Commit Graph

116 Commits (0ca7313b07a30b20bd3c7c68fdc40e961e706e7d)

Author SHA1 Message Date
Nathan Coleman 27aecdb8cc
[NET-5075] Implement mesh gateway mode for explicit destinations (#20361) 2024-01-26 17:17:18 -05:00
Nitya Dhanushkodi 0ec7bddb9a
[Net-5594][Net-7466] v2: Only route to endpoints that implement the port being routed to, and make xdscontroller and xdsv2 golden tests use tenancy (#20356)
* If a workload does not implement a port, it should not be included in the list of endpoints for the Envoy cluster for that port.

* Adds tenancy tests for xds controller and xdsv2 resource generation, and adds all those files.

* The original change in this PR was for filtering the list of endpoints by the port being routed to (bullet 1). Since I made changes to sidecarproxycontroller golden files, I realized some of the golden files were unused because of the tenancy changes, so when I deleted those, that broke xds controller tests which weren't correctly using tenancy. So when I fixed that, then the xdsv2 tests broke, so I added tenancy support there too. So now, from sidecarproxy controller -> xds controller -> xdsv2 we now have tenancy support and all the golden files are lined up.
2024-01-26 10:07:21 -08:00
sarahalsmiller 37ebaa6920
Net 7155- Consul API Gateway Controller Stub Work (#20324)
* API Gateway proto

* fix lint issue

* new line

* run make proto format

* checkpoint

* stub

* Update internal/mesh/internal/controllers/apigateways/controller.go
2024-01-25 23:16:20 +00:00
John Maguire cfe4d59938
[NET-7265] Panic when passing an incorrect type to the data fetcher for gatewayproxy (#20238)
* panic when passing an incorrect type to the data fetcher

* Add assertions for sidecarproxy datafetcher as well

* rename assertion function

* Add in comments to ensure devs know about potential panics for using
invalid types

* fix method call
2024-01-24 14:16:56 -05:00
skpratt 0abf8f8426
Net 5092/internal l7 traffic permissions (#20276)
* wire up L7 Traffic Permissions

* testing

* update comment
2024-01-23 20:07:58 -06:00
Nathan Coleman 995ba32cc0
Use null route cluster for default router when no matches on v2 mesh gateway (#20270)
* Use black hole cluster for default router when no matches

* Update test assertions

* Use null route cluster instead of black hole cluster concept

* Update test assertions
2024-01-22 10:50:04 -08:00
Matt Keeler f9c04881f9
Failover policy cache (#20244)
* Migrate the Failover controller to use the controller cache
* Remove the Catalog FailoverMapper and its usage in the mesh routes controller.
2024-01-19 09:35:34 -05:00
Nathan Coleman c40b59823a
[NET-6431] Remove explicit endpoints function from PST builder (#20262)
This isn't needed since we just populate RequiredEndpoints, which is already done for the base case
2024-01-18 19:13:37 -05:00
Matt Keeler 59cb12c798
Migrate the Endpoints controller to use the controller cache (#20241)
* Add cache resource decoding helpers

* Implement a common package for workload selection facilities. This includes:

   * Controller cache Index
   * ACL hooks
   * Dependency Mapper to go from workload to list of resources which select it
   * Dependency Mapper to go from a resource which selects workloads to all the workloads it selects.

* Update the endpoints controller to use the cache instead of custom mappers.

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2024-01-18 17:52:52 -05:00
John Maguire 7888d00e49
[NET6429] Add listeners for mesh-gateway v2 (#20253)
Add listeners for mesh-gateway v2
2024-01-18 17:52:06 +00:00
Nathan Coleman d2e991ddfc
Remove unnecessary fetching of gateway (#20172)
The fetched gateway isn't currently used anywhere
2024-01-17 14:13:13 -05:00
Michael Zalimeni 76b5de5039
[NET-4968] Upgrade Go to 1.21 (#20062)
* Upgrade Go to 1.21

* ci: detect Go backwards compatibility test version automatically

For our submodules and other places we choose to test against previous
Go versions, detect this version automatically from the current one
rather than hard-coding it.
2024-01-12 09:57:38 -05:00
John Maguire c6c2d8bf82
[NET-6426] Modify Reconcile Loop for Mesh Gateway Resources to Correctly Write Proxy State Template (#20085) 2024-01-08 23:26:00 -05:00
Kumar Kavish 9c8e9cebaa
[NET-6765] Audit the routes controller and add missing tenancy tests (#20016)
- moved resources to different tenancies.
2023-12-28 16:00:18 +05:30
Nathan Coleman ab60fec15a
[NET-6426] Add gateway proxy controller that generates empty proxy state template (#19901)
* NET-6426 Create ProxyStateTemplate when reconciling MeshGateway resource

* Add TODO for switching fetch method based on gateway type

* Use gateway-kind in workload metadata instead of owner reference

* Create ProxyStateTemplate builder for gatewayproxy controller

* Update to use new controller interface

* Add copyright headers

* Set correct name for ProxyStateTemplate identity reference

* Generate empty ProxyStateTemplate by fetching MeshGateway

This cheats and looks up the MeshGateway directly. In the future, we will need a Workload => xGateway mapper

* Specify owner reference when writing ProxyStateTemplate

* Update dependency mapper to account for multiple controllers per resource type

* Regenerate v2 resource dependencies map

* Add helpful trace logs, tag TODOs with ticket identifiers
2023-12-21 16:37:47 -05:00
Nathan Coleman 874e68f1eb
[NET-6899] Create name-aligned Service when reconciling MeshGateway resource (#19900)
* NET-6899 Create name-aligned Service when reconciling MeshGateway resource

The Service has an owner reference added to it indicating that it belongs to a MeshGateway

* Specify port list when creating Service

* Use constants, add TODO w/ ticket reference

* Include gateway-kind in metadata of Service resource
2023-12-21 13:26:25 -05:00
Nathan Coleman 010bf533d1
NET-6663 Modify sidecarproxy controller to skip xGateway resources (#19902)
* NET-6663 Modify sidecarproxy controller to skip xGateway resources

* Check workload metadata after nil-check for workload

* Add test asserting that workloads with meta gateway-kind are ignored

* Use more common pattern for map access to increase readability
2023-12-18 21:54:41 +00:00
aahel a6496898de
added tenancy to TestBuildL4TrafficPermissions (#19932) 2023-12-14 10:41:24 +05:30
Matt Keeler 123bc95e1a
Add Common Controller Caching Infrastructure (#19767)
* Add Common Controller Caching Infrastructure
2023-12-13 10:06:39 -05:00
Matt Keeler efe279f802
Retry lint fixes (#19151)
* Add a make target to run lint-consul-retry on all the modules
* Cleanup sdk/testutil/retry
* Fix a bunch of retry.Run* usage to not use the outer testing.T
* Fix some more recent retry lint issues and pin to v1.4.0 of lint-consul-retry
* Fix codegen copywrite lint issues
* Don’t perform cleanup after each retry attempt by default.
* Use the common testutil.TestingTB interface in test-integ/tenancy
* Fix retry tests
* Update otel access logging extension test to perform requests within the retry block
2023-12-06 12:11:32 -05:00
Semir Patel c1bbda8128
resource: block default namespace deletion + test refactorings (#19822) 2023-12-05 14:00:06 -05:00
Ashesh Vidyut 82f6a8d7f3
Net 6585 (#19797)
Add multi tenancy to sidecar proxy controller
2023-12-01 21:28:57 +05:30
Michael Zalimeni d1f2fa1841
[NET-6725] test: Address occasional flakes in sidecarproxy/controller_test.go (#19760)
test: Address occasional flakes in sidecarproxy/controller_test.go

We've observed an occasional flake in this test where some state check
fails. Adding in some wait wrappers to these state checks will hopefully
address the issue, assuming it is a simple flake.
2023-11-29 16:56:14 +00:00
Thomas Eckert 419677cc9e
[NET-6420] Add MeshConfiguration Controller stub (#19745)
* Add meshconfiguration/controller

* Add MeshConfiguration Registration function

* Fix the TODOs on the RegisterMeshGateway function

* Call RegisterMeshConfiguration

* Add comment to MeshConfigurationRegistration

* Add a test for Reconcile and some comments
2023-11-28 18:56:07 +00:00
Chris S. Kim 5107764115
Move test setup out of subtest (#19753) 2023-11-28 18:39:37 +00:00
Ganesh S ba2422596f
Add tenancy tests for routes controller (#19706) 2023-11-22 21:52:10 +05:30
Ganesh S 4020c002d6
Add tenancy tests for proxy cfg controller (#19649) 2023-11-15 21:36:08 +05:30
Ashesh Vidyut d68a23aa85
NET 6539 - Add tenancy tests for folder - internal/mesh/internal/controllers/sidecarproxy (#19646)
* Add tenancy tests for folder - internal/mesh/internal/controllers/sidecarproxy

* removed rej files

* added missed out file
2023-11-15 13:49:40 +05:30
Ashesh Vidyut 443461318a
NET 6525 (#19645)
Removed resourcetest func
2023-11-15 06:32:15 +00:00
Ashesh Vidyut fbc2a58733
NET 6442 - Add tenancy to explicit destinations controller (#19644)
Add tenancy to explicit destinations controller
2023-11-15 06:11:56 +00:00
R.B. Boyer b21851c903
test: add test helper to detect if the current build is enterprise (#19201)
This can help conditionally change test behavior if the test is executing in enterprise without the need to split the test with build tags.
2023-11-13 10:30:07 -06:00
Kumar Kavish 68e7f27fd2
[NET-6438] Add tenancy to xDS Tests (#19551)
* [NET-6438] Add tenancy to xDS Tests

* [NET-6438] Add tenancy to xDS Tests
- Fixing imports

* [NET-6438] Add tenancy to xDS Tests
- Added cleanup post test run

* [NET-6356] Add tenancy to xDS Tests
- Added cleanup post test run

* [NET-6438] Add tenancy to xDS Tests
- using t.Cleanup instead of defer delete

* [NET-6438] Add tenancy to xDS Tests
- rebased

* [NET-6438] Add tenancy to xDS Tests
- rebased
2023-11-10 15:32:36 +05:30
Nathan Coleman 40c57f10a0
NET-6391 Initialize controller for MeshGateway resource (#19552)
* Generate resource_types for MeshGateway by specifying spec option

* Register MeshGateway type w/ TODOs for hooks

* Initialize controller for MeshGateway resources

* Add meshgateway to list of v2 resource dependencies for golden test

* Scope MeshGateway resource to partition
2023-11-09 16:33:14 -05:00
Ashesh Vidyut 515eed8c7c
Net 6439 (#19517)
* node health controller tenancy

* some prog

* some fixes

* revert

* pr comment resolved

* removed name

* Add namespace and tenancy in sidecar proxy controller test

* revert node health controller

* clean up data

* fix local

* copy from ENT

* removed dup code

* removed tenancy

* add test tenancies
2023-11-09 11:47:19 +05:30
John Murret caaff73337
add DeliverLatest as common function for use by Manager and ProxyTracker Open (#19564)
Open
add DeliverLatest as common function for use by Manager and ProxyTracker
2023-11-07 23:03:37 +00:00
John Murret d94d316204
NET-6319 - L7 routes have statePrefix of upstream. and should have a full path (#19473) 2023-11-02 19:58:54 -06:00
John Murret 77e9a50f8b
Source / local_app golden tests to include all protocols. (#19436)
* cover all protocols in local_app golden tests

* fix xds tests

* updating latest

* fix broken test

* add sorting of routers to TestBuildLocalApp to get rid of the flaking
2023-11-02 18:31:06 +00:00
Matt Keeler 5698353652
Resource Hook Pre-Decode Utilities (#18548)
Add some generic type hook wrappers to first decode the data

There seems to be a pattern for Validation, Mutation and Write Authorization hooks where they first need to decode the Any data before doing the domain specific work.

This PR introduces 3 new functions to generate wrappers around the other hooks to pre-decode the data into a DecodedResource and pass that in instead of the original pbresource.Resource.

This PR also updates the various catalog data types to use the new hook generators.
2023-10-26 16:39:06 -04:00
Michael Zalimeni a7803bd829
[NET-6305] xds: Ensure v2 route match and protocol are populated for gRPC (#19343)
* xds: Ensure v2 route match is populated for gRPC

Similar to HTTP, ensure that route match config (which is required by
Envoy) is populated when default values are used.

Because the default matches generated for gRPC contain a single empty
`GRPCRouteMatch`, and that proto does not directly support prefix-based
config, an interpretation of the empty struct is needed to generate the
same output that the `HTTPRouteMatch` is explicitly configured to
provide in internal/mesh/internal/controllers/routes/generate.go.

* xds: Ensure protocol set for gRPC resources

Add explicit protocol in `ProxyStateTemplate` builders and validate it
is always set on clusters. This ensures that HTTP filters and
`http2_protocol_options` are populated in all the necessary places for
gRPC traffic and prevents future unintended omissions of non-TCP
protocols.

Co-authored-by: John Murret <john.murret@hashicorp.com>

---------

Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-10-25 17:43:58 +00:00
John Murret 59d4962564
NET-6079 - wire up sidecarproxy golden file inputs into xds controller - sources (#19241)
* NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2

* WIP

* WIP

* everything matching except leafCerts.  need to mock those

* single port destinations working except mixed destinations

* golden test input to xds controller tests for destinations

* proposed fix for failover group naming errors

* clean up test to use helper.

* clean up test to use helper.

* fix test file

* add docstring for test function.

* add docstring for test function.

* fix linting error

* fixing test after route fix merged into main

* first source test works

* WIP

* modify all source files

* source tests pass

* fixing tests after bug fix in main
2023-10-24 10:21:53 -06:00
John Murret 9775758d0c
NET-5397 - wire up destination golden tests from sidecar-proxy controller for xds controller and xdsv2 (#19167)
* NET-5397 - wire up golden tests from sidecar-proxy controller for xds controller and xdsv2

* WIP

* WIP

* everything matching except leafCerts.  need to mock those

* single port destinations working except mixed destinations

* golden test input to xds controller tests for destinations

* proposed fix for failover group naming errors

* clean up test to use helper.

* clean up test to use helper.

* fix test file

* add docstring for test function.

* add docstring for test function.

* fix linting error

* fixing test after route fix merged into main
2023-10-24 09:33:23 -06:00
Iryna Shustava 809bf1deb8
mesh: ensure route configs are named uniquely per port (#19323) 2023-10-20 16:59:18 -06:00
Nitya Dhanushkodi def66ddf0e
mesh: provide missing domain to route configurations in ProxyStateTemplate (#19298)
* add empty domains

* update unit tests
2023-10-19 17:14:16 -04:00
Nitya Dhanushkodi 51b58cd910
fix expose paths (#19257)
When testing adding http probes to apps, I ran into some issues which I fixed here:
- The listener should be listening on the exposed listener port, updated that.
- The listener and route names were pointing to the path of the exposed path. In my test, the path was "/" resulting in an empty string path. Also, the path may not be unique across exposed path listeners, so I decided to use the path+exposed port as the unique identifier.
2023-10-17 14:47:21 -07:00
John Murret 9f4f99c626
NET-6097 - sidecar proxy controller - give name to first failover policy target (#19239) 2023-10-17 01:45:54 +00:00
R.B. Boyer df8ea430c6
mesh: add DestinationPolicy ACL hook tenancy tests (#19178)
Enhance the DestinationPolicy ACL hook tests to cover tenanted situations.
These tests will only execute in enterprise.
2023-10-16 13:44:24 -05:00
Semir Patel ad177698f7
resource: enforce lowercase v2 resource names (#19218) 2023-10-16 12:55:30 -05:00
R.B. Boyer 6c7d0759e4
mesh: add xRoute ACL hook tenancy tests (#19177)
Enhance the xRoute ACL hook tests to cover tenanted situations.
These tests will only execute in enterprise.
2023-10-16 12:18:56 -05:00
John Murret a7fbd00865
NET-5073 - ProxyConfiguration: implement various connection options (#19187)
* NET-5073 - ProxyConfiguration: implement various connection options

* PR feedback - LocalConnection and InboundConnection do not affect exposed routes. configure L7 route destinations. fix connection proto sequence numbers.

* add timeout to L7 Route Destinations
2023-10-14 13:54:08 +00:00
Iryna Shustava 105ebfdd00
catalog, mesh: implement missing ACL hooks (#19143)
This change adds ACL hooks to the remaining catalog and mesh resources, excluding any computed ones. Those will for now continue using the default operator:x permissions.

It refactors a lot of the common testing functions so that they can be re-used between resources.

There are also some types that we don't yet support (e.g. virtual IPs) that this change adds ACL hooks to for future-proofing.
2023-10-13 23:16:26 +00:00