github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

pull over Validate_Clusters to api package in 1.18.x (#21634) 

pull over Validate_Clusters to api package
pull/21644/head
John Murret 2024-08-22 12:31:23 -06:00 committed by GitHub
parent c05bd5f234
commit f900aef508
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 1570 additions and 1530 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
agent/structs/config_entry_mesh.go
View File

@ -20,6 +20,14 @@ type MeshConfigEntry struct {
// MutualTLSMode=permissive in either service-defaults or proxy-defaults. // MutualTLSMode=permissive in either service-defaults or proxy-defaults.
AllowEnablingPermissiveMutualTLS bool `json:",omitempty" alias:"allow_enabling_permissive_mutual_tls"` AllowEnablingPermissiveMutualTLS bool `json:",omitempty" alias:"allow_enabling_permissive_mutual_tls"`
// ValidateClusters controls whether the clusters the route table refers to are validated. The default value is
// false. When set to false and a route refers to a cluster that does not exist, the route table loads and routing
// to a non-existent cluster results in a 404. When set to true and the route is set to a cluster that do not exist,
// the route table will not load. For more information, refer to
// [HTTP route configuration in the Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route.proto#envoy-v3-api-field-config-route-v3-routeconfiguration-validate-clusters)
// for more details.
ValidateClusters bool `json:",omitempty" alias:"validate_clusters"`
TLS *MeshTLSConfig `json:",omitempty"` TLS *MeshTLSConfig `json:",omitempty"`
HTTP *MeshHTTPConfig `json:",omitempty"` HTTP *MeshHTTPConfig `json:",omitempty"`

8
api/config_entry_mesh.go
View File

@ -26,6 +26,14 @@ type MeshConfigEntry struct {
// MutualTLSMode=permissive in either service-defaults or proxy-defaults. // MutualTLSMode=permissive in either service-defaults or proxy-defaults.
AllowEnablingPermissiveMutualTLS bool `json:",omitempty" alias:"allow_enabling_permissive_mutual_tls"` AllowEnablingPermissiveMutualTLS bool `json:",omitempty" alias:"allow_enabling_permissive_mutual_tls"`
// ValidateClusters controls whether the clusters the route table refers to are validated. The default value is
// false. When set to false and a route refers to a cluster that does not exist, the route table loads and routing
// to a non-existent cluster results in a 404. When set to true and the route is set to a cluster that do not exist,
// the route table will not load. For more information, refer to
// [HTTP route configuration in the Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route.proto#envoy-v3-api-field-config-route-v3-routeconfiguration-validate-clusters)
// for more details.
ValidateClusters bool `json:",omitempty" alias:"validate_clusters"`
TLS *MeshTLSConfig `json:",omitempty"` TLS *MeshTLSConfig `json:",omitempty"`
HTTP *MeshHTTPConfig `json:",omitempty"` HTTP *MeshHTTPConfig `json:",omitempty"`

2
proto/private/pbconfigentry/config_entry.gen.go
View File

@ -1692,6 +1692,7 @@ func MeshConfigToStructs(s *MeshConfig, t *structs.MeshConfigEntry) {
TransparentProxyMeshConfigToStructs(s.TransparentProxy, &t.TransparentProxy) TransparentProxyMeshConfigToStructs(s.TransparentProxy, &t.TransparentProxy)
} }
t.AllowEnablingPermissiveMutualTLS = s.AllowEnablingPermissiveMutualTLS t.AllowEnablingPermissiveMutualTLS = s.AllowEnablingPermissiveMutualTLS
t.ValidateClusters = s.ValidateClusters
if s.TLS != nil { if s.TLS != nil {
var x structs.MeshTLSConfig var x structs.MeshTLSConfig
MeshTLSConfigToStructs(s.TLS, &x) MeshTLSConfigToStructs(s.TLS, &x)
@ -1720,6 +1721,7 @@ func MeshConfigFromStructs(t *structs.MeshConfigEntry, s *MeshConfig) {
s.TransparentProxy = &x s.TransparentProxy = &x
} }
s.AllowEnablingPermissiveMutualTLS = t.AllowEnablingPermissiveMutualTLS s.AllowEnablingPermissiveMutualTLS = t.AllowEnablingPermissiveMutualTLS
s.ValidateClusters = t.ValidateClusters
if t.TLS != nil { if t.TLS != nil {
var x MeshTLSConfig var x MeshTLSConfig
MeshTLSConfigFromStructs(t.TLS, &x) MeshTLSConfigFromStructs(t.TLS, &x)

3070
proto/private/pbconfigentry/config_entry.pb.go
View File

File diff suppressed because it is too large Load Diff

1
proto/private/pbconfigentry/config_entry.proto
View File

@ -94,6 +94,7 @@ message MeshConfig {
PeeringMeshConfig Peering = 5; PeeringMeshConfig Peering = 5;
bool AllowEnablingPermissiveMutualTLS = 6; bool AllowEnablingPermissiveMutualTLS = 6;
uint64 Hash = 7; uint64 Hash = 7;
bool ValidateClusters = 8;
} }
// mog annotation: // mog annotation:

11
website/content/docs/connect/config-entries/mesh.mdx
View File

@ -342,6 +342,17 @@ Note that the Kubernetes example does not include a `partition` field. Configura
description: description:
'Controls whether `MutualTLSMode=permissive` can be set in the `proxy-defaults` and `service-defaults` configuration entries. ' 'Controls whether `MutualTLSMode=permissive` can be set in the `proxy-defaults` and `service-defaults` configuration entries. '
}, },
{
name: 'ValidateClusters',
type: 'bool: false',
description:
`Controls whether the clusters the route table refers to are validated. The default value is false. When set to
false and a route refers to a cluster that does not exist, the route table loads and routing to a non-existent
cluster results in a 404. When set to true and the route is set to a cluster that do not exist, the route table
will not load. For more information, refer to
[HTTP route configuration in the Envoy docs](https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route.proto#envoy-v3-api-field-config-route-v3-routeconfiguration-validate-clusters)
for more details. `,
},
{ {
name: 'TLS', name: 'TLS',
type: 'TLSConfig: <optional>', type: 'TLSConfig: <optional>',