError(err error)

SetError is a helper method for configuring an error that will be returned on future calls to mocked methods.

func (*MockACLsAPI) TokenCreate 

func (m *MockACLsAPI) TokenCreate(token *api.ACLToken, opts *api.WriteOptions) (*api.ACLToken, *api.WriteMeta, error)

TokenCreate is a mock of ACLsAPI.TokenCreate

func (*MockACLsAPI) TokenDelete 

func (m *MockACLsAPI) TokenDelete(accessorID string, opts *api.WriteOptions) (*api.WriteMeta, error)

TokenDelete is a mock of ACLsAPI.TokenDelete

func (*MockACLsAPI) TokenList 

func (m *MockACLsAPI) TokenList(_ *api.QueryOptions) ([]*api.ACLTokenListEntry, *api.QueryMeta, error)

TokenList is a mock of ACLsAPI.TokenList

func (*MockACLsAPI) TokenReadSelf 

func (m *MockACLsAPI) TokenReadSelf(q *api.QueryOptions) (*api.ACLToken, *api.QueryMeta, error)

type MockAgent 

type MockAgent struct {
	// contains filtered or unexported fields
}

MockAgent is a fake in-memory Consul backend for ServiceClient.

func NewMockAgent 

func NewMockAgent(f Features) *MockAgent

NewMockAgent that returns all checks as passing.

func (*MockAgent) CheckDeregisterOpts 

func (c *MockAgent) CheckDeregisterOpts(checkID string, q *api.QueryOptions) error

CheckDeregisterOpts implements AgentAPI

func (*MockAgent) CheckRegister 

func (c *MockAgent) CheckRegister(check *api.AgentCheckRegistration) error

CheckRegister implements AgentAPI

func (*MockAgent) CheckRegs 

func (c *MockAgent) CheckRegs() []*api.AgentCheckRegistration

CheckRegs returns the raw AgentCheckRegistrations registered with this mock agent, across all namespaces.

func (*MockAgent) ChecksWithFilterOpts 

func (c *MockAgent) ChecksWithFilterOpts(_ string, q *api.QueryOptions) (map[string]*api.AgentCheck, error)

ChecksWithFilterOpts implements AgentAPI

func (*MockAgent) Self 

func (c *MockAgent) Self() (map[string]map[string]interface{}, error)

func (*MockAgent) ServiceDeregisterOpts 

func (c *MockAgent) ServiceDeregisterOpts(serviceID string, q *api.QueryOptions) error

ServiceDeregisterOpts implements AgentAPI

func (*MockAgent) ServiceRegister 

func (c *MockAgent) ServiceRegister(service *api.AgentServiceRegistration) error

ServiceRegister implements AgentAPI

func (*MockAgent) ServicesWithFilterOpts 

func (c *MockAgent) ServicesWithFilterOpts(_ string, q *api.QueryOptions) (map[string]*api.AgentService, error)

ServicesWithFilterOpts implements AgentAPI

func (*MockAgent) SetStatus 

func (c *MockAgent) SetStatus(s string) string

SetStatus that Checks() should return. Returns old status value.

func (*MockAgent) UpdateTTLOpts 

func (c *MockAgent) UpdateTTLOpts(id string, output string, status string, q *api.QueryOptions) error

UpdateTTLOpts implements AgentAPI

type MockCatalog 

type MockCatalog struct {
	// contains filtered or unexported fields
}

MockCatalog can be used for testing where the CatalogAPI is needed.

func NewMockCatalog 

func NewMockCatalog(l hclog.Logger) *MockCatalog

func (*MockCatalog) Datacenters 

func (m *MockCatalog) Datacenters() ([]string, error)

func (*MockCatalog) Service 

func (m *MockCatalog) Service(service, tag string, q *api.QueryOptions) ([]*api.CatalogService, *api.QueryMeta, error)

type MockConfigsAPI 

type MockConfigsAPI struct {
	// contains filtered or unexported fields
}

func NewMockConfigsAPI 

func NewMockConfigsAPI(l hclog.Logger) *MockConfigsAPI

func (*MockConfigsAPI) Set 

func (m *MockConfigsAPI) Set(entry api.ConfigEntry, w *api.WriteOptions) (bool, *api.WriteMeta, error)

Set is a mock of ConfigAPI.Set

func (*MockConfigsAPI) SetError 

func (m *MockConfigsAPI) SetError(err error)

SetError is a helper method for configuring an error that will be returned on future calls to mocked methods.

type MockNamespaces 

type MockNamespaces struct {
	// contains filtered or unexported fields
}

MockNamespaces is a mock implementation of NamespaceAPI.

func NewMockNamespaces 

func NewMockNamespaces(namespaces []string) *MockNamespaces

NewMockNamespaces creates a MockNamespaces with the given namespaces, and will automatically add the "default" namespace if not included.

func (*MockNamespaces) List 

func (m *MockNamespaces) List(*api.QueryOptions) ([]*api.Namespace, *api.QueryMeta, error)

List implements NamespaceAPI

type MockSupportedProxiesAPI 

type MockSupportedProxiesAPI struct {
	Value map[string][]string
	Error error
}

ConnectProxies implements SupportedProxiesAPI by mocking the Consul Agent API.

func (MockSupportedProxiesAPI) Proxies 

func (m MockSupportedProxiesAPI) Proxies() (map[string][]string, error)

type NamespaceAPI 

type NamespaceAPI interface {
	List(q *api.QueryOptions) ([]*api.Namespace, *api.QueryMeta, error)
}

NamespaceAPI is the consul/api.Namespace API used by Nomad.

ACL requirements - operator:read OR namespace:*:read

type NamespacesClient 

type NamespacesClient struct {
	// contains filtered or unexported fields
}

NamespacesClient is a wrapper for the Consul NamespacesAPI, that is used to deal with Consul OSS vs Consul Enterprise behavior in listing namespaces.

func NewNamespacesClient 

func NewNamespacesClient(namespacesAPI NamespaceAPI, agentAPI AgentAPI) *NamespacesClient

NewNamespacesClient returns a NamespacesClient backed by a NamespaceAPI.

func (*NamespacesClient) List 

func (ns *NamespacesClient) List() ([]string, error)

List returns a list of Consul Namespaces.

type Self 

type Self = map[string]map[string]interface{}

Self represents the response body from Consul /v1/agent/self API endpoint. Care must always be taken to do type checks when casting, as structure could potentially change over time.

type ServiceClient 

type ServiceClient struct {
	// contains filtered or unexported fields
}

ServiceClient handles task and agent service registration with Consul.

func NewServiceClient 

func NewServiceClient(agentAPI AgentAPI, namespacesClient *NamespacesClient, logger hclog.Logger, isNomadClient bool) *ServiceClient

NewServiceClient creates a new Consul ServiceClient from an existing Consul API Client, logger and takes whether the client is being used by a Nomad Client agent. When being used by a Nomad client, this Consul client reconciles all services and checks created by Nomad on behalf of running tasks.

func (*ServiceClient) AllocRegistrations 

func (c *ServiceClient) AllocRegistrations(allocID string) (*serviceregistration.AllocRegistration, error)

AllocRegistrations returns the registrations for the given allocation. If the allocation has no registrations, the response is a nil object.

func (*ServiceClient) RegisterAgent 

func (c *ServiceClient) RegisterAgent(role string, services []*structs.Service) error

RegisterAgent registers Nomad agents (client or server). The Service.PortLabel should be a literal port to be parsed with SplitHostPort. Script checks are not supported and will return an error. Registration is asynchronous.

Agents will be deregistered when Shutdown is called.

Note: no need to manually plumb Consul namespace into the agent service registration or its check registrations, because the Nomad Client's Consul Client will already have the Nomad Client's Consul Namespace set on startup.

func (*ServiceClient) RegisterWorkload 

func (c *ServiceClient) RegisterWorkload(workload *serviceregistration.WorkloadServices) error

RegisterWorkload with Consul. Adds all service entries and checks to Consul.

If the service IP is set it used as the address in the service registration. Checks will always use the IP from the Task struct (host's IP).

Actual communication with Consul is done asynchronously (see Run).

func (*ServiceClient) RemoveWorkload 

func (c *ServiceClient) RemoveWorkload(workload *serviceregistration.WorkloadServices)

RemoveWorkload from Consul. Removes all service entries and checks.

Actual communication with Consul is done asynchronously (see Run).

func (*ServiceClient) Run 

func (c *ServiceClient) Run()

Run the Consul main loop which retries operations against Consul. It should be called exactly once.

func (*ServiceClient) Shutdown 

func (c *ServiceClient) Shutdown() error

Shutdown the Consul client. Update running task registrations and deregister agent from Consul. On first call blocks up to shutdownWait before giving up on syncing operations.

func (*ServiceClient) UpdateTTL 

func (c *ServiceClient) UpdateTTL(id, namespace, output, status string) error

UpdateTTL is used to update the TTL of a check. Typically this will only be called to heartbeat script checks.

func (*ServiceClient) UpdateWorkload 

func (c *ServiceClient) UpdateWorkload(old, newWorkload *serviceregistration.WorkloadServices) error

UpdateWorkload in Consul. Does not alter the service if only checks have changed.

DriverNetwork must not change between invocations for the same allocation.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.