From 1c6dcbe0ed030e1d40fcb1cbb850d405a8c843f8 Mon Sep 17 00:00:00 2001 From: Dhia Ayachi Date: Fri, 3 Jun 2022 13:37:05 -0400 Subject: [PATCH] fix related to merge --- agent/cache-types/resolved_service_config.go | 1 - agent/proxycfg/snapshot.go | 2 +- agent/proxycfg/state_test.go | 46 +++--- agent/proxycfg/terminating_gateway.go | 4 +- agent/proxycfg/testing_terminating_gateway.go | 135 ++---------------- 5 files changed, 31 insertions(+), 157 deletions(-) diff --git a/agent/cache-types/resolved_service_config.go b/agent/cache-types/resolved_service_config.go index 843a449fda..7c17e06186 100644 --- a/agent/cache-types/resolved_service_config.go +++ b/agent/cache-types/resolved_service_config.go @@ -17,7 +17,6 @@ type ResolvedServiceConfig struct { RPC RPC } -// TODO (dans): This is what queries for services func (c *ResolvedServiceConfig) Fetch(opts cache.FetchOptions, req cache.Request) (cache.FetchResult, error) { var result cache.FetchResult diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go index 21c87b5934..9cc36b34a4 100644 --- a/agent/proxycfg/snapshot.go +++ b/agent/proxycfg/snapshot.go @@ -263,12 +263,12 @@ func (c *configSnapshotTerminatingGateway) ValidServices() []structs.ServiceName return out } - // ValidDestinations returns the list of service keys (that represent exclusively endpoints) that have enough data to be emitted. func (c *configSnapshotTerminatingGateway) ValidDestinations() []structs.ServiceName { out := make([]structs.ServiceName, 0, len(c.DestinationServices)) for svc := range c.DestinationServices { // It only counts if ALL of our watches have come back (with data or not). + // Skip the service if we don't have a cert to present for mTLS. if cert, ok := c.ServiceLeaves[svc]; !ok || cert == nil { continue diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go index d1e032cb8c..89c8749db6 100644 --- a/agent/proxycfg/state_test.go +++ b/agent/proxycfg/state_test.go @@ -277,18 +277,6 @@ func genVerifyMeshConfigWatch(expectedDatacenter string) verifyWatchRequest { } } -func genVerifyServiceDefaultsConfigWatch(expectedDatacenter string) verifyWatchRequest { - return func(t testing.TB, cacheType string, request cache.Request) { - require.Equal(t, cachetype.ConfigEntryName, cacheType) - - reqReal, ok := request.(*structs.ConfigEntryQuery) - require.True(t, ok) - require.Equal(t, expectedDatacenter, reqReal.Datacenter) - require.Equal(t, "", reqReal.Name) - require.Equal(t, structs.ServiceDefaults, reqReal.Kind) - } -} - func genVerifyGatewayWatch(expectedDatacenter string) verifyWatchRequest { return func(t testing.TB, request any) { reqReal, ok := request.(*structs.ServiceDumpRequest) @@ -1673,10 +1661,10 @@ func TestState_WatchesAndUpdates(t *testing.T) { stages: []verificationStage{ { requiredWatches: map[string]verifyWatchRequest{ - rootsWatchID: genVerifyRootsWatch("dc1"), + rootsWatchID: genVerifyDCSpecificWatch("dc1"), meshConfigEntryID: genVerifyMeshConfigWatch("dc1"), gatewayServicesWatchID: genVerifyServiceSpecificRequest(gatewayServicesWatchID, - "terminating-gateway", "", "dc1", false), + "terminating-gateway", "dc1", false), }, events: []UpdateEvent{ rootWatchEvent(), @@ -1689,9 +1677,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { Result: &structs.IndexedGatewayServices{ Services: structs.GatewayServices{ { - Service: db, - Gateway: structs.NewServiceName("terminating-gateway", nil), - IsEndpoint: true, + Service: db, + Gateway: structs.NewServiceName("terminating-gateway", nil), + ServiceKind: structs.GatewayServiceKindDestination, }, }, }, @@ -1700,7 +1688,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { { CorrelationID: serviceConfigIDPrefix + db.String(), Result: &structs.ServiceConfigResponse{ - Endpoint: structs.EndpointConfig{Address: "10.0.0.1", Port: 443}, + Destination: structs.DestinationConfig{Address: "10.0.0.1", Port: 443}, }, Err: nil, }, @@ -1718,7 +1706,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.True(t, snap.Valid(), "gateway with service list is valid") require.Len(t, snap.TerminatingGateway.ValidServices(), 0) - require.Len(t, snap.TerminatingGateway.ValidEndpoints(), 1) + require.Len(t, snap.TerminatingGateway.ValidDestinations(), 1) }, }, { @@ -1728,14 +1716,14 @@ func TestState_WatchesAndUpdates(t *testing.T) { Result: &structs.IndexedGatewayServices{ Services: structs.GatewayServices{ { - Service: db, - Gateway: structs.NewServiceName("terminating-gateway", nil), - IsEndpoint: true, + Service: db, + Gateway: structs.NewServiceName("terminating-gateway", nil), + ServiceKind: structs.GatewayServiceKindDestination, }, { - Service: api, - Gateway: structs.NewServiceName("terminating-gateway", nil), - IsEndpoint: true, + Service: api, + Gateway: structs.NewServiceName("terminating-gateway", nil), + ServiceKind: structs.GatewayServiceKindDestination, }, }, }, @@ -1744,7 +1732,7 @@ func TestState_WatchesAndUpdates(t *testing.T) { { CorrelationID: serviceConfigIDPrefix + api.String(), Result: &structs.ServiceConfigResponse{ - Endpoint: structs.EndpointConfig{Address: "10.0.0.4", Port: 443}, + Destination: structs.DestinationConfig{Address: "10.0.0.4", Port: 443}, }, Err: nil, }, @@ -1764,9 +1752,9 @@ func TestState_WatchesAndUpdates(t *testing.T) { require.Len(t, snap.TerminatingGateway.ValidServices(), 0) require.Len(t, snap.TerminatingGateway.WatchedServices, 0) - require.Len(t, snap.TerminatingGateway.ValidEndpoints(), 2) - require.Contains(t, snap.TerminatingGateway.ValidEndpoints(), db) - require.Contains(t, snap.TerminatingGateway.ValidEndpoints(), api) + require.Len(t, snap.TerminatingGateway.ValidDestinations(), 2) + require.Contains(t, snap.TerminatingGateway.ValidDestinations(), db) + require.Contains(t, snap.TerminatingGateway.ValidDestinations(), api) require.Len(t, snap.TerminatingGateway.WatchedIntentions, 2) require.Contains(t, snap.TerminatingGateway.WatchedIntentions, db) diff --git a/agent/proxycfg/terminating_gateway.go b/agent/proxycfg/terminating_gateway.go index a745eacf12..1e9eb7c431 100644 --- a/agent/proxycfg/terminating_gateway.go +++ b/agent/proxycfg/terminating_gateway.go @@ -351,13 +351,13 @@ func (s *handlerTerminatingGateway) handleUpdate(ctx context.Context, u UpdateEv // Here we assume that any service-defaults entry with a destination address is a destination. // Validation will be done at the writing side. // if the Address is nil, we assume it's another type of service-defaults, and just ignore. - if serviceConfig.Endpoint.Address != "" { + if serviceConfig.Destination.Address != "" { // Watch leaf certificate for the destination // This cert is used to terminate mTLS connections on the destination's behalf sn := structs.ServiceName{Name: sn.Name, EnterpriseMeta: sn.EnterpriseMeta} if _, ok := snap.TerminatingGateway.WatchedLeaves[sn]; !ok { ctx, cancel := context.WithCancel(ctx) - err := s.cache.Notify(ctx, cachetype.ConnectCALeafName, &cachetype.ConnectCALeafRequest{ + err := s.dataSources.LeafCertificate.Notify(ctx, &cachetype.ConnectCALeafRequest{ Datacenter: s.source.Datacenter, Token: s.token, Service: sn.Name, diff --git a/agent/proxycfg/testing_terminating_gateway.go b/agent/proxycfg/testing_terminating_gateway.go index b9055b6785..ba431f5200 100644 --- a/agent/proxycfg/testing_terminating_gateway.go +++ b/agent/proxycfg/testing_terminating_gateway.go @@ -10,13 +10,10 @@ func TestConfigSnapshotTerminatingGateway(t testing.T, populateServices bool, ns roots, _ := TestCerts(t) var ( - web = structs.NewServiceName("web", nil) - api = structs.NewServiceName("api", nil) - db = structs.NewServiceName("db", nil) - cache = structs.NewServiceName("cache", nil) - externalCIDR = structs.NewServiceName("external-CIDR", nil) - externalIP = structs.NewServiceName("external-IP", nil) - externalHostname = structs.NewServiceName("external-hostanem", nil) + web = structs.NewServiceName("web", nil) + api = structs.NewServiceName("api", nil) + db = structs.NewServiceName("db", nil) + cache = structs.NewServiceName("cache", nil) ) baseEvents := []UpdateEvent{ @@ -329,110 +326,6 @@ func TestConfigSnapshotTerminatingGateway(t testing.T, populateServices bool, ns }) } - if populateEndpoints { - tgtwyServices = append(tgtwyServices, - &structs.GatewayService{ - Service: externalCIDR, - IsEndpoint: true, - }, - &structs.GatewayService{ - Service: externalIP, - IsEndpoint: true, - }, - &structs.GatewayService{ - Service: externalHostname, - IsEndpoint: true, - }, - ) - - baseEvents = testSpliceEvents(baseEvents, []UpdateEvent{ - { - CorrelationID: gatewayServicesWatchID, - Result: &structs.IndexedGatewayServices{ - Services: tgtwyServices, - }, - }, - // no intentions defined for these services - { - CorrelationID: serviceIntentionsIDPrefix + externalCIDR.String(), - Result: &structs.IndexedIntentionMatches{ - Matches: []structs.Intentions{ - nil, - }, - }, - }, - { - CorrelationID: serviceIntentionsIDPrefix + externalIP.String(), - Result: &structs.IndexedIntentionMatches{ - Matches: []structs.Intentions{ - nil, - }, - }, - }, - { - CorrelationID: serviceIntentionsIDPrefix + externalHostname.String(), - Result: &structs.IndexedIntentionMatches{ - Matches: []structs.Intentions{ - nil, - }, - }, - }, - // ======== - { - CorrelationID: serviceLeafIDPrefix + externalCIDR.String(), - Result: &structs.IssuedCert{ - CertPEM: "placeholder.crt", - PrivateKeyPEM: "placeholder.key", - }, - }, - { - CorrelationID: serviceLeafIDPrefix + externalIP.String(), - Result: &structs.IssuedCert{ - CertPEM: "placeholder.crt", - PrivateKeyPEM: "placeholder.key", - }, - }, - { - CorrelationID: serviceLeafIDPrefix + externalHostname.String(), - Result: &structs.IssuedCert{ - CertPEM: "placeholder.crt", - PrivateKeyPEM: "placeholder.key", - }, - }, - // ======== - { - CorrelationID: serviceConfigIDPrefix + externalCIDR.String(), - Result: &structs.ServiceConfigResponse{ - ProxyConfig: map[string]interface{}{"protocol": "tcp"}, - Endpoint: structs.EndpointConfig{ - Address: "10.0.0.1/8", - Port: 443, - }, - }, - }, - { - CorrelationID: serviceConfigIDPrefix + externalIP.String(), - Result: &structs.ServiceConfigResponse{ - ProxyConfig: map[string]interface{}{"protocol": "http"}, - Endpoint: structs.EndpointConfig{ - Address: "192.168.0.1", - Port: 80, - }, - }, - }, - { - CorrelationID: serviceConfigIDPrefix + externalHostname.String(), - Result: &structs.ServiceConfigResponse{ - ProxyConfig: map[string]interface{}{"protocol": "grpc"}, - Endpoint: structs.EndpointConfig{ - Address: "*.hashicorp.com", - Port: 8089, - }, - }, - }, - }) - } - return testConfigSnapshotFixture(t, &structs.NodeService{ Kind: structs.ServiceKindTerminatingGateway, Service: "terminating-gateway", @@ -628,13 +521,13 @@ func testConfigSnapshotTerminatingGatewayServiceSubsets(t testing.T, alsoAdjustC }) } - return TestConfigSnapshotTerminatingGateway(t, true, false, nil, events) + return TestConfigSnapshotTerminatingGateway(t, true, nil, events) } func TestConfigSnapshotTerminatingGatewayDefaultServiceSubset(t testing.T) *ConfigSnapshot { web := structs.NewServiceName("web", nil) - return TestConfigSnapshotTerminatingGateway(t, true, false, nil, []UpdateEvent{ + return TestConfigSnapshotTerminatingGateway(t, true, nil, []UpdateEvent{ { CorrelationID: serviceResolverIDPrefix + web.String(), Result: &structs.ConfigEntryResponse{ @@ -654,12 +547,6 @@ func TestConfigSnapshotTerminatingGatewayDefaultServiceSubset(t testing.T) *Conf }, }, }, - // { - // CorrelationID: serviceConfigIDPrefix + web.String(), - // Result: &structs.ServiceConfigResponse{ - // ProxyConfig: map[string]interface{}{"protocol": "http"}, - // }, - // }, }) } @@ -718,7 +605,7 @@ func testConfigSnapshotTerminatingGatewayLBConfig(t testing.T, variant string) * return nil } - return TestConfigSnapshotTerminatingGateway(t, true, false, nil, []UpdateEvent{ + return TestConfigSnapshotTerminatingGateway(t, true, nil, []UpdateEvent{ { CorrelationID: serviceConfigIDPrefix + web.String(), Result: &structs.ServiceConfigResponse{ @@ -741,7 +628,7 @@ func testConfigSnapshotTerminatingGatewayLBConfig(t testing.T, variant string) * } func TestConfigSnapshotTerminatingGatewaySNI(t testing.T) *ConfigSnapshot { - return TestConfigSnapshotTerminatingGateway(t, true, false, nil, []UpdateEvent{ + return TestConfigSnapshotTerminatingGateway(t, true, nil, []UpdateEvent{ { CorrelationID: "gateway-services", Result: &structs.IndexedGatewayServices{ @@ -770,7 +657,7 @@ func TestConfigSnapshotTerminatingGatewayHostnameSubsets(t testing.T) *ConfigSna cache = structs.NewServiceName("cache", nil) ) - return TestConfigSnapshotTerminatingGateway(t, true, false, nil, []UpdateEvent{ + return TestConfigSnapshotTerminatingGateway(t, true, nil, []UpdateEvent{ { CorrelationID: serviceResolverIDPrefix + api.String(), Result: &structs.ConfigEntryResponse{ @@ -820,7 +707,7 @@ func TestConfigSnapshotTerminatingGatewayIgnoreExtraResolvers(t testing.T) *Conf notfound = structs.NewServiceName("notfound", nil) ) - return TestConfigSnapshotTerminatingGateway(t, true, false, nil, []UpdateEvent{ + return TestConfigSnapshotTerminatingGateway(t, true, nil, []UpdateEvent{ { CorrelationID: serviceResolverIDPrefix + web.String(), Result: &structs.ConfigEntryResponse{ @@ -882,7 +769,7 @@ func TestConfigSnapshotTerminatingGatewayWithLambdaService(t testing.T, extraUpd }, }, }) - return TestConfigSnapshotTerminatingGateway(t, true, false, nil, updateEvents) + return TestConfigSnapshotTerminatingGateway(t, true, nil, updateEvents) } func TestConfigSnapshotTerminatingGatewayWithLambdaServiceAndServiceResolvers(t testing.T) *ConfigSnapshot {