mirror of https://github.com/status-im/consul.git
Enable gofmt simplify
Code changes done automatically with 'gofmt -s -w'
This commit is contained in:
parent
8e919be7da
commit
068b43df90
|
@ -23,7 +23,7 @@ issues:
|
||||||
|
|
||||||
linters-settings:
|
linters-settings:
|
||||||
gofmt:
|
gofmt:
|
||||||
simplify: false
|
simplify: true
|
||||||
|
|
||||||
run:
|
run:
|
||||||
timeout: 10m
|
timeout: 10m
|
||||||
|
|
280
acl/acl_test.go
280
acl/acl_test.go
|
@ -460,15 +460,15 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Agents: []*AgentRule{
|
Agents: []*AgentRule{
|
||||||
&AgentRule{
|
{
|
||||||
Node: "root",
|
Node: "root",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "root-nope",
|
Node: "root-nope",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "root-rw",
|
Node: "root-rw",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -500,15 +500,15 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Agents: []*AgentRule{
|
Agents: []*AgentRule{
|
||||||
&AgentRule{
|
{
|
||||||
Node: "root",
|
Node: "root",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "root-nope",
|
Node: "root-nope",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "root-rw",
|
Node: "root-rw",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -540,7 +540,7 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
PreparedQueries: []*PreparedQueryRule{
|
PreparedQueries: []*PreparedQueryRule{
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "other",
|
Prefix: "other",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
|
@ -564,19 +564,19 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Agents: []*AgentRule{
|
Agents: []*AgentRule{
|
||||||
&AgentRule{
|
{
|
||||||
Node: "root-nope",
|
Node: "root-nope",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "root-ro",
|
Node: "root-ro",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "root-rw",
|
Node: "root-rw",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "override",
|
Node: "override",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
|
@ -586,19 +586,19 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Agents: []*AgentRule{
|
Agents: []*AgentRule{
|
||||||
&AgentRule{
|
{
|
||||||
Node: "child-nope",
|
Node: "child-nope",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "child-ro",
|
Node: "child-ro",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "child-rw",
|
Node: "child-rw",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "override",
|
Node: "override",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -644,19 +644,19 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Agents: []*AgentRule{
|
Agents: []*AgentRule{
|
||||||
&AgentRule{
|
{
|
||||||
Node: "root-nope",
|
Node: "root-nope",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "root-ro",
|
Node: "root-ro",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "root-rw",
|
Node: "root-rw",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "override",
|
Node: "override",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
|
@ -666,19 +666,19 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Agents: []*AgentRule{
|
Agents: []*AgentRule{
|
||||||
&AgentRule{
|
{
|
||||||
Node: "child-nope",
|
Node: "child-nope",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "child-ro",
|
Node: "child-ro",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "child-rw",
|
Node: "child-rw",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "override",
|
Node: "override",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -721,7 +721,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "KeyringDefaultAllowPolicyDeny",
|
name: "KeyringDefaultAllowPolicyDeny",
|
||||||
defaultPolicy: AllowAll(),
|
defaultPolicy: AllowAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Keyring: PolicyDeny,
|
Keyring: PolicyDeny,
|
||||||
},
|
},
|
||||||
|
@ -737,7 +737,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "KeyringDefaultAllowPolicyRead",
|
name: "KeyringDefaultAllowPolicyRead",
|
||||||
defaultPolicy: AllowAll(),
|
defaultPolicy: AllowAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Keyring: PolicyRead,
|
Keyring: PolicyRead,
|
||||||
},
|
},
|
||||||
|
@ -753,7 +753,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "KeyringDefaultAllowPolicyWrite",
|
name: "KeyringDefaultAllowPolicyWrite",
|
||||||
defaultPolicy: AllowAll(),
|
defaultPolicy: AllowAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Keyring: PolicyWrite,
|
Keyring: PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -768,7 +768,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "KeyringDefaultAllowPolicyNone",
|
name: "KeyringDefaultAllowPolicyNone",
|
||||||
defaultPolicy: AllowAll(),
|
defaultPolicy: AllowAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{},
|
{},
|
||||||
},
|
},
|
||||||
checks: []aclCheck{
|
checks: []aclCheck{
|
||||||
{name: "ReadAllowed", check: checkAllowKeyringRead},
|
{name: "ReadAllowed", check: checkAllowKeyringRead},
|
||||||
|
@ -779,7 +779,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "KeyringDefaultDenyPolicyDeny",
|
name: "KeyringDefaultDenyPolicyDeny",
|
||||||
defaultPolicy: DenyAll(),
|
defaultPolicy: DenyAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Keyring: PolicyDeny,
|
Keyring: PolicyDeny,
|
||||||
},
|
},
|
||||||
|
@ -794,7 +794,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "KeyringDefaultDenyPolicyRead",
|
name: "KeyringDefaultDenyPolicyRead",
|
||||||
defaultPolicy: DenyAll(),
|
defaultPolicy: DenyAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Keyring: PolicyRead,
|
Keyring: PolicyRead,
|
||||||
},
|
},
|
||||||
|
@ -809,7 +809,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "KeyringDefaultDenyPolicyWrite",
|
name: "KeyringDefaultDenyPolicyWrite",
|
||||||
defaultPolicy: DenyAll(),
|
defaultPolicy: DenyAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Keyring: PolicyWrite,
|
Keyring: PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -824,7 +824,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "KeyringDefaultDenyPolicyNone",
|
name: "KeyringDefaultDenyPolicyNone",
|
||||||
defaultPolicy: DenyAll(),
|
defaultPolicy: DenyAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{},
|
{},
|
||||||
},
|
},
|
||||||
checks: []aclCheck{
|
checks: []aclCheck{
|
||||||
{name: "ReadDenied", check: checkDenyKeyringRead},
|
{name: "ReadDenied", check: checkDenyKeyringRead},
|
||||||
|
@ -835,7 +835,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "OperatorDefaultAllowPolicyDeny",
|
name: "OperatorDefaultAllowPolicyDeny",
|
||||||
defaultPolicy: AllowAll(),
|
defaultPolicy: AllowAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Operator: PolicyDeny,
|
Operator: PolicyDeny,
|
||||||
},
|
},
|
||||||
|
@ -851,7 +851,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "OperatorDefaultAllowPolicyRead",
|
name: "OperatorDefaultAllowPolicyRead",
|
||||||
defaultPolicy: AllowAll(),
|
defaultPolicy: AllowAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Operator: PolicyRead,
|
Operator: PolicyRead,
|
||||||
},
|
},
|
||||||
|
@ -867,7 +867,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "OperatorDefaultAllowPolicyWrite",
|
name: "OperatorDefaultAllowPolicyWrite",
|
||||||
defaultPolicy: AllowAll(),
|
defaultPolicy: AllowAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Operator: PolicyWrite,
|
Operator: PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -882,7 +882,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "OperatorDefaultAllowPolicyNone",
|
name: "OperatorDefaultAllowPolicyNone",
|
||||||
defaultPolicy: AllowAll(),
|
defaultPolicy: AllowAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{},
|
{},
|
||||||
},
|
},
|
||||||
checks: []aclCheck{
|
checks: []aclCheck{
|
||||||
{name: "ReadAllowed", check: checkAllowOperatorRead},
|
{name: "ReadAllowed", check: checkAllowOperatorRead},
|
||||||
|
@ -893,7 +893,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "OperatorDefaultDenyPolicyDeny",
|
name: "OperatorDefaultDenyPolicyDeny",
|
||||||
defaultPolicy: DenyAll(),
|
defaultPolicy: DenyAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Operator: PolicyDeny,
|
Operator: PolicyDeny,
|
||||||
},
|
},
|
||||||
|
@ -908,7 +908,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "OperatorDefaultDenyPolicyRead",
|
name: "OperatorDefaultDenyPolicyRead",
|
||||||
defaultPolicy: DenyAll(),
|
defaultPolicy: DenyAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Operator: PolicyRead,
|
Operator: PolicyRead,
|
||||||
},
|
},
|
||||||
|
@ -923,7 +923,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "OperatorDefaultDenyPolicyWrite",
|
name: "OperatorDefaultDenyPolicyWrite",
|
||||||
defaultPolicy: DenyAll(),
|
defaultPolicy: DenyAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Operator: PolicyWrite,
|
Operator: PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -938,7 +938,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "OperatorDefaultDenyPolicyNone",
|
name: "OperatorDefaultDenyPolicyNone",
|
||||||
defaultPolicy: DenyAll(),
|
defaultPolicy: DenyAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{},
|
{},
|
||||||
},
|
},
|
||||||
checks: []aclCheck{
|
checks: []aclCheck{
|
||||||
{name: "ReadDenied", check: checkDenyOperatorRead},
|
{name: "ReadDenied", check: checkDenyOperatorRead},
|
||||||
|
@ -952,19 +952,19 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Nodes: []*NodeRule{
|
Nodes: []*NodeRule{
|
||||||
&NodeRule{
|
{
|
||||||
Name: "root-nope",
|
Name: "root-nope",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "root-ro",
|
Name: "root-ro",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "root-rw",
|
Name: "root-rw",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "override",
|
Name: "override",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
|
@ -974,19 +974,19 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Nodes: []*NodeRule{
|
Nodes: []*NodeRule{
|
||||||
&NodeRule{
|
{
|
||||||
Name: "child-nope",
|
Name: "child-nope",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "child-ro",
|
Name: "child-ro",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "child-rw",
|
Name: "child-rw",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "override",
|
Name: "override",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -1032,19 +1032,19 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Nodes: []*NodeRule{
|
Nodes: []*NodeRule{
|
||||||
&NodeRule{
|
{
|
||||||
Name: "root-nope",
|
Name: "root-nope",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "root-ro",
|
Name: "root-ro",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "root-rw",
|
Name: "root-rw",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "override",
|
Name: "override",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
|
@ -1054,19 +1054,19 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Nodes: []*NodeRule{
|
Nodes: []*NodeRule{
|
||||||
&NodeRule{
|
{
|
||||||
Name: "child-nope",
|
Name: "child-nope",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "child-ro",
|
Name: "child-ro",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "child-rw",
|
Name: "child-rw",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "override",
|
Name: "override",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -1112,19 +1112,19 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Sessions: []*SessionRule{
|
Sessions: []*SessionRule{
|
||||||
&SessionRule{
|
{
|
||||||
Node: "root-nope",
|
Node: "root-nope",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "root-ro",
|
Node: "root-ro",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "root-rw",
|
Node: "root-rw",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "override",
|
Node: "override",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
|
@ -1134,19 +1134,19 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Sessions: []*SessionRule{
|
Sessions: []*SessionRule{
|
||||||
&SessionRule{
|
{
|
||||||
Node: "child-nope",
|
Node: "child-nope",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "child-ro",
|
Node: "child-ro",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "child-rw",
|
Node: "child-rw",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "override",
|
Node: "override",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -1192,19 +1192,19 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Sessions: []*SessionRule{
|
Sessions: []*SessionRule{
|
||||||
&SessionRule{
|
{
|
||||||
Node: "root-nope",
|
Node: "root-nope",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "root-ro",
|
Node: "root-ro",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "root-rw",
|
Node: "root-rw",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "override",
|
Node: "override",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
|
@ -1214,19 +1214,19 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Sessions: []*SessionRule{
|
Sessions: []*SessionRule{
|
||||||
&SessionRule{
|
{
|
||||||
Node: "child-nope",
|
Node: "child-nope",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "child-ro",
|
Node: "child-ro",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "child-rw",
|
Node: "child-rw",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "override",
|
Node: "override",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -1272,31 +1272,31 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Keys: []*KeyRule{
|
Keys: []*KeyRule{
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "foo/",
|
Prefix: "foo/",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "bar/",
|
Prefix: "bar/",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
PreparedQueries: []*PreparedQueryRule{
|
PreparedQueries: []*PreparedQueryRule{
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "other",
|
Prefix: "other",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "foo",
|
Prefix: "foo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Services: []*ServiceRule{
|
Services: []*ServiceRule{
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "other",
|
Name: "other",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
|
@ -1306,27 +1306,27 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Keys: []*KeyRule{
|
Keys: []*KeyRule{
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "foo/priv/",
|
Prefix: "foo/priv/",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "bar/",
|
Prefix: "bar/",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "zip/",
|
Prefix: "zip/",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
PreparedQueries: []*PreparedQueryRule{
|
PreparedQueries: []*PreparedQueryRule{
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "bar",
|
Prefix: "bar",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Services: []*ServiceRule{
|
Services: []*ServiceRule{
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "bar",
|
Name: "bar",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
|
@ -1383,78 +1383,78 @@ func TestACL(t *testing.T) {
|
||||||
legacyPolicy(&Policy{
|
legacyPolicy(&Policy{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Events: []*EventRule{
|
Events: []*EventRule{
|
||||||
&EventRule{
|
{
|
||||||
Event: "",
|
Event: "",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&EventRule{
|
{
|
||||||
Event: "foo",
|
Event: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&EventRule{
|
{
|
||||||
Event: "bar",
|
Event: "bar",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Keys: []*KeyRule{
|
Keys: []*KeyRule{
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "foo/",
|
Prefix: "foo/",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "foo/priv/",
|
Prefix: "foo/priv/",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "bar/",
|
Prefix: "bar/",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "zip/",
|
Prefix: "zip/",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "zap/",
|
Prefix: "zap/",
|
||||||
Policy: PolicyList,
|
Policy: PolicyList,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
PreparedQueries: []*PreparedQueryRule{
|
PreparedQueries: []*PreparedQueryRule{
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "",
|
Prefix: "",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "foo",
|
Prefix: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "bar",
|
Prefix: "bar",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "zoo",
|
Prefix: "zoo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Services: []*ServiceRule{
|
Services: []*ServiceRule{
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "",
|
Name: "",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "bar",
|
Name: "bar",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "barfoo",
|
Name: "barfoo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
Intentions: PolicyWrite,
|
Intentions: PolicyWrite,
|
||||||
},
|
},
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "intbaz",
|
Name: "intbaz",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
Intentions: PolicyDeny,
|
Intentions: PolicyDeny,
|
||||||
|
@ -1559,147 +1559,147 @@ func TestACL(t *testing.T) {
|
||||||
name: "ExactMatchPrecedence",
|
name: "ExactMatchPrecedence",
|
||||||
defaultPolicy: DenyAll(),
|
defaultPolicy: DenyAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Agents: []*AgentRule{
|
Agents: []*AgentRule{
|
||||||
&AgentRule{
|
{
|
||||||
Node: "foo",
|
Node: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "football",
|
Node: "football",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
AgentPrefixes: []*AgentRule{
|
AgentPrefixes: []*AgentRule{
|
||||||
&AgentRule{
|
{
|
||||||
Node: "foot",
|
Node: "foot",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "fo",
|
Node: "fo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Keys: []*KeyRule{
|
Keys: []*KeyRule{
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "foo",
|
Prefix: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "football",
|
Prefix: "football",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
KeyPrefixes: []*KeyRule{
|
KeyPrefixes: []*KeyRule{
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "foot",
|
Prefix: "foot",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "fo",
|
Prefix: "fo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Nodes: []*NodeRule{
|
Nodes: []*NodeRule{
|
||||||
&NodeRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "football",
|
Name: "football",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
NodePrefixes: []*NodeRule{
|
NodePrefixes: []*NodeRule{
|
||||||
&NodeRule{
|
{
|
||||||
Name: "foot",
|
Name: "foot",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "fo",
|
Name: "fo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Services: []*ServiceRule{
|
Services: []*ServiceRule{
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
Intentions: PolicyWrite,
|
Intentions: PolicyWrite,
|
||||||
},
|
},
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "football",
|
Name: "football",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
ServicePrefixes: []*ServiceRule{
|
ServicePrefixes: []*ServiceRule{
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "foot",
|
Name: "foot",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
Intentions: PolicyRead,
|
Intentions: PolicyRead,
|
||||||
},
|
},
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "fo",
|
Name: "fo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
Intentions: PolicyRead,
|
Intentions: PolicyRead,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Sessions: []*SessionRule{
|
Sessions: []*SessionRule{
|
||||||
&SessionRule{
|
{
|
||||||
Node: "foo",
|
Node: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "football",
|
Node: "football",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
SessionPrefixes: []*SessionRule{
|
SessionPrefixes: []*SessionRule{
|
||||||
&SessionRule{
|
{
|
||||||
Node: "foot",
|
Node: "foot",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "fo",
|
Node: "fo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Events: []*EventRule{
|
Events: []*EventRule{
|
||||||
&EventRule{
|
{
|
||||||
Event: "foo",
|
Event: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&EventRule{
|
{
|
||||||
Event: "football",
|
Event: "football",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
EventPrefixes: []*EventRule{
|
EventPrefixes: []*EventRule{
|
||||||
&EventRule{
|
{
|
||||||
Event: "foot",
|
Event: "foot",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&EventRule{
|
{
|
||||||
Event: "fo",
|
Event: "fo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
PreparedQueries: []*PreparedQueryRule{
|
PreparedQueries: []*PreparedQueryRule{
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "foo",
|
Prefix: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "football",
|
Prefix: "football",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
PreparedQueryPrefixes: []*PreparedQueryRule{
|
PreparedQueryPrefixes: []*PreparedQueryRule{
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "foot",
|
Prefix: "foot",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "fo",
|
Prefix: "fo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
|
@ -1848,7 +1848,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "ACLRead",
|
name: "ACLRead",
|
||||||
defaultPolicy: DenyAll(),
|
defaultPolicy: DenyAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
ACL: PolicyRead,
|
ACL: PolicyRead,
|
||||||
},
|
},
|
||||||
|
@ -1864,7 +1864,7 @@ func TestACL(t *testing.T) {
|
||||||
name: "ACLRead",
|
name: "ACLRead",
|
||||||
defaultPolicy: DenyAll(),
|
defaultPolicy: DenyAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
ACL: PolicyWrite,
|
ACL: PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -1880,36 +1880,36 @@ func TestACL(t *testing.T) {
|
||||||
name: "KeyWritePrefixDefaultDeny",
|
name: "KeyWritePrefixDefaultDeny",
|
||||||
defaultPolicy: DenyAll(),
|
defaultPolicy: DenyAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
KeyPrefixes: []*KeyRule{
|
KeyPrefixes: []*KeyRule{
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "fo",
|
Prefix: "fo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "foo/",
|
Prefix: "foo/",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "bar/",
|
Prefix: "bar/",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "baz/",
|
Prefix: "baz/",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "test/",
|
Prefix: "test/",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Keys: []*KeyRule{
|
Keys: []*KeyRule{
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "foo/bar",
|
Prefix: "foo/bar",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "bar/baz",
|
Prefix: "bar/baz",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
|
@ -1943,10 +1943,10 @@ func TestACL(t *testing.T) {
|
||||||
name: "KeyWritePrefixDefaultAllow",
|
name: "KeyWritePrefixDefaultAllow",
|
||||||
defaultPolicy: AllowAll(),
|
defaultPolicy: AllowAll(),
|
||||||
policyStack: []*Policy{
|
policyStack: []*Policy{
|
||||||
&Policy{
|
{
|
||||||
PolicyRules: PolicyRules{
|
PolicyRules: PolicyRules{
|
||||||
Keys: []*KeyRule{
|
Keys: []*KeyRule{
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "foo/bar",
|
Prefix: "foo/bar",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
|
|
|
@ -202,391 +202,391 @@ func TestACL_Enforce(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cases := []testCase{
|
cases := []testCase{
|
||||||
testCase{
|
{
|
||||||
method: "ACLRead",
|
method: "ACLRead",
|
||||||
resource: ResourceACL,
|
resource: ResourceACL,
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "ACLRead",
|
method: "ACLRead",
|
||||||
resource: ResourceACL,
|
resource: ResourceACL,
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "ACLWrite",
|
method: "ACLWrite",
|
||||||
resource: ResourceACL,
|
resource: ResourceACL,
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "ACLWrite",
|
method: "ACLWrite",
|
||||||
resource: ResourceACL,
|
resource: ResourceACL,
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
resource: ResourceACL,
|
resource: ResourceACL,
|
||||||
access: "list",
|
access: "list",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
err: "Invalid access level",
|
err: "Invalid access level",
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "OperatorRead",
|
method: "OperatorRead",
|
||||||
resource: ResourceOperator,
|
resource: ResourceOperator,
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "OperatorRead",
|
method: "OperatorRead",
|
||||||
resource: ResourceOperator,
|
resource: ResourceOperator,
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "OperatorWrite",
|
method: "OperatorWrite",
|
||||||
resource: ResourceOperator,
|
resource: ResourceOperator,
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "OperatorWrite",
|
method: "OperatorWrite",
|
||||||
resource: ResourceOperator,
|
resource: ResourceOperator,
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
resource: ResourceOperator,
|
resource: ResourceOperator,
|
||||||
access: "list",
|
access: "list",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
err: "Invalid access level",
|
err: "Invalid access level",
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "KeyringRead",
|
method: "KeyringRead",
|
||||||
resource: ResourceKeyring,
|
resource: ResourceKeyring,
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "KeyringRead",
|
method: "KeyringRead",
|
||||||
resource: ResourceKeyring,
|
resource: ResourceKeyring,
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "KeyringWrite",
|
method: "KeyringWrite",
|
||||||
resource: ResourceKeyring,
|
resource: ResourceKeyring,
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "KeyringWrite",
|
method: "KeyringWrite",
|
||||||
resource: ResourceKeyring,
|
resource: ResourceKeyring,
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
resource: ResourceKeyring,
|
resource: ResourceKeyring,
|
||||||
access: "list",
|
access: "list",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
err: "Invalid access level",
|
err: "Invalid access level",
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "AgentRead",
|
method: "AgentRead",
|
||||||
resource: ResourceAgent,
|
resource: ResourceAgent,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "AgentRead",
|
method: "AgentRead",
|
||||||
resource: ResourceAgent,
|
resource: ResourceAgent,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "AgentWrite",
|
method: "AgentWrite",
|
||||||
resource: ResourceAgent,
|
resource: ResourceAgent,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "AgentWrite",
|
method: "AgentWrite",
|
||||||
resource: ResourceAgent,
|
resource: ResourceAgent,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
resource: ResourceAgent,
|
resource: ResourceAgent,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "list",
|
access: "list",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
err: "Invalid access level",
|
err: "Invalid access level",
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "EventRead",
|
method: "EventRead",
|
||||||
resource: ResourceEvent,
|
resource: ResourceEvent,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "EventRead",
|
method: "EventRead",
|
||||||
resource: ResourceEvent,
|
resource: ResourceEvent,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "EventWrite",
|
method: "EventWrite",
|
||||||
resource: ResourceEvent,
|
resource: ResourceEvent,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "EventWrite",
|
method: "EventWrite",
|
||||||
resource: ResourceEvent,
|
resource: ResourceEvent,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
resource: ResourceEvent,
|
resource: ResourceEvent,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "list",
|
access: "list",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
err: "Invalid access level",
|
err: "Invalid access level",
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "IntentionRead",
|
method: "IntentionRead",
|
||||||
resource: ResourceIntention,
|
resource: ResourceIntention,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "IntentionRead",
|
method: "IntentionRead",
|
||||||
resource: ResourceIntention,
|
resource: ResourceIntention,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "IntentionWrite",
|
method: "IntentionWrite",
|
||||||
resource: ResourceIntention,
|
resource: ResourceIntention,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "IntentionWrite",
|
method: "IntentionWrite",
|
||||||
resource: ResourceIntention,
|
resource: ResourceIntention,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
resource: ResourceIntention,
|
resource: ResourceIntention,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "list",
|
access: "list",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
err: "Invalid access level",
|
err: "Invalid access level",
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "NodeRead",
|
method: "NodeRead",
|
||||||
resource: ResourceNode,
|
resource: ResourceNode,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "NodeRead",
|
method: "NodeRead",
|
||||||
resource: ResourceNode,
|
resource: ResourceNode,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "NodeWrite",
|
method: "NodeWrite",
|
||||||
resource: ResourceNode,
|
resource: ResourceNode,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "NodeWrite",
|
method: "NodeWrite",
|
||||||
resource: ResourceNode,
|
resource: ResourceNode,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
resource: ResourceNode,
|
resource: ResourceNode,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "list",
|
access: "list",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
err: "Invalid access level",
|
err: "Invalid access level",
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "PreparedQueryRead",
|
method: "PreparedQueryRead",
|
||||||
resource: ResourceQuery,
|
resource: ResourceQuery,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "PreparedQueryRead",
|
method: "PreparedQueryRead",
|
||||||
resource: ResourceQuery,
|
resource: ResourceQuery,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "PreparedQueryWrite",
|
method: "PreparedQueryWrite",
|
||||||
resource: ResourceQuery,
|
resource: ResourceQuery,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "PreparedQueryWrite",
|
method: "PreparedQueryWrite",
|
||||||
resource: ResourceQuery,
|
resource: ResourceQuery,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
resource: ResourceQuery,
|
resource: ResourceQuery,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "list",
|
access: "list",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
err: "Invalid access level",
|
err: "Invalid access level",
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "ServiceRead",
|
method: "ServiceRead",
|
||||||
resource: ResourceService,
|
resource: ResourceService,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "ServiceRead",
|
method: "ServiceRead",
|
||||||
resource: ResourceService,
|
resource: ResourceService,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "ServiceWrite",
|
method: "ServiceWrite",
|
||||||
resource: ResourceService,
|
resource: ResourceService,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "ServiceWrite",
|
method: "ServiceWrite",
|
||||||
resource: ResourceService,
|
resource: ResourceService,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
resource: ResourceSession,
|
resource: ResourceSession,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "list",
|
access: "list",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
err: "Invalid access level",
|
err: "Invalid access level",
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "SessionRead",
|
method: "SessionRead",
|
||||||
resource: ResourceSession,
|
resource: ResourceSession,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "SessionRead",
|
method: "SessionRead",
|
||||||
resource: ResourceSession,
|
resource: ResourceSession,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "SessionWrite",
|
method: "SessionWrite",
|
||||||
resource: ResourceSession,
|
resource: ResourceSession,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "SessionWrite",
|
method: "SessionWrite",
|
||||||
resource: ResourceSession,
|
resource: ResourceSession,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
resource: ResourceSession,
|
resource: ResourceSession,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "list",
|
access: "list",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
err: "Invalid access level",
|
err: "Invalid access level",
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "KeyRead",
|
method: "KeyRead",
|
||||||
resource: ResourceKey,
|
resource: ResourceKey,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "KeyRead",
|
method: "KeyRead",
|
||||||
resource: ResourceKey,
|
resource: ResourceKey,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "KeyWrite",
|
method: "KeyWrite",
|
||||||
resource: ResourceKey,
|
resource: ResourceKey,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "KeyWrite",
|
method: "KeyWrite",
|
||||||
resource: ResourceKey,
|
resource: ResourceKey,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "write",
|
access: "write",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "KeyList",
|
method: "KeyList",
|
||||||
resource: ResourceKey,
|
resource: ResourceKey,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "list",
|
access: "list",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
method: "KeyList",
|
method: "KeyList",
|
||||||
resource: ResourceKey,
|
resource: ResourceKey,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "list",
|
access: "list",
|
||||||
ret: Allow,
|
ret: Allow,
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
resource: ResourceKey,
|
resource: ResourceKey,
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
access: "deny",
|
access: "deny",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
err: "Invalid access level",
|
err: "Invalid access level",
|
||||||
},
|
},
|
||||||
testCase{
|
{
|
||||||
resource: "not-a-real-resource",
|
resource: "not-a-real-resource",
|
||||||
access: "read",
|
access: "read",
|
||||||
ret: Deny,
|
ret: Deny,
|
||||||
|
|
|
@ -30,7 +30,7 @@ func TestPolicyAuthorizer(t *testing.T) {
|
||||||
// This test ensures that if the policy doesn't define a rule then the policy authorizer will
|
// This test ensures that if the policy doesn't define a rule then the policy authorizer will
|
||||||
// return no concrete enforcement decision. This allows deferring to some defaults in another
|
// return no concrete enforcement decision. This allows deferring to some defaults in another
|
||||||
// authorizer including usage of a default overall policy of "deny"
|
// authorizer including usage of a default overall policy of "deny"
|
||||||
"Defaults": aclTest{
|
"Defaults": {
|
||||||
policy: &Policy{},
|
policy: &Policy{},
|
||||||
checks: []aclCheck{
|
checks: []aclCheck{
|
||||||
{name: "DefaultACLRead", prefix: "foo", check: checkDefaultACLRead},
|
{name: "DefaultACLRead", prefix: "foo", check: checkDefaultACLRead},
|
||||||
|
@ -61,147 +61,147 @@ func TestPolicyAuthorizer(t *testing.T) {
|
||||||
{name: "DefaultSnapshot", prefix: "foo", check: checkDefaultSnapshot},
|
{name: "DefaultSnapshot", prefix: "foo", check: checkDefaultSnapshot},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Prefer Exact Matches": aclTest{
|
"Prefer Exact Matches": {
|
||||||
policy: &Policy{PolicyRules: PolicyRules{
|
policy: &Policy{PolicyRules: PolicyRules{
|
||||||
Agents: []*AgentRule{
|
Agents: []*AgentRule{
|
||||||
&AgentRule{
|
{
|
||||||
Node: "foo",
|
Node: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "football",
|
Node: "football",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
AgentPrefixes: []*AgentRule{
|
AgentPrefixes: []*AgentRule{
|
||||||
&AgentRule{
|
{
|
||||||
Node: "foot",
|
Node: "foot",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&AgentRule{
|
{
|
||||||
Node: "fo",
|
Node: "fo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Keys: []*KeyRule{
|
Keys: []*KeyRule{
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "foo",
|
Prefix: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "football",
|
Prefix: "football",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
KeyPrefixes: []*KeyRule{
|
KeyPrefixes: []*KeyRule{
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "foot",
|
Prefix: "foot",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&KeyRule{
|
{
|
||||||
Prefix: "fo",
|
Prefix: "fo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Nodes: []*NodeRule{
|
Nodes: []*NodeRule{
|
||||||
&NodeRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "football",
|
Name: "football",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
NodePrefixes: []*NodeRule{
|
NodePrefixes: []*NodeRule{
|
||||||
&NodeRule{
|
{
|
||||||
Name: "foot",
|
Name: "foot",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&NodeRule{
|
{
|
||||||
Name: "fo",
|
Name: "fo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Services: []*ServiceRule{
|
Services: []*ServiceRule{
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
Intentions: PolicyWrite,
|
Intentions: PolicyWrite,
|
||||||
},
|
},
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "football",
|
Name: "football",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
ServicePrefixes: []*ServiceRule{
|
ServicePrefixes: []*ServiceRule{
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "foot",
|
Name: "foot",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
Intentions: PolicyRead,
|
Intentions: PolicyRead,
|
||||||
},
|
},
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "fo",
|
Name: "fo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
Intentions: PolicyRead,
|
Intentions: PolicyRead,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Sessions: []*SessionRule{
|
Sessions: []*SessionRule{
|
||||||
&SessionRule{
|
{
|
||||||
Node: "foo",
|
Node: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "football",
|
Node: "football",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
SessionPrefixes: []*SessionRule{
|
SessionPrefixes: []*SessionRule{
|
||||||
&SessionRule{
|
{
|
||||||
Node: "foot",
|
Node: "foot",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&SessionRule{
|
{
|
||||||
Node: "fo",
|
Node: "fo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Events: []*EventRule{
|
Events: []*EventRule{
|
||||||
&EventRule{
|
{
|
||||||
Event: "foo",
|
Event: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&EventRule{
|
{
|
||||||
Event: "football",
|
Event: "football",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
EventPrefixes: []*EventRule{
|
EventPrefixes: []*EventRule{
|
||||||
&EventRule{
|
{
|
||||||
Event: "foot",
|
Event: "foot",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&EventRule{
|
{
|
||||||
Event: "fo",
|
Event: "fo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
PreparedQueries: []*PreparedQueryRule{
|
PreparedQueries: []*PreparedQueryRule{
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "foo",
|
Prefix: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
},
|
},
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "football",
|
Prefix: "football",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
PreparedQueryPrefixes: []*PreparedQueryRule{
|
PreparedQueryPrefixes: []*PreparedQueryRule{
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "foot",
|
Prefix: "foot",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
&PreparedQueryRule{
|
{
|
||||||
Prefix: "fo",
|
Prefix: "fo",
|
||||||
Policy: PolicyRead,
|
Policy: PolicyRead,
|
||||||
},
|
},
|
||||||
|
@ -344,17 +344,17 @@ func TestPolicyAuthorizer(t *testing.T) {
|
||||||
{name: "PreparedQueryWriteDenied", prefix: "football", check: checkDenyPreparedQueryWrite},
|
{name: "PreparedQueryWriteDenied", prefix: "football", check: checkDenyPreparedQueryWrite},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Intention Wildcards - prefix denied": aclTest{
|
"Intention Wildcards - prefix denied": {
|
||||||
policy: &Policy{PolicyRules: PolicyRules{
|
policy: &Policy{PolicyRules: PolicyRules{
|
||||||
Services: []*ServiceRule{
|
Services: []*ServiceRule{
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
Intentions: PolicyWrite,
|
Intentions: PolicyWrite,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
ServicePrefixes: []*ServiceRule{
|
ServicePrefixes: []*ServiceRule{
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "",
|
Name: "",
|
||||||
Policy: PolicyDeny,
|
Policy: PolicyDeny,
|
||||||
Intentions: PolicyDeny,
|
Intentions: PolicyDeny,
|
||||||
|
@ -366,17 +366,17 @@ func TestPolicyAuthorizer(t *testing.T) {
|
||||||
{name: "AllDenied", prefix: "*", check: checkDenyIntentionWrite},
|
{name: "AllDenied", prefix: "*", check: checkDenyIntentionWrite},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Intention Wildcards - prefix allowed": aclTest{
|
"Intention Wildcards - prefix allowed": {
|
||||||
policy: &Policy{PolicyRules: PolicyRules{
|
policy: &Policy{PolicyRules: PolicyRules{
|
||||||
Services: []*ServiceRule{
|
Services: []*ServiceRule{
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
Intentions: PolicyDeny,
|
Intentions: PolicyDeny,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
ServicePrefixes: []*ServiceRule{
|
ServicePrefixes: []*ServiceRule{
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "",
|
Name: "",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
Intentions: PolicyWrite,
|
Intentions: PolicyWrite,
|
||||||
|
@ -388,17 +388,17 @@ func TestPolicyAuthorizer(t *testing.T) {
|
||||||
{name: "AllDenied", prefix: "*", check: checkDenyIntentionWrite},
|
{name: "AllDenied", prefix: "*", check: checkDenyIntentionWrite},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Intention Wildcards - all allowed": aclTest{
|
"Intention Wildcards - all allowed": {
|
||||||
policy: &Policy{PolicyRules: PolicyRules{
|
policy: &Policy{PolicyRules: PolicyRules{
|
||||||
Services: []*ServiceRule{
|
Services: []*ServiceRule{
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
Intentions: PolicyWrite,
|
Intentions: PolicyWrite,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
ServicePrefixes: []*ServiceRule{
|
ServicePrefixes: []*ServiceRule{
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "",
|
Name: "",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
Intentions: PolicyWrite,
|
Intentions: PolicyWrite,
|
||||||
|
@ -410,10 +410,10 @@ func TestPolicyAuthorizer(t *testing.T) {
|
||||||
{name: "AllAllowed", prefix: "*", check: checkAllowIntentionWrite},
|
{name: "AllAllowed", prefix: "*", check: checkAllowIntentionWrite},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Intention Wildcards - all default": aclTest{
|
"Intention Wildcards - all default": {
|
||||||
policy: &Policy{PolicyRules: PolicyRules{
|
policy: &Policy{PolicyRules: PolicyRules{
|
||||||
Services: []*ServiceRule{
|
Services: []*ServiceRule{
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
Intentions: PolicyWrite,
|
Intentions: PolicyWrite,
|
||||||
|
@ -425,10 +425,10 @@ func TestPolicyAuthorizer(t *testing.T) {
|
||||||
{name: "AllDefault", prefix: "*", check: checkDefaultIntentionWrite},
|
{name: "AllDefault", prefix: "*", check: checkDefaultIntentionWrite},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Intention Wildcards - any default": aclTest{
|
"Intention Wildcards - any default": {
|
||||||
policy: &Policy{PolicyRules: PolicyRules{
|
policy: &Policy{PolicyRules: PolicyRules{
|
||||||
Services: []*ServiceRule{
|
Services: []*ServiceRule{
|
||||||
&ServiceRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: PolicyWrite,
|
Policy: PolicyWrite,
|
||||||
Intentions: PolicyDeny,
|
Intentions: PolicyDeny,
|
||||||
|
@ -484,21 +484,21 @@ func TestAnyAllowed(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cases := map[string]testCase{
|
cases := map[string]testCase{
|
||||||
"no-rules-default": testCase{
|
"no-rules-default": {
|
||||||
readEnforcement: Default,
|
readEnforcement: Default,
|
||||||
listEnforcement: Default,
|
listEnforcement: Default,
|
||||||
writeEnforcement: Default,
|
writeEnforcement: Default,
|
||||||
},
|
},
|
||||||
"prefix-write-allowed": testCase{
|
"prefix-write-allowed": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessWrite},
|
prefix: &policyAuthorizerRule{access: AccessWrite},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
// this shouldn't affect whether anyAllowed returns things are allowed
|
// this shouldn't affect whether anyAllowed returns things are allowed
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessDeny},
|
prefix: &policyAuthorizerRule{access: AccessDeny},
|
||||||
|
@ -509,9 +509,9 @@ func TestAnyAllowed(t *testing.T) {
|
||||||
listEnforcement: Allow,
|
listEnforcement: Allow,
|
||||||
writeEnforcement: Allow,
|
writeEnforcement: Allow,
|
||||||
},
|
},
|
||||||
"prefix-list-allowed": testCase{
|
"prefix-list-allowed": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessList},
|
prefix: &policyAuthorizerRule{access: AccessList},
|
||||||
|
@ -522,9 +522,9 @@ func TestAnyAllowed(t *testing.T) {
|
||||||
listEnforcement: Allow,
|
listEnforcement: Allow,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-read-allowed": testCase{
|
"prefix-read-allowed": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessRead},
|
prefix: &policyAuthorizerRule{access: AccessRead},
|
||||||
|
@ -535,9 +535,9 @@ func TestAnyAllowed(t *testing.T) {
|
||||||
listEnforcement: Deny,
|
listEnforcement: Deny,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-deny": testCase{
|
"prefix-deny": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessDeny},
|
prefix: &policyAuthorizerRule{access: AccessDeny},
|
||||||
|
@ -548,15 +548,15 @@ func TestAnyAllowed(t *testing.T) {
|
||||||
listEnforcement: Deny,
|
listEnforcement: Deny,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-deny-other-write-prefix": testCase{
|
"prefix-deny-other-write-prefix": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessDeny},
|
prefix: &policyAuthorizerRule{access: AccessDeny},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessWrite},
|
prefix: &policyAuthorizerRule{access: AccessWrite},
|
||||||
|
@ -567,15 +567,15 @@ func TestAnyAllowed(t *testing.T) {
|
||||||
listEnforcement: Allow,
|
listEnforcement: Allow,
|
||||||
writeEnforcement: Allow,
|
writeEnforcement: Allow,
|
||||||
},
|
},
|
||||||
"prefix-deny-other-write-exact": testCase{
|
"prefix-deny-other-write-exact": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessDeny},
|
prefix: &policyAuthorizerRule{access: AccessDeny},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
exact: &policyAuthorizerRule{access: AccessWrite},
|
exact: &policyAuthorizerRule{access: AccessWrite},
|
||||||
|
@ -586,15 +586,15 @@ func TestAnyAllowed(t *testing.T) {
|
||||||
listEnforcement: Allow,
|
listEnforcement: Allow,
|
||||||
writeEnforcement: Allow,
|
writeEnforcement: Allow,
|
||||||
},
|
},
|
||||||
"prefix-deny-other-list-prefix": testCase{
|
"prefix-deny-other-list-prefix": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessDeny},
|
prefix: &policyAuthorizerRule{access: AccessDeny},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessList},
|
prefix: &policyAuthorizerRule{access: AccessList},
|
||||||
|
@ -605,15 +605,15 @@ func TestAnyAllowed(t *testing.T) {
|
||||||
listEnforcement: Allow,
|
listEnforcement: Allow,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-deny-other-list-exact": testCase{
|
"prefix-deny-other-list-exact": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessDeny},
|
prefix: &policyAuthorizerRule{access: AccessDeny},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
exact: &policyAuthorizerRule{access: AccessList},
|
exact: &policyAuthorizerRule{access: AccessList},
|
||||||
|
@ -624,15 +624,15 @@ func TestAnyAllowed(t *testing.T) {
|
||||||
listEnforcement: Allow,
|
listEnforcement: Allow,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-deny-other-read-prefix": testCase{
|
"prefix-deny-other-read-prefix": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessDeny},
|
prefix: &policyAuthorizerRule{access: AccessDeny},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessRead},
|
prefix: &policyAuthorizerRule{access: AccessRead},
|
||||||
|
@ -643,15 +643,15 @@ func TestAnyAllowed(t *testing.T) {
|
||||||
listEnforcement: Deny,
|
listEnforcement: Deny,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-deny-other-read-exact": testCase{
|
"prefix-deny-other-read-exact": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessDeny},
|
prefix: &policyAuthorizerRule{access: AccessDeny},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
exact: &policyAuthorizerRule{access: AccessRead},
|
exact: &policyAuthorizerRule{access: AccessRead},
|
||||||
|
@ -662,15 +662,15 @@ func TestAnyAllowed(t *testing.T) {
|
||||||
listEnforcement: Deny,
|
listEnforcement: Deny,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-deny-other-deny-prefix": testCase{
|
"prefix-deny-other-deny-prefix": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessDeny},
|
prefix: &policyAuthorizerRule{access: AccessDeny},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessDeny},
|
prefix: &policyAuthorizerRule{access: AccessDeny},
|
||||||
|
@ -681,15 +681,15 @@ func TestAnyAllowed(t *testing.T) {
|
||||||
listEnforcement: Deny,
|
listEnforcement: Deny,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-deny-other-deny-exact": testCase{
|
"prefix-deny-other-deny-exact": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessDeny},
|
prefix: &policyAuthorizerRule{access: AccessDeny},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
exact: &policyAuthorizerRule{access: AccessDeny},
|
exact: &policyAuthorizerRule{access: AccessDeny},
|
||||||
|
@ -735,14 +735,14 @@ func TestAllAllowed(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cases := map[string]testCase{
|
cases := map[string]testCase{
|
||||||
"no-rules-default": testCase{
|
"no-rules-default": {
|
||||||
readEnforcement: Default,
|
readEnforcement: Default,
|
||||||
listEnforcement: Default,
|
listEnforcement: Default,
|
||||||
writeEnforcement: Default,
|
writeEnforcement: Default,
|
||||||
},
|
},
|
||||||
"prefix-write-allowed": testCase{
|
"prefix-write-allowed": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessWrite},
|
prefix: &policyAuthorizerRule{access: AccessWrite},
|
||||||
|
@ -753,9 +753,9 @@ func TestAllAllowed(t *testing.T) {
|
||||||
listEnforcement: Allow,
|
listEnforcement: Allow,
|
||||||
writeEnforcement: Allow,
|
writeEnforcement: Allow,
|
||||||
},
|
},
|
||||||
"prefix-list-allowed": testCase{
|
"prefix-list-allowed": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessList},
|
prefix: &policyAuthorizerRule{access: AccessList},
|
||||||
|
@ -766,9 +766,9 @@ func TestAllAllowed(t *testing.T) {
|
||||||
listEnforcement: Allow,
|
listEnforcement: Allow,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-read-allowed": testCase{
|
"prefix-read-allowed": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessRead},
|
prefix: &policyAuthorizerRule{access: AccessRead},
|
||||||
|
@ -779,9 +779,9 @@ func TestAllAllowed(t *testing.T) {
|
||||||
listEnforcement: Deny,
|
listEnforcement: Deny,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-deny": testCase{
|
"prefix-deny": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessDeny},
|
prefix: &policyAuthorizerRule{access: AccessDeny},
|
||||||
|
@ -792,15 +792,15 @@ func TestAllAllowed(t *testing.T) {
|
||||||
listEnforcement: Deny,
|
listEnforcement: Deny,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-allow-other-write-prefix": testCase{
|
"prefix-allow-other-write-prefix": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessWrite},
|
prefix: &policyAuthorizerRule{access: AccessWrite},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessWrite},
|
prefix: &policyAuthorizerRule{access: AccessWrite},
|
||||||
|
@ -811,15 +811,15 @@ func TestAllAllowed(t *testing.T) {
|
||||||
listEnforcement: Allow,
|
listEnforcement: Allow,
|
||||||
writeEnforcement: Allow,
|
writeEnforcement: Allow,
|
||||||
},
|
},
|
||||||
"prefix-allow-other-write-exact": testCase{
|
"prefix-allow-other-write-exact": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessWrite},
|
prefix: &policyAuthorizerRule{access: AccessWrite},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
exact: &policyAuthorizerRule{access: AccessWrite},
|
exact: &policyAuthorizerRule{access: AccessWrite},
|
||||||
|
@ -830,15 +830,15 @@ func TestAllAllowed(t *testing.T) {
|
||||||
listEnforcement: Allow,
|
listEnforcement: Allow,
|
||||||
writeEnforcement: Allow,
|
writeEnforcement: Allow,
|
||||||
},
|
},
|
||||||
"prefix-allow-other-list-prefix": testCase{
|
"prefix-allow-other-list-prefix": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessWrite},
|
prefix: &policyAuthorizerRule{access: AccessWrite},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessList},
|
prefix: &policyAuthorizerRule{access: AccessList},
|
||||||
|
@ -849,15 +849,15 @@ func TestAllAllowed(t *testing.T) {
|
||||||
listEnforcement: Allow,
|
listEnforcement: Allow,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-allow-other-list-exact": testCase{
|
"prefix-allow-other-list-exact": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessWrite},
|
prefix: &policyAuthorizerRule{access: AccessWrite},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
exact: &policyAuthorizerRule{access: AccessList},
|
exact: &policyAuthorizerRule{access: AccessList},
|
||||||
|
@ -868,15 +868,15 @@ func TestAllAllowed(t *testing.T) {
|
||||||
listEnforcement: Allow,
|
listEnforcement: Allow,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-allow-other-read-prefix": testCase{
|
"prefix-allow-other-read-prefix": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessWrite},
|
prefix: &policyAuthorizerRule{access: AccessWrite},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessRead},
|
prefix: &policyAuthorizerRule{access: AccessRead},
|
||||||
|
@ -887,15 +887,15 @@ func TestAllAllowed(t *testing.T) {
|
||||||
listEnforcement: Deny,
|
listEnforcement: Deny,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-allow-other-read-exact": testCase{
|
"prefix-allow-other-read-exact": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessWrite},
|
prefix: &policyAuthorizerRule{access: AccessWrite},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
exact: &policyAuthorizerRule{access: AccessRead},
|
exact: &policyAuthorizerRule{access: AccessRead},
|
||||||
|
@ -906,15 +906,15 @@ func TestAllAllowed(t *testing.T) {
|
||||||
listEnforcement: Deny,
|
listEnforcement: Deny,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-allow-other-deny-prefix": testCase{
|
"prefix-allow-other-deny-prefix": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessWrite},
|
prefix: &policyAuthorizerRule{access: AccessWrite},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessDeny},
|
prefix: &policyAuthorizerRule{access: AccessDeny},
|
||||||
|
@ -925,15 +925,15 @@ func TestAllAllowed(t *testing.T) {
|
||||||
listEnforcement: Deny,
|
listEnforcement: Deny,
|
||||||
writeEnforcement: Deny,
|
writeEnforcement: Deny,
|
||||||
},
|
},
|
||||||
"prefix-allow-other-deny-exact": testCase{
|
"prefix-allow-other-deny-exact": {
|
||||||
insertions: []radixInsertion{
|
insertions: []radixInsertion{
|
||||||
radixInsertion{
|
{
|
||||||
segment: "",
|
segment: "",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
prefix: &policyAuthorizerRule{access: AccessWrite},
|
prefix: &policyAuthorizerRule{access: AccessWrite},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
radixInsertion{
|
{
|
||||||
segment: "foo",
|
segment: "foo",
|
||||||
value: &policyAuthorizerRadixLeaf{
|
value: &policyAuthorizerRadixLeaf{
|
||||||
exact: &policyAuthorizerRule{access: AccessDeny},
|
exact: &policyAuthorizerRule{access: AccessDeny},
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -68,13 +68,13 @@ func (a *Agent) initializeACLs() error {
|
||||||
policy := &acl.Policy{
|
policy := &acl.Policy{
|
||||||
PolicyRules: acl.PolicyRules{
|
PolicyRules: acl.PolicyRules{
|
||||||
Agents: []*acl.AgentRule{
|
Agents: []*acl.AgentRule{
|
||||||
&acl.AgentRule{
|
{
|
||||||
Node: a.config.NodeName,
|
Node: a.config.NodeName,
|
||||||
Policy: acl.PolicyWrite,
|
Policy: acl.PolicyWrite,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
NodePrefixes: []*acl.NodeRule{
|
NodePrefixes: []*acl.NodeRule{
|
||||||
&acl.NodeRule{
|
{
|
||||||
Name: "",
|
Name: "",
|
||||||
Policy: acl.PolicyRead,
|
Policy: acl.PolicyRead,
|
||||||
},
|
},
|
||||||
|
|
|
@ -399,17 +399,17 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
Name: "test",
|
Name: "test",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: idMap["policy-test"],
|
ID: idMap["policy-test"],
|
||||||
Name: policyMap[idMap["policy-test"]].Name,
|
Name: policyMap[idMap["policy-test"]].Name,
|
||||||
},
|
},
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: idMap["policy-read-all-nodes"],
|
ID: idMap["policy-read-all-nodes"],
|
||||||
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
NodeIdentities: []*structs.ACLNodeIdentity{
|
NodeIdentities: []*structs.ACLNodeIdentity{
|
||||||
&structs.ACLNodeIdentity{
|
{
|
||||||
NodeName: "web-node",
|
NodeName: "web-node",
|
||||||
Datacenter: "foo",
|
Datacenter: "foo",
|
||||||
},
|
},
|
||||||
|
@ -443,7 +443,7 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
roleInput := &structs.ACLRole{
|
roleInput := &structs.ACLRole{
|
||||||
Name: "service-id-web",
|
Name: "service-id-web",
|
||||||
ServiceIdentities: []*structs.ACLServiceIdentity{
|
ServiceIdentities: []*structs.ACLServiceIdentity{
|
||||||
&structs.ACLServiceIdentity{
|
{
|
||||||
ServiceName: "web",
|
ServiceName: "web",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -477,7 +477,7 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
Name: "test",
|
Name: "test",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
ServiceIdentities: []*structs.ACLServiceIdentity{
|
ServiceIdentities: []*structs.ACLServiceIdentity{
|
||||||
&structs.ACLServiceIdentity{
|
{
|
||||||
ServiceName: "db",
|
ServiceName: "db",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -505,12 +505,12 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
Name: "test",
|
Name: "test",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
ServiceIdentities: []*structs.ACLServiceIdentity{
|
ServiceIdentities: []*structs.ACLServiceIdentity{
|
||||||
&structs.ACLServiceIdentity{
|
{
|
||||||
ServiceName: "web-indexer",
|
ServiceName: "web-indexer",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
NodeIdentities: []*structs.ACLNodeIdentity{
|
NodeIdentities: []*structs.ACLNodeIdentity{
|
||||||
&structs.ACLNodeIdentity{
|
{
|
||||||
NodeName: "web-node",
|
NodeName: "web-node",
|
||||||
Datacenter: "foo",
|
Datacenter: "foo",
|
||||||
},
|
},
|
||||||
|
@ -547,7 +547,7 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
Name: "with-id",
|
Name: "with-id",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
ServiceIdentities: []*structs.ACLServiceIdentity{
|
ServiceIdentities: []*structs.ACLServiceIdentity{
|
||||||
&structs.ACLServiceIdentity{
|
{
|
||||||
ServiceName: "foobar",
|
ServiceName: "foobar",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -628,17 +628,17 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
tokenInput := &structs.ACLToken{
|
tokenInput := &structs.ACLToken{
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-test"],
|
ID: idMap["policy-test"],
|
||||||
Name: policyMap[idMap["policy-test"]].Name,
|
Name: policyMap[idMap["policy-test"]].Name,
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-read-all-nodes"],
|
ID: idMap["policy-read-all-nodes"],
|
||||||
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
NodeIdentities: []*structs.ACLNodeIdentity{
|
NodeIdentities: []*structs.ACLNodeIdentity{
|
||||||
&structs.ACLNodeIdentity{
|
{
|
||||||
NodeName: "foo",
|
NodeName: "foo",
|
||||||
Datacenter: "bar",
|
Datacenter: "bar",
|
||||||
},
|
},
|
||||||
|
@ -671,11 +671,11 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
tokenInput := &structs.ACLToken{
|
tokenInput := &structs.ACLToken{
|
||||||
Description: "local",
|
Description: "local",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-test"],
|
ID: idMap["policy-test"],
|
||||||
Name: policyMap[idMap["policy-test"]].Name,
|
Name: policyMap[idMap["policy-test"]].Name,
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-read-all-nodes"],
|
ID: idMap["policy-read-all-nodes"],
|
||||||
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
||||||
},
|
},
|
||||||
|
@ -757,13 +757,13 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
tokenInput := &structs.ACLToken{
|
tokenInput := &structs.ACLToken{
|
||||||
Description: "Better description for this cloned token",
|
Description: "Better description for this cloned token",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-read-all-nodes"],
|
ID: idMap["policy-read-all-nodes"],
|
||||||
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
NodeIdentities: []*structs.ACLNodeIdentity{
|
NodeIdentities: []*structs.ACLNodeIdentity{
|
||||||
&structs.ACLNodeIdentity{
|
{
|
||||||
NodeName: "foo",
|
NodeName: "foo",
|
||||||
Datacenter: "bar",
|
Datacenter: "bar",
|
||||||
},
|
},
|
||||||
|
@ -808,7 +808,7 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
AccessorID: "e8aeb69a-0ace-42b9-b95f-d1d9eafe1561",
|
AccessorID: "e8aeb69a-0ace-42b9-b95f-d1d9eafe1561",
|
||||||
Description: "Better description for this cloned token",
|
Description: "Better description for this cloned token",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-read-all-nodes"],
|
ID: idMap["policy-read-all-nodes"],
|
||||||
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
||||||
},
|
},
|
||||||
|
@ -879,11 +879,11 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
AccessorID: "56e8e6a3-708b-4a2f-8ab3-b973cce39108",
|
AccessorID: "56e8e6a3-708b-4a2f-8ab3-b973cce39108",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-test"],
|
ID: idMap["policy-test"],
|
||||||
Name: policyMap[idMap["policy-test"]].Name,
|
Name: policyMap[idMap["policy-test"]].Name,
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-read-all-nodes"],
|
ID: idMap["policy-read-all-nodes"],
|
||||||
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
||||||
},
|
},
|
||||||
|
@ -917,11 +917,11 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
SecretID: "4e3efd15-d06c-442e-a7cc-1744f55c8dea",
|
SecretID: "4e3efd15-d06c-442e-a7cc-1744f55c8dea",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-test"],
|
ID: idMap["policy-test"],
|
||||||
Name: policyMap[idMap["policy-test"]].Name,
|
Name: policyMap[idMap["policy-test"]].Name,
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-read-all-nodes"],
|
ID: idMap["policy-read-all-nodes"],
|
||||||
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
||||||
},
|
},
|
||||||
|
@ -956,11 +956,11 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
SecretID: "10126ffa-b28f-4137-b9a9-e89ab1e97c5b",
|
SecretID: "10126ffa-b28f-4137-b9a9-e89ab1e97c5b",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-test"],
|
ID: idMap["policy-test"],
|
||||||
Name: policyMap[idMap["policy-test"]].Name,
|
Name: policyMap[idMap["policy-test"]].Name,
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-read-all-nodes"],
|
ID: idMap["policy-read-all-nodes"],
|
||||||
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
||||||
},
|
},
|
||||||
|
@ -994,11 +994,11 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
AccessorID: "dee863fa-e548-4c61-a96f-9aa07999249f",
|
AccessorID: "dee863fa-e548-4c61-a96f-9aa07999249f",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-test"],
|
ID: idMap["policy-test"],
|
||||||
Name: policyMap[idMap["policy-test"]].Name,
|
Name: policyMap[idMap["policy-test"]].Name,
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-read-all-nodes"],
|
ID: idMap["policy-read-all-nodes"],
|
||||||
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
||||||
},
|
},
|
||||||
|
@ -1016,11 +1016,11 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
SecretID: "dee863fa-e548-4c61-a96f-9aa07999249f",
|
SecretID: "dee863fa-e548-4c61-a96f-9aa07999249f",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-test"],
|
ID: idMap["policy-test"],
|
||||||
Name: policyMap[idMap["policy-test"]].Name,
|
Name: policyMap[idMap["policy-test"]].Name,
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-read-all-nodes"],
|
ID: idMap["policy-read-all-nodes"],
|
||||||
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
||||||
},
|
},
|
||||||
|
@ -1038,11 +1038,11 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
SecretID: "10126ffa-b28f-4137-b9a9-e89ab1e97c5b",
|
SecretID: "10126ffa-b28f-4137-b9a9-e89ab1e97c5b",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-test"],
|
ID: idMap["policy-test"],
|
||||||
Name: policyMap[idMap["policy-test"]].Name,
|
Name: policyMap[idMap["policy-test"]].Name,
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-read-all-nodes"],
|
ID: idMap["policy-read-all-nodes"],
|
||||||
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
||||||
},
|
},
|
||||||
|
@ -1060,11 +1060,11 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
AccessorID: "10126ffa-b28f-4137-b9a9-e89ab1e97c5b",
|
AccessorID: "10126ffa-b28f-4137-b9a9-e89ab1e97c5b",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-test"],
|
ID: idMap["policy-test"],
|
||||||
Name: policyMap[idMap["policy-test"]].Name,
|
Name: policyMap[idMap["policy-test"]].Name,
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-read-all-nodes"],
|
ID: idMap["policy-read-all-nodes"],
|
||||||
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
||||||
},
|
},
|
||||||
|
@ -1082,11 +1082,11 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
AccessorID: "00000000-0000-0000-0000-00000000005b",
|
AccessorID: "00000000-0000-0000-0000-00000000005b",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-test"],
|
ID: idMap["policy-test"],
|
||||||
Name: policyMap[idMap["policy-test"]].Name,
|
Name: policyMap[idMap["policy-test"]].Name,
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-read-all-nodes"],
|
ID: idMap["policy-read-all-nodes"],
|
||||||
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
||||||
},
|
},
|
||||||
|
@ -1104,11 +1104,11 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
SecretID: "00000000-0000-0000-0000-00000000005b",
|
SecretID: "00000000-0000-0000-0000-00000000005b",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-test"],
|
ID: idMap["policy-test"],
|
||||||
Name: policyMap[idMap["policy-test"]].Name,
|
Name: policyMap[idMap["policy-test"]].Name,
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: idMap["policy-read-all-nodes"],
|
ID: idMap["policy-read-all-nodes"],
|
||||||
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
Name: policyMap[idMap["policy-read-all-nodes"]].Name,
|
||||||
},
|
},
|
||||||
|
@ -1807,7 +1807,7 @@ func TestACL_Authorize(t *testing.T) {
|
||||||
tokenReq := structs.ACLTokenSetRequest{
|
tokenReq := structs.ACLTokenSetRequest{
|
||||||
ACLToken: structs.ACLToken{
|
ACLToken: structs.ACLToken{
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: policy.ID,
|
ID: policy.ID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1839,7 +1839,7 @@ func TestACL_Authorize(t *testing.T) {
|
||||||
localTokenReq := structs.ACLTokenSetRequest{
|
localTokenReq := structs.ACLTokenSetRequest{
|
||||||
ACLToken: structs.ACLToken{
|
ACLToken: structs.ACLToken{
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: policy.ID,
|
ID: policy.ID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1854,111 +1854,111 @@ func TestACL_Authorize(t *testing.T) {
|
||||||
|
|
||||||
t.Run("master-token", func(t *testing.T) {
|
t.Run("master-token", func(t *testing.T) {
|
||||||
request := []structs.ACLAuthorizationRequest{
|
request := []structs.ACLAuthorizationRequest{
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "acl",
|
Resource: "acl",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "acl",
|
Resource: "acl",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "agent",
|
Resource: "agent",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "agent",
|
Resource: "agent",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "event",
|
Resource: "event",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "event",
|
Resource: "event",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "intention",
|
Resource: "intention",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "intention",
|
Resource: "intention",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "key",
|
Resource: "key",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "key",
|
Resource: "key",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "list",
|
Access: "list",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "key",
|
Resource: "key",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "keyring",
|
Resource: "keyring",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "keyring",
|
Resource: "keyring",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "node",
|
Resource: "node",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "node",
|
Resource: "node",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "operator",
|
Resource: "operator",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "operator",
|
Resource: "operator",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "query",
|
Resource: "query",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "query",
|
Resource: "query",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "service",
|
Resource: "service",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "service",
|
Resource: "service",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "session",
|
Resource: "session",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "session",
|
Resource: "session",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
|
@ -1988,111 +1988,111 @@ func TestACL_Authorize(t *testing.T) {
|
||||||
})
|
})
|
||||||
|
|
||||||
customAuthorizationRequests := []structs.ACLAuthorizationRequest{
|
customAuthorizationRequests := []structs.ACLAuthorizationRequest{
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "acl",
|
Resource: "acl",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "acl",
|
Resource: "acl",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "agent",
|
Resource: "agent",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "agent",
|
Resource: "agent",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "event",
|
Resource: "event",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "event",
|
Resource: "event",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "intention",
|
Resource: "intention",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "intention",
|
Resource: "intention",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "key",
|
Resource: "key",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "key",
|
Resource: "key",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "list",
|
Access: "list",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "key",
|
Resource: "key",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "keyring",
|
Resource: "keyring",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "keyring",
|
Resource: "keyring",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "node",
|
Resource: "node",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "node",
|
Resource: "node",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "operator",
|
Resource: "operator",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "operator",
|
Resource: "operator",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "query",
|
Resource: "query",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "query",
|
Resource: "query",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "service",
|
Resource: "service",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "service",
|
Resource: "service",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "session",
|
Resource: "session",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "session",
|
Resource: "session",
|
||||||
Segment: "foo",
|
Segment: "foo",
|
||||||
Access: "write",
|
Access: "write",
|
||||||
|
@ -2176,7 +2176,7 @@ func TestACL_Authorize(t *testing.T) {
|
||||||
|
|
||||||
t.Run("acl-not-found", func(t *testing.T) {
|
t.Run("acl-not-found", func(t *testing.T) {
|
||||||
request := []structs.ACLAuthorizationRequest{
|
request := []structs.ACLAuthorizationRequest{
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "acl",
|
Resource: "acl",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
|
@ -2212,7 +2212,7 @@ func TestACL_Authorize(t *testing.T) {
|
||||||
|
|
||||||
t.Run("local-token-wrong-dc", func(t *testing.T) {
|
t.Run("local-token-wrong-dc", func(t *testing.T) {
|
||||||
request := []structs.ACLAuthorizationRequest{
|
request := []structs.ACLAuthorizationRequest{
|
||||||
structs.ACLAuthorizationRequest{
|
{
|
||||||
Resource: "acl",
|
Resource: "acl",
|
||||||
Access: "read",
|
Access: "read",
|
||||||
},
|
},
|
||||||
|
|
|
@ -479,9 +479,9 @@ func TestACL_filterMembers(t *testing.T) {
|
||||||
require.Len(t, members, 0)
|
require.Len(t, members, 0)
|
||||||
|
|
||||||
members = []serf.Member{
|
members = []serf.Member{
|
||||||
serf.Member{Name: "Node 1"},
|
{Name: "Node 1"},
|
||||||
serf.Member{Name: "Nope"},
|
{Name: "Nope"},
|
||||||
serf.Member{Name: "Node 2"},
|
{Name: "Node 2"},
|
||||||
}
|
}
|
||||||
require.NoError(t, a.filterMembers(nodeROSecret, &members))
|
require.NoError(t, a.filterMembers(nodeROSecret, &members))
|
||||||
require.Len(t, members, 2)
|
require.Len(t, members, 2)
|
||||||
|
|
|
@ -386,7 +386,7 @@ func TestAgent_Service(t *testing.T) {
|
||||||
Warning: 1,
|
Warning: 1,
|
||||||
},
|
},
|
||||||
TaggedAddresses: map[string]api.ServiceAddress{
|
TaggedAddresses: map[string]api.ServiceAddress{
|
||||||
"wan": api.ServiceAddress{
|
"wan": {
|
||||||
Address: "198.18.0.1",
|
Address: "198.18.0.1",
|
||||||
Port: 1818,
|
Port: 1818,
|
||||||
},
|
},
|
||||||
|
@ -2254,7 +2254,7 @@ func TestAgent_RegisterCheck_ACLDeny(t *testing.T) {
|
||||||
tokenReq := &structs.ACLToken{
|
tokenReq := &structs.ACLToken{
|
||||||
Description: "write-foo",
|
Description: "write-foo",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
Name: "write-foo",
|
Name: "write-foo",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2272,7 +2272,7 @@ func TestAgent_RegisterCheck_ACLDeny(t *testing.T) {
|
||||||
tokenReq = &structs.ACLToken{
|
tokenReq = &structs.ACLToken{
|
||||||
Description: "write-node",
|
Description: "write-node",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
Name: "write-node",
|
Name: "write-node",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2565,9 +2565,9 @@ func TestAgent_UpdateCheck(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cases := []checkUpdate{
|
cases := []checkUpdate{
|
||||||
checkUpdate{api.HealthPassing, "hello-passing"},
|
{api.HealthPassing, "hello-passing"},
|
||||||
checkUpdate{api.HealthCritical, "hello-critical"},
|
{api.HealthCritical, "hello-critical"},
|
||||||
checkUpdate{api.HealthWarning, "hello-warning"},
|
{api.HealthWarning, "hello-warning"},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, c := range cases {
|
for _, c := range cases {
|
||||||
|
@ -2692,10 +2692,10 @@ func testAgent_RegisterService(t *testing.T, extraHCL string) {
|
||||||
TTL: 15 * time.Second,
|
TTL: 15 * time.Second,
|
||||||
},
|
},
|
||||||
Checks: []*structs.CheckType{
|
Checks: []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
TTL: 20 * time.Second,
|
TTL: 20 * time.Second,
|
||||||
},
|
},
|
||||||
&structs.CheckType{
|
{
|
||||||
TTL: 30 * time.Second,
|
TTL: 30 * time.Second,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2775,11 +2775,11 @@ func testAgent_RegisterService_ReRegister(t *testing.T, extraHCL string) {
|
||||||
Tags: []string{"master"},
|
Tags: []string{"master"},
|
||||||
Port: 8000,
|
Port: 8000,
|
||||||
Checks: []*structs.CheckType{
|
Checks: []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
CheckID: types.CheckID("check_1"),
|
CheckID: types.CheckID("check_1"),
|
||||||
TTL: 20 * time.Second,
|
TTL: 20 * time.Second,
|
||||||
},
|
},
|
||||||
&structs.CheckType{
|
{
|
||||||
CheckID: types.CheckID("check_2"),
|
CheckID: types.CheckID("check_2"),
|
||||||
TTL: 30 * time.Second,
|
TTL: 30 * time.Second,
|
||||||
},
|
},
|
||||||
|
@ -2799,11 +2799,11 @@ func testAgent_RegisterService_ReRegister(t *testing.T, extraHCL string) {
|
||||||
Tags: []string{"master"},
|
Tags: []string{"master"},
|
||||||
Port: 8000,
|
Port: 8000,
|
||||||
Checks: []*structs.CheckType{
|
Checks: []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
CheckID: types.CheckID("check_1"),
|
CheckID: types.CheckID("check_1"),
|
||||||
TTL: 20 * time.Second,
|
TTL: 20 * time.Second,
|
||||||
},
|
},
|
||||||
&structs.CheckType{
|
{
|
||||||
CheckID: types.CheckID("check_3"),
|
CheckID: types.CheckID("check_3"),
|
||||||
TTL: 30 * time.Second,
|
TTL: 30 * time.Second,
|
||||||
},
|
},
|
||||||
|
@ -2850,12 +2850,12 @@ func testAgent_RegisterService_ReRegister_ReplaceExistingChecks(t *testing.T, ex
|
||||||
Tags: []string{"master"},
|
Tags: []string{"master"},
|
||||||
Port: 8000,
|
Port: 8000,
|
||||||
Checks: []*structs.CheckType{
|
Checks: []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
// explicitly not setting the check id to let it be auto-generated
|
// explicitly not setting the check id to let it be auto-generated
|
||||||
// we want to ensure that we are testing out the cases with autogenerated names/ids
|
// we want to ensure that we are testing out the cases with autogenerated names/ids
|
||||||
TTL: 20 * time.Second,
|
TTL: 20 * time.Second,
|
||||||
},
|
},
|
||||||
&structs.CheckType{
|
{
|
||||||
CheckID: types.CheckID("check_2"),
|
CheckID: types.CheckID("check_2"),
|
||||||
TTL: 30 * time.Second,
|
TTL: 30 * time.Second,
|
||||||
},
|
},
|
||||||
|
@ -2875,10 +2875,10 @@ func testAgent_RegisterService_ReRegister_ReplaceExistingChecks(t *testing.T, ex
|
||||||
Tags: []string{"master"},
|
Tags: []string{"master"},
|
||||||
Port: 8000,
|
Port: 8000,
|
||||||
Checks: []*structs.CheckType{
|
Checks: []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
TTL: 20 * time.Second,
|
TTL: 20 * time.Second,
|
||||||
},
|
},
|
||||||
&structs.CheckType{
|
{
|
||||||
CheckID: types.CheckID("check_3"),
|
CheckID: types.CheckID("check_3"),
|
||||||
TTL: 30 * time.Second,
|
TTL: 30 * time.Second,
|
||||||
},
|
},
|
||||||
|
@ -3144,10 +3144,10 @@ func testAgent_RegisterService_ACLDeny(t *testing.T, extraHCL string) {
|
||||||
TTL: 15 * time.Second,
|
TTL: 15 * time.Second,
|
||||||
},
|
},
|
||||||
Checks: []*structs.CheckType{
|
Checks: []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
TTL: 20 * time.Second,
|
TTL: 20 * time.Second,
|
||||||
},
|
},
|
||||||
&structs.CheckType{
|
{
|
||||||
TTL: 30 * time.Second,
|
TTL: 30 * time.Second,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -3312,7 +3312,7 @@ func testCreateToken(t *testing.T, a *TestAgent, rules string) string {
|
||||||
args := map[string]interface{}{
|
args := map[string]interface{}{
|
||||||
"Description": "User Token",
|
"Description": "User Token",
|
||||||
"Policies": []map[string]interface{}{
|
"Policies": []map[string]interface{}{
|
||||||
map[string]interface{}{
|
{
|
||||||
"ID": policyID,
|
"ID": policyID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -4615,7 +4615,7 @@ func TestAgent_TokenTriggersFullSync(t *testing.T) {
|
||||||
token := &structs.ACLToken{
|
token := &structs.ACLToken{
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{Name: policyName},
|
{Name: policyName},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -401,7 +401,7 @@ func testAgent_AddService(t *testing.T, extraHCL string) {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
[]*structs.CheckType{
|
[]*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
CheckID: "check1",
|
CheckID: "check1",
|
||||||
Name: "name1",
|
Name: "name1",
|
||||||
TTL: time.Minute,
|
TTL: time.Minute,
|
||||||
|
@ -409,7 +409,7 @@ func testAgent_AddService(t *testing.T, extraHCL string) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
map[string]*structs.HealthCheck{
|
map[string]*structs.HealthCheck{
|
||||||
"check1": &structs.HealthCheck{
|
"check1": {
|
||||||
Node: "node1",
|
Node: "node1",
|
||||||
CheckID: "check1",
|
CheckID: "check1",
|
||||||
Name: "name1",
|
Name: "name1",
|
||||||
|
@ -438,26 +438,26 @@ func testAgent_AddService(t *testing.T, extraHCL string) {
|
||||||
},
|
},
|
||||||
nil, // No change expected
|
nil, // No change expected
|
||||||
[]*structs.CheckType{
|
[]*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
CheckID: "check1",
|
CheckID: "check1",
|
||||||
Name: "name1",
|
Name: "name1",
|
||||||
TTL: time.Minute,
|
TTL: time.Minute,
|
||||||
Notes: "note1",
|
Notes: "note1",
|
||||||
},
|
},
|
||||||
&structs.CheckType{
|
{
|
||||||
CheckID: "check-noname",
|
CheckID: "check-noname",
|
||||||
TTL: time.Minute,
|
TTL: time.Minute,
|
||||||
},
|
},
|
||||||
&structs.CheckType{
|
{
|
||||||
Name: "check-noid",
|
Name: "check-noid",
|
||||||
TTL: time.Minute,
|
TTL: time.Minute,
|
||||||
},
|
},
|
||||||
&structs.CheckType{
|
{
|
||||||
TTL: time.Minute,
|
TTL: time.Minute,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
map[string]*structs.HealthCheck{
|
map[string]*structs.HealthCheck{
|
||||||
"check1": &structs.HealthCheck{
|
"check1": {
|
||||||
Node: "node1",
|
Node: "node1",
|
||||||
CheckID: "check1",
|
CheckID: "check1",
|
||||||
Name: "name1",
|
Name: "name1",
|
||||||
|
@ -469,7 +469,7 @@ func testAgent_AddService(t *testing.T, extraHCL string) {
|
||||||
Type: "ttl",
|
Type: "ttl",
|
||||||
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
||||||
},
|
},
|
||||||
"check-noname": &structs.HealthCheck{
|
"check-noname": {
|
||||||
Node: "node1",
|
Node: "node1",
|
||||||
CheckID: "check-noname",
|
CheckID: "check-noname",
|
||||||
Name: "Service 'svcname2' check",
|
Name: "Service 'svcname2' check",
|
||||||
|
@ -480,7 +480,7 @@ func testAgent_AddService(t *testing.T, extraHCL string) {
|
||||||
Type: "ttl",
|
Type: "ttl",
|
||||||
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
||||||
},
|
},
|
||||||
"service:svcid2:3": &structs.HealthCheck{
|
"service:svcid2:3": {
|
||||||
Node: "node1",
|
Node: "node1",
|
||||||
CheckID: "service:svcid2:3",
|
CheckID: "service:svcid2:3",
|
||||||
Name: "check-noid",
|
Name: "check-noid",
|
||||||
|
@ -491,7 +491,7 @@ func testAgent_AddService(t *testing.T, extraHCL string) {
|
||||||
Type: "ttl",
|
Type: "ttl",
|
||||||
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
||||||
},
|
},
|
||||||
"service:svcid2:4": &structs.HealthCheck{
|
"service:svcid2:4": {
|
||||||
Node: "node1",
|
Node: "node1",
|
||||||
CheckID: "service:svcid2:4",
|
CheckID: "service:svcid2:4",
|
||||||
Name: "Service 'svcname2' check",
|
Name: "Service 'svcname2' check",
|
||||||
|
@ -598,7 +598,7 @@ func testAgent_AddServices_AliasUpdateCheckNotReverted(t *testing.T, extraHCL st
|
||||||
Name: name,
|
Name: name,
|
||||||
Port: 8080 + i,
|
Port: 8080 + i,
|
||||||
Checks: []*structs.CheckType{
|
Checks: []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
Name: "alias-for-fake-service",
|
Name: "alias-for-fake-service",
|
||||||
AliasService: "fake",
|
AliasService: "fake",
|
||||||
},
|
},
|
||||||
|
@ -1013,7 +1013,7 @@ func testAgent_RemoveService(t *testing.T, extraHCL string) {
|
||||||
Service: "memcache",
|
Service: "memcache",
|
||||||
Port: 8000,
|
Port: 8000,
|
||||||
}
|
}
|
||||||
chkTypes := []*structs.CheckType{&structs.CheckType{TTL: time.Minute}}
|
chkTypes := []*structs.CheckType{{TTL: time.Minute}}
|
||||||
|
|
||||||
if err := a.AddService(srv, chkTypes, false, "", ConfigSourceLocal); err != nil {
|
if err := a.AddService(srv, chkTypes, false, "", ConfigSourceLocal); err != nil {
|
||||||
t.Fatalf("err: %v", err)
|
t.Fatalf("err: %v", err)
|
||||||
|
@ -1047,8 +1047,8 @@ func testAgent_RemoveService(t *testing.T, extraHCL string) {
|
||||||
Port: 8000,
|
Port: 8000,
|
||||||
}
|
}
|
||||||
chkTypes := []*structs.CheckType{
|
chkTypes := []*structs.CheckType{
|
||||||
&structs.CheckType{TTL: time.Minute},
|
{TTL: time.Minute},
|
||||||
&structs.CheckType{TTL: 30 * time.Second},
|
{TTL: 30 * time.Second},
|
||||||
}
|
}
|
||||||
if err := a.AddService(srv, chkTypes, false, "", ConfigSourceLocal); err != nil {
|
if err := a.AddService(srv, chkTypes, false, "", ConfigSourceLocal); err != nil {
|
||||||
t.Fatalf("err: %v", err)
|
t.Fatalf("err: %v", err)
|
||||||
|
@ -1061,8 +1061,8 @@ func testAgent_RemoveService(t *testing.T, extraHCL string) {
|
||||||
Port: 3306,
|
Port: 3306,
|
||||||
}
|
}
|
||||||
chkTypes = []*structs.CheckType{
|
chkTypes = []*structs.CheckType{
|
||||||
&structs.CheckType{TTL: time.Minute},
|
{TTL: time.Minute},
|
||||||
&structs.CheckType{TTL: 30 * time.Second},
|
{TTL: 30 * time.Second},
|
||||||
}
|
}
|
||||||
if err := a.AddService(srv, chkTypes, false, "", ConfigSourceLocal); err != nil {
|
if err := a.AddService(srv, chkTypes, false, "", ConfigSourceLocal); err != nil {
|
||||||
t.Fatalf("err: %v", err)
|
t.Fatalf("err: %v", err)
|
||||||
|
@ -1579,7 +1579,7 @@ func TestAgent_RestoreServiceWithAliasCheck(t *testing.T) {
|
||||||
Port: 8000,
|
Port: 8000,
|
||||||
},
|
},
|
||||||
[]*structs.CheckType{
|
[]*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
HTTP: testHTTPServer.URL,
|
HTTP: testHTTPServer.URL,
|
||||||
Method: "GET",
|
Method: "GET",
|
||||||
Interval: 5 * time.Second,
|
Interval: 5 * time.Second,
|
||||||
|
@ -1598,7 +1598,7 @@ func TestAgent_RestoreServiceWithAliasCheck(t *testing.T) {
|
||||||
Port: 9000,
|
Port: 9000,
|
||||||
},
|
},
|
||||||
[]*structs.CheckType{
|
[]*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
Name: "Connect Sidecar Aliasing ping",
|
Name: "Connect Sidecar Aliasing ping",
|
||||||
AliasService: "ping",
|
AliasService: "ping",
|
||||||
},
|
},
|
||||||
|
@ -2844,7 +2844,7 @@ func TestAgent_Service_Reap(t *testing.T) {
|
||||||
Port: 8000,
|
Port: 8000,
|
||||||
}
|
}
|
||||||
chkTypes := []*structs.CheckType{
|
chkTypes := []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
Status: api.HealthPassing,
|
Status: api.HealthPassing,
|
||||||
TTL: 25 * time.Millisecond,
|
TTL: 25 * time.Millisecond,
|
||||||
DeregisterCriticalServiceAfter: 200 * time.Millisecond,
|
DeregisterCriticalServiceAfter: 200 * time.Millisecond,
|
||||||
|
@ -2898,7 +2898,7 @@ func TestAgent_Service_NoReap(t *testing.T) {
|
||||||
Port: 8000,
|
Port: 8000,
|
||||||
}
|
}
|
||||||
chkTypes := []*structs.CheckType{
|
chkTypes := []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
Status: api.HealthPassing,
|
Status: api.HealthPassing,
|
||||||
TTL: 25 * time.Millisecond,
|
TTL: 25 * time.Millisecond,
|
||||||
},
|
},
|
||||||
|
@ -2962,7 +2962,7 @@ func testAgent_AddService_restoresSnapshot(t *testing.T, extraHCL string) {
|
||||||
require.NoError(t, a.AddCheck(check1, nil, false, "", ConfigSourceLocal))
|
require.NoError(t, a.AddCheck(check1, nil, false, "", ConfigSourceLocal))
|
||||||
|
|
||||||
// Re-registering the service preserves the state of the check
|
// Re-registering the service preserves the state of the check
|
||||||
chkTypes := []*structs.CheckType{&structs.CheckType{TTL: 30 * time.Second}}
|
chkTypes := []*structs.CheckType{{TTL: 30 * time.Second}}
|
||||||
require.NoError(t, a.AddService(svc, chkTypes, false, "", ConfigSourceLocal))
|
require.NoError(t, a.AddService(svc, chkTypes, false, "", ConfigSourceLocal))
|
||||||
check := requireCheckExists(t, a, "service:redis")
|
check := requireCheckExists(t, a, "service:redis")
|
||||||
require.Equal(t, api.HealthPassing, check.Status)
|
require.Equal(t, api.HealthPassing, check.Status)
|
||||||
|
|
|
@ -26,8 +26,8 @@ func TestCatalogListServices(t *testing.T) {
|
||||||
|
|
||||||
reply := args.Get(2).(*structs.IndexedServices)
|
reply := args.Get(2).(*structs.IndexedServices)
|
||||||
reply.Services = map[string][]string{
|
reply.Services = map[string][]string{
|
||||||
"foo": []string{"prod", "linux"},
|
"foo": {"prod", "linux"},
|
||||||
"bar": []string{"qa", "windows"},
|
"bar": {"qa", "windows"},
|
||||||
}
|
}
|
||||||
reply.QueryMeta.Index = 48
|
reply.QueryMeta.Index = 48
|
||||||
resp = reply
|
resp = reply
|
||||||
|
|
|
@ -29,7 +29,7 @@ func TestCatalogServices(t *testing.T) {
|
||||||
|
|
||||||
reply := args.Get(2).(*structs.IndexedServiceNodes)
|
reply := args.Get(2).(*structs.IndexedServiceNodes)
|
||||||
reply.ServiceNodes = []*structs.ServiceNode{
|
reply.ServiceNodes = []*structs.ServiceNode{
|
||||||
&structs.ServiceNode{ServiceTags: req.ServiceTags},
|
{ServiceTags: req.ServiceTags},
|
||||||
}
|
}
|
||||||
reply.QueryMeta.Index = 48
|
reply.QueryMeta.Index = 48
|
||||||
resp = reply
|
resp = reply
|
||||||
|
|
|
@ -32,7 +32,7 @@ func TestResolvedServiceConfig(t *testing.T) {
|
||||||
"protocol": "http",
|
"protocol": "http",
|
||||||
}
|
}
|
||||||
reply.UpstreamConfigs = map[string]map[string]interface{}{
|
reply.UpstreamConfigs = map[string]map[string]interface{}{
|
||||||
"s2": map[string]interface{}{
|
"s2": {
|
||||||
"protocol": "http",
|
"protocol": "http",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
@ -847,7 +847,7 @@ func TestCatalogServiceNodes_WanTranslation(t *testing.T) {
|
||||||
Address: "127.0.0.1",
|
Address: "127.0.0.1",
|
||||||
Port: 8080,
|
Port: 8080,
|
||||||
TaggedAddresses: map[string]structs.ServiceAddress{
|
TaggedAddresses: map[string]structs.ServiceAddress{
|
||||||
"wan": structs.ServiceAddress{
|
"wan": {
|
||||||
Address: "1.2.3.4",
|
Address: "1.2.3.4",
|
||||||
Port: 80,
|
Port: 80,
|
||||||
},
|
},
|
||||||
|
@ -1274,7 +1274,7 @@ func TestCatalogNodeServices_WanTranslation(t *testing.T) {
|
||||||
Address: "127.0.0.1",
|
Address: "127.0.0.1",
|
||||||
Port: 8080,
|
Port: 8080,
|
||||||
TaggedAddresses: map[string]structs.ServiceAddress{
|
TaggedAddresses: map[string]structs.ServiceAddress{
|
||||||
"wan": structs.ServiceAddress{
|
"wan": {
|
||||||
Address: "1.2.3.4",
|
Address: "1.2.3.4",
|
||||||
Port: 80,
|
Port: 80,
|
||||||
},
|
},
|
||||||
|
|
|
@ -91,21 +91,21 @@ func TestCheckAlias_remoteNodeFailure(t *testing.T) {
|
||||||
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
||||||
HealthChecks: []*structs.HealthCheck{
|
HealthChecks: []*structs.HealthCheck{
|
||||||
// Should ignore non-matching node
|
// Should ignore non-matching node
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "A",
|
Node: "A",
|
||||||
ServiceID: "web",
|
ServiceID: "web",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Node failure
|
// Node failure
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
ServiceID: "",
|
ServiceID: "",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Match
|
// Match
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
ServiceID: "web",
|
ServiceID: "web",
|
||||||
Status: api.HealthPassing,
|
Status: api.HealthPassing,
|
||||||
|
@ -140,21 +140,21 @@ func TestCheckAlias_remotePassing(t *testing.T) {
|
||||||
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
||||||
HealthChecks: []*structs.HealthCheck{
|
HealthChecks: []*structs.HealthCheck{
|
||||||
// Should ignore non-matching node
|
// Should ignore non-matching node
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "A",
|
Node: "A",
|
||||||
ServiceID: "web",
|
ServiceID: "web",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Should ignore non-matching service
|
// Should ignore non-matching service
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
ServiceID: "db",
|
ServiceID: "db",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Match
|
// Match
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
ServiceID: "web",
|
ServiceID: "web",
|
||||||
Status: api.HealthPassing,
|
Status: api.HealthPassing,
|
||||||
|
@ -189,14 +189,14 @@ func TestCheckAlias_remotePassingWithoutChecksButWithService(t *testing.T) {
|
||||||
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
||||||
HealthChecks: []*structs.HealthCheck{
|
HealthChecks: []*structs.HealthCheck{
|
||||||
// Should ignore non-matching node
|
// Should ignore non-matching node
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "A",
|
Node: "A",
|
||||||
ServiceID: "web",
|
ServiceID: "web",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Should ignore non-matching service
|
// Should ignore non-matching service
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
ServiceID: "db",
|
ServiceID: "db",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
|
@ -246,14 +246,14 @@ func TestCheckAlias_remotePassingWithoutChecksAndWithoutService(t *testing.T) {
|
||||||
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
||||||
HealthChecks: []*structs.HealthCheck{
|
HealthChecks: []*structs.HealthCheck{
|
||||||
// Should ignore non-matching node
|
// Should ignore non-matching node
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "A",
|
Node: "A",
|
||||||
ServiceID: "web",
|
ServiceID: "web",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Should ignore non-matching service
|
// Should ignore non-matching service
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
ServiceID: "db",
|
ServiceID: "db",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
|
@ -299,27 +299,27 @@ func TestCheckAlias_remoteCritical(t *testing.T) {
|
||||||
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
||||||
HealthChecks: []*structs.HealthCheck{
|
HealthChecks: []*structs.HealthCheck{
|
||||||
// Should ignore non-matching node
|
// Should ignore non-matching node
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "A",
|
Node: "A",
|
||||||
ServiceID: "web",
|
ServiceID: "web",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Should ignore non-matching service
|
// Should ignore non-matching service
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
ServiceID: "db",
|
ServiceID: "db",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Match
|
// Match
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
ServiceID: "web",
|
ServiceID: "web",
|
||||||
Status: api.HealthPassing,
|
Status: api.HealthPassing,
|
||||||
},
|
},
|
||||||
|
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
ServiceID: "web",
|
ServiceID: "web",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
|
@ -354,27 +354,27 @@ func TestCheckAlias_remoteWarning(t *testing.T) {
|
||||||
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
||||||
HealthChecks: []*structs.HealthCheck{
|
HealthChecks: []*structs.HealthCheck{
|
||||||
// Should ignore non-matching node
|
// Should ignore non-matching node
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "A",
|
Node: "A",
|
||||||
ServiceID: "web",
|
ServiceID: "web",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Should ignore non-matching service
|
// Should ignore non-matching service
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
ServiceID: "db",
|
ServiceID: "db",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Match
|
// Match
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
ServiceID: "web",
|
ServiceID: "web",
|
||||||
Status: api.HealthPassing,
|
Status: api.HealthPassing,
|
||||||
},
|
},
|
||||||
|
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
ServiceID: "web",
|
ServiceID: "web",
|
||||||
Status: api.HealthWarning,
|
Status: api.HealthWarning,
|
||||||
|
@ -408,21 +408,21 @@ func TestCheckAlias_remoteNodeOnlyPassing(t *testing.T) {
|
||||||
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
||||||
HealthChecks: []*structs.HealthCheck{
|
HealthChecks: []*structs.HealthCheck{
|
||||||
// Should ignore non-matching node
|
// Should ignore non-matching node
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "A",
|
Node: "A",
|
||||||
ServiceID: "web",
|
ServiceID: "web",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Should ignore any services
|
// Should ignore any services
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
ServiceID: "db",
|
ServiceID: "db",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Match
|
// Match
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
Status: api.HealthPassing,
|
Status: api.HealthPassing,
|
||||||
},
|
},
|
||||||
|
@ -455,21 +455,21 @@ func TestCheckAlias_remoteNodeOnlyCritical(t *testing.T) {
|
||||||
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
rpc.AddReply("Health.NodeChecks", structs.IndexedHealthChecks{
|
||||||
HealthChecks: []*structs.HealthCheck{
|
HealthChecks: []*structs.HealthCheck{
|
||||||
// Should ignore non-matching node
|
// Should ignore non-matching node
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "A",
|
Node: "A",
|
||||||
ServiceID: "web",
|
ServiceID: "web",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Should ignore any services
|
// Should ignore any services
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
ServiceID: "db",
|
ServiceID: "db",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
},
|
},
|
||||||
|
|
||||||
// Match
|
// Match
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "remote",
|
Node: "remote",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
},
|
},
|
||||||
|
|
|
@ -17,7 +17,7 @@ var enterpriseNonVotingServerWarnings []string = []string{enterpriseConfigKeyErr
|
||||||
var enterpriseConfigKeyWarnings []string
|
var enterpriseConfigKeyWarnings []string
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
for k, _ := range enterpriseConfigMap {
|
for k := range enterpriseConfigMap {
|
||||||
enterpriseConfigKeyWarnings = append(enterpriseConfigKeyWarnings, enterpriseConfigKeyError{key: k}.Error())
|
enterpriseConfigKeyWarnings = append(enterpriseConfigKeyWarnings, enterpriseConfigKeyError{key: k}.Error())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -2287,8 +2287,8 @@ func TestConfigFlagsAndEdgecases(t *testing.T) {
|
||||||
},
|
},
|
||||||
patch: func(rt *RuntimeConfig) {
|
patch: func(rt *RuntimeConfig) {
|
||||||
rt.Checks = []*structs.CheckDefinition{
|
rt.Checks = []*structs.CheckDefinition{
|
||||||
&structs.CheckDefinition{Name: "a", ScriptArgs: []string{"/bin/true"}, OutputMaxSize: checks.DefaultBufSize},
|
{Name: "a", ScriptArgs: []string{"/bin/true"}, OutputMaxSize: checks.DefaultBufSize},
|
||||||
&structs.CheckDefinition{Name: "b", ScriptArgs: []string{"/bin/false"}, OutputMaxSize: checks.DefaultBufSize},
|
{Name: "b", ScriptArgs: []string{"/bin/false"}, OutputMaxSize: checks.DefaultBufSize},
|
||||||
}
|
}
|
||||||
rt.DataDir = dataDir
|
rt.DataDir = dataDir
|
||||||
},
|
},
|
||||||
|
@ -2306,7 +2306,7 @@ func TestConfigFlagsAndEdgecases(t *testing.T) {
|
||||||
},
|
},
|
||||||
patch: func(rt *RuntimeConfig) {
|
patch: func(rt *RuntimeConfig) {
|
||||||
rt.Checks = []*structs.CheckDefinition{
|
rt.Checks = []*structs.CheckDefinition{
|
||||||
&structs.CheckDefinition{Name: "a", GRPC: "localhost:12345/foo", GRPCUseTLS: true, OutputMaxSize: checks.DefaultBufSize},
|
{Name: "a", GRPC: "localhost:12345/foo", GRPCUseTLS: true, OutputMaxSize: checks.DefaultBufSize},
|
||||||
}
|
}
|
||||||
rt.DataDir = dataDir
|
rt.DataDir = dataDir
|
||||||
},
|
},
|
||||||
|
@ -2324,7 +2324,7 @@ func TestConfigFlagsAndEdgecases(t *testing.T) {
|
||||||
},
|
},
|
||||||
patch: func(rt *RuntimeConfig) {
|
patch: func(rt *RuntimeConfig) {
|
||||||
rt.Checks = []*structs.CheckDefinition{
|
rt.Checks = []*structs.CheckDefinition{
|
||||||
&structs.CheckDefinition{Name: "a", AliasService: "foo", OutputMaxSize: checks.DefaultBufSize},
|
{Name: "a", AliasService: "foo", OutputMaxSize: checks.DefaultBufSize},
|
||||||
}
|
}
|
||||||
rt.DataDir = dataDir
|
rt.DataDir = dataDir
|
||||||
},
|
},
|
||||||
|
@ -2344,7 +2344,7 @@ func TestConfigFlagsAndEdgecases(t *testing.T) {
|
||||||
},
|
},
|
||||||
patch: func(rt *RuntimeConfig) {
|
patch: func(rt *RuntimeConfig) {
|
||||||
rt.Services = []*structs.ServiceDefinition{
|
rt.Services = []*structs.ServiceDefinition{
|
||||||
&structs.ServiceDefinition{
|
{
|
||||||
Name: "a",
|
Name: "a",
|
||||||
Port: 80,
|
Port: 80,
|
||||||
Weights: &structs.Weights{
|
Weights: &structs.Weights{
|
||||||
|
@ -2352,7 +2352,7 @@ func TestConfigFlagsAndEdgecases(t *testing.T) {
|
||||||
Warning: 1,
|
Warning: 1,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
&structs.ServiceDefinition{
|
{
|
||||||
Name: "b",
|
Name: "b",
|
||||||
Port: 90,
|
Port: 90,
|
||||||
Meta: map[string]string{"my": "value"},
|
Meta: map[string]string{"my": "value"},
|
||||||
|
@ -2453,18 +2453,18 @@ func TestConfigFlagsAndEdgecases(t *testing.T) {
|
||||||
},
|
},
|
||||||
patch: func(rt *RuntimeConfig) {
|
patch: func(rt *RuntimeConfig) {
|
||||||
rt.Services = []*structs.ServiceDefinition{
|
rt.Services = []*structs.ServiceDefinition{
|
||||||
&structs.ServiceDefinition{
|
{
|
||||||
Name: "a",
|
Name: "a",
|
||||||
Port: 80,
|
Port: 80,
|
||||||
TaggedAddresses: map[string]structs.ServiceAddress{
|
TaggedAddresses: map[string]structs.ServiceAddress{
|
||||||
"wan": structs.ServiceAddress{
|
"wan": {
|
||||||
Address: "198.18.3.4",
|
Address: "198.18.3.4",
|
||||||
Port: 443,
|
Port: 443,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
EnableTagOverride: true,
|
EnableTagOverride: true,
|
||||||
Checks: []*structs.CheckType{
|
Checks: []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
CheckID: types.CheckID("x"),
|
CheckID: types.CheckID("x"),
|
||||||
Name: "y",
|
Name: "y",
|
||||||
DockerContainerID: "z",
|
DockerContainerID: "z",
|
||||||
|
@ -5250,7 +5250,7 @@ func TestFullConfig(t *testing.T) {
|
||||||
`}
|
`}
|
||||||
|
|
||||||
tail := map[string][]Source{
|
tail := map[string][]Source{
|
||||||
"json": []Source{
|
"json": {
|
||||||
{
|
{
|
||||||
Name: "tail.non-user.json",
|
Name: "tail.non-user.json",
|
||||||
Format: "json",
|
Format: "json",
|
||||||
|
@ -5293,7 +5293,7 @@ func TestFullConfig(t *testing.T) {
|
||||||
}`,
|
}`,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"hcl": []Source{
|
"hcl": {
|
||||||
{
|
{
|
||||||
Name: "tail.non-user.hcl",
|
Name: "tail.non-user.hcl",
|
||||||
Format: "hcl",
|
Format: "hcl",
|
||||||
|
@ -5407,7 +5407,7 @@ func TestFullConfig(t *testing.T) {
|
||||||
CertFile: "7s4QAzDk",
|
CertFile: "7s4QAzDk",
|
||||||
CheckOutputMaxSize: checks.DefaultBufSize,
|
CheckOutputMaxSize: checks.DefaultBufSize,
|
||||||
Checks: []*structs.CheckDefinition{
|
Checks: []*structs.CheckDefinition{
|
||||||
&structs.CheckDefinition{
|
{
|
||||||
ID: "uAjE6m9Z",
|
ID: "uAjE6m9Z",
|
||||||
Name: "QsZRGpYr",
|
Name: "QsZRGpYr",
|
||||||
Notes: "VJ7Sk4BY",
|
Notes: "VJ7Sk4BY",
|
||||||
|
@ -5417,8 +5417,8 @@ func TestFullConfig(t *testing.T) {
|
||||||
ScriptArgs: []string{"4BAJttck", "4D2NPtTQ"},
|
ScriptArgs: []string{"4BAJttck", "4D2NPtTQ"},
|
||||||
HTTP: "dohLcyQ2",
|
HTTP: "dohLcyQ2",
|
||||||
Header: map[string][]string{
|
Header: map[string][]string{
|
||||||
"ZBfTin3L": []string{"1sDbEqYG", "lJGASsWK"},
|
"ZBfTin3L": {"1sDbEqYG", "lJGASsWK"},
|
||||||
"Ui0nU99X": []string{"LMccm3Qe", "k5H5RggQ"},
|
"Ui0nU99X": {"LMccm3Qe", "k5H5RggQ"},
|
||||||
},
|
},
|
||||||
Method: "aldrIQ4l",
|
Method: "aldrIQ4l",
|
||||||
Body: "wSjTy7dg",
|
Body: "wSjTy7dg",
|
||||||
|
@ -5432,7 +5432,7 @@ func TestFullConfig(t *testing.T) {
|
||||||
TTL: 21743 * time.Second,
|
TTL: 21743 * time.Second,
|
||||||
DeregisterCriticalServiceAfter: 14232 * time.Second,
|
DeregisterCriticalServiceAfter: 14232 * time.Second,
|
||||||
},
|
},
|
||||||
&structs.CheckDefinition{
|
{
|
||||||
ID: "Cqq95BhP",
|
ID: "Cqq95BhP",
|
||||||
Name: "3qXpkS0i",
|
Name: "3qXpkS0i",
|
||||||
Notes: "sb5qLTex",
|
Notes: "sb5qLTex",
|
||||||
|
@ -5442,8 +5442,8 @@ func TestFullConfig(t *testing.T) {
|
||||||
ScriptArgs: []string{"9s526ogY", "gSlOHj1w"},
|
ScriptArgs: []string{"9s526ogY", "gSlOHj1w"},
|
||||||
HTTP: "yzhgsQ7Y",
|
HTTP: "yzhgsQ7Y",
|
||||||
Header: map[string][]string{
|
Header: map[string][]string{
|
||||||
"zcqwA8dO": []string{"qb1zx0DL", "sXCxPFsD"},
|
"zcqwA8dO": {"qb1zx0DL", "sXCxPFsD"},
|
||||||
"qxvdnSE9": []string{"6wBPUYdF", "YYh8wtSZ"},
|
"qxvdnSE9": {"6wBPUYdF", "YYh8wtSZ"},
|
||||||
},
|
},
|
||||||
Method: "gLrztrNw",
|
Method: "gLrztrNw",
|
||||||
Body: "0jkKgGUC",
|
Body: "0jkKgGUC",
|
||||||
|
@ -5457,7 +5457,7 @@ func TestFullConfig(t *testing.T) {
|
||||||
TTL: 31006 * time.Second,
|
TTL: 31006 * time.Second,
|
||||||
DeregisterCriticalServiceAfter: 2366 * time.Second,
|
DeregisterCriticalServiceAfter: 2366 * time.Second,
|
||||||
},
|
},
|
||||||
&structs.CheckDefinition{
|
{
|
||||||
ID: "fZaCAXww",
|
ID: "fZaCAXww",
|
||||||
Name: "OOM2eo0f",
|
Name: "OOM2eo0f",
|
||||||
Notes: "zXzXI9Gt",
|
Notes: "zXzXI9Gt",
|
||||||
|
@ -5638,7 +5638,7 @@ func TestFullConfig(t *testing.T) {
|
||||||
},
|
},
|
||||||
EnableTagOverride: true,
|
EnableTagOverride: true,
|
||||||
Checks: []*structs.CheckType{
|
Checks: []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
CheckID: "qmfeO5if",
|
CheckID: "qmfeO5if",
|
||||||
Name: "atDGP7n5",
|
Name: "atDGP7n5",
|
||||||
Status: "pDQKEhWL",
|
Status: "pDQKEhWL",
|
||||||
|
@ -5804,11 +5804,11 @@ func TestFullConfig(t *testing.T) {
|
||||||
ID: "dLOXpSCI",
|
ID: "dLOXpSCI",
|
||||||
Name: "o1ynPkp0",
|
Name: "o1ynPkp0",
|
||||||
TaggedAddresses: map[string]structs.ServiceAddress{
|
TaggedAddresses: map[string]structs.ServiceAddress{
|
||||||
"lan": structs.ServiceAddress{
|
"lan": {
|
||||||
Address: "2d79888a",
|
Address: "2d79888a",
|
||||||
Port: 2143,
|
Port: 2143,
|
||||||
},
|
},
|
||||||
"wan": structs.ServiceAddress{
|
"wan": {
|
||||||
Address: "d4db85e2",
|
Address: "d4db85e2",
|
||||||
Port: 6109,
|
Port: 6109,
|
||||||
},
|
},
|
||||||
|
@ -5959,13 +5959,13 @@ func TestFullConfig(t *testing.T) {
|
||||||
VerifyOutgoing: true,
|
VerifyOutgoing: true,
|
||||||
VerifyServerHostname: true,
|
VerifyServerHostname: true,
|
||||||
Watches: []map[string]interface{}{
|
Watches: []map[string]interface{}{
|
||||||
map[string]interface{}{
|
{
|
||||||
"type": "key",
|
"type": "key",
|
||||||
"datacenter": "GyE6jpeW",
|
"datacenter": "GyE6jpeW",
|
||||||
"key": "j9lF1Tve",
|
"key": "j9lF1Tve",
|
||||||
"handler": "90N7S4LN",
|
"handler": "90N7S4LN",
|
||||||
},
|
},
|
||||||
map[string]interface{}{
|
{
|
||||||
"type": "keyprefix",
|
"type": "keyprefix",
|
||||||
"datacenter": "fYrl3F5d",
|
"datacenter": "fYrl3F5d",
|
||||||
"key": "sl3Dffu7",
|
"key": "sl3Dffu7",
|
||||||
|
@ -6262,7 +6262,7 @@ func TestSanitize(t *testing.T) {
|
||||||
"pmgw_foo=bar pmgw_key=baz pmgw_secret=boom pmgw_bang=bar",
|
"pmgw_foo=bar pmgw_key=baz pmgw_secret=boom pmgw_bang=bar",
|
||||||
},
|
},
|
||||||
Services: []*structs.ServiceDefinition{
|
Services: []*structs.ServiceDefinition{
|
||||||
&structs.ServiceDefinition{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Token: "bar",
|
Token: "bar",
|
||||||
Check: structs.CheckType{
|
Check: structs.CheckType{
|
||||||
|
@ -6276,7 +6276,7 @@ func TestSanitize(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Checks: []*structs.CheckDefinition{
|
Checks: []*structs.CheckDefinition{
|
||||||
&structs.CheckDefinition{
|
{
|
||||||
Name: "zoo",
|
Name: "zoo",
|
||||||
Token: "zope",
|
Token: "zope",
|
||||||
OutputMaxSize: checks.DefaultBufSize,
|
OutputMaxSize: checks.DefaultBufSize,
|
||||||
|
|
|
@ -18,35 +18,35 @@ func TestServiceAndNamespaceTruncation(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cases := map[string]tcase{
|
cases := map[string]tcase{
|
||||||
"short-no-truncation": tcase{
|
"short-no-truncation": {
|
||||||
service: "foo",
|
service: "foo",
|
||||||
namespace: "bar",
|
namespace: "bar",
|
||||||
},
|
},
|
||||||
"long-service-no-truncation": tcase{
|
"long-service-no-truncation": {
|
||||||
// -3 because thats the length of the namespace
|
// -3 because thats the length of the namespace
|
||||||
service: strings.Repeat("a", maxServiceAndNamespaceLen-3),
|
service: strings.Repeat("a", maxServiceAndNamespaceLen-3),
|
||||||
namespace: "bar",
|
namespace: "bar",
|
||||||
},
|
},
|
||||||
"long-namespace-no-truncation": tcase{
|
"long-namespace-no-truncation": {
|
||||||
service: "foo",
|
service: "foo",
|
||||||
// -3 because thats the length of the service name
|
// -3 because thats the length of the service name
|
||||||
namespace: strings.Repeat("b", maxServiceAndNamespaceLen-3),
|
namespace: strings.Repeat("b", maxServiceAndNamespaceLen-3),
|
||||||
},
|
},
|
||||||
"truncate-service-only": tcase{
|
"truncate-service-only": {
|
||||||
// this should force the service name to be truncated
|
// this should force the service name to be truncated
|
||||||
service: strings.Repeat("a", maxServiceAndNamespaceLen-minNamespaceNameLen+5),
|
service: strings.Repeat("a", maxServiceAndNamespaceLen-minNamespaceNameLen+5),
|
||||||
expectedService: strings.Repeat("a", maxServiceAndNamespaceLen-minNamespaceNameLen),
|
expectedService: strings.Repeat("a", maxServiceAndNamespaceLen-minNamespaceNameLen),
|
||||||
// this is the maximum length that will never be truncated for a namespace
|
// this is the maximum length that will never be truncated for a namespace
|
||||||
namespace: strings.Repeat("b", minNamespaceNameLen),
|
namespace: strings.Repeat("b", minNamespaceNameLen),
|
||||||
},
|
},
|
||||||
"truncate-namespace-only": tcase{
|
"truncate-namespace-only": {
|
||||||
// this is the maximum length that will never be truncated for a service name
|
// this is the maximum length that will never be truncated for a service name
|
||||||
service: strings.Repeat("a", minServiceNameLen),
|
service: strings.Repeat("a", minServiceNameLen),
|
||||||
// this should force the namespace name to be truncated
|
// this should force the namespace name to be truncated
|
||||||
namespace: strings.Repeat("b", maxServiceAndNamespaceLen-minServiceNameLen+5),
|
namespace: strings.Repeat("b", maxServiceAndNamespaceLen-minServiceNameLen+5),
|
||||||
expectedNamespace: strings.Repeat("b", maxServiceAndNamespaceLen-minServiceNameLen),
|
expectedNamespace: strings.Repeat("b", maxServiceAndNamespaceLen-minServiceNameLen),
|
||||||
},
|
},
|
||||||
"truncate-both-even": tcase{
|
"truncate-both-even": {
|
||||||
// this test would need to be update if the maxServiceAndNamespaceLen variable is updated
|
// this test would need to be update if the maxServiceAndNamespaceLen variable is updated
|
||||||
// I could put some more complex logic into here to prevent that but it would be mostly
|
// I could put some more complex logic into here to prevent that but it would be mostly
|
||||||
// duplicating the logic in the function itself and thus not really be testing anything
|
// duplicating the logic in the function itself and thus not really be testing anything
|
||||||
|
@ -59,7 +59,7 @@ func TestServiceAndNamespaceTruncation(t *testing.T) {
|
||||||
namespace: strings.Repeat("b", 51),
|
namespace: strings.Repeat("b", 51),
|
||||||
expectedNamespace: strings.Repeat("b", 22),
|
expectedNamespace: strings.Repeat("b", 22),
|
||||||
},
|
},
|
||||||
"truncate-both-odd": tcase{
|
"truncate-both-odd": {
|
||||||
// this test would need to be update if the maxServiceAndNamespaceLen variable is updated
|
// this test would need to be update if the maxServiceAndNamespaceLen variable is updated
|
||||||
// I could put some more complex logic into here to prevent that but it would be mostly
|
// I could put some more complex logic into here to prevent that but it would be mostly
|
||||||
// duplicating the logic in the function itself and thus not really be testing anything
|
// duplicating the logic in the function itself and thus not really be testing anything
|
||||||
|
@ -73,13 +73,13 @@ func TestServiceAndNamespaceTruncation(t *testing.T) {
|
||||||
namespace: strings.Repeat("b", 50),
|
namespace: strings.Repeat("b", 50),
|
||||||
expectedNamespace: strings.Repeat("b", 22),
|
expectedNamespace: strings.Repeat("b", 22),
|
||||||
},
|
},
|
||||||
"truncate-both-min-svc": tcase{
|
"truncate-both-min-svc": {
|
||||||
service: strings.Repeat("a", minServiceNameLen+1),
|
service: strings.Repeat("a", minServiceNameLen+1),
|
||||||
expectedService: strings.Repeat("a", minServiceNameLen),
|
expectedService: strings.Repeat("a", minServiceNameLen),
|
||||||
namespace: strings.Repeat("b", maxServiceAndNamespaceLen),
|
namespace: strings.Repeat("b", maxServiceAndNamespaceLen),
|
||||||
expectedNamespace: strings.Repeat("b", maxServiceAndNamespaceLen-minServiceNameLen),
|
expectedNamespace: strings.Repeat("b", maxServiceAndNamespaceLen-minServiceNameLen),
|
||||||
},
|
},
|
||||||
"truncate-both-min-ns": tcase{
|
"truncate-both-min-ns": {
|
||||||
service: strings.Repeat("a", maxServiceAndNamespaceLen),
|
service: strings.Repeat("a", maxServiceAndNamespaceLen),
|
||||||
expectedService: strings.Repeat("a", maxServiceAndNamespaceLen-minNamespaceNameLen),
|
expectedService: strings.Repeat("a", maxServiceAndNamespaceLen-minNamespaceNameLen),
|
||||||
namespace: strings.Repeat("b", minNamespaceNameLen+1),
|
namespace: strings.Repeat("b", minNamespaceNameLen+1),
|
||||||
|
|
|
@ -1414,7 +1414,7 @@ func (f *aclFilter) filterCheckServiceNodes(nodes *structs.CheckServiceNodes) {
|
||||||
func (f *aclFilter) filterDatacenterCheckServiceNodes(datacenterNodes *map[string]structs.CheckServiceNodes) {
|
func (f *aclFilter) filterDatacenterCheckServiceNodes(datacenterNodes *map[string]structs.CheckServiceNodes) {
|
||||||
dn := *datacenterNodes
|
dn := *datacenterNodes
|
||||||
out := make(map[string]structs.CheckServiceNodes)
|
out := make(map[string]structs.CheckServiceNodes)
|
||||||
for dc, _ := range dn {
|
for dc := range dn {
|
||||||
nodes := dn[dc]
|
nodes := dn[dc]
|
||||||
f.filterCheckServiceNodes(&nodes)
|
f.filterCheckServiceNodes(&nodes)
|
||||||
if len(nodes) > 0 {
|
if len(nodes) > 0 {
|
||||||
|
|
|
@ -336,7 +336,7 @@ func TestACLReplication_Tokens(t *testing.T) {
|
||||||
ACLToken: structs.ACLToken{
|
ACLToken: structs.ACLToken{
|
||||||
Description: fmt.Sprintf("token-%d", i),
|
Description: fmt.Sprintf("token-%d", i),
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -391,7 +391,7 @@ func TestACLReplication_Tokens(t *testing.T) {
|
||||||
ACLToken: structs.ACLToken{
|
ACLToken: structs.ACLToken{
|
||||||
Description: fmt.Sprintf("token-%d", i),
|
Description: fmt.Sprintf("token-%d", i),
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -411,7 +411,7 @@ func TestACLReplication_Tokens(t *testing.T) {
|
||||||
ACLToken: structs.ACLToken{
|
ACLToken: structs.ACLToken{
|
||||||
Description: fmt.Sprintf("token-%d", i),
|
Description: fmt.Sprintf("token-%d", i),
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -432,7 +432,7 @@ func TestACLReplication_Tokens(t *testing.T) {
|
||||||
SecretID: tokens[i].SecretID,
|
SecretID: tokens[i].SecretID,
|
||||||
Description: fmt.Sprintf("token-%d-modified", i),
|
Description: fmt.Sprintf("token-%d-modified", i),
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -625,7 +625,7 @@ func TestACLReplication_TokensRedacted(t *testing.T) {
|
||||||
ACLToken: structs.ACLToken{
|
ACLToken: structs.ACLToken{
|
||||||
Description: "dc2-replication",
|
Description: "dc2-replication",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: policy.ID,
|
ID: policy.ID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -700,7 +700,7 @@ func TestACLReplication_TokensRedacted(t *testing.T) {
|
||||||
ACLToken: structs.ACLToken{
|
ACLToken: structs.ACLToken{
|
||||||
Description: "management",
|
Description: "management",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -72,10 +72,10 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "435a75af-1763-4980-89f4-f0951dda53b4",
|
AccessorID: "435a75af-1763-4980-89f4-f0951dda53b4",
|
||||||
SecretID: "b1b6be70-ed2e-4c80-8495-bdb3db110b1e",
|
SecretID: "b1b6be70-ed2e-4c80-8495-bdb3db110b1e",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "not-found",
|
ID: "not-found",
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "acl-ro",
|
ID: "acl-ro",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -85,10 +85,10 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "435a75af-1763-4980-89f4-f0951dda53b4",
|
AccessorID: "435a75af-1763-4980-89f4-f0951dda53b4",
|
||||||
SecretID: "b1b6be70-ed2e-4c80-8495-bdb3db110b1e",
|
SecretID: "b1b6be70-ed2e-4c80-8495-bdb3db110b1e",
|
||||||
Roles: []structs.ACLTokenRoleLink{
|
Roles: []structs.ACLTokenRoleLink{
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: "not-found",
|
ID: "not-found",
|
||||||
},
|
},
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: "acl-ro",
|
ID: "acl-ro",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -98,7 +98,7 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "435a75af-1763-4980-89f4-f0951dda53b4",
|
AccessorID: "435a75af-1763-4980-89f4-f0951dda53b4",
|
||||||
SecretID: "b1b6be70-ed2e-4c80-8495-bdb3db110b1e",
|
SecretID: "b1b6be70-ed2e-4c80-8495-bdb3db110b1e",
|
||||||
Roles: []structs.ACLTokenRoleLink{
|
Roles: []structs.ACLTokenRoleLink{
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: "missing-policy",
|
ID: "missing-policy",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -121,10 +121,10 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "5f57c1f6-6a89-4186-9445-531b316e01df",
|
AccessorID: "5f57c1f6-6a89-4186-9445-531b316e01df",
|
||||||
SecretID: "a1a54629-5050-4d17-8a4e-560d2423f835",
|
SecretID: "a1a54629-5050-4d17-8a4e-560d2423f835",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "node-wr",
|
ID: "node-wr",
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "dc2-key-wr",
|
ID: "dc2-key-wr",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -136,7 +136,7 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "5f57c1f6-6a89-4186-9445-531b316e01df",
|
AccessorID: "5f57c1f6-6a89-4186-9445-531b316e01df",
|
||||||
SecretID: "a1a54629-5050-4d17-8a4e-560d2423f835",
|
SecretID: "a1a54629-5050-4d17-8a4e-560d2423f835",
|
||||||
Roles: []structs.ACLTokenRoleLink{
|
Roles: []structs.ACLTokenRoleLink{
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: "found",
|
ID: "found",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -146,15 +146,15 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "5f57c1f6-6a89-4186-9445-531b316e01df",
|
AccessorID: "5f57c1f6-6a89-4186-9445-531b316e01df",
|
||||||
SecretID: "a1a54629-5050-4d17-8a4e-560d2423f835",
|
SecretID: "a1a54629-5050-4d17-8a4e-560d2423f835",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "node-wr",
|
ID: "node-wr",
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "dc2-key-wr",
|
ID: "dc2-key-wr",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Roles: []structs.ACLTokenRoleLink{
|
Roles: []structs.ACLTokenRoleLink{
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: "service-ro",
|
ID: "service-ro",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -164,7 +164,7 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "f6c5a5fb-4da4-422b-9abf-2c942813fc71",
|
AccessorID: "f6c5a5fb-4da4-422b-9abf-2c942813fc71",
|
||||||
SecretID: "55cb7d69-2bea-42c3-a68f-2a1443d2abbc",
|
SecretID: "55cb7d69-2bea-42c3-a68f-2a1443d2abbc",
|
||||||
ServiceIdentities: []*structs.ACLServiceIdentity{
|
ServiceIdentities: []*structs.ACLServiceIdentity{
|
||||||
&structs.ACLServiceIdentity{
|
{
|
||||||
ServiceName: "service1",
|
ServiceName: "service1",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -174,7 +174,7 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "7c87dfad-be37-446e-8305-299585677cb5",
|
AccessorID: "7c87dfad-be37-446e-8305-299585677cb5",
|
||||||
SecretID: "dfca9676-ac80-453a-837b-4c0cf923473c",
|
SecretID: "dfca9676-ac80-453a-837b-4c0cf923473c",
|
||||||
ServiceIdentities: []*structs.ACLServiceIdentity{
|
ServiceIdentities: []*structs.ACLServiceIdentity{
|
||||||
&structs.ACLServiceIdentity{
|
{
|
||||||
ServiceName: "service2",
|
ServiceName: "service2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -184,12 +184,12 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "bebccc92-3987-489d-84c2-ffd00d93ef93",
|
AccessorID: "bebccc92-3987-489d-84c2-ffd00d93ef93",
|
||||||
SecretID: "de70f2e2-69d9-4e88-9815-f91c03c6bcb1",
|
SecretID: "de70f2e2-69d9-4e88-9815-f91c03c6bcb1",
|
||||||
NodeIdentities: []*structs.ACLNodeIdentity{
|
NodeIdentities: []*structs.ACLNodeIdentity{
|
||||||
&structs.ACLNodeIdentity{
|
{
|
||||||
NodeName: "test-node1",
|
NodeName: "test-node1",
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
},
|
},
|
||||||
// as the resolver is in dc1 this identity should be ignored
|
// as the resolver is in dc1 this identity should be ignored
|
||||||
&structs.ACLNodeIdentity{
|
{
|
||||||
NodeName: "test-node-dc2",
|
NodeName: "test-node-dc2",
|
||||||
Datacenter: "dc2",
|
Datacenter: "dc2",
|
||||||
},
|
},
|
||||||
|
@ -200,12 +200,12 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "359b9927-25fd-46b9-bd14-3470f848ec65",
|
AccessorID: "359b9927-25fd-46b9-bd14-3470f848ec65",
|
||||||
SecretID: "83c4d500-847d-49f7-8c08-0483f6b4156e",
|
SecretID: "83c4d500-847d-49f7-8c08-0483f6b4156e",
|
||||||
NodeIdentities: []*structs.ACLNodeIdentity{
|
NodeIdentities: []*structs.ACLNodeIdentity{
|
||||||
&structs.ACLNodeIdentity{
|
{
|
||||||
NodeName: "test-node2",
|
NodeName: "test-node2",
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
},
|
},
|
||||||
// as the resolver is in dc1 this identity should be ignored
|
// as the resolver is in dc1 this identity should be ignored
|
||||||
&structs.ACLNodeIdentity{
|
{
|
||||||
NodeName: "test-node-dc2",
|
NodeName: "test-node-dc2",
|
||||||
Datacenter: "dc2",
|
Datacenter: "dc2",
|
||||||
},
|
},
|
||||||
|
@ -226,7 +226,7 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "435a75af-1763-4980-89f4-f0951dda53b4",
|
AccessorID: "435a75af-1763-4980-89f4-f0951dda53b4",
|
||||||
SecretID: "b1b6be70-ed2e-4c80-8495-bdb3db110b1e",
|
SecretID: "b1b6be70-ed2e-4c80-8495-bdb3db110b1e",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "acl-ro",
|
ID: "acl-ro",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -236,7 +236,7 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "435a75af-1763-4980-89f4-f0951dda53b4",
|
AccessorID: "435a75af-1763-4980-89f4-f0951dda53b4",
|
||||||
SecretID: "b1b6be70-ed2e-4c80-8495-bdb3db110b1e",
|
SecretID: "b1b6be70-ed2e-4c80-8495-bdb3db110b1e",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "acl-wr",
|
ID: "acl-wr",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -246,10 +246,10 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "5f57c1f6-6a89-4186-9445-531b316e01df",
|
AccessorID: "5f57c1f6-6a89-4186-9445-531b316e01df",
|
||||||
SecretID: "a1a54629-5050-4d17-8a4e-560d2423f835",
|
SecretID: "a1a54629-5050-4d17-8a4e-560d2423f835",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "node-wr",
|
ID: "node-wr",
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "acl-wr",
|
ID: "acl-wr",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -259,7 +259,7 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "5f57c1f6-6a89-4186-9445-531b316e01df",
|
AccessorID: "5f57c1f6-6a89-4186-9445-531b316e01df",
|
||||||
SecretID: "a1a54629-5050-4d17-8a4e-560d2423f835",
|
SecretID: "a1a54629-5050-4d17-8a4e-560d2423f835",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "node-wr",
|
ID: "node-wr",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -269,10 +269,10 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "5f57c1f6-6a89-4186-9445-531b316e01df",
|
AccessorID: "5f57c1f6-6a89-4186-9445-531b316e01df",
|
||||||
SecretID: "a1a54629-5050-4d17-8a4e-560d2423f835",
|
SecretID: "a1a54629-5050-4d17-8a4e-560d2423f835",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "node-wr",
|
ID: "node-wr",
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "acl-wr",
|
ID: "acl-wr",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -282,7 +282,7 @@ func testIdentityForToken(token string) (bool, structs.ACLIdentity, error) {
|
||||||
AccessorID: "00000000-0000-0000-0000-000000000002",
|
AccessorID: "00000000-0000-0000-0000-000000000002",
|
||||||
SecretID: anonymousToken,
|
SecretID: anonymousToken,
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "node-wr",
|
ID: "node-wr",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -363,7 +363,7 @@ func testRoleForID(roleID string) (bool, *structs.ACLRole, error) {
|
||||||
Name: "service-ro",
|
Name: "service-ro",
|
||||||
Description: "service-ro",
|
Description: "service-ro",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "service-ro",
|
ID: "service-ro",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -375,7 +375,7 @@ func testRoleForID(roleID string) (bool, *structs.ACLRole, error) {
|
||||||
Name: "service-wr",
|
Name: "service-wr",
|
||||||
Description: "service-wr",
|
Description: "service-wr",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "service-wr",
|
ID: "service-wr",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -387,10 +387,10 @@ func testRoleForID(roleID string) (bool, *structs.ACLRole, error) {
|
||||||
Name: "missing-policy",
|
Name: "missing-policy",
|
||||||
Description: "missing-policy",
|
Description: "missing-policy",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "not-found",
|
ID: "not-found",
|
||||||
},
|
},
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "acl-ro",
|
ID: "acl-ro",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -402,10 +402,10 @@ func testRoleForID(roleID string) (bool, *structs.ACLRole, error) {
|
||||||
Name: "found",
|
Name: "found",
|
||||||
Description: "found",
|
Description: "found",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "node-wr",
|
ID: "node-wr",
|
||||||
},
|
},
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "dc2-key-wr",
|
ID: "dc2-key-wr",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -416,7 +416,7 @@ func testRoleForID(roleID string) (bool, *structs.ACLRole, error) {
|
||||||
Name: "acl-ro",
|
Name: "acl-ro",
|
||||||
Description: "acl-ro",
|
Description: "acl-ro",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "acl-ro",
|
ID: "acl-ro",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -427,7 +427,7 @@ func testRoleForID(roleID string) (bool, *structs.ACLRole, error) {
|
||||||
Name: "acl-rw",
|
Name: "acl-rw",
|
||||||
Description: "acl-rw",
|
Description: "acl-rw",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "acl-wr",
|
ID: "acl-wr",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -438,10 +438,10 @@ func testRoleForID(roleID string) (bool, *structs.ACLRole, error) {
|
||||||
Name: "racey-unmodified",
|
Name: "racey-unmodified",
|
||||||
Description: "racey-unmodified",
|
Description: "racey-unmodified",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "node-wr",
|
ID: "node-wr",
|
||||||
},
|
},
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "acl-wr",
|
ID: "acl-wr",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -452,7 +452,7 @@ func testRoleForID(roleID string) (bool, *structs.ACLRole, error) {
|
||||||
Name: "racey-modified",
|
Name: "racey-modified",
|
||||||
Description: "racey-modified",
|
Description: "racey-modified",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "node-wr",
|
ID: "node-wr",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -463,10 +463,10 @@ func testRoleForID(roleID string) (bool, *structs.ACLRole, error) {
|
||||||
Name: "concurrent-resolve-1",
|
Name: "concurrent-resolve-1",
|
||||||
Description: "concurrent-resolve-1",
|
Description: "concurrent-resolve-1",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "node-wr",
|
ID: "node-wr",
|
||||||
},
|
},
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "acl-wr",
|
ID: "acl-wr",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -477,10 +477,10 @@ func testRoleForID(roleID string) (bool, *structs.ACLRole, error) {
|
||||||
Name: "concurrent-resolve-2",
|
Name: "concurrent-resolve-2",
|
||||||
Description: "concurrent-resolve-2",
|
Description: "concurrent-resolve-2",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "node-wr",
|
ID: "node-wr",
|
||||||
},
|
},
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "acl-wr",
|
ID: "acl-wr",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -491,11 +491,11 @@ func testRoleForID(roleID string) (bool, *structs.ACLRole, error) {
|
||||||
Name: "node-identity",
|
Name: "node-identity",
|
||||||
Description: "node-identity",
|
Description: "node-identity",
|
||||||
NodeIdentities: []*structs.ACLNodeIdentity{
|
NodeIdentities: []*structs.ACLNodeIdentity{
|
||||||
&structs.ACLNodeIdentity{
|
{
|
||||||
NodeName: "test-node",
|
NodeName: "test-node",
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
},
|
},
|
||||||
&structs.ACLNodeIdentity{
|
{
|
||||||
NodeName: "test-node-dc2",
|
NodeName: "test-node-dc2",
|
||||||
Datacenter: "dc2",
|
Datacenter: "dc2",
|
||||||
},
|
},
|
||||||
|
@ -1566,7 +1566,7 @@ func TestACLResolver_Client(t *testing.T) {
|
||||||
ID: "not-needed",
|
ID: "not-needed",
|
||||||
PolicyRules: acl.PolicyRules{
|
PolicyRules: acl.PolicyRules{
|
||||||
Nodes: []*acl.NodeRule{
|
Nodes: []*acl.NodeRule{
|
||||||
&acl.NodeRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: acl.PolicyWrite,
|
Policy: acl.PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -1909,7 +1909,7 @@ func TestACLResolver_Legacy(t *testing.T) {
|
||||||
ID: "not-needed",
|
ID: "not-needed",
|
||||||
PolicyRules: acl.PolicyRules{
|
PolicyRules: acl.PolicyRules{
|
||||||
Nodes: []*acl.NodeRule{
|
Nodes: []*acl.NodeRule{
|
||||||
&acl.NodeRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: acl.PolicyWrite,
|
Policy: acl.PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -1960,7 +1960,7 @@ func TestACLResolver_Legacy(t *testing.T) {
|
||||||
ID: "not-needed",
|
ID: "not-needed",
|
||||||
PolicyRules: acl.PolicyRules{
|
PolicyRules: acl.PolicyRules{
|
||||||
Nodes: []*acl.NodeRule{
|
Nodes: []*acl.NodeRule{
|
||||||
&acl.NodeRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: acl.PolicyWrite,
|
Policy: acl.PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -2013,7 +2013,7 @@ func TestACLResolver_Legacy(t *testing.T) {
|
||||||
ID: "not-needed",
|
ID: "not-needed",
|
||||||
PolicyRules: acl.PolicyRules{
|
PolicyRules: acl.PolicyRules{
|
||||||
Nodes: []*acl.NodeRule{
|
Nodes: []*acl.NodeRule{
|
||||||
&acl.NodeRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: acl.PolicyWrite,
|
Policy: acl.PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -2067,7 +2067,7 @@ func TestACLResolver_Legacy(t *testing.T) {
|
||||||
ID: "not-needed",
|
ID: "not-needed",
|
||||||
PolicyRules: acl.PolicyRules{
|
PolicyRules: acl.PolicyRules{
|
||||||
Nodes: []*acl.NodeRule{
|
Nodes: []*acl.NodeRule{
|
||||||
&acl.NodeRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: acl.PolicyWrite,
|
Policy: acl.PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -2121,7 +2121,7 @@ func TestACLResolver_Legacy(t *testing.T) {
|
||||||
ID: "not-needed",
|
ID: "not-needed",
|
||||||
PolicyRules: acl.PolicyRules{
|
PolicyRules: acl.PolicyRules{
|
||||||
Nodes: []*acl.NodeRule{
|
Nodes: []*acl.NodeRule{
|
||||||
&acl.NodeRule{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Policy: acl.PolicyWrite,
|
Policy: acl.PolicyWrite,
|
||||||
},
|
},
|
||||||
|
@ -2581,7 +2581,7 @@ func TestACL_filterNodeServices(t *testing.T) {
|
||||||
Node: "node1",
|
Node: "node1",
|
||||||
},
|
},
|
||||||
Services: map[string]*structs.NodeService{
|
Services: map[string]*structs.NodeService{
|
||||||
"foo": &structs.NodeService{
|
"foo": {
|
||||||
ID: "foo",
|
ID: "foo",
|
||||||
Service: "foo",
|
Service: "foo",
|
||||||
},
|
},
|
||||||
|
@ -2830,13 +2830,13 @@ func TestACL_filterNodeDump(t *testing.T) {
|
||||||
&structs.NodeInfo{
|
&structs.NodeInfo{
|
||||||
Node: "node1",
|
Node: "node1",
|
||||||
Services: []*structs.NodeService{
|
Services: []*structs.NodeService{
|
||||||
&structs.NodeService{
|
{
|
||||||
ID: "foo",
|
ID: "foo",
|
||||||
Service: "foo",
|
Service: "foo",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Checks: []*structs.HealthCheck{
|
Checks: []*structs.HealthCheck{
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "node1",
|
Node: "node1",
|
||||||
CheckID: "check1",
|
CheckID: "check1",
|
||||||
ServiceName: "foo",
|
ServiceName: "foo",
|
||||||
|
|
|
@ -68,7 +68,7 @@ type Identity struct {
|
||||||
// ProjectedVarNames returns just the keyspace of the ProjectedVars map.
|
// ProjectedVarNames returns just the keyspace of the ProjectedVars map.
|
||||||
func (i *Identity) ProjectedVarNames() []string {
|
func (i *Identity) ProjectedVarNames() []string {
|
||||||
v := make([]string, 0, len(i.ProjectedVars))
|
v := make([]string, 0, len(i.ProjectedVars))
|
||||||
for k, _ := range i.ProjectedVars {
|
for k := range i.ProjectedVars {
|
||||||
v = append(v, k)
|
v = append(v, k)
|
||||||
}
|
}
|
||||||
return v
|
return v
|
||||||
|
|
|
@ -517,7 +517,7 @@ func createReadServiceAccountFound(namespace, name, uid, overrideAnnotation, jwt
|
||||||
CreationTimestamp: metav1.Time{Time: time.Now()},
|
CreationTimestamp: metav1.Time{Time: time.Now()},
|
||||||
},
|
},
|
||||||
Secrets: []corev1.ObjectReference{
|
Secrets: []corev1.ObjectReference{
|
||||||
corev1.ObjectReference{
|
{
|
||||||
Name: name + "-token-m9cvn",
|
Name: name + "-token-m9cvn",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -18,7 +18,7 @@ func RequireIdentityMatch(t testing.T, id *Identity, projectedVars map[string]st
|
||||||
require.Equal(t, projectedVars, id.ProjectedVars)
|
require.Equal(t, projectedVars, id.ProjectedVars)
|
||||||
|
|
||||||
expectNames := make([]string, 0, len(projectedVars))
|
expectNames := make([]string, 0, len(projectedVars))
|
||||||
for k, _ := range projectedVars {
|
for k := range projectedVars {
|
||||||
expectNames = append(expectNames, k)
|
expectNames = append(expectNames, k)
|
||||||
}
|
}
|
||||||
sort.Strings(expectNames)
|
sort.Strings(expectNames)
|
||||||
|
|
|
@ -1644,11 +1644,11 @@ func TestCatalog_ListServiceNodes_ByAddress(t *testing.T) {
|
||||||
fooAddress := "10.1.2.3"
|
fooAddress := "10.1.2.3"
|
||||||
fooPort := 1111
|
fooPort := 1111
|
||||||
fooTaggedAddresses := map[string]structs.ServiceAddress{
|
fooTaggedAddresses := map[string]structs.ServiceAddress{
|
||||||
"lan": structs.ServiceAddress{
|
"lan": {
|
||||||
Address: "10.1.2.3",
|
Address: "10.1.2.3",
|
||||||
Port: fooPort,
|
Port: fooPort,
|
||||||
},
|
},
|
||||||
"wan": structs.ServiceAddress{
|
"wan": {
|
||||||
Address: "198.18.1.2",
|
Address: "198.18.1.2",
|
||||||
Port: fooPort,
|
Port: fooPort,
|
||||||
},
|
},
|
||||||
|
@ -1656,11 +1656,11 @@ func TestCatalog_ListServiceNodes_ByAddress(t *testing.T) {
|
||||||
barAddress := "10.1.2.3"
|
barAddress := "10.1.2.3"
|
||||||
barPort := 2222
|
barPort := 2222
|
||||||
barTaggedAddresses := map[string]structs.ServiceAddress{
|
barTaggedAddresses := map[string]structs.ServiceAddress{
|
||||||
"lan": structs.ServiceAddress{
|
"lan": {
|
||||||
Address: "10.1.2.3",
|
Address: "10.1.2.3",
|
||||||
Port: barPort,
|
Port: barPort,
|
||||||
},
|
},
|
||||||
"wan": structs.ServiceAddress{
|
"wan": {
|
||||||
Address: "198.18.2.3",
|
Address: "198.18.2.3",
|
||||||
Port: barPort,
|
Port: barPort,
|
||||||
},
|
},
|
||||||
|
@ -1668,11 +1668,11 @@ func TestCatalog_ListServiceNodes_ByAddress(t *testing.T) {
|
||||||
bazAddress := "192.168.1.35"
|
bazAddress := "192.168.1.35"
|
||||||
bazPort := 2222
|
bazPort := 2222
|
||||||
bazTaggedAddresses := map[string]structs.ServiceAddress{
|
bazTaggedAddresses := map[string]structs.ServiceAddress{
|
||||||
"lan": structs.ServiceAddress{
|
"lan": {
|
||||||
Address: "192.168.1.35",
|
Address: "192.168.1.35",
|
||||||
Port: barPort,
|
Port: barPort,
|
||||||
},
|
},
|
||||||
"wan": structs.ServiceAddress{
|
"wan": {
|
||||||
Address: "198.18.2.4",
|
Address: "198.18.2.4",
|
||||||
Port: barPort,
|
Port: barPort,
|
||||||
},
|
},
|
||||||
|
|
|
@ -393,7 +393,7 @@ func (c *Client) Stats() map[string]map[string]string {
|
||||||
return strconv.FormatUint(v, 10)
|
return strconv.FormatUint(v, 10)
|
||||||
}
|
}
|
||||||
stats := map[string]map[string]string{
|
stats := map[string]map[string]string{
|
||||||
"consul": map[string]string{
|
"consul": {
|
||||||
"server": "false",
|
"server": "false",
|
||||||
"known_servers": toString(uint64(numServers)),
|
"known_servers": toString(uint64(numServers)),
|
||||||
},
|
},
|
||||||
|
|
|
@ -779,7 +779,7 @@ func TestConfigEntry_ResolveServiceConfig(t *testing.T) {
|
||||||
"protocol": "http",
|
"protocol": "http",
|
||||||
},
|
},
|
||||||
UpstreamConfigs: map[string]map[string]interface{}{
|
UpstreamConfigs: map[string]map[string]interface{}{
|
||||||
"bar": map[string]interface{}{
|
"bar": {
|
||||||
"protocol": "grpc",
|
"protocol": "grpc",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1013,16 +1013,16 @@ func TestConfigEntry_ResolveServiceConfig_UpstreamProxyDefaultsProtocol(t *testi
|
||||||
"protocol": "http",
|
"protocol": "http",
|
||||||
},
|
},
|
||||||
UpstreamConfigs: map[string]map[string]interface{}{
|
UpstreamConfigs: map[string]map[string]interface{}{
|
||||||
"bar": map[string]interface{}{
|
"bar": {
|
||||||
"protocol": "http",
|
"protocol": "http",
|
||||||
},
|
},
|
||||||
"other": map[string]interface{}{
|
"other": {
|
||||||
"protocol": "http",
|
"protocol": "http",
|
||||||
},
|
},
|
||||||
"dne": map[string]interface{}{
|
"dne": {
|
||||||
"protocol": "http",
|
"protocol": "http",
|
||||||
},
|
},
|
||||||
"alreadyprotocol": map[string]interface{}{
|
"alreadyprotocol": {
|
||||||
"protocol": "grpc",
|
"protocol": "grpc",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1066,7 +1066,7 @@ func TestConfigEntry_ResolveServiceConfig_ProxyDefaultsProtocol_UsedForAllUpstre
|
||||||
"protocol": "http",
|
"protocol": "http",
|
||||||
},
|
},
|
||||||
UpstreamConfigs: map[string]map[string]interface{}{
|
UpstreamConfigs: map[string]map[string]interface{}{
|
||||||
"bar": map[string]interface{}{
|
"bar": {
|
||||||
"protocol": "http",
|
"protocol": "http",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -91,7 +91,7 @@ func TestDiscoveryChainEndpoint_Get(t *testing.T) {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:web.default.dc1",
|
StartNode: "resolver:web.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:web.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:web.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "web.default.dc1",
|
Name: "web.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -185,7 +185,7 @@ func TestDiscoveryChainEndpoint_Get(t *testing.T) {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:web.default.dc1",
|
StartNode: "resolver:web.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:web.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:web.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "web.default.dc1",
|
Name: "web.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
|
|
@ -272,7 +272,7 @@ func (c *compiler) compile() (*structs.CompiledDiscoveryChain, error) {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
for targetID, _ := range c.loadedTargets {
|
for targetID := range c.loadedTargets {
|
||||||
if _, ok := c.retainedTargets[targetID]; !ok {
|
if _, ok := c.retainedTargets[targetID]; !ok {
|
||||||
delete(c.loadedTargets, targetID)
|
delete(c.loadedTargets, targetID)
|
||||||
}
|
}
|
||||||
|
@ -443,7 +443,7 @@ func (c *compiler) removeUnusedNodes() error {
|
||||||
if len(todo) == 0 {
|
if len(todo) == 0 {
|
||||||
return ""
|
return ""
|
||||||
}
|
}
|
||||||
for k, _ := range todo {
|
for k := range todo {
|
||||||
delete(todo, k)
|
delete(todo, k)
|
||||||
return k
|
return k
|
||||||
}
|
}
|
||||||
|
@ -485,7 +485,7 @@ func (c *compiler) removeUnusedNodes() error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
for name, _ := range c.nodes {
|
for name := range c.nodes {
|
||||||
if _, ok := visited[name]; !ok {
|
if _, ok := visited[name]; !ok {
|
||||||
delete(c.nodes, name)
|
delete(c.nodes, name)
|
||||||
}
|
}
|
||||||
|
@ -541,7 +541,7 @@ func (c *compiler) assembleChain() error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
for i, _ := range router.Routes {
|
for i := range router.Routes {
|
||||||
// We don't use range variables here because we'll take the address of
|
// We don't use range variables here because we'll take the address of
|
||||||
// this route and store that in a DiscoveryGraphNode and the range
|
// this route and store that in a DiscoveryGraphNode and the range
|
||||||
// variables share memory addresses between iterations which is exactly
|
// variables share memory addresses between iterations which is exactly
|
||||||
|
|
|
@ -157,7 +157,7 @@ func testcase_JustRouterWithDefaults() compileTestCase {
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
StartNode: "router:main.default",
|
StartNode: "router:main.default",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"router:main.default": &structs.DiscoveryGraphNode{
|
"router:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeRouter,
|
Type: structs.DiscoveryGraphNodeTypeRouter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Routes: []*structs.DiscoveryRoute{
|
Routes: []*structs.DiscoveryRoute{
|
||||||
|
@ -167,7 +167,7 @@ func testcase_JustRouterWithDefaults() compileTestCase {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -209,7 +209,7 @@ func testcase_JustRouterWithNoDestination() compileTestCase {
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
StartNode: "router:main.default",
|
StartNode: "router:main.default",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"router:main.default": &structs.DiscoveryGraphNode{
|
"router:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeRouter,
|
Type: structs.DiscoveryGraphNodeTypeRouter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Routes: []*structs.DiscoveryRoute{
|
Routes: []*structs.DiscoveryRoute{
|
||||||
|
@ -229,7 +229,7 @@ func testcase_JustRouterWithNoDestination() compileTestCase {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -269,7 +269,7 @@ func testcase_RouterWithDefaults_NoSplit_WithResolver() compileTestCase {
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
StartNode: "router:main.default",
|
StartNode: "router:main.default",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"router:main.default": &structs.DiscoveryGraphNode{
|
"router:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeRouter,
|
Type: structs.DiscoveryGraphNodeTypeRouter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Routes: []*structs.DiscoveryRoute{
|
Routes: []*structs.DiscoveryRoute{
|
||||||
|
@ -279,7 +279,7 @@ func testcase_RouterWithDefaults_NoSplit_WithResolver() compileTestCase {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -320,7 +320,7 @@ func testcase_RouterWithDefaults_WithNoopSplit_DefaultResolver() compileTestCase
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
StartNode: "router:main.default",
|
StartNode: "router:main.default",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"router:main.default": &structs.DiscoveryGraphNode{
|
"router:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeRouter,
|
Type: structs.DiscoveryGraphNodeTypeRouter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Routes: []*structs.DiscoveryRoute{
|
Routes: []*structs.DiscoveryRoute{
|
||||||
|
@ -330,7 +330,7 @@ func testcase_RouterWithDefaults_WithNoopSplit_DefaultResolver() compileTestCase
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"splitter:main.default": &structs.DiscoveryGraphNode{
|
"splitter:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Splits: []*structs.DiscoverySplit{
|
Splits: []*structs.DiscoverySplit{
|
||||||
|
@ -340,7 +340,7 @@ func testcase_RouterWithDefaults_WithNoopSplit_DefaultResolver() compileTestCase
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -382,7 +382,7 @@ func testcase_NoopSplit_DefaultResolver_ProtocolFromProxyDefaults() compileTestC
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
StartNode: "router:main.default",
|
StartNode: "router:main.default",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"router:main.default": &structs.DiscoveryGraphNode{
|
"router:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeRouter,
|
Type: structs.DiscoveryGraphNodeTypeRouter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Routes: []*structs.DiscoveryRoute{
|
Routes: []*structs.DiscoveryRoute{
|
||||||
|
@ -392,7 +392,7 @@ func testcase_NoopSplit_DefaultResolver_ProtocolFromProxyDefaults() compileTestC
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"splitter:main.default": &structs.DiscoveryGraphNode{
|
"splitter:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Splits: []*structs.DiscoverySplit{
|
Splits: []*structs.DiscoverySplit{
|
||||||
|
@ -402,7 +402,7 @@ func testcase_NoopSplit_DefaultResolver_ProtocolFromProxyDefaults() compileTestC
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -451,7 +451,7 @@ func testcase_RouterWithDefaults_WithNoopSplit_WithResolver() compileTestCase {
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
StartNode: "router:main.default",
|
StartNode: "router:main.default",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"router:main.default": &structs.DiscoveryGraphNode{
|
"router:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeRouter,
|
Type: structs.DiscoveryGraphNodeTypeRouter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Routes: []*structs.DiscoveryRoute{
|
Routes: []*structs.DiscoveryRoute{
|
||||||
|
@ -461,7 +461,7 @@ func testcase_RouterWithDefaults_WithNoopSplit_WithResolver() compileTestCase {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"splitter:main.default": &structs.DiscoveryGraphNode{
|
"splitter:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Splits: []*structs.DiscoverySplit{
|
Splits: []*structs.DiscoverySplit{
|
||||||
|
@ -471,7 +471,7 @@ func testcase_RouterWithDefaults_WithNoopSplit_WithResolver() compileTestCase {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -532,7 +532,7 @@ func testcase_RouteBypassesSplit() compileTestCase {
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
StartNode: "router:main.default",
|
StartNode: "router:main.default",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"router:main.default": &structs.DiscoveryGraphNode{
|
"router:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeRouter,
|
Type: structs.DiscoveryGraphNodeTypeRouter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Routes: []*structs.DiscoveryRoute{
|
Routes: []*structs.DiscoveryRoute{
|
||||||
|
@ -546,7 +546,7 @@ func testcase_RouteBypassesSplit() compileTestCase {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -555,7 +555,7 @@ func testcase_RouteBypassesSplit() compileTestCase {
|
||||||
Target: "main.default.dc1",
|
Target: "main.default.dc1",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:bypass.other.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:bypass.other.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "bypass.other.default.dc1",
|
Name: "bypass.other.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -595,7 +595,7 @@ func testcase_NoopSplit_DefaultResolver() compileTestCase {
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
StartNode: "splitter:main.default",
|
StartNode: "splitter:main.default",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"splitter:main.default": &structs.DiscoveryGraphNode{
|
"splitter:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Splits: []*structs.DiscoverySplit{
|
Splits: []*structs.DiscoverySplit{
|
||||||
|
@ -605,7 +605,7 @@ func testcase_NoopSplit_DefaultResolver() compileTestCase {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -648,7 +648,7 @@ func testcase_NoopSplit_WithResolver() compileTestCase {
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
StartNode: "splitter:main.default",
|
StartNode: "splitter:main.default",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"splitter:main.default": &structs.DiscoveryGraphNode{
|
"splitter:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Splits: []*structs.DiscoverySplit{
|
Splits: []*structs.DiscoverySplit{
|
||||||
|
@ -658,7 +658,7 @@ func testcase_NoopSplit_WithResolver() compileTestCase {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -708,7 +708,7 @@ func testcase_SubsetSplit() compileTestCase {
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
StartNode: "splitter:main.default",
|
StartNode: "splitter:main.default",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"splitter:main.default": &structs.DiscoveryGraphNode{
|
"splitter:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Splits: []*structs.DiscoverySplit{
|
Splits: []*structs.DiscoverySplit{
|
||||||
|
@ -722,7 +722,7 @@ func testcase_SubsetSplit() compileTestCase {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:v2.main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:v2.main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "v2.main.default.dc1",
|
Name: "v2.main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -730,7 +730,7 @@ func testcase_SubsetSplit() compileTestCase {
|
||||||
Target: "v2.main.default.dc1",
|
Target: "v2.main.default.dc1",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:v1.main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:v1.main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "v1.main.default.dc1",
|
Name: "v1.main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -777,7 +777,7 @@ func testcase_ServiceSplit() compileTestCase {
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
StartNode: "splitter:main.default",
|
StartNode: "splitter:main.default",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"splitter:main.default": &structs.DiscoveryGraphNode{
|
"splitter:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Splits: []*structs.DiscoverySplit{
|
Splits: []*structs.DiscoverySplit{
|
||||||
|
@ -791,7 +791,7 @@ func testcase_ServiceSplit() compileTestCase {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:foo.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:foo.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "foo.default.dc1",
|
Name: "foo.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -800,7 +800,7 @@ func testcase_ServiceSplit() compileTestCase {
|
||||||
Target: "foo.default.dc1",
|
Target: "foo.default.dc1",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:bar.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:bar.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "bar.default.dc1",
|
Name: "bar.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -866,7 +866,7 @@ func testcase_SplitBypassesSplit() compileTestCase {
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
StartNode: "splitter:main.default",
|
StartNode: "splitter:main.default",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"splitter:main.default": &structs.DiscoveryGraphNode{
|
"splitter:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Splits: []*structs.DiscoverySplit{
|
Splits: []*structs.DiscoverySplit{
|
||||||
|
@ -876,7 +876,7 @@ func testcase_SplitBypassesSplit() compileTestCase {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:bypassed.next.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:bypassed.next.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "bypassed.next.default.dc1",
|
Name: "bypassed.next.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -913,7 +913,7 @@ func testcase_ServiceRedirect() compileTestCase {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:other.default.dc1",
|
StartNode: "resolver:other.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:other.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:other.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "other.default.dc1",
|
Name: "other.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -960,7 +960,7 @@ func testcase_ServiceAndSubsetRedirect() compileTestCase {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:v2.other.default.dc1",
|
StartNode: "resolver:v2.other.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:v2.other.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:v2.other.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "v2.other.default.dc1",
|
Name: "v2.other.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -996,7 +996,7 @@ func testcase_DatacenterRedirect() compileTestCase {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:main.default.dc9",
|
StartNode: "resolver:main.default.dc9",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:main.default.dc9": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc9": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc9",
|
Name: "main.default.dc9",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1035,7 +1035,7 @@ func testcase_DatacenterRedirect_WithMeshGateways() compileTestCase {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:main.default.dc9",
|
StartNode: "resolver:main.default.dc9",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:main.default.dc9": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc9": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc9",
|
Name: "main.default.dc9",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1071,7 +1071,7 @@ func testcase_ServiceFailover() compileTestCase {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:main.default.dc1",
|
StartNode: "resolver:main.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1114,7 +1114,7 @@ func testcase_ServiceFailoverThroughRedirect() compileTestCase {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:main.default.dc1",
|
StartNode: "resolver:main.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1157,7 +1157,7 @@ func testcase_Resolver_CircularFailover() compileTestCase {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:main.default.dc1",
|
StartNode: "resolver:main.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1198,7 +1198,7 @@ func testcase_ServiceAndSubsetFailover() compileTestCase {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:main.default.dc1",
|
StartNode: "resolver:main.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1238,7 +1238,7 @@ func testcase_DatacenterFailover() compileTestCase {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:main.default.dc1",
|
StartNode: "resolver:main.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1282,7 +1282,7 @@ func testcase_DatacenterFailover_WithMeshGateways() compileTestCase {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:main.default.dc1",
|
StartNode: "resolver:main.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1343,7 +1343,7 @@ func testcase_NoopSplit_WithDefaultSubset() compileTestCase {
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
StartNode: "splitter:main.default",
|
StartNode: "splitter:main.default",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"splitter:main.default": &structs.DiscoveryGraphNode{
|
"splitter:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Splits: []*structs.DiscoverySplit{
|
Splits: []*structs.DiscoverySplit{
|
||||||
|
@ -1353,7 +1353,7 @@ func testcase_NoopSplit_WithDefaultSubset() compileTestCase {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:v2.main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:v2.main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "v2.main.default.dc1",
|
Name: "v2.main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1380,7 +1380,7 @@ func testcase_DefaultResolver() compileTestCase {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:main.default.dc1",
|
StartNode: "resolver:main.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1415,7 +1415,7 @@ func testcase_DefaultResolver_WithProxyDefaults() compileTestCase {
|
||||||
Protocol: "grpc",
|
Protocol: "grpc",
|
||||||
StartNode: "resolver:main.default.dc1",
|
StartNode: "resolver:main.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1448,7 +1448,7 @@ func testcase_RedirectToDefaultResolverIsNotDefaultChain() compileTestCase {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:other.default.dc1",
|
StartNode: "resolver:other.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:other.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:other.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "other.default.dc1",
|
Name: "other.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1484,7 +1484,7 @@ func testcase_Resolve_WithDefaultSubset() compileTestCase {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:v2.main.default.dc1",
|
StartNode: "resolver:v2.main.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:v2.main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:v2.main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "v2.main.default.dc1",
|
Name: "v2.main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1516,7 +1516,7 @@ func testcase_DefaultResolver_ExternalSNI() compileTestCase {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:main.default.dc1",
|
StartNode: "resolver:main.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1651,7 +1651,7 @@ func testcase_MultiDatacenterCanary() compileTestCase {
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
StartNode: "splitter:main.default",
|
StartNode: "splitter:main.default",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"splitter:main.default": &structs.DiscoveryGraphNode{
|
"splitter:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Splits: []*structs.DiscoverySplit{
|
Splits: []*structs.DiscoverySplit{
|
||||||
|
@ -1665,7 +1665,7 @@ func testcase_MultiDatacenterCanary() compileTestCase {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:main.default.dc2": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc2": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc2",
|
Name: "main.default.dc2",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1673,7 +1673,7 @@ func testcase_MultiDatacenterCanary() compileTestCase {
|
||||||
Target: "main.default.dc2",
|
Target: "main.default.dc2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:main.default.dc3": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc3": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc3",
|
Name: "main.default.dc3",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1782,7 +1782,7 @@ func testcase_AllBellsAndWhistles() compileTestCase {
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
StartNode: "router:main.default",
|
StartNode: "router:main.default",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"router:main.default": &structs.DiscoveryGraphNode{
|
"router:main.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeRouter,
|
Type: structs.DiscoveryGraphNodeTypeRouter,
|
||||||
Name: "main.default",
|
Name: "main.default",
|
||||||
Routes: []*structs.DiscoveryRoute{
|
Routes: []*structs.DiscoveryRoute{
|
||||||
|
@ -1800,7 +1800,7 @@ func testcase_AllBellsAndWhistles() compileTestCase {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"splitter:svc-split.default": &structs.DiscoveryGraphNode{
|
"splitter:svc-split.default": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
Type: structs.DiscoveryGraphNodeTypeSplitter,
|
||||||
Name: "svc-split.default",
|
Name: "svc-split.default",
|
||||||
Splits: []*structs.DiscoverySplit{
|
Splits: []*structs.DiscoverySplit{
|
||||||
|
@ -1822,7 +1822,7 @@ func testcase_AllBellsAndWhistles() compileTestCase {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:prod.redirected.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:prod.redirected.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "prod.redirected.default.dc1",
|
Name: "prod.redirected.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1830,7 +1830,7 @@ func testcase_AllBellsAndWhistles() compileTestCase {
|
||||||
Target: "prod.redirected.default.dc1",
|
Target: "prod.redirected.default.dc1",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:v1.main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:v1.main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "v1.main.default.dc1",
|
Name: "v1.main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1838,7 +1838,7 @@ func testcase_AllBellsAndWhistles() compileTestCase {
|
||||||
Target: "v1.main.default.dc1",
|
Target: "v1.main.default.dc1",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:v2.main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:v2.main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "v2.main.default.dc1",
|
Name: "v2.main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1846,7 +1846,7 @@ func testcase_AllBellsAndWhistles() compileTestCase {
|
||||||
Target: "v2.main.default.dc1",
|
Target: "v2.main.default.dc1",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:v3.main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:v3.main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "v3.main.default.dc1",
|
Name: "v3.main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -1854,7 +1854,7 @@ func testcase_AllBellsAndWhistles() compileTestCase {
|
||||||
Target: "v3.main.default.dc1",
|
Target: "v3.main.default.dc1",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"resolver:default-subset.main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:default-subset.main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "default-subset.main.default.dc1",
|
Name: "default-subset.main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -2006,7 +2006,7 @@ func testcase_FailoverCrossesProtocols() compileTestCase {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "main",
|
Name: "main",
|
||||||
Failover: map[string]structs.ServiceResolverFailover{
|
Failover: map[string]structs.ServiceResolverFailover{
|
||||||
"*": structs.ServiceResolverFailover{
|
"*": {
|
||||||
Service: "other",
|
Service: "other",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2075,7 +2075,7 @@ func testcase_ResolverProtocolOverride() compileTestCase {
|
||||||
Protocol: "http2",
|
Protocol: "http2",
|
||||||
StartNode: "resolver:main.default.dc1",
|
StartNode: "resolver:main.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -2108,7 +2108,7 @@ func testcase_ResolverProtocolOverrideIgnored() compileTestCase {
|
||||||
Protocol: "http2",
|
Protocol: "http2",
|
||||||
StartNode: "resolver:main.default.dc1",
|
StartNode: "resolver:main.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -2145,7 +2145,7 @@ func testcase_RouterIgnored_ResolverProtocolOverride() compileTestCase {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:main.default.dc1",
|
StartNode: "resolver:main.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:main.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:main.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "main.default.dc1",
|
Name: "main.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
|
|
@ -181,7 +181,7 @@ func (c *FederationState) ListMeshGateways(args *structs.DCSpecificRequest, repl
|
||||||
|
|
||||||
dump := make(map[string]structs.CheckServiceNodes)
|
dump := make(map[string]structs.CheckServiceNodes)
|
||||||
|
|
||||||
for i, _ := range fedStates {
|
for i := range fedStates {
|
||||||
fedState := fedStates[i]
|
fedState := fedStates[i]
|
||||||
csn := fedState.MeshGateways
|
csn := fedState.MeshGateways
|
||||||
if len(csn) > 0 {
|
if len(csn) > 0 {
|
||||||
|
|
|
@ -355,7 +355,7 @@ func TestFederationState_List(t *testing.T) {
|
||||||
var out structs.IndexedFederationStates
|
var out structs.IndexedFederationStates
|
||||||
require.NoError(t, msgpackrpc.CallWithCodec(codec, "FederationState.List", &args, &out))
|
require.NoError(t, msgpackrpc.CallWithCodec(codec, "FederationState.List", &args, &out))
|
||||||
|
|
||||||
for i, _ := range out.States {
|
for i := range out.States {
|
||||||
zeroFedStateIndexes(t, out.States[i])
|
zeroFedStateIndexes(t, out.States[i])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -480,35 +480,35 @@ func TestFederationState_List_ACLDeny(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cases := map[string]tcase{
|
cases := map[string]tcase{
|
||||||
"no token": tcase{
|
"no token": {
|
||||||
token: "",
|
token: "",
|
||||||
listDenied: true,
|
listDenied: true,
|
||||||
gwListEmpty: true,
|
gwListEmpty: true,
|
||||||
},
|
},
|
||||||
"no perms": tcase{
|
"no perms": {
|
||||||
token: nadaToken.SecretID,
|
token: nadaToken.SecretID,
|
||||||
listDenied: true,
|
listDenied: true,
|
||||||
gwListEmpty: true,
|
gwListEmpty: true,
|
||||||
},
|
},
|
||||||
"service:read": tcase{
|
"service:read": {
|
||||||
token: svcReadToken.SecretID,
|
token: svcReadToken.SecretID,
|
||||||
listDenied: true,
|
listDenied: true,
|
||||||
gwListEmpty: true,
|
gwListEmpty: true,
|
||||||
},
|
},
|
||||||
"node:read": tcase{
|
"node:read": {
|
||||||
token: nodeReadToken.SecretID,
|
token: nodeReadToken.SecretID,
|
||||||
listDenied: true,
|
listDenied: true,
|
||||||
gwListEmpty: true,
|
gwListEmpty: true,
|
||||||
},
|
},
|
||||||
"service:read and node:read": tcase{
|
"service:read and node:read": {
|
||||||
token: svcAndNodeReadToken.SecretID,
|
token: svcAndNodeReadToken.SecretID,
|
||||||
listDenied: true,
|
listDenied: true,
|
||||||
},
|
},
|
||||||
"operator:read": tcase{
|
"operator:read": {
|
||||||
token: opReadToken.SecretID,
|
token: opReadToken.SecretID,
|
||||||
gwListEmpty: true,
|
gwListEmpty: true,
|
||||||
},
|
},
|
||||||
"master token": tcase{
|
"master token": {
|
||||||
token: "root",
|
token: "root",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -534,7 +534,7 @@ func TestFederationState_List_ACLDeny(t *testing.T) {
|
||||||
} else {
|
} else {
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
for i, _ := range out.States {
|
for i := range out.States {
|
||||||
zeroFedStateIndexes(t, out.States[i])
|
zeroFedStateIndexes(t, out.States[i])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -18,15 +18,15 @@ func TestFilter_DirEnt(t *testing.T) {
|
||||||
out []string
|
out []string
|
||||||
}
|
}
|
||||||
cases := []tcase{
|
cases := []tcase{
|
||||||
tcase{
|
{
|
||||||
in: []string{"foo/test", "foo/priv/nope", "foo/other", "zoo"},
|
in: []string{"foo/test", "foo/priv/nope", "foo/other", "zoo"},
|
||||||
out: []string{"foo/test", "foo/other"},
|
out: []string{"foo/test", "foo/other"},
|
||||||
},
|
},
|
||||||
tcase{
|
{
|
||||||
in: []string{"abe", "lincoln"},
|
in: []string{"abe", "lincoln"},
|
||||||
out: nil,
|
out: nil,
|
||||||
},
|
},
|
||||||
tcase{
|
{
|
||||||
in: []string{"abe", "foo/1", "foo/2", "foo/3", "nope"},
|
in: []string{"abe", "foo/1", "foo/2", "foo/3", "nope"},
|
||||||
out: []string{"foo/1", "foo/2", "foo/3"},
|
out: []string{"foo/1", "foo/2", "foo/3"},
|
||||||
},
|
},
|
||||||
|
@ -60,15 +60,15 @@ func TestFilter_TxnResults(t *testing.T) {
|
||||||
out []string
|
out []string
|
||||||
}
|
}
|
||||||
cases := []tcase{
|
cases := []tcase{
|
||||||
tcase{
|
{
|
||||||
in: []string{"foo/test", "foo/priv/nope", "foo/other", "zoo"},
|
in: []string{"foo/test", "foo/priv/nope", "foo/other", "zoo"},
|
||||||
out: []string{"foo/test", "foo/other"},
|
out: []string{"foo/test", "foo/other"},
|
||||||
},
|
},
|
||||||
tcase{
|
{
|
||||||
in: []string{"abe", "lincoln"},
|
in: []string{"abe", "lincoln"},
|
||||||
out: nil,
|
out: nil,
|
||||||
},
|
},
|
||||||
tcase{
|
{
|
||||||
in: []string{"abe", "foo/1", "foo/2", "foo/3", "nope"},
|
in: []string{"abe", "foo/1", "foo/2", "foo/3", "nope"},
|
||||||
out: []string{"foo/1", "foo/2", "foo/3"},
|
out: []string{"foo/1", "foo/2", "foo/3"},
|
||||||
},
|
},
|
||||||
|
|
|
@ -91,7 +91,7 @@ func TestFSM_SnapshotRestore_OSS(t *testing.T) {
|
||||||
Name: "some-role",
|
Name: "some-role",
|
||||||
Description: "test snapshot role",
|
Description: "test snapshot role",
|
||||||
ServiceIdentities: []*structs.ACLServiceIdentity{
|
ServiceIdentities: []*structs.ACLServiceIdentity{
|
||||||
&structs.ACLServiceIdentity{
|
{
|
||||||
ServiceName: "example",
|
ServiceName: "example",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -211,7 +211,7 @@ func registerTestCatalogEntries(t *testing.T, codec rpc.ClientCodec) {
|
||||||
|
|
||||||
// prep the cluster with some data we can use in our filters
|
// prep the cluster with some data we can use in our filters
|
||||||
registrations := map[string]*structs.RegisterRequest{
|
registrations := map[string]*structs.RegisterRequest{
|
||||||
"Node foo": &structs.RegisterRequest{
|
"Node foo": {
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "foo",
|
Node: "foo",
|
||||||
ID: types.NodeID("e0155642-135d-4739-9853-a1ee6c9f945b"),
|
ID: types.NodeID("e0155642-135d-4739-9853-a1ee6c9f945b"),
|
||||||
|
@ -241,7 +241,7 @@ func registerTestCatalogEntries(t *testing.T, codec rpc.ClientCodec) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service redis v1 on foo": &structs.RegisterRequest{
|
"Service redis v1 on foo": {
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "foo",
|
Node: "foo",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -266,7 +266,7 @@ func registerTestCatalogEntries(t *testing.T, codec rpc.ClientCodec) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service redis v2 on foo": &structs.RegisterRequest{
|
"Service redis v2 on foo": {
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "foo",
|
Node: "foo",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -291,7 +291,7 @@ func registerTestCatalogEntries(t *testing.T, codec rpc.ClientCodec) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Node bar": &structs.RegisterRequest{
|
"Node bar": {
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "bar",
|
Node: "bar",
|
||||||
ID: types.NodeID("c6e7a976-8f4f-44b5-bdd3-631be7e8ecac"),
|
ID: types.NodeID("c6e7a976-8f4f-44b5-bdd3-631be7e8ecac"),
|
||||||
|
@ -314,7 +314,7 @@ func registerTestCatalogEntries(t *testing.T, codec rpc.ClientCodec) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service redis v1 on bar": &structs.RegisterRequest{
|
"Service redis v1 on bar": {
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "bar",
|
Node: "bar",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -339,7 +339,7 @@ func registerTestCatalogEntries(t *testing.T, codec rpc.ClientCodec) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service web v1 on bar": &structs.RegisterRequest{
|
"Service web v1 on bar": {
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "bar",
|
Node: "bar",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -365,7 +365,7 @@ func registerTestCatalogEntries(t *testing.T, codec rpc.ClientCodec) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Node baz": &structs.RegisterRequest{
|
"Node baz": {
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "baz",
|
Node: "baz",
|
||||||
ID: types.NodeID("12f96b27-a7b0-47bd-add7-044a2bfc7bfb"),
|
ID: types.NodeID("12f96b27-a7b0-47bd-add7-044a2bfc7bfb"),
|
||||||
|
@ -394,7 +394,7 @@ func registerTestCatalogEntries(t *testing.T, codec rpc.ClientCodec) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service web v1 on baz": &structs.RegisterRequest{
|
"Service web v1 on baz": {
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "baz",
|
Node: "baz",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -420,7 +420,7 @@ func registerTestCatalogEntries(t *testing.T, codec rpc.ClientCodec) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service web v2 on baz": &structs.RegisterRequest{
|
"Service web v2 on baz": {
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "baz",
|
Node: "baz",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -446,7 +446,7 @@ func registerTestCatalogEntries(t *testing.T, codec rpc.ClientCodec) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service critical on baz": &structs.RegisterRequest{
|
"Service critical on baz": {
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "baz",
|
Node: "baz",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -471,7 +471,7 @@ func registerTestCatalogEntries(t *testing.T, codec rpc.ClientCodec) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service warning on baz": &structs.RegisterRequest{
|
"Service warning on baz": {
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "baz",
|
Node: "baz",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -505,7 +505,7 @@ func registerTestCatalogProxyEntries(t *testing.T, codec rpc.ClientCodec) {
|
||||||
t.Helper()
|
t.Helper()
|
||||||
|
|
||||||
registrations := map[string]*structs.RegisterRequest{
|
registrations := map[string]*structs.RegisterRequest{
|
||||||
"Service tg-gw": &structs.RegisterRequest{
|
"Service tg-gw": {
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "terminating-gateway",
|
Node: "terminating-gateway",
|
||||||
ID: types.NodeID("3a9d7530-20d4-443a-98d3-c10fe78f09f4"),
|
ID: types.NodeID("3a9d7530-20d4-443a-98d3-c10fe78f09f4"),
|
||||||
|
@ -518,7 +518,7 @@ func registerTestCatalogProxyEntries(t *testing.T, codec rpc.ClientCodec) {
|
||||||
Address: "198.18.1.3",
|
Address: "198.18.1.3",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service mg-gw": &structs.RegisterRequest{
|
"Service mg-gw": {
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "gateway",
|
Node: "gateway",
|
||||||
ID: types.NodeID("72e18a4c-85ec-4520-978f-2fc0378b06aa"),
|
ID: types.NodeID("72e18a4c-85ec-4520-978f-2fc0378b06aa"),
|
||||||
|
@ -531,7 +531,7 @@ func registerTestCatalogProxyEntries(t *testing.T, codec rpc.ClientCodec) {
|
||||||
Address: "198.18.1.4",
|
Address: "198.18.1.4",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service web-proxy": &structs.RegisterRequest{
|
"Service web-proxy": {
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "proxy",
|
Node: "proxy",
|
||||||
ID: types.NodeID("2d31602c-3291-4f94-842d-446bc2f945ce"),
|
ID: types.NodeID("2d31602c-3291-4f94-842d-446bc2f945ce"),
|
||||||
|
|
|
@ -437,7 +437,7 @@ func (s *Intention) Check(
|
||||||
_, matches, err := state.IntentionMatch(nil, &structs.IntentionQueryMatch{
|
_, matches, err := state.IntentionMatch(nil, &structs.IntentionQueryMatch{
|
||||||
Type: structs.IntentionMatchDestination,
|
Type: structs.IntentionMatchDestination,
|
||||||
Entries: []structs.IntentionMatchEntry{
|
Entries: []structs.IntentionMatchEntry{
|
||||||
structs.IntentionMatchEntry{
|
{
|
||||||
Namespace: query.DestinationNS,
|
Namespace: query.DestinationNS,
|
||||||
Name: query.DestinationName,
|
Name: query.DestinationName,
|
||||||
},
|
},
|
||||||
|
|
|
@ -571,7 +571,7 @@ func TestIntention_WildcardACLEnforcement(t *testing.T) {
|
||||||
Match: &structs.IntentionQueryMatch{
|
Match: &structs.IntentionQueryMatch{
|
||||||
Type: structs.IntentionMatchDestination,
|
Type: structs.IntentionMatchDestination,
|
||||||
Entries: []structs.IntentionMatchEntry{
|
Entries: []structs.IntentionMatchEntry{
|
||||||
structs.IntentionMatchEntry{
|
{
|
||||||
Namespace: "default",
|
Namespace: "default",
|
||||||
Name: "*",
|
Name: "*",
|
||||||
},
|
},
|
||||||
|
|
|
@ -1076,7 +1076,7 @@ func TestLeader_batchIntentionUpdates(t *testing.T) {
|
||||||
{
|
{
|
||||||
deletes: structs.Intentions{ixn1},
|
deletes: structs.Intentions{ixn1},
|
||||||
expected: []structs.TxnOps{
|
expected: []structs.TxnOps{
|
||||||
structs.TxnOps{
|
{
|
||||||
&structs.TxnOp{
|
&structs.TxnOp{
|
||||||
Intention: &structs.TxnIntentionOp{
|
Intention: &structs.TxnIntentionOp{
|
||||||
Op: structs.IntentionOpDelete,
|
Op: structs.IntentionOpDelete,
|
||||||
|
@ -1090,7 +1090,7 @@ func TestLeader_batchIntentionUpdates(t *testing.T) {
|
||||||
{
|
{
|
||||||
updates: structs.Intentions{ixn1},
|
updates: structs.Intentions{ixn1},
|
||||||
expected: []structs.TxnOps{
|
expected: []structs.TxnOps{
|
||||||
structs.TxnOps{
|
{
|
||||||
&structs.TxnOp{
|
&structs.TxnOp{
|
||||||
Intention: &structs.TxnIntentionOp{
|
Intention: &structs.TxnIntentionOp{
|
||||||
Op: structs.IntentionOpUpdate,
|
Op: structs.IntentionOpUpdate,
|
||||||
|
@ -1105,7 +1105,7 @@ func TestLeader_batchIntentionUpdates(t *testing.T) {
|
||||||
deletes: structs.Intentions{ixn1},
|
deletes: structs.Intentions{ixn1},
|
||||||
updates: structs.Intentions{ixn2},
|
updates: structs.Intentions{ixn2},
|
||||||
expected: []structs.TxnOps{
|
expected: []structs.TxnOps{
|
||||||
structs.TxnOps{
|
{
|
||||||
&structs.TxnOp{
|
&structs.TxnOp{
|
||||||
Intention: &structs.TxnIntentionOp{
|
Intention: &structs.TxnIntentionOp{
|
||||||
Op: structs.IntentionOpDelete,
|
Op: structs.IntentionOpDelete,
|
||||||
|
@ -1125,7 +1125,7 @@ func TestLeader_batchIntentionUpdates(t *testing.T) {
|
||||||
{
|
{
|
||||||
updates: structs.Intentions{ixnLarge},
|
updates: structs.Intentions{ixnLarge},
|
||||||
expected: []structs.TxnOps{
|
expected: []structs.TxnOps{
|
||||||
structs.TxnOps{
|
{
|
||||||
&structs.TxnOp{
|
&structs.TxnOp{
|
||||||
Intention: &structs.TxnIntentionOp{
|
Intention: &structs.TxnIntentionOp{
|
||||||
Op: structs.IntentionOpUpdate,
|
Op: structs.IntentionOpUpdate,
|
||||||
|
@ -1140,7 +1140,7 @@ func TestLeader_batchIntentionUpdates(t *testing.T) {
|
||||||
deletes: structs.Intentions{ixn1, ixnLarge},
|
deletes: structs.Intentions{ixn1, ixnLarge},
|
||||||
updates: structs.Intentions{ixn2},
|
updates: structs.Intentions{ixn2},
|
||||||
expected: []structs.TxnOps{
|
expected: []structs.TxnOps{
|
||||||
structs.TxnOps{
|
{
|
||||||
&structs.TxnOp{
|
&structs.TxnOp{
|
||||||
Intention: &structs.TxnIntentionOp{
|
Intention: &structs.TxnIntentionOp{
|
||||||
Op: structs.IntentionOpDelete,
|
Op: structs.IntentionOpDelete,
|
||||||
|
@ -1154,7 +1154,7 @@ func TestLeader_batchIntentionUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
structs.TxnOps{
|
{
|
||||||
&structs.TxnOp{
|
&structs.TxnOp{
|
||||||
Intention: &structs.TxnIntentionOp{
|
Intention: &structs.TxnIntentionOp{
|
||||||
Op: structs.IntentionOpUpdate,
|
Op: structs.IntentionOpUpdate,
|
||||||
|
@ -1169,7 +1169,7 @@ func TestLeader_batchIntentionUpdates(t *testing.T) {
|
||||||
deletes: structs.Intentions{ixn1},
|
deletes: structs.Intentions{ixn1},
|
||||||
updates: structs.Intentions{ixnLarge, ixn2},
|
updates: structs.Intentions{ixnLarge, ixn2},
|
||||||
expected: []structs.TxnOps{
|
expected: []structs.TxnOps{
|
||||||
structs.TxnOps{
|
{
|
||||||
&structs.TxnOp{
|
&structs.TxnOp{
|
||||||
Intention: &structs.TxnIntentionOp{
|
Intention: &structs.TxnIntentionOp{
|
||||||
Op: structs.IntentionOpDelete,
|
Op: structs.IntentionOpDelete,
|
||||||
|
@ -1183,7 +1183,7 @@ func TestLeader_batchIntentionUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
structs.TxnOps{
|
{
|
||||||
&structs.TxnOp{
|
&structs.TxnOp{
|
||||||
Intention: &structs.TxnIntentionOp{
|
Intention: &structs.TxnIntentionOp{
|
||||||
Op: structs.IntentionOpUpdate,
|
Op: structs.IntentionOpUpdate,
|
||||||
|
|
|
@ -222,7 +222,7 @@ func TestLeader_FederationStateAntiEntropyPruning(t *testing.T) {
|
||||||
|
|
||||||
require.Len(r, remote, 2)
|
require.Len(r, remote, 2)
|
||||||
require.Len(r, local, 2)
|
require.Len(r, local, 2)
|
||||||
for i, _ := range remote {
|
for i := range remote {
|
||||||
// zero out the raft data for future comparisons
|
// zero out the raft data for future comparisons
|
||||||
remote[i].RaftIndex = structs.RaftIndex{}
|
remote[i].RaftIndex = structs.RaftIndex{}
|
||||||
local[i].RaftIndex = structs.RaftIndex{}
|
local[i].RaftIndex = structs.RaftIndex{}
|
||||||
|
@ -310,7 +310,7 @@ func TestLeader_FederationStateAntiEntropyPruning_ACLDeny(t *testing.T) {
|
||||||
|
|
||||||
require.Len(r, remote, 2)
|
require.Len(r, remote, 2)
|
||||||
require.Len(r, local, 2)
|
require.Len(r, local, 2)
|
||||||
for i, _ := range remote {
|
for i := range remote {
|
||||||
// zero out the raft data for future comparisons
|
// zero out the raft data for future comparisons
|
||||||
remote[i].RaftIndex = structs.RaftIndex{}
|
remote[i].RaftIndex = structs.RaftIndex{}
|
||||||
local[i].RaftIndex = structs.RaftIndex{}
|
local[i].RaftIndex = structs.RaftIndex{}
|
||||||
|
|
|
@ -44,7 +44,7 @@ func TestOperator_RaftGetConfiguration(t *testing.T) {
|
||||||
me := future.Configuration().Servers[0]
|
me := future.Configuration().Servers[0]
|
||||||
expected := structs.RaftConfigurationResponse{
|
expected := structs.RaftConfigurationResponse{
|
||||||
Servers: []*structs.RaftServer{
|
Servers: []*structs.RaftServer{
|
||||||
&structs.RaftServer{
|
{
|
||||||
ID: me.ID,
|
ID: me.ID,
|
||||||
Node: s1.config.NodeName,
|
Node: s1.config.NodeName,
|
||||||
Address: me.Address,
|
Address: me.Address,
|
||||||
|
@ -121,7 +121,7 @@ func TestOperator_RaftGetConfiguration_ACLDeny(t *testing.T) {
|
||||||
me := future.Configuration().Servers[0]
|
me := future.Configuration().Servers[0]
|
||||||
expected := structs.RaftConfigurationResponse{
|
expected := structs.RaftConfigurationResponse{
|
||||||
Servers: []*structs.RaftServer{
|
Servers: []*structs.RaftServer{
|
||||||
&structs.RaftServer{
|
{
|
||||||
ID: me.ID,
|
ID: me.ID,
|
||||||
Node: s1.config.NodeName,
|
Node: s1.config.NodeName,
|
||||||
Address: me.Address,
|
Address: me.Address,
|
||||||
|
|
|
@ -140,19 +140,19 @@ func (ct *CompiledTemplate) Render(name string, source structs.QuerySource) (*st
|
||||||
config := &hil.EvalConfig{
|
config := &hil.EvalConfig{
|
||||||
GlobalScope: &ast.BasicScope{
|
GlobalScope: &ast.BasicScope{
|
||||||
VarMap: map[string]ast.Variable{
|
VarMap: map[string]ast.Variable{
|
||||||
"name.full": ast.Variable{
|
"name.full": {
|
||||||
Type: ast.TypeString,
|
Type: ast.TypeString,
|
||||||
Value: name,
|
Value: name,
|
||||||
},
|
},
|
||||||
"name.prefix": ast.Variable{
|
"name.prefix": {
|
||||||
Type: ast.TypeString,
|
Type: ast.TypeString,
|
||||||
Value: query.Name,
|
Value: query.Name,
|
||||||
},
|
},
|
||||||
"name.suffix": ast.Variable{
|
"name.suffix": {
|
||||||
Type: ast.TypeString,
|
Type: ast.TypeString,
|
||||||
Value: strings.TrimPrefix(name, query.Name),
|
Value: strings.TrimPrefix(name, query.Name),
|
||||||
},
|
},
|
||||||
"agent.segment": ast.Variable{
|
"agent.segment": {
|
||||||
Type: ast.TypeString,
|
Type: ast.TypeString,
|
||||||
Value: source.Segment,
|
Value: source.Segment,
|
||||||
},
|
},
|
||||||
|
|
|
@ -837,7 +837,7 @@ func TestRPC_LocalTokenStrippedOnForward(t *testing.T) {
|
||||||
ACLToken: structs.ACLToken{
|
ACLToken: structs.ACLToken{
|
||||||
AccessorID: structs.ACLTokenAnonymousID,
|
AccessorID: structs.ACLTokenAnonymousID,
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: kvPolicy.ID,
|
ID: kvPolicy.ID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -92,27 +92,27 @@ func seedCoordinates(t *testing.T, codec rpc.ClientCodec, server *Server) {
|
||||||
|
|
||||||
// Seed the fixed setup of the nodes.
|
// Seed the fixed setup of the nodes.
|
||||||
updates := []structs.CoordinateUpdateRequest{
|
updates := []structs.CoordinateUpdateRequest{
|
||||||
structs.CoordinateUpdateRequest{
|
{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "node1",
|
Node: "node1",
|
||||||
Coord: lib.GenerateCoordinate(10 * time.Millisecond),
|
Coord: lib.GenerateCoordinate(10 * time.Millisecond),
|
||||||
},
|
},
|
||||||
structs.CoordinateUpdateRequest{
|
{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "node2",
|
Node: "node2",
|
||||||
Coord: lib.GenerateCoordinate(2 * time.Millisecond),
|
Coord: lib.GenerateCoordinate(2 * time.Millisecond),
|
||||||
},
|
},
|
||||||
structs.CoordinateUpdateRequest{
|
{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "node3",
|
Node: "node3",
|
||||||
Coord: lib.GenerateCoordinate(1 * time.Millisecond),
|
Coord: lib.GenerateCoordinate(1 * time.Millisecond),
|
||||||
},
|
},
|
||||||
structs.CoordinateUpdateRequest{
|
{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "node4",
|
Node: "node4",
|
||||||
Coord: lib.GenerateCoordinate(8 * time.Millisecond),
|
Coord: lib.GenerateCoordinate(8 * time.Millisecond),
|
||||||
},
|
},
|
||||||
structs.CoordinateUpdateRequest{
|
{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "node5",
|
Node: "node5",
|
||||||
Coord: lib.GenerateCoordinate(3 * time.Millisecond),
|
Coord: lib.GenerateCoordinate(3 * time.Millisecond),
|
||||||
|
|
|
@ -781,7 +781,7 @@ func (s *Server) setupRaft() error {
|
||||||
if !hasState {
|
if !hasState {
|
||||||
configuration := raft.Configuration{
|
configuration := raft.Configuration{
|
||||||
Servers: []raft.Server{
|
Servers: []raft.Server{
|
||||||
raft.Server{
|
{
|
||||||
ID: s.config.RaftConfig.LocalID,
|
ID: s.config.RaftConfig.LocalID,
|
||||||
Address: trans.LocalAddr(),
|
Address: trans.LocalAddr(),
|
||||||
},
|
},
|
||||||
|
@ -1299,7 +1299,7 @@ func (s *Server) Stats() map[string]map[string]string {
|
||||||
}
|
}
|
||||||
numKnownDCs := len(s.router.GetDatacenters())
|
numKnownDCs := len(s.router.GetDatacenters())
|
||||||
stats := map[string]map[string]string{
|
stats := map[string]map[string]string{
|
||||||
"consul": map[string]string{
|
"consul": {
|
||||||
"server": "true",
|
"server": "true",
|
||||||
"leader": fmt.Sprintf("%v", s.IsLeader()),
|
"leader": fmt.Sprintf("%v", s.IsLeader()),
|
||||||
"leader_addr": string(s.raft.Leader()),
|
"leader_addr": string(s.raft.Leader()),
|
||||||
|
|
|
@ -17,7 +17,7 @@ func tokensTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "acl-tokens",
|
Name: "acl-tokens",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"accessor": &memdb.IndexSchema{
|
"accessor": {
|
||||||
Name: "accessor",
|
Name: "accessor",
|
||||||
// DEPRECATED (ACL-Legacy-Compat) - we should not AllowMissing here once legacy compat is removed
|
// DEPRECATED (ACL-Legacy-Compat) - we should not AllowMissing here once legacy compat is removed
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
|
@ -26,7 +26,7 @@ func tokensTableSchema() *memdb.TableSchema {
|
||||||
Field: "AccessorID",
|
Field: "AccessorID",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -35,20 +35,20 @@ func tokensTableSchema() *memdb.TableSchema {
|
||||||
Lowercase: false,
|
Lowercase: false,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"policies": &memdb.IndexSchema{
|
"policies": {
|
||||||
Name: "policies",
|
Name: "policies",
|
||||||
// Need to allow missing for the anonymous token
|
// Need to allow missing for the anonymous token
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
Indexer: &TokenPoliciesIndex{},
|
Indexer: &TokenPoliciesIndex{},
|
||||||
},
|
},
|
||||||
"roles": &memdb.IndexSchema{
|
"roles": {
|
||||||
Name: "roles",
|
Name: "roles",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
Indexer: &TokenRolesIndex{},
|
Indexer: &TokenRolesIndex{},
|
||||||
},
|
},
|
||||||
"authmethod": &memdb.IndexSchema{
|
"authmethod": {
|
||||||
Name: "authmethod",
|
Name: "authmethod",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
@ -57,7 +57,7 @@ func tokensTableSchema() *memdb.TableSchema {
|
||||||
Lowercase: false,
|
Lowercase: false,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"local": &memdb.IndexSchema{
|
"local": {
|
||||||
Name: "local",
|
Name: "local",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
@ -85,7 +85,7 @@ func tokensTableSchema() *memdb.TableSchema {
|
||||||
|
|
||||||
//DEPRECATED (ACL-Legacy-Compat) - This index is only needed while we support upgrading v1 to v2 acls
|
//DEPRECATED (ACL-Legacy-Compat) - This index is only needed while we support upgrading v1 to v2 acls
|
||||||
// This table indexes all the ACL tokens that do not have an AccessorID
|
// This table indexes all the ACL tokens that do not have an AccessorID
|
||||||
"needs-upgrade": &memdb.IndexSchema{
|
"needs-upgrade": {
|
||||||
Name: "needs-upgrade",
|
Name: "needs-upgrade",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
@ -106,7 +106,7 @@ func policiesTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "acl-policies",
|
Name: "acl-policies",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -114,7 +114,7 @@ func policiesTableSchema() *memdb.TableSchema {
|
||||||
Field: "ID",
|
Field: "ID",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"name": &memdb.IndexSchema{
|
"name": {
|
||||||
Name: "name",
|
Name: "name",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -132,7 +132,7 @@ func rolesTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "acl-roles",
|
Name: "acl-roles",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -140,7 +140,7 @@ func rolesTableSchema() *memdb.TableSchema {
|
||||||
Field: "ID",
|
Field: "ID",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"name": &memdb.IndexSchema{
|
"name": {
|
||||||
Name: "name",
|
Name: "name",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -149,7 +149,7 @@ func rolesTableSchema() *memdb.TableSchema {
|
||||||
Lowercase: true,
|
Lowercase: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"policies": &memdb.IndexSchema{
|
"policies": {
|
||||||
Name: "policies",
|
Name: "policies",
|
||||||
// Need to allow missing for the anonymous token
|
// Need to allow missing for the anonymous token
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
|
@ -164,7 +164,7 @@ func bindingRulesTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "acl-binding-rules",
|
Name: "acl-binding-rules",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -172,7 +172,7 @@ func bindingRulesTableSchema() *memdb.TableSchema {
|
||||||
Field: "ID",
|
Field: "ID",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"authmethod": &memdb.IndexSchema{
|
"authmethod": {
|
||||||
Name: "authmethod",
|
Name: "authmethod",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
@ -189,7 +189,7 @@ func authMethodsTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "acl-auth-methods",
|
Name: "acl-auth-methods",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
|
|
@ -121,7 +121,7 @@ func setupExtraPoliciesAndRoles(t *testing.T, s *Store) {
|
||||||
Name: "node-read-role",
|
Name: "node-read-role",
|
||||||
Description: "Allows reading all node information",
|
Description: "Allows reading all node information",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: testPolicyID_A,
|
ID: testPolicyID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -131,7 +131,7 @@ func setupExtraPoliciesAndRoles(t *testing.T, s *Store) {
|
||||||
Name: "agent-read-role",
|
Name: "agent-read-role",
|
||||||
Description: "Allows reading all agent information",
|
Description: "Allows reading all agent information",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: testPolicyID_B,
|
ID: testPolicyID_B,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -247,7 +247,7 @@ func TestStateStore_ACLToken_SetGet_Legacy(t *testing.T) {
|
||||||
AccessorID: "c8d0378c-566a-4535-8fc9-c883a8cc9849",
|
AccessorID: "c8d0378c-566a-4535-8fc9-c883a8cc9849",
|
||||||
SecretID: "6d48ce91-2558-4098-bdab-8737e4e57d5f",
|
SecretID: "6d48ce91-2558-4098-bdab-8737e4e57d5f",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: testPolicyID_A,
|
ID: testPolicyID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -367,7 +367,7 @@ func TestStateStore_ACLToken_SetGet(t *testing.T) {
|
||||||
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
||||||
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
||||||
ServiceIdentities: []*structs.ACLServiceIdentity{
|
ServiceIdentities: []*structs.ACLServiceIdentity{
|
||||||
&structs.ACLServiceIdentity{},
|
{},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -382,7 +382,7 @@ func TestStateStore_ACLToken_SetGet(t *testing.T) {
|
||||||
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
||||||
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
||||||
ServiceIdentities: []*structs.ACLServiceIdentity{
|
ServiceIdentities: []*structs.ACLServiceIdentity{
|
||||||
&structs.ACLServiceIdentity{
|
{
|
||||||
Datacenters: []string{"dc1"},
|
Datacenters: []string{"dc1"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -399,7 +399,7 @@ func TestStateStore_ACLToken_SetGet(t *testing.T) {
|
||||||
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
||||||
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
Name: "no-id",
|
Name: "no-id",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -416,7 +416,7 @@ func TestStateStore_ACLToken_SetGet(t *testing.T) {
|
||||||
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
||||||
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
||||||
Roles: []structs.ACLTokenRoleLink{
|
Roles: []structs.ACLTokenRoleLink{
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
Name: "no-id",
|
Name: "no-id",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -433,7 +433,7 @@ func TestStateStore_ACLToken_SetGet(t *testing.T) {
|
||||||
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
||||||
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "4f20e379-b496-4b99-9599-19a197126490",
|
ID: "4f20e379-b496-4b99-9599-19a197126490",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -450,7 +450,7 @@ func TestStateStore_ACLToken_SetGet(t *testing.T) {
|
||||||
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
||||||
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
||||||
Roles: []structs.ACLTokenRoleLink{
|
Roles: []structs.ACLTokenRoleLink{
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: "9b2349b6-55d3-4901-b287-347ae725af2f",
|
ID: "9b2349b6-55d3-4901-b287-347ae725af2f",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -480,17 +480,17 @@ func TestStateStore_ACLToken_SetGet(t *testing.T) {
|
||||||
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
||||||
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: testPolicyID_A,
|
ID: testPolicyID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Roles: []structs.ACLTokenRoleLink{
|
Roles: []structs.ACLTokenRoleLink{
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: testRoleID_A,
|
ID: testRoleID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
ServiceIdentities: []*structs.ACLServiceIdentity{
|
ServiceIdentities: []*structs.ACLServiceIdentity{
|
||||||
&structs.ACLServiceIdentity{
|
{
|
||||||
ServiceName: "web",
|
ServiceName: "web",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -520,12 +520,12 @@ func TestStateStore_ACLToken_SetGet(t *testing.T) {
|
||||||
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
||||||
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: testPolicyID_A,
|
ID: testPolicyID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
ServiceIdentities: []*structs.ACLServiceIdentity{
|
ServiceIdentities: []*structs.ACLServiceIdentity{
|
||||||
&structs.ACLServiceIdentity{
|
{
|
||||||
ServiceName: "web",
|
ServiceName: "web",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -537,17 +537,17 @@ func TestStateStore_ACLToken_SetGet(t *testing.T) {
|
||||||
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
AccessorID: "daf37c07-d04d-4fd5-9678-a8206a57d61a",
|
||||||
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Roles: []structs.ACLTokenRoleLink{
|
Roles: []structs.ACLTokenRoleLink{
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: testRoleID_A,
|
ID: testRoleID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
ServiceIdentities: []*structs.ACLServiceIdentity{
|
ServiceIdentities: []*structs.ACLServiceIdentity{
|
||||||
&structs.ACLServiceIdentity{
|
{
|
||||||
ServiceName: "db",
|
ServiceName: "db",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -581,7 +581,7 @@ func TestStateStore_ACLToken_SetGet(t *testing.T) {
|
||||||
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
SecretID: "39171632-6f34-4411-827f-9416403687f4",
|
||||||
AuthMethod: "test",
|
AuthMethod: "test",
|
||||||
Roles: []structs.ACLTokenRoleLink{
|
Roles: []structs.ACLTokenRoleLink{
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: testRoleID_A,
|
ID: testRoleID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -744,7 +744,7 @@ func TestStateStore_ACLTokens_UpsertBatchRead(t *testing.T) {
|
||||||
SecretID: "00ff4564-dd96-4d1b-8ad6-578a08279f79",
|
SecretID: "00ff4564-dd96-4d1b-8ad6-578a08279f79",
|
||||||
Description: "first token",
|
Description: "first token",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: testPolicyID_A,
|
ID: testPolicyID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -754,7 +754,7 @@ func TestStateStore_ACLTokens_UpsertBatchRead(t *testing.T) {
|
||||||
SecretID: "ff826eaf-4b88-4881-aaef-52b1089e5d5d",
|
SecretID: "ff826eaf-4b88-4881-aaef-52b1089e5d5d",
|
||||||
Description: "second token",
|
Description: "second token",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -801,7 +801,7 @@ func TestStateStore_ACLTokens_UpsertBatchRead(t *testing.T) {
|
||||||
AccessorID: "a4f68bd6-3af5-4f56-b764-3c6f20247879",
|
AccessorID: "a4f68bd6-3af5-4f56-b764-3c6f20247879",
|
||||||
SecretID: "00ff4564-dd96-4d1b-8ad6-578a08279f79",
|
SecretID: "00ff4564-dd96-4d1b-8ad6-578a08279f79",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: fakePolicyID,
|
ID: fakePolicyID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -840,7 +840,7 @@ func TestStateStore_ACLTokens_UpsertBatchRead(t *testing.T) {
|
||||||
AccessorID: "a4f68bd6-3af5-4f56-b764-3c6f20247879",
|
AccessorID: "a4f68bd6-3af5-4f56-b764-3c6f20247879",
|
||||||
SecretID: "00ff4564-dd96-4d1b-8ad6-578a08279f79",
|
SecretID: "00ff4564-dd96-4d1b-8ad6-578a08279f79",
|
||||||
Roles: []structs.ACLTokenRoleLink{
|
Roles: []structs.ACLTokenRoleLink{
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: fakeRoleID,
|
ID: fakeRoleID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -910,7 +910,7 @@ func TestStateStore_ACLTokens_ListUpgradeable(t *testing.T) {
|
||||||
AccessorID: "f1093997-b6c7-496d-bfb8-6b1b1895641b",
|
AccessorID: "f1093997-b6c7-496d-bfb8-6b1b1895641b",
|
||||||
SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b",
|
SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -919,7 +919,7 @@ func TestStateStore_ACLTokens_ListUpgradeable(t *testing.T) {
|
||||||
AccessorID: "54866514-3cf2-4fec-8a8a-710583831834",
|
AccessorID: "54866514-3cf2-4fec-8a8a-710583831834",
|
||||||
SecretID: "8de2dd39-134d-4cb1-950b-b7ab96ea20ba",
|
SecretID: "8de2dd39-134d-4cb1-950b-b7ab96ea20ba",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -928,7 +928,7 @@ func TestStateStore_ACLTokens_ListUpgradeable(t *testing.T) {
|
||||||
AccessorID: "47eea4da-bda1-48a6-901c-3e36d2d9262f",
|
AccessorID: "47eea4da-bda1-48a6-901c-3e36d2d9262f",
|
||||||
SecretID: "548bdb8e-c0d6-477b-bcc4-67fb836e9e61",
|
SecretID: "548bdb8e-c0d6-477b-bcc4-67fb836e9e61",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -937,7 +937,7 @@ func TestStateStore_ACLTokens_ListUpgradeable(t *testing.T) {
|
||||||
AccessorID: "af1dffe5-8ac2-4282-9336-aeed9f7d951a",
|
AccessorID: "af1dffe5-8ac2-4282-9336-aeed9f7d951a",
|
||||||
SecretID: "3ee33676-d9b8-4144-bf0b-92618cff438b",
|
SecretID: "3ee33676-d9b8-4144-bf0b-92618cff438b",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -946,7 +946,7 @@ func TestStateStore_ACLTokens_ListUpgradeable(t *testing.T) {
|
||||||
AccessorID: "511df589-3316-4784-b503-6e25ead4d4e1",
|
AccessorID: "511df589-3316-4784-b503-6e25ead4d4e1",
|
||||||
SecretID: "fa9d658a-6e26-42ab-a5f0-1ea05c893dee",
|
SecretID: "fa9d658a-6e26-42ab-a5f0-1ea05c893dee",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -971,7 +971,7 @@ func TestStateStore_ACLToken_List(t *testing.T) {
|
||||||
AccessorID: "f1093997-b6c7-496d-bfb8-6b1b1895641b",
|
AccessorID: "f1093997-b6c7-496d-bfb8-6b1b1895641b",
|
||||||
SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b",
|
SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -982,7 +982,7 @@ func TestStateStore_ACLToken_List(t *testing.T) {
|
||||||
AccessorID: "54866514-3cf2-4fec-8a8a-710583831834",
|
AccessorID: "54866514-3cf2-4fec-8a8a-710583831834",
|
||||||
SecretID: "8de2dd39-134d-4cb1-950b-b7ab96ea20ba",
|
SecretID: "8de2dd39-134d-4cb1-950b-b7ab96ea20ba",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -992,7 +992,7 @@ func TestStateStore_ACLToken_List(t *testing.T) {
|
||||||
AccessorID: "47eea4da-bda1-48a6-901c-3e36d2d9262f",
|
AccessorID: "47eea4da-bda1-48a6-901c-3e36d2d9262f",
|
||||||
SecretID: "548bdb8e-c0d6-477b-bcc4-67fb836e9e61",
|
SecretID: "548bdb8e-c0d6-477b-bcc4-67fb836e9e61",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: testPolicyID_A,
|
ID: testPolicyID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1002,7 +1002,7 @@ func TestStateStore_ACLToken_List(t *testing.T) {
|
||||||
AccessorID: "4915fc9d-3726-4171-b588-6c271f45eecd",
|
AccessorID: "4915fc9d-3726-4171-b588-6c271f45eecd",
|
||||||
SecretID: "f6998577-fd9b-4e6c-b202-cc3820513d32",
|
SecretID: "f6998577-fd9b-4e6c-b202-cc3820513d32",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: testPolicyID_A,
|
ID: testPolicyID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1013,7 +1013,7 @@ func TestStateStore_ACLToken_List(t *testing.T) {
|
||||||
AccessorID: "a7715fde-8954-4c92-afbc-d84c6ecdc582",
|
AccessorID: "a7715fde-8954-4c92-afbc-d84c6ecdc582",
|
||||||
SecretID: "77a2da3a-b479-4025-a83e-bd6b859f0cfe",
|
SecretID: "77a2da3a-b479-4025-a83e-bd6b859f0cfe",
|
||||||
Roles: []structs.ACLTokenRoleLink{
|
Roles: []structs.ACLTokenRoleLink{
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: testRoleID_A,
|
ID: testRoleID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1023,7 +1023,7 @@ func TestStateStore_ACLToken_List(t *testing.T) {
|
||||||
AccessorID: "cadb4f13-f62a-49ab-ab3f-5a7e01b925d9",
|
AccessorID: "cadb4f13-f62a-49ab-ab3f-5a7e01b925d9",
|
||||||
SecretID: "c432d12b-3c86-4628-b74f-94ddfc7fb3ba",
|
SecretID: "c432d12b-3c86-4628-b74f-94ddfc7fb3ba",
|
||||||
Roles: []structs.ACLTokenRoleLink{
|
Roles: []structs.ACLTokenRoleLink{
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: testRoleID_A,
|
ID: testRoleID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1239,7 +1239,7 @@ func TestStateStore_ACLToken_FixupPolicyLinks(t *testing.T) {
|
||||||
AccessorID: "47eea4da-bda1-48a6-901c-3e36d2d9262f",
|
AccessorID: "47eea4da-bda1-48a6-901c-3e36d2d9262f",
|
||||||
SecretID: "548bdb8e-c0d6-477b-bcc4-67fb836e9e61",
|
SecretID: "548bdb8e-c0d6-477b-bcc4-67fb836e9e61",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: testPolicyID_A,
|
ID: testPolicyID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1365,7 +1365,7 @@ func TestStateStore_ACLToken_FixupRoleLinks(t *testing.T) {
|
||||||
AccessorID: "47eea4da-bda1-48a6-901c-3e36d2d9262f",
|
AccessorID: "47eea4da-bda1-48a6-901c-3e36d2d9262f",
|
||||||
SecretID: "548bdb8e-c0d6-477b-bcc4-67fb836e9e61",
|
SecretID: "548bdb8e-c0d6-477b-bcc4-67fb836e9e61",
|
||||||
Roles: []structs.ACLTokenRoleLink{
|
Roles: []structs.ACLTokenRoleLink{
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: testRoleID_A,
|
ID: testRoleID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1386,7 +1386,7 @@ func TestStateStore_ACLToken_FixupRoleLinks(t *testing.T) {
|
||||||
Name: "node-read-role-renamed",
|
Name: "node-read-role-renamed",
|
||||||
Description: "Allows reading all node information",
|
Description: "Allows reading all node information",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: testPolicyID_A,
|
ID: testPolicyID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1490,7 +1490,7 @@ func TestStateStore_ACLToken_Delete(t *testing.T) {
|
||||||
AccessorID: "f1093997-b6c7-496d-bfb8-6b1b1895641b",
|
AccessorID: "f1093997-b6c7-496d-bfb8-6b1b1895641b",
|
||||||
SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b",
|
SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1518,7 +1518,7 @@ func TestStateStore_ACLToken_Delete(t *testing.T) {
|
||||||
AccessorID: "f1093997-b6c7-496d-bfb8-6b1b1895641b",
|
AccessorID: "f1093997-b6c7-496d-bfb8-6b1b1895641b",
|
||||||
SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b",
|
SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1547,7 +1547,7 @@ func TestStateStore_ACLToken_Delete(t *testing.T) {
|
||||||
AccessorID: "f1093997-b6c7-496d-bfb8-6b1b1895641b",
|
AccessorID: "f1093997-b6c7-496d-bfb8-6b1b1895641b",
|
||||||
SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b",
|
SecretID: "34ec8eb3-095d-417a-a937-b439af7a8e8b",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1557,7 +1557,7 @@ func TestStateStore_ACLToken_Delete(t *testing.T) {
|
||||||
AccessorID: "a0bfe8d4-b2f3-4b48-b387-f28afb820eab",
|
AccessorID: "a0bfe8d4-b2f3-4b48-b387-f28afb820eab",
|
||||||
SecretID: "be444e46-fb95-4ccc-80d5-c873f34e6fa6",
|
SecretID: "be444e46-fb95-4ccc-80d5-c873f34e6fa6",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2040,7 +2040,7 @@ func TestStateStore_ACLRole_SetGet(t *testing.T) {
|
||||||
Name: "test-role",
|
Name: "test-role",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2057,7 +2057,7 @@ func TestStateStore_ACLRole_SetGet(t *testing.T) {
|
||||||
ID: testRoleID_A,
|
ID: testRoleID_A,
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2074,7 +2074,7 @@ func TestStateStore_ACLRole_SetGet(t *testing.T) {
|
||||||
ID: testRoleID_A,
|
ID: testRoleID_A,
|
||||||
Description: "test",
|
Description: "test",
|
||||||
ServiceIdentities: []*structs.ACLServiceIdentity{
|
ServiceIdentities: []*structs.ACLServiceIdentity{
|
||||||
&structs.ACLServiceIdentity{},
|
{},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2089,7 +2089,7 @@ func TestStateStore_ACLRole_SetGet(t *testing.T) {
|
||||||
ID: testRoleID_A,
|
ID: testRoleID_A,
|
||||||
Description: "test",
|
Description: "test",
|
||||||
ServiceIdentities: []*structs.ACLServiceIdentity{
|
ServiceIdentities: []*structs.ACLServiceIdentity{
|
||||||
&structs.ACLServiceIdentity{
|
{
|
||||||
Datacenters: []string{"dc1"},
|
Datacenters: []string{"dc1"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2106,7 +2106,7 @@ func TestStateStore_ACLRole_SetGet(t *testing.T) {
|
||||||
ID: testRoleID_A,
|
ID: testRoleID_A,
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
Name: "no-id",
|
Name: "no-id",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2123,7 +2123,7 @@ func TestStateStore_ACLRole_SetGet(t *testing.T) {
|
||||||
ID: testRoleID_A,
|
ID: testRoleID_A,
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "4f20e379-b496-4b99-9599-19a197126490",
|
ID: "4f20e379-b496-4b99-9599-19a197126490",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2141,7 +2141,7 @@ func TestStateStore_ACLRole_SetGet(t *testing.T) {
|
||||||
Name: "my-new-role",
|
Name: "my-new-role",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: testPolicyID_A,
|
ID: testPolicyID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2180,7 +2180,7 @@ func TestStateStore_ACLRole_SetGet(t *testing.T) {
|
||||||
Name: "node-read-role",
|
Name: "node-read-role",
|
||||||
Description: "Allows reading all node information",
|
Description: "Allows reading all node information",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: testPolicyID_A,
|
ID: testPolicyID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2195,7 +2195,7 @@ func TestStateStore_ACLRole_SetGet(t *testing.T) {
|
||||||
Name: "node-read-role-modified",
|
Name: "node-read-role-modified",
|
||||||
Description: "Modified",
|
Description: "Modified",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2247,7 +2247,7 @@ func TestStateStore_ACLRoles_UpsertBatchRead(t *testing.T) {
|
||||||
Name: "role1",
|
Name: "role1",
|
||||||
Description: "test-role1",
|
Description: "test-role1",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: testPolicyID_A,
|
ID: testPolicyID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2257,7 +2257,7 @@ func TestStateStore_ACLRoles_UpsertBatchRead(t *testing.T) {
|
||||||
Name: "role2",
|
Name: "role2",
|
||||||
Description: "test-role2",
|
Description: "test-role2",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: testPolicyID_B,
|
ID: testPolicyID_B,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2289,7 +2289,7 @@ func TestStateStore_ACLRoles_UpsertBatchRead(t *testing.T) {
|
||||||
Name: "role1",
|
Name: "role1",
|
||||||
Description: "test-role1",
|
Description: "test-role1",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: testPolicyID_A,
|
ID: testPolicyID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2299,7 +2299,7 @@ func TestStateStore_ACLRoles_UpsertBatchRead(t *testing.T) {
|
||||||
Name: "role2",
|
Name: "role2",
|
||||||
Description: "test-role2",
|
Description: "test-role2",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: testPolicyID_B,
|
ID: testPolicyID_B,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2315,7 +2315,7 @@ func TestStateStore_ACLRoles_UpsertBatchRead(t *testing.T) {
|
||||||
Name: "role1-modified",
|
Name: "role1-modified",
|
||||||
Description: "test-role1-modified",
|
Description: "test-role1-modified",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: testPolicyID_C,
|
ID: testPolicyID_C,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2324,10 +2324,10 @@ func TestStateStore_ACLRoles_UpsertBatchRead(t *testing.T) {
|
||||||
ID: testRoleID_B,
|
ID: testRoleID_B,
|
||||||
Name: "role2-modified",
|
Name: "role2-modified",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: testPolicyID_D,
|
ID: testPolicyID_D,
|
||||||
},
|
},
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: testPolicyID_E,
|
ID: testPolicyID_E,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2369,7 +2369,7 @@ func TestStateStore_ACLRoles_UpsertBatchRead(t *testing.T) {
|
||||||
Name: "role1",
|
Name: "role1",
|
||||||
Description: "test-role1",
|
Description: "test-role1",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: fakePolicyID,
|
ID: fakePolicyID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2408,7 +2408,7 @@ func TestStateStore_ACLRole_List(t *testing.T) {
|
||||||
Name: "role1",
|
Name: "role1",
|
||||||
Description: "test-role1",
|
Description: "test-role1",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: testPolicyID_A,
|
ID: testPolicyID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2418,7 +2418,7 @@ func TestStateStore_ACLRole_List(t *testing.T) {
|
||||||
Name: "role2",
|
Name: "role2",
|
||||||
Description: "test-role2",
|
Description: "test-role2",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: testPolicyID_B,
|
ID: testPolicyID_B,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2508,7 +2508,7 @@ func TestStateStore_ACLRole_FixupPolicyLinks(t *testing.T) {
|
||||||
ID: "672537b1-35cb-48fc-a2cd-a1863c301b70",
|
ID: "672537b1-35cb-48fc-a2cd-a1863c301b70",
|
||||||
Name: "test-role",
|
Name: "test-role",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: testPolicyID_A,
|
ID: testPolicyID_A,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2631,7 +2631,7 @@ func TestStateStore_ACLRole_Delete(t *testing.T) {
|
||||||
Name: "role1",
|
Name: "role1",
|
||||||
Description: "test-role1",
|
Description: "test-role1",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2660,7 +2660,7 @@ func TestStateStore_ACLRole_Delete(t *testing.T) {
|
||||||
Name: "role1",
|
Name: "role1",
|
||||||
Description: "test-role1",
|
Description: "test-role1",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2690,7 +2690,7 @@ func TestStateStore_ACLRole_Delete(t *testing.T) {
|
||||||
Name: "role1",
|
Name: "role1",
|
||||||
Description: "test-role1",
|
Description: "test-role1",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -2700,7 +2700,7 @@ func TestStateStore_ACLRole_Delete(t *testing.T) {
|
||||||
Name: "role2",
|
Name: "role2",
|
||||||
Description: "test-role2",
|
Description: "test-role2",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: structs.ACLPolicyGlobalManagementID,
|
ID: structs.ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -3492,7 +3492,7 @@ func TestStateStore_ACLTokens_Snapshot_Restore(t *testing.T) {
|
||||||
Name: "role1",
|
Name: "role1",
|
||||||
Description: "role1",
|
Description: "role1",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "ca1fc52c-3676-4050-82ed-ca223e38b2c9",
|
ID: "ca1fc52c-3676-4050-82ed-ca223e38b2c9",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -3502,7 +3502,7 @@ func TestStateStore_ACLTokens_Snapshot_Restore(t *testing.T) {
|
||||||
Name: "role2",
|
Name: "role2",
|
||||||
Description: "role2",
|
Description: "role2",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "7b70fa0f-58cd-412d-93c3-a0f17bb19a3e",
|
ID: "7b70fa0f-58cd-412d-93c3-a0f17bb19a3e",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -3521,21 +3521,21 @@ func TestStateStore_ACLTokens_Snapshot_Restore(t *testing.T) {
|
||||||
SecretID: "838f72b5-5c15-4a9e-aa6d-31734c3a0286",
|
SecretID: "838f72b5-5c15-4a9e-aa6d-31734c3a0286",
|
||||||
Description: "token1",
|
Description: "token1",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "ca1fc52c-3676-4050-82ed-ca223e38b2c9",
|
ID: "ca1fc52c-3676-4050-82ed-ca223e38b2c9",
|
||||||
Name: "policy1",
|
Name: "policy1",
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "7b70fa0f-58cd-412d-93c3-a0f17bb19a3e",
|
ID: "7b70fa0f-58cd-412d-93c3-a0f17bb19a3e",
|
||||||
Name: "policy2",
|
Name: "policy2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Roles: []structs.ACLTokenRoleLink{
|
Roles: []structs.ACLTokenRoleLink{
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: "1a3a9af9-9cdc-473a-8016-010067b7e424",
|
ID: "1a3a9af9-9cdc-473a-8016-010067b7e424",
|
||||||
Name: "role1",
|
Name: "role1",
|
||||||
},
|
},
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: "4dccc2c7-10f3-4eba-b367-9c09be9a9d67",
|
ID: "4dccc2c7-10f3-4eba-b367-9c09be9a9d67",
|
||||||
Name: "role2",
|
Name: "role2",
|
||||||
},
|
},
|
||||||
|
@ -3546,21 +3546,21 @@ func TestStateStore_ACLTokens_Snapshot_Restore(t *testing.T) {
|
||||||
SecretID: "ba5d9239-a4ab-49b9-ae09-1f19eed92204",
|
SecretID: "ba5d9239-a4ab-49b9-ae09-1f19eed92204",
|
||||||
Description: "token2",
|
Description: "token2",
|
||||||
Policies: []structs.ACLTokenPolicyLink{
|
Policies: []structs.ACLTokenPolicyLink{
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "ca1fc52c-3676-4050-82ed-ca223e38b2c9",
|
ID: "ca1fc52c-3676-4050-82ed-ca223e38b2c9",
|
||||||
Name: "policy1",
|
Name: "policy1",
|
||||||
},
|
},
|
||||||
structs.ACLTokenPolicyLink{
|
{
|
||||||
ID: "7b70fa0f-58cd-412d-93c3-a0f17bb19a3e",
|
ID: "7b70fa0f-58cd-412d-93c3-a0f17bb19a3e",
|
||||||
Name: "policy2",
|
Name: "policy2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Roles: []structs.ACLTokenRoleLink{
|
Roles: []structs.ACLTokenRoleLink{
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: "1a3a9af9-9cdc-473a-8016-010067b7e424",
|
ID: "1a3a9af9-9cdc-473a-8016-010067b7e424",
|
||||||
Name: "role1",
|
Name: "role1",
|
||||||
},
|
},
|
||||||
structs.ACLTokenRoleLink{
|
{
|
||||||
ID: "4dccc2c7-10f3-4eba-b367-9c09be9a9d67",
|
ID: "4dccc2c7-10f3-4eba-b367-9c09be9a9d67",
|
||||||
Name: "role2",
|
Name: "role2",
|
||||||
},
|
},
|
||||||
|
@ -3707,7 +3707,7 @@ func TestTokenPoliciesIndex(t *testing.T) {
|
||||||
}
|
}
|
||||||
schema := &memdb.DBSchema{
|
schema := &memdb.DBSchema{
|
||||||
Tables: map[string]*memdb.TableSchema{
|
Tables: map[string]*memdb.TableSchema{
|
||||||
"test": &memdb.TableSchema{
|
"test": {
|
||||||
Name: "test",
|
Name: "test",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": idIndex,
|
"id": idIndex,
|
||||||
|
@ -3887,11 +3887,11 @@ func TestStateStore_ACLRoles_Snapshot_Restore(t *testing.T) {
|
||||||
Name: "838f72b5-5c15-4a9e-aa6d-31734c3a0286",
|
Name: "838f72b5-5c15-4a9e-aa6d-31734c3a0286",
|
||||||
Description: "policy1",
|
Description: "policy1",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "ca1fc52c-3676-4050-82ed-ca223e38b2c9",
|
ID: "ca1fc52c-3676-4050-82ed-ca223e38b2c9",
|
||||||
Name: "policy1",
|
Name: "policy1",
|
||||||
},
|
},
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "7b70fa0f-58cd-412d-93c3-a0f17bb19a3e",
|
ID: "7b70fa0f-58cd-412d-93c3-a0f17bb19a3e",
|
||||||
Name: "policy2",
|
Name: "policy2",
|
||||||
},
|
},
|
||||||
|
@ -3904,11 +3904,11 @@ func TestStateStore_ACLRoles_Snapshot_Restore(t *testing.T) {
|
||||||
Name: "ba5d9239-a4ab-49b9-ae09-1f19eed92204",
|
Name: "ba5d9239-a4ab-49b9-ae09-1f19eed92204",
|
||||||
Description: "policy2",
|
Description: "policy2",
|
||||||
Policies: []structs.ACLRolePolicyLink{
|
Policies: []structs.ACLRolePolicyLink{
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "ca1fc52c-3676-4050-82ed-ca223e38b2c9",
|
ID: "ca1fc52c-3676-4050-82ed-ca223e38b2c9",
|
||||||
Name: "policy1",
|
Name: "policy1",
|
||||||
},
|
},
|
||||||
structs.ACLRolePolicyLink{
|
{
|
||||||
ID: "7b70fa0f-58cd-412d-93c3-a0f17bb19a3e",
|
ID: "7b70fa0f-58cd-412d-93c3-a0f17bb19a3e",
|
||||||
Name: "policy2",
|
Name: "policy2",
|
||||||
},
|
},
|
||||||
|
@ -4100,7 +4100,7 @@ func TestStateStore_resolveACLLinks(t *testing.T) {
|
||||||
defer tx.Abort()
|
defer tx.Abort()
|
||||||
|
|
||||||
links := []agentpb.ACLLink{
|
links := []agentpb.ACLLink{
|
||||||
agentpb.ACLLink{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -4123,10 +4123,10 @@ func TestStateStore_resolveACLLinks(t *testing.T) {
|
||||||
defer tx.Abort()
|
defer tx.Abort()
|
||||||
|
|
||||||
links := []agentpb.ACLLink{
|
links := []agentpb.ACLLink{
|
||||||
agentpb.ACLLink{
|
{
|
||||||
ID: "b985e082-25d3-45a9-9dd8-fd1a41b83b0d",
|
ID: "b985e082-25d3-45a9-9dd8-fd1a41b83b0d",
|
||||||
},
|
},
|
||||||
agentpb.ACLLink{
|
{
|
||||||
ID: "e81887b4-836b-4053-a1fa-7e8305902be9",
|
ID: "e81887b4-836b-4053-a1fa-7e8305902be9",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -4156,7 +4156,7 @@ func TestStateStore_resolveACLLinks(t *testing.T) {
|
||||||
defer tx.Abort()
|
defer tx.Abort()
|
||||||
|
|
||||||
links := []agentpb.ACLLink{
|
links := []agentpb.ACLLink{
|
||||||
agentpb.ACLLink{
|
{
|
||||||
ID: "b985e082-25d3-45a9-9dd8-fd1a41b83b0d",
|
ID: "b985e082-25d3-45a9-9dd8-fd1a41b83b0d",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -4176,19 +4176,19 @@ func TestStateStore_fixupACLLinks(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
links := []agentpb.ACLLink{
|
links := []agentpb.ACLLink{
|
||||||
agentpb.ACLLink{
|
{
|
||||||
ID: "40b57f86-97ea-40e4-a99a-c399cc81f4dd",
|
ID: "40b57f86-97ea-40e4-a99a-c399cc81f4dd",
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
},
|
},
|
||||||
agentpb.ACLLink{
|
{
|
||||||
ID: "8f024f92-1f8e-42ea-a3c3-55fb0c8670bc",
|
ID: "8f024f92-1f8e-42ea-a3c3-55fb0c8670bc",
|
||||||
Name: "bar",
|
Name: "bar",
|
||||||
},
|
},
|
||||||
agentpb.ACLLink{
|
{
|
||||||
ID: "c91afed1-e474-4cd2-98aa-cd57dd9377e9",
|
ID: "c91afed1-e474-4cd2-98aa-cd57dd9377e9",
|
||||||
Name: "baz",
|
Name: "baz",
|
||||||
},
|
},
|
||||||
agentpb.ACLLink{
|
{
|
||||||
ID: "c1585be7-ab0e-4973-b572-ba9afda86e07",
|
ID: "c1585be7-ab0e-4973-b572-ba9afda86e07",
|
||||||
Name: "four",
|
Name: "four",
|
||||||
},
|
},
|
||||||
|
|
|
@ -13,7 +13,7 @@ func autopilotConfigTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "autopilot-config",
|
Name: "autopilot-config",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
|
|
@ -29,7 +29,7 @@ func nodesTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "nodes",
|
Name: "nodes",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -38,7 +38,7 @@ func nodesTableSchema() *memdb.TableSchema {
|
||||||
Lowercase: true,
|
Lowercase: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"uuid": &memdb.IndexSchema{
|
"uuid": {
|
||||||
Name: "uuid",
|
Name: "uuid",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -46,7 +46,7 @@ func nodesTableSchema() *memdb.TableSchema {
|
||||||
Field: "ID",
|
Field: "ID",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"meta": &memdb.IndexSchema{
|
"meta": {
|
||||||
Name: "meta",
|
Name: "meta",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
@ -879,7 +879,7 @@ func (s *Store) serviceListTxn(tx *memdb.Txn, ws memdb.WatchSet, entMeta *struct
|
||||||
}
|
}
|
||||||
|
|
||||||
results := make(structs.ServiceList, 0, len(unique))
|
results := make(structs.ServiceList, 0, len(unique))
|
||||||
for sn, _ := range unique {
|
for sn := range unique {
|
||||||
results = append(results, structs.ServiceName{Name: sn.Name, EnterpriseMeta: sn.EnterpriseMeta})
|
results = append(results, structs.ServiceName{Name: sn.Name, EnterpriseMeta: sn.EnterpriseMeta})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -14,7 +14,7 @@ func servicesTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "services",
|
Name: "services",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -31,7 +31,7 @@ func servicesTableSchema() *memdb.TableSchema {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"node": &memdb.IndexSchema{
|
"node": {
|
||||||
Name: "node",
|
Name: "node",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
@ -40,7 +40,7 @@ func servicesTableSchema() *memdb.TableSchema {
|
||||||
Lowercase: true,
|
Lowercase: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"service": &memdb.IndexSchema{
|
"service": {
|
||||||
Name: "service",
|
Name: "service",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
@ -49,13 +49,13 @@ func servicesTableSchema() *memdb.TableSchema {
|
||||||
Lowercase: true,
|
Lowercase: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"connect": &memdb.IndexSchema{
|
"connect": {
|
||||||
Name: "connect",
|
Name: "connect",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
Indexer: &IndexConnectService{},
|
Indexer: &IndexConnectService{},
|
||||||
},
|
},
|
||||||
"kind": &memdb.IndexSchema{
|
"kind": {
|
||||||
Name: "kind",
|
Name: "kind",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
@ -72,7 +72,7 @@ func checksTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "checks",
|
Name: "checks",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -89,7 +89,7 @@ func checksTableSchema() *memdb.TableSchema {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"status": &memdb.IndexSchema{
|
"status": {
|
||||||
Name: "status",
|
Name: "status",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
@ -98,7 +98,7 @@ func checksTableSchema() *memdb.TableSchema {
|
||||||
Lowercase: false,
|
Lowercase: false,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"service": &memdb.IndexSchema{
|
"service": {
|
||||||
Name: "service",
|
Name: "service",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
@ -107,7 +107,7 @@ func checksTableSchema() *memdb.TableSchema {
|
||||||
Lowercase: true,
|
Lowercase: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"node": &memdb.IndexSchema{
|
"node": {
|
||||||
Name: "node",
|
Name: "node",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
@ -116,7 +116,7 @@ func checksTableSchema() *memdb.TableSchema {
|
||||||
Lowercase: true,
|
Lowercase: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"node_service_check": &memdb.IndexSchema{
|
"node_service_check": {
|
||||||
Name: "node_service_check",
|
Name: "node_service_check",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
@ -132,7 +132,7 @@ func checksTableSchema() *memdb.TableSchema {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"node_service": &memdb.IndexSchema{
|
"node_service": {
|
||||||
Name: "node_service",
|
Name: "node_service",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
|
|
@ -221,7 +221,7 @@ func TestStateStore_EnsureRegistration(t *testing.T) {
|
||||||
// Verify that the service got registered.
|
// Verify that the service got registered.
|
||||||
verifyService := func() {
|
verifyService := func() {
|
||||||
svcmap := map[string]*structs.NodeService{
|
svcmap := map[string]*structs.NodeService{
|
||||||
"redis1": &structs.NodeService{
|
"redis1": {
|
||||||
ID: "redis1",
|
ID: "redis1",
|
||||||
Service: "redis",
|
Service: "redis",
|
||||||
Address: "1.1.1.1",
|
Address: "1.1.1.1",
|
||||||
|
@ -2225,7 +2225,7 @@ func TestStateStore_Service_Snapshot(t *testing.T) {
|
||||||
// Register a node with two services.
|
// Register a node with two services.
|
||||||
testRegisterNode(t, s, 0, "node1")
|
testRegisterNode(t, s, 0, "node1")
|
||||||
ns := []*structs.NodeService{
|
ns := []*structs.NodeService{
|
||||||
&structs.NodeService{
|
{
|
||||||
ID: "service1",
|
ID: "service1",
|
||||||
Service: "redis",
|
Service: "redis",
|
||||||
Tags: []string{"prod"},
|
Tags: []string{"prod"},
|
||||||
|
@ -2234,7 +2234,7 @@ func TestStateStore_Service_Snapshot(t *testing.T) {
|
||||||
Weights: &structs.Weights{Passing: 1, Warning: 0},
|
Weights: &structs.Weights{Passing: 1, Warning: 0},
|
||||||
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
||||||
},
|
},
|
||||||
&structs.NodeService{
|
{
|
||||||
ID: "service2",
|
ID: "service2",
|
||||||
Service: "nomad",
|
Service: "nomad",
|
||||||
Tags: []string{"dev"},
|
Tags: []string{"dev"},
|
||||||
|
@ -4216,7 +4216,7 @@ func TestStateStore_NodeInfo_NodeDump(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Services: []*structs.NodeService{
|
Services: []*structs.NodeService{
|
||||||
&structs.NodeService{
|
{
|
||||||
ID: "service1",
|
ID: "service1",
|
||||||
Service: "service1",
|
Service: "service1",
|
||||||
Address: "1.1.1.1",
|
Address: "1.1.1.1",
|
||||||
|
@ -4229,7 +4229,7 @@ func TestStateStore_NodeInfo_NodeDump(t *testing.T) {
|
||||||
},
|
},
|
||||||
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
||||||
},
|
},
|
||||||
&structs.NodeService{
|
{
|
||||||
ID: "service2",
|
ID: "service2",
|
||||||
Service: "service2",
|
Service: "service2",
|
||||||
Address: "1.1.1.1",
|
Address: "1.1.1.1",
|
||||||
|
@ -4273,7 +4273,7 @@ func TestStateStore_NodeInfo_NodeDump(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Services: []*structs.NodeService{
|
Services: []*structs.NodeService{
|
||||||
&structs.NodeService{
|
{
|
||||||
ID: "service1",
|
ID: "service1",
|
||||||
Service: "service1",
|
Service: "service1",
|
||||||
Address: "1.1.1.1",
|
Address: "1.1.1.1",
|
||||||
|
@ -4286,7 +4286,7 @@ func TestStateStore_NodeInfo_NodeDump(t *testing.T) {
|
||||||
},
|
},
|
||||||
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
||||||
},
|
},
|
||||||
&structs.NodeService{
|
{
|
||||||
ID: "service2",
|
ID: "service2",
|
||||||
Service: "service2",
|
Service: "service2",
|
||||||
Address: "1.1.1.1",
|
Address: "1.1.1.1",
|
||||||
|
@ -4953,9 +4953,9 @@ func TestStateStore_CheckIngressServiceNodes(t *testing.T) {
|
||||||
ids[n.Service.ID] = struct{}{}
|
ids[n.Service.ID] = struct{}{}
|
||||||
}
|
}
|
||||||
expectedIds := map[string]struct{}{
|
expectedIds := map[string]struct{}{
|
||||||
"ingress1": struct{}{},
|
"ingress1": {},
|
||||||
"ingress2": struct{}{},
|
"ingress2": {},
|
||||||
"wildcardIngress": struct{}{},
|
"wildcardIngress": {},
|
||||||
}
|
}
|
||||||
require.Equal(expectedIds, ids)
|
require.Equal(expectedIds, ids)
|
||||||
})
|
})
|
||||||
|
@ -4971,8 +4971,8 @@ func TestStateStore_CheckIngressServiceNodes(t *testing.T) {
|
||||||
ids[n.Service.ID] = struct{}{}
|
ids[n.Service.ID] = struct{}{}
|
||||||
}
|
}
|
||||||
expectedIds := map[string]struct{}{
|
expectedIds := map[string]struct{}{
|
||||||
"ingress1": struct{}{},
|
"ingress1": {},
|
||||||
"wildcardIngress": struct{}{},
|
"wildcardIngress": {},
|
||||||
}
|
}
|
||||||
require.Equal(expectedIds, ids)
|
require.Equal(expectedIds, ids)
|
||||||
})
|
})
|
||||||
|
|
|
@ -439,7 +439,7 @@ func (s *Store) validateProposedConfigEntryInServiceGraph(
|
||||||
{Kind: kind, Name: name}: next,
|
{Kind: kind, Name: name}: next,
|
||||||
}
|
}
|
||||||
|
|
||||||
for chain, _ := range checkChains {
|
for chain := range checkChains {
|
||||||
if err := s.testCompileDiscoveryChain(tx, nil, chain.ID, overrides, &chain.EnterpriseMeta); err != nil {
|
if err := s.testCompileDiscoveryChain(tx, nil, chain.ID, overrides, &chain.EnterpriseMeta); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -690,7 +690,7 @@ func anyKey(m map[structs.ServiceID]struct{}) (structs.ServiceID, bool) {
|
||||||
if len(m) == 0 {
|
if len(m) == 0 {
|
||||||
return structs.ServiceID{}, false
|
return structs.ServiceID{}, false
|
||||||
}
|
}
|
||||||
for k, _ := range m {
|
for k := range m {
|
||||||
return k, true
|
return k, true
|
||||||
}
|
}
|
||||||
return structs.ServiceID{}, false
|
return structs.ServiceID{}, false
|
||||||
|
|
|
@ -13,7 +13,7 @@ func configTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: configTableName,
|
Name: configTableName,
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -30,7 +30,7 @@ func configTableSchema() *memdb.TableSchema {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"kind": &memdb.IndexSchema{
|
"kind": {
|
||||||
Name: "kind",
|
Name: "kind",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
@ -39,7 +39,7 @@ func configTableSchema() *memdb.TableSchema {
|
||||||
Lowercase: true,
|
Lowercase: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"link": &memdb.IndexSchema{
|
"link": {
|
||||||
Name: "link",
|
Name: "link",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
|
|
@ -184,7 +184,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectGraphErr bool
|
expectGraphErr bool
|
||||||
}
|
}
|
||||||
cases := map[string]tcase{
|
cases := map[string]tcase{
|
||||||
"splitter fails without default protocol": tcase{
|
"splitter fails without default protocol": {
|
||||||
entries: []structs.ConfigEntry{},
|
entries: []structs.ConfigEntry{},
|
||||||
op: func(t *testing.T, s *Store) error {
|
op: func(t *testing.T, s *Store) error {
|
||||||
entry := &structs.ServiceSplitterConfigEntry{
|
entry := &structs.ServiceSplitterConfigEntry{
|
||||||
|
@ -199,7 +199,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectErr: "does not permit advanced routing or splitting behavior",
|
expectErr: "does not permit advanced routing or splitting behavior",
|
||||||
expectGraphErr: true,
|
expectGraphErr: true,
|
||||||
},
|
},
|
||||||
"splitter fails with tcp protocol": tcase{
|
"splitter fails with tcp protocol": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ServiceConfigEntry{
|
&structs.ServiceConfigEntry{
|
||||||
Kind: structs.ServiceDefaults,
|
Kind: structs.ServiceDefaults,
|
||||||
|
@ -220,7 +220,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectErr: "does not permit advanced routing or splitting behavior",
|
expectErr: "does not permit advanced routing or splitting behavior",
|
||||||
expectGraphErr: true,
|
expectGraphErr: true,
|
||||||
},
|
},
|
||||||
"splitter works with http protocol": tcase{
|
"splitter works with http protocol": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ProxyConfigEntry{
|
&structs.ProxyConfigEntry{
|
||||||
Kind: structs.ProxyDefaults,
|
Kind: structs.ProxyDefaults,
|
||||||
|
@ -239,10 +239,10 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "main",
|
Name: "main",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.version == v1",
|
Filter: "Service.Meta.version == v1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.version == v2",
|
Filter: "Service.Meta.version == v2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -261,7 +261,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
return s.EnsureConfigEntry(0, entry, nil)
|
return s.EnsureConfigEntry(0, entry, nil)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"splitter works with http protocol (from proxy-defaults)": tcase{
|
"splitter works with http protocol (from proxy-defaults)": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ProxyConfigEntry{
|
&structs.ProxyConfigEntry{
|
||||||
Kind: structs.ProxyDefaults,
|
Kind: structs.ProxyDefaults,
|
||||||
|
@ -274,10 +274,10 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "main",
|
Name: "main",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.version == v1",
|
Filter: "Service.Meta.version == v1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.version == v2",
|
Filter: "Service.Meta.version == v2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -295,7 +295,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
return s.EnsureConfigEntry(0, entry, nil)
|
return s.EnsureConfigEntry(0, entry, nil)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"router fails with tcp protocol": tcase{
|
"router fails with tcp protocol": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ServiceConfigEntry{
|
&structs.ServiceConfigEntry{
|
||||||
Kind: structs.ServiceDefaults,
|
Kind: structs.ServiceDefaults,
|
||||||
|
@ -306,7 +306,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "main",
|
Name: "main",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"other": structs.ServiceResolverSubset{
|
"other": {
|
||||||
Filter: "Service.Meta.version == other",
|
Filter: "Service.Meta.version == other",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -334,13 +334,13 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectErr: "does not permit advanced routing or splitting behavior",
|
expectErr: "does not permit advanced routing or splitting behavior",
|
||||||
expectGraphErr: true,
|
expectGraphErr: true,
|
||||||
},
|
},
|
||||||
"router fails without default protocol": tcase{
|
"router fails without default protocol": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ServiceResolverConfigEntry{
|
&structs.ServiceResolverConfigEntry{
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "main",
|
Name: "main",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"other": structs.ServiceResolverSubset{
|
"other": {
|
||||||
Filter: "Service.Meta.version == other",
|
Filter: "Service.Meta.version == other",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -369,7 +369,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectGraphErr: true,
|
expectGraphErr: true,
|
||||||
},
|
},
|
||||||
/////////////////////////////////////////////////
|
/////////////////////////////////////////////////
|
||||||
"cannot remove default protocol after splitter created": tcase{
|
"cannot remove default protocol after splitter created": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ServiceConfigEntry{
|
&structs.ServiceConfigEntry{
|
||||||
Kind: structs.ServiceDefaults,
|
Kind: structs.ServiceDefaults,
|
||||||
|
@ -380,10 +380,10 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "main",
|
Name: "main",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.version == v1",
|
Filter: "Service.Meta.version == v1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.version == v2",
|
Filter: "Service.Meta.version == v2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -403,7 +403,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectErr: "does not permit advanced routing or splitting behavior",
|
expectErr: "does not permit advanced routing or splitting behavior",
|
||||||
expectGraphErr: true,
|
expectGraphErr: true,
|
||||||
},
|
},
|
||||||
"cannot remove global default protocol after splitter created": tcase{
|
"cannot remove global default protocol after splitter created": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ProxyConfigEntry{
|
&structs.ProxyConfigEntry{
|
||||||
Kind: structs.ProxyDefaults,
|
Kind: structs.ProxyDefaults,
|
||||||
|
@ -416,10 +416,10 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "main",
|
Name: "main",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.version == v1",
|
Filter: "Service.Meta.version == v1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.version == v2",
|
Filter: "Service.Meta.version == v2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -439,7 +439,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectErr: "does not permit advanced routing or splitting behavior",
|
expectErr: "does not permit advanced routing or splitting behavior",
|
||||||
expectGraphErr: true,
|
expectGraphErr: true,
|
||||||
},
|
},
|
||||||
"can remove global default protocol after splitter created if service default overrides it": tcase{
|
"can remove global default protocol after splitter created if service default overrides it": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ProxyConfigEntry{
|
&structs.ProxyConfigEntry{
|
||||||
Kind: structs.ProxyDefaults,
|
Kind: structs.ProxyDefaults,
|
||||||
|
@ -457,10 +457,10 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "main",
|
Name: "main",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.version == v1",
|
Filter: "Service.Meta.version == v1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.version == v2",
|
Filter: "Service.Meta.version == v2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -478,7 +478,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
return s.DeleteConfigEntry(0, structs.ProxyDefaults, structs.ProxyConfigGlobal, nil)
|
return s.DeleteConfigEntry(0, structs.ProxyDefaults, structs.ProxyConfigGlobal, nil)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"cannot change to tcp protocol after splitter created": tcase{
|
"cannot change to tcp protocol after splitter created": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ServiceConfigEntry{
|
&structs.ServiceConfigEntry{
|
||||||
Kind: structs.ServiceDefaults,
|
Kind: structs.ServiceDefaults,
|
||||||
|
@ -489,10 +489,10 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "main",
|
Name: "main",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.version == v1",
|
Filter: "Service.Meta.version == v1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.version == v2",
|
Filter: "Service.Meta.version == v2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -517,7 +517,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectErr: "does not permit advanced routing or splitting behavior",
|
expectErr: "does not permit advanced routing or splitting behavior",
|
||||||
expectGraphErr: true,
|
expectGraphErr: true,
|
||||||
},
|
},
|
||||||
"cannot remove default protocol after router created": tcase{
|
"cannot remove default protocol after router created": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ServiceConfigEntry{
|
&structs.ServiceConfigEntry{
|
||||||
Kind: structs.ServiceDefaults,
|
Kind: structs.ServiceDefaults,
|
||||||
|
@ -528,7 +528,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "main",
|
Name: "main",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"other": structs.ServiceResolverSubset{
|
"other": {
|
||||||
Filter: "Service.Meta.version == other",
|
Filter: "Service.Meta.version == other",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -556,7 +556,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectErr: "does not permit advanced routing or splitting behavior",
|
expectErr: "does not permit advanced routing or splitting behavior",
|
||||||
expectGraphErr: true,
|
expectGraphErr: true,
|
||||||
},
|
},
|
||||||
"cannot change to tcp protocol after router created": tcase{
|
"cannot change to tcp protocol after router created": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ServiceConfigEntry{
|
&structs.ServiceConfigEntry{
|
||||||
Kind: structs.ServiceDefaults,
|
Kind: structs.ServiceDefaults,
|
||||||
|
@ -567,7 +567,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "main",
|
Name: "main",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"other": structs.ServiceResolverSubset{
|
"other": {
|
||||||
Filter: "Service.Meta.version == other",
|
Filter: "Service.Meta.version == other",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -601,7 +601,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectGraphErr: true,
|
expectGraphErr: true,
|
||||||
},
|
},
|
||||||
/////////////////////////////////////////////////
|
/////////////////////////////////////////////////
|
||||||
"cannot split to a service using tcp": tcase{
|
"cannot split to a service using tcp": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ServiceConfigEntry{
|
&structs.ServiceConfigEntry{
|
||||||
Kind: structs.ServiceDefaults,
|
Kind: structs.ServiceDefaults,
|
||||||
|
@ -628,7 +628,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectErr: "uses inconsistent protocols",
|
expectErr: "uses inconsistent protocols",
|
||||||
expectGraphErr: true,
|
expectGraphErr: true,
|
||||||
},
|
},
|
||||||
"cannot route to a service using tcp": tcase{
|
"cannot route to a service using tcp": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ServiceConfigEntry{
|
&structs.ServiceConfigEntry{
|
||||||
Kind: structs.ServiceDefaults,
|
Kind: structs.ServiceDefaults,
|
||||||
|
@ -664,7 +664,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectGraphErr: true,
|
expectGraphErr: true,
|
||||||
},
|
},
|
||||||
/////////////////////////////////////////////////
|
/////////////////////////////////////////////////
|
||||||
"cannot failover to a service using a different protocol": tcase{
|
"cannot failover to a service using a different protocol": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ServiceConfigEntry{
|
&structs.ServiceConfigEntry{
|
||||||
Kind: structs.ServiceDefaults,
|
Kind: structs.ServiceDefaults,
|
||||||
|
@ -687,7 +687,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "main",
|
Name: "main",
|
||||||
Failover: map[string]structs.ServiceResolverFailover{
|
Failover: map[string]structs.ServiceResolverFailover{
|
||||||
"*": structs.ServiceResolverFailover{
|
"*": {
|
||||||
Service: "other",
|
Service: "other",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -697,7 +697,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectErr: "uses inconsistent protocols",
|
expectErr: "uses inconsistent protocols",
|
||||||
expectGraphErr: true,
|
expectGraphErr: true,
|
||||||
},
|
},
|
||||||
"cannot redirect to a service using a different protocol": tcase{
|
"cannot redirect to a service using a different protocol": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ServiceConfigEntry{
|
&structs.ServiceConfigEntry{
|
||||||
Kind: structs.ServiceDefaults,
|
Kind: structs.ServiceDefaults,
|
||||||
|
@ -729,14 +729,14 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectGraphErr: true,
|
expectGraphErr: true,
|
||||||
},
|
},
|
||||||
/////////////////////////////////////////////////
|
/////////////////////////////////////////////////
|
||||||
"redirect to a subset that does exist is fine": tcase{
|
"redirect to a subset that does exist is fine": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ServiceResolverConfigEntry{
|
&structs.ServiceResolverConfigEntry{
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "other",
|
Name: "other",
|
||||||
ConnectTimeout: 33 * time.Second,
|
ConnectTimeout: 33 * time.Second,
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.version == v1",
|
Filter: "Service.Meta.version == v1",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -754,7 +754,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
return s.EnsureConfigEntry(0, entry, nil)
|
return s.EnsureConfigEntry(0, entry, nil)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"cannot redirect to a subset that does not exist": tcase{
|
"cannot redirect to a subset that does not exist": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ServiceResolverConfigEntry{
|
&structs.ServiceResolverConfigEntry{
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
|
@ -777,7 +777,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectGraphErr: true,
|
expectGraphErr: true,
|
||||||
},
|
},
|
||||||
/////////////////////////////////////////////////
|
/////////////////////////////////////////////////
|
||||||
"cannot introduce circular resolver redirect": tcase{
|
"cannot introduce circular resolver redirect": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ServiceResolverConfigEntry{
|
&structs.ServiceResolverConfigEntry{
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
|
@ -800,7 +800,7 @@ func TestStore_ConfigEntry_GraphValidation(t *testing.T) {
|
||||||
expectErr: `detected circular resolver redirect`,
|
expectErr: `detected circular resolver redirect`,
|
||||||
expectGraphErr: true,
|
expectGraphErr: true,
|
||||||
},
|
},
|
||||||
"cannot introduce circular split": tcase{
|
"cannot introduce circular split": {
|
||||||
entries: []structs.ConfigEntry{
|
entries: []structs.ConfigEntry{
|
||||||
&structs.ProxyConfigEntry{
|
&structs.ProxyConfigEntry{
|
||||||
Kind: structs.ProxyDefaults,
|
Kind: structs.ProxyDefaults,
|
||||||
|
@ -1220,10 +1220,10 @@ func TestStore_ReadDiscoveryChainConfigEntries_SubsetSplit(t *testing.T) {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "main",
|
Name: "main",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.version == v1",
|
Filter: "Service.Meta.version == v1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.version == v2",
|
Filter: "Service.Meta.version == v2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -22,7 +22,7 @@ func caBuiltinProviderTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: caBuiltinProviderTableName,
|
Name: caBuiltinProviderTableName,
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -42,7 +42,7 @@ func caConfigTableSchema() *memdb.TableSchema {
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
// This table only stores one row, so this just ignores the ID field
|
// This table only stores one row, so this just ignores the ID field
|
||||||
// and always overwrites the same config object.
|
// and always overwrites the same config object.
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -60,7 +60,7 @@ func caRootTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: caRootTableName,
|
Name: caRootTableName,
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
|
|
@ -14,7 +14,7 @@ func coordinatesTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "coordinates",
|
Name: "coordinates",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -34,7 +34,7 @@ func coordinatesTableSchema() *memdb.TableSchema {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"node": &memdb.IndexSchema{
|
"node": {
|
||||||
Name: "node",
|
Name: "node",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
|
|
@ -13,7 +13,7 @@ func federationStateTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: federationStateTableName,
|
Name: federationStateTableName,
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
|
|
@ -211,10 +211,10 @@ func TestGraveyard_Snapshot_Restore(t *testing.T) {
|
||||||
|
|
||||||
// Verify the dump, which should be ordered by key.
|
// Verify the dump, which should be ordered by key.
|
||||||
expected := []*Tombstone{
|
expected := []*Tombstone{
|
||||||
&Tombstone{Key: "foo/bar/baz", Index: 5},
|
{Key: "foo/bar/baz", Index: 5},
|
||||||
&Tombstone{Key: "foo/bar/zoo", Index: 8},
|
{Key: "foo/bar/zoo", Index: 8},
|
||||||
&Tombstone{Key: "foo/in/the/house", Index: 2},
|
{Key: "foo/in/the/house", Index: 2},
|
||||||
&Tombstone{Key: "some/other/path", Index: 9},
|
{Key: "some/other/path", Index: 9},
|
||||||
}
|
}
|
||||||
if len(expected) != len(dump) {
|
if len(expected) != len(dump) {
|
||||||
t.Fatalf("expected %d, got %d tombstones", len(expected), len(dump))
|
t.Fatalf("expected %d, got %d tombstones", len(expected), len(dump))
|
||||||
|
|
|
@ -18,7 +18,7 @@ func intentionsTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: intentionsTableName,
|
Name: intentionsTableName,
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -26,7 +26,7 @@ func intentionsTableSchema() *memdb.TableSchema {
|
||||||
Field: "ID",
|
Field: "ID",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"destination": &memdb.IndexSchema{
|
"destination": {
|
||||||
Name: "destination",
|
Name: "destination",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
// This index is not unique since we need uniqueness across the whole
|
// This index is not unique since we need uniqueness across the whole
|
||||||
|
@ -45,7 +45,7 @@ func intentionsTableSchema() *memdb.TableSchema {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"source": &memdb.IndexSchema{
|
"source": {
|
||||||
Name: "source",
|
Name: "source",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
// This index is not unique since we need uniqueness across the whole
|
// This index is not unique since we need uniqueness across the whole
|
||||||
|
@ -64,7 +64,7 @@ func intentionsTableSchema() *memdb.TableSchema {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"source_destination": &memdb.IndexSchema{
|
"source_destination": {
|
||||||
Name: "source_destination",
|
Name: "source_destination",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
|
|
@ -14,13 +14,13 @@ func kvsTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "kvs",
|
Name: "kvs",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
Indexer: kvsIndexer(),
|
Indexer: kvsIndexer(),
|
||||||
},
|
},
|
||||||
"session": &memdb.IndexSchema{
|
"session": {
|
||||||
Name: "session",
|
Name: "session",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
@ -38,7 +38,7 @@ func tombstonesTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "tombstones",
|
Name: "tombstones",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
|
|
@ -15,7 +15,7 @@ func preparedQueriesTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "prepared-queries",
|
Name: "prepared-queries",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -23,7 +23,7 @@ func preparedQueriesTableSchema() *memdb.TableSchema {
|
||||||
Field: "ID",
|
Field: "ID",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"name": &memdb.IndexSchema{
|
"name": {
|
||||||
Name: "name",
|
Name: "name",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -32,13 +32,13 @@ func preparedQueriesTableSchema() *memdb.TableSchema {
|
||||||
Lowercase: true,
|
Lowercase: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"template": &memdb.IndexSchema{
|
"template": {
|
||||||
Name: "template",
|
Name: "template",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
Indexer: &PreparedQueryIndex{},
|
Indexer: &PreparedQueryIndex{},
|
||||||
},
|
},
|
||||||
"session": &memdb.IndexSchema{
|
"session": {
|
||||||
Name: "session",
|
Name: "session",
|
||||||
AllowMissing: true,
|
AllowMissing: true,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
|
|
@ -44,7 +44,7 @@ func indexTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "index",
|
Name: "index",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
|
|
@ -16,13 +16,13 @@ func sessionsTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "sessions",
|
Name: "sessions",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
Indexer: sessionIndexer(),
|
Indexer: sessionIndexer(),
|
||||||
},
|
},
|
||||||
"node": &memdb.IndexSchema{
|
"node": {
|
||||||
Name: "node",
|
Name: "node",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
@ -38,7 +38,7 @@ func sessionChecksTableSchema() *memdb.TableSchema {
|
||||||
return &memdb.TableSchema{
|
return &memdb.TableSchema{
|
||||||
Name: "session_checks",
|
Name: "session_checks",
|
||||||
Indexes: map[string]*memdb.IndexSchema{
|
Indexes: map[string]*memdb.IndexSchema{
|
||||||
"id": &memdb.IndexSchema{
|
"id": {
|
||||||
Name: "id",
|
Name: "id",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: true,
|
Unique: true,
|
||||||
|
@ -55,13 +55,13 @@ func sessionChecksTableSchema() *memdb.TableSchema {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"node_check": &memdb.IndexSchema{
|
"node_check": {
|
||||||
Name: "node_check",
|
Name: "node_check",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
Indexer: nodeChecksIndexer(),
|
Indexer: nodeChecksIndexer(),
|
||||||
},
|
},
|
||||||
"session": &memdb.IndexSchema{
|
"session": {
|
||||||
Name: "session",
|
Name: "session",
|
||||||
AllowMissing: false,
|
AllowMissing: false,
|
||||||
Unique: false,
|
Unique: false,
|
||||||
|
|
|
@ -285,11 +285,11 @@ func TestStateStore_NodeSessions(t *testing.T) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
sessions2 := []*structs.Session{
|
sessions2 := []*structs.Session{
|
||||||
&structs.Session{
|
{
|
||||||
ID: testUUID(),
|
ID: testUUID(),
|
||||||
Node: "node2",
|
Node: "node2",
|
||||||
},
|
},
|
||||||
&structs.Session{
|
{
|
||||||
ID: testUUID(),
|
ID: testUUID(),
|
||||||
Node: "node2",
|
Node: "node2",
|
||||||
},
|
},
|
||||||
|
|
|
@ -324,7 +324,7 @@ func TestStateStore_Txn_Service(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Services: map[string]*structs.NodeService{
|
Services: map[string]*structs.NodeService{
|
||||||
"svc1": &structs.NodeService{
|
"svc1": {
|
||||||
ID: "svc1",
|
ID: "svc1",
|
||||||
Service: "svc1",
|
Service: "svc1",
|
||||||
Address: "1.1.1.1",
|
Address: "1.1.1.1",
|
||||||
|
@ -337,7 +337,7 @@ func TestStateStore_Txn_Service(t *testing.T) {
|
||||||
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
||||||
Meta: map[string]string{},
|
Meta: map[string]string{},
|
||||||
},
|
},
|
||||||
"svc5": &structs.NodeService{
|
"svc5": {
|
||||||
ID: "svc5",
|
ID: "svc5",
|
||||||
RaftIndex: structs.RaftIndex{
|
RaftIndex: structs.RaftIndex{
|
||||||
CreateIndex: 6,
|
CreateIndex: 6,
|
||||||
|
@ -346,7 +346,7 @@ func TestStateStore_Txn_Service(t *testing.T) {
|
||||||
Weights: &structs.Weights{Passing: 1, Warning: 1},
|
Weights: &structs.Weights{Passing: 1, Warning: 1},
|
||||||
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
||||||
},
|
},
|
||||||
"svc2": &structs.NodeService{
|
"svc2": {
|
||||||
ID: "svc2",
|
ID: "svc2",
|
||||||
Tags: []string{"modified"},
|
Tags: []string{"modified"},
|
||||||
RaftIndex: structs.RaftIndex{
|
RaftIndex: structs.RaftIndex{
|
||||||
|
|
|
@ -628,7 +628,7 @@ func TestServersGetACLMode(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cases := map[string]tcase{
|
cases := map[string]tcase{
|
||||||
"filter-members": tcase{
|
"filter-members": {
|
||||||
servers: testServersProvider{
|
servers: testServersProvider{
|
||||||
makeServer("primary", structs.ACLModeLegacy, serf.StatusAlive, net.IP([]byte{127, 0, 0, 1})),
|
makeServer("primary", structs.ACLModeLegacy, serf.StatusAlive, net.IP([]byte{127, 0, 0, 1})),
|
||||||
makeServer("primary", structs.ACLModeLegacy, serf.StatusFailed, net.IP([]byte{127, 0, 0, 2})),
|
makeServer("primary", structs.ACLModeLegacy, serf.StatusFailed, net.IP([]byte{127, 0, 0, 2})),
|
||||||
|
@ -647,7 +647,7 @@ func TestServersGetACLMode(t *testing.T) {
|
||||||
minMode: structs.ACLModeLegacy,
|
minMode: structs.ACLModeLegacy,
|
||||||
leaderMode: structs.ACLModeLegacy,
|
leaderMode: structs.ACLModeLegacy,
|
||||||
},
|
},
|
||||||
"disabled": tcase{
|
"disabled": {
|
||||||
servers: testServersProvider{
|
servers: testServersProvider{
|
||||||
makeServer("primary", structs.ACLModeLegacy, serf.StatusAlive, net.IP([]byte{127, 0, 0, 1})),
|
makeServer("primary", structs.ACLModeLegacy, serf.StatusAlive, net.IP([]byte{127, 0, 0, 1})),
|
||||||
makeServer("primary", structs.ACLModeUnknown, serf.StatusAlive, net.IP([]byte{127, 0, 0, 2})),
|
makeServer("primary", structs.ACLModeUnknown, serf.StatusAlive, net.IP([]byte{127, 0, 0, 2})),
|
||||||
|
@ -659,7 +659,7 @@ func TestServersGetACLMode(t *testing.T) {
|
||||||
minMode: structs.ACLModeDisabled,
|
minMode: structs.ACLModeDisabled,
|
||||||
leaderMode: structs.ACLModeLegacy,
|
leaderMode: structs.ACLModeLegacy,
|
||||||
},
|
},
|
||||||
"unknown": tcase{
|
"unknown": {
|
||||||
servers: testServersProvider{
|
servers: testServersProvider{
|
||||||
makeServer("primary", structs.ACLModeLegacy, serf.StatusAlive, net.IP([]byte{127, 0, 0, 1})),
|
makeServer("primary", structs.ACLModeLegacy, serf.StatusAlive, net.IP([]byte{127, 0, 0, 1})),
|
||||||
makeServer("primary", structs.ACLModeUnknown, serf.StatusAlive, net.IP([]byte{127, 0, 0, 2})),
|
makeServer("primary", structs.ACLModeUnknown, serf.StatusAlive, net.IP([]byte{127, 0, 0, 2})),
|
||||||
|
@ -670,7 +670,7 @@ func TestServersGetACLMode(t *testing.T) {
|
||||||
minMode: structs.ACLModeUnknown,
|
minMode: structs.ACLModeUnknown,
|
||||||
leaderMode: structs.ACLModeLegacy,
|
leaderMode: structs.ACLModeLegacy,
|
||||||
},
|
},
|
||||||
"legacy": tcase{
|
"legacy": {
|
||||||
servers: testServersProvider{
|
servers: testServersProvider{
|
||||||
makeServer("primary", structs.ACLModeEnabled, serf.StatusAlive, net.IP([]byte{127, 0, 0, 1})),
|
makeServer("primary", structs.ACLModeEnabled, serf.StatusAlive, net.IP([]byte{127, 0, 0, 1})),
|
||||||
makeServer("primary", structs.ACLModeLegacy, serf.StatusAlive, net.IP([]byte{127, 0, 0, 2})),
|
makeServer("primary", structs.ACLModeLegacy, serf.StatusAlive, net.IP([]byte{127, 0, 0, 2})),
|
||||||
|
@ -681,7 +681,7 @@ func TestServersGetACLMode(t *testing.T) {
|
||||||
minMode: structs.ACLModeLegacy,
|
minMode: structs.ACLModeLegacy,
|
||||||
leaderMode: structs.ACLModeEnabled,
|
leaderMode: structs.ACLModeEnabled,
|
||||||
},
|
},
|
||||||
"enabled": tcase{
|
"enabled": {
|
||||||
servers: testServersProvider{
|
servers: testServersProvider{
|
||||||
makeServer("primary", structs.ACLModeEnabled, serf.StatusAlive, net.IP([]byte{127, 0, 0, 1})),
|
makeServer("primary", structs.ACLModeEnabled, serf.StatusAlive, net.IP([]byte{127, 0, 0, 1})),
|
||||||
makeServer("primary", structs.ACLModeEnabled, serf.StatusAlive, net.IP([]byte{127, 0, 0, 2})),
|
makeServer("primary", structs.ACLModeEnabled, serf.StatusAlive, net.IP([]byte{127, 0, 0, 2})),
|
||||||
|
@ -693,7 +693,7 @@ func TestServersGetACLMode(t *testing.T) {
|
||||||
minMode: structs.ACLModeEnabled,
|
minMode: structs.ACLModeEnabled,
|
||||||
leaderMode: structs.ACLModeEnabled,
|
leaderMode: structs.ACLModeEnabled,
|
||||||
},
|
},
|
||||||
"failed-members": tcase{
|
"failed-members": {
|
||||||
servers: testServersProvider{
|
servers: testServersProvider{
|
||||||
makeServer("primary", structs.ACLModeLegacy, serf.StatusAlive, net.IP([]byte{127, 0, 0, 1})),
|
makeServer("primary", structs.ACLModeLegacy, serf.StatusAlive, net.IP([]byte{127, 0, 0, 1})),
|
||||||
makeServer("primary", structs.ACLModeUnknown, serf.StatusFailed, net.IP([]byte{127, 0, 0, 2})),
|
makeServer("primary", structs.ACLModeUnknown, serf.StatusFailed, net.IP([]byte{127, 0, 0, 2})),
|
||||||
|
|
|
@ -76,7 +76,7 @@ func TestDiscoveryChainRead(t *testing.T) {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:web.default.dc1",
|
StartNode: "resolver:web.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:web.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:web.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "web.default.dc1",
|
Name: "web.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -119,7 +119,7 @@ func TestDiscoveryChainRead(t *testing.T) {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:web.default.dc2",
|
StartNode: "resolver:web.default.dc2",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:web.default.dc2": &structs.DiscoveryGraphNode{
|
"resolver:web.default.dc2": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "web.default.dc2",
|
Name: "web.default.dc2",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -171,7 +171,7 @@ func TestDiscoveryChainRead(t *testing.T) {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:web.default.dc1",
|
StartNode: "resolver:web.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:web.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:web.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "web.default.dc1",
|
Name: "web.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -233,7 +233,7 @@ func TestDiscoveryChainRead(t *testing.T) {
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
StartNode: "resolver:web.default.dc1",
|
StartNode: "resolver:web.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:web.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:web.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "web.default.dc1",
|
Name: "web.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
@ -269,7 +269,7 @@ func TestDiscoveryChainRead(t *testing.T) {
|
||||||
CustomizationHash: "98809527",
|
CustomizationHash: "98809527",
|
||||||
StartNode: "resolver:web.default.dc1",
|
StartNode: "resolver:web.default.dc1",
|
||||||
Nodes: map[string]*structs.DiscoveryGraphNode{
|
Nodes: map[string]*structs.DiscoveryGraphNode{
|
||||||
"resolver:web.default.dc1": &structs.DiscoveryGraphNode{
|
"resolver:web.default.dc1": {
|
||||||
Type: structs.DiscoveryGraphNodeTypeResolver,
|
Type: structs.DiscoveryGraphNodeTypeResolver,
|
||||||
Name: "web.default.dc1",
|
Name: "web.default.dc1",
|
||||||
Resolver: &structs.DiscoveryResolver{
|
Resolver: &structs.DiscoveryResolver{
|
||||||
|
|
|
@ -2496,13 +2496,13 @@ func TestDNS_ServiceLookup_WanTranslation(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cases := map[string]testCase{
|
cases := map[string]testCase{
|
||||||
"node-addr-from-dc1": testCase{
|
"node-addr-from-dc1": {
|
||||||
dnsAddr: a1.config.DNSAddrs[0].String(),
|
dnsAddr: a1.config.DNSAddrs[0].String(),
|
||||||
expectedPort: 8080,
|
expectedPort: 8080,
|
||||||
expectedAddress: "127.0.0.1",
|
expectedAddress: "127.0.0.1",
|
||||||
expectedARRName: "foo.node.dc2.consul.",
|
expectedARRName: "foo.node.dc2.consul.",
|
||||||
},
|
},
|
||||||
"node-wan-from-dc1": testCase{
|
"node-wan-from-dc1": {
|
||||||
dnsAddr: a1.config.DNSAddrs[0].String(),
|
dnsAddr: a1.config.DNSAddrs[0].String(),
|
||||||
nodeTaggedAddresses: map[string]string{
|
nodeTaggedAddresses: map[string]string{
|
||||||
"wan": "127.0.0.2",
|
"wan": "127.0.0.2",
|
||||||
|
@ -2511,7 +2511,7 @@ func TestDNS_ServiceLookup_WanTranslation(t *testing.T) {
|
||||||
expectedAddress: "127.0.0.2",
|
expectedAddress: "127.0.0.2",
|
||||||
expectedARRName: "7f000002.addr.dc2.consul.",
|
expectedARRName: "7f000002.addr.dc2.consul.",
|
||||||
},
|
},
|
||||||
"service-addr-from-dc1": testCase{
|
"service-addr-from-dc1": {
|
||||||
dnsAddr: a1.config.DNSAddrs[0].String(),
|
dnsAddr: a1.config.DNSAddrs[0].String(),
|
||||||
nodeTaggedAddresses: map[string]string{
|
nodeTaggedAddresses: map[string]string{
|
||||||
"wan": "127.0.0.2",
|
"wan": "127.0.0.2",
|
||||||
|
@ -2521,14 +2521,14 @@ func TestDNS_ServiceLookup_WanTranslation(t *testing.T) {
|
||||||
expectedAddress: "10.0.1.1",
|
expectedAddress: "10.0.1.1",
|
||||||
expectedARRName: "0a000101.addr.dc2.consul.",
|
expectedARRName: "0a000101.addr.dc2.consul.",
|
||||||
},
|
},
|
||||||
"service-wan-from-dc1": testCase{
|
"service-wan-from-dc1": {
|
||||||
dnsAddr: a1.config.DNSAddrs[0].String(),
|
dnsAddr: a1.config.DNSAddrs[0].String(),
|
||||||
nodeTaggedAddresses: map[string]string{
|
nodeTaggedAddresses: map[string]string{
|
||||||
"wan": "127.0.0.2",
|
"wan": "127.0.0.2",
|
||||||
},
|
},
|
||||||
serviceAddress: "10.0.1.1",
|
serviceAddress: "10.0.1.1",
|
||||||
serviceTaggedAddresses: map[string]structs.ServiceAddress{
|
serviceTaggedAddresses: map[string]structs.ServiceAddress{
|
||||||
"wan": structs.ServiceAddress{
|
"wan": {
|
||||||
Address: "198.18.0.1",
|
Address: "198.18.0.1",
|
||||||
Port: 80,
|
Port: 80,
|
||||||
},
|
},
|
||||||
|
@ -2537,13 +2537,13 @@ func TestDNS_ServiceLookup_WanTranslation(t *testing.T) {
|
||||||
expectedAddress: "198.18.0.1",
|
expectedAddress: "198.18.0.1",
|
||||||
expectedARRName: "c6120001.addr.dc2.consul.",
|
expectedARRName: "c6120001.addr.dc2.consul.",
|
||||||
},
|
},
|
||||||
"node-addr-from-dc2": testCase{
|
"node-addr-from-dc2": {
|
||||||
dnsAddr: a2.config.DNSAddrs[0].String(),
|
dnsAddr: a2.config.DNSAddrs[0].String(),
|
||||||
expectedPort: 8080,
|
expectedPort: 8080,
|
||||||
expectedAddress: "127.0.0.1",
|
expectedAddress: "127.0.0.1",
|
||||||
expectedARRName: "foo.node.dc2.consul.",
|
expectedARRName: "foo.node.dc2.consul.",
|
||||||
},
|
},
|
||||||
"node-wan-from-dc2": testCase{
|
"node-wan-from-dc2": {
|
||||||
dnsAddr: a2.config.DNSAddrs[0].String(),
|
dnsAddr: a2.config.DNSAddrs[0].String(),
|
||||||
nodeTaggedAddresses: map[string]string{
|
nodeTaggedAddresses: map[string]string{
|
||||||
"wan": "127.0.0.2",
|
"wan": "127.0.0.2",
|
||||||
|
@ -2552,7 +2552,7 @@ func TestDNS_ServiceLookup_WanTranslation(t *testing.T) {
|
||||||
expectedAddress: "127.0.0.1",
|
expectedAddress: "127.0.0.1",
|
||||||
expectedARRName: "foo.node.dc2.consul.",
|
expectedARRName: "foo.node.dc2.consul.",
|
||||||
},
|
},
|
||||||
"service-addr-from-dc2": testCase{
|
"service-addr-from-dc2": {
|
||||||
dnsAddr: a2.config.DNSAddrs[0].String(),
|
dnsAddr: a2.config.DNSAddrs[0].String(),
|
||||||
nodeTaggedAddresses: map[string]string{
|
nodeTaggedAddresses: map[string]string{
|
||||||
"wan": "127.0.0.2",
|
"wan": "127.0.0.2",
|
||||||
|
@ -2562,14 +2562,14 @@ func TestDNS_ServiceLookup_WanTranslation(t *testing.T) {
|
||||||
expectedAddress: "10.0.1.1",
|
expectedAddress: "10.0.1.1",
|
||||||
expectedARRName: "0a000101.addr.dc2.consul.",
|
expectedARRName: "0a000101.addr.dc2.consul.",
|
||||||
},
|
},
|
||||||
"service-wan-from-dc2": testCase{
|
"service-wan-from-dc2": {
|
||||||
dnsAddr: a2.config.DNSAddrs[0].String(),
|
dnsAddr: a2.config.DNSAddrs[0].String(),
|
||||||
nodeTaggedAddresses: map[string]string{
|
nodeTaggedAddresses: map[string]string{
|
||||||
"wan": "127.0.0.2",
|
"wan": "127.0.0.2",
|
||||||
},
|
},
|
||||||
serviceAddress: "10.0.1.1",
|
serviceAddress: "10.0.1.1",
|
||||||
serviceTaggedAddresses: map[string]structs.ServiceAddress{
|
serviceTaggedAddresses: map[string]structs.ServiceAddress{
|
||||||
"wan": structs.ServiceAddress{
|
"wan": {
|
||||||
Address: "198.18.0.1",
|
Address: "198.18.0.1",
|
||||||
Port: 80,
|
Port: 80,
|
||||||
},
|
},
|
||||||
|
@ -2685,7 +2685,7 @@ func TestDNS_Lookup_TaggedIPAddresses(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cases := map[string]testCase{
|
cases := map[string]testCase{
|
||||||
"simple-ipv4": testCase{
|
"simple-ipv4": {
|
||||||
serviceAddress: "127.0.0.2",
|
serviceAddress: "127.0.0.2",
|
||||||
nodeAddress: "127.0.0.1",
|
nodeAddress: "127.0.0.1",
|
||||||
|
|
||||||
|
@ -2694,7 +2694,7 @@ func TestDNS_Lookup_TaggedIPAddresses(t *testing.T) {
|
||||||
expectedNodeIPv4Address: "127.0.0.1",
|
expectedNodeIPv4Address: "127.0.0.1",
|
||||||
expectedNodeIPv6Address: "",
|
expectedNodeIPv6Address: "",
|
||||||
},
|
},
|
||||||
"simple-ipv6": testCase{
|
"simple-ipv6": {
|
||||||
serviceAddress: "::2",
|
serviceAddress: "::2",
|
||||||
nodeAddress: "::1",
|
nodeAddress: "::1",
|
||||||
|
|
||||||
|
@ -2703,7 +2703,7 @@ func TestDNS_Lookup_TaggedIPAddresses(t *testing.T) {
|
||||||
expectedNodeIPv6Address: "::1",
|
expectedNodeIPv6Address: "::1",
|
||||||
expectedNodeIPv4Address: "",
|
expectedNodeIPv4Address: "",
|
||||||
},
|
},
|
||||||
"ipv4-with-tagged-ipv6": testCase{
|
"ipv4-with-tagged-ipv6": {
|
||||||
serviceAddress: "127.0.0.2",
|
serviceAddress: "127.0.0.2",
|
||||||
nodeAddress: "127.0.0.1",
|
nodeAddress: "127.0.0.1",
|
||||||
|
|
||||||
|
@ -2719,7 +2719,7 @@ func TestDNS_Lookup_TaggedIPAddresses(t *testing.T) {
|
||||||
expectedNodeIPv4Address: "127.0.0.1",
|
expectedNodeIPv4Address: "127.0.0.1",
|
||||||
expectedNodeIPv6Address: "::1",
|
expectedNodeIPv6Address: "::1",
|
||||||
},
|
},
|
||||||
"ipv6-with-tagged-ipv4": testCase{
|
"ipv6-with-tagged-ipv4": {
|
||||||
serviceAddress: "::2",
|
serviceAddress: "::2",
|
||||||
nodeAddress: "::1",
|
nodeAddress: "::1",
|
||||||
|
|
||||||
|
|
|
@ -302,11 +302,11 @@ func TestEventList_EventBufOrder(t *testing.T) {
|
||||||
expected := &UserEvent{Name: "foo"}
|
expected := &UserEvent{Name: "foo"}
|
||||||
|
|
||||||
for _, e := range []*UserEvent{
|
for _, e := range []*UserEvent{
|
||||||
&UserEvent{Name: "foo"},
|
{Name: "foo"},
|
||||||
&UserEvent{Name: "bar"},
|
{Name: "bar"},
|
||||||
&UserEvent{Name: "foo"},
|
{Name: "foo"},
|
||||||
expected,
|
expected,
|
||||||
&UserEvent{Name: "bar"},
|
{Name: "bar"},
|
||||||
} {
|
} {
|
||||||
if err := a.UserEvent("dc1", "root", e); err != nil {
|
if err := a.UserEvent("dc1", "root", e); err != nil {
|
||||||
t.Fatalf("err: %v", err)
|
t.Fatalf("err: %v", err)
|
||||||
|
|
|
@ -1065,7 +1065,7 @@ func TestHealthServiceNodes_WanTranslation(t *testing.T) {
|
||||||
Address: "127.0.0.1",
|
Address: "127.0.0.1",
|
||||||
Port: 8080,
|
Port: 8080,
|
||||||
TaggedAddresses: map[string]structs.ServiceAddress{
|
TaggedAddresses: map[string]structs.ServiceAddress{
|
||||||
"wan": structs.ServiceAddress{
|
"wan": {
|
||||||
Address: "1.2.3.4",
|
Address: "1.2.3.4",
|
||||||
Port: 80,
|
Port: 80,
|
||||||
},
|
},
|
||||||
|
|
|
@ -226,9 +226,9 @@ var checkTypeHeaderTestCases = []struct {
|
||||||
desc: "filled in map",
|
desc: "filled in map",
|
||||||
in: `{"a": ["aa", "aaa"], "b": ["bb", "bbb", "bbbb"], "c": [], "d": ["dd"]}`,
|
in: `{"a": ["aa", "aaa"], "b": ["bb", "bbb", "bbbb"], "c": [], "d": ["dd"]}`,
|
||||||
want: map[string][]string{
|
want: map[string][]string{
|
||||||
"a": []string{"aa", "aaa"},
|
"a": {"aa", "aaa"},
|
||||||
"b": []string{"bb", "bbb", "bbbb"},
|
"b": {"bb", "bbb", "bbbb"},
|
||||||
"d": []string{"dd"},
|
"d": {"dd"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
|
@ -16,10 +16,10 @@ import (
|
||||||
|
|
||||||
// extra endpoints that should be tested, and their allowed methods
|
// extra endpoints that should be tested, and their allowed methods
|
||||||
var extraTestEndpoints = map[string][]string{
|
var extraTestEndpoints = map[string][]string{
|
||||||
"/v1/query": []string{"GET", "POST"},
|
"/v1/query": {"GET", "POST"},
|
||||||
"/v1/query/": []string{"GET", "PUT", "DELETE"},
|
"/v1/query/": {"GET", "PUT", "DELETE"},
|
||||||
"/v1/query/xxx/execute": []string{"GET"},
|
"/v1/query/xxx/execute": {"GET"},
|
||||||
"/v1/query/xxx/explain": []string{"GET"},
|
"/v1/query/xxx/explain": {"GET"},
|
||||||
}
|
}
|
||||||
|
|
||||||
// These endpoints are ignored in unit testing for response codes
|
// These endpoints are ignored in unit testing for response codes
|
||||||
|
|
|
@ -519,7 +519,7 @@ func TestPreparedQuery_Execute(t *testing.T) {
|
||||||
Address: "10.0.1.1",
|
Address: "10.0.1.1",
|
||||||
Port: 8080,
|
Port: 8080,
|
||||||
TaggedAddresses: map[string]structs.ServiceAddress{
|
TaggedAddresses: map[string]structs.ServiceAddress{
|
||||||
"wan": structs.ServiceAddress{
|
"wan": {
|
||||||
Address: "198.18.0.1",
|
Address: "198.18.0.1",
|
||||||
Port: 80,
|
Port: 80,
|
||||||
},
|
},
|
||||||
|
|
|
@ -175,10 +175,10 @@ func (c *configSnapshotMeshGateway) Datacenters() []string {
|
||||||
}
|
}
|
||||||
|
|
||||||
dcs := make([]string, 0, sz)
|
dcs := make([]string, 0, sz)
|
||||||
for dc, _ := range c.GatewayGroups {
|
for dc := range c.GatewayGroups {
|
||||||
dcs = append(dcs, dc)
|
dcs = append(dcs, dc)
|
||||||
}
|
}
|
||||||
for dc, _ := range c.FedStateGateways {
|
for dc := range c.FedStateGateways {
|
||||||
if _, ok := c.GatewayGroups[dc]; !ok {
|
if _, ok := c.GatewayGroups[dc]; !ok {
|
||||||
dcs = append(dcs, dc)
|
dcs = append(dcs, dc)
|
||||||
}
|
}
|
||||||
|
|
|
@ -97,7 +97,7 @@ func copyProxyConfig(ns *structs.NodeService) (structs.ConnectProxyConfig, error
|
||||||
}
|
}
|
||||||
|
|
||||||
// we can safely modify these since we just copied them
|
// we can safely modify these since we just copied them
|
||||||
for idx, _ := range proxyCfg.Upstreams {
|
for idx := range proxyCfg.Upstreams {
|
||||||
us := &proxyCfg.Upstreams[idx]
|
us := &proxyCfg.Upstreams[idx]
|
||||||
if us.DestinationType != structs.UpstreamDestTypePreparedQuery && us.DestinationNamespace == "" {
|
if us.DestinationType != structs.UpstreamDestTypePreparedQuery && us.DestinationNamespace == "" {
|
||||||
// default the upstreams target namespace to the namespace of the proxy
|
// default the upstreams target namespace to the namespace of the proxy
|
||||||
|
@ -862,7 +862,7 @@ func (s *state) resetWatchesFromChain(
|
||||||
snap.WatchedUpstreams[id][target.ID] = cancel
|
snap.WatchedUpstreams[id][target.ID] = cancel
|
||||||
}
|
}
|
||||||
|
|
||||||
for dc, _ := range needGateways {
|
for dc := range needGateways {
|
||||||
if _, ok := snap.WatchedGateways[id][dc]; ok {
|
if _, ok := snap.WatchedGateways[id][dc]; ok {
|
||||||
continue
|
continue
|
||||||
}
|
}
|
||||||
|
@ -1029,14 +1029,14 @@ func (s *state) handleUpdateTerminatingGateway(u cache.UpdateEvent, snap *Config
|
||||||
}
|
}
|
||||||
|
|
||||||
// Delete gateway service mapping for services that were not in the update
|
// Delete gateway service mapping for services that were not in the update
|
||||||
for sn, _ := range snap.TerminatingGateway.GatewayServices {
|
for sn := range snap.TerminatingGateway.GatewayServices {
|
||||||
if _, ok := svcMap[sn]; !ok {
|
if _, ok := svcMap[sn]; !ok {
|
||||||
delete(snap.TerminatingGateway.GatewayServices, sn)
|
delete(snap.TerminatingGateway.GatewayServices, sn)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Clean up services with hostname mapping for services that were not in the update
|
// Clean up services with hostname mapping for services that were not in the update
|
||||||
for sn, _ := range snap.TerminatingGateway.HostnameServices {
|
for sn := range snap.TerminatingGateway.HostnameServices {
|
||||||
if _, ok := svcMap[sn]; !ok {
|
if _, ok := svcMap[sn]; !ok {
|
||||||
delete(snap.TerminatingGateway.HostnameServices, sn)
|
delete(snap.TerminatingGateway.HostnameServices, sn)
|
||||||
}
|
}
|
||||||
|
@ -1157,7 +1157,7 @@ func (s *state) handleUpdateMeshGateway(u cache.UpdateEvent, snap *ConfigSnapsho
|
||||||
snap.MeshGateway.HostnameDatacenters[dc] = s.hostnameEndpoints(logging.MeshGateway, snap.Datacenter, nodes)
|
snap.MeshGateway.HostnameDatacenters[dc] = s.hostnameEndpoints(logging.MeshGateway, snap.Datacenter, nodes)
|
||||||
}
|
}
|
||||||
|
|
||||||
for dc, _ := range snap.MeshGateway.HostnameDatacenters {
|
for dc := range snap.MeshGateway.HostnameDatacenters {
|
||||||
if _, ok := dcIndexedNodes.DatacenterNodes[dc]; !ok {
|
if _, ok := dcIndexedNodes.DatacenterNodes[dc]; !ok {
|
||||||
delete(snap.MeshGateway.HostnameDatacenters, dc)
|
delete(snap.MeshGateway.HostnameDatacenters, dc)
|
||||||
}
|
}
|
||||||
|
|
|
@ -476,12 +476,12 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
rootWatchEvent(),
|
rootWatchEvent(),
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: leafWatchID,
|
CorrelationID: leafWatchID,
|
||||||
Result: issuedCert,
|
Result: issuedCert,
|
||||||
Err: nil,
|
Err: nil,
|
||||||
},
|
},
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: "discovery-chain:api",
|
CorrelationID: "discovery-chain:api",
|
||||||
Result: &structs.DiscoveryChainResponse{
|
Result: &structs.DiscoveryChainResponse{
|
||||||
Chain: discoverychain.TestCompileConfigEntries(t, "api", "default", "dc1", "trustdomain.consul", "dc1",
|
Chain: discoverychain.TestCompileConfigEntries(t, "api", "default", "dc1", "trustdomain.consul", "dc1",
|
||||||
|
@ -491,7 +491,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
Err: nil,
|
Err: nil,
|
||||||
},
|
},
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: "discovery-chain:api-failover-remote?dc=dc2",
|
CorrelationID: "discovery-chain:api-failover-remote?dc=dc2",
|
||||||
Result: &structs.DiscoveryChainResponse{
|
Result: &structs.DiscoveryChainResponse{
|
||||||
Chain: discoverychain.TestCompileConfigEntries(t, "api-failover-remote", "default", "dc2", "trustdomain.consul", "dc1",
|
Chain: discoverychain.TestCompileConfigEntries(t, "api-failover-remote", "default", "dc2", "trustdomain.consul", "dc1",
|
||||||
|
@ -501,7 +501,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
Err: nil,
|
Err: nil,
|
||||||
},
|
},
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: "discovery-chain:api-failover-local?dc=dc2",
|
CorrelationID: "discovery-chain:api-failover-local?dc=dc2",
|
||||||
Result: &structs.DiscoveryChainResponse{
|
Result: &structs.DiscoveryChainResponse{
|
||||||
Chain: discoverychain.TestCompileConfigEntries(t, "api-failover-local", "default", "dc2", "trustdomain.consul", "dc1",
|
Chain: discoverychain.TestCompileConfigEntries(t, "api-failover-local", "default", "dc2", "trustdomain.consul", "dc1",
|
||||||
|
@ -511,7 +511,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
Err: nil,
|
Err: nil,
|
||||||
},
|
},
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: "discovery-chain:api-failover-direct?dc=dc2",
|
CorrelationID: "discovery-chain:api-failover-direct?dc=dc2",
|
||||||
Result: &structs.DiscoveryChainResponse{
|
Result: &structs.DiscoveryChainResponse{
|
||||||
Chain: discoverychain.TestCompileConfigEntries(t, "api-failover-direct", "default", "dc2", "trustdomain.consul", "dc1",
|
Chain: discoverychain.TestCompileConfigEntries(t, "api-failover-direct", "default", "dc2", "trustdomain.consul", "dc1",
|
||||||
|
@ -521,7 +521,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
Err: nil,
|
Err: nil,
|
||||||
},
|
},
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: "discovery-chain:api-dc2",
|
CorrelationID: "discovery-chain:api-dc2",
|
||||||
Result: &structs.DiscoveryChainResponse{
|
Result: &structs.DiscoveryChainResponse{
|
||||||
Chain: discoverychain.TestCompileConfigEntries(t, "api-dc2", "default", "dc1", "trustdomain.consul", "dc1",
|
Chain: discoverychain.TestCompileConfigEntries(t, "api-dc2", "default", "dc1", "trustdomain.consul", "dc1",
|
||||||
|
@ -603,7 +603,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
apiStr := api.String()
|
apiStr := api.String()
|
||||||
|
|
||||||
cases := map[string]testCase{
|
cases := map[string]testCase{
|
||||||
"initial-gateway": testCase{
|
"initial-gateway": {
|
||||||
ns: structs.NodeService{
|
ns: structs.NodeService{
|
||||||
Kind: structs.ServiceKindMeshGateway,
|
Kind: structs.ServiceKindMeshGateway,
|
||||||
ID: "mesh-gateway",
|
ID: "mesh-gateway",
|
||||||
|
@ -613,7 +613,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
sourceDC: "dc1",
|
sourceDC: "dc1",
|
||||||
stages: []verificationStage{
|
stages: []verificationStage{
|
||||||
verificationStage{
|
{
|
||||||
requiredWatches: map[string]verifyWatchRequest{
|
requiredWatches: map[string]verifyWatchRequest{
|
||||||
rootsWatchID: genVerifyRootsWatch("dc1"),
|
rootsWatchID: genVerifyRootsWatch("dc1"),
|
||||||
serviceListWatchID: genVerifyListServicesWatch("dc1"),
|
serviceListWatchID: genVerifyListServicesWatch("dc1"),
|
||||||
|
@ -624,7 +624,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.True(t, snap.ConnectProxy.IsEmpty())
|
require.True(t, snap.ConnectProxy.IsEmpty())
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
rootWatchEvent(),
|
rootWatchEvent(),
|
||||||
},
|
},
|
||||||
|
@ -640,9 +640,9 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.Empty(t, snap.MeshGateway.GatewayGroups)
|
require.Empty(t, snap.MeshGateway.GatewayGroups)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: serviceListWatchID,
|
CorrelationID: serviceListWatchID,
|
||||||
Result: &structs.IndexedServiceList{
|
Result: &structs.IndexedServiceList{
|
||||||
Services: make(structs.ServiceList, 0),
|
Services: make(structs.ServiceList, 0),
|
||||||
|
@ -664,7 +664,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"mesh-gateway-do-not-cancel-service-watches": testCase{
|
"mesh-gateway-do-not-cancel-service-watches": {
|
||||||
ns: structs.NodeService{
|
ns: structs.NodeService{
|
||||||
Kind: structs.ServiceKindMeshGateway,
|
Kind: structs.ServiceKindMeshGateway,
|
||||||
ID: "mesh-gateway",
|
ID: "mesh-gateway",
|
||||||
|
@ -674,7 +674,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
sourceDC: "dc1",
|
sourceDC: "dc1",
|
||||||
stages: []verificationStage{
|
stages: []verificationStage{
|
||||||
verificationStage{
|
{
|
||||||
requiredWatches: map[string]verifyWatchRequest{
|
requiredWatches: map[string]verifyWatchRequest{
|
||||||
rootsWatchID: genVerifyRootsWatch("dc1"),
|
rootsWatchID: genVerifyRootsWatch("dc1"),
|
||||||
serviceListWatchID: genVerifyListServicesWatch("dc1"),
|
serviceListWatchID: genVerifyListServicesWatch("dc1"),
|
||||||
|
@ -682,7 +682,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
rootWatchEvent(),
|
rootWatchEvent(),
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: serviceListWatchID,
|
CorrelationID: serviceListWatchID,
|
||||||
Result: &structs.IndexedServiceList{
|
Result: &structs.IndexedServiceList{
|
||||||
Services: structs.ServiceList{
|
Services: structs.ServiceList{
|
||||||
|
@ -698,9 +698,9 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.True(t, snap.MeshGateway.WatchedServicesSet)
|
require.True(t, snap.MeshGateway.WatchedServicesSet)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: serviceListWatchID,
|
CorrelationID: serviceListWatchID,
|
||||||
Result: &structs.IndexedServiceList{
|
Result: &structs.IndexedServiceList{
|
||||||
Services: structs.ServiceList{
|
Services: structs.ServiceList{
|
||||||
|
@ -717,9 +717,9 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.True(t, snap.MeshGateway.WatchedServicesSet)
|
require.True(t, snap.MeshGateway.WatchedServicesSet)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: "mesh-gateway:dc4",
|
CorrelationID: "mesh-gateway:dc4",
|
||||||
Result: &structs.IndexedCheckServiceNodes{
|
Result: &structs.IndexedCheckServiceNodes{
|
||||||
Nodes: TestGatewayNodesDC4Hostname(t),
|
Nodes: TestGatewayNodesDC4Hostname(t),
|
||||||
|
@ -761,9 +761,9 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.Equal(t, snap.MeshGateway.HostnameDatacenters["dc4"], expect)
|
require.Equal(t, snap.MeshGateway.HostnameDatacenters["dc4"], expect)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: federationStateListGatewaysWatchID,
|
CorrelationID: federationStateListGatewaysWatchID,
|
||||||
Result: &structs.DatacenterIndexedCheckServiceNodes{
|
Result: &structs.DatacenterIndexedCheckServiceNodes{
|
||||||
DatacenterNodes: map[string]structs.CheckServiceNodes{
|
DatacenterNodes: map[string]structs.CheckServiceNodes{
|
||||||
|
@ -809,7 +809,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"ingress-gateway": testCase{
|
"ingress-gateway": {
|
||||||
ns: structs.NodeService{
|
ns: structs.NodeService{
|
||||||
Kind: structs.ServiceKindIngressGateway,
|
Kind: structs.ServiceKindIngressGateway,
|
||||||
ID: "ingress-gateway",
|
ID: "ingress-gateway",
|
||||||
|
@ -818,7 +818,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
sourceDC: "dc1",
|
sourceDC: "dc1",
|
||||||
stages: []verificationStage{
|
stages: []verificationStage{
|
||||||
verificationStage{
|
{
|
||||||
requiredWatches: map[string]verifyWatchRequest{
|
requiredWatches: map[string]verifyWatchRequest{
|
||||||
rootsWatchID: genVerifyRootsWatch("dc1"),
|
rootsWatchID: genVerifyRootsWatch("dc1"),
|
||||||
gatewayConfigWatchID: genVerifyConfigEntryWatch(structs.IngressGateway, "ingress-gateway", "dc1"),
|
gatewayConfigWatchID: genVerifyConfigEntryWatch(structs.IngressGateway, "ingress-gateway", "dc1"),
|
||||||
|
@ -829,7 +829,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.True(t, snap.IngressGateway.IsEmpty())
|
require.True(t, snap.IngressGateway.IsEmpty())
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
rootWatchEvent(),
|
rootWatchEvent(),
|
||||||
},
|
},
|
||||||
|
@ -838,7 +838,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.Equal(t, indexedRoots, snap.Roots)
|
require.Equal(t, indexedRoots, snap.Roots)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
ingressConfigWatchEvent(false),
|
ingressConfigWatchEvent(false),
|
||||||
},
|
},
|
||||||
|
@ -848,9 +848,9 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.False(t, snap.IngressGateway.TLSEnabled)
|
require.False(t, snap.IngressGateway.TLSEnabled)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: gatewayServicesWatchID,
|
CorrelationID: gatewayServicesWatchID,
|
||||||
Result: &structs.IndexedGatewayServices{
|
Result: &structs.IndexedGatewayServices{
|
||||||
Services: structs.GatewayServices{
|
Services: structs.GatewayServices{
|
||||||
|
@ -885,12 +885,12 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.Contains(t, snap.IngressGateway.WatchedDiscoveryChains, "api")
|
require.Contains(t, snap.IngressGateway.WatchedDiscoveryChains, "api")
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
requiredWatches: map[string]verifyWatchRequest{
|
requiredWatches: map[string]verifyWatchRequest{
|
||||||
leafWatchID: genVerifyLeafWatch("ingress-gateway", "dc1"),
|
leafWatchID: genVerifyLeafWatch("ingress-gateway", "dc1"),
|
||||||
},
|
},
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: leafWatchID,
|
CorrelationID: leafWatchID,
|
||||||
Result: issuedCert,
|
Result: issuedCert,
|
||||||
Err: nil,
|
Err: nil,
|
||||||
|
@ -901,7 +901,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.Equal(t, issuedCert, snap.IngressGateway.Leaf)
|
require.Equal(t, issuedCert, snap.IngressGateway.Leaf)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
requiredWatches: map[string]verifyWatchRequest{
|
requiredWatches: map[string]verifyWatchRequest{
|
||||||
"discovery-chain:api": genVerifyDiscoveryChainWatch(&structs.DiscoveryChainRequest{
|
"discovery-chain:api": genVerifyDiscoveryChainWatch(&structs.DiscoveryChainRequest{
|
||||||
Name: "api",
|
Name: "api",
|
||||||
|
@ -911,7 +911,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
}),
|
}),
|
||||||
},
|
},
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: "discovery-chain:api",
|
CorrelationID: "discovery-chain:api",
|
||||||
Result: &structs.DiscoveryChainResponse{
|
Result: &structs.DiscoveryChainResponse{
|
||||||
Chain: discoverychain.TestCompileConfigEntries(t, "api", "default", "dc1", "trustdomain.consul", "dc1", nil),
|
Chain: discoverychain.TestCompileConfigEntries(t, "api", "default", "dc1", "trustdomain.consul", "dc1", nil),
|
||||||
|
@ -924,12 +924,12 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.Len(t, snap.IngressGateway.WatchedUpstreams["api"], 1)
|
require.Len(t, snap.IngressGateway.WatchedUpstreams["api"], 1)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
requiredWatches: map[string]verifyWatchRequest{
|
requiredWatches: map[string]verifyWatchRequest{
|
||||||
"upstream-target:api.default.dc1:api": genVerifyServiceWatch("api", "", "dc1", true),
|
"upstream-target:api.default.dc1:api": genVerifyServiceWatch("api", "", "dc1", true),
|
||||||
},
|
},
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: "upstream-target:api.default.dc1:api",
|
CorrelationID: "upstream-target:api.default.dc1:api",
|
||||||
Result: &structs.IndexedCheckServiceNodes{
|
Result: &structs.IndexedCheckServiceNodes{
|
||||||
Nodes: structs.CheckServiceNodes{
|
Nodes: structs.CheckServiceNodes{
|
||||||
|
@ -971,7 +971,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"ingress-gateway-with-tls-update-upstreams": testCase{
|
"ingress-gateway-with-tls-update-upstreams": {
|
||||||
ns: structs.NodeService{
|
ns: structs.NodeService{
|
||||||
Kind: structs.ServiceKindIngressGateway,
|
Kind: structs.ServiceKindIngressGateway,
|
||||||
ID: "ingress-gateway",
|
ID: "ingress-gateway",
|
||||||
|
@ -980,7 +980,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
sourceDC: "dc1",
|
sourceDC: "dc1",
|
||||||
stages: []verificationStage{
|
stages: []verificationStage{
|
||||||
verificationStage{
|
{
|
||||||
requiredWatches: map[string]verifyWatchRequest{
|
requiredWatches: map[string]verifyWatchRequest{
|
||||||
rootsWatchID: genVerifyRootsWatch("dc1"),
|
rootsWatchID: genVerifyRootsWatch("dc1"),
|
||||||
gatewayConfigWatchID: genVerifyConfigEntryWatch(structs.IngressGateway, "ingress-gateway", "dc1"),
|
gatewayConfigWatchID: genVerifyConfigEntryWatch(structs.IngressGateway, "ingress-gateway", "dc1"),
|
||||||
|
@ -989,7 +989,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
rootWatchEvent(),
|
rootWatchEvent(),
|
||||||
ingressConfigWatchEvent(true),
|
ingressConfigWatchEvent(true),
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: gatewayServicesWatchID,
|
CorrelationID: gatewayServicesWatchID,
|
||||||
Result: &structs.IndexedGatewayServices{
|
Result: &structs.IndexedGatewayServices{
|
||||||
Services: structs.GatewayServices{
|
Services: structs.GatewayServices{
|
||||||
|
@ -1003,7 +1003,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
Err: nil,
|
Err: nil,
|
||||||
},
|
},
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: leafWatchID,
|
CorrelationID: leafWatchID,
|
||||||
Result: issuedCert,
|
Result: issuedCert,
|
||||||
Err: nil,
|
Err: nil,
|
||||||
|
@ -1020,7 +1020,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.Contains(t, snap.IngressGateway.WatchedDiscoveryChains, "api")
|
require.Contains(t, snap.IngressGateway.WatchedDiscoveryChains, "api")
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
requiredWatches: map[string]verifyWatchRequest{
|
requiredWatches: map[string]verifyWatchRequest{
|
||||||
leafWatchID: genVerifyLeafWatchWithDNSSANs("ingress-gateway", "dc1", []string{
|
leafWatchID: genVerifyLeafWatchWithDNSSANs("ingress-gateway", "dc1", []string{
|
||||||
"test.example.com",
|
"test.example.com",
|
||||||
|
@ -1031,7 +1031,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
}),
|
}),
|
||||||
},
|
},
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: gatewayServicesWatchID,
|
CorrelationID: gatewayServicesWatchID,
|
||||||
Result: &structs.IndexedGatewayServices{},
|
Result: &structs.IndexedGatewayServices{},
|
||||||
Err: nil,
|
Err: nil,
|
||||||
|
@ -1046,7 +1046,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"terminating-gateway-initial": testCase{
|
"terminating-gateway-initial": {
|
||||||
ns: structs.NodeService{
|
ns: structs.NodeService{
|
||||||
Kind: structs.ServiceKindTerminatingGateway,
|
Kind: structs.ServiceKindTerminatingGateway,
|
||||||
ID: "terminating-gateway",
|
ID: "terminating-gateway",
|
||||||
|
@ -1055,7 +1055,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
sourceDC: "dc1",
|
sourceDC: "dc1",
|
||||||
stages: []verificationStage{
|
stages: []verificationStage{
|
||||||
verificationStage{
|
{
|
||||||
requiredWatches: map[string]verifyWatchRequest{
|
requiredWatches: map[string]verifyWatchRequest{
|
||||||
rootsWatchID: genVerifyRootsWatch("dc1"),
|
rootsWatchID: genVerifyRootsWatch("dc1"),
|
||||||
gatewayServicesWatchID: genVerifyServiceSpecificRequest(gatewayServicesWatchID,
|
gatewayServicesWatchID: genVerifyServiceSpecificRequest(gatewayServicesWatchID,
|
||||||
|
@ -1068,7 +1068,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.True(t, snap.IngressGateway.IsEmpty())
|
require.True(t, snap.IngressGateway.IsEmpty())
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
rootWatchEvent(),
|
rootWatchEvent(),
|
||||||
},
|
},
|
||||||
|
@ -1083,7 +1083,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"terminating-gateway-handle-update": testCase{
|
"terminating-gateway-handle-update": {
|
||||||
ns: structs.NodeService{
|
ns: structs.NodeService{
|
||||||
Kind: structs.ServiceKindTerminatingGateway,
|
Kind: structs.ServiceKindTerminatingGateway,
|
||||||
ID: "terminating-gateway",
|
ID: "terminating-gateway",
|
||||||
|
@ -1092,7 +1092,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
sourceDC: "dc1",
|
sourceDC: "dc1",
|
||||||
stages: []verificationStage{
|
stages: []verificationStage{
|
||||||
verificationStage{
|
{
|
||||||
requiredWatches: map[string]verifyWatchRequest{
|
requiredWatches: map[string]verifyWatchRequest{
|
||||||
rootsWatchID: genVerifyRootsWatch("dc1"),
|
rootsWatchID: genVerifyRootsWatch("dc1"),
|
||||||
gatewayServicesWatchID: genVerifyServiceSpecificRequest(gatewayServicesWatchID,
|
gatewayServicesWatchID: genVerifyServiceSpecificRequest(gatewayServicesWatchID,
|
||||||
|
@ -1100,7 +1100,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
},
|
},
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
rootWatchEvent(),
|
rootWatchEvent(),
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: gatewayServicesWatchID,
|
CorrelationID: gatewayServicesWatchID,
|
||||||
Result: &structs.IndexedGatewayServices{
|
Result: &structs.IndexedGatewayServices{
|
||||||
Services: structs.GatewayServices{
|
Services: structs.GatewayServices{
|
||||||
|
@ -1118,9 +1118,9 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.Len(t, snap.TerminatingGateway.WatchedServices, 1)
|
require.Len(t, snap.TerminatingGateway.WatchedServices, 1)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: gatewayServicesWatchID,
|
CorrelationID: gatewayServicesWatchID,
|
||||||
Result: &structs.IndexedGatewayServices{
|
Result: &structs.IndexedGatewayServices{
|
||||||
Services: structs.GatewayServices{
|
Services: structs.GatewayServices{
|
||||||
|
@ -1173,12 +1173,12 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.Contains(t, snap.TerminatingGateway.GatewayServices, api)
|
require.Contains(t, snap.TerminatingGateway.GatewayServices, api)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
requiredWatches: map[string]verifyWatchRequest{
|
requiredWatches: map[string]verifyWatchRequest{
|
||||||
"external-service:" + dbStr: genVerifyServiceWatch("db", "", "dc1", false),
|
"external-service:" + dbStr: genVerifyServiceWatch("db", "", "dc1", false),
|
||||||
},
|
},
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: "external-service:" + dbStr,
|
CorrelationID: "external-service:" + dbStr,
|
||||||
Result: &structs.IndexedCheckServiceNodes{
|
Result: &structs.IndexedCheckServiceNodes{
|
||||||
Nodes: structs.CheckServiceNodes{
|
Nodes: structs.CheckServiceNodes{
|
||||||
|
@ -1215,12 +1215,12 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
)
|
)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
requiredWatches: map[string]verifyWatchRequest{
|
requiredWatches: map[string]verifyWatchRequest{
|
||||||
"external-service:" + apiStr: genVerifyServiceWatch("api", "", "dc1", false),
|
"external-service:" + apiStr: genVerifyServiceWatch("api", "", "dc1", false),
|
||||||
},
|
},
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: "external-service:" + apiStr,
|
CorrelationID: "external-service:" + apiStr,
|
||||||
Result: &structs.IndexedCheckServiceNodes{
|
Result: &structs.IndexedCheckServiceNodes{
|
||||||
Nodes: structs.CheckServiceNodes{
|
Nodes: structs.CheckServiceNodes{
|
||||||
|
@ -1306,12 +1306,12 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.ElementsMatch(t, snap.TerminatingGateway.HostnameServices[sn], expect[:2])
|
require.ElementsMatch(t, snap.TerminatingGateway.HostnameServices[sn], expect[:2])
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
requiredWatches: map[string]verifyWatchRequest{
|
requiredWatches: map[string]verifyWatchRequest{
|
||||||
"service-leaf:" + dbStr: genVerifyLeafWatch("db", "dc1"),
|
"service-leaf:" + dbStr: genVerifyLeafWatch("db", "dc1"),
|
||||||
},
|
},
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: "service-leaf:" + dbStr,
|
CorrelationID: "service-leaf:" + dbStr,
|
||||||
Result: issuedCert,
|
Result: issuedCert,
|
||||||
Err: nil,
|
Err: nil,
|
||||||
|
@ -1321,12 +1321,12 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.Equal(t, snap.TerminatingGateway.ServiceLeaves[structs.NewServiceName("db", nil)], issuedCert)
|
require.Equal(t, snap.TerminatingGateway.ServiceLeaves[structs.NewServiceName("db", nil)], issuedCert)
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
requiredWatches: map[string]verifyWatchRequest{
|
requiredWatches: map[string]verifyWatchRequest{
|
||||||
"service-resolver:" + dbStr: genVerifyResolverWatch("db", "dc1", structs.ServiceResolver),
|
"service-resolver:" + dbStr: genVerifyResolverWatch("db", "dc1", structs.ServiceResolver),
|
||||||
},
|
},
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: "service-resolver:" + dbStr,
|
CorrelationID: "service-resolver:" + dbStr,
|
||||||
Result: &structs.IndexedConfigEntries{
|
Result: &structs.IndexedConfigEntries{
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
|
@ -1356,9 +1356,9 @@ func TestState_WatchesAndUpdates(t *testing.T) {
|
||||||
require.Equal(t, want, snap.TerminatingGateway.ServiceResolvers[structs.NewServiceName("db", nil)])
|
require.Equal(t, want, snap.TerminatingGateway.ServiceResolvers[structs.NewServiceName("db", nil)])
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
verificationStage{
|
{
|
||||||
events: []cache.UpdateEvent{
|
events: []cache.UpdateEvent{
|
||||||
cache.UpdateEvent{
|
{
|
||||||
CorrelationID: gatewayServicesWatchID,
|
CorrelationID: gatewayServicesWatchID,
|
||||||
Result: &structs.IndexedGatewayServices{
|
Result: &structs.IndexedGatewayServices{
|
||||||
Services: structs.GatewayServices{
|
Services: structs.GatewayServices{
|
||||||
|
|
|
@ -102,7 +102,7 @@ func TestIntentions(t testing.T) *structs.IndexedIntentionMatches {
|
||||||
return &structs.IndexedIntentionMatches{
|
return &structs.IndexedIntentionMatches{
|
||||||
Matches: []structs.Intentions{
|
Matches: []structs.Intentions{
|
||||||
[]*structs.Intention{
|
[]*structs.Intention{
|
||||||
&structs.Intention{
|
{
|
||||||
ID: "foo",
|
ID: "foo",
|
||||||
SourceNS: "default",
|
SourceNS: "default",
|
||||||
SourceName: "billing",
|
SourceName: "billing",
|
||||||
|
@ -654,7 +654,7 @@ func TestConfigSnapshot(t testing.T) *ConfigSnapshot {
|
||||||
"db": dbChain,
|
"db": dbChain,
|
||||||
},
|
},
|
||||||
WatchedUpstreamEndpoints: map[string]map[string]structs.CheckServiceNodes{
|
WatchedUpstreamEndpoints: map[string]map[string]structs.CheckServiceNodes{
|
||||||
"db": map[string]structs.CheckServiceNodes{
|
"db": {
|
||||||
"db.default.dc1": TestUpstreamNodes(t),
|
"db.default.dc1": TestUpstreamNodes(t),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -954,10 +954,10 @@ func setupTestVariationConfigEntriesAndSnapshot(
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "db",
|
Name: "db",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.version == v1",
|
Filter: "Service.Meta.version == v1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.version == v2",
|
Filter: "Service.Meta.version == v2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1243,7 +1243,7 @@ func setupTestVariationConfigEntriesAndSnapshot(
|
||||||
"db": dbChain,
|
"db": dbChain,
|
||||||
},
|
},
|
||||||
WatchedUpstreamEndpoints: map[string]map[string]structs.CheckServiceNodes{
|
WatchedUpstreamEndpoints: map[string]map[string]structs.CheckServiceNodes{
|
||||||
"db": map[string]structs.CheckServiceNodes{
|
"db": {
|
||||||
"db.default.dc1": TestUpstreamNodes(t),
|
"db.default.dc1": TestUpstreamNodes(t),
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1265,7 +1265,7 @@ func setupTestVariationConfigEntriesAndSnapshot(
|
||||||
snap.WatchedUpstreamEndpoints["db"]["db.default.dc2"] =
|
snap.WatchedUpstreamEndpoints["db"]["db.default.dc2"] =
|
||||||
TestUpstreamNodesDC2(t)
|
TestUpstreamNodesDC2(t)
|
||||||
snap.WatchedGatewayEndpoints = map[string]map[string]structs.CheckServiceNodes{
|
snap.WatchedGatewayEndpoints = map[string]map[string]structs.CheckServiceNodes{
|
||||||
"db": map[string]structs.CheckServiceNodes{
|
"db": {
|
||||||
"dc2": TestGatewayNodesDC2(t),
|
"dc2": TestGatewayNodesDC2(t),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -1278,7 +1278,7 @@ func setupTestVariationConfigEntriesAndSnapshot(
|
||||||
case "failover-through-double-remote-gateway":
|
case "failover-through-double-remote-gateway":
|
||||||
snap.WatchedUpstreamEndpoints["db"]["db.default.dc3"] = TestUpstreamNodesDC2(t)
|
snap.WatchedUpstreamEndpoints["db"]["db.default.dc3"] = TestUpstreamNodesDC2(t)
|
||||||
snap.WatchedGatewayEndpoints = map[string]map[string]structs.CheckServiceNodes{
|
snap.WatchedGatewayEndpoints = map[string]map[string]structs.CheckServiceNodes{
|
||||||
"db": map[string]structs.CheckServiceNodes{
|
"db": {
|
||||||
"dc2": TestGatewayNodesDC2(t),
|
"dc2": TestGatewayNodesDC2(t),
|
||||||
"dc3": TestGatewayNodesDC3(t),
|
"dc3": TestGatewayNodesDC3(t),
|
||||||
},
|
},
|
||||||
|
@ -1291,7 +1291,7 @@ func setupTestVariationConfigEntriesAndSnapshot(
|
||||||
snap.WatchedUpstreamEndpoints["db"]["db.default.dc2"] =
|
snap.WatchedUpstreamEndpoints["db"]["db.default.dc2"] =
|
||||||
TestUpstreamNodesDC2(t)
|
TestUpstreamNodesDC2(t)
|
||||||
snap.WatchedGatewayEndpoints = map[string]map[string]structs.CheckServiceNodes{
|
snap.WatchedGatewayEndpoints = map[string]map[string]structs.CheckServiceNodes{
|
||||||
"db": map[string]structs.CheckServiceNodes{
|
"db": {
|
||||||
"dc1": TestGatewayNodesDC1(t),
|
"dc1": TestGatewayNodesDC1(t),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -1304,7 +1304,7 @@ func setupTestVariationConfigEntriesAndSnapshot(
|
||||||
case "failover-through-double-local-gateway":
|
case "failover-through-double-local-gateway":
|
||||||
snap.WatchedUpstreamEndpoints["db"]["db.default.dc3"] = TestUpstreamNodesDC2(t)
|
snap.WatchedUpstreamEndpoints["db"]["db.default.dc3"] = TestUpstreamNodesDC2(t)
|
||||||
snap.WatchedGatewayEndpoints = map[string]map[string]structs.CheckServiceNodes{
|
snap.WatchedGatewayEndpoints = map[string]map[string]structs.CheckServiceNodes{
|
||||||
"db": map[string]structs.CheckServiceNodes{
|
"db": {
|
||||||
"dc1": TestGatewayNodesDC1(t),
|
"dc1": TestGatewayNodesDC1(t),
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -1355,11 +1355,11 @@ func testConfigSnapshotMeshGateway(t testing.T, populateServices bool, useFedera
|
||||||
Config: map[string]interface{}{},
|
Config: map[string]interface{}{},
|
||||||
},
|
},
|
||||||
TaggedAddresses: map[string]structs.ServiceAddress{
|
TaggedAddresses: map[string]structs.ServiceAddress{
|
||||||
structs.TaggedAddressLAN: structs.ServiceAddress{
|
structs.TaggedAddressLAN: {
|
||||||
Address: "1.2.3.4",
|
Address: "1.2.3.4",
|
||||||
Port: 8443,
|
Port: 8443,
|
||||||
},
|
},
|
||||||
structs.TaggedAddressWAN: structs.ServiceAddress{
|
structs.TaggedAddressWAN: {
|
||||||
Address: "198.18.0.1",
|
Address: "198.18.0.1",
|
||||||
Port: 443,
|
Port: 443,
|
||||||
},
|
},
|
||||||
|
@ -1535,7 +1535,7 @@ func testConfigSnapshotIngressGateway(
|
||||||
t, variation, leaf, additionalEntries...,
|
t, variation, leaf, additionalEntries...,
|
||||||
),
|
),
|
||||||
Upstreams: map[IngressListenerKey]structs.Upstreams{
|
Upstreams: map[IngressListenerKey]structs.Upstreams{
|
||||||
IngressListenerKey{protocol, 9191}: structs.Upstreams{
|
{protocol, 9191}: {
|
||||||
{
|
{
|
||||||
// We rely on this one having default type in a few tests...
|
// We rely on this one having default type in a few tests...
|
||||||
DestinationName: "db",
|
DestinationName: "db",
|
||||||
|
@ -1597,7 +1597,7 @@ func testConfigSnapshotTerminatingGateway(t testing.T, populateServices bool) *C
|
||||||
ProxyID: structs.NewServiceID("terminating-gateway", nil),
|
ProxyID: structs.NewServiceID("terminating-gateway", nil),
|
||||||
Address: "1.2.3.4",
|
Address: "1.2.3.4",
|
||||||
TaggedAddresses: map[string]structs.ServiceAddress{
|
TaggedAddresses: map[string]structs.ServiceAddress{
|
||||||
structs.TaggedAddressWAN: structs.ServiceAddress{
|
structs.TaggedAddressWAN: {
|
||||||
Address: "198.18.0.1",
|
Address: "198.18.0.1",
|
||||||
Port: 443,
|
Port: 443,
|
||||||
},
|
},
|
||||||
|
@ -1741,7 +1741,7 @@ func TestConfigSnapshotIngress_MultipleListenersDuplicateService(t testing.T) *C
|
||||||
snap := TestConfigSnapshotIngress_HTTPMultipleServices(t)
|
snap := TestConfigSnapshotIngress_HTTPMultipleServices(t)
|
||||||
|
|
||||||
snap.IngressGateway.Upstreams = map[IngressListenerKey]structs.Upstreams{
|
snap.IngressGateway.Upstreams = map[IngressListenerKey]structs.Upstreams{
|
||||||
IngressListenerKey{Protocol: "http", Port: 8080}: structs.Upstreams{
|
{Protocol: "http", Port: 8080}: {
|
||||||
{
|
{
|
||||||
DestinationName: "foo",
|
DestinationName: "foo",
|
||||||
LocalBindPort: 8080,
|
LocalBindPort: 8080,
|
||||||
|
@ -1751,7 +1751,7 @@ func TestConfigSnapshotIngress_MultipleListenersDuplicateService(t testing.T) *C
|
||||||
LocalBindPort: 8080,
|
LocalBindPort: 8080,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
IngressListenerKey{Protocol: "http", Port: 443}: structs.Upstreams{
|
{Protocol: "http", Port: 443}: {
|
||||||
{
|
{
|
||||||
DestinationName: "foo",
|
DestinationName: "foo",
|
||||||
LocalBindPort: 443,
|
LocalBindPort: 443,
|
||||||
|
|
|
@ -316,9 +316,9 @@ func TestServers_RebalanceServers_AvoidFailed(t *testing.T) {
|
||||||
// of trials with a small number of servers to try to make sure
|
// of trials with a small number of servers to try to make sure
|
||||||
// the shuffle alone won't give the right answer.
|
// the shuffle alone won't give the right answer.
|
||||||
servers := []*metadata.Server{
|
servers := []*metadata.Server{
|
||||||
&metadata.Server{Name: "s1", Addr: &fauxAddr{"s1"}},
|
{Name: "s1", Addr: &fauxAddr{"s1"}},
|
||||||
&metadata.Server{Name: "s2", Addr: &fauxAddr{"s2"}},
|
{Name: "s2", Addr: &fauxAddr{"s2"}},
|
||||||
&metadata.Server{Name: "s3", Addr: &fauxAddr{"s3"}},
|
{Name: "s3", Addr: &fauxAddr{"s3"}},
|
||||||
}
|
}
|
||||||
for i := 0; i < 100; i++ {
|
for i := 0; i < 100; i++ {
|
||||||
m := testManagerFailAddr(t, &fauxAddr{"s2"})
|
m := testManagerFailAddr(t, &fauxAddr{"s2"})
|
||||||
|
|
|
@ -172,14 +172,14 @@ func (a *Agent) sidecarServiceFromNodeService(ns *structs.NodeService, token str
|
||||||
// Setup default check if none given
|
// Setup default check if none given
|
||||||
if len(checks) < 1 {
|
if len(checks) < 1 {
|
||||||
checks = []*structs.CheckType{
|
checks = []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
Name: "Connect Sidecar Listening",
|
Name: "Connect Sidecar Listening",
|
||||||
// Default to localhost rather than agent/service public IP. The checks
|
// Default to localhost rather than agent/service public IP. The checks
|
||||||
// can always be overridden if a non-loopback IP is needed.
|
// can always be overridden if a non-loopback IP is needed.
|
||||||
TCP: ipaddr.FormatAddressPort(sidecar.Proxy.LocalServiceAddress, sidecar.Port),
|
TCP: ipaddr.FormatAddressPort(sidecar.Proxy.LocalServiceAddress, sidecar.Port),
|
||||||
Interval: 10 * time.Second,
|
Interval: 10 * time.Second,
|
||||||
},
|
},
|
||||||
&structs.CheckType{
|
{
|
||||||
Name: "Connect Sidecar Aliasing " + ns.ID,
|
Name: "Connect Sidecar Aliasing " + ns.ID,
|
||||||
AliasService: ns.ID,
|
AliasService: ns.ID,
|
||||||
},
|
},
|
||||||
|
|
|
@ -60,12 +60,12 @@ func TestAgent_sidecarServiceFromNodeService(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
wantChecks: []*structs.CheckType{
|
wantChecks: []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
Name: "Connect Sidecar Listening",
|
Name: "Connect Sidecar Listening",
|
||||||
TCP: "127.0.0.1:2222",
|
TCP: "127.0.0.1:2222",
|
||||||
Interval: 10 * time.Second,
|
Interval: 10 * time.Second,
|
||||||
},
|
},
|
||||||
&structs.CheckType{
|
{
|
||||||
Name: "Connect Sidecar Aliasing web1",
|
Name: "Connect Sidecar Aliasing web1",
|
||||||
AliasService: "web1",
|
AliasService: "web1",
|
||||||
},
|
},
|
||||||
|
@ -128,7 +128,7 @@ func TestAgent_sidecarServiceFromNodeService(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
wantChecks: []*structs.CheckType{
|
wantChecks: []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
ScriptArgs: []string{"sleep", "1"},
|
ScriptArgs: []string{"sleep", "1"},
|
||||||
Interval: 999 * time.Second,
|
Interval: 999 * time.Second,
|
||||||
},
|
},
|
||||||
|
@ -200,12 +200,12 @@ func TestAgent_sidecarServiceFromNodeService(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
wantChecks: []*structs.CheckType{
|
wantChecks: []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
Name: "Connect Sidecar Listening",
|
Name: "Connect Sidecar Listening",
|
||||||
TCP: "127.0.0.1:2222",
|
TCP: "127.0.0.1:2222",
|
||||||
Interval: 10 * time.Second,
|
Interval: 10 * time.Second,
|
||||||
},
|
},
|
||||||
&structs.CheckType{
|
{
|
||||||
Name: "Connect Sidecar Aliasing web1",
|
Name: "Connect Sidecar Aliasing web1",
|
||||||
AliasService: "web1",
|
AliasService: "web1",
|
||||||
},
|
},
|
||||||
|
@ -288,12 +288,12 @@ func TestAgent_sidecarServiceFromNodeService(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
wantChecks: []*structs.CheckType{
|
wantChecks: []*structs.CheckType{
|
||||||
&structs.CheckType{
|
{
|
||||||
Name: "Connect Sidecar Listening",
|
Name: "Connect Sidecar Listening",
|
||||||
TCP: "127.0.0.1:2222",
|
TCP: "127.0.0.1:2222",
|
||||||
Interval: 10 * time.Second,
|
Interval: 10 * time.Second,
|
||||||
},
|
},
|
||||||
&structs.CheckType{
|
{
|
||||||
Name: "Connect Sidecar Aliasing web1",
|
Name: "Connect Sidecar Aliasing web1",
|
||||||
AliasService: "web1",
|
AliasService: "web1",
|
||||||
},
|
},
|
||||||
|
|
|
@ -83,7 +83,7 @@ func TestStructs_ACLToken_Convert(t *testing.T) {
|
||||||
SecretID: "67c29ecd-cabc-42e0-a20e-771e9a1ab70c",
|
SecretID: "67c29ecd-cabc-42e0-a20e-771e9a1ab70c",
|
||||||
Description: "new token",
|
Description: "new token",
|
||||||
Policies: []ACLTokenPolicyLink{
|
Policies: []ACLTokenPolicyLink{
|
||||||
ACLTokenPolicyLink{
|
{
|
||||||
ID: ACLPolicyGlobalManagementID,
|
ID: ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -122,7 +122,7 @@ func TestStructs_ACLToken_Convert(t *testing.T) {
|
||||||
SecretID: "67c29ecd-cabc-42e0-a20e-771e9a1ab70c",
|
SecretID: "67c29ecd-cabc-42e0-a20e-771e9a1ab70c",
|
||||||
Description: "new token",
|
Description: "new token",
|
||||||
Policies: []ACLTokenPolicyLink{
|
Policies: []ACLTokenPolicyLink{
|
||||||
ACLTokenPolicyLink{
|
{
|
||||||
ID: ACLPolicyGlobalManagementID,
|
ID: ACLPolicyGlobalManagementID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -16,13 +16,13 @@ func TestStructs_ACLToken_PolicyIDs(t *testing.T) {
|
||||||
|
|
||||||
token := &ACLToken{
|
token := &ACLToken{
|
||||||
Policies: []ACLTokenPolicyLink{
|
Policies: []ACLTokenPolicyLink{
|
||||||
ACLTokenPolicyLink{
|
{
|
||||||
ID: "one",
|
ID: "one",
|
||||||
},
|
},
|
||||||
ACLTokenPolicyLink{
|
{
|
||||||
ID: "two",
|
ID: "two",
|
||||||
},
|
},
|
||||||
ACLTokenPolicyLink{
|
{
|
||||||
ID: "three",
|
ID: "three",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -179,13 +179,13 @@ func TestStructs_ACLToken_SetHash(t *testing.T) {
|
||||||
SecretID: "65e98e67-9b29-470c-8ffa-7c5a23cc67c8",
|
SecretID: "65e98e67-9b29-470c-8ffa-7c5a23cc67c8",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []ACLTokenPolicyLink{
|
Policies: []ACLTokenPolicyLink{
|
||||||
ACLTokenPolicyLink{
|
{
|
||||||
ID: "one",
|
ID: "one",
|
||||||
},
|
},
|
||||||
ACLTokenPolicyLink{
|
{
|
||||||
ID: "two",
|
ID: "two",
|
||||||
},
|
},
|
||||||
ACLTokenPolicyLink{
|
{
|
||||||
ID: "three",
|
ID: "three",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -224,13 +224,13 @@ func TestStructs_ACLToken_EstimateSize(t *testing.T) {
|
||||||
SecretID: "65e98e67-9b29-470c-8ffa-7c5a23cc67c8",
|
SecretID: "65e98e67-9b29-470c-8ffa-7c5a23cc67c8",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []ACLTokenPolicyLink{
|
Policies: []ACLTokenPolicyLink{
|
||||||
ACLTokenPolicyLink{
|
{
|
||||||
ID: "one",
|
ID: "one",
|
||||||
},
|
},
|
||||||
ACLTokenPolicyLink{
|
{
|
||||||
ID: "two",
|
ID: "two",
|
||||||
},
|
},
|
||||||
ACLTokenPolicyLink{
|
{
|
||||||
ID: "three",
|
ID: "three",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -250,13 +250,13 @@ func TestStructs_ACLToken_Stub(t *testing.T) {
|
||||||
SecretID: "65e98e67-9b29-470c-8ffa-7c5a23cc67c8",
|
SecretID: "65e98e67-9b29-470c-8ffa-7c5a23cc67c8",
|
||||||
Description: "test",
|
Description: "test",
|
||||||
Policies: []ACLTokenPolicyLink{
|
Policies: []ACLTokenPolicyLink{
|
||||||
ACLTokenPolicyLink{
|
{
|
||||||
ID: "one",
|
ID: "one",
|
||||||
},
|
},
|
||||||
ACLTokenPolicyLink{
|
{
|
||||||
ID: "two",
|
ID: "two",
|
||||||
},
|
},
|
||||||
ACLTokenPolicyLink{
|
{
|
||||||
ID: "three",
|
ID: "three",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -221,7 +221,7 @@ func (e *ServiceRouterConfigEntry) ListRelatedServices() []ServiceID {
|
||||||
}
|
}
|
||||||
|
|
||||||
out := make([]ServiceID, 0, len(found))
|
out := make([]ServiceID, 0, len(found))
|
||||||
for svc, _ := range found {
|
for svc := range found {
|
||||||
out = append(out, svc)
|
out = append(out, svc)
|
||||||
}
|
}
|
||||||
sort.Slice(out, func(i, j int) bool {
|
sort.Slice(out, func(i, j int) bool {
|
||||||
|
@ -545,7 +545,7 @@ func (e *ServiceSplitterConfigEntry) ListRelatedServices() []ServiceID {
|
||||||
}
|
}
|
||||||
|
|
||||||
out := make([]ServiceID, 0, len(found))
|
out := make([]ServiceID, 0, len(found))
|
||||||
for svc, _ := range found {
|
for svc := range found {
|
||||||
out = append(out, svc)
|
out = append(out, svc)
|
||||||
}
|
}
|
||||||
sort.Slice(out, func(i, j int) bool {
|
sort.Slice(out, func(i, j int) bool {
|
||||||
|
@ -728,7 +728,7 @@ func (e *ServiceResolverConfigEntry) Validate() error {
|
||||||
}
|
}
|
||||||
|
|
||||||
if len(e.Subsets) > 0 {
|
if len(e.Subsets) > 0 {
|
||||||
for name, _ := range e.Subsets {
|
for name := range e.Subsets {
|
||||||
if name == "" {
|
if name == "" {
|
||||||
return fmt.Errorf("Subset defined with empty name")
|
return fmt.Errorf("Subset defined with empty name")
|
||||||
}
|
}
|
||||||
|
@ -859,7 +859,7 @@ func (e *ServiceResolverConfigEntry) ListRelatedServices() []ServiceID {
|
||||||
}
|
}
|
||||||
|
|
||||||
out := make([]ServiceID, 0, len(found))
|
out := make([]ServiceID, 0, len(found))
|
||||||
for svc, _ := range found {
|
for svc := range found {
|
||||||
out = append(out, svc)
|
out = append(out, svc)
|
||||||
}
|
}
|
||||||
sort.Slice(out, func(i, j int) bool {
|
sort.Slice(out, func(i, j int) bool {
|
||||||
|
|
|
@ -114,10 +114,10 @@ func TestConfigEntries_ListRelatedServices_AndACLs(t *testing.T) {
|
||||||
"bar": {OnlyPassing: true},
|
"bar": {OnlyPassing: true},
|
||||||
},
|
},
|
||||||
Failover: map[string]ServiceResolverFailover{
|
Failover: map[string]ServiceResolverFailover{
|
||||||
"foo": ServiceResolverFailover{
|
"foo": {
|
||||||
Service: "other1",
|
Service: "other1",
|
||||||
},
|
},
|
||||||
"bar": ServiceResolverFailover{
|
"bar": {
|
||||||
Service: "other2",
|
Service: "other2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -372,7 +372,7 @@ func TestServiceResolverConfigEntry(t *testing.T) {
|
||||||
Kind: ServiceResolver,
|
Kind: ServiceResolver,
|
||||||
Name: "test",
|
Name: "test",
|
||||||
Failover: map[string]ServiceResolverFailover{
|
Failover: map[string]ServiceResolverFailover{
|
||||||
"*": ServiceResolverFailover{
|
"*": {
|
||||||
Datacenters: []string{"dc2"},
|
Datacenters: []string{"dc2"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -384,7 +384,7 @@ func TestServiceResolverConfigEntry(t *testing.T) {
|
||||||
Kind: ServiceResolver,
|
Kind: ServiceResolver,
|
||||||
Name: "test",
|
Name: "test",
|
||||||
Failover: map[string]ServiceResolverFailover{
|
Failover: map[string]ServiceResolverFailover{
|
||||||
"gone": ServiceResolverFailover{
|
"gone": {
|
||||||
Datacenters: []string{"dc2"},
|
Datacenters: []string{"dc2"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -400,7 +400,7 @@ func TestServiceResolverConfigEntry(t *testing.T) {
|
||||||
"v1": {Filter: "Service.Meta.version == v1"},
|
"v1": {Filter: "Service.Meta.version == v1"},
|
||||||
},
|
},
|
||||||
Failover: map[string]ServiceResolverFailover{
|
Failover: map[string]ServiceResolverFailover{
|
||||||
"v1": ServiceResolverFailover{
|
"v1": {
|
||||||
Datacenters: []string{"dc2"},
|
Datacenters: []string{"dc2"},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -415,7 +415,7 @@ func TestServiceResolverConfigEntry(t *testing.T) {
|
||||||
"v1": {Filter: "Service.Meta.version == v1"},
|
"v1": {Filter: "Service.Meta.version == v1"},
|
||||||
},
|
},
|
||||||
Failover: map[string]ServiceResolverFailover{
|
Failover: map[string]ServiceResolverFailover{
|
||||||
"v1": ServiceResolverFailover{},
|
"v1": {},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
validateErr: `Bad Failover["v1"] one of Service, ServiceSubset, Namespace, or Datacenters is required`,
|
validateErr: `Bad Failover["v1"] one of Service, ServiceSubset, Namespace, or Datacenters is required`,
|
||||||
|
@ -429,7 +429,7 @@ func TestServiceResolverConfigEntry(t *testing.T) {
|
||||||
"v1": {Filter: "Service.Meta.version == v1"},
|
"v1": {Filter: "Service.Meta.version == v1"},
|
||||||
},
|
},
|
||||||
Failover: map[string]ServiceResolverFailover{
|
Failover: map[string]ServiceResolverFailover{
|
||||||
"v1": ServiceResolverFailover{
|
"v1": {
|
||||||
Service: "test",
|
Service: "test",
|
||||||
ServiceSubset: "gone",
|
ServiceSubset: "gone",
|
||||||
},
|
},
|
||||||
|
@ -447,7 +447,7 @@ func TestServiceResolverConfigEntry(t *testing.T) {
|
||||||
"v2": {Filter: "Service.Meta.version == v2"},
|
"v2": {Filter: "Service.Meta.version == v2"},
|
||||||
},
|
},
|
||||||
Failover: map[string]ServiceResolverFailover{
|
Failover: map[string]ServiceResolverFailover{
|
||||||
"v1": ServiceResolverFailover{
|
"v1": {
|
||||||
Service: "test",
|
Service: "test",
|
||||||
ServiceSubset: "v2",
|
ServiceSubset: "v2",
|
||||||
},
|
},
|
||||||
|
@ -460,7 +460,7 @@ func TestServiceResolverConfigEntry(t *testing.T) {
|
||||||
Kind: ServiceResolver,
|
Kind: ServiceResolver,
|
||||||
Name: "test",
|
Name: "test",
|
||||||
Failover: map[string]ServiceResolverFailover{
|
Failover: map[string]ServiceResolverFailover{
|
||||||
"*": ServiceResolverFailover{
|
"*": {
|
||||||
Service: "backup",
|
Service: "backup",
|
||||||
Datacenters: []string{"", "dc2", "dc3"},
|
Datacenters: []string{"", "dc2", "dc3"},
|
||||||
},
|
},
|
||||||
|
|
|
@ -622,33 +622,33 @@ func TestDecodeConfigEntry(t *testing.T) {
|
||||||
Enabled: true,
|
Enabled: true,
|
||||||
},
|
},
|
||||||
Listeners: []IngressListener{
|
Listeners: []IngressListener{
|
||||||
IngressListener{
|
{
|
||||||
Port: 8080,
|
Port: 8080,
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
Services: []IngressService{
|
Services: []IngressService{
|
||||||
IngressService{
|
{
|
||||||
Name: "web",
|
Name: "web",
|
||||||
Hosts: []string{"test.example.com", "test2.example.com"},
|
Hosts: []string{"test.example.com", "test2.example.com"},
|
||||||
},
|
},
|
||||||
IngressService{
|
{
|
||||||
Name: "db",
|
Name: "db",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
IngressListener{
|
{
|
||||||
Port: 9999,
|
Port: 9999,
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
Services: []IngressService{
|
Services: []IngressService{
|
||||||
IngressService{
|
{
|
||||||
Name: "mysql",
|
Name: "mysql",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
IngressListener{
|
{
|
||||||
Port: 2234,
|
Port: 2234,
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
Services: []IngressService{
|
Services: []IngressService{
|
||||||
IngressService{
|
{
|
||||||
Name: "postgres",
|
Name: "postgres",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -760,13 +760,13 @@ func TestServiceConfigResponse_MsgPack(t *testing.T) {
|
||||||
// },
|
// },
|
||||||
},
|
},
|
||||||
UpstreamConfigs: map[string]map[string]interface{}{
|
UpstreamConfigs: map[string]map[string]interface{}{
|
||||||
"a": map[string]interface{}{
|
"a": {
|
||||||
"string": "aaaa",
|
"string": "aaaa",
|
||||||
// "map": map[string]interface{}{
|
// "map": map[string]interface{}{
|
||||||
// "baz": "aa",
|
// "baz": "aa",
|
||||||
// },
|
// },
|
||||||
},
|
},
|
||||||
"b": map[string]interface{}{
|
"b": {
|
||||||
"string": "bbbb",
|
"string": "bbbb",
|
||||||
// "map": map[string]interface{}{
|
// "map": map[string]interface{}{
|
||||||
// "baz": "bb",
|
// "baz": "bb",
|
||||||
|
@ -793,8 +793,8 @@ func TestServiceConfigResponse_MsgPack(t *testing.T) {
|
||||||
func TestConfigEntryResponseMarshalling(t *testing.T) {
|
func TestConfigEntryResponseMarshalling(t *testing.T) {
|
||||||
|
|
||||||
cases := map[string]ConfigEntryResponse{
|
cases := map[string]ConfigEntryResponse{
|
||||||
"nil entry": ConfigEntryResponse{},
|
"nil entry": {},
|
||||||
"proxy-default entry": ConfigEntryResponse{
|
"proxy-default entry": {
|
||||||
Entry: &ProxyConfigEntry{
|
Entry: &ProxyConfigEntry{
|
||||||
Kind: ProxyDefaults,
|
Kind: ProxyDefaults,
|
||||||
Name: ProxyConfigGlobal,
|
Name: ProxyConfigGlobal,
|
||||||
|
@ -803,7 +803,7 @@ func TestConfigEntryResponseMarshalling(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"service-default entry": ConfigEntryResponse{
|
"service-default entry": {
|
||||||
Entry: &ServiceConfigEntry{
|
Entry: &ServiceConfigEntry{
|
||||||
Kind: ServiceDefaults,
|
Kind: ServiceDefaults,
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
|
|
|
@ -19,7 +19,7 @@ func TestIntention_ACLs(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cases := map[string]testCase{
|
cases := map[string]testCase{
|
||||||
"all-denied": testCase{
|
"all-denied": {
|
||||||
intention: Intention{
|
intention: Intention{
|
||||||
SourceNS: "default",
|
SourceNS: "default",
|
||||||
SourceName: "web",
|
SourceName: "web",
|
||||||
|
@ -29,7 +29,7 @@ func TestIntention_ACLs(t *testing.T) {
|
||||||
read: false,
|
read: false,
|
||||||
write: false,
|
write: false,
|
||||||
},
|
},
|
||||||
"deny-write-read-dest": testCase{
|
"deny-write-read-dest": {
|
||||||
rules: `service "api" { policy = "deny" intentions = "read" }`,
|
rules: `service "api" { policy = "deny" intentions = "read" }`,
|
||||||
intention: Intention{
|
intention: Intention{
|
||||||
SourceNS: "default",
|
SourceNS: "default",
|
||||||
|
@ -40,7 +40,7 @@ func TestIntention_ACLs(t *testing.T) {
|
||||||
read: true,
|
read: true,
|
||||||
write: false,
|
write: false,
|
||||||
},
|
},
|
||||||
"deny-write-read-source": testCase{
|
"deny-write-read-source": {
|
||||||
rules: `service "web" { policy = "deny" intentions = "read" }`,
|
rules: `service "web" { policy = "deny" intentions = "read" }`,
|
||||||
intention: Intention{
|
intention: Intention{
|
||||||
SourceNS: "default",
|
SourceNS: "default",
|
||||||
|
@ -51,7 +51,7 @@ func TestIntention_ACLs(t *testing.T) {
|
||||||
read: true,
|
read: true,
|
||||||
write: false,
|
write: false,
|
||||||
},
|
},
|
||||||
"allow-write-with-dest-write": testCase{
|
"allow-write-with-dest-write": {
|
||||||
rules: `service "api" { policy = "deny" intentions = "write" }`,
|
rules: `service "api" { policy = "deny" intentions = "write" }`,
|
||||||
intention: Intention{
|
intention: Intention{
|
||||||
SourceNS: "default",
|
SourceNS: "default",
|
||||||
|
@ -62,7 +62,7 @@ func TestIntention_ACLs(t *testing.T) {
|
||||||
read: true,
|
read: true,
|
||||||
write: true,
|
write: true,
|
||||||
},
|
},
|
||||||
"deny-write-with-source-write": testCase{
|
"deny-write-with-source-write": {
|
||||||
rules: `service "web" { policy = "deny" intentions = "write" }`,
|
rules: `service "web" { policy = "deny" intentions = "write" }`,
|
||||||
intention: Intention{
|
intention: Intention{
|
||||||
SourceNS: "default",
|
SourceNS: "default",
|
||||||
|
@ -73,7 +73,7 @@ func TestIntention_ACLs(t *testing.T) {
|
||||||
read: true,
|
read: true,
|
||||||
write: false,
|
write: false,
|
||||||
},
|
},
|
||||||
"deny-wildcard-write-allow-read": testCase{
|
"deny-wildcard-write-allow-read": {
|
||||||
rules: `service "*" { policy = "deny" intentions = "write" }`,
|
rules: `service "*" { policy = "deny" intentions = "write" }`,
|
||||||
intention: Intention{
|
intention: Intention{
|
||||||
SourceNS: "default",
|
SourceNS: "default",
|
||||||
|
@ -86,7 +86,7 @@ func TestIntention_ACLs(t *testing.T) {
|
||||||
read: true,
|
read: true,
|
||||||
write: false,
|
write: false,
|
||||||
},
|
},
|
||||||
"allow-wildcard-write": testCase{
|
"allow-wildcard-write": {
|
||||||
rules: `service_prefix "" { policy = "deny" intentions = "write" }`,
|
rules: `service_prefix "" { policy = "deny" intentions = "write" }`,
|
||||||
intention: Intention{
|
intention: Intention{
|
||||||
SourceNS: "default",
|
SourceNS: "default",
|
||||||
|
@ -97,7 +97,7 @@ func TestIntention_ACLs(t *testing.T) {
|
||||||
read: true,
|
read: true,
|
||||||
write: true,
|
write: true,
|
||||||
},
|
},
|
||||||
"allow-wildcard-read": testCase{
|
"allow-wildcard-read": {
|
||||||
rules: `service "foo" { policy = "deny" intentions = "read" }`,
|
rules: `service "foo" { policy = "deny" intentions = "read" }`,
|
||||||
intention: Intention{
|
intention: Intention{
|
||||||
SourceNS: "default",
|
SourceNS: "default",
|
||||||
|
|
|
@ -120,7 +120,7 @@ const (
|
||||||
WildcardSpecifier = "*"
|
WildcardSpecifier = "*"
|
||||||
)
|
)
|
||||||
|
|
||||||
var allowedConsulMetaKeysForMeshGateway = map[string]struct{}{MetaWANFederationKey: struct{}{}}
|
var allowedConsulMetaKeysForMeshGateway = map[string]struct{}{MetaWANFederationKey: {}}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
NodeMaintCheckID = NewCheckID(NodeMaint, nil)
|
NodeMaintCheckID = NewCheckID(NodeMaint, nil)
|
||||||
|
@ -1147,7 +1147,7 @@ func (s *NodeService) Validate() error {
|
||||||
path.Protocol = strings.ToLower(path.Protocol)
|
path.Protocol = strings.ToLower(path.Protocol)
|
||||||
if ok := allowedExposeProtocols[path.Protocol]; !ok && path.Protocol != "" {
|
if ok := allowedExposeProtocols[path.Protocol]; !ok && path.Protocol != "" {
|
||||||
protocols := make([]string, 0)
|
protocols := make([]string, 0)
|
||||||
for p, _ := range allowedExposeProtocols {
|
for p := range allowedExposeProtocols {
|
||||||
protocols = append(protocols, p)
|
protocols = append(protocols, p)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -582,37 +582,37 @@ var expectedFieldConfigIntention bexpr.FieldConfigurations = bexpr.FieldConfigur
|
||||||
// Only need to generate the field configurations for the top level filtered types
|
// Only need to generate the field configurations for the top level filtered types
|
||||||
// The internal types will be checked within these.
|
// The internal types will be checked within these.
|
||||||
var fieldConfigTests map[string]fieldConfigTest = map[string]fieldConfigTest{
|
var fieldConfigTests map[string]fieldConfigTest = map[string]fieldConfigTest{
|
||||||
"Node": fieldConfigTest{
|
"Node": {
|
||||||
dataType: (*Node)(nil),
|
dataType: (*Node)(nil),
|
||||||
expected: expectedFieldConfigNode,
|
expected: expectedFieldConfigNode,
|
||||||
},
|
},
|
||||||
"NodeService": fieldConfigTest{
|
"NodeService": {
|
||||||
dataType: (*NodeService)(nil),
|
dataType: (*NodeService)(nil),
|
||||||
expected: expectedFieldConfigNodeService,
|
expected: expectedFieldConfigNodeService,
|
||||||
},
|
},
|
||||||
"ServiceNode": fieldConfigTest{
|
"ServiceNode": {
|
||||||
dataType: (*ServiceNode)(nil),
|
dataType: (*ServiceNode)(nil),
|
||||||
expected: expectedFieldConfigServiceNode,
|
expected: expectedFieldConfigServiceNode,
|
||||||
},
|
},
|
||||||
"HealthCheck": fieldConfigTest{
|
"HealthCheck": {
|
||||||
dataType: (*HealthCheck)(nil),
|
dataType: (*HealthCheck)(nil),
|
||||||
expected: expectedFieldConfigHealthCheck,
|
expected: expectedFieldConfigHealthCheck,
|
||||||
},
|
},
|
||||||
"CheckServiceNode": fieldConfigTest{
|
"CheckServiceNode": {
|
||||||
dataType: (*CheckServiceNode)(nil),
|
dataType: (*CheckServiceNode)(nil),
|
||||||
expected: expectedFieldConfigCheckServiceNode,
|
expected: expectedFieldConfigCheckServiceNode,
|
||||||
},
|
},
|
||||||
"NodeInfo": fieldConfigTest{
|
"NodeInfo": {
|
||||||
dataType: (*NodeInfo)(nil),
|
dataType: (*NodeInfo)(nil),
|
||||||
expected: expectedFieldConfigNodeInfo,
|
expected: expectedFieldConfigNodeInfo,
|
||||||
},
|
},
|
||||||
"api.AgentService": fieldConfigTest{
|
"api.AgentService": {
|
||||||
dataType: (*api.AgentService)(nil),
|
dataType: (*api.AgentService)(nil),
|
||||||
// this also happens to ensure that our API representation of a service that can be
|
// this also happens to ensure that our API representation of a service that can be
|
||||||
// registered with an agent stays in sync with our internal NodeService structure
|
// registered with an agent stays in sync with our internal NodeService structure
|
||||||
expected: expectedFieldConfigNodeService,
|
expected: expectedFieldConfigNodeService,
|
||||||
},
|
},
|
||||||
"Intention": fieldConfigTest{
|
"Intention": {
|
||||||
dataType: (*Intention)(nil),
|
dataType: (*Intention)(nil),
|
||||||
expected: expectedFieldConfigIntention,
|
expected: expectedFieldConfigIntention,
|
||||||
},
|
},
|
||||||
|
|
|
@ -148,11 +148,11 @@ func testServiceNode(t *testing.T) *ServiceNode {
|
||||||
ServiceTags: []string{"prod", "v1"},
|
ServiceTags: []string{"prod", "v1"},
|
||||||
ServiceAddress: "127.0.0.2",
|
ServiceAddress: "127.0.0.2",
|
||||||
ServiceTaggedAddresses: map[string]ServiceAddress{
|
ServiceTaggedAddresses: map[string]ServiceAddress{
|
||||||
"lan": ServiceAddress{
|
"lan": {
|
||||||
Address: "127.0.0.2",
|
Address: "127.0.0.2",
|
||||||
Port: 8080,
|
Port: 8080,
|
||||||
},
|
},
|
||||||
"wan": ServiceAddress{
|
"wan": {
|
||||||
Address: "198.18.0.1",
|
Address: "198.18.0.1",
|
||||||
Port: 80,
|
Port: 80,
|
||||||
},
|
},
|
||||||
|
@ -367,36 +367,36 @@ func TestStructs_NodeService_ValidateMeshGateway(t *testing.T) {
|
||||||
Err string
|
Err string
|
||||||
}
|
}
|
||||||
cases := map[string]testCase{
|
cases := map[string]testCase{
|
||||||
"valid": testCase{
|
"valid": {
|
||||||
func(x *NodeService) {},
|
func(x *NodeService) {},
|
||||||
"",
|
"",
|
||||||
},
|
},
|
||||||
"zero-port": testCase{
|
"zero-port": {
|
||||||
func(x *NodeService) { x.Port = 0 },
|
func(x *NodeService) { x.Port = 0 },
|
||||||
"Port must be non-zero",
|
"Port must be non-zero",
|
||||||
},
|
},
|
||||||
"sidecar-service": testCase{
|
"sidecar-service": {
|
||||||
func(x *NodeService) { x.Connect.SidecarService = &ServiceDefinition{} },
|
func(x *NodeService) { x.Connect.SidecarService = &ServiceDefinition{} },
|
||||||
"cannot have a sidecar service",
|
"cannot have a sidecar service",
|
||||||
},
|
},
|
||||||
"proxy-destination-name": testCase{
|
"proxy-destination-name": {
|
||||||
func(x *NodeService) { x.Proxy.DestinationServiceName = "foo" },
|
func(x *NodeService) { x.Proxy.DestinationServiceName = "foo" },
|
||||||
"Proxy.DestinationServiceName configuration is invalid",
|
"Proxy.DestinationServiceName configuration is invalid",
|
||||||
},
|
},
|
||||||
"proxy-destination-id": testCase{
|
"proxy-destination-id": {
|
||||||
func(x *NodeService) { x.Proxy.DestinationServiceID = "foo" },
|
func(x *NodeService) { x.Proxy.DestinationServiceID = "foo" },
|
||||||
"Proxy.DestinationServiceID configuration is invalid",
|
"Proxy.DestinationServiceID configuration is invalid",
|
||||||
},
|
},
|
||||||
"proxy-local-address": testCase{
|
"proxy-local-address": {
|
||||||
func(x *NodeService) { x.Proxy.LocalServiceAddress = "127.0.0.1" },
|
func(x *NodeService) { x.Proxy.LocalServiceAddress = "127.0.0.1" },
|
||||||
"Proxy.LocalServiceAddress configuration is invalid",
|
"Proxy.LocalServiceAddress configuration is invalid",
|
||||||
},
|
},
|
||||||
"proxy-local-port": testCase{
|
"proxy-local-port": {
|
||||||
func(x *NodeService) { x.Proxy.LocalServicePort = 36 },
|
func(x *NodeService) { x.Proxy.LocalServicePort = 36 },
|
||||||
"Proxy.LocalServicePort configuration is invalid",
|
"Proxy.LocalServicePort configuration is invalid",
|
||||||
},
|
},
|
||||||
"proxy-upstreams": testCase{
|
"proxy-upstreams": {
|
||||||
func(x *NodeService) { x.Proxy.Upstreams = []Upstream{Upstream{}} },
|
func(x *NodeService) { x.Proxy.Upstreams = []Upstream{{}} },
|
||||||
"Proxy.Upstreams configuration is invalid",
|
"Proxy.Upstreams configuration is invalid",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -423,32 +423,32 @@ func TestStructs_NodeService_ValidateTerminatingGateway(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cases := map[string]testCase{
|
cases := map[string]testCase{
|
||||||
"valid": testCase{
|
"valid": {
|
||||||
func(x *NodeService) {},
|
func(x *NodeService) {},
|
||||||
"",
|
"",
|
||||||
},
|
},
|
||||||
"sidecar-service": testCase{
|
"sidecar-service": {
|
||||||
func(x *NodeService) { x.Connect.SidecarService = &ServiceDefinition{} },
|
func(x *NodeService) { x.Connect.SidecarService = &ServiceDefinition{} },
|
||||||
"cannot have a sidecar service",
|
"cannot have a sidecar service",
|
||||||
},
|
},
|
||||||
"proxy-destination-name": testCase{
|
"proxy-destination-name": {
|
||||||
func(x *NodeService) { x.Proxy.DestinationServiceName = "foo" },
|
func(x *NodeService) { x.Proxy.DestinationServiceName = "foo" },
|
||||||
"Proxy.DestinationServiceName configuration is invalid",
|
"Proxy.DestinationServiceName configuration is invalid",
|
||||||
},
|
},
|
||||||
"proxy-destination-id": testCase{
|
"proxy-destination-id": {
|
||||||
func(x *NodeService) { x.Proxy.DestinationServiceID = "foo" },
|
func(x *NodeService) { x.Proxy.DestinationServiceID = "foo" },
|
||||||
"Proxy.DestinationServiceID configuration is invalid",
|
"Proxy.DestinationServiceID configuration is invalid",
|
||||||
},
|
},
|
||||||
"proxy-local-address": testCase{
|
"proxy-local-address": {
|
||||||
func(x *NodeService) { x.Proxy.LocalServiceAddress = "127.0.0.1" },
|
func(x *NodeService) { x.Proxy.LocalServiceAddress = "127.0.0.1" },
|
||||||
"Proxy.LocalServiceAddress configuration is invalid",
|
"Proxy.LocalServiceAddress configuration is invalid",
|
||||||
},
|
},
|
||||||
"proxy-local-port": testCase{
|
"proxy-local-port": {
|
||||||
func(x *NodeService) { x.Proxy.LocalServicePort = 36 },
|
func(x *NodeService) { x.Proxy.LocalServicePort = 36 },
|
||||||
"Proxy.LocalServicePort configuration is invalid",
|
"Proxy.LocalServicePort configuration is invalid",
|
||||||
},
|
},
|
||||||
"proxy-upstreams": testCase{
|
"proxy-upstreams": {
|
||||||
func(x *NodeService) { x.Proxy.Upstreams = []Upstream{Upstream{}} },
|
func(x *NodeService) { x.Proxy.Upstreams = []Upstream{{}} },
|
||||||
"Proxy.Upstreams configuration is invalid",
|
"Proxy.Upstreams configuration is invalid",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -476,32 +476,32 @@ func TestStructs_NodeService_ValidateIngressGateway(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
cases := map[string]testCase{
|
cases := map[string]testCase{
|
||||||
"valid": testCase{
|
"valid": {
|
||||||
func(x *NodeService) {},
|
func(x *NodeService) {},
|
||||||
"",
|
"",
|
||||||
},
|
},
|
||||||
"sidecar-service": testCase{
|
"sidecar-service": {
|
||||||
func(x *NodeService) { x.Connect.SidecarService = &ServiceDefinition{} },
|
func(x *NodeService) { x.Connect.SidecarService = &ServiceDefinition{} },
|
||||||
"cannot have a sidecar service",
|
"cannot have a sidecar service",
|
||||||
},
|
},
|
||||||
"proxy-destination-name": testCase{
|
"proxy-destination-name": {
|
||||||
func(x *NodeService) { x.Proxy.DestinationServiceName = "foo" },
|
func(x *NodeService) { x.Proxy.DestinationServiceName = "foo" },
|
||||||
"Proxy.DestinationServiceName configuration is invalid",
|
"Proxy.DestinationServiceName configuration is invalid",
|
||||||
},
|
},
|
||||||
"proxy-destination-id": testCase{
|
"proxy-destination-id": {
|
||||||
func(x *NodeService) { x.Proxy.DestinationServiceID = "foo" },
|
func(x *NodeService) { x.Proxy.DestinationServiceID = "foo" },
|
||||||
"Proxy.DestinationServiceID configuration is invalid",
|
"Proxy.DestinationServiceID configuration is invalid",
|
||||||
},
|
},
|
||||||
"proxy-local-address": testCase{
|
"proxy-local-address": {
|
||||||
func(x *NodeService) { x.Proxy.LocalServiceAddress = "127.0.0.1" },
|
func(x *NodeService) { x.Proxy.LocalServiceAddress = "127.0.0.1" },
|
||||||
"Proxy.LocalServiceAddress configuration is invalid",
|
"Proxy.LocalServiceAddress configuration is invalid",
|
||||||
},
|
},
|
||||||
"proxy-local-port": testCase{
|
"proxy-local-port": {
|
||||||
func(x *NodeService) { x.Proxy.LocalServicePort = 36 },
|
func(x *NodeService) { x.Proxy.LocalServicePort = 36 },
|
||||||
"Proxy.LocalServicePort configuration is invalid",
|
"Proxy.LocalServicePort configuration is invalid",
|
||||||
},
|
},
|
||||||
"proxy-upstreams": testCase{
|
"proxy-upstreams": {
|
||||||
func(x *NodeService) { x.Proxy.Upstreams = []Upstream{Upstream{}} },
|
func(x *NodeService) { x.Proxy.Upstreams = []Upstream{{}} },
|
||||||
"Proxy.Upstreams configuration is invalid",
|
"Proxy.Upstreams configuration is invalid",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
@ -892,11 +892,11 @@ func TestStructs_NodeService_IsSame(t *testing.T) {
|
||||||
Tags: []string{"foo", "bar"},
|
Tags: []string{"foo", "bar"},
|
||||||
Address: "127.0.0.1",
|
Address: "127.0.0.1",
|
||||||
TaggedAddresses: map[string]ServiceAddress{
|
TaggedAddresses: map[string]ServiceAddress{
|
||||||
"lan": ServiceAddress{
|
"lan": {
|
||||||
Address: "127.0.0.1",
|
Address: "127.0.0.1",
|
||||||
Port: 3456,
|
Port: 3456,
|
||||||
},
|
},
|
||||||
"wan": ServiceAddress{
|
"wan": {
|
||||||
Address: "198.18.0.1",
|
Address: "198.18.0.1",
|
||||||
Port: 1234,
|
Port: 1234,
|
||||||
},
|
},
|
||||||
|
@ -927,11 +927,11 @@ func TestStructs_NodeService_IsSame(t *testing.T) {
|
||||||
Port: 1234,
|
Port: 1234,
|
||||||
EnableTagOverride: true,
|
EnableTagOverride: true,
|
||||||
TaggedAddresses: map[string]ServiceAddress{
|
TaggedAddresses: map[string]ServiceAddress{
|
||||||
"wan": ServiceAddress{
|
"wan": {
|
||||||
Address: "198.18.0.1",
|
Address: "198.18.0.1",
|
||||||
Port: 1234,
|
Port: 1234,
|
||||||
},
|
},
|
||||||
"lan": ServiceAddress{
|
"lan": {
|
||||||
Address: "127.0.0.1",
|
Address: "127.0.0.1",
|
||||||
Port: 3456,
|
Port: 3456,
|
||||||
},
|
},
|
||||||
|
@ -1395,9 +1395,9 @@ func TestStructs_validateMetaPair(t *testing.T) {
|
||||||
// reserved prefix, allowed
|
// reserved prefix, allowed
|
||||||
{metaKeyReservedPrefix + "key", "value", "", true, nil},
|
{metaKeyReservedPrefix + "key", "value", "", true, nil},
|
||||||
// reserved prefix, not allowed via an allowlist
|
// reserved prefix, not allowed via an allowlist
|
||||||
{metaKeyReservedPrefix + "bad", "value", "reserved for internal use", false, map[string]struct{}{metaKeyReservedPrefix + "good": struct{}{}}},
|
{metaKeyReservedPrefix + "bad", "value", "reserved for internal use", false, map[string]struct{}{metaKeyReservedPrefix + "good": {}}},
|
||||||
// reserved prefix, allowed via an allowlist
|
// reserved prefix, allowed via an allowlist
|
||||||
{metaKeyReservedPrefix + "good", "value", "", true, map[string]struct{}{metaKeyReservedPrefix + "good": struct{}{}}},
|
{metaKeyReservedPrefix + "good", "value", "", true, map[string]struct{}{metaKeyReservedPrefix + "good": {}}},
|
||||||
// value too long
|
// value too long
|
||||||
{"key", longValue, "Value is too long", false, nil},
|
{"key", longValue, "Value is too long", false, nil},
|
||||||
}
|
}
|
||||||
|
@ -1628,7 +1628,7 @@ func TestNode_BestAddress(t *testing.T) {
|
||||||
nodeWANAddr := "198.18.19.20"
|
nodeWANAddr := "198.18.19.20"
|
||||||
|
|
||||||
cases := map[string]testCase{
|
cases := map[string]testCase{
|
||||||
"address": testCase{
|
"address": {
|
||||||
input: Node{
|
input: Node{
|
||||||
Address: nodeAddr,
|
Address: nodeAddr,
|
||||||
},
|
},
|
||||||
|
@ -1636,7 +1636,7 @@ func TestNode_BestAddress(t *testing.T) {
|
||||||
lanAddr: nodeAddr,
|
lanAddr: nodeAddr,
|
||||||
wanAddr: nodeAddr,
|
wanAddr: nodeAddr,
|
||||||
},
|
},
|
||||||
"wan-address": testCase{
|
"wan-address": {
|
||||||
input: Node{
|
input: Node{
|
||||||
Address: nodeAddr,
|
Address: nodeAddr,
|
||||||
TaggedAddresses: map[string]string{
|
TaggedAddresses: map[string]string{
|
||||||
|
@ -1676,7 +1676,7 @@ func TestNodeService_BestAddress(t *testing.T) {
|
||||||
serviceWANPort := 987
|
serviceWANPort := 987
|
||||||
|
|
||||||
cases := map[string]testCase{
|
cases := map[string]testCase{
|
||||||
"no-address": testCase{
|
"no-address": {
|
||||||
input: NodeService{
|
input: NodeService{
|
||||||
Port: servicePort,
|
Port: servicePort,
|
||||||
},
|
},
|
||||||
|
@ -1686,7 +1686,7 @@ func TestNodeService_BestAddress(t *testing.T) {
|
||||||
wanAddr: "",
|
wanAddr: "",
|
||||||
wanPort: servicePort,
|
wanPort: servicePort,
|
||||||
},
|
},
|
||||||
"service-address": testCase{
|
"service-address": {
|
||||||
input: NodeService{
|
input: NodeService{
|
||||||
Address: serviceAddr,
|
Address: serviceAddr,
|
||||||
Port: servicePort,
|
Port: servicePort,
|
||||||
|
@ -1697,12 +1697,12 @@ func TestNodeService_BestAddress(t *testing.T) {
|
||||||
wanAddr: serviceAddr,
|
wanAddr: serviceAddr,
|
||||||
wanPort: servicePort,
|
wanPort: servicePort,
|
||||||
},
|
},
|
||||||
"service-wan-address": testCase{
|
"service-wan-address": {
|
||||||
input: NodeService{
|
input: NodeService{
|
||||||
Address: serviceAddr,
|
Address: serviceAddr,
|
||||||
Port: servicePort,
|
Port: servicePort,
|
||||||
TaggedAddresses: map[string]ServiceAddress{
|
TaggedAddresses: map[string]ServiceAddress{
|
||||||
"wan": ServiceAddress{
|
"wan": {
|
||||||
Address: serviceWANAddr,
|
Address: serviceWANAddr,
|
||||||
Port: serviceWANPort,
|
Port: serviceWANPort,
|
||||||
},
|
},
|
||||||
|
@ -1714,12 +1714,12 @@ func TestNodeService_BestAddress(t *testing.T) {
|
||||||
wanAddr: serviceWANAddr,
|
wanAddr: serviceWANAddr,
|
||||||
wanPort: serviceWANPort,
|
wanPort: serviceWANPort,
|
||||||
},
|
},
|
||||||
"service-wan-address-default-port": testCase{
|
"service-wan-address-default-port": {
|
||||||
input: NodeService{
|
input: NodeService{
|
||||||
Address: serviceAddr,
|
Address: serviceAddr,
|
||||||
Port: servicePort,
|
Port: servicePort,
|
||||||
TaggedAddresses: map[string]ServiceAddress{
|
TaggedAddresses: map[string]ServiceAddress{
|
||||||
"wan": ServiceAddress{
|
"wan": {
|
||||||
Address: serviceWANAddr,
|
Address: serviceWANAddr,
|
||||||
Port: 0,
|
Port: 0,
|
||||||
},
|
},
|
||||||
|
@ -1731,11 +1731,11 @@ func TestNodeService_BestAddress(t *testing.T) {
|
||||||
wanAddr: serviceWANAddr,
|
wanAddr: serviceWANAddr,
|
||||||
wanPort: servicePort,
|
wanPort: servicePort,
|
||||||
},
|
},
|
||||||
"service-wan-address-node-lan": testCase{
|
"service-wan-address-node-lan": {
|
||||||
input: NodeService{
|
input: NodeService{
|
||||||
Port: servicePort,
|
Port: servicePort,
|
||||||
TaggedAddresses: map[string]ServiceAddress{
|
TaggedAddresses: map[string]ServiceAddress{
|
||||||
"wan": ServiceAddress{
|
"wan": {
|
||||||
Address: serviceWANAddr,
|
Address: serviceWANAddr,
|
||||||
Port: serviceWANPort,
|
Port: serviceWANPort,
|
||||||
},
|
},
|
||||||
|
@ -1783,7 +1783,7 @@ func TestCheckServiceNode_BestAddress(t *testing.T) {
|
||||||
serviceWANPort := 987
|
serviceWANPort := 987
|
||||||
|
|
||||||
cases := map[string]testCase{
|
cases := map[string]testCase{
|
||||||
"node-address": testCase{
|
"node-address": {
|
||||||
input: CheckServiceNode{
|
input: CheckServiceNode{
|
||||||
Node: &Node{
|
Node: &Node{
|
||||||
Address: nodeAddr,
|
Address: nodeAddr,
|
||||||
|
@ -1798,7 +1798,7 @@ func TestCheckServiceNode_BestAddress(t *testing.T) {
|
||||||
wanAddr: nodeAddr,
|
wanAddr: nodeAddr,
|
||||||
wanPort: servicePort,
|
wanPort: servicePort,
|
||||||
},
|
},
|
||||||
"node-wan-address": testCase{
|
"node-wan-address": {
|
||||||
input: CheckServiceNode{
|
input: CheckServiceNode{
|
||||||
Node: &Node{
|
Node: &Node{
|
||||||
Address: nodeAddr,
|
Address: nodeAddr,
|
||||||
|
@ -1816,7 +1816,7 @@ func TestCheckServiceNode_BestAddress(t *testing.T) {
|
||||||
wanAddr: nodeWANAddr,
|
wanAddr: nodeWANAddr,
|
||||||
wanPort: servicePort,
|
wanPort: servicePort,
|
||||||
},
|
},
|
||||||
"service-address": testCase{
|
"service-address": {
|
||||||
input: CheckServiceNode{
|
input: CheckServiceNode{
|
||||||
Node: &Node{
|
Node: &Node{
|
||||||
Address: nodeAddr,
|
Address: nodeAddr,
|
||||||
|
@ -1836,7 +1836,7 @@ func TestCheckServiceNode_BestAddress(t *testing.T) {
|
||||||
wanAddr: serviceAddr,
|
wanAddr: serviceAddr,
|
||||||
wanPort: servicePort,
|
wanPort: servicePort,
|
||||||
},
|
},
|
||||||
"service-wan-address": testCase{
|
"service-wan-address": {
|
||||||
input: CheckServiceNode{
|
input: CheckServiceNode{
|
||||||
Node: &Node{
|
Node: &Node{
|
||||||
Address: nodeAddr,
|
Address: nodeAddr,
|
||||||
|
@ -1849,7 +1849,7 @@ func TestCheckServiceNode_BestAddress(t *testing.T) {
|
||||||
Address: serviceAddr,
|
Address: serviceAddr,
|
||||||
Port: servicePort,
|
Port: servicePort,
|
||||||
TaggedAddresses: map[string]ServiceAddress{
|
TaggedAddresses: map[string]ServiceAddress{
|
||||||
"wan": ServiceAddress{
|
"wan": {
|
||||||
Address: serviceWANAddr,
|
Address: serviceWANAddr,
|
||||||
Port: serviceWANPort,
|
Port: serviceWANPort,
|
||||||
},
|
},
|
||||||
|
@ -1862,7 +1862,7 @@ func TestCheckServiceNode_BestAddress(t *testing.T) {
|
||||||
wanAddr: serviceWANAddr,
|
wanAddr: serviceWANAddr,
|
||||||
wanPort: serviceWANPort,
|
wanPort: serviceWANPort,
|
||||||
},
|
},
|
||||||
"service-wan-address-default-port": testCase{
|
"service-wan-address-default-port": {
|
||||||
input: CheckServiceNode{
|
input: CheckServiceNode{
|
||||||
Node: &Node{
|
Node: &Node{
|
||||||
Address: nodeAddr,
|
Address: nodeAddr,
|
||||||
|
@ -1875,7 +1875,7 @@ func TestCheckServiceNode_BestAddress(t *testing.T) {
|
||||||
Address: serviceAddr,
|
Address: serviceAddr,
|
||||||
Port: servicePort,
|
Port: servicePort,
|
||||||
TaggedAddresses: map[string]ServiceAddress{
|
TaggedAddresses: map[string]ServiceAddress{
|
||||||
"wan": ServiceAddress{
|
"wan": {
|
||||||
Address: serviceWANAddr,
|
Address: serviceWANAddr,
|
||||||
Port: 0,
|
Port: 0,
|
||||||
},
|
},
|
||||||
|
@ -1888,7 +1888,7 @@ func TestCheckServiceNode_BestAddress(t *testing.T) {
|
||||||
wanAddr: serviceWANAddr,
|
wanAddr: serviceWANAddr,
|
||||||
wanPort: servicePort,
|
wanPort: servicePort,
|
||||||
},
|
},
|
||||||
"service-wan-address-node-lan": testCase{
|
"service-wan-address-node-lan": {
|
||||||
input: CheckServiceNode{
|
input: CheckServiceNode{
|
||||||
Node: &Node{
|
Node: &Node{
|
||||||
Address: nodeAddr,
|
Address: nodeAddr,
|
||||||
|
@ -1900,7 +1900,7 @@ func TestCheckServiceNode_BestAddress(t *testing.T) {
|
||||||
Service: &NodeService{
|
Service: &NodeService{
|
||||||
Port: servicePort,
|
Port: servicePort,
|
||||||
TaggedAddresses: map[string]ServiceAddress{
|
TaggedAddresses: map[string]ServiceAddress{
|
||||||
"wan": ServiceAddress{
|
"wan": {
|
||||||
Address: serviceWANAddr,
|
Address: serviceWANAddr,
|
||||||
Port: serviceWANPort,
|
Port: serviceWANPort,
|
||||||
},
|
},
|
||||||
|
@ -2072,7 +2072,7 @@ func makeMonster() *monsterStruct {
|
||||||
"aaa": "bbb",
|
"aaa": "bbb",
|
||||||
},
|
},
|
||||||
MapStringSlice: map[string][]string{
|
MapStringSlice: map[string][]string{
|
||||||
"aaa": []string{"bbb"},
|
"aaa": {"bbb"},
|
||||||
},
|
},
|
||||||
|
|
||||||
Dur: 5 * time.Second,
|
Dur: 5 * time.Second,
|
||||||
|
|
|
@ -204,7 +204,7 @@ func TestUiServices(t *testing.T) {
|
||||||
|
|
||||||
requests := []*structs.RegisterRequest{
|
requests := []*structs.RegisterRequest{
|
||||||
// register foo node
|
// register foo node
|
||||||
&structs.RegisterRequest{
|
{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "foo",
|
Node: "foo",
|
||||||
Address: "127.0.0.1",
|
Address: "127.0.0.1",
|
||||||
|
@ -217,7 +217,7 @@ func TestUiServices(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
//register api service on node foo
|
//register api service on node foo
|
||||||
&structs.RegisterRequest{
|
{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "foo",
|
Node: "foo",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -236,7 +236,7 @@ func TestUiServices(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
// register web svc on node foo
|
// register web svc on node foo
|
||||||
&structs.RegisterRequest{
|
{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "foo",
|
Node: "foo",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -260,7 +260,7 @@ func TestUiServices(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
// register bar node with service web
|
// register bar node with service web
|
||||||
&structs.RegisterRequest{
|
{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "bar",
|
Node: "bar",
|
||||||
Address: "127.0.0.2",
|
Address: "127.0.0.2",
|
||||||
|
@ -275,7 +275,7 @@ func TestUiServices(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Checks: []*structs.HealthCheck{
|
Checks: []*structs.HealthCheck{
|
||||||
&structs.HealthCheck{
|
{
|
||||||
Node: "bar",
|
Node: "bar",
|
||||||
Name: "web svc check",
|
Name: "web svc check",
|
||||||
Status: api.HealthCritical,
|
Status: api.HealthCritical,
|
||||||
|
@ -284,7 +284,7 @@ func TestUiServices(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
// register zip node with service cache
|
// register zip node with service cache
|
||||||
&structs.RegisterRequest{
|
{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Node: "zip",
|
Node: "zip",
|
||||||
Address: "127.0.0.3",
|
Address: "127.0.0.3",
|
||||||
|
@ -319,7 +319,7 @@ func TestUiServices(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
expected := []*ServiceSummary{
|
expected := []*ServiceSummary{
|
||||||
&ServiceSummary{
|
{
|
||||||
Kind: structs.ServiceKindTypical,
|
Kind: structs.ServiceKindTypical,
|
||||||
Name: "api",
|
Name: "api",
|
||||||
Tags: []string{"tag1", "tag2"},
|
Tags: []string{"tag1", "tag2"},
|
||||||
|
@ -330,7 +330,7 @@ func TestUiServices(t *testing.T) {
|
||||||
ChecksCritical: 0,
|
ChecksCritical: 0,
|
||||||
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
||||||
},
|
},
|
||||||
&ServiceSummary{
|
{
|
||||||
Kind: structs.ServiceKindTypical,
|
Kind: structs.ServiceKindTypical,
|
||||||
Name: "cache",
|
Name: "cache",
|
||||||
Tags: nil,
|
Tags: nil,
|
||||||
|
@ -341,7 +341,7 @@ func TestUiServices(t *testing.T) {
|
||||||
ChecksCritical: 0,
|
ChecksCritical: 0,
|
||||||
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
||||||
},
|
},
|
||||||
&ServiceSummary{
|
{
|
||||||
Kind: structs.ServiceKindConnectProxy,
|
Kind: structs.ServiceKindConnectProxy,
|
||||||
Name: "web",
|
Name: "web",
|
||||||
Tags: nil,
|
Tags: nil,
|
||||||
|
@ -354,7 +354,7 @@ func TestUiServices(t *testing.T) {
|
||||||
ExternalSources: []string{"k8s"},
|
ExternalSources: []string{"k8s"},
|
||||||
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
||||||
},
|
},
|
||||||
&ServiceSummary{
|
{
|
||||||
Kind: structs.ServiceKindTypical,
|
Kind: structs.ServiceKindTypical,
|
||||||
Name: "consul",
|
Name: "consul",
|
||||||
Tags: nil,
|
Tags: nil,
|
||||||
|
@ -388,7 +388,7 @@ func TestUiServices(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
expected := []*ServiceSummary{
|
expected := []*ServiceSummary{
|
||||||
&ServiceSummary{
|
{
|
||||||
Kind: structs.ServiceKindTypical,
|
Kind: structs.ServiceKindTypical,
|
||||||
Name: "api",
|
Name: "api",
|
||||||
Tags: []string{"tag1", "tag2"},
|
Tags: []string{"tag1", "tag2"},
|
||||||
|
@ -399,7 +399,7 @@ func TestUiServices(t *testing.T) {
|
||||||
ChecksCritical: 0,
|
ChecksCritical: 0,
|
||||||
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
EnterpriseMeta: *structs.DefaultEnterpriseMeta(),
|
||||||
},
|
},
|
||||||
&ServiceSummary{
|
{
|
||||||
Kind: structs.ServiceKindConnectProxy,
|
Kind: structs.ServiceKindConnectProxy,
|
||||||
Name: "web",
|
Name: "web",
|
||||||
Tags: nil,
|
Tags: nil,
|
||||||
|
|
|
@ -201,7 +201,7 @@ func (s *Server) makeGatewayServiceClusters(cfgSnap *proxycfg.ConfigSnapshot) ([
|
||||||
|
|
||||||
clusters := make([]proto.Message, 0, len(services))
|
clusters := make([]proto.Message, 0, len(services))
|
||||||
|
|
||||||
for svc, _ := range services {
|
for svc := range services {
|
||||||
clusterName := connect.ServiceSNI(svc.Name, "", svc.NamespaceOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
|
clusterName := connect.ServiceSNI(svc.Name, "", svc.NamespaceOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
|
||||||
resolver, hasResolver := resolvers[svc]
|
resolver, hasResolver := resolvers[svc]
|
||||||
|
|
||||||
|
|
|
@ -269,14 +269,14 @@ func TestClustersFromSnapshot(t *testing.T) {
|
||||||
create: proxycfg.TestConfigSnapshotMeshGateway,
|
create: proxycfg.TestConfigSnapshotMeshGateway,
|
||||||
setup: func(snap *proxycfg.ConfigSnapshot) {
|
setup: func(snap *proxycfg.ConfigSnapshot) {
|
||||||
snap.MeshGateway.ServiceResolvers = map[structs.ServiceName]*structs.ServiceResolverConfigEntry{
|
snap.MeshGateway.ServiceResolvers = map[structs.ServiceName]*structs.ServiceResolverConfigEntry{
|
||||||
structs.NewServiceName("bar", nil): &structs.ServiceResolverConfigEntry{
|
structs.NewServiceName("bar", nil): {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "bar",
|
Name: "bar",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.Version == 1",
|
Filter: "Service.Meta.Version == 1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.Version == 2",
|
Filter: "Service.Meta.Version == 2",
|
||||||
OnlyPassing: true,
|
OnlyPassing: true,
|
||||||
},
|
},
|
||||||
|
@ -290,29 +290,29 @@ func TestClustersFromSnapshot(t *testing.T) {
|
||||||
create: proxycfg.TestConfigSnapshotMeshGateway,
|
create: proxycfg.TestConfigSnapshotMeshGateway,
|
||||||
setup: func(snap *proxycfg.ConfigSnapshot) {
|
setup: func(snap *proxycfg.ConfigSnapshot) {
|
||||||
snap.MeshGateway.ServiceResolvers = map[structs.ServiceName]*structs.ServiceResolverConfigEntry{
|
snap.MeshGateway.ServiceResolvers = map[structs.ServiceName]*structs.ServiceResolverConfigEntry{
|
||||||
structs.NewServiceName("bar", nil): &structs.ServiceResolverConfigEntry{
|
structs.NewServiceName("bar", nil): {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "bar",
|
Name: "bar",
|
||||||
DefaultSubset: "v2",
|
DefaultSubset: "v2",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.Version == 1",
|
Filter: "Service.Meta.Version == 1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.Version == 2",
|
Filter: "Service.Meta.Version == 2",
|
||||||
OnlyPassing: true,
|
OnlyPassing: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
structs.NewServiceName("notfound", nil): &structs.ServiceResolverConfigEntry{
|
structs.NewServiceName("notfound", nil): {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "notfound",
|
Name: "notfound",
|
||||||
DefaultSubset: "v2",
|
DefaultSubset: "v2",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.Version == 1",
|
Filter: "Service.Meta.Version == 1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.Version == 2",
|
Filter: "Service.Meta.Version == 2",
|
||||||
OnlyPassing: true,
|
OnlyPassing: true,
|
||||||
},
|
},
|
||||||
|
@ -326,15 +326,15 @@ func TestClustersFromSnapshot(t *testing.T) {
|
||||||
create: proxycfg.TestConfigSnapshotMeshGateway,
|
create: proxycfg.TestConfigSnapshotMeshGateway,
|
||||||
setup: func(snap *proxycfg.ConfigSnapshot) {
|
setup: func(snap *proxycfg.ConfigSnapshot) {
|
||||||
snap.MeshGateway.ServiceResolvers = map[structs.ServiceName]*structs.ServiceResolverConfigEntry{
|
snap.MeshGateway.ServiceResolvers = map[structs.ServiceName]*structs.ServiceResolverConfigEntry{
|
||||||
structs.NewServiceName("bar", nil): &structs.ServiceResolverConfigEntry{
|
structs.NewServiceName("bar", nil): {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "bar",
|
Name: "bar",
|
||||||
ConnectTimeout: 10 * time.Second,
|
ConnectTimeout: 10 * time.Second,
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.Version == 1",
|
Filter: "Service.Meta.Version == 1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.Version == 2",
|
Filter: "Service.Meta.Version == 2",
|
||||||
OnlyPassing: true,
|
OnlyPassing: true,
|
||||||
},
|
},
|
||||||
|
|
|
@ -123,7 +123,7 @@ func Test_makeLoadAssignment(t *testing.T) {
|
||||||
ClusterName: "service:test",
|
ClusterName: "service:test",
|
||||||
Endpoints: []envoyendpoint.LocalityLbEndpoints{{
|
Endpoints: []envoyendpoint.LocalityLbEndpoints{{
|
||||||
LbEndpoints: []envoyendpoint.LbEndpoint{
|
LbEndpoints: []envoyendpoint.LbEndpoint{
|
||||||
envoyendpoint.LbEndpoint{
|
{
|
||||||
HostIdentifier: &envoyendpoint.LbEndpoint_Endpoint{
|
HostIdentifier: &envoyendpoint.LbEndpoint_Endpoint{
|
||||||
Endpoint: &envoyendpoint.Endpoint{
|
Endpoint: &envoyendpoint.Endpoint{
|
||||||
Address: makeAddressPtr("10.10.10.10", 1234),
|
Address: makeAddressPtr("10.10.10.10", 1234),
|
||||||
|
@ -131,7 +131,7 @@ func Test_makeLoadAssignment(t *testing.T) {
|
||||||
HealthStatus: core.HealthStatus_HEALTHY,
|
HealthStatus: core.HealthStatus_HEALTHY,
|
||||||
LoadBalancingWeight: makeUint32Value(1),
|
LoadBalancingWeight: makeUint32Value(1),
|
||||||
},
|
},
|
||||||
envoyendpoint.LbEndpoint{
|
{
|
||||||
HostIdentifier: &envoyendpoint.LbEndpoint_Endpoint{
|
HostIdentifier: &envoyendpoint.LbEndpoint_Endpoint{
|
||||||
Endpoint: &envoyendpoint.Endpoint{
|
Endpoint: &envoyendpoint.Endpoint{
|
||||||
Address: makeAddressPtr("10.10.10.20", 1234),
|
Address: makeAddressPtr("10.10.10.20", 1234),
|
||||||
|
@ -153,7 +153,7 @@ func Test_makeLoadAssignment(t *testing.T) {
|
||||||
ClusterName: "service:test",
|
ClusterName: "service:test",
|
||||||
Endpoints: []envoyendpoint.LocalityLbEndpoints{{
|
Endpoints: []envoyendpoint.LocalityLbEndpoints{{
|
||||||
LbEndpoints: []envoyendpoint.LbEndpoint{
|
LbEndpoints: []envoyendpoint.LbEndpoint{
|
||||||
envoyendpoint.LbEndpoint{
|
{
|
||||||
HostIdentifier: &envoyendpoint.LbEndpoint_Endpoint{
|
HostIdentifier: &envoyendpoint.LbEndpoint_Endpoint{
|
||||||
Endpoint: &envoyendpoint.Endpoint{
|
Endpoint: &envoyendpoint.Endpoint{
|
||||||
Address: makeAddressPtr("10.10.10.10", 1234),
|
Address: makeAddressPtr("10.10.10.10", 1234),
|
||||||
|
@ -161,7 +161,7 @@ func Test_makeLoadAssignment(t *testing.T) {
|
||||||
HealthStatus: core.HealthStatus_HEALTHY,
|
HealthStatus: core.HealthStatus_HEALTHY,
|
||||||
LoadBalancingWeight: makeUint32Value(10),
|
LoadBalancingWeight: makeUint32Value(10),
|
||||||
},
|
},
|
||||||
envoyendpoint.LbEndpoint{
|
{
|
||||||
HostIdentifier: &envoyendpoint.LbEndpoint_Endpoint{
|
HostIdentifier: &envoyendpoint.LbEndpoint_Endpoint{
|
||||||
Endpoint: &envoyendpoint.Endpoint{
|
Endpoint: &envoyendpoint.Endpoint{
|
||||||
Address: makeAddressPtr("10.10.10.20", 1234),
|
Address: makeAddressPtr("10.10.10.20", 1234),
|
||||||
|
@ -183,7 +183,7 @@ func Test_makeLoadAssignment(t *testing.T) {
|
||||||
ClusterName: "service:test",
|
ClusterName: "service:test",
|
||||||
Endpoints: []envoyendpoint.LocalityLbEndpoints{{
|
Endpoints: []envoyendpoint.LocalityLbEndpoints{{
|
||||||
LbEndpoints: []envoyendpoint.LbEndpoint{
|
LbEndpoints: []envoyendpoint.LbEndpoint{
|
||||||
envoyendpoint.LbEndpoint{
|
{
|
||||||
HostIdentifier: &envoyendpoint.LbEndpoint_Endpoint{
|
HostIdentifier: &envoyendpoint.LbEndpoint_Endpoint{
|
||||||
Endpoint: &envoyendpoint.Endpoint{
|
Endpoint: &envoyendpoint.Endpoint{
|
||||||
Address: makeAddressPtr("10.10.10.10", 1234),
|
Address: makeAddressPtr("10.10.10.10", 1234),
|
||||||
|
@ -191,7 +191,7 @@ func Test_makeLoadAssignment(t *testing.T) {
|
||||||
HealthStatus: core.HealthStatus_HEALTHY,
|
HealthStatus: core.HealthStatus_HEALTHY,
|
||||||
LoadBalancingWeight: makeUint32Value(1),
|
LoadBalancingWeight: makeUint32Value(1),
|
||||||
},
|
},
|
||||||
envoyendpoint.LbEndpoint{
|
{
|
||||||
HostIdentifier: &envoyendpoint.LbEndpoint_Endpoint{
|
HostIdentifier: &envoyendpoint.LbEndpoint_Endpoint{
|
||||||
Endpoint: &envoyendpoint.Endpoint{
|
Endpoint: &envoyendpoint.Endpoint{
|
||||||
Address: makeAddressPtr("10.10.10.20", 1234),
|
Address: makeAddressPtr("10.10.10.20", 1234),
|
||||||
|
@ -327,27 +327,27 @@ func Test_endpointsFromSnapshot(t *testing.T) {
|
||||||
create: proxycfg.TestConfigSnapshotMeshGateway,
|
create: proxycfg.TestConfigSnapshotMeshGateway,
|
||||||
setup: func(snap *proxycfg.ConfigSnapshot) {
|
setup: func(snap *proxycfg.ConfigSnapshot) {
|
||||||
snap.MeshGateway.ServiceResolvers = map[structs.ServiceName]*structs.ServiceResolverConfigEntry{
|
snap.MeshGateway.ServiceResolvers = map[structs.ServiceName]*structs.ServiceResolverConfigEntry{
|
||||||
structs.NewServiceName("bar", nil): &structs.ServiceResolverConfigEntry{
|
structs.NewServiceName("bar", nil): {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "bar",
|
Name: "bar",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.version == 1",
|
Filter: "Service.Meta.version == 1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.version == 2",
|
Filter: "Service.Meta.version == 2",
|
||||||
OnlyPassing: true,
|
OnlyPassing: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
structs.NewServiceName("foo", nil): &structs.ServiceResolverConfigEntry{
|
structs.NewServiceName("foo", nil): {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.version == 1",
|
Filter: "Service.Meta.version == 1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.version == 2",
|
Filter: "Service.Meta.version == 2",
|
||||||
OnlyPassing: true,
|
OnlyPassing: true,
|
||||||
},
|
},
|
||||||
|
@ -361,29 +361,29 @@ func Test_endpointsFromSnapshot(t *testing.T) {
|
||||||
create: proxycfg.TestConfigSnapshotMeshGateway,
|
create: proxycfg.TestConfigSnapshotMeshGateway,
|
||||||
setup: func(snap *proxycfg.ConfigSnapshot) {
|
setup: func(snap *proxycfg.ConfigSnapshot) {
|
||||||
snap.MeshGateway.ServiceResolvers = map[structs.ServiceName]*structs.ServiceResolverConfigEntry{
|
snap.MeshGateway.ServiceResolvers = map[structs.ServiceName]*structs.ServiceResolverConfigEntry{
|
||||||
structs.NewServiceName("bar", nil): &structs.ServiceResolverConfigEntry{
|
structs.NewServiceName("bar", nil): {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "bar",
|
Name: "bar",
|
||||||
DefaultSubset: "v2",
|
DefaultSubset: "v2",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.version == 1",
|
Filter: "Service.Meta.version == 1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.version == 2",
|
Filter: "Service.Meta.version == 2",
|
||||||
OnlyPassing: true,
|
OnlyPassing: true,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
structs.NewServiceName("foo", nil): &structs.ServiceResolverConfigEntry{
|
structs.NewServiceName("foo", nil): {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
DefaultSubset: "v2",
|
DefaultSubset: "v2",
|
||||||
Subsets: map[string]structs.ServiceResolverSubset{
|
Subsets: map[string]structs.ServiceResolverSubset{
|
||||||
"v1": structs.ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.version == 1",
|
Filter: "Service.Meta.version == 1",
|
||||||
},
|
},
|
||||||
"v2": structs.ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.version == 2",
|
Filter: "Service.Meta.version == 2",
|
||||||
OnlyPassing: true,
|
OnlyPassing: true,
|
||||||
},
|
},
|
||||||
|
@ -516,7 +516,7 @@ func Test_endpointsFromSnapshot(t *testing.T) {
|
||||||
create: proxycfg.TestConfigSnapshotTerminatingGateway,
|
create: proxycfg.TestConfigSnapshotTerminatingGateway,
|
||||||
setup: func(snap *proxycfg.ConfigSnapshot) {
|
setup: func(snap *proxycfg.ConfigSnapshot) {
|
||||||
snap.TerminatingGateway.ServiceResolvers = map[structs.ServiceName]*structs.ServiceResolverConfigEntry{
|
snap.TerminatingGateway.ServiceResolvers = map[structs.ServiceName]*structs.ServiceResolverConfigEntry{
|
||||||
structs.NewServiceName("web", nil): &structs.ServiceResolverConfigEntry{
|
structs.NewServiceName("web", nil): {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "web",
|
Name: "web",
|
||||||
DefaultSubset: "v2",
|
DefaultSubset: "v2",
|
||||||
|
@ -530,7 +530,7 @@ func Test_endpointsFromSnapshot(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
structs.NewServiceName("web", nil): &structs.ServiceResolverConfigEntry{
|
structs.NewServiceName("web", nil): {
|
||||||
Kind: structs.ServiceResolver,
|
Kind: structs.ServiceResolver,
|
||||||
Name: "web",
|
Name: "web",
|
||||||
DefaultSubset: "v2",
|
DefaultSubset: "v2",
|
||||||
|
|
|
@ -551,7 +551,7 @@ func (s *Server) makeTerminatingGatewayListener(name, addr string, port int, cfg
|
||||||
|
|
||||||
// Make a FilterChain for each linked service
|
// Make a FilterChain for each linked service
|
||||||
// Match on the cluster name,
|
// Match on the cluster name,
|
||||||
for svc, _ := range cfgSnap.TerminatingGateway.ServiceGroups {
|
for svc := range cfgSnap.TerminatingGateway.ServiceGroups {
|
||||||
clusterName := connect.ServiceSNI(svc.Name, "", svc.NamespaceOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
|
clusterName := connect.ServiceSNI(svc.Name, "", svc.NamespaceOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain)
|
||||||
resolver, hasResolver := cfgSnap.TerminatingGateway.ServiceResolvers[svc]
|
resolver, hasResolver := cfgSnap.TerminatingGateway.ServiceResolvers[svc]
|
||||||
|
|
||||||
|
@ -916,7 +916,7 @@ func makeHTTPFilter(
|
||||||
StatPrefix: makeStatPrefix(proto, statPrefix, filterName),
|
StatPrefix: makeStatPrefix(proto, statPrefix, filterName),
|
||||||
CodecType: envoyhttp.AUTO,
|
CodecType: envoyhttp.AUTO,
|
||||||
HttpFilters: []*envoyhttp.HttpFilter{
|
HttpFilters: []*envoyhttp.HttpFilter{
|
||||||
&envoyhttp.HttpFilter{
|
{
|
||||||
Name: "envoy.router",
|
Name: "envoy.router",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -1011,7 +1011,7 @@ func makeExtAuthFilter(token string) (envoylistener.Filter, error) {
|
||||||
// implementation to need service:write and since we have the token that
|
// implementation to need service:write and since we have the token that
|
||||||
// has that it's pretty reasonable to set it up here.
|
// has that it's pretty reasonable to set it up here.
|
||||||
InitialMetadata: []*envoycore.HeaderValue{
|
InitialMetadata: []*envoycore.HeaderValue{
|
||||||
&envoycore.HeaderValue{
|
{
|
||||||
Key: "x-consul-token",
|
Key: "x-consul-token",
|
||||||
Value: token,
|
Value: token,
|
||||||
},
|
},
|
||||||
|
@ -1055,7 +1055,7 @@ func makeCommonTLSContextFromLeaf(cfgSnap *proxycfg.ConfigSnapshot, leaf *struct
|
||||||
return &envoyauth.CommonTlsContext{
|
return &envoyauth.CommonTlsContext{
|
||||||
TlsParams: &envoyauth.TlsParameters{},
|
TlsParams: &envoyauth.TlsParameters{},
|
||||||
TlsCertificates: []*envoyauth.TlsCertificate{
|
TlsCertificates: []*envoyauth.TlsCertificate{
|
||||||
&envoyauth.TlsCertificate{
|
{
|
||||||
CertificateChain: &envoycore.DataSource{
|
CertificateChain: &envoycore.DataSource{
|
||||||
Specifier: &envoycore.DataSource_InlineString{
|
Specifier: &envoycore.DataSource_InlineString{
|
||||||
InlineString: leaf.CertPEM,
|
InlineString: leaf.CertPEM,
|
||||||
|
|
|
@ -258,15 +258,15 @@ func TestListenersFromSnapshot(t *testing.T) {
|
||||||
setup: func(snap *proxycfg.ConfigSnapshot) {
|
setup: func(snap *proxycfg.ConfigSnapshot) {
|
||||||
snap.Proxy.Config = map[string]interface{}{
|
snap.Proxy.Config = map[string]interface{}{
|
||||||
"envoy_mesh_gateway_bind_addresses": map[string]structs.ServiceAddress{
|
"envoy_mesh_gateway_bind_addresses": map[string]structs.ServiceAddress{
|
||||||
"foo": structs.ServiceAddress{
|
"foo": {
|
||||||
Address: "198.17.2.3",
|
Address: "198.17.2.3",
|
||||||
Port: 8080,
|
Port: 8080,
|
||||||
},
|
},
|
||||||
"bar": structs.ServiceAddress{
|
"bar": {
|
||||||
Address: "2001:db8::ff",
|
Address: "2001:db8::ff",
|
||||||
Port: 9999,
|
Port: 9999,
|
||||||
},
|
},
|
||||||
"baz": structs.ServiceAddress{
|
"baz": {
|
||||||
Address: "127.0.0.1",
|
Address: "127.0.0.1",
|
||||||
Port: 8765,
|
Port: 8765,
|
||||||
},
|
},
|
||||||
|
@ -284,14 +284,14 @@ func TestListenersFromSnapshot(t *testing.T) {
|
||||||
create: proxycfg.TestConfigSnapshotIngressGateway,
|
create: proxycfg.TestConfigSnapshotIngressGateway,
|
||||||
setup: func(snap *proxycfg.ConfigSnapshot) {
|
setup: func(snap *proxycfg.ConfigSnapshot) {
|
||||||
snap.TaggedAddresses = map[string]structs.ServiceAddress{
|
snap.TaggedAddresses = map[string]structs.ServiceAddress{
|
||||||
"lan": structs.ServiceAddress{Address: "10.0.0.1"},
|
"lan": {Address: "10.0.0.1"},
|
||||||
"wan": structs.ServiceAddress{Address: "172.16.0.1"},
|
"wan": {Address: "172.16.0.1"},
|
||||||
}
|
}
|
||||||
snap.Proxy.Config = map[string]interface{}{
|
snap.Proxy.Config = map[string]interface{}{
|
||||||
"envoy_gateway_no_default_bind": true,
|
"envoy_gateway_no_default_bind": true,
|
||||||
"envoy_gateway_bind_tagged_addresses": true,
|
"envoy_gateway_bind_tagged_addresses": true,
|
||||||
"envoy_gateway_bind_addresses": map[string]structs.ServiceAddress{
|
"envoy_gateway_bind_addresses": map[string]structs.ServiceAddress{
|
||||||
"foo": structs.ServiceAddress{Address: "8.8.8.8"},
|
"foo": {Address: "8.8.8.8"},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -396,7 +396,7 @@ func TestListenersFromSnapshot(t *testing.T) {
|
||||||
create: proxycfg.TestConfigSnapshotIngress_HTTPMultipleServices,
|
create: proxycfg.TestConfigSnapshotIngress_HTTPMultipleServices,
|
||||||
setup: func(snap *proxycfg.ConfigSnapshot) {
|
setup: func(snap *proxycfg.ConfigSnapshot) {
|
||||||
snap.IngressGateway.Upstreams = map[proxycfg.IngressListenerKey]structs.Upstreams{
|
snap.IngressGateway.Upstreams = map[proxycfg.IngressListenerKey]structs.Upstreams{
|
||||||
proxycfg.IngressListenerKey{Protocol: "http", Port: 8080}: structs.Upstreams{
|
{Protocol: "http", Port: 8080}: {
|
||||||
{
|
{
|
||||||
DestinationName: "foo",
|
DestinationName: "foo",
|
||||||
LocalBindPort: 8080,
|
LocalBindPort: 8080,
|
||||||
|
@ -406,7 +406,7 @@ func TestListenersFromSnapshot(t *testing.T) {
|
||||||
LocalBindPort: 8080,
|
LocalBindPort: 8080,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
proxycfg.IngressListenerKey{Protocol: "http", Port: 443}: structs.Upstreams{
|
{Protocol: "http", Port: 443}: {
|
||||||
{
|
{
|
||||||
DestinationName: "baz",
|
DestinationName: "baz",
|
||||||
LocalBindPort: 443,
|
LocalBindPort: 443,
|
||||||
|
|
|
@ -113,7 +113,7 @@ func TestRoutesFromSnapshot(t *testing.T) {
|
||||||
create: proxycfg.TestConfigSnapshotIngress_HTTPMultipleServices,
|
create: proxycfg.TestConfigSnapshotIngress_HTTPMultipleServices,
|
||||||
setup: func(snap *proxycfg.ConfigSnapshot) {
|
setup: func(snap *proxycfg.ConfigSnapshot) {
|
||||||
snap.IngressGateway.Upstreams = map[proxycfg.IngressListenerKey]structs.Upstreams{
|
snap.IngressGateway.Upstreams = map[proxycfg.IngressListenerKey]structs.Upstreams{
|
||||||
proxycfg.IngressListenerKey{Protocol: "http", Port: 8080}: structs.Upstreams{
|
{Protocol: "http", Port: 8080}: {
|
||||||
{
|
{
|
||||||
DestinationName: "foo",
|
DestinationName: "foo",
|
||||||
LocalBindPort: 8080,
|
LocalBindPort: 8080,
|
||||||
|
@ -124,7 +124,7 @@ func TestRoutesFromSnapshot(t *testing.T) {
|
||||||
LocalBindPort: 8080,
|
LocalBindPort: 8080,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
proxycfg.IngressListenerKey{Protocol: "http", Port: 443}: structs.Upstreams{
|
{Protocol: "http", Port: 443}: {
|
||||||
{
|
{
|
||||||
DestinationName: "baz",
|
DestinationName: "baz",
|
||||||
LocalBindPort: 443,
|
LocalBindPort: 443,
|
||||||
|
|
|
@ -423,16 +423,16 @@ func TestAPI_ACLToken_CreateReadDelete(t *testing.T) {
|
||||||
created, wm, err := acl.TokenCreate(&ACLToken{
|
created, wm, err := acl.TokenCreate(&ACLToken{
|
||||||
Description: "token created",
|
Description: "token created",
|
||||||
Policies: []*ACLTokenPolicyLink{
|
Policies: []*ACLTokenPolicyLink{
|
||||||
&ACLTokenPolicyLink{
|
{
|
||||||
ID: policies[0].ID,
|
ID: policies[0].ID,
|
||||||
},
|
},
|
||||||
&ACLTokenPolicyLink{
|
{
|
||||||
ID: policies[1].ID,
|
ID: policies[1].ID,
|
||||||
},
|
},
|
||||||
&ACLTokenPolicyLink{
|
{
|
||||||
Name: policies[2].Name,
|
Name: policies[2].Name,
|
||||||
},
|
},
|
||||||
&ACLTokenPolicyLink{
|
{
|
||||||
Name: policies[3].Name,
|
Name: policies[3].Name,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -476,10 +476,10 @@ func TestAPI_ACLToken_CreateUpdate(t *testing.T) {
|
||||||
created, _, err := acl.TokenCreate(&ACLToken{
|
created, _, err := acl.TokenCreate(&ACLToken{
|
||||||
Description: "token created",
|
Description: "token created",
|
||||||
Policies: []*ACLTokenPolicyLink{
|
Policies: []*ACLTokenPolicyLink{
|
||||||
&ACLTokenPolicyLink{
|
{
|
||||||
ID: policies[0].ID,
|
ID: policies[0].ID,
|
||||||
},
|
},
|
||||||
&ACLTokenPolicyLink{
|
{
|
||||||
Name: policies[2].Name,
|
Name: policies[2].Name,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -498,15 +498,15 @@ func TestAPI_ACLToken_CreateUpdate(t *testing.T) {
|
||||||
read.Policies = append(read.Policies, &ACLTokenPolicyLink{Name: policies[2].Name})
|
read.Policies = append(read.Policies, &ACLTokenPolicyLink{Name: policies[2].Name})
|
||||||
|
|
||||||
expectedPolicies := []*ACLTokenPolicyLink{
|
expectedPolicies := []*ACLTokenPolicyLink{
|
||||||
&ACLTokenPolicyLink{
|
{
|
||||||
ID: policies[0].ID,
|
ID: policies[0].ID,
|
||||||
Name: policies[0].Name,
|
Name: policies[0].Name,
|
||||||
},
|
},
|
||||||
&ACLTokenPolicyLink{
|
{
|
||||||
ID: policies[1].ID,
|
ID: policies[1].ID,
|
||||||
Name: policies[1].Name,
|
Name: policies[1].Name,
|
||||||
},
|
},
|
||||||
&ACLTokenPolicyLink{
|
{
|
||||||
ID: policies[2].ID,
|
ID: policies[2].ID,
|
||||||
Name: policies[2].Name,
|
Name: policies[2].Name,
|
||||||
},
|
},
|
||||||
|
@ -540,7 +540,7 @@ func TestAPI_ACLToken_List(t *testing.T) {
|
||||||
created1, _, err := acl.TokenCreate(&ACLToken{
|
created1, _, err := acl.TokenCreate(&ACLToken{
|
||||||
Description: "token created1",
|
Description: "token created1",
|
||||||
Policies: []*ACLTokenPolicyLink{
|
Policies: []*ACLTokenPolicyLink{
|
||||||
&ACLTokenPolicyLink{
|
{
|
||||||
ID: policies[0].ID,
|
ID: policies[0].ID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -554,7 +554,7 @@ func TestAPI_ACLToken_List(t *testing.T) {
|
||||||
created2, _, err := acl.TokenCreate(&ACLToken{
|
created2, _, err := acl.TokenCreate(&ACLToken{
|
||||||
Description: "token created2",
|
Description: "token created2",
|
||||||
Policies: []*ACLTokenPolicyLink{
|
Policies: []*ACLTokenPolicyLink{
|
||||||
&ACLTokenPolicyLink{
|
{
|
||||||
ID: policies[1].ID,
|
ID: policies[1].ID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
@ -568,7 +568,7 @@ func TestAPI_ACLToken_List(t *testing.T) {
|
||||||
created3, _, err := acl.TokenCreate(&ACLToken{
|
created3, _, err := acl.TokenCreate(&ACLToken{
|
||||||
Description: "token created3",
|
Description: "token created3",
|
||||||
Policies: []*ACLTokenPolicyLink{
|
Policies: []*ACLTokenPolicyLink{
|
||||||
&ACLTokenPolicyLink{
|
{
|
||||||
ID: policies[2].ID,
|
ID: policies[2].ID,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
|
@ -181,7 +181,7 @@ func TestAPI_AgentServiceAndReplaceChecks(t *testing.T) {
|
||||||
ID: "foo",
|
ID: "foo",
|
||||||
Tags: []string{"bar", "baz"},
|
Tags: []string{"bar", "baz"},
|
||||||
TaggedAddresses: map[string]ServiceAddress{
|
TaggedAddresses: map[string]ServiceAddress{
|
||||||
"lan": ServiceAddress{
|
"lan": {
|
||||||
Address: "198.18.0.1",
|
Address: "198.18.0.1",
|
||||||
Port: 80,
|
Port: 80,
|
||||||
},
|
},
|
||||||
|
@ -197,7 +197,7 @@ func TestAPI_AgentServiceAndReplaceChecks(t *testing.T) {
|
||||||
ID: "foo",
|
ID: "foo",
|
||||||
Tags: []string{"bar", "baz"},
|
Tags: []string{"bar", "baz"},
|
||||||
TaggedAddresses: map[string]ServiceAddress{
|
TaggedAddresses: map[string]ServiceAddress{
|
||||||
"lan": ServiceAddress{
|
"lan": {
|
||||||
Address: "198.18.0.1",
|
Address: "198.18.0.1",
|
||||||
Port: 80,
|
Port: 80,
|
||||||
},
|
},
|
||||||
|
@ -261,7 +261,7 @@ func TestAPI_AgentServices(t *testing.T) {
|
||||||
ID: "foo",
|
ID: "foo",
|
||||||
Tags: []string{"bar", "baz"},
|
Tags: []string{"bar", "baz"},
|
||||||
TaggedAddresses: map[string]ServiceAddress{
|
TaggedAddresses: map[string]ServiceAddress{
|
||||||
"lan": ServiceAddress{
|
"lan": {
|
||||||
Address: "198.18.0.1",
|
Address: "198.18.0.1",
|
||||||
Port: 80,
|
Port: 80,
|
||||||
},
|
},
|
||||||
|
@ -555,11 +555,11 @@ func TestAPI_AgentServiceAddress(t *testing.T) {
|
||||||
Name: "foo2",
|
Name: "foo2",
|
||||||
Port: 8000,
|
Port: 8000,
|
||||||
TaggedAddresses: map[string]ServiceAddress{
|
TaggedAddresses: map[string]ServiceAddress{
|
||||||
"lan": ServiceAddress{
|
"lan": {
|
||||||
Address: "192.168.0.43",
|
Address: "192.168.0.43",
|
||||||
Port: 8000,
|
Port: 8000,
|
||||||
},
|
},
|
||||||
"wan": ServiceAddress{
|
"wan": {
|
||||||
Address: "198.18.0.1",
|
Address: "198.18.0.1",
|
||||||
Port: 80,
|
Port: 80,
|
||||||
},
|
},
|
||||||
|
|
|
@ -99,7 +99,7 @@ func testNodeServiceCheckRegistrations(t *testing.T, client *Client, datacenter
|
||||||
t.Helper()
|
t.Helper()
|
||||||
|
|
||||||
registrations := map[string]*CatalogRegistration{
|
registrations := map[string]*CatalogRegistration{
|
||||||
"Node foo": &CatalogRegistration{
|
"Node foo": {
|
||||||
Datacenter: datacenter,
|
Datacenter: datacenter,
|
||||||
Node: "foo",
|
Node: "foo",
|
||||||
ID: "e0155642-135d-4739-9853-a1ee6c9f945b",
|
ID: "e0155642-135d-4739-9853-a1ee6c9f945b",
|
||||||
|
@ -129,7 +129,7 @@ func testNodeServiceCheckRegistrations(t *testing.T, client *Client, datacenter
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service redis v1 on foo": &CatalogRegistration{
|
"Service redis v1 on foo": {
|
||||||
Datacenter: datacenter,
|
Datacenter: datacenter,
|
||||||
Node: "foo",
|
Node: "foo",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -154,7 +154,7 @@ func testNodeServiceCheckRegistrations(t *testing.T, client *Client, datacenter
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service redis v2 on foo": &CatalogRegistration{
|
"Service redis v2 on foo": {
|
||||||
Datacenter: datacenter,
|
Datacenter: datacenter,
|
||||||
Node: "foo",
|
Node: "foo",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -179,7 +179,7 @@ func testNodeServiceCheckRegistrations(t *testing.T, client *Client, datacenter
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Node bar": &CatalogRegistration{
|
"Node bar": {
|
||||||
Datacenter: datacenter,
|
Datacenter: datacenter,
|
||||||
Node: "bar",
|
Node: "bar",
|
||||||
ID: "c6e7a976-8f4f-44b5-bdd3-631be7e8ecac",
|
ID: "c6e7a976-8f4f-44b5-bdd3-631be7e8ecac",
|
||||||
|
@ -202,7 +202,7 @@ func testNodeServiceCheckRegistrations(t *testing.T, client *Client, datacenter
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service redis v1 on bar": &CatalogRegistration{
|
"Service redis v1 on bar": {
|
||||||
Datacenter: datacenter,
|
Datacenter: datacenter,
|
||||||
Node: "bar",
|
Node: "bar",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -227,7 +227,7 @@ func testNodeServiceCheckRegistrations(t *testing.T, client *Client, datacenter
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service web v1 on bar": &CatalogRegistration{
|
"Service web v1 on bar": {
|
||||||
Datacenter: datacenter,
|
Datacenter: datacenter,
|
||||||
Node: "bar",
|
Node: "bar",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -253,7 +253,7 @@ func testNodeServiceCheckRegistrations(t *testing.T, client *Client, datacenter
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Node baz": &CatalogRegistration{
|
"Node baz": {
|
||||||
Datacenter: datacenter,
|
Datacenter: datacenter,
|
||||||
Node: "baz",
|
Node: "baz",
|
||||||
ID: "12f96b27-a7b0-47bd-add7-044a2bfc7bfb",
|
ID: "12f96b27-a7b0-47bd-add7-044a2bfc7bfb",
|
||||||
|
@ -282,7 +282,7 @@ func testNodeServiceCheckRegistrations(t *testing.T, client *Client, datacenter
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service web v1 on baz": &CatalogRegistration{
|
"Service web v1 on baz": {
|
||||||
Datacenter: datacenter,
|
Datacenter: datacenter,
|
||||||
Node: "baz",
|
Node: "baz",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -308,7 +308,7 @@ func testNodeServiceCheckRegistrations(t *testing.T, client *Client, datacenter
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service web v2 on baz": &CatalogRegistration{
|
"Service web v2 on baz": {
|
||||||
Datacenter: datacenter,
|
Datacenter: datacenter,
|
||||||
Node: "baz",
|
Node: "baz",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -334,7 +334,7 @@ func testNodeServiceCheckRegistrations(t *testing.T, client *Client, datacenter
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service critical on baz": &CatalogRegistration{
|
"Service critical on baz": {
|
||||||
Datacenter: datacenter,
|
Datacenter: datacenter,
|
||||||
Node: "baz",
|
Node: "baz",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
@ -359,7 +359,7 @@ func testNodeServiceCheckRegistrations(t *testing.T, client *Client, datacenter
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
"Service warning on baz": &CatalogRegistration{
|
"Service warning on baz": {
|
||||||
Datacenter: datacenter,
|
Datacenter: datacenter,
|
||||||
Node: "baz",
|
Node: "baz",
|
||||||
SkipNodeUpdate: true,
|
SkipNodeUpdate: true,
|
||||||
|
|
|
@ -133,18 +133,18 @@ func TestAPI_ConfigEntry_DiscoveryChain(t *testing.T) {
|
||||||
Namespace: defaultNamespace,
|
Namespace: defaultNamespace,
|
||||||
DefaultSubset: "v1",
|
DefaultSubset: "v1",
|
||||||
Subsets: map[string]ServiceResolverSubset{
|
Subsets: map[string]ServiceResolverSubset{
|
||||||
"v1": ServiceResolverSubset{
|
"v1": {
|
||||||
Filter: "Service.Meta.version == v1",
|
Filter: "Service.Meta.version == v1",
|
||||||
},
|
},
|
||||||
"v2": ServiceResolverSubset{
|
"v2": {
|
||||||
Filter: "Service.Meta.version == v2",
|
Filter: "Service.Meta.version == v2",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Failover: map[string]ServiceResolverFailover{
|
Failover: map[string]ServiceResolverFailover{
|
||||||
"*": ServiceResolverFailover{
|
"*": {
|
||||||
Datacenters: []string{"dc2"},
|
Datacenters: []string{"dc2"},
|
||||||
},
|
},
|
||||||
"v1": ServiceResolverFailover{
|
"v1": {
|
||||||
Service: "alternate",
|
Service: "alternate",
|
||||||
Namespace: defaultNamespace,
|
Namespace: defaultNamespace,
|
||||||
},
|
},
|
||||||
|
|
|
@ -655,24 +655,24 @@ func TestDecodeConfigEntry(t *testing.T) {
|
||||||
Enabled: true,
|
Enabled: true,
|
||||||
},
|
},
|
||||||
Listeners: []IngressListener{
|
Listeners: []IngressListener{
|
||||||
IngressListener{
|
{
|
||||||
Port: 8080,
|
Port: 8080,
|
||||||
Protocol: "http",
|
Protocol: "http",
|
||||||
Services: []IngressService{
|
Services: []IngressService{
|
||||||
IngressService{
|
{
|
||||||
Name: "web",
|
Name: "web",
|
||||||
Namespace: "foo",
|
Namespace: "foo",
|
||||||
},
|
},
|
||||||
IngressService{
|
{
|
||||||
Name: "db",
|
Name: "db",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
IngressListener{
|
{
|
||||||
Port: 9999,
|
Port: 9999,
|
||||||
Protocol: "tcp",
|
Protocol: "tcp",
|
||||||
Services: []IngressService{
|
Services: []IngressService{
|
||||||
IngressService{
|
{
|
||||||
Name: "mysql",
|
Name: "mysql",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue