Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configurable Consul Service Address #3971

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 22 additions & 2 deletions physical/consul/consul.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,7 @@ type ConsulBackend struct {
redirectPort int64
serviceName string
serviceTags []string
serviceAddress *string
disableRegistration bool
checkTimeout time.Duration
consistencyMode string
Expand Down Expand Up @@ -150,11 +151,20 @@ func NewConsulBackend(conf map[string]string, logger log.Logger) (physical.Backe

// Get the additional tags to attach to the registered service name
tags := conf["service_tags"]

if logger.IsDebug() {
logger.Debug("physical/consul: config service_tags set", "service_tags", tags)
}

// Get the service-specific address to override the use of the HA redirect address
var serviceAddr *string
serviceAddrStr, ok := conf["service_address"]
if ok {
serviceAddr = &serviceAddrStr
}
if logger.IsDebug() {
logger.Debug("physical/consul: config service_address set", "service_address", serviceAddr)
}

checkTimeout := defaultCheckTimeout
checkTimeoutStr, ok := conf["check_timeout"]
if ok {
Expand Down Expand Up @@ -247,6 +257,7 @@ func NewConsulBackend(conf map[string]string, logger log.Logger) (physical.Backe
permitPool: physical.NewPermitPool(maxParInt),
serviceName: service,
serviceTags: strutil.ParseDedupLowercaseAndSortStrings(tags, ","),
serviceAddress: serviceAddr,
checkTimeout: checkTimeout,
disableRegistration: disableRegistration,
consistencyMode: consistencyMode,
Expand Down Expand Up @@ -726,12 +737,21 @@ func (c *ConsulBackend) reconcileConsul(registeredServiceID string, activeFunc p
return serviceID, nil
}

// If service address was set explicitly in configuration, use that
// as the service-specific address instead of the HA redirect address.
var serviceAddress string
if c.serviceAddress == nil {
serviceAddress = c.redirectHost
} else {
serviceAddress = *c.serviceAddress
}

service := &api.AgentServiceRegistration{
ID: serviceID,
Name: c.serviceName,
Tags: tags,
Port: int(c.redirectPort),
Address: c.redirectHost,
Address: serviceAddress,
EnableTagOverride: false,
}

Expand Down
45 changes: 45 additions & 0 deletions physical/consul/consul_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,51 @@ func TestConsul_ServiceTags(t *testing.T) {
}
}

func TestConsul_ServiceAddress(t *testing.T) {
tests := []struct {
consulConfig map[string]string
serviceAddrNil bool
}{
{
consulConfig: map[string]string{
"service_address": "",
},
},
{
consulConfig: map[string]string{
"service_address": "vault.example.com",
},
},
{
serviceAddrNil: true,
},
}

for _, test := range tests {
logger := logformat.NewVaultLogger(log.LevelTrace)

be, err := NewConsulBackend(test.consulConfig, logger)
if err != nil {
t.Fatalf("expected Consul to initialize: %v", err)
}

c, ok := be.(*ConsulBackend)
if !ok {
t.Fatalf("Expected ConsulBackend")
}

if test.serviceAddrNil {
if c.serviceAddress != nil {
t.Fatalf("expected service address to be nil")
}
} else {
if c.serviceAddress == nil {
t.Fatalf("did not expect service address to be nil")
}
}
}
}

func TestConsul_newConsulBackend(t *testing.T) {
tests := []struct {
name string
Expand Down
9 changes: 9 additions & 0 deletions website/source/docs/configuration/storage/consul.html.md
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,14 @@ at Consul's service discovery layer.
- `service_tags` `(string: "")` – Specifies a comma-separated list of tags to
attach to the service registration in Consul.

- `service_address` `(string: nil)` – Specifies a service-specific address to
set on the service registration in Consul. If unset, Vault will use what it
knows to be the HA redirect address - which is usually desirable. Setting
this parameter to `""` will tell Consul to leverage the configuration of the
node the service is registered on dynamically. This could be beneficial if
you intend to leverage Consul's
[`translate_wan_addrs`](consul-translate-wan-addrs) parameter.

- `token` `(string: "")` – Specifies the [Consul ACL token][consul-acl] with
permission to read and write from the `path` in Consul's key-value store.
This is **not** a Vault token. See the ACL section below for help.
Expand Down Expand Up @@ -216,3 +224,4 @@ storage "consul" {
[consul-acl]: https://www.consul.io/docs/guides/acl.html "Consul ACLs"
[consul-consistency]: https://www.consul.io/api/index.html#consistency-modes "Consul Consistency Modes"
[consul-encryption]: https://www.consul.io/docs/agent/encryption.html "Consul Encryption"
[consul-translate-wan-addrs]: https://www.consul.io/docs/agent/options.html#translate_wan_addrs "Consul Configuration"