pull over Validate_Clusters to api package in 1.18.x (#21634)

pull over Validate_Clusters to api package
2024-08-22 12:31:23 -06:00 · 2024-08-22 12:31:23 -06:00 · f900aef508
parent c05bd5f234
commit f900aef508
6 changed files with 1570 additions and 1530 deletions
--- a/agent/structs/config_entry_mesh.go
+++ b/agent/structs/config_entry_mesh.go
@ -20,6 +20,14 @@ type MeshConfigEntry struct {
 	// MutualTLSMode=permissive in either service-defaults or proxy-defaults.
 	AllowEnablingPermissiveMutualTLS bool `json:",omitempty" alias:"allow_enabling_permissive_mutual_tls"`

+	// ValidateClusters controls whether the clusters the route table refers to are validated. The default value is
+	// false. When set to false and a route refers to a cluster that does not exist, the route table loads and routing
+	// to a non-existent cluster results in a 404. When set to true and the route is set to a cluster that do not exist,
+	// the route table will not load. For more information, refer to
+	// [HTTP route configuration in the Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route.proto#envoy-v3-api-field-config-route-v3-routeconfiguration-validate-clusters)
+	// for more details.
+	ValidateClusters bool `json:",omitempty" alias:"validate_clusters"`
+
 	TLS *MeshTLSConfig `json:",omitempty"`

 	HTTP *MeshHTTPConfig `json:",omitempty"`
--- a/api/config_entry_mesh.go
+++ b/api/config_entry_mesh.go
@ -26,6 +26,14 @@ type MeshConfigEntry struct {
 	// MutualTLSMode=permissive in either service-defaults or proxy-defaults.
 	AllowEnablingPermissiveMutualTLS bool `json:",omitempty" alias:"allow_enabling_permissive_mutual_tls"`

+	// ValidateClusters controls whether the clusters the route table refers to are validated. The default value is
+	// false. When set to false and a route refers to a cluster that does not exist, the route table loads and routing
+	// to a non-existent cluster results in a 404. When set to true and the route is set to a cluster that do not exist,
+	// the route table will not load. For more information, refer to
+	// [HTTP route configuration in the Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route.proto#envoy-v3-api-field-config-route-v3-routeconfiguration-validate-clusters)
+	// for more details.
+	ValidateClusters bool `json:",omitempty" alias:"validate_clusters"`
+
 	TLS *MeshTLSConfig `json:",omitempty"`

 	HTTP *MeshHTTPConfig `json:",omitempty"`
--- a/proto/private/pbconfigentry/config_entry.gen.go
+++ b/proto/private/pbconfigentry/config_entry.gen.go
@ -1692,6 +1692,7 @@ func MeshConfigToStructs(s *MeshConfig, t *structs.MeshConfigEntry) {
 		TransparentProxyMeshConfigToStructs(s.TransparentProxy, &t.TransparentProxy)
 	}
 	t.AllowEnablingPermissiveMutualTLS = s.AllowEnablingPermissiveMutualTLS
+	t.ValidateClusters = s.ValidateClusters
 	if s.TLS != nil {
 		var x structs.MeshTLSConfig
 		MeshTLSConfigToStructs(s.TLS, &x)
@ -1720,6 +1721,7 @@ func MeshConfigFromStructs(t *structs.MeshConfigEntry, s *MeshConfig) {
 		s.TransparentProxy = &x
 	}
 	s.AllowEnablingPermissiveMutualTLS = t.AllowEnablingPermissiveMutualTLS
+	s.ValidateClusters = t.ValidateClusters
 	if t.TLS != nil {
 		var x MeshTLSConfig
 		MeshTLSConfigFromStructs(t.TLS, &x)
--- a/proto/private/pbconfigentry/config_entry.pb.go
+++ b/proto/private/pbconfigentry/config_entry.pb.go
--- a/proto/private/pbconfigentry/config_entry.proto
+++ b/proto/private/pbconfigentry/config_entry.proto
@ -94,6 +94,7 @@ message MeshConfig {
  PeeringMeshConfig Peering = 5;
  bool AllowEnablingPermissiveMutualTLS = 6;
  uint64 Hash = 7;
+  bool ValidateClusters = 8;
 }

 // mog annotation:
--- a/website/content/docs/connect/config-entries/mesh.mdx
+++ b/website/content/docs/connect/config-entries/mesh.mdx
@ -342,6 +342,17 @@ Note that the Kubernetes example does not include a `partition` field. Configura
      description:
        'Controls whether `MutualTLSMode=permissive` can be set in the `proxy-defaults` and `service-defaults` configuration entries. '
    },
+    {
+      name: 'ValidateClusters',
+      type: 'bool: false',
+      description:
+        `Controls whether the clusters the route table refers to are validated. The default value is false. When set to
+         false and a route refers to a cluster that does not exist, the route table loads and routing to a non-existent
+         cluster results in a 404. When set to true and the route is set to a cluster that do not exist, the route table
+         will not load.  For more information, refer to
+         [HTTP route configuration in the Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route.proto#envoy-v3-api-field-config-route-v3-routeconfiguration-validate-clusters)
+         for more details. `,
+    },
    {
      name: 'TLS',
      type: 'TLSConfig: <optional>',