From d66a43f5f2519374e5ffdcf69978051bc96aaada Mon Sep 17 00:00:00 2001 From: "R.B. Boyer" <4903+rboyer@users.noreply.github.com> Date: Fri, 20 Aug 2021 14:34:23 -0500 Subject: [PATCH] fixing various bits of enterprise meta plumbing to be more correct (#10889) --- agent/consul/config_endpoint.go | 2 +- agent/consul/prepared_query/template.go | 5 ++++- agent/consul/prepared_query_endpoint.go | 3 +-- agent/consul/state/acl.go | 2 +- agent/consul/state/config_entry.go | 18 ++++++++++-------- agent/prepared_query_endpoint.go | 14 ++++++++------ 6 files changed, 25 insertions(+), 19 deletions(-) diff --git a/agent/consul/config_endpoint.go b/agent/consul/config_endpoint.go index 60729c3dc1..b30269c599 100644 --- a/agent/consul/config_endpoint.go +++ b/agent/consul/config_endpoint.go @@ -479,7 +479,7 @@ func (c *ConfigEntry) ResolveServiceConfig(args *structs.ServiceConfigRequest, r cfgMap := make(map[string]interface{}) upstreamDefaults.MergeInto(cfgMap) - wildcard := structs.NewServiceID(structs.WildcardSpecifier, structs.WildcardEnterpriseMetaInDefaultPartition()) + wildcard := structs.NewServiceID(structs.WildcardSpecifier, args.WildcardEnterpriseMetaForPartition()) usConfigs[wildcard] = cfgMap } } diff --git a/agent/consul/prepared_query/template.go b/agent/consul/prepared_query/template.go index 5fa2cd9994..89974d2369 100644 --- a/agent/consul/prepared_query/template.go +++ b/agent/consul/prepared_query/template.go @@ -6,10 +6,11 @@ import ( "regexp" "strings" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/hil" "github.com/hashicorp/hil/ast" "github.com/mitchellh/copystructure" + + "github.com/hashicorp/consul/agent/structs" ) // IsTemplate returns true if the given query is a template. @@ -89,6 +90,7 @@ func Compile(query *structs.PreparedQuery) (*CompiledTemplate, error) { // prefix it will be expected to run with. The results might not make // sense and create a valid service to lookup, but it should render // without any errors. + // TODO(partitions) should this have a partition on it? if _, err = ct.Render(ct.query.Name, structs.QuerySource{}); err != nil { return nil, err } @@ -156,6 +158,7 @@ func (ct *CompiledTemplate) Render(name string, source structs.QuerySource) (*st Type: ast.TypeString, Value: source.Segment, }, + // TODO(partitions): should NodePartition be projected here? }, FuncMap: map[string]ast.Function{ "match": match, diff --git a/agent/consul/prepared_query_endpoint.go b/agent/consul/prepared_query_endpoint.go index 6aa0a7b83c..5df85ef609 100644 --- a/agent/consul/prepared_query_endpoint.go +++ b/agent/consul/prepared_query_endpoint.go @@ -402,8 +402,7 @@ func (p *PreparedQuery) Execute(args *structs.PreparedQueryExecuteRequest, qs.Node = args.Agent.Node } else if qs.Node == "_ip" { if args.Source.Ip != "" { - // TODO(partitions) - _, nodes, err := state.Nodes(nil, nil) + _, nodes, err := state.Nodes(nil, structs.NodeEnterpriseMetaInDefaultPartition()) if err != nil { return err } diff --git a/agent/consul/state/acl.go b/agent/consul/state/acl.go index d54c4b984c..8efc284dd8 100644 --- a/agent/consul/state/acl.go +++ b/agent/consul/state/acl.go @@ -1015,7 +1015,7 @@ func aclTokenDeleteTxn(tx WriteTxn, idx uint64, value, index string, entMeta *st func aclTokenDeleteAllForAuthMethodTxn(tx WriteTxn, idx uint64, methodName string, methodGlobalLocality bool, methodMeta *structs.EnterpriseMeta) error { // collect all the tokens linked with the given auth method. - iter, err := aclTokenListByAuthMethod(tx, methodName, methodMeta, structs.WildcardEnterpriseMetaInDefaultPartition()) + iter, err := aclTokenListByAuthMethod(tx, methodName, methodMeta, methodMeta.WildcardEnterpriseMetaForPartition()) if err != nil { return fmt.Errorf("failed acl token lookup: %v", err) } diff --git a/agent/consul/state/config_entry.go b/agent/consul/state/config_entry.go index 287773d9a1..c85f367587 100644 --- a/agent/consul/state/config_entry.go +++ b/agent/consul/state/config_entry.go @@ -401,8 +401,8 @@ func (s *Store) discoveryChainTargetsTxn(tx ReadTxn, ws memdb.WatchSet, dc, serv var resp []structs.ServiceName for _, t := range chain.Targets { - em := structs.NewEnterpriseMetaInDefaultPartition(t.Namespace) - target := structs.NewServiceName(t.Service, &em) + em := entMeta.NewEnterpriseMetaInPartition(t.Namespace) + target := structs.NewServiceName(t.Service, em) // TODO (freddy): Allow upstream DC and encode in response if t.Datacenter == dc { @@ -457,8 +457,8 @@ func (s *Store) discoveryChainSourcesTxn(tx ReadTxn, ws memdb.WatchSet, dc strin } for _, t := range chain.Targets { - em := structs.NewEnterpriseMetaInDefaultPartition(t.Namespace) - candidate := structs.NewServiceName(t.Service, &em) + em := sn.NewEnterpriseMetaInPartition(t.Namespace) + candidate := structs.NewServiceName(t.Service, em) if !candidate.Matches(destination) { continue @@ -489,13 +489,15 @@ func validateProposedConfigEntryInServiceGraph( enforceIngressProtocolsMatch bool ) + wildcardEntMeta := kindName.WildcardEnterpriseMetaForPartition() + switch kindName.Kind { case structs.ProxyDefaults: // Check anything that has a discovery chain entry. In the future we could // somehow omit the ones that have a default protocol configured. for _, kind := range serviceGraphKinds { - _, entries, err := configEntriesByKindTxn(tx, nil, kind, structs.WildcardEnterpriseMetaInDefaultPartition()) + _, entries, err := configEntriesByKindTxn(tx, nil, kind, wildcardEntMeta) if err != nil { return err } @@ -504,7 +506,7 @@ func validateProposedConfigEntryInServiceGraph( } } - _, ingressEntries, err := configEntriesByKindTxn(tx, nil, structs.IngressGateway, structs.WildcardEnterpriseMetaInDefaultPartition()) + _, ingressEntries, err := configEntriesByKindTxn(tx, nil, structs.IngressGateway, wildcardEntMeta) if err != nil { return err } @@ -516,7 +518,7 @@ func validateProposedConfigEntryInServiceGraph( checkIngress = append(checkIngress, ingress) } - _, ixnEntries, err := configEntriesByKindTxn(tx, nil, structs.ServiceIntentions, structs.WildcardEnterpriseMetaInDefaultPartition()) + _, ixnEntries, err := configEntriesByKindTxn(tx, nil, structs.ServiceIntentions, wildcardEntMeta) if err != nil { return err } @@ -573,7 +575,7 @@ func validateProposedConfigEntryInServiceGraph( checkIntentions = append(checkIntentions, ixn) } - _, ixnEntries, err := configEntriesByKindTxn(tx, nil, structs.ServiceIntentions, structs.WildcardEnterpriseMetaInDefaultPartition()) + _, ixnEntries, err := configEntriesByKindTxn(tx, nil, structs.ServiceIntentions, wildcardEntMeta) if err != nil { return err } diff --git a/agent/prepared_query_endpoint.go b/agent/prepared_query_endpoint.go index 887c13c6db..023119e4ce 100644 --- a/agent/prepared_query_endpoint.go +++ b/agent/prepared_query_endpoint.go @@ -94,9 +94,10 @@ func (s *HTTPHandlers) preparedQueryExecute(id string, resp http.ResponseWriter, args := structs.PreparedQueryExecuteRequest{ QueryIDOrName: id, Agent: structs.QuerySource{ - Node: s.agent.config.NodeName, - Datacenter: s.agent.config.Datacenter, - Segment: s.agent.config.SegmentName, + Node: s.agent.config.NodeName, + NodePartition: s.agent.config.PartitionOrEmpty(), + Datacenter: s.agent.config.Datacenter, + Segment: s.agent.config.SegmentName, }, } s.parseSource(req, &args.Source) @@ -178,9 +179,10 @@ func (s *HTTPHandlers) preparedQueryExplain(id string, resp http.ResponseWriter, args := structs.PreparedQueryExecuteRequest{ QueryIDOrName: id, Agent: structs.QuerySource{ - Node: s.agent.config.NodeName, - Datacenter: s.agent.config.Datacenter, - Segment: s.agent.config.SegmentName, + Node: s.agent.config.NodeName, + NodePartition: s.agent.config.PartitionOrEmpty(), + Datacenter: s.agent.config.Datacenter, + Segment: s.agent.config.SegmentName, }, } s.parseSource(req, &args.Source)