NET-59: Generate bootstrap config and run Envoy (#2)

This is a minimum viable implementation of the consul-dataplane process that
configures and runs an Envoy proxy.

It has a few major limitations:

1. Only static ACL tokens (i.e. not auth-methods) are supported.
2. In lieu of the ADS proxy we will eventually provide, Envoy is configured to
   connect directly to the Consul server.
3. If Envoy crashes `consul-dataplane` will exit too rather than attempting to
   restart it.

The envoy package implements a simple wrapper around the Envoy process.
It writes the given configuration to a FIFO pipe (a pattern established in
hashicorp/consul#5964), starts the process, and notifies
callers via the `Exited` channel if the process exits unexpectedly.

This is unit tested using a dummy program called fake-envoy which writes its
received arguments and configuration to disk for the Go tests to verify.

As there's a fair amount of complex logic, regexes, etc. in our bootstrap
configuration already implemented by the `consul connect envoy` command, we're
borrowing the relevant files from Consul repo (see the copy-bootstrap-config
make target). Eventually, this command will be removed from Consul and these
files will only belong in this repository.

We're unit(ish?) testing this using a combination of golden files and checking
the configuration is valid by running Envoy in "validate mode" (on demand when
you run the tests with the -validate flag).

As ingress gateways may have no listeners configured, `consul connect envoy`
creates one with a /ready HTTP endpoint that can be used by checks - it does
this based on the -address flag. In consul-dataplane you can opt-in to this
behavior by passing the -envoy-ready-bind-address and -envoy-ready-bind-port
flags. This works regardless of the service kind.

Author: boxofrad

Makefile

@@ -0,0 +1,19 @@
+BOOTSTRAP_PACKAGE_DIR=internal/bootstrap
+
+.PHONY: copy-bootstrap-config
+
+# Our Envoy bootstrap config generation contains a fair amount of logic that
+# was already implemented for the `consul connect envoy` command. Eventually,
+# this command will go away and be replaced by consul-dataplane, but for now
+# we copy the files from the Consul repo, and do a small amount of processing
+# to rename the package and remove a dependency on the Consul api module.
+copy-bootstrap-config:
+	for file in bootstrap_config.go bootstrap_config_test.go bootstrap_tpl.go; do \
+		curl --fail https://raw.githubusercontent.com/hashicorp/consul/main/command/connect/envoy/$$file | \
+		sed 's/package envoy/package bootstrap/' | \
+		sed '/github.com\/hashicorp\/consul\/api/d' | \
+		sed 's/api.IntentionDefaultNamespace/"default"/g' | \
+		sed '1s:^:// Code generated by make copy-bootstrap-config. DO NOT EDIT.\n:' | \
+		gofmt \
+		> $(BOOTSTRAP_PACKAGE_DIR)/$$file; \
+	done

cmd/consul-dataplane/main.go

@@ -4,6 +4,8 @@ import (
 	"context"
 	"flag"
 	"log"
+	"os"
+	"os/signal"
 	"strings"
 
 	"github.com/hashicorp/consul-dataplane/pkg/consuldp"
@@ -12,8 +14,24 @@ import (
 var (
 	addresses string
 	grpcPort  int
-	logLevel  string
-	logJSON   bool
+
+	logLevel string
+	logJSON  bool
+
+	nodeName  string
+	nodeID    string
+	serviceID string
+	namespace string
+	partition string
+
+	token string
+
+	useCentralTelemetryConfig bool
+
+	adminBindAddr string
+	adminBindPort int
+	readyBindAddr string
+	readyBindPort int
 )
 
 func init() {
@@ -24,12 +42,27 @@ func init() {
 		"	b) on failure - exit with a non-zero code and optionally print an error message of upto 1024 bytes to stderr.\n"+
 		"	Refer to https://github.com/hashicorp/go-netaddrs#summary for more details and examples.")
 
-	flag.IntVar(&grpcPort, "grpc-port", 8502, "gRPC port on Consul servers")
+	flag.IntVar(&grpcPort, "grpc-port", 8502, "gRPC port on Consul servers.")
 
 	flag.StringVar(&logLevel, "log-level", "info", "Log level of the messages to print. "+
 		"Available log levels are \"trace\", \"debug\", \"info\", \"warn\", and \"error\".")
 
 	flag.BoolVar(&logJSON, "log-json", false, "Controls consul-dataplane logging in JSON format. By default this is false.")
+
+	flag.StringVar(&nodeName, "service-node-name", "", "The name of the node to which the proxy service instance is registered.")
+	flag.StringVar(&nodeID, "service-node-id", "", "The ID of the node to which the proxy service instance is registered.")
+	flag.StringVar(&serviceID, "proxy-service-id", "", "The proxy service instance's ID.")
+	flag.StringVar(&namespace, "service-namespace", "", "The Consul Enterprise namespace in which the proxy service instance is registered.")
+	flag.StringVar(&partition, "service-partition", "", "The Consul Enterprise partition in which the proxy service instance is registered.")
+
+	flag.StringVar(&token, "static-token", "", "The ACL token used to authenticate requests to Consul servers (when -login-method is set to static).")
+
+	flag.BoolVar(&useCentralTelemetryConfig, "telemetry-use-central-config", true, "Controls whether the proxy will apply the central telemetry configuration.")
+
+	flag.StringVar(&adminBindAddr, "envoy-admin-bind-address", "127.0.0.1", "The address on which the Envoy admin server will be available.")
+	flag.IntVar(&adminBindPort, "envoy-admin-bind-port", 19000, "The port on which the Envoy admin server will be available.")
+	flag.StringVar(&readyBindAddr, "envoy-ready-bind-address", "", "The address on which Envoy's readiness probe will be available.")
+	flag.IntVar(&readyBindPort, "envoy-ready-bind-port", 0, "The port on which Envoy's readiness probe will be available.")
 }
 
 // validateFlags performs semantic validation of the flag values
@@ -48,19 +81,53 @@ func main() {
 	validateFlags()
 
 	consuldpCfg := &consuldp.Config{
-		Consul: &consuldp.ConsulConfig{Addresses: addresses, GRPCPort: grpcPort},
+		Consul: &consuldp.ConsulConfig{
+			Addresses: addresses,
+			GRPCPort:  grpcPort,
+			Credentials: &consuldp.CredentialsConfig{
+				Static: &consuldp.StaticCredentialsConfig{
+					Token: token,
+				},
+			},
+		},
+		Service: &consuldp.ServiceConfig{
+			NodeName:  nodeName,
+			NodeID:    nodeID,
+			ServiceID: serviceID,
+			Namespace: namespace,
+			Partition: partition,
+		},
 		Logging: &consuldp.LoggingConfig{
 			Name:     "consul-dataplane",
 			LogLevel: strings.ToUpper(logLevel),
 			LogJSON:  logJSON,
 		},
+		Telemetry: &consuldp.TelemetryConfig{
+			UseCentralConfig: useCentralTelemetryConfig,
+		},
+		Envoy: &consuldp.EnvoyConfig{
+			AdminBindAddress: adminBindAddr,
+			AdminBindPort:    adminBindPort,
+			ReadyBindAddress: readyBindAddr,
+			ReadyBindPort:    readyBindPort,
+		},
 	}
 	consuldpInstance, err := consuldp.NewConsulDP(consuldpCfg)
 	if err != nil {
 		log.Fatal(err)
 	}
-	// TODO: Pass cancellable context
-	err = consuldpInstance.Run(context.Background())
+
+	ctx, cancel := context.WithCancel(context.Background())
+
+	sigCh := make(chan os.Signal, 1)
+	signal.Notify(sigCh, os.Interrupt)
+
+	go func() {
+		<-sigCh
+		cancel()
+	}()
+
+	err = consuldpInstance.Run(ctx)
 	if err != nil {
 		log.Fatal(err)
 	}

go.mod

@@ -5,6 +5,7 @@ go 1.18
 require (
 	github.com/hashicorp/go-hclog v1.2.2
 	github.com/hashicorp/go-netaddrs v0.0.0-20220509001840-90ed9d26ec46
+	github.com/mitchellh/mapstructure v1.5.0
 	github.com/stretchr/testify v1.8.0
 	google.golang.org/grpc v1.48.0
 	google.golang.org/protobuf v1.28.1

go.sum

@@ -60,6 +60,8 @@ github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
 github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
 github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
+github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
+github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=