consul/test-integ/peering_commontopo/ac7_1_rotate_gw_test.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1

package peering

import (
	"fmt"
	"strings"
	"testing"

	"github.com/hashicorp/consul/api"
	"github.com/hashicorp/consul/testing/deployer/topology"
	"github.com/stretchr/testify/require"
)

// TestRotateGW ensures that peered services continue to be able to talk to their
// upstreams during a mesh gateway rotation
// NOTE: because suiteRotateGW needs to mutate the topo, we actually *DO NOT* share a topo

type suiteRotateGW struct {
	DC   string
	Peer string

	sidServer  topology.ID
	nodeServer topology.NodeID

	sidClient  topology.ID
	nodeClient topology.NodeID

	upstream *topology.Destination

	newMGWNodeName string
}

func TestRotateGW(t *testing.T) {
	suites := []*suiteRotateGW{
		{DC: "dc1", Peer: "dc2"},
		{DC: "dc2", Peer: "dc1"},
	}
	ct := NewCommonTopo(t)
	for _, s := range suites {
		s.setup(t, ct)
	}
	ct.Launch(t)
	for _, s := range suites {
		s := s
		t.Run(fmt.Sprintf("%s->%s", s.DC, s.Peer), func(t *testing.T) {
			// no t.Parallel() due to Relaunch
			s.test(t, ct)
		})
	}
}

func (s *suiteRotateGW) setup(t *testing.T, ct *commonTopo) {
	const prefix = "ac7-1-"

	clu := ct.ClusterByDatacenter(t, s.DC)
	peerClu := ct.ClusterByDatacenter(t, s.Peer)
	partition := "default"
	peer := LocalPeerName(peerClu, "default")
	cluPeerName := LocalPeerName(clu, "default")

	server := NewFortioServiceWithDefaults(
		peerClu.Datacenter,
		topology.ID{
			Name:      prefix + "server-http",
			Partition: partition,
		},
		nil,
	)

	// Make clients which have server upstreams
	upstream := &topology.Destination{
		ID: topology.ID{
			Name:      server.ID.Name,
			Partition: partition,
		},
		// TODO: we shouldn't need this, need to investigate
		LocalAddress: "0.0.0.0",
		LocalPort:    5001,
		Peer:         peer,
	}
	// create client in us
	client := NewFortioServiceWithDefaults(
		clu.Datacenter,
		topology.ID{
			Name:      prefix + "client",
			Partition: partition,
		},
		func(s *topology.Workload) {
			s.Destinations = []*topology.Destination{
				upstream,
			}
		},
	)
	clientNode := ct.AddServiceNode(clu, serviceExt{Workload: client,
		Config: &api.ServiceConfigEntry{
			Kind:      api.ServiceDefaults,
			Name:      client.ID.Name,
			Partition: ConfigEntryPartition(client.ID.Partition),
			Protocol:  "http",
			UpstreamConfig: &api.UpstreamConfiguration{
				Defaults: &api.UpstreamConfig{
					MeshGateway: api.MeshGatewayConfig{
						Mode: api.MeshGatewayModeLocal,
					},
				},
			},
		},
	})
	// actually to be used by the other pairing
	serverNode := ct.AddServiceNode(peerClu, serviceExt{
		Workload: server,
		Config: &api.ServiceConfigEntry{
			Kind:      api.ServiceDefaults,
			Name:      server.ID.Name,
			Partition: ConfigEntryPartition(partition),
			Protocol:  "http",
		},
		Exports: []api.ServiceConsumer{{Peer: cluPeerName}},
		Intentions: &api.ServiceIntentionsConfigEntry{
			Kind:      api.ServiceIntentions,
			Name:      server.ID.Name,
			Partition: ConfigEntryPartition(partition),
			Sources: []*api.SourceIntention{
				{
					Name:   client.ID.Name,
					Peer:   cluPeerName,
					Action: api.IntentionActionAllow,
				},
			},
		},
	})

	s.sidClient = client.ID
	s.nodeClient = clientNode.ID()
	s.upstream = upstream
	s.sidServer = server.ID
	s.nodeServer = serverNode.ID()

	// add a second mesh gateway "new"
	s.newMGWNodeName = fmt.Sprintf("new-%s-default-mgw", clu.Name)
	nodeKind := topology.NodeKindClient
	if clu.Datacenter == ct.agentlessDC {
		nodeKind = topology.NodeKindDataplane
	}
	_, mgwNodes := newTopologyMeshGatewaySet(
		nodeKind,
		"default",
		s.newMGWNodeName,
		1,
		[]string{clu.Datacenter, "wan"},
		func(i int, node *topology.Node) {
			node.Disabled = true
		},
	)
	clu.Nodes = append(clu.Nodes, mgwNodes...)
}

func (s *suiteRotateGW) test(t *testing.T, ct *commonTopo) {
	dc := ct.Sprawl.Topology().Clusters[s.DC]
	peer := ct.Sprawl.Topology().Clusters[s.Peer]

	svcHTTPServer := peer.WorkloadByID(
		s.nodeServer,
		s.sidServer,
	)
	svcHTTPClient := dc.WorkloadByID(
		s.nodeClient,
		s.sidClient,
	)
	ct.Assert.HealthyWithPeer(t, dc.Name, svcHTTPServer.ID, LocalPeerName(peer, "default"))

	ct.Assert.FortioFetch2HeaderEcho(t, svcHTTPClient, s.upstream)

	t.Log("relaunching with new gateways")
	cfg := ct.Sprawl.Config()
	for _, n := range dc.Nodes {
		if strings.HasPrefix(n.Name, s.newMGWNodeName) {
			n.Disabled = false
		}
	}
	require.NoError(t, ct.Sprawl.Relaunch(cfg))
	ct.Assert.FortioFetch2HeaderEcho(t, svcHTTPClient, s.upstream)

	t.Log("relaunching without old gateways")
	cfg = ct.Sprawl.Config()
	for _, n := range dc.Nodes {
		if strings.HasPrefix(n.Name, fmt.Sprintf("%s-default-mgw", dc.Name)) {
			n.Disabled = true
		}
	}
	require.NoError(t, ct.Sprawl.Relaunch(cfg))
	ct.Assert.FortioFetch2HeaderEcho(t, svcHTTPClient, s.upstream)
}
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> 1 year ago			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: BUSL-1.1`

add peering_commontopo tests [NET-3700] (#17951) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: NiniOak <anita.akaeze@hashicorp.com> 1 year ago			`package peering`

			`import (`
			`"fmt"`
			`"strings"`
			`"testing"`

testing/deployer: update deployer to use v2 catalog constructs when requested (#19046) This updates the testing/deployer (aka "topology test") framework to conditionally configure and launch catalog constructs using v2 resources. This is controlled via a Version field on the Node construct in a topology.Config. This only functions for a dataplane type and has other restrictions that match the rest of v2 (no peering, no wanfed, no mesh gateways). Like config entries, you can statically provide a set of initial resources to be synced when bringing up the cluster (beyond those that are generated for you such as workloads, services, etc). If you want to author a test that can be freely converted between v1 and v2 then that is possible. If you switch to the multi-port definition on a topology.Service (aka "workload/instance") then that makes v1 ineligible. This also adds a starter set of "on every PR" integration tests for single and multiport under test-integ/catalogv2 1 year ago			`"github.com/hashicorp/consul/api"`
add peering_commontopo tests [NET-3700] (#17951) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: NiniOak <anita.akaeze@hashicorp.com> 1 year ago			`"github.com/hashicorp/consul/testing/deployer/topology"`
			`"github.com/stretchr/testify/require"`
			`)`

			`// TestRotateGW ensures that peered services continue to be able to talk to their`
			`// upstreams during a mesh gateway rotation`
			`// NOTE: because suiteRotateGW needs to mutate the topo, we actually DO NOT share a topo`

			`type suiteRotateGW struct {`
			`DC string`
			`Peer string`

testing/deployer: rename various terms to better align with v2 and avoid confusion (#19600) Conceptually renaming the following topology terms to avoid confusion with v2 and to better align with it: - ServiceID -> ID - Service -> Workload - Upstream -> Destination 1 year ago			`sidServer topology.ID`
add peering_commontopo tests [NET-3700] (#17951) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: NiniOak <anita.akaeze@hashicorp.com> 1 year ago			`nodeServer topology.NodeID`

testing/deployer: rename various terms to better align with v2 and avoid confusion (#19600) Conceptually renaming the following topology terms to avoid confusion with v2 and to better align with it: - ServiceID -> ID - Service -> Workload - Upstream -> Destination 1 year ago			`sidClient topology.ID`
add peering_commontopo tests [NET-3700] (#17951) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: NiniOak <anita.akaeze@hashicorp.com> 1 year ago			`nodeClient topology.NodeID`

testing/deployer: rename various terms to better align with v2 and avoid confusion (#19600) Conceptually renaming the following topology terms to avoid confusion with v2 and to better align with it: - ServiceID -> ID - Service -> Workload - Upstream -> Destination 1 year ago			`upstream *topology.Destination`
add peering_commontopo tests [NET-3700] (#17951) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: NiniOak <anita.akaeze@hashicorp.com> 1 year ago
			`newMGWNodeName string`
			`}`

			`func TestRotateGW(t *testing.T) {`
			`suites := []*suiteRotateGW{`
			`{DC: "dc1", Peer: "dc2"},`
			`{DC: "dc2", Peer: "dc1"},`
			`}`
			`ct := NewCommonTopo(t)`
			`for _, s := range suites {`
			`s.setup(t, ct)`
			`}`
			`ct.Launch(t)`
			`for _, s := range suites {`
			`s := s`
			`t.Run(fmt.Sprintf("%s->%s", s.DC, s.Peer), func(t *testing.T) {`
			`// no t.Parallel() due to Relaunch`
			`s.test(t, ct)`
			`})`
			`}`
			`}`

			`func (s suiteRotateGW) setup(t testing.T, ct *commonTopo) {`
			`const prefix = "ac7-1-"`

			`clu := ct.ClusterByDatacenter(t, s.DC)`
			`peerClu := ct.ClusterByDatacenter(t, s.Peer)`
			`partition := "default"`
			`peer := LocalPeerName(peerClu, "default")`
			`cluPeerName := LocalPeerName(clu, "default")`

			`server := NewFortioServiceWithDefaults(`
			`peerClu.Datacenter,`
testing/deployer: rename various terms to better align with v2 and avoid confusion (#19600) Conceptually renaming the following topology terms to avoid confusion with v2 and to better align with it: - ServiceID -> ID - Service -> Workload - Upstream -> Destination 1 year ago			`topology.ID{`
add peering_commontopo tests [NET-3700] (#17951) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: NiniOak <anita.akaeze@hashicorp.com> 1 year ago			`Name: prefix + "server-http",`
			`Partition: partition,`
			`},`
			`nil,`
			`)`

			`// Make clients which have server upstreams`
testing/deployer: rename various terms to better align with v2 and avoid confusion (#19600) Conceptually renaming the following topology terms to avoid confusion with v2 and to better align with it: - ServiceID -> ID - Service -> Workload - Upstream -> Destination 1 year ago			`upstream := &topology.Destination{`
			`ID: topology.ID{`
add peering_commontopo tests [NET-3700] (#17951) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: NiniOak <anita.akaeze@hashicorp.com> 1 year ago			`Name: server.ID.Name,`
			`Partition: partition,`
			`},`
			`// TODO: we shouldn't need this, need to investigate`
			`LocalAddress: "0.0.0.0",`
			`LocalPort: 5001,`
			`Peer: peer,`
			`}`
			`// create client in us`
			`client := NewFortioServiceWithDefaults(`
			`clu.Datacenter,`
testing/deployer: rename various terms to better align with v2 and avoid confusion (#19600) Conceptually renaming the following topology terms to avoid confusion with v2 and to better align with it: - ServiceID -> ID - Service -> Workload - Upstream -> Destination 1 year ago			`topology.ID{`
add peering_commontopo tests [NET-3700] (#17951) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: NiniOak <anita.akaeze@hashicorp.com> 1 year ago			`Name: prefix + "client",`
			`Partition: partition,`
			`},`
testing/deployer: rename various terms to better align with v2 and avoid confusion (#19600) Conceptually renaming the following topology terms to avoid confusion with v2 and to better align with it: - ServiceID -> ID - Service -> Workload - Upstream -> Destination 1 year ago			`func(s *topology.Workload) {`
			`s.Destinations = []*topology.Destination{`
add peering_commontopo tests [NET-3700] (#17951) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: NiniOak <anita.akaeze@hashicorp.com> 1 year ago			`upstream,`
			`}`
			`},`
			`)`
testing/deployer: rename various terms to better align with v2 and avoid confusion (#19600) Conceptually renaming the following topology terms to avoid confusion with v2 and to better align with it: - ServiceID -> ID - Service -> Workload - Upstream -> Destination 1 year ago			`clientNode := ct.AddServiceNode(clu, serviceExt{Workload: client,`
add peering_commontopo tests [NET-3700] (#17951) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: NiniOak <anita.akaeze@hashicorp.com> 1 year ago			`Config: &api.ServiceConfigEntry{`
			`Kind: api.ServiceDefaults,`
			`Name: client.ID.Name,`
			`Partition: ConfigEntryPartition(client.ID.Partition),`
			`Protocol: "http",`
			`UpstreamConfig: &api.UpstreamConfiguration{`
			`Defaults: &api.UpstreamConfig{`
			`MeshGateway: api.MeshGatewayConfig{`
			`Mode: api.MeshGatewayModeLocal,`
			`},`
			`},`
			`},`
			`},`
			`})`
			`// actually to be used by the other pairing`
			`serverNode := ct.AddServiceNode(peerClu, serviceExt{`
testing/deployer: rename various terms to better align with v2 and avoid confusion (#19600) Conceptually renaming the following topology terms to avoid confusion with v2 and to better align with it: - ServiceID -> ID - Service -> Workload - Upstream -> Destination 1 year ago			`Workload: server,`
add peering_commontopo tests [NET-3700] (#17951) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: NiniOak <anita.akaeze@hashicorp.com> 1 year ago			`Config: &api.ServiceConfigEntry{`
			`Kind: api.ServiceDefaults,`
			`Name: server.ID.Name,`
			`Partition: ConfigEntryPartition(partition),`
			`Protocol: "http",`
			`},`
			`Exports: []api.ServiceConsumer{{Peer: cluPeerName}},`
			`Intentions: &api.ServiceIntentionsConfigEntry{`
			`Kind: api.ServiceIntentions,`
			`Name: server.ID.Name,`
			`Partition: ConfigEntryPartition(partition),`
			`Sources: []*api.SourceIntention{`
			`{`
			`Name: client.ID.Name,`
			`Peer: cluPeerName,`
			`Action: api.IntentionActionAllow,`
			`},`
			`},`
			`},`
			`})`

			`s.sidClient = client.ID`
			`s.nodeClient = clientNode.ID()`
			`s.upstream = upstream`
			`s.sidServer = server.ID`
			`s.nodeServer = serverNode.ID()`

			`// add a second mesh gateway "new"`
			`s.newMGWNodeName = fmt.Sprintf("new-%s-default-mgw", clu.Name)`
switch all client nodes in dc2 to dataplane [NET-4299] (#18608) 1 year ago			`nodeKind := topology.NodeKindClient`
chore: apply enterprise changes that were missed to some testing files (#19504) This should align between CE ef35525 and ENT 7f95226dbe40151c8f17dd4464784b60cf358dc1 in: - testing/integration/consul-container - test-integ - testing/deployer 1 year ago			`if clu.Datacenter == ct.agentlessDC {`
switch all client nodes in dc2 to dataplane [NET-4299] (#18608) 1 year ago			`nodeKind = topology.NodeKindDataplane`
			`}`
chore: apply enterprise changes that were missed to some testing files (#19504) This should align between CE ef35525 and ENT 7f95226dbe40151c8f17dd4464784b60cf358dc1 in: - testing/integration/consul-container - test-integ - testing/deployer 1 year ago			`_, mgwNodes := newTopologyMeshGatewaySet(`
switch all client nodes in dc2 to dataplane [NET-4299] (#18608) 1 year ago			`nodeKind,`
add peering_commontopo tests [NET-3700] (#17951) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: NiniOak <anita.akaeze@hashicorp.com> 1 year ago			`"default",`
			`s.newMGWNodeName,`
			`1,`
			`[]string{clu.Datacenter, "wan"},`
			`func(i int, node *topology.Node) {`
			`node.Disabled = true`
			`},`
chore: apply enterprise changes that were missed to some testing files (#19504) This should align between CE ef35525 and ENT 7f95226dbe40151c8f17dd4464784b60cf358dc1 in: - testing/integration/consul-container - test-integ - testing/deployer 1 year ago			`)`
			`clu.Nodes = append(clu.Nodes, mgwNodes...)`
add peering_commontopo tests [NET-3700] (#17951) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: NiniOak <anita.akaeze@hashicorp.com> 1 year ago			`}`

			`func (s suiteRotateGW) test(t testing.T, ct *commonTopo) {`
			`dc := ct.Sprawl.Topology().Clusters[s.DC]`
			`peer := ct.Sprawl.Topology().Clusters[s.Peer]`

testing/deployer: rename various terms to better align with v2 and avoid confusion (#19600) Conceptually renaming the following topology terms to avoid confusion with v2 and to better align with it: - ServiceID -> ID - Service -> Workload - Upstream -> Destination 1 year ago			`svcHTTPServer := peer.WorkloadByID(`
add peering_commontopo tests [NET-3700] (#17951) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: NiniOak <anita.akaeze@hashicorp.com> 1 year ago			`s.nodeServer,`
			`s.sidServer,`
			`)`
testing/deployer: rename various terms to better align with v2 and avoid confusion (#19600) Conceptually renaming the following topology terms to avoid confusion with v2 and to better align with it: - ServiceID -> ID - Service -> Workload - Upstream -> Destination 1 year ago			`svcHTTPClient := dc.WorkloadByID(`
add peering_commontopo tests [NET-3700] (#17951) Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: R.B. Boyer <rb@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: NiniOak <anita.akaeze@hashicorp.com> 1 year ago			`s.nodeClient,`
			`s.sidClient,`
			`)`
			`ct.Assert.HealthyWithPeer(t, dc.Name, svcHTTPServer.ID, LocalPeerName(peer, "default"))`

			`ct.Assert.FortioFetch2HeaderEcho(t, svcHTTPClient, s.upstream)`

			`t.Log("relaunching with new gateways")`
			`cfg := ct.Sprawl.Config()`
			`for _, n := range dc.Nodes {`
			`if strings.HasPrefix(n.Name, s.newMGWNodeName) {`
			`n.Disabled = false`
			`}`
			`}`
			`require.NoError(t, ct.Sprawl.Relaunch(cfg))`
			`ct.Assert.FortioFetch2HeaderEcho(t, svcHTTPClient, s.upstream)`

			`t.Log("relaunching without old gateways")`
			`cfg = ct.Sprawl.Config()`
			`for _, n := range dc.Nodes {`
			`if strings.HasPrefix(n.Name, fmt.Sprintf("%s-default-mgw", dc.Name)) {`
			`n.Disabled = true`
			`}`
			`}`
			`require.NoError(t, ct.Sprawl.Relaunch(cfg))`
			`ct.Assert.FortioFetch2HeaderEcho(t, svcHTTPClient, s.upstream)`
			`}`