1package config 2 3import ( 4 "encoding/json" 5 "fmt" 6 7 "github.com/hashicorp/hcl" 8 "github.com/mitchellh/mapstructure" 9 10 "github.com/hashicorp/consul/lib/decode" 11) 12 13// Source parses configuration from some source. 14type Source interface { 15 // Source returns an identifier for the Source that can be used in error message 16 Source() string 17 // Parse a configuration and return the result. 18 Parse() (Config, mapstructure.Metadata, error) 19} 20 21// ErrNoData indicates to Builder.Build that the source contained no data, and 22// it can be skipped. 23var ErrNoData = fmt.Errorf("config source contained no data") 24 25// FileSource implements Source and parses a config from a file. 26type FileSource struct { 27 Name string 28 Format string 29 Data string 30} 31 32func (f FileSource) Source() string { 33 return f.Name 34} 35 36// Parse a config file in either JSON or HCL format. 37func (f FileSource) Parse() (Config, mapstructure.Metadata, error) { 38 if f.Name == "" || f.Data == "" { 39 return Config{}, mapstructure.Metadata{}, ErrNoData 40 } 41 42 var raw map[string]interface{} 43 var err error 44 var md mapstructure.Metadata 45 switch f.Format { 46 case "json": 47 err = json.Unmarshal([]byte(f.Data), &raw) 48 case "hcl": 49 err = hcl.Decode(&raw, f.Data) 50 default: 51 err = fmt.Errorf("invalid format: %s", f.Format) 52 } 53 if err != nil { 54 return Config{}, md, err 55 } 56 57 var c Config 58 d, err := mapstructure.NewDecoder(&mapstructure.DecoderConfig{ 59 DecodeHook: mapstructure.ComposeDecodeHookFunc( 60 // decode.HookWeakDecodeFromSlice is only necessary when reading from 61 // an HCL config file. In the future we could omit it when reading from 62 // JSON configs. It is left here for now to maintain backwards compat 63 // for the unlikely scenario that someone is using malformed JSON configs 64 // and expecting this behaviour to correct their config. 65 decode.HookWeakDecodeFromSlice, 66 decode.HookTranslateKeys, 67 ), 68 Metadata: &md, 69 Result: &c, 70 }) 71 if err != nil { 72 return Config{}, md, err 73 } 74 if err := d.Decode(raw); err != nil { 75 return Config{}, md, err 76 } 77 78 return c, md, nil 79} 80 81// LiteralSource implements Source and returns an existing Config struct. 82type LiteralSource struct { 83 Name string 84 Config Config 85} 86 87func (l LiteralSource) Source() string { 88 return l.Name 89} 90 91func (l LiteralSource) Parse() (Config, mapstructure.Metadata, error) { 92 return l.Config, mapstructure.Metadata{}, nil 93} 94 95// Cache configuration for the agent/cache. 96type Cache struct { 97 // EntryFetchMaxBurst max burst size of RateLimit for a single cache entry 98 EntryFetchMaxBurst *int `mapstructure:"entry_fetch_max_burst"` 99 // EntryFetchRate represents the max calls/sec for a single cache entry 100 EntryFetchRate *float64 `mapstructure:"entry_fetch_rate"` 101} 102 103// Config defines the format of a configuration file in either JSON or 104// HCL format. 105// 106// It must contain only pointer values, slices and maps to support 107// standardized merging of multiple Config structs into one. 108// 109// Since this is the format which users use to specify their 110// configuration it should be treated as an external API which cannot be 111// changed and refactored at will since this will break existing setups. 112type Config struct { 113 // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza 114 ACLAgentMasterToken *string `mapstructure:"acl_agent_master_token"` 115 // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza 116 ACLAgentToken *string `mapstructure:"acl_agent_token"` 117 // DEPRECATED (ACL-Legacy-Compat) - moved to "primary_datacenter" 118 ACLDatacenter *string `mapstructure:"acl_datacenter"` 119 // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza 120 ACLDefaultPolicy *string `mapstructure:"acl_default_policy"` 121 // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza 122 ACLDownPolicy *string `mapstructure:"acl_down_policy"` 123 // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza 124 ACLEnableKeyListPolicy *bool `mapstructure:"acl_enable_key_list_policy"` 125 // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza 126 ACLMasterToken *string `mapstructure:"acl_master_token"` 127 // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza 128 ACLReplicationToken *string `mapstructure:"acl_replication_token"` 129 // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza 130 ACLTTL *string `mapstructure:"acl_ttl"` 131 // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl.tokens" stanza 132 ACLToken *string `mapstructure:"acl_token"` 133 ACL ACL `mapstructure:"acl"` 134 Addresses Addresses `mapstructure:"addresses"` 135 AdvertiseAddrLAN *string `mapstructure:"advertise_addr"` 136 AdvertiseAddrLANIPv4 *string `mapstructure:"advertise_addr_ipv4"` 137 AdvertiseAddrLANIPv6 *string `mapstructure:"advertise_addr_ipv6"` 138 AdvertiseAddrWAN *string `mapstructure:"advertise_addr_wan"` 139 AdvertiseAddrWANIPv4 *string `mapstructure:"advertise_addr_wan_ipv4"` 140 AdvertiseAddrWANIPv6 *string `mapstructure:"advertise_addr_wan_ipv6"` 141 AdvertiseReconnectTimeout *string `mapstructure:"advertise_reconnect_timeout"` 142 AutoConfig AutoConfigRaw `mapstructure:"auto_config"` 143 Autopilot Autopilot `mapstructure:"autopilot"` 144 BindAddr *string `mapstructure:"bind_addr"` 145 Bootstrap *bool `mapstructure:"bootstrap"` 146 BootstrapExpect *int `mapstructure:"bootstrap_expect"` 147 Cache Cache `mapstructure:"cache"` 148 CAFile *string `mapstructure:"ca_file"` 149 CAPath *string `mapstructure:"ca_path"` 150 CertFile *string `mapstructure:"cert_file"` 151 Check *CheckDefinition `mapstructure:"check"` // needs to be a pointer to avoid partial merges 152 CheckOutputMaxSize *int `mapstructure:"check_output_max_size"` 153 CheckUpdateInterval *string `mapstructure:"check_update_interval"` 154 Checks []CheckDefinition `mapstructure:"checks"` 155 ClientAddr *string `mapstructure:"client_addr"` 156 ConfigEntries ConfigEntries `mapstructure:"config_entries"` 157 AutoEncrypt AutoEncrypt `mapstructure:"auto_encrypt"` 158 Connect Connect `mapstructure:"connect"` 159 DNS DNS `mapstructure:"dns_config"` 160 DNSDomain *string `mapstructure:"domain"` 161 DNSAltDomain *string `mapstructure:"alt_domain"` 162 DNSRecursors []string `mapstructure:"recursors"` 163 DataDir *string `mapstructure:"data_dir"` 164 Datacenter *string `mapstructure:"datacenter"` 165 DefaultQueryTime *string `mapstructure:"default_query_time"` 166 DisableAnonymousSignature *bool `mapstructure:"disable_anonymous_signature"` 167 DisableCoordinates *bool `mapstructure:"disable_coordinates"` 168 DisableHostNodeID *bool `mapstructure:"disable_host_node_id"` 169 DisableHTTPUnprintableCharFilter *bool `mapstructure:"disable_http_unprintable_char_filter"` 170 DisableKeyringFile *bool `mapstructure:"disable_keyring_file"` 171 DisableRemoteExec *bool `mapstructure:"disable_remote_exec"` 172 DisableUpdateCheck *bool `mapstructure:"disable_update_check"` 173 DiscardCheckOutput *bool `mapstructure:"discard_check_output"` 174 DiscoveryMaxStale *string `mapstructure:"discovery_max_stale"` 175 EnableACLReplication *bool `mapstructure:"enable_acl_replication"` 176 EnableAgentTLSForChecks *bool `mapstructure:"enable_agent_tls_for_checks"` 177 EnableCentralServiceConfig *bool `mapstructure:"enable_central_service_config"` 178 EnableDebug *bool `mapstructure:"enable_debug"` 179 EnableScriptChecks *bool `mapstructure:"enable_script_checks"` 180 EnableLocalScriptChecks *bool `mapstructure:"enable_local_script_checks"` 181 EnableSyslog *bool `mapstructure:"enable_syslog"` 182 EncryptKey *string `mapstructure:"encrypt"` 183 EncryptVerifyIncoming *bool `mapstructure:"encrypt_verify_incoming"` 184 EncryptVerifyOutgoing *bool `mapstructure:"encrypt_verify_outgoing"` 185 GossipLAN GossipLANConfig `mapstructure:"gossip_lan"` 186 GossipWAN GossipWANConfig `mapstructure:"gossip_wan"` 187 HTTPConfig HTTPConfig `mapstructure:"http_config"` 188 KeyFile *string `mapstructure:"key_file"` 189 LeaveOnTerm *bool `mapstructure:"leave_on_terminate"` 190 LicensePath *string `mapstructure:"license_path"` 191 Limits Limits `mapstructure:"limits"` 192 LogLevel *string `mapstructure:"log_level"` 193 LogJSON *bool `mapstructure:"log_json"` 194 LogFile *string `mapstructure:"log_file"` 195 LogRotateDuration *string `mapstructure:"log_rotate_duration"` 196 LogRotateBytes *int `mapstructure:"log_rotate_bytes"` 197 LogRotateMaxFiles *int `mapstructure:"log_rotate_max_files"` 198 MaxQueryTime *string `mapstructure:"max_query_time"` 199 NodeID *string `mapstructure:"node_id"` 200 NodeMeta map[string]string `mapstructure:"node_meta"` 201 NodeName *string `mapstructure:"node_name"` 202 Performance Performance `mapstructure:"performance"` 203 PidFile *string `mapstructure:"pid_file"` 204 Ports Ports `mapstructure:"ports"` 205 PrimaryDatacenter *string `mapstructure:"primary_datacenter"` 206 PrimaryGateways []string `mapstructure:"primary_gateways"` 207 PrimaryGatewaysInterval *string `mapstructure:"primary_gateways_interval"` 208 RPCProtocol *int `mapstructure:"protocol"` 209 RaftProtocol *int `mapstructure:"raft_protocol"` 210 RaftSnapshotThreshold *int `mapstructure:"raft_snapshot_threshold"` 211 RaftSnapshotInterval *string `mapstructure:"raft_snapshot_interval"` 212 RaftTrailingLogs *int `mapstructure:"raft_trailing_logs"` 213 ReconnectTimeoutLAN *string `mapstructure:"reconnect_timeout"` 214 ReconnectTimeoutWAN *string `mapstructure:"reconnect_timeout_wan"` 215 RejoinAfterLeave *bool `mapstructure:"rejoin_after_leave"` 216 RetryJoinIntervalLAN *string `mapstructure:"retry_interval"` 217 RetryJoinIntervalWAN *string `mapstructure:"retry_interval_wan"` 218 RetryJoinLAN []string `mapstructure:"retry_join"` 219 RetryJoinMaxAttemptsLAN *int `mapstructure:"retry_max"` 220 RetryJoinMaxAttemptsWAN *int `mapstructure:"retry_max_wan"` 221 RetryJoinWAN []string `mapstructure:"retry_join_wan"` 222 SerfAllowedCIDRsLAN []string `mapstructure:"serf_lan_allowed_cidrs"` 223 SerfAllowedCIDRsWAN []string `mapstructure:"serf_wan_allowed_cidrs"` 224 SerfBindAddrLAN *string `mapstructure:"serf_lan"` 225 SerfBindAddrWAN *string `mapstructure:"serf_wan"` 226 ServerMode *bool `mapstructure:"server"` 227 ServerName *string `mapstructure:"server_name"` 228 Service *ServiceDefinition `mapstructure:"service"` 229 Services []ServiceDefinition `mapstructure:"services"` 230 SessionTTLMin *string `mapstructure:"session_ttl_min"` 231 SkipLeaveOnInt *bool `mapstructure:"skip_leave_on_interrupt"` 232 StartJoinAddrsLAN []string `mapstructure:"start_join"` 233 StartJoinAddrsWAN []string `mapstructure:"start_join_wan"` 234 SyslogFacility *string `mapstructure:"syslog_facility"` 235 TLSCipherSuites *string `mapstructure:"tls_cipher_suites"` 236 TLSMinVersion *string `mapstructure:"tls_min_version"` 237 TLSPreferServerCipherSuites *bool `mapstructure:"tls_prefer_server_cipher_suites"` 238 TaggedAddresses map[string]string `mapstructure:"tagged_addresses"` 239 Telemetry Telemetry `mapstructure:"telemetry"` 240 TranslateWANAddrs *bool `mapstructure:"translate_wan_addrs"` 241 242 // DEPRECATED (ui-config) - moved to the ui_config stanza 243 UI *bool `mapstructure:"ui"` 244 // DEPRECATED (ui-config) - moved to the ui_config stanza 245 UIContentPath *string `mapstructure:"ui_content_path"` 246 // DEPRECATED (ui-config) - moved to the ui_config stanza 247 UIDir *string `mapstructure:"ui_dir"` 248 UIConfig RawUIConfig `mapstructure:"ui_config"` 249 250 UnixSocket UnixSocket `mapstructure:"unix_sockets"` 251 VerifyIncoming *bool `mapstructure:"verify_incoming"` 252 VerifyIncomingHTTPS *bool `mapstructure:"verify_incoming_https"` 253 VerifyIncomingRPC *bool `mapstructure:"verify_incoming_rpc"` 254 VerifyOutgoing *bool `mapstructure:"verify_outgoing"` 255 VerifyServerHostname *bool `mapstructure:"verify_server_hostname"` 256 Watches []map[string]interface{} `mapstructure:"watches"` 257 258 RPC RPC `mapstructure:"rpc"` 259 260 // UseStreamingBackend instead of blocking queries for service health and 261 // any other endpoints which support streaming. 262 UseStreamingBackend *bool `mapstructure:"use_streaming_backend"` 263 264 // This isn't used by Consul but we've documented a feature where users 265 // can deploy their snapshot agent configs alongside their Consul configs 266 // so we have a placeholder here so it can be parsed but this doesn't 267 // manifest itself in any way inside the runtime config. 268 SnapshotAgent map[string]interface{} `mapstructure:"snapshot_agent"` 269 270 // non-user configurable values 271 // DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza 272 ACLDisabledTTL *string `mapstructure:"acl_disabled_ttl"` 273 AEInterval *string `mapstructure:"ae_interval"` 274 CheckDeregisterIntervalMin *string `mapstructure:"check_deregister_interval_min"` 275 CheckReapInterval *string `mapstructure:"check_reap_interval"` 276 Consul Consul `mapstructure:"consul"` 277 Revision *string `mapstructure:"revision"` 278 SegmentLimit *int `mapstructure:"segment_limit"` 279 SegmentNameLimit *int `mapstructure:"segment_name_limit"` 280 SyncCoordinateIntervalMin *string `mapstructure:"sync_coordinate_interval_min"` 281 SyncCoordinateRateTarget *float64 `mapstructure:"sync_coordinate_rate_target"` 282 Version *string `mapstructure:"version"` 283 VersionPrerelease *string `mapstructure:"version_prerelease"` 284 285 // Enterprise Only 286 Audit *Audit `mapstructure:"audit"` 287 // Enterprise Only 288 ReadReplica *bool `mapstructure:"read_replica" alias:"non_voting_server"` 289 // Enterprise Only 290 SegmentName *string `mapstructure:"segment"` 291 // Enterprise Only 292 Segments []Segment `mapstructure:"segments"` 293 294 // Enterprise Only - not user configurable 295 LicensePollBaseTime *string `mapstructure:"license_poll_base_time"` 296 LicensePollMaxTime *string `mapstructure:"license_poll_max_time"` 297 LicenseUpdateBaseTime *string `mapstructure:"license_update_base_time"` 298 LicenseUpdateMaxTime *string `mapstructure:"license_update_max_time"` 299} 300 301type GossipLANConfig struct { 302 GossipNodes *int `mapstructure:"gossip_nodes"` 303 GossipInterval *string `mapstructure:"gossip_interval"` 304 ProbeInterval *string `mapstructure:"probe_interval"` 305 ProbeTimeout *string `mapstructure:"probe_timeout"` 306 SuspicionMult *int `mapstructure:"suspicion_mult"` 307 RetransmitMult *int `mapstructure:"retransmit_mult"` 308} 309 310type GossipWANConfig struct { 311 GossipNodes *int `mapstructure:"gossip_nodes"` 312 GossipInterval *string `mapstructure:"gossip_interval"` 313 ProbeInterval *string `mapstructure:"probe_interval"` 314 ProbeTimeout *string `mapstructure:"probe_timeout"` 315 SuspicionMult *int `mapstructure:"suspicion_mult"` 316 RetransmitMult *int `mapstructure:"retransmit_mult"` 317} 318 319type Consul struct { 320 Coordinate struct { 321 UpdateBatchSize *int `mapstructure:"update_batch_size"` 322 UpdateMaxBatches *int `mapstructure:"update_max_batches"` 323 UpdatePeriod *string `mapstructure:"update_period"` 324 } `mapstructure:"coordinate"` 325 326 Raft struct { 327 ElectionTimeout *string `mapstructure:"election_timeout"` 328 HeartbeatTimeout *string `mapstructure:"heartbeat_timeout"` 329 LeaderLeaseTimeout *string `mapstructure:"leader_lease_timeout"` 330 } `mapstructure:"raft"` 331 332 Server struct { 333 HealthInterval *string `mapstructure:"health_interval"` 334 } `mapstructure:"server"` 335} 336 337type Addresses struct { 338 DNS *string `mapstructure:"dns"` 339 HTTP *string `mapstructure:"http"` 340 HTTPS *string `mapstructure:"https"` 341 GRPC *string `mapstructure:"grpc"` 342} 343 344type AdvertiseAddrsConfig struct { 345 RPC *string `mapstructure:"rpc"` 346 SerfLAN *string `mapstructure:"serf_lan"` 347 SerfWAN *string `mapstructure:"serf_wan"` 348} 349 350type Autopilot struct { 351 CleanupDeadServers *bool `mapstructure:"cleanup_dead_servers"` 352 LastContactThreshold *string `mapstructure:"last_contact_threshold"` 353 MaxTrailingLogs *int `mapstructure:"max_trailing_logs"` 354 MinQuorum *uint `mapstructure:"min_quorum"` 355 ServerStabilizationTime *string `mapstructure:"server_stabilization_time"` 356 357 // Enterprise Only 358 DisableUpgradeMigration *bool `mapstructure:"disable_upgrade_migration"` 359 // Enterprise Only 360 RedundancyZoneTag *string `mapstructure:"redundancy_zone_tag"` 361 // Enterprise Only 362 UpgradeVersionTag *string `mapstructure:"upgrade_version_tag"` 363} 364 365// ServiceWeights defines the registration of weights used in DNS for a Service 366type ServiceWeights struct { 367 Passing *int `mapstructure:"passing"` 368 Warning *int `mapstructure:"warning"` 369} 370 371type ServiceAddress struct { 372 Address *string `mapstructure:"address"` 373 Port *int `mapstructure:"port"` 374} 375 376type ServiceDefinition struct { 377 Kind *string `mapstructure:"kind"` 378 ID *string `mapstructure:"id"` 379 Name *string `mapstructure:"name"` 380 Tags []string `mapstructure:"tags"` 381 Address *string `mapstructure:"address"` 382 TaggedAddresses map[string]ServiceAddress `mapstructure:"tagged_addresses"` 383 Meta map[string]string `mapstructure:"meta"` 384 Port *int `mapstructure:"port"` 385 SocketPath *string `mapstructure:"socket_path"` 386 Check *CheckDefinition `mapstructure:"check"` 387 Checks []CheckDefinition `mapstructure:"checks"` 388 Token *string `mapstructure:"token"` 389 Weights *ServiceWeights `mapstructure:"weights"` 390 EnableTagOverride *bool `mapstructure:"enable_tag_override"` 391 Proxy *ServiceProxy `mapstructure:"proxy"` 392 Connect *ServiceConnect `mapstructure:"connect"` 393 394 EnterpriseMeta `mapstructure:",squash"` 395} 396 397type CheckDefinition struct { 398 ID *string `mapstructure:"id"` 399 Name *string `mapstructure:"name"` 400 Notes *string `mapstructure:"notes"` 401 ServiceID *string `mapstructure:"service_id" alias:"serviceid"` 402 Token *string `mapstructure:"token"` 403 Status *string `mapstructure:"status"` 404 ScriptArgs []string `mapstructure:"args" alias:"scriptargs"` 405 HTTP *string `mapstructure:"http"` 406 Header map[string][]string `mapstructure:"header"` 407 Method *string `mapstructure:"method"` 408 Body *string `mapstructure:"body"` 409 OutputMaxSize *int `mapstructure:"output_max_size"` 410 TCP *string `mapstructure:"tcp"` 411 Interval *string `mapstructure:"interval"` 412 DockerContainerID *string `mapstructure:"docker_container_id" alias:"dockercontainerid"` 413 Shell *string `mapstructure:"shell"` 414 GRPC *string `mapstructure:"grpc"` 415 GRPCUseTLS *bool `mapstructure:"grpc_use_tls"` 416 TLSServerName *string `mapstructure:"tls_server_name"` 417 TLSSkipVerify *bool `mapstructure:"tls_skip_verify" alias:"tlsskipverify"` 418 AliasNode *string `mapstructure:"alias_node"` 419 AliasService *string `mapstructure:"alias_service"` 420 Timeout *string `mapstructure:"timeout"` 421 TTL *string `mapstructure:"ttl"` 422 H2PING *string `mapstructure:"h2ping"` 423 SuccessBeforePassing *int `mapstructure:"success_before_passing"` 424 FailuresBeforeCritical *int `mapstructure:"failures_before_critical"` 425 DeregisterCriticalServiceAfter *string `mapstructure:"deregister_critical_service_after" alias:"deregistercriticalserviceafter"` 426 427 EnterpriseMeta `mapstructure:",squash"` 428} 429 430// ServiceConnect is the connect block within a service registration 431type ServiceConnect struct { 432 // Native is true when this service can natively understand Connect. 433 Native *bool `mapstructure:"native"` 434 435 // SidecarService is a nested Service Definition to register at the same time. 436 // It's purely a convenience mechanism to allow specifying a sidecar service 437 // along with the application service definition. It's nested nature allows 438 // all of the fields to be defaulted which can reduce the amount of 439 // boilerplate needed to register a sidecar service separately, but the end 440 // result is identical to just making a second service registration via any 441 // other means. 442 SidecarService *ServiceDefinition `mapstructure:"sidecar_service"` 443} 444 445// ServiceProxy is the additional config needed for a Kind = connect-proxy 446// registration. 447type ServiceProxy struct { 448 // DestinationServiceName is required and is the name of the service to accept 449 // traffic for. 450 DestinationServiceName *string `mapstructure:"destination_service_name"` 451 452 // DestinationServiceID is optional and should only be specified for 453 // "side-car" style proxies where the proxy is in front of just a single 454 // instance of the service. It should be set to the service ID of the instance 455 // being represented which must be registered to the same agent. It's valid to 456 // provide a service ID that does not yet exist to avoid timing issues when 457 // bootstrapping a service with a proxy. 458 DestinationServiceID *string `mapstructure:"destination_service_id"` 459 460 // LocalServiceAddress is the address of the local service instance. It is 461 // optional and should only be specified for "side-car" style proxies. It will 462 // default to 127.0.0.1 if the proxy is a "side-car" (DestinationServiceID is 463 // set) but otherwise will be ignored. 464 LocalServiceAddress *string `mapstructure:"local_service_address"` 465 466 // LocalServicePort is the port of the local service instance. It is optional 467 // and should only be specified for "side-car" style proxies. It will default 468 // to the registered port for the instance if the proxy is a "side-car" 469 // (DestinationServiceID is set) but otherwise will be ignored. 470 LocalServicePort *int `mapstructure:"local_service_port"` 471 472 // LocalServiceSocketPath is the socket of the local service instance. It is optional 473 // and should only be specified for "side-car" style proxies. 474 LocalServiceSocketPath string `mapstructure:"local_service_socket_path"` 475 476 // TransparentProxy configuration. 477 TransparentProxy *TransparentProxyConfig `mapstructure:"transparent_proxy"` 478 479 // Mode represents how the proxy's inbound and upstream listeners are dialed. 480 Mode *string `mapstructure:"mode"` 481 482 // Config is the arbitrary configuration data provided with the proxy 483 // registration. 484 Config map[string]interface{} `mapstructure:"config"` 485 486 // Upstreams describes any upstream dependencies the proxy instance should 487 // setup. 488 Upstreams []Upstream `mapstructure:"upstreams"` 489 490 // Mesh Gateway Configuration 491 MeshGateway *MeshGatewayConfig `mapstructure:"mesh_gateway"` 492 493 // Expose defines whether checks or paths are exposed through the proxy 494 Expose *ExposeConfig `mapstructure:"expose"` 495} 496 497// Upstream represents a single upstream dependency for a service or proxy. It 498// describes the mechanism used to discover instances to communicate with (the 499// Target) as well as any potential client configuration that may be useful such 500// as load balancer options, timeouts etc. 501type Upstream struct { 502 // Destination fields are the required ones for determining what this upstream 503 // points to. Depending on DestinationType some other fields below might 504 // further restrict the set of instances allowable. 505 // 506 // DestinationType would be better as an int constant but even with custom 507 // JSON marshallers it causes havoc with all the mapstructure mangling we do 508 // on service definitions in various places. 509 DestinationType *string `mapstructure:"destination_type"` 510 DestinationNamespace *string `mapstructure:"destination_namespace"` 511 DestinationName *string `mapstructure:"destination_name"` 512 513 // Datacenter that the service discovery request should be run against. Note 514 // for prepared queries, the actual results might be from a different 515 // datacenter. 516 Datacenter *string `mapstructure:"datacenter"` 517 518 // It would be worth thinking about a separate structure for these four items, 519 // unifying under address as something like "unix:/tmp/foo", "tcp:localhost:80" could make sense 520 // LocalBindAddress is the ip address a side-car proxy should listen on for 521 // traffic destined for this upstream service. Default if empty and local bind socket 522 // is not present is 127.0.0.1. 523 LocalBindAddress *string `mapstructure:"local_bind_address"` 524 525 // LocalBindPort is the ip address a side-car proxy should listen on for traffic 526 // destined for this upstream service. Required. 527 LocalBindPort *int `mapstructure:"local_bind_port"` 528 529 // These are exclusive with LocalBindAddress/LocalBindPort. These are created under our control. 530 LocalBindSocketPath *string `mapstructure:"local_bind_socket_path"` 531 LocalBindSocketMode *string `mapstructure:"local_bind_socket_mode"` 532 533 // Config is an opaque config that is specific to the proxy process being run. 534 // It can be used to pass arbitrary configuration for this specific upstream 535 // to the proxy. 536 Config map[string]interface{} `mapstructure:"config"` 537 538 // Mesh Gateway Configuration 539 MeshGateway *MeshGatewayConfig `mapstructure:"mesh_gateway"` 540} 541 542type MeshGatewayConfig struct { 543 // Mesh Gateway Mode 544 Mode *string `mapstructure:"mode"` 545} 546 547type TransparentProxyConfig struct { 548 // The port of the listener where outbound application traffic is being redirected to. 549 OutboundListenerPort *int `mapstructure:"outbound_listener_port"` 550 551 // DialedDirectly indicates whether transparent proxies can dial this proxy instance directly. 552 // The discovery chain is not considered when dialing a service instance directly. 553 // This setting is useful when addressing stateful services, such as a database cluster with a leader node. 554 DialedDirectly *bool `mapstructure:"dialed_directly"` 555} 556 557// ExposeConfig describes HTTP paths to expose through Envoy outside of Connect. 558// Users can expose individual paths and/or all HTTP/GRPC paths for checks. 559type ExposeConfig struct { 560 // Checks defines whether paths associated with Consul checks will be exposed. 561 // This flag triggers exposing all HTTP and GRPC check paths registered for the service. 562 Checks *bool `mapstructure:"checks"` 563 564 // Port defines the port of the proxy's listener for exposed paths. 565 Port *int `mapstructure:"port"` 566 567 // Paths is the list of paths exposed through the proxy. 568 Paths []ExposePath `mapstructure:"paths"` 569} 570 571type ExposePath struct { 572 // ListenerPort defines the port of the proxy's listener for exposed paths. 573 ListenerPort *int `mapstructure:"listener_port"` 574 575 // Path is the path to expose through the proxy, ie. "/metrics." 576 Path *string `mapstructure:"path"` 577 578 // Protocol describes the upstream's service protocol. 579 Protocol *string `mapstructure:"protocol"` 580 581 // LocalPathPort is the port that the service is listening on for the given path. 582 LocalPathPort *int `mapstructure:"local_path_port"` 583} 584 585// AutoEncrypt is the agent-global auto_encrypt configuration. 586type AutoEncrypt struct { 587 // TLS enables receiving certificates for clients from servers 588 TLS *bool `mapstructure:"tls"` 589 590 // Additional DNS SAN entries that clients request for their certificates. 591 DNSSAN []string `mapstructure:"dns_san"` 592 593 // Additional IP SAN entries that clients request for their certificates. 594 IPSAN []string `mapstructure:"ip_san"` 595 596 // AllowTLS enables the RPC endpoint on the server to answer 597 // AutoEncrypt.Sign requests. 598 AllowTLS *bool `mapstructure:"allow_tls"` 599} 600 601// Connect is the agent-global connect configuration. 602type Connect struct { 603 // Enabled opts the agent into connect. It should be set on all clients and 604 // servers in a cluster for correct connect operation. 605 Enabled *bool `mapstructure:"enabled"` 606 CAProvider *string `mapstructure:"ca_provider"` 607 CAConfig map[string]interface{} `mapstructure:"ca_config"` 608 MeshGatewayWANFederationEnabled *bool `mapstructure:"enable_mesh_gateway_wan_federation"` 609 610 // TestCALeafRootChangeSpread controls how long after a CA roots change before new leaft certs will be generated. 611 // This is only tuned in tests, generally set to 1ns to make tests deterministic with when to expect updated leaf 612 // certs by. This configuration is not exposed to users (not documented, and agent/config/default.go will override it) 613 TestCALeafRootChangeSpread *string `mapstructure:"test_ca_leaf_root_change_spread"` 614} 615 616// SOA is the configuration of SOA for DNS 617type SOA struct { 618 Refresh *uint32 `mapstructure:"refresh"` 619 Retry *uint32 `mapstructure:"retry"` 620 Expire *uint32 `mapstructure:"expire"` 621 Minttl *uint32 `mapstructure:"min_ttl"` 622} 623 624type DNS struct { 625 AllowStale *bool `mapstructure:"allow_stale"` 626 ARecordLimit *int `mapstructure:"a_record_limit"` 627 DisableCompression *bool `mapstructure:"disable_compression"` 628 EnableTruncate *bool `mapstructure:"enable_truncate"` 629 MaxStale *string `mapstructure:"max_stale"` 630 NodeTTL *string `mapstructure:"node_ttl"` 631 OnlyPassing *bool `mapstructure:"only_passing"` 632 RecursorTimeout *string `mapstructure:"recursor_timeout"` 633 ServiceTTL map[string]string `mapstructure:"service_ttl"` 634 UDPAnswerLimit *int `mapstructure:"udp_answer_limit"` 635 NodeMetaTXT *bool `mapstructure:"enable_additional_node_meta_txt"` 636 SOA *SOA `mapstructure:"soa"` 637 UseCache *bool `mapstructure:"use_cache"` 638 CacheMaxAge *string `mapstructure:"cache_max_age"` 639 640 // Enterprise Only 641 PreferNamespace *bool `mapstructure:"prefer_namespace"` 642} 643 644type HTTPConfig struct { 645 BlockEndpoints []string `mapstructure:"block_endpoints"` 646 AllowWriteHTTPFrom []string `mapstructure:"allow_write_http_from"` 647 ResponseHeaders map[string]string `mapstructure:"response_headers"` 648 UseCache *bool `mapstructure:"use_cache"` 649 MaxHeaderBytes *int `mapstructure:"max_header_bytes"` 650} 651 652type Performance struct { 653 LeaveDrainTime *string `mapstructure:"leave_drain_time"` 654 RaftMultiplier *int `mapstructure:"raft_multiplier"` // todo(fs): validate as uint 655 RPCHoldTimeout *string `mapstructure:"rpc_hold_timeout"` 656} 657 658type Telemetry struct { 659 CirconusAPIApp *string `mapstructure:"circonus_api_app"` 660 CirconusAPIToken *string `mapstructure:"circonus_api_token"` 661 CirconusAPIURL *string `mapstructure:"circonus_api_url"` 662 CirconusBrokerID *string `mapstructure:"circonus_broker_id"` 663 CirconusBrokerSelectTag *string `mapstructure:"circonus_broker_select_tag"` 664 CirconusCheckDisplayName *string `mapstructure:"circonus_check_display_name"` 665 CirconusCheckForceMetricActivation *string `mapstructure:"circonus_check_force_metric_activation"` 666 CirconusCheckID *string `mapstructure:"circonus_check_id"` 667 CirconusCheckInstanceID *string `mapstructure:"circonus_check_instance_id"` 668 CirconusCheckSearchTag *string `mapstructure:"circonus_check_search_tag"` 669 CirconusCheckTags *string `mapstructure:"circonus_check_tags"` 670 CirconusSubmissionInterval *string `mapstructure:"circonus_submission_interval"` 671 CirconusSubmissionURL *string `mapstructure:"circonus_submission_url"` 672 DisableCompatOneNine *bool `mapstructure:"disable_compat_1.9"` 673 DisableHostname *bool `mapstructure:"disable_hostname"` 674 DogstatsdAddr *string `mapstructure:"dogstatsd_addr"` 675 DogstatsdTags []string `mapstructure:"dogstatsd_tags"` 676 FilterDefault *bool `mapstructure:"filter_default"` 677 PrefixFilter []string `mapstructure:"prefix_filter"` 678 MetricsPrefix *string `mapstructure:"metrics_prefix"` 679 PrometheusRetentionTime *string `mapstructure:"prometheus_retention_time"` 680 StatsdAddr *string `mapstructure:"statsd_address"` 681 StatsiteAddr *string `mapstructure:"statsite_address"` 682} 683 684type Ports struct { 685 DNS *int `mapstructure:"dns"` 686 HTTP *int `mapstructure:"http"` 687 HTTPS *int `mapstructure:"https"` 688 SerfLAN *int `mapstructure:"serf_lan"` 689 SerfWAN *int `mapstructure:"serf_wan"` 690 Server *int `mapstructure:"server"` 691 GRPC *int `mapstructure:"grpc"` 692 ProxyMinPort *int `mapstructure:"proxy_min_port"` 693 ProxyMaxPort *int `mapstructure:"proxy_max_port"` 694 SidecarMinPort *int `mapstructure:"sidecar_min_port"` 695 SidecarMaxPort *int `mapstructure:"sidecar_max_port"` 696 ExposeMinPort *int `mapstructure:"expose_min_port"` 697 ExposeMaxPort *int `mapstructure:"expose_max_port"` 698} 699 700type UnixSocket struct { 701 Group *string `mapstructure:"group"` 702 Mode *string `mapstructure:"mode"` 703 User *string `mapstructure:"user"` 704} 705 706type Limits struct { 707 HTTPMaxConnsPerClient *int `mapstructure:"http_max_conns_per_client"` 708 HTTPSHandshakeTimeout *string `mapstructure:"https_handshake_timeout"` 709 RPCHandshakeTimeout *string `mapstructure:"rpc_handshake_timeout"` 710 RPCMaxBurst *int `mapstructure:"rpc_max_burst"` 711 RPCMaxConnsPerClient *int `mapstructure:"rpc_max_conns_per_client"` 712 RPCRate *float64 `mapstructure:"rpc_rate"` 713 KVMaxValueSize *uint64 `mapstructure:"kv_max_value_size"` 714 TxnMaxReqLen *uint64 `mapstructure:"txn_max_req_len"` 715} 716 717type Segment struct { 718 Advertise *string `mapstructure:"advertise"` 719 Bind *string `mapstructure:"bind"` 720 Name *string `mapstructure:"name"` 721 Port *int `mapstructure:"port"` 722 RPCListener *bool `mapstructure:"rpc_listener"` 723} 724 725type ACL struct { 726 Enabled *bool `mapstructure:"enabled"` 727 TokenReplication *bool `mapstructure:"enable_token_replication"` 728 PolicyTTL *string `mapstructure:"policy_ttl"` 729 RoleTTL *string `mapstructure:"role_ttl"` 730 TokenTTL *string `mapstructure:"token_ttl"` 731 DownPolicy *string `mapstructure:"down_policy"` 732 DefaultPolicy *string `mapstructure:"default_policy"` 733 EnableKeyListPolicy *bool `mapstructure:"enable_key_list_policy"` 734 Tokens Tokens `mapstructure:"tokens"` 735 DisabledTTL *string `mapstructure:"disabled_ttl"` 736 EnableTokenPersistence *bool `mapstructure:"enable_token_persistence"` 737 738 // Enterprise Only 739 MSPDisableBootstrap *bool `mapstructure:"msp_disable_bootstrap"` 740} 741 742type Tokens struct { 743 Master *string `mapstructure:"master"` 744 Replication *string `mapstructure:"replication"` 745 AgentMaster *string `mapstructure:"agent_master"` 746 Default *string `mapstructure:"default"` 747 Agent *string `mapstructure:"agent"` 748 749 // Enterprise Only 750 ManagedServiceProvider []ServiceProviderToken `mapstructure:"managed_service_provider"` 751} 752 753// ServiceProviderToken groups an accessor and secret for a service provider token. Enterprise Only 754type ServiceProviderToken struct { 755 AccessorID *string `mapstructure:"accessor_id"` 756 SecretID *string `mapstructure:"secret_id"` 757} 758 759type ConfigEntries struct { 760 // Bootstrap is the list of config_entries that should only be persisted to 761 // cluster on initial startup of a new leader if no such config exists 762 // already. The type is map not structs.ConfigEntry for decoding reasons - we 763 // need to figure out the right concrete type before we can decode it 764 // unabiguously. 765 Bootstrap []map[string]interface{} `mapstructure:"bootstrap"` 766} 767 768// Audit allows us to enable and define destinations for auditing 769type Audit struct { 770 Enabled *bool `mapstructure:"enabled"` 771 Sinks map[string]AuditSink `mapstructure:"sink"` 772} 773 774// AuditSink can be provided multiple times to define pipelines for auditing 775type AuditSink struct { 776 Name *string `mapstructure:"name"` 777 Type *string `mapstructure:"type"` 778 Format *string `mapstructure:"format"` 779 Path *string `mapstructure:"path"` 780 DeliveryGuarantee *string `mapstructure:"delivery_guarantee"` 781 RotateBytes *int `mapstructure:"rotate_bytes"` 782 RotateDuration *string `mapstructure:"rotate_duration"` 783 RotateMaxFiles *int `mapstructure:"rotate_max_files"` 784} 785 786type AutoConfigRaw struct { 787 Enabled *bool `mapstructure:"enabled"` 788 IntroToken *string `mapstructure:"intro_token"` 789 IntroTokenFile *string `mapstructure:"intro_token_file"` 790 ServerAddresses []string `mapstructure:"server_addresses"` 791 DNSSANs []string `mapstructure:"dns_sans"` 792 IPSANs []string `mapstructure:"ip_sans"` 793 Authorization AutoConfigAuthorizationRaw `mapstructure:"authorization"` 794} 795 796type AutoConfigAuthorizationRaw struct { 797 Enabled *bool `mapstructure:"enabled"` 798 Static AutoConfigAuthorizerRaw `mapstructure:"static"` 799} 800 801type AutoConfigAuthorizerRaw struct { 802 ClaimAssertions []string `mapstructure:"claim_assertions"` 803 AllowReuse *bool `mapstructure:"allow_reuse"` 804 805 // Fields to be shared with the JWT Auth Method 806 JWTSupportedAlgs []string `mapstructure:"jwt_supported_algs"` 807 BoundAudiences []string `mapstructure:"bound_audiences"` 808 ClaimMappings map[string]string `mapstructure:"claim_mappings"` 809 ListClaimMappings map[string]string `mapstructure:"list_claim_mappings"` 810 OIDCDiscoveryURL *string `mapstructure:"oidc_discovery_url"` 811 OIDCDiscoveryCACert *string `mapstructure:"oidc_discovery_ca_cert"` 812 JWKSURL *string `mapstructure:"jwks_url"` 813 JWKSCACert *string `mapstructure:"jwks_ca_cert"` 814 JWTValidationPubKeys []string `mapstructure:"jwt_validation_pub_keys"` 815 BoundIssuer *string `mapstructure:"bound_issuer"` 816 ExpirationLeeway *string `mapstructure:"expiration_leeway"` 817 NotBeforeLeeway *string `mapstructure:"not_before_leeway"` 818 ClockSkewLeeway *string `mapstructure:"clock_skew_leeway"` 819} 820 821type RawUIConfig struct { 822 Enabled *bool `mapstructure:"enabled"` 823 Dir *string `mapstructure:"dir"` 824 ContentPath *string `mapstructure:"content_path"` 825 MetricsProvider *string `mapstructure:"metrics_provider"` 826 MetricsProviderFiles []string `mapstructure:"metrics_provider_files"` 827 MetricsProviderOptionsJSON *string `mapstructure:"metrics_provider_options_json"` 828 MetricsProxy RawUIMetricsProxy `mapstructure:"metrics_proxy"` 829 DashboardURLTemplates map[string]string `mapstructure:"dashboard_url_templates"` 830} 831 832type RawUIMetricsProxy struct { 833 BaseURL *string `mapstructure:"base_url"` 834 AddHeaders []RawUIMetricsProxyAddHeader `mapstructure:"add_headers"` 835 PathAllowlist []string `mapstructure:"path_allowlist"` 836} 837 838type RawUIMetricsProxyAddHeader struct { 839 Name *string `mapstructure:"name"` 840 Value *string `mapstructure:"value"` 841} 842 843type RPC struct { 844 EnableStreaming *bool `mapstructure:"enable_streaming"` 845} 846