PR comments

3 years ago · 12923f5ebc
parent 327e6bff25
commit 12923f5ebc
6 changed files with 28 additions and 15 deletions
--- a/agent/proxycfg/mesh_gateway.go
+++ b/agent/proxycfg/mesh_gateway.go
@ -13,6 +13,8 @@ import (
 	"github.com/hashicorp/consul/logging"
 )

+const exportingPartitionsWatchID = "exporting-partitions"
+
 type handlerMeshGateway struct {
 	handlerState
 }
@ -33,7 +35,7 @@ func (s *handlerMeshGateway) initialize(ctx context.Context) (ConfigSnapshot, er
 	wildcardEntMeta := s.proxyID.WithWildcardNamespace()

 	// Watch for all services.
-	// Eventually we will have to watch connect enable instances for each service as well as the
+	// Eventually we will have to watch connect enabled instances for each service as well as the
 	// destination services themselves but those notifications will be setup later.
 	// We cannot setup those watches until we know what the services are.
 	err = s.cache.Notify(ctx, cachetype.CatalogServiceListName, &structs.DCSpecificRequest{
--- a/agent/proxycfg/snapshot.go
+++ b/agent/proxycfg/snapshot.go
@ -294,7 +294,7 @@ type configSnapshotMeshGateway struct {
 	HostnameDatacenters map[string]structs.CheckServiceNodes
 }

-func (c *configSnapshotMeshGateway) Keys() []GatewayKey {
+func (c *configSnapshotMeshGateway) GatewayKeys() []GatewayKey {
 	sz1, sz2 := len(c.GatewayGroups), len(c.FedStateGateways)

 	sz := sz1
--- a/agent/proxycfg/state.go
+++ b/agent/proxycfg/state.go
@ -37,7 +37,6 @@ const (
 	datacentersWatchID                 = "datacenters"
 	serviceResolversWatchID            = "service-resolvers"
 	gatewayServicesWatchID             = "gateway-services"
-	exportingPartitionsWatchID         = "exporting-partitions"
 	gatewayConfigWatchID               = "gateway-config"
 	externalServiceIDPrefix            = "external-service:"
 	serviceLeafIDPrefix                = "service-leaf:"
--- a/agent/xds/clusters.go
+++ b/agent/xds/clusters.go
@ -19,6 +19,7 @@ import (
 	"github.com/golang/protobuf/ptypes/any"
 	"github.com/golang/protobuf/ptypes/wrappers"

+	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
@ -202,7 +203,7 @@ func makePassthroughClusters(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message,
 // for a mesh gateway. This will include 1 cluster per remote datacenter as well as
 // 1 cluster for each service subset.
 func (s *ResourceGenerator) clustersFromSnapshotMeshGateway(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, error) {
-	keys := cfgSnap.MeshGateway.Keys()
+	keys := cfgSnap.MeshGateway.GatewayKeys()

 	// 1 cluster per remote dc + 1 cluster per local service (this is a lower bound - all subset specific clusters will be appended)
 	clusters := make([]proto.Message, 0, len(keys)+len(cfgSnap.MeshGateway.ServiceGroups))
@ -222,7 +223,10 @@ func (s *ResourceGenerator) clustersFromSnapshotMeshGateway(cfgSnap *proxycfg.Co
 		clusters = append(clusters, cluster)
 	}

-	if cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" && cfgSnap.ServerSNIFn != nil {
+	if cfgSnap.ProxyID.PartitionOrEmpty() == acl.DefaultPartitionName &&
+		cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" &&
+		cfgSnap.ServerSNIFn != nil {
+
 		// Add all of the remote wildcard datacenter mappings for servers.
 		for _, key := range keys {
 			hostnameEndpoints := cfgSnap.MeshGateway.HostnameDatacenters[key.String()]
--- a/agent/xds/endpoints.go
+++ b/agent/xds/endpoints.go
@ -10,6 +10,7 @@ import (
 	"github.com/golang/protobuf/proto"
 	bexpr "github.com/hashicorp/go-bexpr"

+	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/connect"
 	"github.com/hashicorp/consul/agent/proxycfg"
 	"github.com/hashicorp/consul/agent/structs"
@ -109,14 +110,13 @@ func (s *ResourceGenerator) endpointsFromSnapshotTerminatingGateway(cfgSnap *pro
 }

 func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.ConfigSnapshot) ([]proto.Message, error) {
-	keys := cfgSnap.MeshGateway.Keys()
+	keys := cfgSnap.MeshGateway.GatewayKeys()
 	resources := make([]proto.Message, 0, len(keys)+len(cfgSnap.MeshGateway.ServiceGroups))

-	// generate the endpoints for the gateways in the remote datacenters
 	for _, key := range keys {
-		// Skip creating endpoints for mesh gateways in local DC/partition and gateways.
-		// Also skip gateways with a hostname as their address.
-		// EDS cannot resolve hostnames, so we provide them through CDS instead.
+		// Skip creating endpoints for mesh gateways in local DC/partition.
+		// Also skip gateways with a hostname as their address. EDS cannot resolve hostnames,
+		// so we provide them through CDS instead.
 		if key.Matches(cfgSnap.Datacenter, cfgSnap.ProxyID.PartitionOrEmpty()) ||
 			len(cfgSnap.MeshGateway.HostnameDatacenters[key.String()]) > 0 {
 			continue
@ -144,9 +144,11 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C
 			resources = append(resources, la)
 		}

-		if cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" && cfgSnap.ServerSNIFn != nil {
-			clusterName := cfgSnap.ServerSNIFn(key.Datacenter, "")
+		if cfgSnap.ProxyID.PartitionOrEmpty() == acl.DefaultPartitionName &&
+			cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" &&
+			cfgSnap.ServerSNIFn != nil {

+			clusterName := cfgSnap.ServerSNIFn(key.Datacenter, "")
 			la := makeLoadAssignment(
 				clusterName,
 				[]loadAssignmentEndpointGroup{
@ -159,7 +161,9 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C
 	}

 	// generate endpoints for our servers if WAN federation is enabled
-	if cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" && cfgSnap.ServerSNIFn != nil {
+	if cfgSnap.ProxyID.PartitionOrEmpty() == acl.DefaultPartitionName &&
+		cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" &&
+		cfgSnap.ServerSNIFn != nil {
 		var allServersLbEndpoints []*envoy_endpoint_v3.LbEndpoint

 		for _, srv := range cfgSnap.MeshGateway.ConsulServers {
--- a/agent/xds/listeners.go
+++ b/agent/xds/listeners.go
@ -11,6 +11,7 @@ import (
 	"strings"
 	"time"

+	"github.com/hashicorp/consul/acl"
 	"github.com/hashicorp/consul/agent/connect/ca"

 	envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
@ -1137,7 +1138,7 @@ func (s *ResourceGenerator) makeMeshGatewayListener(name, addr string, port int,

 	// TODO (mesh-gateway) - Do we need to create clusters for all the old trust domains as well?
 	// We need 1 Filter Chain per datacenter
-	keys := cfgSnap.MeshGateway.Keys()
+	keys := cfgSnap.MeshGateway.GatewayKeys()
 	for _, key := range keys {
 		if key.Matches(cfgSnap.Datacenter, cfgSnap.ProxyID.PartitionOrEmpty()) {
 			continue // skip local
@ -1160,7 +1161,10 @@ func (s *ResourceGenerator) makeMeshGatewayListener(name, addr string, port int,
 		})
 	}

-	if cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" && cfgSnap.ServerSNIFn != nil {
+	if cfgSnap.ProxyID.PartitionOrEmpty() == acl.DefaultPartitionName &&
+		cfgSnap.ServiceMeta[structs.MetaWANFederationKey] == "1" &&
+		cfgSnap.ServerSNIFn != nil {
+
 		for _, key := range keys {
 			if key.Datacenter == cfgSnap.Datacenter {
 				continue // skip local