Backport of Allow dialer to re-establish terminated peering into release/1.15.x (#16859)

* backport of commit ea94152497

* backport of commit da7507f119

---------

Co-authored-by: freddygv <freddy@hashicorp.com>

.changelog/16776.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+peering: allow re-establishing terminated peering from new token without deleting existing peering first.
+```

agent/consul/leader_peering_test.go

@@ -468,6 +468,30 @@ func TestLeader_PeeringSync_Lifecycle_ServerDeletion(t *testing.T) {
 		require.NoError(r, err)
 		require.Equal(r, pbpeering.PeeringState_TERMINATED, peering.State)
 	})
+
+	// Re-establishing a peering terminated by the acceptor should be possible
+	// without needing to delete the terminated peering first.
+	ctx, cancel = context.WithTimeout(context.Background(), 3*time.Second)
+	t.Cleanup(cancel)
+
+	req = pbpeering.GenerateTokenRequest{
+		PeerName: "my-peer-dialer",
+	}
+	resp, err = peeringClient.GenerateToken(ctx, &req)
+	require.NoError(t, err)
+
+	tokenJSON, err = base64.StdEncoding.DecodeString(resp.PeeringToken)
+	require.NoError(t, err)
+
+	token = structs.PeeringToken{}
+	require.NoError(t, json.Unmarshal(tokenJSON, &token))
+
+	establishReq = pbpeering.EstablishRequest{
+		PeerName:     "my-peer-acceptor",
+		PeeringToken: resp.PeeringToken,
+	}
+	_, err = dialerClient.Establish(ctx, &establishReq)
+	require.NoError(t, err)
 }
 
 func TestLeader_PeeringSync_FailsForTLSError(t *testing.T) {

agent/consul/peering_backend.go

@@ -147,8 +147,11 @@ func (b *PeeringBackend) fetchPeerServerAddresses(ws memdb.WatchSet, peerID stri
 	if err != nil {
 		return nil, fmt.Errorf("failed to fetch peer %q: %w", peerID, err)
 	}
-	if !peering.IsActive() {
-		return nil, fmt.Errorf("there is no active peering for %q", peerID)
+	if peering == nil {
+		return nil, fmt.Errorf("unknown peering %q", peerID)
+	}
+	if peering.DeletedAt != nil && !structs.IsZeroProtoTime(peering.DeletedAt) {
+		return nil, fmt.Errorf("peering %q was deleted", peerID)
 	}
 	return bufferFromAddresses(peering.GetAddressesToDial())
 }

agent/consul/peering_backend_test.go

@@ -253,7 +253,7 @@ func TestPeeringBackend_GetDialAddresses(t *testing.T) {
 			},
 			peerID: acceptorPeerID,
 			expect: expectation{
-				err: fmt.Sprintf(`there is no active peering for %q`, acceptorPeerID),
+				err: fmt.Sprintf(`unknown peering %q`, acceptorPeerID),
 			},
 		},
 		{
@@ -384,6 +384,25 @@ func TestPeeringBackend_GetDialAddresses(t *testing.T) {
 				gatewayAddrs: []string{"5.6.7.8:8443", "6.7.8.9:8443"},
 			},
 		},
+		{
+			name: "addresses are returned if the peering is marked as terminated",
+			setup: func(store *state.Store) {
+				require.NoError(t, store.PeeringWrite(5, &pbpeering.PeeringWriteRequest{
+					Peering: &pbpeering.Peering{
+						Name:                "dialer",
+						ID:                  dialerPeerID,
+						PeerServerAddresses: []string{"1.2.3.4:8502", "2.3.4.5:8503"},
+						State:               pbpeering.PeeringState_TERMINATED,
+					},
+				}))
+			},
+			peerID: dialerPeerID,
+			expect: expectation{
+				// Gateways come first, and we use their LAN addresses since this is for outbound communication.
+				addrs:        []string{"5.6.7.8:8443", "6.7.8.9:8443", "1.2.3.4:8502", "2.3.4.5:8503"},
+				gatewayAddrs: []string{"5.6.7.8:8443", "6.7.8.9:8443"},
+			},
+		},
 		{
 			name: "addresses are not returned if the peering is deleted",
 			setup: func(store *state.Store) {
@@ -401,7 +420,7 @@ func TestPeeringBackend_GetDialAddresses(t *testing.T) {
 			},
 			peerID: dialerPeerID,
 			expect: expectation{
-				err: fmt.Sprintf(`there is no active peering for %q`, dialerPeerID),
+				err: fmt.Sprintf(`peering %q was deleted`, dialerPeerID),
 			},
 		},
 	}