[management] Persist proxy capabilities to database (#5720)

management/internals/modules/reverseproxy/proxy/manager.go

@@ -11,11 +11,13 @@ import (
 
 // Manager defines the interface for proxy operations
 type Manager interface {
-	Connect(ctx context.Context, proxyID, clusterAddress, ipAddress string) error
+	Connect(ctx context.Context, proxyID, clusterAddress, ipAddress string, capabilities *Capabilities) error
 	Disconnect(ctx context.Context, proxyID string) error
 	Heartbeat(ctx context.Context, proxyID, clusterAddress, ipAddress string) error
 	GetActiveClusterAddresses(ctx context.Context) ([]string, error)
 	GetActiveClusters(ctx context.Context) ([]Cluster, error)
+	ClusterSupportsCustomPorts(ctx context.Context, clusterAddr string) *bool
+	ClusterRequireSubdomain(ctx context.Context, clusterAddr string) *bool
 	CleanupStale(ctx context.Context, inactivityDuration time.Duration) error
 }
 
@@ -34,6 +36,4 @@ type Controller interface {
 	RegisterProxyToCluster(ctx context.Context, clusterAddr, proxyID string) error
 	UnregisterProxyFromCluster(ctx context.Context, clusterAddr, proxyID string) error
 	GetProxiesForCluster(clusterAddr string) []string
-	ClusterSupportsCustomPorts(clusterAddr string) *bool
-	ClusterRequireSubdomain(clusterAddr string) *bool
 }

management/internals/modules/reverseproxy/proxy/manager/controller.go

@@ -72,17 +72,6 @@ func (c *GRPCController) UnregisterProxyFromCluster(ctx context.Context, cluster
 	return nil
 }
 
-// ClusterSupportsCustomPorts returns whether any proxy in the cluster supports custom ports.
-func (c *GRPCController) ClusterSupportsCustomPorts(clusterAddr string) *bool {
-	return c.proxyGRPCServer.ClusterSupportsCustomPorts(clusterAddr)
-}
-
-// ClusterRequireSubdomain returns whether the cluster requires a subdomain label.
-// Returns nil when no proxy has reported the capability (defaults to false).
-func (c *GRPCController) ClusterRequireSubdomain(clusterAddr string) *bool {
-	return c.proxyGRPCServer.ClusterRequireSubdomain(clusterAddr)
-}
-
 // GetProxiesForCluster returns all proxy IDs registered for a specific cluster.
 func (c *GRPCController) GetProxiesForCluster(clusterAddr string) []string {
 	proxySet, ok := c.clusterProxies.Load(clusterAddr)

management/internals/modules/reverseproxy/proxy/manager/manager.go

@@ -16,6 +16,8 @@ type store interface {
 	UpdateProxyHeartbeat(ctx context.Context, proxyID, clusterAddress, ipAddress string) error
 	GetActiveProxyClusterAddresses(ctx context.Context) ([]string, error)
 	GetActiveProxyClusters(ctx context.Context) ([]proxy.Cluster, error)
+	GetClusterSupportsCustomPorts(ctx context.Context, clusterAddr string) *bool
+	GetClusterRequireSubdomain(ctx context.Context, clusterAddr string) *bool
 	CleanupStaleProxies(ctx context.Context, inactivityDuration time.Duration) error
 }
 
@@ -38,9 +40,14 @@ func NewManager(store store, meter metric.Meter) (*Manager, error) {
 	}, nil
 }
 
-// Connect registers a new proxy connection in the database
-func (m Manager) Connect(ctx context.Context, proxyID, clusterAddress, ipAddress string) error {
+// Connect registers a new proxy connection in the database.
+// capabilities may be nil for old proxies that do not report them.
+func (m Manager) Connect(ctx context.Context, proxyID, clusterAddress, ipAddress string, capabilities *proxy.Capabilities) error {
 	now := time.Now()
+	var caps proxy.Capabilities
+	if capabilities != nil {
+		caps = *capabilities
+	}
 	p := &proxy.Proxy{
 		ID:             proxyID,
 		ClusterAddress: clusterAddress,
@@ -48,6 +55,7 @@ func (m Manager) Connect(ctx context.Context, proxyID, clusterAddress, ipAddress
 		LastSeen:       now,
 		ConnectedAt:    &now,
 		Status:         "connected",
+		Capabilities:   caps,
 	}
 
 	if err := m.store.SaveProxy(ctx, p); err != nil {
@@ -118,6 +126,18 @@ func (m Manager) GetActiveClusters(ctx context.Context) ([]proxy.Cluster, error)
 	return clusters, nil
 }
 
+// ClusterSupportsCustomPorts returns whether any active proxy in the cluster
+// supports custom ports. Returns nil when no proxy has reported capabilities.
+func (m Manager) ClusterSupportsCustomPorts(ctx context.Context, clusterAddr string) *bool {
+	return m.store.GetClusterSupportsCustomPorts(ctx, clusterAddr)
+}
+
+// ClusterRequireSubdomain returns whether any active proxy in the cluster
+// requires a subdomain. Returns nil when no proxy has reported capabilities.
+func (m Manager) ClusterRequireSubdomain(ctx context.Context, clusterAddr string) *bool {
+	return m.store.GetClusterRequireSubdomain(ctx, clusterAddr)
+}
+
 // CleanupStale removes proxies that haven't sent heartbeat in the specified duration
 func (m Manager) CleanupStale(ctx context.Context, inactivityDuration time.Duration) error {
 	if err := m.store.CleanupStaleProxies(ctx, inactivityDuration); err != nil {

management/internals/modules/reverseproxy/proxy/manager_mock.go

@@ -50,18 +50,46 @@ func (mr *MockManagerMockRecorder) CleanupStale(ctx, inactivityDuration interfac
 	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "CleanupStale", reflect.TypeOf((*MockManager)(nil).CleanupStale), ctx, inactivityDuration)
 }
 
-// Connect mocks base method.
-func (m *MockManager) Connect(ctx context.Context, proxyID, clusterAddress, ipAddress string) error {
+// ClusterSupportsCustomPorts mocks base method.
+func (m *MockManager) ClusterSupportsCustomPorts(ctx context.Context, clusterAddr string) *bool {
 	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "Connect", ctx, proxyID, clusterAddress, ipAddress)
+	ret := m.ctrl.Call(m, "ClusterSupportsCustomPorts", ctx, clusterAddr)
+	ret0, _ := ret[0].(*bool)
+	return ret0
+}
+
+// ClusterSupportsCustomPorts indicates an expected call of ClusterSupportsCustomPorts.
+func (mr *MockManagerMockRecorder) ClusterSupportsCustomPorts(ctx, clusterAddr interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ClusterSupportsCustomPorts", reflect.TypeOf((*MockManager)(nil).ClusterSupportsCustomPorts), ctx, clusterAddr)
+}
+
+// ClusterRequireSubdomain mocks base method.
+func (m *MockManager) ClusterRequireSubdomain(ctx context.Context, clusterAddr string) *bool {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "ClusterRequireSubdomain", ctx, clusterAddr)
+	ret0, _ := ret[0].(*bool)
+	return ret0
+}
+
+// ClusterRequireSubdomain indicates an expected call of ClusterRequireSubdomain.
+func (mr *MockManagerMockRecorder) ClusterRequireSubdomain(ctx, clusterAddr interface{}) *gomock.Call {
+	mr.mock.ctrl.T.Helper()
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ClusterRequireSubdomain", reflect.TypeOf((*MockManager)(nil).ClusterRequireSubdomain), ctx, clusterAddr)
+}
+
+// Connect mocks base method.
+func (m *MockManager) Connect(ctx context.Context, proxyID, clusterAddress, ipAddress string, capabilities *Capabilities) error {
+	m.ctrl.T.Helper()
+	ret := m.ctrl.Call(m, "Connect", ctx, proxyID, clusterAddress, ipAddress, capabilities)
 	ret0, _ := ret[0].(error)
 	return ret0
 }
 
 // Connect indicates an expected call of Connect.
-func (mr *MockManagerMockRecorder) Connect(ctx, proxyID, clusterAddress, ipAddress interface{}) *gomock.Call {
+func (mr *MockManagerMockRecorder) Connect(ctx, proxyID, clusterAddress, ipAddress, capabilities interface{}) *gomock.Call {
 	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Connect", reflect.TypeOf((*MockManager)(nil).Connect), ctx, proxyID, clusterAddress, ipAddress)
+	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "Connect", reflect.TypeOf((*MockManager)(nil).Connect), ctx, proxyID, clusterAddress, ipAddress, capabilities)
 }
 
 // Disconnect mocks base method.
@@ -145,34 +173,6 @@ func (m *MockController) EXPECT() *MockControllerMockRecorder {
 	return m.recorder
 }
 
-// ClusterSupportsCustomPorts mocks base method.
-func (m *MockController) ClusterSupportsCustomPorts(clusterAddr string) *bool {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "ClusterSupportsCustomPorts", clusterAddr)
-	ret0, _ := ret[0].(*bool)
-	return ret0
-}
-
-// ClusterSupportsCustomPorts indicates an expected call of ClusterSupportsCustomPorts.
-func (mr *MockControllerMockRecorder) ClusterSupportsCustomPorts(clusterAddr interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ClusterSupportsCustomPorts", reflect.TypeOf((*MockController)(nil).ClusterSupportsCustomPorts), clusterAddr)
-}
-
-// ClusterRequireSubdomain mocks base method.
-func (m *MockController) ClusterRequireSubdomain(clusterAddr string) *bool {
-	m.ctrl.T.Helper()
-	ret := m.ctrl.Call(m, "ClusterRequireSubdomain", clusterAddr)
-	ret0, _ := ret[0].(*bool)
-	return ret0
-}
-
-// ClusterRequireSubdomain indicates an expected call of ClusterRequireSubdomain.
-func (mr *MockControllerMockRecorder) ClusterRequireSubdomain(clusterAddr interface{}) *gomock.Call {
-	mr.mock.ctrl.T.Helper()
-	return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "ClusterRequireSubdomain", reflect.TypeOf((*MockController)(nil).ClusterRequireSubdomain), clusterAddr)
-}
-
 // GetOIDCValidationConfig mocks base method.
 func (m *MockController) GetOIDCValidationConfig() OIDCValidationConfig {
 	m.ctrl.T.Helper()

management/internals/modules/reverseproxy/proxy/proxy.go

@@ -2,6 +2,17 @@ package proxy
 
 import "time"
 
+// Capabilities describes what a proxy can handle, as reported via gRPC.
+// Nil fields mean the proxy never reported this capability.
+type Capabilities struct {
+	// SupportsCustomPorts indicates whether this proxy can bind arbitrary
+	// ports for TCP/UDP services. TLS uses SNI routing and is not gated.
+	SupportsCustomPorts *bool
+	// RequireSubdomain indicates whether a subdomain label is required in
+	// front of the cluster domain.
+	RequireSubdomain *bool
+}
+
 // Proxy represents a reverse proxy instance
 type Proxy struct {
 	ID             string    `gorm:"primaryKey;type:varchar(255)"`
@@ -11,6 +22,7 @@ type Proxy struct {
 	ConnectedAt    *time.Time
 	DisconnectedAt *time.Time
 	Status         string `gorm:"type:varchar(20);not null;index:idx_proxy_cluster_status"`
+	Capabilities   Capabilities `gorm:"embedded"`
 	CreatedAt      time.Time
 	UpdatedAt      time.Time
 }