mirror of https://github.com/hashicorp/consul
PR comments
freddygv
parent
77bb2f1002
commit
eddd5bd73b
|
|
@ -33,6 +33,10 @@ const (
|
||||||
datacentersWatchID = "datacenters"
|
datacentersWatchID = "datacenters"
|
||||||
serviceResolversWatchID = "service-resolvers"
|
serviceResolversWatchID = "service-resolvers"
|
||||||
gatewayServicesWatchID = "gateway-services"
|
gatewayServicesWatchID = "gateway-services"
|
||||||
|
externalServiceIDPrefix = "external-service:"
|
||||||
|
serviceLeafIDPrefix = "service-leaf:"
|
||||||
|
serviceResolverIDPrefix = "service-resolver:"
|
||||||
|
serviceIntentionsIDPrefix = "service-intentions:"
|
||||||
svcChecksWatchIDPrefix = cachetype.ServiceHTTPChecksName + ":"
|
svcChecksWatchIDPrefix = cachetype.ServiceHTTPChecksName + ":"
|
||||||
serviceIDPrefix = string(structs.UpstreamDestTypeService) + ":"
|
serviceIDPrefix = string(structs.UpstreamDestTypeService) + ":"
|
||||||
preparedQueryIDPrefix = string(structs.UpstreamDestTypePreparedQuery) + ":"
|
preparedQueryIDPrefix = string(structs.UpstreamDestTypePreparedQuery) + ":"
|
||||||
|
|
@ -921,7 +925,7 @@ func (s *state) handleUpdateTerminatingGateway(u cache.UpdateEvent, snap *Config
|
||||||
|
|
||||||
// The gateway acts as the service's proxy, so we do NOT want to discover other proxies
|
// The gateway acts as the service's proxy, so we do NOT want to discover other proxies
|
||||||
Connect: false,
|
Connect: false,
|
||||||
}, fmt.Sprintf("external-service:%s", svc.Service.String()), s.ch)
|
}, externalServiceIDPrefix+svc.Service.String(), s.ch)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error("failed to register watch for external-service",
|
logger.Error("failed to register watch for external-service",
|
||||||
|
|
@ -950,7 +954,7 @@ func (s *state) handleUpdateTerminatingGateway(u cache.UpdateEvent, snap *Config
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}, fmt.Sprintf("service-intentions:%s", svc.Service.String()), s.ch)
|
}, serviceIntentionsIDPrefix+svc.Service.String(), s.ch)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error("failed to register watch for service-intentions",
|
logger.Error("failed to register watch for service-intentions",
|
||||||
|
|
@ -972,7 +976,7 @@ func (s *state) handleUpdateTerminatingGateway(u cache.UpdateEvent, snap *Config
|
||||||
Token: s.token,
|
Token: s.token,
|
||||||
Service: svc.Service.ID,
|
Service: svc.Service.ID,
|
||||||
EnterpriseMeta: svc.Service.EnterpriseMeta,
|
EnterpriseMeta: svc.Service.EnterpriseMeta,
|
||||||
}, fmt.Sprintf("service-leaf:%s", svc.Service.String()), s.ch)
|
}, serviceLeafIDPrefix+svc.Service.String(), s.ch)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error("failed to register watch for a service-leaf",
|
logger.Error("failed to register watch for a service-leaf",
|
||||||
|
|
@ -995,7 +999,7 @@ func (s *state) handleUpdateTerminatingGateway(u cache.UpdateEvent, snap *Config
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: svc.Service.ID,
|
Name: svc.Service.ID,
|
||||||
EnterpriseMeta: svc.Service.EnterpriseMeta,
|
EnterpriseMeta: svc.Service.EnterpriseMeta,
|
||||||
}, fmt.Sprintf("service-resolver:%s", svc.Service.String()), s.ch)
|
}, serviceResolverIDPrefix+svc.Service.String(), s.ch)
|
||||||
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logger.Error("failed to register watch for a service-resolver",
|
logger.Error("failed to register watch for a service-resolver",
|
||||||
|
|
@ -1051,13 +1055,13 @@ func (s *state) handleUpdateTerminatingGateway(u cache.UpdateEvent, snap *Config
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
case strings.HasPrefix(u.CorrelationID, "external-service:"):
|
case strings.HasPrefix(u.CorrelationID, externalServiceIDPrefix):
|
||||||
resp, ok := u.Result.(*structs.IndexedCheckServiceNodes)
|
resp, ok := u.Result.(*structs.IndexedCheckServiceNodes)
|
||||||
if !ok {
|
if !ok {
|
||||||
return fmt.Errorf("invalid type for response: %T", u.Result)
|
return fmt.Errorf("invalid type for response: %T", u.Result)
|
||||||
}
|
}
|
||||||
|
|
||||||
sid := structs.ServiceIDFromString(strings.TrimPrefix(u.CorrelationID, "external-service:"))
|
sid := structs.ServiceIDFromString(strings.TrimPrefix(u.CorrelationID, externalServiceIDPrefix))
|
||||||
|
|
||||||
if len(resp.Nodes) > 0 {
|
if len(resp.Nodes) > 0 {
|
||||||
snap.TerminatingGateway.ServiceGroups[sid] = resp.Nodes
|
snap.TerminatingGateway.ServiceGroups[sid] = resp.Nodes
|
||||||
|
|
@ -1066,13 +1070,13 @@ func (s *state) handleUpdateTerminatingGateway(u cache.UpdateEvent, snap *Config
|
||||||
}
|
}
|
||||||
|
|
||||||
// Store leaf cert for watched service
|
// Store leaf cert for watched service
|
||||||
case strings.HasPrefix(u.CorrelationID, "service-leaf:"):
|
case strings.HasPrefix(u.CorrelationID, serviceLeafIDPrefix):
|
||||||
leaf, ok := u.Result.(*structs.IssuedCert)
|
leaf, ok := u.Result.(*structs.IssuedCert)
|
||||||
if !ok {
|
if !ok {
|
||||||
return fmt.Errorf("invalid type for response: %T", u.Result)
|
return fmt.Errorf("invalid type for response: %T", u.Result)
|
||||||
}
|
}
|
||||||
|
|
||||||
sid := structs.ServiceIDFromString(strings.TrimPrefix(u.CorrelationID, "service-leaf:"))
|
sid := structs.ServiceIDFromString(strings.TrimPrefix(u.CorrelationID, serviceLeafIDPrefix))
|
||||||
snap.TerminatingGateway.ServiceLeaves[sid] = leaf
|
snap.TerminatingGateway.ServiceLeaves[sid] = leaf
|
||||||
|
|
||||||
case strings.HasPrefix(u.CorrelationID, "service-resolver:"):
|
case strings.HasPrefix(u.CorrelationID, "service-resolver:"):
|
||||||
|
|
@ -1087,7 +1091,7 @@ func (s *state) handleUpdateTerminatingGateway(u cache.UpdateEvent, snap *Config
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
case strings.HasPrefix(u.CorrelationID, "service-intentions:"):
|
case strings.HasPrefix(u.CorrelationID, serviceIntentionsIDPrefix):
|
||||||
// no-op: Intentions don't get stored in the snapshot, calls to ConnectAuthorize will fetch them from the cache
|
// no-op: Intentions don't get stored in the snapshot, calls to ConnectAuthorize will fetch them from the cache
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
|
|
||||||
|
|
@ -828,6 +828,8 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) {
|
verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) {
|
||||||
require.False(t, snap.Valid(), "gateway without root is not valid")
|
require.False(t, snap.Valid(), "gateway without root is not valid")
|
||||||
require.True(t, snap.ConnectProxy.IsEmpty())
|
require.True(t, snap.ConnectProxy.IsEmpty())
|
||||||
|
require.True(t, snap.MeshGateway.IsEmpty())
|
||||||
|
require.True(t, snap.IngressGateway.IsEmpty())
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
verificationStage{
|
||||||
|
|
@ -837,6 +839,8 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) {
|
verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) {
|
||||||
require.True(t, snap.Valid(), "gateway without services is valid")
|
require.True(t, snap.Valid(), "gateway without services is valid")
|
||||||
require.True(t, snap.ConnectProxy.IsEmpty())
|
require.True(t, snap.ConnectProxy.IsEmpty())
|
||||||
|
require.True(t, snap.MeshGateway.IsEmpty())
|
||||||
|
require.True(t, snap.IngressGateway.IsEmpty())
|
||||||
require.Equal(t, indexedRoots, snap.Roots)
|
require.Equal(t, indexedRoots, snap.Roots)
|
||||||
require.Empty(t, snap.TerminatingGateway.WatchedServices)
|
require.Empty(t, snap.TerminatingGateway.WatchedServices)
|
||||||
require.Empty(t, snap.TerminatingGateway.ServiceGroups)
|
require.Empty(t, snap.TerminatingGateway.ServiceGroups)
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
# There is no sidecar proxy for s2, since the terminating gateway acts as the proxy
|
||||||
export REQUIRED_SERVICES="s1 s1-sidecar-proxy s2 terminating-gateway-primary"
|
export REQUIRED_SERVICES="s1 s1-sidecar-proxy s2 terminating-gateway-primary"
|
||||||
|
|
|
||||||
|
|
@ -27,3 +27,7 @@ load helpers
|
||||||
[ "$status" -eq 0 ]
|
[ "$status" -eq 0 ]
|
||||||
[ "$output" = "hello" ]
|
[ "$output" = "hello" ]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@test "terminating-gateway is used for the upstream connection" {
|
||||||
|
assert_envoy_metric_at_least 127.0.0.1:20000 "s2.default.primary.*cx_total" 1
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,6 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
# There is no sidecar proxy for s2-v1, since the terminating gateway acts as the proxy
|
||||||
export REQUIRED_SERVICES="
|
export REQUIRED_SERVICES="
|
||||||
s1 s1-sidecar-proxy
|
s1 s1-sidecar-proxy
|
||||||
s2-v1
|
s2-v1
|
||||||
|
|
|
||||||
|
|
@ -34,3 +34,7 @@ load helpers
|
||||||
assert_expected_fortio_name s2-v1
|
assert_expected_fortio_name s2-v1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@test "terminating-gateway is used for the upstream connection" {
|
||||||
|
assert_envoy_metric_at_least 127.0.0.1:20000 "v1.s2.default.primary.*cx_total" 1
|
||||||
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue