state

package
v1.16.109 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 14, 2023 License: MPL-2.0 Imports: 34 Imported by: 0

Documentation

Index

Constants

View Source
const (
	NoChange uniqueServiceState = 0
	Deleted  uniqueServiceState = 1
	Created  uniqueServiceState = 2
)
View Source
const EventTopicCARoots stream.StringTopic = "CARoots"

EventTopicCARoots is the streaming topic to which events will be published when the list of active CA Roots changes. Each event payload contains the full list of roots.

Note: topics are ordinarily defined in subscribe.proto, but this one isn't currently available via the Subscribe endpoint.

Variables

View Source
var (
	EventTopicServiceHealth        = pbsubscribe.Topic_ServiceHealth
	EventTopicServiceHealthConnect = pbsubscribe.Topic_ServiceHealthConnect
	EventTopicMeshConfig           = pbsubscribe.Topic_MeshConfig
	EventTopicServiceResolver      = pbsubscribe.Topic_ServiceResolver
	EventTopicIngressGateway       = pbsubscribe.Topic_IngressGateway
	EventTopicServiceIntentions    = pbsubscribe.Topic_ServiceIntentions
	EventTopicServiceDefaults      = pbsubscribe.Topic_ServiceDefaults
	EventTopicServiceList          = pbsubscribe.Topic_ServiceList
	EventTopicAPIGateway           = pbsubscribe.Topic_APIGateway
	EventTopicTCPRoute             = pbsubscribe.Topic_TCPRoute
	EventTopicHTTPRoute            = pbsubscribe.Topic_HTTPRoute
	EventTopicInlineCertificate    = pbsubscribe.Topic_InlineCertificate
	EventTopicBoundAPIGateway      = pbsubscribe.Topic_BoundAPIGateway
	EventTopicIPRateLimit          = pbsubscribe.Topic_IPRateLimit
	EventTopicSamenessGroup        = pbsubscribe.Topic_SamenessGroup
	EventTopicJWTProvider          = pbsubscribe.Topic_JWTProvider
)
View Source
var (
	// ErrMissingNode is the error returned when trying an operation
	// which requires a node registration but none exists.
	ErrMissingNode = errors.New("Missing node registration")

	// ErrMissingService is the error we return if trying an
	// operation which requires a service but none exists.
	ErrMissingService = errors.New("Missing service registration")

	// ErrMissingSessionID is returned when a session registration
	// is attempted with an empty session ID.
	ErrMissingSessionID = errors.New("Missing session ID")

	// ErrMissingACLTokenSecret is returned when a token set is called on a
	// token with an empty SecretID.
	ErrMissingACLTokenSecret = errors.New("Missing ACL Token SecretID")

	// ErrMissingACLTokenAccessor is returned when a token set is called on a
	// token with an empty AccessorID.
	ErrMissingACLTokenAccessor = errors.New("Missing ACL Token AccessorID")

	// ErrTokenHasNoPrivileges is returned when a token set is called on a
	// token with no policies, roles, or service identities and the caller
	// requires at least one to be set.
	ErrTokenHasNoPrivileges = errors.New("Token has no privileges")

	// ErrMissingACLPolicyID is returned when a policy set is called on a
	// policy with an empty ID.
	ErrMissingACLPolicyID = errors.New("Missing ACL Policy ID")

	// ErrMissingACLPolicyName is returned when a policy set is called on a
	// policy with an empty Name.
	ErrMissingACLPolicyName = errors.New("Missing ACL Policy Name")

	// ErrMissingACLRoleID is returned when a role set is called on
	// a role with an empty ID.
	ErrMissingACLRoleID = errors.New("Missing ACL Role ID")

	// ErrMissingACLRoleName is returned when a role set is called on
	// a role with an empty Name.
	ErrMissingACLRoleName = errors.New("Missing ACL Role Name")

	// ErrMissingACLBindingRuleID is returned when a binding rule set
	// is called on a binding rule with an empty ID.
	ErrMissingACLBindingRuleID = errors.New("Missing ACL Binding Rule ID")

	// ErrMissingACLBindingRuleAuthMethod is returned when a binding rule set
	// is called on a binding rule with an empty AuthMethod.
	ErrMissingACLBindingRuleAuthMethod = errors.New("Missing ACL Binding Rule Auth Method")

	// ErrMissingACLAuthMethodName is returned when an auth method set is
	// called on an auth method with an empty Name.
	ErrMissingACLAuthMethodName = errors.New("Missing ACL Auth Method Name")

	// ErrMissingACLAuthMethodType is returned when an auth method set is
	// called on an auth method with an empty Type.
	ErrMissingACLAuthMethodType = errors.New("Missing ACL Auth Method Type")

	// ErrMissingQueryID is returned when a Query set is called on
	// a Query with an empty ID.
	ErrMissingQueryID = errors.New("Missing Query ID")

	// ErrMissingCARootID is returned when an CARoot set is called
	// with an CARoot with an empty ID.
	ErrMissingCARootID = errors.New("Missing CA Root ID")

	// ErrMissingIntentionID is returned when an Intention set is called
	// with an Intention with an empty ID.
	ErrMissingIntentionID = errors.New("Missing Intention ID")
)
View Source
var ErrLegacyIntentionsAreDisabled = errors.New("Legacy intention modifications are disabled after the config entry migration.")
View Source
var (
	ErrNodeNotFound = errors.New("node not found")
)

Functions

func ConfigEntryEventsFromChanges added in v1.16.100

func ConfigEntryEventsFromChanges(tx ReadTxn, changes Changes) ([]stream.Event, error)

ConfigEntryEventsFromChanges returns events that will be emitted when config entries change in the state store.

func GatewayServiceKind added in v1.16.100

func GatewayServiceKind(tx ReadTxn, name string, entMeta *acl.EnterpriseMeta) (structs.GatewayServiceKind, error)

func PBToStreamSubscribeRequest added in v1.16.100

func PBToStreamSubscribeRequest(req *pbsubscribe.SubscribeRequest, entMeta acl.EnterpriseMeta) (*stream.SubscribeRequest, error)

PBToStreamSubscribeRequest takes a protobuf subscribe request and enterprise metadata to properly generate the matching stream subscribe request.

func ServiceHealthEventsFromChanges added in v1.16.100

func ServiceHealthEventsFromChanges(tx ReadTxn, changes Changes) ([]stream.Event, error)

ServiceHealthEventsFromChanges returns all the service and Connect health events that should be emitted given a set of changes to the state store.

func ServiceListUpdateEventsFromChanges added in v1.16.100

func ServiceListUpdateEventsFromChanges(tx ReadTxn, changes Changes) ([]stream.Event, error)

ServiceListUpdateEventsFromChanges returns events representing changes to the list of services from the given set of state store changes.

Types

type ACLTokenSetOptions added in v1.16.100

type ACLTokenSetOptions struct {
	CAS                          bool
	AllowMissingPolicyAndRoleIDs bool
	ProhibitUnprivileged         bool
	FromReplication              bool
}

type AbortTxn added in v1.16.100

type AbortTxn interface {
	ReadTxn
	Abort()
}

AbortTxn is a ReadTxn that can also be aborted to end the transaction.

type AuthMethodQuery added in v1.16.100

type AuthMethodQuery struct {
	Value             string
	AuthMethodEntMeta acl.EnterpriseMeta
	acl.EnterpriseMeta
}

func (AuthMethodQuery) NamespaceOrDefault added in v1.16.100

func (q AuthMethodQuery) NamespaceOrDefault() string

NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (AuthMethodQuery) PartitionOrDefault added in v1.16.100

func (q AuthMethodQuery) PartitionOrDefault() string

PartitionOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

type BoolQuery added in v1.16.100

type BoolQuery struct {
	Value bool
	acl.EnterpriseMeta
}

BoolQuery is a type used to query a boolean condition that may include an enterprise identifier.

func (BoolQuery) NamespaceOrDefault added in v1.16.100

func (q BoolQuery) NamespaceOrDefault() string

NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (BoolQuery) PartitionOrDefault added in v1.16.100

func (q BoolQuery) PartitionOrDefault() string

PartitionOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

type Changes added in v1.16.100

type Changes struct {
	// Index is the latest index at the time these changes were committed.
	Index   uint64
	Changes memdb.Changes
}

Changes wraps a memdb.Changes to include the index at which these changes were made.

type CheckIDIndex added in v1.16.100

type CheckIDIndex struct {
}

func (*CheckIDIndex) FromArgs added in v1.16.100

func (index *CheckIDIndex) FromArgs(args ...interface{}) ([]byte, error)

func (*CheckIDIndex) FromObject added in v1.16.100

func (index *CheckIDIndex) FromObject(obj interface{}) (bool, []byte, error)

func (*CheckIDIndex) PrefixFromArgs added in v1.16.100

func (index *CheckIDIndex) PrefixFromArgs(args ...interface{}) ([]byte, error)

type ConfigEntryKindQuery added in v1.16.100

type ConfigEntryKindQuery struct {
	Kind string
	acl.EnterpriseMeta
}

ConfigEntryKindQuery is used to lookup config entries by their kind.

func (ConfigEntryKindQuery) NamespaceOrDefault added in v1.16.100

func (q ConfigEntryKindQuery) NamespaceOrDefault() string

NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (ConfigEntryKindQuery) PartitionOrDefault added in v1.16.100

func (q ConfigEntryKindQuery) PartitionOrDefault() string

PartitionOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

type ConfigEntryLinkIndex added in v1.16.100

type ConfigEntryLinkIndex struct {
}

func (*ConfigEntryLinkIndex) FromArgs added in v1.16.100

func (s *ConfigEntryLinkIndex) FromArgs(args ...interface{}) ([]byte, error)

func (*ConfigEntryLinkIndex) FromObject added in v1.16.100

func (s *ConfigEntryLinkIndex) FromObject(obj interface{}) (bool, [][]byte, error)

func (*ConfigEntryLinkIndex) PrefixFromArgs added in v1.16.100

func (s *ConfigEntryLinkIndex) PrefixFromArgs(args ...interface{}) ([]byte, error)

type ConfigEntryUsage added in v1.16.100

type ConfigEntryUsage struct {
	ConfigByKind map[string]int
	EnterpriseConfigEntryUsage
}

type CoordinateQuery added in v1.16.100

type CoordinateQuery struct {
	Node      string
	Segment   string
	Partition string
}

func (CoordinateQuery) PartitionOrDefault added in v1.16.100

func (c CoordinateQuery) PartitionOrDefault() string

type Delay

type Delay struct {
	// contains filtered or unexported fields
}

Delay is used to mark certain locks as unacquirable. When a lock is forcefully released (failing health check, destroyed session, etc.), it is subject to the LockDelay imposed by the session. This prevents another session from acquiring the lock for some period of time as a protection against split-brains. This is inspired by the lock-delay in Chubby. Because this relies on wall-time, we cannot assume all peers perceive time as flowing uniformly. This means KVSLock MUST ignore lockDelay, since the lockDelay may have expired on the leader, but not on the follower. Rejecting the lock could result in inconsistencies in the FSMs due to the rate time progresses. Instead, only the opinion of the leader is respected, and the Raft log is never questioned.

func NewDelay

func NewDelay() *Delay

NewDelay returns a new delay manager.

func (*Delay) GetExpiration

func (d *Delay) GetExpiration(key string, entMeta *acl.EnterpriseMeta) time.Time

GetExpiration returns the expiration time of a key lock delay. This must be checked on the leader node, and not in KVSLock due to the variability of clocks.

func (*Delay) SetExpiration

func (d *Delay) SetExpiration(key string, now time.Time, delay time.Duration, entMeta *acl.EnterpriseMeta)

SetExpiration sets the expiration time for the lock delay to the given delay from the given now time.

type EnterpriseConfigEntryUsage added in v1.16.100

type EnterpriseConfigEntryUsage struct{}

type EnterpriseKVUsage added in v1.16.100

type EnterpriseKVUsage struct{}

type EnterpriseNodeUsage added in v1.16.100

type EnterpriseNodeUsage struct{}

type EnterprisePeeringUsage added in v1.16.100

type EnterprisePeeringUsage struct{}

type EnterpriseServiceUsage added in v1.16.100

type EnterpriseServiceUsage struct{}

type EventPayloadCARoots added in v1.16.100

type EventPayloadCARoots struct {
	CARoots structs.CARoots
}

func (EventPayloadCARoots) HasReadPermission added in v1.16.100

func (e EventPayloadCARoots) HasReadPermission(authz acl.Authorizer) bool

func (EventPayloadCARoots) Subject added in v1.16.100

func (e EventPayloadCARoots) Subject() stream.Subject

func (EventPayloadCARoots) ToSubscriptionEvent added in v1.16.100

func (e EventPayloadCARoots) ToSubscriptionEvent(idx uint64) *pbsubscribe.Event

type EventPayloadCheckServiceNode added in v1.16.100

type EventPayloadCheckServiceNode struct {
	Op    pbsubscribe.CatalogOp
	Value *structs.CheckServiceNode
	// contains filtered or unexported fields
}

EventPayloadCheckServiceNode is used as the Payload for a stream.Event to indicates changes to a CheckServiceNode for service health.

The stream.Payload methods implemented by EventPayloadCheckServiceNode are do not mutate the payload, making it safe to use in an Event sent to stream.EventPublisher.Publish.

func (EventPayloadCheckServiceNode) HasReadPermission added in v1.16.100

func (e EventPayloadCheckServiceNode) HasReadPermission(authz acl.Authorizer) bool

func (EventPayloadCheckServiceNode) Subject added in v1.16.100

func (EventPayloadCheckServiceNode) ToSubscriptionEvent added in v1.16.100

func (e EventPayloadCheckServiceNode) ToSubscriptionEvent(idx uint64) *pbsubscribe.Event

type EventPayloadConfigEntry added in v1.16.100

type EventPayloadConfigEntry struct {
	Op    pbsubscribe.ConfigEntryUpdate_UpdateOp
	Value structs.ConfigEntry
}

func (EventPayloadConfigEntry) HasReadPermission added in v1.16.100

func (e EventPayloadConfigEntry) HasReadPermission(authz acl.Authorizer) bool

func (EventPayloadConfigEntry) Subject added in v1.16.100

func (EventPayloadConfigEntry) ToSubscriptionEvent added in v1.16.100

func (e EventPayloadConfigEntry) ToSubscriptionEvent(idx uint64) *pbsubscribe.Event

type EventPayloadServiceListUpdate added in v1.16.100

type EventPayloadServiceListUpdate struct {
	Op pbsubscribe.CatalogOp

	Name           string
	EnterpriseMeta acl.EnterpriseMeta
	PeerName       string
}

EventPayloadServiceListUpdate is used as the Payload for a stream.Event when services (not service instances) are registered/deregistered. These events are used to materialize the list of services in a datacenter.

func (*EventPayloadServiceListUpdate) HasReadPermission added in v1.16.100

func (e *EventPayloadServiceListUpdate) HasReadPermission(authz acl.Authorizer) bool

func (*EventPayloadServiceListUpdate) Subject added in v1.16.100

func (*EventPayloadServiceListUpdate) ToSubscriptionEvent added in v1.16.100

func (e *EventPayloadServiceListUpdate) ToSubscriptionEvent(idx uint64) *pbsubscribe.Event

type EventPublisher added in v1.16.100

type EventPublisher interface {
	Publish([]stream.Event)
	RegisterHandler(stream.Topic, stream.SnapshotFunc, bool) error
	Subscribe(*stream.SubscribeRequest) (*stream.Subscription, error)
}

type EventSubjectConfigEntry added in v1.16.100

type EventSubjectConfigEntry struct {
	Name           string
	EnterpriseMeta *acl.EnterpriseMeta
}

EventSubjectConfigEntry is a stream.Subject used to route and receive events for a specific config entry (kind is encoded in the topic).

func (EventSubjectConfigEntry) String added in v1.16.100

func (s EventSubjectConfigEntry) String() string

type EventSubjectService added in v1.16.100

type EventSubjectService struct {
	Key            string
	EnterpriseMeta acl.EnterpriseMeta
	PeerName       string
	// contains filtered or unexported fields
}

EventSubjectService is a stream.Subject used to route and receive events for a specific service.

func (EventSubjectService) String added in v1.16.100

func (s EventSubjectService) String() string

String satisfies the stream.Subject interface.

type FreeVirtualIP added in v1.16.100

type FreeVirtualIP struct {
	IP        net.IP
	IsCounter bool
}

FreeVirtualIP is used to store a virtual IP freed up by a service deregistration. It is also used to store free virtual IPs when a snapshot is created.

type Graveyard

type Graveyard struct {
	// contains filtered or unexported fields
}

Graveyard manages a set of tombstones.

func NewGraveyard

func NewGraveyard(gc *TombstoneGC) *Graveyard

NewGraveyard returns a new graveyard.

func (*Graveyard) DumpTxn

func (g *Graveyard) DumpTxn(tx ReadTxn) (memdb.ResultIterator, error)

DumpTxn returns all the tombstones.

func (*Graveyard) GetMaxIndexTxn

func (g *Graveyard) GetMaxIndexTxn(tx ReadTxn, prefix string, _ *acl.EnterpriseMeta) (uint64, error)

GetMaxIndexTxn returns the highest index tombstone whose key matches the given context, using a prefix match.

func (*Graveyard) InsertTxn

func (g *Graveyard) InsertTxn(tx WriteTxn, key string, idx uint64, entMeta *acl.EnterpriseMeta) error

InsertTxn adds a new tombstone.

func (*Graveyard) ReapTxn

func (g *Graveyard) ReapTxn(tx WriteTxn, idx uint64) error

ReapTxn cleans out all tombstones whose index values are less than or equal to the given idx. This prevents unbounded storage growth of the tombstones.

func (*Graveyard) RestoreTxn

func (g *Graveyard) RestoreTxn(tx WriteTxn, stone *Tombstone) error

RestoreTxn is used when restoring from a snapshot. For general inserts, use InsertTxn.

type IndexEntry

type IndexEntry struct {
	Key   string
	Value uint64
}

IndexEntry keeps a record of the last index of a table or entity within a table.

type IntentionDecisionOpts added in v1.16.100

type IntentionDecisionOpts struct {
	Target           string
	Namespace        string
	Partition        string
	Peer             string
	Intentions       structs.SimplifiedIntentions
	MatchType        structs.IntentionMatchType
	DefaultDecision  acl.EnforcementDecision
	AllowPermissions bool
}

type KVUsage added in v1.16.100

type KVUsage struct {
	KVCount int
	EnterpriseKVUsage
}

type KeyValueQuery added in v1.16.100

type KeyValueQuery struct {
	Key      string
	Value    string
	PeerName string
	acl.EnterpriseMeta
}

KeyValueQuery is a type used to query for both a key and a value that may include an enterprise identifier.

func (KeyValueQuery) NamespaceOrDefault added in v1.16.100

func (q KeyValueQuery) NamespaceOrDefault() string

NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (KeyValueQuery) PartitionOrDefault added in v1.16.100

func (q KeyValueQuery) PartitionOrDefault() string

PartitionOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (KeyValueQuery) PeerOrEmpty added in v1.16.100

func (q KeyValueQuery) PeerOrEmpty() string

type KindServiceName added in v1.16.100

type KindServiceName struct {
	Kind    structs.ServiceKind
	Service structs.ServiceName

	structs.RaftIndex
}

func (*KindServiceName) NamespaceOrDefault added in v1.16.100

func (n *KindServiceName) NamespaceOrDefault() string

func (*KindServiceName) PartitionOrDefault added in v1.16.100

func (n *KindServiceName) PartitionOrDefault() string

type KindServiceNameQuery added in v1.16.100

type KindServiceNameQuery struct {
	Kind structs.ServiceKind
	Name string
	acl.EnterpriseMeta
}

KindServiceNameQuery is used to lookup service names by kind or enterprise meta.

func (KindServiceNameQuery) NamespaceOrDefault added in v1.16.100

func (q KindServiceNameQuery) NamespaceOrDefault() string

NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (KindServiceNameQuery) PartitionOrDefault added in v1.16.100

func (q KindServiceNameQuery) PartitionOrDefault() string

PartitionOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

type MultiQuery added in v1.16.100

type MultiQuery struct {
	Value []string
	acl.EnterpriseMeta
}

func (MultiQuery) IDValue added in v1.16.100

func (q MultiQuery) IDValue() []string

func (MultiQuery) NamespaceOrDefault added in v1.16.100

func (q MultiQuery) NamespaceOrDefault() string

NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (MultiQuery) PartitionOrDefault added in v1.16.100

func (q MultiQuery) PartitionOrDefault() string

PartitionOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

type NodeCheckQuery added in v1.16.100

type NodeCheckQuery struct {
	Node     string
	CheckID  string
	PeerName string
	acl.EnterpriseMeta
}

NodeCheckQuery is used to query the ID index of the checks table.

func (NodeCheckQuery) NamespaceOrDefault added in v1.16.100

func (q NodeCheckQuery) NamespaceOrDefault() string

NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (NodeCheckQuery) PartitionOrDefault added in v1.16.100

func (q NodeCheckQuery) PartitionOrDefault() string

PartitionOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (NodeCheckQuery) PeerOrEmpty added in v1.16.100

func (q NodeCheckQuery) PeerOrEmpty() string

type NodeServiceQuery added in v1.16.100

type NodeServiceQuery struct {
	Node     string
	Service  string
	PeerName string
	acl.EnterpriseMeta
}

NodeServiceQuery is a type used to query the checks table.

func (NodeServiceQuery) NamespaceOrDefault added in v1.16.100

func (q NodeServiceQuery) NamespaceOrDefault() string

NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (NodeServiceQuery) PartitionOrDefault added in v1.16.100

func (q NodeServiceQuery) PartitionOrDefault() string

PartitionOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (NodeServiceQuery) PeerOrEmpty added in v1.16.100

func (q NodeServiceQuery) PeerOrEmpty() string

type NodeUsage added in v1.16.100

type NodeUsage struct {
	Nodes int
	EnterpriseNodeUsage
}

NodeUsage contains all of the usage data related to nodes

type PeeringUsage added in v1.16.100

type PeeringUsage struct {
	// Number of peerings.
	Peerings int
	EnterprisePeeringUsage
}

PeeringUsage contains all of the usage data related to peerings.

type PreparedQueryIndex

type PreparedQueryIndex struct {
}

PreparedQueryIndex is a custom memdb indexer used to manage index prepared query templates. None of the built-in indexers do what we need, and our use case is pretty specific so it's better to put the logic here.

func (*PreparedQueryIndex) FromArgs

func (p *PreparedQueryIndex) FromArgs(args ...interface{}) ([]byte, error)

FromArgs is used when querying for an exact match. Since we don't add any suffix we can just call the prefix version.

func (*PreparedQueryIndex) FromObject

func (*PreparedQueryIndex) FromObject(obj interface{}) (bool, []byte, error)

FromObject is used to compute the index key when inserting or updating an object.

func (*PreparedQueryIndex) PrefixFromArgs

func (*PreparedQueryIndex) PrefixFromArgs(args ...interface{}) ([]byte, error)

PrefixFromArgs is used when doing a prefix scan for an object.

type Query added in v1.16.100

type Query struct {
	Value    string
	PeerName string
	acl.EnterpriseMeta
}

Query is a type used to query any single value index that may include an enterprise identifier.

func (Query) IDValue added in v1.16.100

func (q Query) IDValue() string

func (Query) NamespaceOrDefault added in v1.16.100

func (q Query) NamespaceOrDefault() string

NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (Query) PartitionOrDefault added in v1.16.100

func (q Query) PartitionOrDefault() string

PartitionOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (Query) PeerOrEmpty added in v1.16.100

func (q Query) PeerOrEmpty() string

type ReadDB added in v1.16.100

type ReadDB interface {
	ReadTxn() AbortTxn
}

ReadDB is a DB that provides read-only transactions.

type ReadTxn added in v1.16.100

type ReadTxn interface {
	Get(table, index string, args ...interface{}) (memdb.ResultIterator, error)
	First(table, index string, args ...interface{}) (interface{}, error)
	FirstWatch(table, index string, args ...interface{}) (<-chan struct{}, interface{}, error)
}

ReadTxn is implemented by memdb.Txn to perform read operations.

type Restore

type Restore struct {
	// contains filtered or unexported fields
}

Restore is used to efficiently manage restoring a large amount of data to a state store.

func (*Restore) ACLAuthMethod added in v1.16.100

func (s *Restore) ACLAuthMethod(method *structs.ACLAuthMethod) error

func (*Restore) ACLBindingRule added in v1.16.100

func (s *Restore) ACLBindingRule(rule *structs.ACLBindingRule) error

func (*Restore) ACLPolicy added in v1.4.0

func (s *Restore) ACLPolicy(policy *structs.ACLPolicy) error

func (*Restore) ACLRole added in v1.16.100

func (s *Restore) ACLRole(role *structs.ACLRole) error

func (*Restore) ACLToken added in v1.4.0

func (s *Restore) ACLToken(token *structs.ACLToken) error

ACLToken is used when restoring from a snapshot. For general inserts, use ACL.

func (*Restore) Abort

func (s *Restore) Abort()

Abort abandons the changes made by a restore. This or Commit should always be called.

func (*Restore) Autopilot

func (s *Restore) Autopilot(config *structs.AutopilotConfig) error

Autopilot is used when restoring from a snapshot.

func (*Restore) CAConfig added in v1.2.0

func (s *Restore) CAConfig(config *structs.CAConfiguration) error

CAConfig is used when restoring from a snapshot.

func (*Restore) CAProviderState added in v1.2.0

func (s *Restore) CAProviderState(state *structs.CAConsulProviderState) error

CAProviderState is used when restoring from a snapshot.

func (*Restore) CARoot added in v1.2.0

func (s *Restore) CARoot(r *structs.CARoot) error

CARoots is used when restoring from a snapshot.

func (*Restore) Commit

func (s *Restore) Commit() error

Commit commits the changes made by a restore. This or Abort should always be called.

func (*Restore) ConfigEntry added in v1.16.100

func (s *Restore) ConfigEntry(c structs.ConfigEntry) error

ConfigEntry is used when restoring from a snapshot.

func (*Restore) Coordinates

func (s *Restore) Coordinates(idx uint64, updates structs.Coordinates) error

Coordinates is used when restoring from a snapshot. For general inserts, use CoordinateBatchUpdate. We do less vetting of the updates here because they already got checked on the way in during a batch update.

func (*Restore) FederationState added in v1.16.100

func (s *Restore) FederationState(g *structs.FederationState) error

FederationState is used when restoring from a snapshot.

func (*Restore) FreeVirtualIP added in v1.16.100

func (s *Restore) FreeVirtualIP(req FreeVirtualIP) error

func (*Restore) IndexRestore added in v1.4.0

func (s *Restore) IndexRestore(idx *IndexEntry) error

IndexRestore is used to restore an index

func (*Restore) KVS

func (s *Restore) KVS(entry *structs.DirEntry) error

KVS is used when restoring from a snapshot. Use KVSSet for general inserts.

func (*Restore) LegacyIntention deprecated added in v1.16.100

func (s *Restore) LegacyIntention(ixn *structs.Intention) error

LegacyIntention is used when restoring from a snapshot.

Deprecated: service-intentions config entries are handled as config entries in the snapshot.

func (*Restore) Peering added in v1.16.100

func (r *Restore) Peering(p *pbpeering.Peering) error

func (*Restore) PeeringSecrets added in v1.16.100

func (r *Restore) PeeringSecrets(p *pbpeering.PeeringSecrets) error

func (*Restore) PeeringTrustBundle added in v1.16.100

func (r *Restore) PeeringTrustBundle(ptb *pbpeering.PeeringTrustBundle) error

func (*Restore) PreparedQuery

func (s *Restore) PreparedQuery(query *structs.PreparedQuery) error

PreparedQuery is used when restoring from a snapshot. For general inserts, use PreparedQuerySet.

func (*Restore) Registration

func (s *Restore) Registration(idx uint64, req *structs.RegisterRequest) error

Registration is used to make sure a node, service, and check registration is performed within a single transaction to avoid race conditions on state updates.

func (*Restore) ServiceVirtualIP added in v1.16.100

func (s *Restore) ServiceVirtualIP(req ServiceVirtualIP) error

func (*Restore) Session

func (s *Restore) Session(sess *structs.Session) error

Session is used when restoring from a snapshot. For general inserts, use SessionCreate.

func (*Restore) SystemMetadataEntry added in v1.16.100

func (s *Restore) SystemMetadataEntry(entry *structs.SystemMetadataEntry) error

SystemMetadataEntry is used when restoring from a snapshot.

func (*Restore) Tombstone

func (s *Restore) Tombstone(stone *Tombstone) error

Tombstone is used when restoring from a snapshot. For general inserts, use Graveyard.InsertTxn.

type SamenessGroupDefaultIndex added in v1.16.100

type SamenessGroupDefaultIndex struct{}

SamenessGroupDefaultIndex is a placeholder for OSS. Sameness-groups are enterprise only.

func (*SamenessGroupDefaultIndex) FromArgs added in v1.16.100

func (*SamenessGroupDefaultIndex) FromArgs(args ...interface{}) ([]byte, error)

func (*SamenessGroupDefaultIndex) FromObject added in v1.16.100

func (*SamenessGroupDefaultIndex) FromObject(obj interface{}) (bool, [][]byte, error)

type SamenessGroupMemberIndex added in v1.16.100

type SamenessGroupMemberIndex struct {
}

func (*SamenessGroupMemberIndex) FromArgs added in v1.16.100

func (s *SamenessGroupMemberIndex) FromArgs(args ...interface{}) ([]byte, error)

func (*SamenessGroupMemberIndex) FromObject added in v1.16.100

func (s *SamenessGroupMemberIndex) FromObject(obj interface{}) (bool, [][]byte, error)

type ServiceIntentionLegacyIDIndex added in v1.16.100

type ServiceIntentionLegacyIDIndex struct {
	// contains filtered or unexported fields
}

func (*ServiceIntentionLegacyIDIndex) FromArgs added in v1.16.100

func (s *ServiceIntentionLegacyIDIndex) FromArgs(args ...interface{}) ([]byte, error)

func (*ServiceIntentionLegacyIDIndex) FromObject added in v1.16.100

func (s *ServiceIntentionLegacyIDIndex) FromObject(obj interface{}) (bool, [][]byte, error)

func (*ServiceIntentionLegacyIDIndex) PrefixFromArgs added in v1.16.100

func (s *ServiceIntentionLegacyIDIndex) PrefixFromArgs(args ...interface{}) ([]byte, error)

type ServiceIntentionSourceIndex added in v1.16.100

type ServiceIntentionSourceIndex struct {
}

func (*ServiceIntentionSourceIndex) FromArgs added in v1.16.100

func (s *ServiceIntentionSourceIndex) FromArgs(args ...interface{}) ([]byte, error)

func (*ServiceIntentionSourceIndex) FromObject added in v1.16.100

func (s *ServiceIntentionSourceIndex) FromObject(obj interface{}) (bool, [][]byte, error)

type ServiceIntentionSourceSamenessGroupIndex added in v1.16.100

type ServiceIntentionSourceSamenessGroupIndex struct {
}

func (*ServiceIntentionSourceSamenessGroupIndex) FromArgs added in v1.16.100

func (s *ServiceIntentionSourceSamenessGroupIndex) FromArgs(args ...interface{}) ([]byte, error)

func (*ServiceIntentionSourceSamenessGroupIndex) FromObject added in v1.16.100

func (s *ServiceIntentionSourceSamenessGroupIndex) FromObject(obj interface{}) (bool, [][]byte, error)

type ServiceManualVIPIndex added in v1.16.100

type ServiceManualVIPIndex struct{}

func (*ServiceManualVIPIndex) FromArgs added in v1.16.100

func (index *ServiceManualVIPIndex) FromArgs(args ...interface{}) ([]byte, error)

func (*ServiceManualVIPIndex) FromObject added in v1.16.100

func (index *ServiceManualVIPIndex) FromObject(obj interface{}) (bool, []byte, error)

type ServiceNameIndex added in v1.16.100

type ServiceNameIndex struct {
	Field string
}

func (*ServiceNameIndex) FromArgs added in v1.16.100

func (index *ServiceNameIndex) FromArgs(args ...interface{}) ([]byte, error)

func (*ServiceNameIndex) FromObject added in v1.16.100

func (index *ServiceNameIndex) FromObject(obj interface{}) (bool, []byte, error)

func (*ServiceNameIndex) PrefixFromArgs added in v1.16.100

func (index *ServiceNameIndex) PrefixFromArgs(args ...interface{}) ([]byte, error)

type ServiceVirtualIP added in v1.16.100

type ServiceVirtualIP struct {
	Service   structs.PeeredServiceName
	IP        net.IP
	ManualIPs []string

	structs.RaftIndex
}

ServiceVirtualIP is used to store a virtual IP associated with a service. It is also used to store assigned virtual IPs when a snapshot is created.

func (ServiceVirtualIP) IPWithOffset added in v1.16.100

func (s ServiceVirtualIP) IPWithOffset() (string, error)

type ServiceWithDecision added in v1.16.100

type ServiceWithDecision struct {
	Name     structs.ServiceName
	Decision structs.IntentionDecisionSummary
}

type SimplifiedExportedServices added in v1.16.100

type SimplifiedExportedServices structs.ExportedServicesConfigEntry

SimplifiedExportedServices contains a version of the exported-services that has been flattened by removing all of the sameness group references and replacing them with corresponding partition / peer entries.

func (*SimplifiedExportedServices) ToPartitionMap added in v1.16.100

func (e *SimplifiedExportedServices) ToPartitionMap() map[string]map[string][]string

ToPartitionMap is only used by the partition exporting logic. It returns a map[namespace][service] => []consuming_partitions

type Snapshot

type Snapshot struct {
	// contains filtered or unexported fields
}

Snapshot is used to provide a point-in-time snapshot. It works by starting a read transaction against the whole state store.

func (*Snapshot) ACLAuthMethods added in v1.16.100

func (s *Snapshot) ACLAuthMethods() (memdb.ResultIterator, error)

ACLAuthMethods is used when saving a snapshot

func (*Snapshot) ACLBindingRules added in v1.16.100

func (s *Snapshot) ACLBindingRules() (memdb.ResultIterator, error)

ACLBindingRules is used when saving a snapshot

func (*Snapshot) ACLPolicies added in v1.4.0

func (s *Snapshot) ACLPolicies() (memdb.ResultIterator, error)

ACLPolicies is used when saving a snapshot

func (*Snapshot) ACLRoles added in v1.16.100

func (s *Snapshot) ACLRoles() (memdb.ResultIterator, error)

ACLRoles is used when saving a snapshot

func (*Snapshot) ACLTokens added in v1.4.0

func (s *Snapshot) ACLTokens() (memdb.ResultIterator, error)

ACLTokens is used when saving a snapshot

func (*Snapshot) Autopilot

func (s *Snapshot) Autopilot() (*structs.AutopilotConfig, error)

Autopilot is used to pull the autopilot config from the snapshot.

func (*Snapshot) CAConfig added in v1.2.0

func (s *Snapshot) CAConfig() (*structs.CAConfiguration, error)

CAConfig is used to pull the CA config from the snapshot.

func (*Snapshot) CAProviderState added in v1.2.0

func (s *Snapshot) CAProviderState() ([]*structs.CAConsulProviderState, error)

CAProviderState is used to pull the built-in provider states from the snapshot.

func (*Snapshot) CARoots added in v1.2.0

func (s *Snapshot) CARoots() (structs.CARoots, error)

CARoots is used to pull all the CA roots for the snapshot.

func (*Snapshot) Checks

func (s *Snapshot) Checks(node string, entMeta *acl.EnterpriseMeta, peerName string) (memdb.ResultIterator, error)

Checks is used to pull the full list of checks for a given node for use during snapshots.

func (*Snapshot) Close

func (s *Snapshot) Close()

Close performs cleanup of a state snapshot.

func (*Snapshot) ConfigEntries added in v1.16.100

func (s *Snapshot) ConfigEntries() ([]structs.ConfigEntry, error)

ConfigEntries is used to pull all the config entries for the snapshot.

func (*Snapshot) Coordinates

func (s *Snapshot) Coordinates() (memdb.ResultIterator, error)

Coordinates is used to pull all the coordinates from the snapshot.

func (*Snapshot) FederationStates added in v1.16.100

func (s *Snapshot) FederationStates() ([]*structs.FederationState, error)

FederationStates is used to pull all the federation states for the snapshot.

func (*Snapshot) FreeVirtualIPs added in v1.16.100

func (s *Snapshot) FreeVirtualIPs() (memdb.ResultIterator, error)

FreeVirtualIPs is used to pull the freed virtual IPs for use during snapshots.

func (*Snapshot) Indexes added in v1.4.0

func (s *Snapshot) Indexes() (memdb.ResultIterator, error)

func (*Snapshot) KVs

func (s *Snapshot) KVs() (memdb.ResultIterator, error)

KVs is used to pull the full list of KVS entries for use during snapshots.

func (*Snapshot) LastIndex

func (s *Snapshot) LastIndex() uint64

LastIndex returns that last index that affects the snapshotted data.

func (*Snapshot) LegacyIntentions deprecated added in v1.16.100

func (s *Snapshot) LegacyIntentions() (structs.Intentions, error)

LegacyIntentions is used to pull all the intentions from the snapshot.

Deprecated: service-intentions config entries are handled as config entries in the snapshot.

func (*Snapshot) Nodes

func (s *Snapshot) Nodes() (memdb.ResultIterator, error)

Nodes is used to pull the full list of nodes for use during snapshots.

func (*Snapshot) PeeringSecrets added in v1.16.100

func (s *Snapshot) PeeringSecrets() (memdb.ResultIterator, error)

func (*Snapshot) PeeringTrustBundles added in v1.16.100

func (s *Snapshot) PeeringTrustBundles() (memdb.ResultIterator, error)

func (*Snapshot) Peerings added in v1.16.100

func (s *Snapshot) Peerings() (memdb.ResultIterator, error)

func (*Snapshot) PreparedQueries

func (s *Snapshot) PreparedQueries() (structs.PreparedQueries, error)

PreparedQueries is used to pull all the prepared queries from the snapshot.

func (*Snapshot) ServiceVirtualIPs added in v1.16.100

func (s *Snapshot) ServiceVirtualIPs() (memdb.ResultIterator, error)

ServiceVirtualIPs is used to pull the service virtual IP mappings for use during snapshots.

func (*Snapshot) Services

func (s *Snapshot) Services(node string, entMeta *acl.EnterpriseMeta, peerName string) (memdb.ResultIterator, error)

Services is used to pull the full list of services for a given node for use during snapshots.

func (*Snapshot) Sessions

func (s *Snapshot) Sessions() (memdb.ResultIterator, error)

Sessions is used to pull the full list of sessions for use during snapshots.

func (*Snapshot) SystemMetadataEntries added in v1.16.100

func (s *Snapshot) SystemMetadataEntries() ([]*structs.SystemMetadataEntry, error)

SystemMetadataEntries used to pull all the system metadata entries for the snapshot.

func (*Snapshot) Tombstones

func (s *Snapshot) Tombstones() (memdb.ResultIterator, error)

Tombstones is used to pull all the tombstones from the graveyard.

type Store

type Store struct {
	// contains filtered or unexported fields
}

Store is where we store all of Consul's state, including records of node registrations, services, checks, key/value pairs and more. The DB is entirely in-memory and is constructed from the Raft log through the FSM.

func NewStateStore

func NewStateStore(gc *TombstoneGC) *Store

NewStateStore creates a new in-memory state storage layer.

func NewStateStoreWithEventPublisher added in v1.16.100

func NewStateStoreWithEventPublisher(gc *TombstoneGC, publisher EventPublisher) *Store

func (*Store) ACLAuthMethodBatchDelete added in v1.16.100

func (s *Store) ACLAuthMethodBatchDelete(idx uint64, names []string, entMeta *acl.EnterpriseMeta) error

func (*Store) ACLAuthMethodBatchSet added in v1.16.100

func (s *Store) ACLAuthMethodBatchSet(idx uint64, methods structs.ACLAuthMethods) error

func (*Store) ACLAuthMethodDeleteByName added in v1.16.100

func (s *Store) ACLAuthMethodDeleteByName(idx uint64, name string, entMeta *acl.EnterpriseMeta) error

func (*Store) ACLAuthMethodGetByName added in v1.16.100

func (s *Store) ACLAuthMethodGetByName(ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLAuthMethod, error)

func (*Store) ACLAuthMethodList added in v1.16.100

func (s *Store) ACLAuthMethodList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLAuthMethods, error)

func (*Store) ACLAuthMethodSet added in v1.16.100

func (s *Store) ACLAuthMethodSet(idx uint64, method *structs.ACLAuthMethod) error

func (*Store) ACLAuthMethodUpsertValidateEnterprise added in v1.16.100

func (s *Store) ACLAuthMethodUpsertValidateEnterprise(method *structs.ACLAuthMethod, existing *structs.ACLAuthMethod) error

func (*Store) ACLBindingRuleBatchDelete added in v1.16.100

func (s *Store) ACLBindingRuleBatchDelete(idx uint64, bindingRuleIDs []string) error

func (*Store) ACLBindingRuleBatchSet added in v1.16.100

func (s *Store) ACLBindingRuleBatchSet(idx uint64, rules structs.ACLBindingRules) error

func (*Store) ACLBindingRuleDeleteByID added in v1.16.100

func (s *Store) ACLBindingRuleDeleteByID(idx uint64, id string, entMeta *acl.EnterpriseMeta) error

func (*Store) ACLBindingRuleGetByID added in v1.16.100

func (s *Store) ACLBindingRuleGetByID(ws memdb.WatchSet, id string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLBindingRule, error)

func (*Store) ACLBindingRuleList added in v1.16.100

func (s *Store) ACLBindingRuleList(ws memdb.WatchSet, methodName string, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLBindingRules, error)

func (*Store) ACLBindingRuleSet added in v1.16.100

func (s *Store) ACLBindingRuleSet(idx uint64, rule *structs.ACLBindingRule) error

func (*Store) ACLBindingRuleUpsertValidateEnterprise added in v1.16.100

func (s *Store) ACLBindingRuleUpsertValidateEnterprise(rule *structs.ACLBindingRule, existing *structs.ACLBindingRule) error

func (*Store) ACLBootstrap added in v0.9.1

func (s *Store) ACLBootstrap(idx, resetIndex uint64, token *structs.ACLToken) error

ACLBootstrap is used to perform a one-time ACL bootstrap operation on a cluster to get the first management token.

func (*Store) ACLPolicyBatchDelete added in v1.4.0

func (s *Store) ACLPolicyBatchDelete(idx uint64, policyIDs []string) error

func (*Store) ACLPolicyBatchGet added in v1.4.0

func (s *Store) ACLPolicyBatchGet(ws memdb.WatchSet, ids []string) (uint64, structs.ACLPolicies, error)

func (*Store) ACLPolicyBatchSet added in v1.4.0

func (s *Store) ACLPolicyBatchSet(idx uint64, policies structs.ACLPolicies) error

func (*Store) ACLPolicyDeleteByID added in v1.4.0

func (s *Store) ACLPolicyDeleteByID(idx uint64, id string, entMeta *acl.EnterpriseMeta) error

func (*Store) ACLPolicyDeleteByName added in v1.4.0

func (s *Store) ACLPolicyDeleteByName(idx uint64, name string, entMeta *acl.EnterpriseMeta) error

func (*Store) ACLPolicyGetByID added in v1.4.0

func (s *Store) ACLPolicyGetByID(ws memdb.WatchSet, id string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLPolicy, error)

func (*Store) ACLPolicyGetByName added in v1.4.0

func (s *Store) ACLPolicyGetByName(ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLPolicy, error)

func (*Store) ACLPolicyList added in v1.4.0

func (s *Store) ACLPolicyList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLPolicies, error)

func (*Store) ACLPolicySet added in v1.4.0

func (s *Store) ACLPolicySet(idx uint64, policy *structs.ACLPolicy) error

func (*Store) ACLPolicyUpsertValidateEnterprise added in v1.16.100

func (s *Store) ACLPolicyUpsertValidateEnterprise(*structs.ACLPolicy, *structs.ACLPolicy) error

func (*Store) ACLRoleBatchDelete added in v1.16.100

func (s *Store) ACLRoleBatchDelete(idx uint64, roleIDs []string) error

func (*Store) ACLRoleBatchGet added in v1.16.100

func (s *Store) ACLRoleBatchGet(ws memdb.WatchSet, ids []string) (uint64, structs.ACLRoles, error)

func (*Store) ACLRoleBatchSet added in v1.16.100

func (s *Store) ACLRoleBatchSet(idx uint64, roles structs.ACLRoles, allowMissingPolicyIDs bool) error

func (*Store) ACLRoleDeleteByID added in v1.16.100

func (s *Store) ACLRoleDeleteByID(idx uint64, id string, entMeta *acl.EnterpriseMeta) error

func (*Store) ACLRoleDeleteByName added in v1.16.100

func (s *Store) ACLRoleDeleteByName(idx uint64, name string, entMeta *acl.EnterpriseMeta) error

func (*Store) ACLRoleGetByID added in v1.16.100

func (s *Store) ACLRoleGetByID(ws memdb.WatchSet, id string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLRole, error)

func (*Store) ACLRoleGetByName added in v1.16.100

func (s *Store) ACLRoleGetByName(ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLRole, error)

func (*Store) ACLRoleList added in v1.16.100

func (s *Store) ACLRoleList(ws memdb.WatchSet, policy string, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLRoles, error)

func (*Store) ACLRoleSet added in v1.16.100

func (s *Store) ACLRoleSet(idx uint64, role *structs.ACLRole) error

func (*Store) ACLRoleUpsertValidateEnterprise added in v1.16.100

func (s *Store) ACLRoleUpsertValidateEnterprise(role *structs.ACLRole, existing *structs.ACLRole) error

func (*Store) ACLTokenBatchDelete added in v1.4.0

func (s *Store) ACLTokenBatchDelete(idx uint64, tokenIDs []string) error

func (*Store) ACLTokenBatchGet added in v1.4.0

func (s *Store) ACLTokenBatchGet(ws memdb.WatchSet, accessors []string) (uint64, structs.ACLTokens, error)

func (*Store) ACLTokenBatchSet added in v1.4.0

func (s *Store) ACLTokenBatchSet(idx uint64, tokens structs.ACLTokens, opts ACLTokenSetOptions) error

func (*Store) ACLTokenDeleteByAccessor added in v1.4.0

func (s *Store) ACLTokenDeleteByAccessor(idx uint64, accessor string, entMeta *acl.EnterpriseMeta) error

ACLTokenDeleteByAccessor is used to remove an existing ACL from the state store. If the ACL does not exist this is a no-op and no error is returned.

func (*Store) ACLTokenGetByAccessor added in v1.4.0

func (s *Store) ACLTokenGetByAccessor(ws memdb.WatchSet, accessor string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLToken, error)

ACLTokenGetByAccessor is used to look up an existing ACL token by its AccessorID.

func (*Store) ACLTokenGetBySecret added in v1.4.0

func (s *Store) ACLTokenGetBySecret(ws memdb.WatchSet, secret string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLToken, error)

ACLTokenGetBySecret is used to look up an existing ACL token by its SecretID.

func (*Store) ACLTokenList added in v1.4.0

func (s *Store) ACLTokenList(ws memdb.WatchSet, local, global bool, policy, role, methodName string, methodMeta, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLTokens, error)

ACLTokenList return a list of ACL Tokens that match the policy, role, and method.

func (*Store) ACLTokenListExpired added in v1.16.100

func (s *Store) ACLTokenListExpired(local bool, asOf time.Time, max int) (structs.ACLTokens, <-chan struct{}, error)

ACLTokenListExpires lists tokens that are expired as of the provided time. The returned set will be no larger than the max value provided.

func (*Store) ACLTokenMinExpirationTime added in v1.16.100

func (s *Store) ACLTokenMinExpirationTime(local bool) (time.Time, error)

func (*Store) ACLTokenSet added in v1.4.0

func (s *Store) ACLTokenSet(idx uint64, token *structs.ACLToken) error

ACLTokenSet is used in many tests to set a single ACL token. It is now a shim for calling ACLTokenBatchSet with default options.

func (*Store) ACLTokenUpsertValidateEnterprise added in v1.16.100

func (s *Store) ACLTokenUpsertValidateEnterprise(token *structs.ACLToken, existing *structs.ACLToken) error

func (*Store) APIGatewaySnapshot added in v1.16.100

func (s *Store) APIGatewaySnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error)

APIGatewaySnapshot is a stream.SnapshotFunc that returns a snapshot of api-gateway config entries.

func (*Store) Abandon

func (s *Store) Abandon()

Abandon is used to signal that the given state store has been abandoned. Calling this more than one time will panic.

func (*Store) AbandonCh

func (s *Store) AbandonCh() <-chan struct{}

AbandonCh returns a channel you can wait on to know if the state store was abandoned.

func (*Store) AreIntentionsInConfigEntries added in v1.16.100

func (s *Store) AreIntentionsInConfigEntries() (bool, error)

AreIntentionsInConfigEntries determines which table is the canonical store for intentions data.

func (*Store) AssignManualServiceVIPs added in v1.16.100

func (s *Store) AssignManualServiceVIPs(idx uint64, psn structs.PeeredServiceName, ips []string) (bool, []structs.PeeredServiceName, error)

AssignManualServiceVIPs attempts to associate a list of manual virtual IP addresses with a given service name. Any IP addresses given will be removed from other services in the same partition. This is done to ensure that a manual VIP can only exist once for a given partition. This function returns: - a bool indicating whether the given service exists. - a list of service names that had ip addresses removed from them. - an error indicating success or failure of the call.

func (*Store) AutopilotCASConfig

func (s *Store) AutopilotCASConfig(idx, cidx uint64, config *structs.AutopilotConfig) (bool, error)

AutopilotCASConfig is used to try updating the Autopilot configuration with a given Raft index. If the CAS index specified is not equal to the last observed index for the config, then the call is a noop,

func (*Store) AutopilotConfig

func (s *Store) AutopilotConfig() (uint64, *structs.AutopilotConfig, error)

AutopilotConfig is used to get the current Autopilot configuration.

func (*Store) AutopilotSetConfig

func (s *Store) AutopilotSetConfig(idx uint64, config *structs.AutopilotConfig) error

AutopilotSetConfig is used to set the current Autopilot configuration.

func (*Store) BoundAPIGatewaySnapshot added in v1.16.100

func (s *Store) BoundAPIGatewaySnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error)

BoundAPIGatewaySnapshot is a stream.SnapshotFunc that returns a snapshot of bound-api-gateway config entries.

func (*Store) CACheckAndSetConfig added in v1.2.0

func (s *Store) CACheckAndSetConfig(idx, cidx uint64, config *structs.CAConfiguration) (bool, error)

CACheckAndSetConfig is used to try updating the CA configuration with a given Raft index. If the CAS index specified is not equal to the last observed index for the config, then the call will return an error,

func (*Store) CAConfig added in v1.2.0

func (s *Store) CAConfig(ws memdb.WatchSet) (uint64, *structs.CAConfiguration, error)

CAConfig is used to get the current CA configuration.

func (*Store) CADeleteProviderState added in v1.2.0

func (s *Store) CADeleteProviderState(idx uint64, id string) error

CADeleteProviderState is used to remove the built-in Consul CA provider state for the given ID.

func (*Store) CAIncrementProviderSerialNumber added in v1.16.100

func (s *Store) CAIncrementProviderSerialNumber(idx uint64) (uint64, error)

func (*Store) CALeafSetIndex added in v1.4.1

func (s *Store) CALeafSetIndex(idx uint64, index uint64) error

func (*Store) CAProviderState added in v1.2.0

func (s *Store) CAProviderState(id string) (uint64, *structs.CAConsulProviderState, error)

CAProviderState is used to get the Consul CA provider state for the given ID.

func (*Store) CARootActive added in v1.2.0

func (s *Store) CARootActive(ws memdb.WatchSet) (uint64, *structs.CARoot, error)

CARootActive returns the currently active CARoot.

func (*Store) CARootSetCAS added in v1.2.0

func (s *Store) CARootSetCAS(idx, cidx uint64, rs []*structs.CARoot) (bool, error)

CARootSetCAS sets the current CA root state using a check-and-set operation. On success, this will replace the previous set of CARoots completely with the given set of roots.

The first boolean result returns whether the transaction succeeded or not.

func (*Store) CARoots added in v1.2.0

func (s *Store) CARoots(ws memdb.WatchSet) (uint64, structs.CARoots, error)

CARoots returns the list of all CA roots.

func (*Store) CARootsAndConfig added in v1.16.100

func (s *Store) CARootsAndConfig(ws memdb.WatchSet) (uint64, structs.CARoots, *structs.CAConfiguration, error)

func (*Store) CARootsSnapshot added in v1.16.100

func (s *Store) CARootsSnapshot(_ stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error)

caRootsSnapshot returns a stream.SnapshotFunc that provides a snapshot of the current active list of CA Roots.

func (*Store) CASetConfig added in v1.2.0

func (s *Store) CASetConfig(idx uint64, config *structs.CAConfiguration) error

CASetConfig is used to set the current CA configuration.

func (*Store) CASetProviderState added in v1.2.0

func (s *Store) CASetProviderState(idx uint64, state *structs.CAConsulProviderState) (bool, error)

CASetProviderState is used to set the current built-in CA provider state.

func (*Store) CanBootstrapACLToken added in v1.4.0

func (s *Store) CanBootstrapACLToken() (bool, uint64, error)

CanBootstrapACLToken checks if bootstrapping is possible and returns the reset index

func (*Store) CatalogDump added in v1.16.100

func (s *Store) CatalogDump() (*structs.CatalogContents, error)

CatalogDump returns all the contents of the node, service and check tables. In Enterprise, this will return entries across all partitions and namespaces. TODO(peering) make this peering aware?

func (*Store) CheckConnectServiceNodes added in v1.2.0

func (s *Store) CheckConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error)

CheckConnectServiceNodes is used to query all nodes and checks for Connect compatible endpoints for a given service.

func (*Store) CheckIngressServiceNodes added in v1.16.100

func (s *Store) CheckIngressServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error)

CheckIngressServiceNodes is used to query all nodes and checks for ingress endpoints for a given service.

func (*Store) CheckServiceNodes

func (s *Store) CheckServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error)

CheckServiceNodes is used to query all nodes and checks for a given service.

func (*Store) CheckServiceTagNodes

func (s *Store) CheckServiceTagNodes(ws memdb.WatchSet, serviceName string, tags []string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error)

CheckServiceTagNodes is used to query all nodes and checks for a given service, filtering out services that don't contain the given tag.

func (*Store) ChecksInState

func (s *Store) ChecksInState(ws memdb.WatchSet, state string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.HealthChecks, error)

ChecksInState is used to query the state store for all checks which are in the provided state.

func (*Store) ChecksInStateByNodeMeta

func (s *Store) ChecksInStateByNodeMeta(ws memdb.WatchSet, state string, filters map[string]string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.HealthChecks, error)

ChecksInStateByNodeMeta is used to query the state store for all checks which are in the provided state, filtered by the given node metadata values.

func (*Store) CombinedCheckServiceNodes added in v1.16.100

func (s *Store) CombinedCheckServiceNodes(ws memdb.WatchSet, service structs.ServiceName, peerName string) (uint64, structs.CheckServiceNodes, error)

CombinedCheckServiceNodes is used to query all nodes and checks for both typical and Connect endpoints of a service

func (*Store) ConfigEntries added in v1.16.100

func (s *Store) ConfigEntries(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, []structs.ConfigEntry, error)

ConfigEntries is called to get all config entry objects.

func (*Store) ConfigEntriesByKind added in v1.16.100

func (s *Store) ConfigEntriesByKind(ws memdb.WatchSet, kind string, entMeta *acl.EnterpriseMeta) (uint64, []structs.ConfigEntry, error)

ConfigEntriesByKind is called to get all config entry objects with the given kind. If kind is empty, all config entries will be returned.

func (*Store) ConfigEntry added in v1.16.100

func (s *Store) ConfigEntry(ws memdb.WatchSet, kind, name string, entMeta *acl.EnterpriseMeta) (uint64, structs.ConfigEntry, error)

ConfigEntry is called to get a given config entry.

func (*Store) ConfigEntryUsage added in v1.16.100

func (s *Store) ConfigEntryUsage() (uint64, ConfigEntryUsage, error)

func (*Store) ConnectServiceNodes added in v1.2.0

func (s *Store) ConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.ServiceNodes, error)

ConnectServiceNodes returns the nodes associated with a Connect compatible destination for the given service name. This will include both proxies and native integrations.

func (*Store) Coordinate added in v0.9.3

func (s *Store) Coordinate(ws memdb.WatchSet, node string, entMeta *acl.EnterpriseMeta) (uint64, lib.CoordinateSet, error)

Coordinate returns a map of coordinates for the given node, indexed by network segment.

func (*Store) CoordinateBatchUpdate

func (s *Store) CoordinateBatchUpdate(idx uint64, updates structs.Coordinates) error

CoordinateBatchUpdate processes a batch of coordinate updates and applies them in a single transaction.

func (*Store) Coordinates

func (s *Store) Coordinates(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Coordinates, error)

Coordinates queries for all nodes with coordinates.

func (*Store) DeleteCheck

func (s *Store) DeleteCheck(idx uint64, node string, checkID types.CheckID, entMeta *acl.EnterpriseMeta, peerName string) error

DeleteCheck is used to delete a health check registration.

func (*Store) DeleteConfigEntry added in v1.16.100

func (s *Store) DeleteConfigEntry(idx uint64, kind, name string, entMeta *acl.EnterpriseMeta) error

func (*Store) DeleteConfigEntryCAS added in v1.16.100

func (s *Store) DeleteConfigEntryCAS(idx, cidx uint64, conf structs.ConfigEntry) (bool, error)

DeleteConfigEntryCAS performs a check-and-set deletion of a config entry with the given raft index. If the index is not specified, or is not equal to the entry's current ModifyIndex then the call is a noop, otherwise the normal deletion is performed.

func (*Store) DeleteNode

func (s *Store) DeleteNode(idx uint64, nodeName string, entMeta *acl.EnterpriseMeta, peerName string) error

DeleteNode is used to delete a given node by its ID.

func (*Store) DeleteService

func (s *Store) DeleteService(idx uint64, nodeName, serviceID string, entMeta *acl.EnterpriseMeta, peerName string) error

DeleteService is used to delete a given service associated with a node.

func (*Store) DumpGatewayServices added in v1.16.100

func (s *Store) DumpGatewayServices(ws memdb.WatchSet) (uint64, structs.GatewayServices, error)

func (*Store) EnsureCheck

func (s *Store) EnsureCheck(idx uint64, hc *structs.HealthCheck) error

EnsureCheck is used to store a check registration in the db.

func (*Store) EnsureConfigEntry added in v1.16.100

func (s *Store) EnsureConfigEntry(idx uint64, conf structs.ConfigEntry) error

EnsureConfigEntry is called to do an upsert of a given config entry.

func (*Store) EnsureConfigEntryCAS added in v1.16.100

func (s *Store) EnsureConfigEntryCAS(idx, cidx uint64, conf structs.ConfigEntry) (bool, error)

EnsureConfigEntryCAS is called to do a check-and-set upsert of a given config entry.

func (*Store) EnsureConfigEntryWithStatusCAS added in v1.16.100

func (s *Store) EnsureConfigEntryWithStatusCAS(idx, cidx uint64, conf structs.ConfigEntry) (bool, error)

EnsureConfigEntryWithStatusCAS is called to do a check-and-set upsert of a given config entry and its status.

func (*Store) EnsureNode

func (s *Store) EnsureNode(idx uint64, node *structs.Node) error

EnsureNode is used to upsert node registration or modification.

func (*Store) EnsureRegistration

func (s *Store) EnsureRegistration(idx uint64, req *structs.RegisterRequest) error

EnsureRegistration is used to make sure a node, service, and check registration is performed within a single transaction to avoid race conditions on state updates.

func (*Store) EnsureService

func (s *Store) EnsureService(idx uint64, node string, svc *structs.NodeService) error

EnsureService is called to upsert creation of a given NodeService.

func (*Store) ExportedServicesForAllPeersByName added in v1.16.100

func (s *Store) ExportedServicesForAllPeersByName(ws memdb.WatchSet, dc string, entMeta acl.EnterpriseMeta) (uint64, map[string]structs.ServiceList, error)

func (*Store) ExportedServicesForPeer added in v1.16.100

func (s *Store) ExportedServicesForPeer(ws memdb.WatchSet, peerID string, dc string) (uint64, *structs.ExportedServiceList, error)

ExportedServicesForPeer returns the list of typical and proxy services exported to a peer.

TODO(peering): What to do about terminating gateways? Sometimes terminating gateways are the appropriate destination to dial for an upstream mesh service. However, that information is handled by observing the terminating gateway's config entry, which we wouldn't want to replicate. How would client peers know to route through terminating gateways when they're not dialing through a remote mesh gateway?

func (*Store) FederationStateBatchDelete added in v1.16.100

func (s *Store) FederationStateBatchDelete(idx uint64, datacenters []string) error

func (*Store) FederationStateBatchSet added in v1.16.100

func (s *Store) FederationStateBatchSet(idx uint64, configs structs.FederationStates) error

func (*Store) FederationStateDelete added in v1.16.100

func (s *Store) FederationStateDelete(idx uint64, datacenter string) error

func (*Store) FederationStateGet added in v1.16.100

func (s *Store) FederationStateGet(ws memdb.WatchSet, datacenter string) (uint64, *structs.FederationState, error)

FederationStateGet is called to get a federation state.

func (*Store) FederationStateList added in v1.16.100

func (s *Store) FederationStateList(ws memdb.WatchSet) (uint64, []*structs.FederationState, error)

FederationStateList is called to get all federation state objects.

func (*Store) FederationStateSet added in v1.16.100

func (s *Store) FederationStateSet(idx uint64, config *structs.FederationState) error

FederationStateSet is called to do an upsert of a given federation state.

func (*Store) GatewayServices added in v1.16.100

func (s *Store) GatewayServices(ws memdb.WatchSet, gateway string, entMeta *acl.EnterpriseMeta) (uint64, structs.GatewayServices, error)

GatewayServices is used to query all services associated with a gateway

func (*Store) GetNode

func (s *Store) GetNode(nodeNameOrID string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, *structs.Node, error)

GetNode is used to retrieve a node registration by node name ID.

func (*Store) GetNodeID

func (s *Store) GetNodeID(id types.NodeID, entMeta *acl.EnterpriseMeta, peerName string) (uint64, *structs.Node, error)

GetNodeID is used to retrieve a node registration by node ID.

func (*Store) GetSamenessGroup added in v1.16.100

func (s *Store) GetSamenessGroup(ws memdb.WatchSet,
	name string,
	overrides map[configentry.KindName]structs.ConfigEntry,
	partition string) (uint64, *structs.SamenessGroupConfigEntry, error)

GetSamenessGroup returns a SamenessGroupConfigEntry from the state store using the provided parameters.

func (*Store) GetSimplifiedExportedServices added in v1.16.100

func (s *Store) GetSimplifiedExportedServices(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, *SimplifiedExportedServices, error)

func (*Store) HTTPRouteSnapshot added in v1.16.100

func (s *Store) HTTPRouteSnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error)

HTTPRouteSnapshot is a stream.SnapshotFunc that retuns a snapshot of http-route config entries.

func (*Store) IPRateLimiterSnapshot added in v1.16.100

func (s *Store) IPRateLimiterSnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error)

IPRateLimiterSnapshot is a stream.SnapshotFunc that returns a snapshot of "control-plane-request-limit" config entries.

func (*Store) IngressGatewaySnapshot added in v1.16.100

func (s *Store) IngressGatewaySnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error)

IngressGatewaySnapshot is a stream.SnapshotFunc that returns a snapshot of ingress-gateway config entries.

func (*Store) InlineCertificateSnapshot added in v1.16.100

func (s *Store) InlineCertificateSnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error)

InlineCertificateSnapshot is a stream.SnapshotFunc that returns a snapshot of inline-certificate config entries.

func (*Store) IntentionDecision added in v1.16.100

func (s *Store) IntentionDecision(opts IntentionDecisionOpts) (structs.IntentionDecisionSummary, error)

IntentionDecision returns whether a connection should be allowed to a source or destination given a set of intentions.

allowPermissions determines whether the presence of L7 permissions leads to a DENY decision. This should be false when evaluating a connection between a source and destination, but not the request that will be sent.

func (*Store) IntentionGet added in v1.2.0

func (s *Store) IntentionGet(ws memdb.WatchSet, id string) (uint64, *structs.ServiceIntentionsConfigEntry, *structs.Intention, error)

IntentionGet returns the given intention by ID.

func (*Store) IntentionGetExact added in v1.16.100

func (s *Store) IntentionGetExact(ws memdb.WatchSet, args *structs.IntentionQueryExact) (uint64, *structs.ServiceIntentionsConfigEntry, *structs.Intention, error)

IntentionGetExact returns the given intention by it's full unique name.

func (*Store) IntentionMatch added in v1.2.0

func (s *Store) IntentionMatch(ws memdb.WatchSet, args *structs.IntentionQueryMatch) (uint64, []structs.Intentions, error)

IntentionMatch returns the list of intentions that match the namespace and name for either a source or destination. This applies the resolution rules so wildcards will match any value.

The returned value is the list of intentions in the same order as the entries in args. The intentions themselves are sorted based on the intention precedence rules. i.e. result[0][0] is the highest precedent rule to match for the first entry.

func (*Store) IntentionMatchOne added in v1.16.100

func (s *Store) IntentionMatchOne(
	ws memdb.WatchSet,
	entry structs.IntentionMatchEntry,
	matchType structs.IntentionMatchType,
	destinationType structs.IntentionTargetType,
) (uint64, structs.SimplifiedIntentions, error)

IntentionMatchOne returns the list of intentions that match the namespace and name for a single source or destination. This applies the resolution rules so wildcards will match any value.

The returned intentions are sorted based on the intention precedence rules. i.e. result[0] is the highest precedent rule to match

func (*Store) IntentionMutation added in v1.16.100

func (s *Store) IntentionMutation(idx uint64, op structs.IntentionOp, mut *structs.IntentionMutation) error

func (*Store) IntentionTopology added in v1.16.100

func (s *Store) IntentionTopology(
	ws memdb.WatchSet,
	target structs.ServiceName,
	downstreams bool,
	defaultDecision acl.EnforcementDecision,
	intentionTarget structs.IntentionTargetType,
) (uint64, structs.ServiceList, error)

IntentionTopology returns the upstreams or downstreams of a service. Upstreams and downstreams are inferred from intentions. If intentions allow a connection from the target to some candidate service, the candidate service is considered an upstream of the target.

func (*Store) Intentions added in v1.2.0

func (s *Store) Intentions(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, bool, error)

Intentions returns the list of all intentions. The boolean response value is true if it came from config entries.

func (*Store) JWTProviderSnapshot added in v1.16.100

func (s *Store) JWTProviderSnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error)

JWTProviderSnapshot is a stream.SnapshotFunc that returns a snapshot of jwt-provider config entries.

func (*Store) KVSDelete

func (s *Store) KVSDelete(idx uint64, key string, entMeta *acl.EnterpriseMeta) error

KVSDelete is used to perform a shallow delete on a single key in the the state store.

func (*Store) KVSDeleteCAS

func (s *Store) KVSDeleteCAS(idx, cidx uint64, key string, entMeta *acl.EnterpriseMeta) (bool, error)

KVSDeleteCAS is used to try doing a KV delete operation with a given raft index. If the CAS index specified is not equal to the last observed index for the given key, then the call is a noop, otherwise a normal KV delete is invoked.

func (*Store) KVSDeleteTree

func (s *Store) KVSDeleteTree(idx uint64, prefix string, entMeta *acl.EnterpriseMeta) error

KVSDeleteTree is used to do a recursive delete on a key prefix in the state store. If any keys are modified, the last index is set, otherwise this is a no-op.

func (*Store) KVSGet

func (s *Store) KVSGet(ws memdb.WatchSet, key string, entMeta *acl.EnterpriseMeta) (uint64, *structs.DirEntry, error)

KVSGet is used to retrieve a key/value pair from the state store.

func (*Store) KVSList

func (s *Store) KVSList(ws memdb.WatchSet,
	prefix string, entMeta *acl.EnterpriseMeta) (uint64, structs.DirEntries, error)

KVSList is used to list out all keys under a given prefix. If the prefix is left empty, all keys in the KVS will be returned. The returned is the max index of the returned kvs entries or applicable tombstones, or else it's the full table indexes for kvs and tombstones.

func (*Store) KVSLock

func (s *Store) KVSLock(idx uint64, entry *structs.DirEntry) (bool, error)

KVSLock is similar to KVSSet but only performs the set if the lock can be acquired.

func (*Store) KVSLockDelay

func (s *Store) KVSLockDelay(key string, entMeta *acl.EnterpriseMeta) time.Time

KVSLockDelay returns the expiration time for any lock delay associated with the given key.

func (*Store) KVSSet

func (s *Store) KVSSet(idx uint64, entry *structs.DirEntry) error

KVSSet is used to store a key/value pair.

func (*Store) KVSSetCAS

func (s *Store) KVSSetCAS(idx uint64, entry *structs.DirEntry) (bool, error)

KVSSetCAS is used to do a check-and-set operation on a KV entry. The ModifyIndex in the provided entry is used to determine if we should write the entry to the state store or bail. Returns a bool indicating if a write happened and any error.

func (*Store) KVSUnlock

func (s *Store) KVSUnlock(idx uint64, entry *structs.DirEntry) (bool, error)

KVSUnlock is similar to KVSSet but only performs the set if the lock can be unlocked (the key must already exist and be locked).

func (*Store) KVUsage added in v1.16.100

func (s *Store) KVUsage() (uint64, KVUsage, error)

func (*Store) LegacyIntentionDelete deprecated added in v1.16.100

func (s *Store) LegacyIntentionDelete(idx uint64, id string) error

LegacyIntentionDelete deletes the given intention by ID.

Deprecated: Edit service-intentions config entries directly.

func (*Store) LegacyIntentionDeleteAll added in v1.16.100

func (s *Store) LegacyIntentionDeleteAll(idx uint64) error

LegacyIntentionDeleteAll deletes all legacy intentions. This is part of the config entry migration code.

func (*Store) LegacyIntentionSet deprecated added in v1.16.100

func (s *Store) LegacyIntentionSet(idx uint64, ixn *structs.Intention) error

LegacyIntentionSet creates or updates an intention.

Deprecated: Edit service-intentions config entries directly.

func (*Store) LegacyIntentions added in v1.16.100

func (s *Store) LegacyIntentions(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, error)

LegacyIntentions is like Intentions() but only returns legacy intentions. This is exposed for migration purposes.

func (*Store) MeshConfigSnapshot added in v1.16.100

func (s *Store) MeshConfigSnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error)

MeshConfigSnapshot is a stream.SnapshotFunc that returns a snapshot of mesh config entries.

func (*Store) NodeCheck

func (s *Store) NodeCheck(nodeName string, checkID types.CheckID, entMeta *acl.EnterpriseMeta, peerName string) (uint64, *structs.HealthCheck, error)

NodeCheck is used to retrieve a specific check associated with the given node.

func (*Store) NodeChecks

func (s *Store) NodeChecks(ws memdb.WatchSet, nodeName string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.HealthChecks, error)

NodeChecks is used to retrieve checks associated with the given node from the state store.

func (*Store) NodeDump

func (s *Store) NodeDump(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.NodeDump, error)

NodeDump is used to generate a dump of all nodes. This call is expensive as it has to query every node, service, and check. The response can also be quite large since there is currently no filtering applied.

func (*Store) NodeInfo

func (s *Store) NodeInfo(ws memdb.WatchSet, node string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.NodeDump, error)

NodeInfo is used to generate a dump of a single node. The dump includes all services and checks which are registered against the node.

func (*Store) NodeService

func (s *Store) NodeService(ws memdb.WatchSet, nodeName string, serviceID string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, *structs.NodeService, error)

NodeService is used to retrieve a specific service associated with the given node.

func (*Store) NodeServiceList added in v1.16.100

func (s *Store) NodeServiceList(ws memdb.WatchSet, nodeNameOrID string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, *structs.NodeServiceList, error)

NodeServices is used to query service registrations by node name or UUID.

func (*Store) NodeServices

func (s *Store) NodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, *structs.NodeServices, error)

NodeServices is used to query service registrations by node name or UUID.

func (*Store) NodeSessions

func (s *Store) NodeSessions(ws memdb.WatchSet, nodeID string, entMeta *acl.EnterpriseMeta) (uint64, structs.Sessions, error)

NodeSessions returns a set of active sessions associated with the given node ID. The returned index is the highest index seen from the result set.

func (*Store) NodeUsage added in v1.16.100

func (s *Store) NodeUsage() (uint64, NodeUsage, error)

NodeUsage returns the latest seen Raft index, a compiled set of node usage data, and any errors.

func (*Store) Nodes

func (s *Store) Nodes(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.Nodes, error)

Nodes is used to return all of the known nodes.

func (*Store) NodesByMeta

func (s *Store) NodesByMeta(ws memdb.WatchSet, filters map[string]string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.Nodes, error)

NodesByMeta is used to return all nodes with the given metadata key/value pairs.

func (*Store) PeeringDelete added in v1.16.100

func (s *Store) PeeringDelete(idx uint64, q Query) error

func (*Store) PeeringList added in v1.16.100

func (s *Store) PeeringList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.Peering, error)

func (*Store) PeeringListDeleted added in v1.16.100

func (s *Store) PeeringListDeleted(ws memdb.WatchSet) (uint64, []*pbpeering.Peering, error)

func (*Store) PeeringRead added in v1.16.100

func (s *Store) PeeringRead(ws memdb.WatchSet, q Query) (uint64, *pbpeering.Peering, error)

func (*Store) PeeringReadByID added in v1.16.100

func (s *Store) PeeringReadByID(ws memdb.WatchSet, id string) (uint64, *pbpeering.Peering, error)

func (*Store) PeeringSecretsDelete added in v1.16.100

func (s *Store) PeeringSecretsDelete(idx uint64, peerID string, dialer bool) error

func (*Store) PeeringSecretsRead added in v1.16.100

func (s *Store) PeeringSecretsRead(ws memdb.WatchSet, peerID string) (*pbpeering.PeeringSecrets, error)

func (*Store) PeeringSecretsWrite added in v1.16.100

func (s *Store) PeeringSecretsWrite(idx uint64, req *pbpeering.SecretsWriteRequest) error

func (*Store) PeeringTerminateByID added in v1.16.100

func (s *Store) PeeringTerminateByID(idx uint64, id string) error

func (*Store) PeeringTrustBundleDelete added in v1.16.100

func (s *Store) PeeringTrustBundleDelete(idx uint64, q Query) error

func (*Store) PeeringTrustBundleList added in v1.16.100

func (s *Store) PeeringTrustBundleList(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error)

PeeringTrustBundleList returns the peering trust bundles for all peers.

func (*Store) PeeringTrustBundleRead added in v1.16.100

func (s *Store) PeeringTrustBundleRead(ws memdb.WatchSet, q Query) (uint64, *pbpeering.PeeringTrustBundle, error)

PeeringTrustBundleRead returns the peering trust bundle for the peer name given as the query value.

func (*Store) PeeringTrustBundleWrite added in v1.16.100

func (s *Store) PeeringTrustBundleWrite(idx uint64, ptb *pbpeering.PeeringTrustBundle) error

PeeringTrustBundleWrite writes ptb to the state store. It also updates the corresponding peering object with the new certs. If there is an existing trust bundle with the given peer name, it will be overwritten. If there is no corresponding peering, then an error is returned.

func (*Store) PeeringUsage added in v1.16.100

func (s *Store) PeeringUsage() (uint64, PeeringUsage, error)

PeeringUsage returns the latest seen Raft index, a compiled set of peering usage data, and any errors.

func (*Store) PeeringWrite added in v1.16.100

func (s *Store) PeeringWrite(idx uint64, req *pbpeering.PeeringWriteRequest) error

func (*Store) PeeringsForService added in v1.16.100

func (s *Store) PeeringsForService(ws memdb.WatchSet, serviceName string, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.Peering, error)

PeeringsForService returns the list of peerings that are associated with the service name provided in the query. This is used to configure connect proxies for a given service. The result is generated by querying for exported service config entries and filtering for those that match the given service.

TODO(peering): this implementation does all of the work on read to materialize this list of peerings, we should explore writing to a separate index that has service peerings prepared ahead of time should this become a performance bottleneck.

func (*Store) PreparedQueryDelete

func (s *Store) PreparedQueryDelete(idx uint64, queryID string) error

PreparedQueryDelete deletes the given query by ID.

func (*Store) PreparedQueryGet

func (s *Store) PreparedQueryGet(ws memdb.WatchSet, queryID string) (uint64, *structs.PreparedQuery, error)

PreparedQueryGet returns the given prepared query by ID.

func (*Store) PreparedQueryList

func (s *Store) PreparedQueryList(ws memdb.WatchSet) (uint64, structs.PreparedQueries, error)

PreparedQueryList returns all the prepared queries.

func (*Store) PreparedQueryResolve

func (s *Store) PreparedQueryResolve(queryIDOrName string, source structs.QuerySource) (uint64, *structs.PreparedQuery, error)

PreparedQueryResolve returns the given prepared query by looking up an ID or Name. If the query was looked up by name and it's a template, then the template will be rendered before it is returned.

func (*Store) PreparedQuerySet

func (s *Store) PreparedQuerySet(idx uint64, query *structs.PreparedQuery) error

PreparedQuerySet is used to create or update a prepared query.

func (*Store) ReadDiscoveryChainConfigEntries added in v1.16.100

func (s *Store) ReadDiscoveryChainConfigEntries(
	ws memdb.WatchSet,
	serviceName string,
	entMeta *acl.EnterpriseMeta,
) (uint64, *configentry.DiscoveryChainSet, error)

ReadDiscoveryChainConfigEntries will query for the full discovery chain for the provided service name. All relevant config entries will be recursively fetched and included in the result.

Once returned, the caller still needs to assemble these into a useful graph structure.

func (*Store) ReadResolvedServiceConfigEntries added in v1.16.100

func (s *Store) ReadResolvedServiceConfigEntries(
	ws memdb.WatchSet,
	serviceName string,
	entMeta *acl.EnterpriseMeta,
	upstreamIDs []structs.ServiceID,
	proxyMode structs.ProxyMode,
) (uint64, *configentry.ResolvedServiceConfigSet, error)

func (*Store) ReapTombstones

func (s *Store) ReapTombstones(idx uint64, index uint64) error

ReapTombstones is used to delete all the tombstones with an index less than or equal to the given index. This is used to prevent unbounded storage growth of the tombstones.

func (*Store) Restore

func (s *Store) Restore() *Restore

Restore is used to efficiently manage restoring a large amount of data into the state store. It works by doing all the restores inside of a single transaction.

func (*Store) SamenessGroupSnapshot added in v1.16.100

func (s *Store) SamenessGroupSnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error)

SamenessGroupSnapshot is a stream.SnapshotFunc that returns a snapshot of "sameness-group" config entries.

func (*Store) ServiceAddressNodes added in v1.2.0

func (s *Store) ServiceAddressNodes(ws memdb.WatchSet, address string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.ServiceNodes, error)

ServiceAddressNodes returns the nodes associated with a given service, filtering out services that don't match the given serviceAddress

func (*Store) ServiceChecks

func (s *Store) ServiceChecks(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.HealthChecks, error)

ServiceChecks is used to get all checks associated with a given service ID. The query is performed against a service _name_ instead of a service ID.

func (*Store) ServiceChecksByNodeMeta

func (s *Store) ServiceChecksByNodeMeta(ws memdb.WatchSet, serviceName string, filters map[string]string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.HealthChecks, error)

ServiceChecksByNodeMeta is used to get all checks associated with a given service ID, filtered by the given node metadata values. The query is performed against a service _name_ instead of a service ID.

func (*Store) ServiceDefaultsSnapshot added in v1.16.100

func (s *Store) ServiceDefaultsSnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error)

ServiceDefaultsSnapshot is a stream.SnapshotFunc that returns a snapshot of service-defaults config entries.

func (*Store) ServiceDiscoveryChain added in v1.16.100

func (*Store) ServiceDump added in v1.16.100

func (s *Store) ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind bool, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.CheckServiceNodes, error)

func (*Store) ServiceGateways added in v1.16.100

func (s *Store) ServiceGateways(ws memdb.WatchSet, service string, kind structs.ServiceKind, entMeta acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error)

TODO: Find a way to consolidate this with CheckIngressServiceNodes ServiceGateways is used to query all gateways associated with a service

func (*Store) ServiceHealthSnapshot added in v1.16.100

func (s *Store) ServiceHealthSnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (index uint64, err error)

serviceHealthSnapshot returns a stream.SnapshotFunc that provides a snapshot of stream.Events that describe the current state of a service health query.

func (*Store) ServiceIntentionsSnapshot added in v1.16.100

func (s *Store) ServiceIntentionsSnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error)

ServiceIntentionsSnapshot is a stream.SnapshotFunc that returns a snapshot of service-intentions config entries.

func (*Store) ServiceList added in v1.16.100

func (s *Store) ServiceList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.ServiceList, error)

func (*Store) ServiceListSnapshot added in v1.16.100

func (s *Store) ServiceListSnapshot(_ stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error)

ServiceListSnapshot is a stream.SnapshotFunc that returns a snapshot of all service names.

func (*Store) ServiceManualVIPs added in v1.16.100

func (s *Store) ServiceManualVIPs(psn structs.PeeredServiceName) (*ServiceVirtualIP, error)

func (*Store) ServiceNamesOfKind added in v1.16.100

func (s *Store) ServiceNamesOfKind(ws memdb.WatchSet, kind structs.ServiceKind) (uint64, []*KindServiceName, error)

func (*Store) ServiceNode added in v1.16.100

func (s *Store) ServiceNode(nodeID, nodeName, serviceID string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, *structs.ServiceNode, error)

ServiceNode is used to retrieve a specific service by service ID and node ID or name.

func (*Store) ServiceNodes

func (s *Store) ServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.ServiceNodes, error)

ServiceNodes returns the nodes associated with a given service name.

func (*Store) ServiceResolverSnapshot added in v1.16.100

func (s *Store) ServiceResolverSnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error)

ServiceResolverSnapshot is a stream.SnapshotFunc that returns a snapshot of service-resolver config entries.

func (*Store) ServiceTagNodes

func (s *Store) ServiceTagNodes(ws memdb.WatchSet, service string, tags []string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, structs.ServiceNodes, error)

ServiceTagNodes returns the nodes associated with a given service, filtering out services that don't contain the given tags.

func (*Store) ServiceTopology added in v1.16.100

func (s *Store) ServiceTopology(
	ws memdb.WatchSet,
	dc, service string,
	kind structs.ServiceKind,
	defaultAllow acl.EnforcementDecision,
	entMeta *acl.EnterpriseMeta,
) (uint64, *structs.ServiceTopology, error)

TODO(freddy) Split this up. The upstream/downstream logic is very similar. TODO(freddy) Add comprehensive state store test

func (*Store) ServiceUsage added in v1.16.100

func (s *Store) ServiceUsage(ws memdb.WatchSet) (uint64, structs.ServiceUsage, error)

ServiceUsage returns the latest seen Raft index, a compiled set of service usage data, and any errors.

func (*Store) ServiceVirtualIPs added in v1.16.100

func (s *Store) ServiceVirtualIPs() (uint64, []ServiceVirtualIP, error)

func (*Store) Services

func (s *Store) Services(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta, peerName string) (uint64, []*structs.ServiceNode, error)

Services returns all services along with a list of associated tags.

func (*Store) ServicesByNodeMeta

func (s *Store) ServicesByNodeMeta(ws memdb.WatchSet, filters map[string]string, entMeta *acl.EnterpriseMeta, peerName string) (uint64, []*structs.ServiceNode, error)

ServicesByNodeMeta returns all services, filtered by the given node metadata.

func (*Store) SessionCreate

func (s *Store) SessionCreate(idx uint64, sess *structs.Session) error

SessionCreate is used to register a new session in the state store.

func (*Store) SessionDestroy

func (s *Store) SessionDestroy(idx uint64, sessionID string, entMeta *acl.EnterpriseMeta) error

SessionDestroy is used to remove an active session. This will implicitly invalidate the session and invoke the specified session destroy behavior.

func (*Store) SessionGet

func (s *Store) SessionGet(ws memdb.WatchSet,
	sessionID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.Session, error)

SessionGet is used to retrieve an active session from the state store.

func (*Store) SessionList

func (s *Store) SessionList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Sessions, error)

SessionList returns a slice containing all of the active sessions.

func (*Store) SessionListAll added in v1.16.100

func (s *Store) SessionListAll(ws memdb.WatchSet) (uint64, structs.Sessions, error)

func (*Store) Snapshot

func (s *Store) Snapshot() *Snapshot

Snapshot is used to create a point-in-time snapshot of the entire db.

func (*Store) SystemMetadataDelete added in v1.16.100

func (s *Store) SystemMetadataDelete(idx uint64, entry *structs.SystemMetadataEntry) error

func (*Store) SystemMetadataGet added in v1.16.100

func (s *Store) SystemMetadataGet(ws memdb.WatchSet, key string) (uint64, *structs.SystemMetadataEntry, error)

SystemMetadataGet is called to get a system metadata.

func (*Store) SystemMetadataList added in v1.16.100

func (s *Store) SystemMetadataList(ws memdb.WatchSet) (uint64, []*structs.SystemMetadataEntry, error)

SystemMetadataList is called to get all system metadata objects.

func (*Store) SystemMetadataSet added in v1.16.100

func (s *Store) SystemMetadataSet(idx uint64, entry *structs.SystemMetadataEntry) error

SystemMetadataSet is called to do an upsert of a set of system metadata entries.

func (*Store) TCPRouteSnapshot added in v1.16.100

func (s *Store) TCPRouteSnapshot(req stream.SubscribeRequest, buf stream.SnapshotAppender) (uint64, error)

TCPRouteSnapshot is a stream.SnapshotFunc that returns a snapshot of tcp-route config entries.

func (*Store) TrustBundleListByService added in v1.16.100

func (s *Store) TrustBundleListByService(ws memdb.WatchSet, service, dc string, entMeta acl.EnterpriseMeta) (uint64, []*pbpeering.PeeringTrustBundle, error)

TrustBundleListByService returns the trust bundles for all peers that the given service is exported to, via a discovery chain target.

func (*Store) TxnRO

TxnRO runs the given operations inside a single read transaction in the state store. You must verify outside this function that no write operations are present, otherwise you'll get an error from the state store.

func (*Store) TxnRW

func (s *Store) TxnRW(idx uint64, ops structs.TxnOps) (structs.TxnResults, structs.TxnErrors)

TxnRW tries to run the given operations all inside a single transaction. If any of the operations fail, the entire transaction will be rolled back. This is done in a full write transaction on the state store, so reads and writes are possible

func (*Store) ValidateProposedPeeringSecretUUID added in v1.16.100

func (s *Store) ValidateProposedPeeringSecretUUID(id string) (bool, error)

func (*Store) ValidateRegisterRequest added in v1.16.100

func (s *Store) ValidateRegisterRequest(_ *structs.RegisterRequest) (*acl.EnterpriseMeta, error)

func (*Store) VirtualIPForService added in v1.16.100

func (s *Store) VirtualIPForService(psn structs.PeeredServiceName) (string, error)

func (*Store) VirtualIPsForAllImportedServices added in v1.16.100

func (s *Store) VirtualIPsForAllImportedServices(ws memdb.WatchSet, entMeta acl.EnterpriseMeta) (uint64, []ServiceVirtualIP, error)

VirtualIPsForAllImportedServices returns a slice of ServiceVirtualIP for all VirtualIP-assignable services that have been imported by the partition represented in entMeta. Namespace is ignored.

func (*Store) WalkAllTables added in v1.16.100

func (s *Store) WalkAllTables(fn func(table string, item interface{}) bool) error

WalkAllTables basically lets you dump memdb generically and exists primarily for very specific types of unit tests and should not be executed in production code.

type TimeQuery added in v1.16.100

type TimeQuery struct {
	Value time.Time
	acl.EnterpriseMeta
}

func (TimeQuery) NamespaceOrDefault added in v1.16.100

func (q TimeQuery) NamespaceOrDefault() string

NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

func (TimeQuery) PartitionOrDefault added in v1.16.100

func (q TimeQuery) PartitionOrDefault() string

PartitionOrDefault exists because structs.EnterpriseMeta uses a pointer receiver for this method. Remove once that is fixed.

type Tombstone

type Tombstone struct {
	Key   string
	Index uint64

	acl.EnterpriseMeta
}

Tombstone is the internal type used to track tombstones.

func (Tombstone) IDValue added in v1.16.100

func (t Tombstone) IDValue() string

type TombstoneGC

type TombstoneGC struct {
	sync.Mutex
	// contains filtered or unexported fields
}

TombstoneGC is used to track creation of tombstones so that they can be garbage collected after their TTL expires. The tombstones allow queries to provide monotonic index values within the TTL window. The GC is used to prevent monotonic growth in storage usage. This is a trade off between the length of the TTL and the storage overhead.

In practice, this is required to fix the issue of delete visibility. When data is deleted from the KV store, the "latest" row can go backwards if the newest row is removed. The tombstones provide a way to ensure time doesn't move backwards within some interval.

func NewTombstoneGC

func NewTombstoneGC(ttl, granularity time.Duration) (*TombstoneGC, error)

NewTombstoneGC is used to construct a new TombstoneGC given a TTL for tombstones and a tracking granularity. Longer TTLs ensure correct behavior for more time, but use more storage. A shorter granularity increases the number of Raft transactions and reduce how far past the TTL we perform GC.

func (*TombstoneGC) ExpireCh

func (t *TombstoneGC) ExpireCh() <-chan uint64

ExpireCh is used to return a channel that streams the next index that should be expired.

func (*TombstoneGC) Hint

func (t *TombstoneGC) Hint(index uint64)

Hint is used to indicate that keys at the given index have been deleted, and that their GC should be scheduled.

func (*TombstoneGC) PendingExpiration

func (t *TombstoneGC) PendingExpiration() bool

PendingExpiration is used to check if any expirations are pending.

func (*TombstoneGC) SetEnabled

func (t *TombstoneGC) SetEnabled(enabled bool)

SetEnabled is used to control if the tombstone GC is enabled. Should only be enabled by the leader node.

type UsageEntry added in v1.16.100

type UsageEntry struct {
	ID    string
	Index uint64
	Count int
}

UsageEntry represents a count of some arbitrary identifier within the state store, along with the last seen index.

type WriteTxn added in v1.16.100

type WriteTxn interface {
	ReadTxn
	Defer(func())
	Delete(table string, obj interface{}) error
	DeleteAll(table, index string, args ...interface{}) (int, error)
	DeletePrefix(table string, index string, prefix string) (bool, error)
	Insert(table string, obj interface{}) error
}

WriteTxn is implemented by memdb.Txn to perform write operations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL