admin: add /env.json endpoint (#1867)

We have a need to see the current environment variables for running
Linkerd proxies: while a pod spec includes most of the proxy's
environment variables, this environment may include references that are
not rendered until the container actually starts.

For example:
```yaml
      - name: _pod_sa
        valueFrom:
          fieldRef:
            apiVersion: v1
            fieldPath: spec.serviceAccountName
      - name: LINKERD2_PROXY_IDENTITY_DIR
        value: /var/run/linkerd/identity/end-entity
      - name: LINKERD2_PROXY_IDENTITY_TRUST_ANCHORS
        valueFrom:
          configMapKeyRef:
            key: ca-bundle.crt
            name: linkerd-identity-trust-roots
```

There's no reliable, non-racey way to know which value a pod is actually
running with except to have the proxy expose its environment values.

See linkerd/linkerd2#9067 for details.

This branch implements the proposal described in [this comment][1]: we
add an `/env.json` endpoint to the proxy's admin server that responds to
GET requests with a JSON object representing that proxy's environment
variables. If the request has query parameters, the response will only
contain the value of the environment variables with those names (or JSON
`null`s if a requested env var name is unset).

Closes linkerd/linkerd2#9067

[1]: linkerd/linkerd2#9067 (comment)

Author: hawkw

Cargo.lock

@@ -761,6 +761,7 @@ dependencies = [
  "linkerd-app-core",
  "linkerd-app-inbound",
  "linkerd-tracing",
+ "serde",
  "serde_json",
  "thiserror",
  "tokio",

linkerd/app/admin/Cargo.toml

@@ -19,6 +19,7 @@ futures = { version = "0.3", default-features = false }
 linkerd-app-core = { path = "../core" }
 linkerd-app-inbound = { path = "../inbound" }
 linkerd-tracing = { path = "../../tracing" }
+serde = "1"
 serde_json = "1"
 thiserror = "1"
 tokio = { version = "1", features = ["macros", "sync", "parking_lot"] }

linkerd/app/admin/src/server.rs

@@ -28,6 +28,7 @@ use std::{
 };
 use tokio::sync::mpsc;
 
+mod json;
 mod log;
 mod readiness;
 
@@ -82,6 +83,52 @@ impl<M> Admin<M> {
             .expect("builder with known status code must not fail")
     }
 
+    fn env_rsp<B>(req: Request<B>) -> Response<Body> {
+        use std::{collections::HashMap, env, ffi::OsString};
+
+        if req.method() != http::Method::GET {
+            return Self::method_not_allowed();
+        }
+
+        if let Err(not_acceptable) = json::accepts_json(&req) {
+            return not_acceptable;
+        }
+
+        fn unicode(s: OsString) -> String {
+            s.to_string_lossy().into_owned()
+        }
+
+        let query = req
+            .uri()
+            .path_and_query()
+            .and_then(http::uri::PathAndQuery::query);
+        let env = if let Some(query) = query {
+            if query.contains('=') {
+                return json::json_error_rsp(
+                    "env.json query parameters may not contain key-value pairs",
+                    StatusCode::BAD_REQUEST,
+                );
+            }
+            query
+                .split('&')
+                .map(|qparam| {
+                    let var = match std::env::var(qparam) {
+                        Err(env::VarError::NotPresent) => None,
+                        Err(env::VarError::NotUnicode(bad)) => Some(unicode(bad)),
+                        Ok(var) => Some(var),
+                    };
+                    (qparam.to_string(), var)
+                })
+                .collect::<HashMap<String, Option<String>>>()
+        } else {
+            std::env::vars_os()
+                .map(|(key, var)| (unicode(key), Some(unicode(var))))
+                .collect::<HashMap<String, Option<String>>>()
+        };
+
+        json::json_rsp(&env)
+    }
+
     fn shutdown(&self) -> Response<Body> {
         if self.shutdown_tx.send(()).is_ok() {
             Response::builder()
@@ -193,6 +240,8 @@ where
                 )
             }
 
+            "/env.json" => Box::pin(future::ok(Self::env_rsp(req))),
+
             "/shutdown" => {
                 if req.method() == http::Method::POST {
                     if Self::client_is_localhost(&req) {

linkerd/app/admin/src/server/json.rs

@@ -0,0 +1,67 @@
+static JSON_MIME: &str = "application/json";
+pub(in crate::server) static JSON_HEADER_VAL: HeaderValue = HeaderValue::from_static(JSON_MIME);
+
+use hyper::{
+    header::{self, HeaderValue},
+    Body, StatusCode,
+};
+pub(crate) fn json_error_rsp(
+    error: impl ToString,
+    status: http::StatusCode,
+) -> http::Response<Body> {
+    mk_rsp(
+        status,
+        &serde_json::json!({
+            "error": error.to_string(),
+            "status": status.as_u16(),
+        }),
+    )
+}
+
+pub(crate) fn json_rsp(val: &impl serde::Serialize) -> http::Response<Body> {
+    mk_rsp(StatusCode::OK, val)
+}
+
+pub(crate) fn accepts_json<B>(req: &http::Request<B>) -> Result<(), http::Response<Body>> {
+    if let Some(accept) = req.headers().get(header::ACCEPT) {
+        let accept = match std::str::from_utf8(accept.as_bytes()) {
+            Ok(accept) => accept,
+            Err(_) => {
+                tracing::warn!("Accept header is not valid UTF-8");
+                return Err(json_error_rsp(
+                    "Accept header must be UTF-8",
+                    StatusCode::BAD_REQUEST,
+                ));
+            }
+        };
+        let will_accept_json = accept.contains(JSON_MIME)
+            || accept.contains("application/*")
+            || accept.contains("*/*");
+        if !will_accept_json {
+            tracing::warn!(?accept, "Accept header will not accept 'application/json'");
+            return Err(http::Response::builder()
+                .status(StatusCode::NOT_ACCEPTABLE)
+                .body(JSON_MIME.into())
+                .expect("builder with known status code must not fail"));
+        }
+    }
+
+    Ok(())
+}
+
+fn mk_rsp(status: StatusCode, val: &impl serde::Serialize) -> http::Response<Body> {
+    match serde_json::to_vec(val) {
+        Ok(json) => http::Response::builder()
+            .status(status)
+            .header(header::CONTENT_TYPE, JSON_HEADER_VAL.clone())
+            .body(json.into())
+            .expect("builder with known status code must not fail"),
+        Err(error) => {
+            tracing::warn!(?error, "failed to serialize JSON value");
+            http::Response::builder()
+                .status(StatusCode::INTERNAL_SERVER_ERROR)
+                .body(format!("failed to serialize JSON value: {error}").into())
+                .expect("builder with known status code must not fail")
+        }
+    }
+}

linkerd/app/admin/src/server/log/stream.rs

@@ -1,3 +1,4 @@
+use crate::server::json;
 use futures::FutureExt;
 use hyper::{
     body::{Buf, Bytes},
@@ -10,20 +11,13 @@ use linkerd_app_core::{
 use trace::EnvFilter;
 use tracing::instrument::WithSubscriber;
 
-static JSON_MIME: &str = "application/json";
-static JSON_HEADER_VAL: http::HeaderValue = http::HeaderValue::from_static(JSON_MIME);
-
 macro_rules! recover {
     ($thing:expr, $msg:literal, $status:expr $(,)?) => {
         match $thing {
             Ok(val) => val,
             Err(error) => {
                 tracing::warn!(%error, status = %$status, message = %$msg);
-                let json = serde_json::to_vec(&serde_json::json!({
-                    "error": error.to_string(),
-                    "status": $status.as_u16(),
-                }))?;
-                return Ok(mk_rsp($status, json));
+                return Ok(json::json_error_rsp(error, $status));
             }
         }
     }
@@ -40,19 +34,8 @@ where
 {
     let handle = handle.into_stream();
 
-    if let Some(accept) = req.headers().get(header::ACCEPT) {
-        let accept = recover!(
-            std::str::from_utf8(accept.as_bytes()),
-            "Accept header should be UTF-8",
-            StatusCode::BAD_REQUEST
-        );
-        let will_accept_json = accept.contains(JSON_MIME)
-            || accept.contains("application/*")
-            || accept.contains("*/*");
-        if !will_accept_json {
-            tracing::warn!(?accept, "Accept header will not accept 'application/json'");
-            return Ok(mk_rsp(StatusCode::NOT_ACCEPTABLE, "application/json"));
-        }
+    if let Err(not_acceptable) = json::accepts_json(&req) {
+        return Ok(not_acceptable);
     }
 
     let try_filter = match req.method() {
@@ -154,7 +137,7 @@ fn parse_filter(filter_str: &str) -> Result<EnvFilter, impl std::error::Error> {
 fn mk_rsp(status: StatusCode, body: impl Into<Body>) -> http::Response<Body> {
     http::Response::builder()
         .status(status)
-        .header(header::CONTENT_TYPE, JSON_HEADER_VAL.clone())
+        .header(header::CONTENT_TYPE, json::JSON_HEADER_VAL.clone())
         .body(body.into())
         .expect("builder with known status code must not fail")
 }

linkerd/app/integration/src/tests/telemetry.rs

@@ -3,6 +3,7 @@
 // particular appears to do nothing... T_T
 #![allow(unused_imports)]
 
+mod env;
 mod log_stream;
 mod tcp_errors;
 

linkerd/app/integration/src/tests/telemetry/env.rs

@@ -0,0 +1,62 @@
+use super::*;
+
+#[tokio::test]
+async fn returns_env_var_json() {
+    let _trace = trace_init();
+    let Fixture {
+        metrics,
+        proxy: _proxy,
+        _profile,
+        dst_tx: _dst_tx,
+        ..
+    } = Fixture::outbound().await;
+
+    let json = get_env_json(&metrics, "/env.json").await;
+    let actual = std::env::vars()
+        .map(|(name, val)| (name, Some(val)))
+        .collect::<HashMap<_, Option<String>>>();
+
+    assert_eq!(actual, json);
+}
+
+#[tokio::test]
+async fn filters_on_query_params() {
+    let _trace = trace_init();
+    let Fixture {
+        metrics,
+        proxy: _proxy,
+        _profile,
+        dst_tx: _dst_tx,
+        ..
+    } = Fixture::outbound().await;
+
+    // we can be relatively confident this env var is set by `cargo test`
+    const REAL_VAR: &str = "CARGO_PKG_NAME";
+
+    // and, we can _hope_ nothing ever sets this one... :)
+    const FAKE_VAR: &str = "ELIZAS_OBVIOUSLY_FAKE_ENV_VAR_THAT_SHOULD_NEVER_BE_SET";
+
+    let expected = [
+        (REAL_VAR.to_string(), std::env::var(REAL_VAR).ok()),
+        (FAKE_VAR.to_string(), None),
+    ]
+    .into_iter()
+    .collect::<HashMap<_, _>>();
+
+    let json = get_env_json(&metrics, &format!("/env.json?{REAL_VAR}&{FAKE_VAR}")).await;
+    assert_eq!(expected, json);
+
+    // now flip it
+    let json = get_env_json(&metrics, &format!("/env.json?{FAKE_VAR}&{REAL_VAR}")).await;
+    assert_eq!(expected, json);
+}
+
+#[tracing::instrument(level = "info", skip(client))]
+async fn get_env_json(client: &client::Client, path: &str) -> HashMap<String, Option<String>> {
+    let json = client.get(path).await;
+    tracing::info!(json);
+
+    let deserialized = serde_json::from_str(json.as_str()).expect("response should be valid JSON");
+    tracing::info!(deserialized = ?format_args!("{deserialized:#?}"));
+    deserialized
+}