Documentation
¶
Index ¶
- Constants
- Variables
- func AuthHeaderTokenExtractor(r *http.Request) (string, error)
- func DefaultErrorHandler(w http.ResponseWriter, _ *http.Request, err error)
- func DisableContractManifestBypass()
- func EnableContractManifestBypass()
- func EncodeSmartQueryAsRESTPath(queryJSON []byte) string
- func GetBypassUsageCount() uint64
- func IsContractManifestBypassEnabled() bool
- func NewHealthServer(ctx context.Context, logger log.Logger, pclient provider.Client, ...) *http.Server
- func NewServer(ctx context.Context, log log.Logger, pclient provider.Client, ...) (*http.Server, error)
- func RegisterPodMetadataRoutes(router *mux.Router, logger log.Logger, cfg PodMetadataConfig)
- type CtxAuthKey
- type NoopPodTokenValidator
- type PeersProxier
- type PodMetadataConfig
- type PodMetadataForwardedPort
- type PodMetadataResponse
- type PodPeersResponse
- type PodTokenValidator
Constants ¶
const ( LeaseShellCodeStdout = 100 LeaseShellCodeStderr = 101 LeaseShellCodeResult = 102 LeaseShellCodeFailure = 103 LeaseShellCodeStdin = 104 LeaseShellCodeTerminalResize = 105 )
const ( LeaseMetadataPathPrefix = "/lease-metadata" // PodMetadataPeersTimeout caps each `/peers` proxy call so a // stuck wasm querier cannot tie up the pod's reconcile loop. PodMetadataPeersTimeout = 8 * time.Second )
LeaseMetadataPathPrefix is the URL prefix for the pod-facing metadata API. Anchored at `/lease-metadata/{owner}/{dseq}/{gseq}/{oseq}/...`.
Variables ¶
var ( // ErrJWTMissing is returned when the JWT is missing. ErrJWTMissing = errors.New("jwt: missing") // ErrJWTInvalid is returned when the JWT is invalid. ErrJWTInvalid = errors.New("jwt: invalid") ErrInvalidRequest = errors.New("invalid request") )
var PodMetadataConfigCtxKey = podMetadataConfigCtxKey{}
PodMetadataConfigCtxKey is the exported ctxConfig key — call sites do `ctxConfig[rest.PodMetadataConfigCtxKey] = &cfg` before invoking the gateway constructor.
Functions ¶
func AuthHeaderTokenExtractor ¶
AuthHeaderTokenExtractor is a TokenExtractor that takes a request and extracts the token from the Authorization header.
func DefaultErrorHandler ¶
func DefaultErrorHandler(w http.ResponseWriter, _ *http.Request, err error)
func DisableContractManifestBypass ¶
func DisableContractManifestBypass()
DisableContractManifestBypass disables the bypass
func EnableContractManifestBypass ¶
func EnableContractManifestBypass()
EnableContractManifestBypass enables the bypass for contract-owned deployments WARNING: This should only be used in development/testing environments!
func EncodeSmartQueryAsRESTPath ¶
EncodeSmartQueryAsRESTPath returns the base64-encoded path suffix used by Cosmos REST when querying a contract's smart route. Exported so tests + the demo harness can produce equivalent URLs without reaching for a Cosmos client SDK.
func GetBypassUsageCount ¶
func GetBypassUsageCount() uint64
GetBypassUsageCount returns the number of times bypass was used
func IsContractManifestBypassEnabled ¶
func IsContractManifestBypassEnabled() bool
IsContractManifestBypassEnabled returns whether bypass is enabled
func NewHealthServer ¶
func NewHealthServer( ctx context.Context, logger log.Logger, pclient provider.Client, address string, providerAddr sdk.Address, kubeClient kubernetes.Interface, ) *http.Server
NewHealthServer creates a lightweight plain HTTP server that responds to health probes from the ABCI++ valiporacle module. This runs on a separate port (no TLS) so validators can reach it with a simple HTTP GET.
kubeClient (may be nil) enables the per-deployment health array: when set, /health enumerates this provider's lease namespaces and reports each lease's pod readiness under "deployments". The scan is cached (depHealthTTL) so the ABCI probe never hammers the k8s API.
func RegisterPodMetadataRoutes ¶
func RegisterPodMetadataRoutes( router *mux.Router, logger log.Logger, cfg PodMetadataConfig, )
RegisterPodMetadataRoutes mounts the pod-facing metadata endpoints onto the supplied router. It does NOT call `router.Use` — the router is expected to already carry the provider-address middleware from `newRouter` so `requestProvider(req)` works.
Types ¶
type CtxAuthKey ¶
type CtxAuthKey string
type NoopPodTokenValidator ¶
type NoopPodTokenValidator struct{}
NoopPodTokenValidator trusts an explicit `X-Akash-Pod-Namespace` header instead of validating a token. Only wired when the operator explicitly opts out of TokenReview via the `--insecure-pod-metadata-auth` flag (PodMetadataConfig.InsecureAuth). Must never be used in production — RegisterPodMetadataRoutes emits an Error-level startup warning whenever it is active.
func (NoopPodTokenValidator) ValidatePodToken ¶
type PeersProxier ¶
type PeersProxier interface {
// QueryContractSmart calls the contract `contractAddr` with the
// supplied JSON-encoded smart query (e.g. `{"peers":{}}`) and
// returns the raw `.data` JSON bytes from the chain.
QueryContractSmart(ctx context.Context, contractAddr string, queryJSON []byte) ([]byte, error)
}
PeersProxier is the chain-query side of the metadata API. A production provider wires this up via its existing chain client (e.g. `cosmwasm/wasm/v1/contract/<addr>/smart`); the gateway only needs the abstract interface so it stays decoupled from any specific cosmos client SDK version.
type PodMetadataConfig ¶
type PodMetadataConfig struct {
ClusterRead cluster.ReadClient
Peers PeersProxier
TokenValidator PodTokenValidator
// InsecureAuth switches the API to NoopPodTokenValidator, which
// trusts the caller-supplied X-Akash-Pod-Namespace header without
// any TokenReview. Lab-only escape hatch behind the explicit
// `--insecure-pod-metadata-auth` provider flag; the default (and
// only safe production value) is false. Phase 3.2: this field is
// the ONLY way to disable auth — the legacy
// AKASH_PROVIDER_METADATA_TOKEN_REVIEW_DISABLED env var is
// ignored except for a migration warning.
InsecureAuth bool
}
PodMetadataConfig wires the pod-metadata sub-router. The three dependencies are optional; missing pieces degrade gracefully:
- nil ClusterRead → /metadata returns lease coords only, no services/ports.
- nil PeersProxier → /peers returns 501.
- nil TokenValidator → the API FAILS CLOSED (every request is rejected) unless InsecureAuth is explicitly set.
type PodMetadataForwardedPort ¶
type PodMetadataForwardedPort struct {
Service string `json:"service"`
ExternalPort int32 `json:"external_port"`
InternalPort int32 `json:"internal_port"`
Protocol string `json:"protocol"`
Host string `json:"host"`
}
PodMetadataForwardedPort is one row of the cluster's forwarded port table flattened into the wire shape pods expect.
type PodMetadataResponse ¶
type PodMetadataResponse struct {
Owner string `json:"owner"`
DSeq uint64 `json:"dseq"`
GSeq uint32 `json:"gseq"`
OSeq uint32 `json:"oseq"`
Provider string `json:"provider"`
Services []string `json:"services,omitempty"`
ForwardedPorts []PodMetadataForwardedPort `json:"forwarded_ports,omitempty"`
Namespace string `json:"namespace"`
}
PodMetadataResponse is the JSON returned by GET .../metadata.
Pods use `Owner` as their `AKASH_HA_CONTRACT_ADDR` (for contract-owned leases) and `ForwardedPorts` to compose connection strings without going through the chain.
type PodPeersResponse ¶
type PodPeersResponse struct {
Contract string `json:"contract"`
Query string `json:"query"`
Data json.RawMessage `json:"data"`
}
PodPeersResponse wraps the proxied contract response so the pod-facing contract is stable even if the wasm side changes shape. `Data` is the raw JSON from the contract; pods decode it the same way they would today decoding the validator's `cosmwasm/wasm/v1/contract/.../smart/<base64-payload>` response.
type PodTokenValidator ¶
type PodTokenValidator interface {
// ValidatePodToken returns the namespace claim from the token
// (typically the pod's k8s namespace). Implementations must
// return an error if the token is invalid, expired, or not
// bound to a pod ServiceAccount.
ValidatePodToken(ctx context.Context, bearerToken string, hint string) (namespace string, err error)
}
PodTokenValidator validates a pod-provided Bearer token and returns the namespace the pod is running in. Implementations typically wrap k8s `TokenReview`; the lab/dev path uses `NewNoopPodTokenValidator` which accepts any token and trusts the URL's `X-Akash-Pod-Namespace` header.