Browse Source

fix related to merge

pull/13300/head
Dhia Ayachi 3 years ago
parent
commit
1c6dcbe0ed
  1. 1
      agent/cache-types/resolved_service_config.go
  2. 2
      agent/proxycfg/snapshot.go
  3. 34
      agent/proxycfg/state_test.go
  4. 4
      agent/proxycfg/terminating_gateway.go
  5. 127
      agent/proxycfg/testing_terminating_gateway.go

1
agent/cache-types/resolved_service_config.go

@ -17,7 +17,6 @@ type ResolvedServiceConfig struct {
RPC RPC
}
// TODO (dans): This is what queries for services
func (c *ResolvedServiceConfig) Fetch(opts cache.FetchOptions, req cache.Request) (cache.FetchResult, error) {
var result cache.FetchResult

2
agent/proxycfg/snapshot.go

@ -263,12 +263,12 @@ func (c *configSnapshotTerminatingGateway) ValidServices() []structs.ServiceName
return out
}
// ValidDestinations returns the list of service keys (that represent exclusively endpoints) that have enough data to be emitted.
func (c *configSnapshotTerminatingGateway) ValidDestinations() []structs.ServiceName {
out := make([]structs.ServiceName, 0, len(c.DestinationServices))
for svc := range c.DestinationServices {
// It only counts if ALL of our watches have come back (with data or not).
// Skip the service if we don't have a cert to present for mTLS.
if cert, ok := c.ServiceLeaves[svc]; !ok || cert == nil {
continue

34
agent/proxycfg/state_test.go

@ -277,18 +277,6 @@ func genVerifyMeshConfigWatch(expectedDatacenter string) verifyWatchRequest {
}
}
func genVerifyServiceDefaultsConfigWatch(expectedDatacenter string) verifyWatchRequest {
return func(t testing.TB, cacheType string, request cache.Request) {
require.Equal(t, cachetype.ConfigEntryName, cacheType)
reqReal, ok := request.(*structs.ConfigEntryQuery)
require.True(t, ok)
require.Equal(t, expectedDatacenter, reqReal.Datacenter)
require.Equal(t, "", reqReal.Name)
require.Equal(t, structs.ServiceDefaults, reqReal.Kind)
}
}
func genVerifyGatewayWatch(expectedDatacenter string) verifyWatchRequest {
return func(t testing.TB, request any) {
reqReal, ok := request.(*structs.ServiceDumpRequest)
@ -1673,10 +1661,10 @@ func TestState_WatchesAndUpdates(t *testing.T) {
stages: []verificationStage{
{
requiredWatches: map[string]verifyWatchRequest{
rootsWatchID: genVerifyRootsWatch("dc1"),
rootsWatchID: genVerifyDCSpecificWatch("dc1"),
meshConfigEntryID: genVerifyMeshConfigWatch("dc1"),
gatewayServicesWatchID: genVerifyServiceSpecificRequest(gatewayServicesWatchID,
"terminating-gateway", "", "dc1", false),
"terminating-gateway", "dc1", false),
},
events: []UpdateEvent{
rootWatchEvent(),
@ -1691,7 +1679,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
{
Service: db,
Gateway: structs.NewServiceName("terminating-gateway", nil),
IsEndpoint: true,
ServiceKind: structs.GatewayServiceKindDestination,
},
},
},
@ -1700,7 +1688,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
{
CorrelationID: serviceConfigIDPrefix + db.String(),
Result: &structs.ServiceConfigResponse{
Endpoint: structs.EndpointConfig{Address: "10.0.0.1", Port: 443},
Destination: structs.DestinationConfig{Address: "10.0.0.1", Port: 443},
},
Err: nil,
},
@ -1718,7 +1706,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) {
require.True(t, snap.Valid(), "gateway with service list is valid")
require.Len(t, snap.TerminatingGateway.ValidServices(), 0)
require.Len(t, snap.TerminatingGateway.ValidEndpoints(), 1)
require.Len(t, snap.TerminatingGateway.ValidDestinations(), 1)
},
},
{
@ -1730,12 +1718,12 @@ func TestState_WatchesAndUpdates(t *testing.T) {
{
Service: db,
Gateway: structs.NewServiceName("terminating-gateway", nil),
IsEndpoint: true,
ServiceKind: structs.GatewayServiceKindDestination,
},
{
Service: api,
Gateway: structs.NewServiceName("terminating-gateway", nil),
IsEndpoint: true,
ServiceKind: structs.GatewayServiceKindDestination,
},
},
},
@ -1744,7 +1732,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
{
CorrelationID: serviceConfigIDPrefix + api.String(),
Result: &structs.ServiceConfigResponse{
Endpoint: structs.EndpointConfig{Address: "10.0.0.4", Port: 443},
Destination: structs.DestinationConfig{Address: "10.0.0.4", Port: 443},
},
Err: nil,
},
@ -1764,9 +1752,9 @@ func TestState_WatchesAndUpdates(t *testing.T) {
require.Len(t, snap.TerminatingGateway.ValidServices(), 0)
require.Len(t, snap.TerminatingGateway.WatchedServices, 0)
require.Len(t, snap.TerminatingGateway.ValidEndpoints(), 2)
require.Contains(t, snap.TerminatingGateway.ValidEndpoints(), db)
require.Contains(t, snap.TerminatingGateway.ValidEndpoints(), api)
require.Len(t, snap.TerminatingGateway.ValidDestinations(), 2)
require.Contains(t, snap.TerminatingGateway.ValidDestinations(), db)
require.Contains(t, snap.TerminatingGateway.ValidDestinations(), api)
require.Len(t, snap.TerminatingGateway.WatchedIntentions, 2)
require.Contains(t, snap.TerminatingGateway.WatchedIntentions, db)

4
agent/proxycfg/terminating_gateway.go

@ -351,13 +351,13 @@ func (s *handlerTerminatingGateway) handleUpdate(ctx context.Context, u UpdateEv
// Here we assume that any service-defaults entry with a destination address is a destination.
// Validation will be done at the writing side.
// if the Address is nil, we assume it's another type of service-defaults, and just ignore.
if serviceConfig.Endpoint.Address != "" {
if serviceConfig.Destination.Address != "" {
// Watch leaf certificate for the destination
// This cert is used to terminate mTLS connections on the destination's behalf
sn := structs.ServiceName{Name: sn.Name, EnterpriseMeta: sn.EnterpriseMeta}
if _, ok := snap.TerminatingGateway.WatchedLeaves[sn]; !ok {
ctx, cancel := context.WithCancel(ctx)
err := s.cache.Notify(ctx, cachetype.ConnectCALeafName, &cachetype.ConnectCALeafRequest{
err := s.dataSources.LeafCertificate.Notify(ctx, &cachetype.ConnectCALeafRequest{
Datacenter: s.source.Datacenter,
Token: s.token,
Service: sn.Name,

127
agent/proxycfg/testing_terminating_gateway.go

@ -14,9 +14,6 @@ func TestConfigSnapshotTerminatingGateway(t testing.T, populateServices bool, ns
api = structs.NewServiceName("api", nil)
db = structs.NewServiceName("db", nil)
cache = structs.NewServiceName("cache", nil)
externalCIDR = structs.NewServiceName("external-CIDR", nil)
externalIP = structs.NewServiceName("external-IP", nil)
externalHostname = structs.NewServiceName("external-hostanem", nil)
)
baseEvents := []UpdateEvent{
@ -329,110 +326,6 @@ func TestConfigSnapshotTerminatingGateway(t testing.T, populateServices bool, ns
})
}
if populateEndpoints {
tgtwyServices = append(tgtwyServices,
&structs.GatewayService{
Service: externalCIDR,
IsEndpoint: true,
},
&structs.GatewayService{
Service: externalIP,
IsEndpoint: true,
},
&structs.GatewayService{
Service: externalHostname,
IsEndpoint: true,
},
)
baseEvents = testSpliceEvents(baseEvents, []UpdateEvent{
{
CorrelationID: gatewayServicesWatchID,
Result: &structs.IndexedGatewayServices{
Services: tgtwyServices,
},
},
// no intentions defined for these services
{
CorrelationID: serviceIntentionsIDPrefix + externalCIDR.String(),
Result: &structs.IndexedIntentionMatches{
Matches: []structs.Intentions{
nil,
},
},
},
{
CorrelationID: serviceIntentionsIDPrefix + externalIP.String(),
Result: &structs.IndexedIntentionMatches{
Matches: []structs.Intentions{
nil,
},
},
},
{
CorrelationID: serviceIntentionsIDPrefix + externalHostname.String(),
Result: &structs.IndexedIntentionMatches{
Matches: []structs.Intentions{
nil,
},
},
},
// ========
{
CorrelationID: serviceLeafIDPrefix + externalCIDR.String(),
Result: &structs.IssuedCert{
CertPEM: "placeholder.crt",
PrivateKeyPEM: "placeholder.key",
},
},
{
CorrelationID: serviceLeafIDPrefix + externalIP.String(),
Result: &structs.IssuedCert{
CertPEM: "placeholder.crt",
PrivateKeyPEM: "placeholder.key",
},
},
{
CorrelationID: serviceLeafIDPrefix + externalHostname.String(),
Result: &structs.IssuedCert{
CertPEM: "placeholder.crt",
PrivateKeyPEM: "placeholder.key",
},
},
// ========
{
CorrelationID: serviceConfigIDPrefix + externalCIDR.String(),
Result: &structs.ServiceConfigResponse{
ProxyConfig: map[string]interface{}{"protocol": "tcp"},
Endpoint: structs.EndpointConfig{
Address: "10.0.0.1/8",
Port: 443,
},
},
},
{
CorrelationID: serviceConfigIDPrefix + externalIP.String(),
Result: &structs.ServiceConfigResponse{
ProxyConfig: map[string]interface{}{"protocol": "http"},
Endpoint: structs.EndpointConfig{
Address: "192.168.0.1",
Port: 80,
},
},
},
{
CorrelationID: serviceConfigIDPrefix + externalHostname.String(),
Result: &structs.ServiceConfigResponse{
ProxyConfig: map[string]interface{}{"protocol": "grpc"},
Endpoint: structs.EndpointConfig{
Address: "*.hashicorp.com",
Port: 8089,
},
},
},
})
}
return testConfigSnapshotFixture(t, &structs.NodeService{
Kind: structs.ServiceKindTerminatingGateway,
Service: "terminating-gateway",
@ -628,13 +521,13 @@ func testConfigSnapshotTerminatingGatewayServiceSubsets(t testing.T, alsoAdjustC
})
}
return TestConfigSnapshotTerminatingGateway(t, true, false, nil, events)
return TestConfigSnapshotTerminatingGateway(t, true, nil, events)
}
func TestConfigSnapshotTerminatingGatewayDefaultServiceSubset(t testing.T) *ConfigSnapshot {
web := structs.NewServiceName("web", nil)
return TestConfigSnapshotTerminatingGateway(t, true, false, nil, []UpdateEvent{
return TestConfigSnapshotTerminatingGateway(t, true, nil, []UpdateEvent{
{
CorrelationID: serviceResolverIDPrefix + web.String(),
Result: &structs.ConfigEntryResponse{
@ -654,12 +547,6 @@ func TestConfigSnapshotTerminatingGatewayDefaultServiceSubset(t testing.T) *Conf
},
},
},
// {
// CorrelationID: serviceConfigIDPrefix + web.String(),
// Result: &structs.ServiceConfigResponse{
// ProxyConfig: map[string]interface{}{"protocol": "http"},
// },
// },
})
}
@ -718,7 +605,7 @@ func testConfigSnapshotTerminatingGatewayLBConfig(t testing.T, variant string) *
return nil
}
return TestConfigSnapshotTerminatingGateway(t, true, false, nil, []UpdateEvent{
return TestConfigSnapshotTerminatingGateway(t, true, nil, []UpdateEvent{
{
CorrelationID: serviceConfigIDPrefix + web.String(),
Result: &structs.ServiceConfigResponse{
@ -741,7 +628,7 @@ func testConfigSnapshotTerminatingGatewayLBConfig(t testing.T, variant string) *
}
func TestConfigSnapshotTerminatingGatewaySNI(t testing.T) *ConfigSnapshot {
return TestConfigSnapshotTerminatingGateway(t, true, false, nil, []UpdateEvent{
return TestConfigSnapshotTerminatingGateway(t, true, nil, []UpdateEvent{
{
CorrelationID: "gateway-services",
Result: &structs.IndexedGatewayServices{
@ -770,7 +657,7 @@ func TestConfigSnapshotTerminatingGatewayHostnameSubsets(t testing.T) *ConfigSna
cache = structs.NewServiceName("cache", nil)
)
return TestConfigSnapshotTerminatingGateway(t, true, false, nil, []UpdateEvent{
return TestConfigSnapshotTerminatingGateway(t, true, nil, []UpdateEvent{
{
CorrelationID: serviceResolverIDPrefix + api.String(),
Result: &structs.ConfigEntryResponse{
@ -820,7 +707,7 @@ func TestConfigSnapshotTerminatingGatewayIgnoreExtraResolvers(t testing.T) *Conf
notfound = structs.NewServiceName("notfound", nil)
)
return TestConfigSnapshotTerminatingGateway(t, true, false, nil, []UpdateEvent{
return TestConfigSnapshotTerminatingGateway(t, true, nil, []UpdateEvent{
{
CorrelationID: serviceResolverIDPrefix + web.String(),
Result: &structs.ConfigEntryResponse{
@ -882,7 +769,7 @@ func TestConfigSnapshotTerminatingGatewayWithLambdaService(t testing.T, extraUpd
},
},
})
return TestConfigSnapshotTerminatingGateway(t, true, false, nil, updateEvents)
return TestConfigSnapshotTerminatingGateway(t, true, nil, updateEvents)
}
func TestConfigSnapshotTerminatingGatewayWithLambdaServiceAndServiceResolvers(t testing.T) *ConfigSnapshot {

Loading…
Cancel
Save