mirror of https://github.com/status-im/consul.git
ENT port: test-integ/peering: peer through mesh gateway [NET-4609] (#18605)
Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
This commit is contained in:
Nick Irvine
GitHub
parent
bbc2763b9f
commit
3569d702d5
|
|
@ -196,7 +196,8 @@ func (s *ac7_2RotateLeaderSuite) test(t *testing.T, ct *commonTopo) {
|
|||
func rotateLeader(t *testing.T, cl *api.Client) {
|
||||
t.Helper()
|
||||
oldLeader := findLeader(t, cl)
|
||||
cl.Operator().RaftLeaderTransfer(nil)
|
||||
_, err := cl.Operator().RaftLeaderTransfer(nil)
|
||||
require.NoError(t, err)
|
||||
retry.RunWith(&retry.Timer{Timeout: 30 * time.Second, Wait: time.Second}, t, func(r *retry.R) {
|
||||
newLeader := findLeader(r, cl)
|
||||
require.NotEqual(r, oldLeader.ID, newLeader.ID)
|
||||
|
|
|
|||
|
|
@ -59,12 +59,14 @@ func NewCommonTopo(t *testing.T) *commonTopo {
|
|||
|
||||
ct := commonTopo{}
|
||||
|
||||
const nServers = 3
|
||||
|
||||
// Make 3-server clusters in dc1 and dc2
|
||||
// For simplicity, the Name and Datacenter of the clusters are the same.
|
||||
// dc1 and dc2 should be symmetric.
|
||||
dc1 := clusterWithJustServers("dc1", 3)
|
||||
dc1 := clusterWithJustServers("dc1", nServers)
|
||||
ct.DC1 = dc1
|
||||
dc2 := clusterWithJustServers("dc2", 3)
|
||||
dc2 := clusterWithJustServers("dc2", nServers)
|
||||
ct.DC2 = dc2
|
||||
// dc3 is a failover cluster for both dc1 and dc2
|
||||
dc3 := clusterWithJustServers("dc3", 1)
|
||||
|
|
@ -367,6 +369,11 @@ func setupGlobals(clu *topology.Cluster) {
|
|||
Mode: api.MeshGatewayModeLocal,
|
||||
},
|
||||
},
|
||||
&api.MeshConfigEntry{
|
||||
Peering: &api.PeeringMeshConfig{
|
||||
PeerThroughMeshGateways: true,
|
||||
},
|
||||
},
|
||||
)
|
||||
}
|
||||
}
|
||||
|
|
@ -398,7 +405,7 @@ func clusterWithJustServers(name string, numServers int) *topology.Cluster {
|
|||
Nodes: newTopologyServerSet(
|
||||
name+"-server",
|
||||
numServers,
|
||||
[]string{name, "wan"},
|
||||
[]string{name},
|
||||
nil,
|
||||
),
|
||||
}
|
||||
|
|
|
|||
|
|
@ -107,40 +107,8 @@ func tokenForService(svc *topology.Service, overridePolicy *api.ACLPolicy, enter
|
|||
return token
|
||||
}
|
||||
|
||||
func policyForMeshGateway(svc *topology.Service, enterprise bool) *api.ACLPolicy {
|
||||
policyName := "mesh-gateway--" + svc.ID.ACLString()
|
||||
|
||||
policy := &api.ACLPolicy{
|
||||
Name: policyName,
|
||||
Description: policyName,
|
||||
}
|
||||
if enterprise {
|
||||
policy.Partition = svc.ID.Partition
|
||||
policy.Namespace = "default"
|
||||
}
|
||||
|
||||
if enterprise {
|
||||
policy.Rules = `
|
||||
namespace_prefix "" {
|
||||
service "mesh-gateway" {
|
||||
policy = "write"
|
||||
}
|
||||
service_prefix "" {
|
||||
policy = "read"
|
||||
}
|
||||
node_prefix "" {
|
||||
policy = "read"
|
||||
}
|
||||
}
|
||||
agent_prefix "" {
|
||||
policy = "read"
|
||||
}
|
||||
# for peering
|
||||
mesh = "write"
|
||||
peering = "read"
|
||||
`
|
||||
} else {
|
||||
policy.Rules = `
|
||||
const (
|
||||
meshGatewayCommunityRules = `
|
||||
service "mesh-gateway" {
|
||||
policy = "write"
|
||||
}
|
||||
|
|
@ -157,6 +125,71 @@ agent_prefix "" {
|
|||
mesh = "write"
|
||||
peering = "read"
|
||||
`
|
||||
|
||||
meshGatewayEntDefaultRules = `
|
||||
namespace_prefix "" {
|
||||
service "mesh-gateway" {
|
||||
policy = "write"
|
||||
}
|
||||
service_prefix "" {
|
||||
policy = "read"
|
||||
}
|
||||
node_prefix "" {
|
||||
policy = "read"
|
||||
}
|
||||
}
|
||||
agent_prefix "" {
|
||||
policy = "read"
|
||||
}
|
||||
# for peering
|
||||
mesh = "write"
|
||||
|
||||
partition_prefix "" {
|
||||
peering = "read"
|
||||
}
|
||||
`
|
||||
|
||||
meshGatewayEntNonDefaultRules = `
|
||||
namespace_prefix "" {
|
||||
service "mesh-gateway" {
|
||||
policy = "write"
|
||||
}
|
||||
service_prefix "" {
|
||||
policy = "read"
|
||||
}
|
||||
node_prefix "" {
|
||||
policy = "read"
|
||||
}
|
||||
}
|
||||
agent_prefix "" {
|
||||
policy = "read"
|
||||
}
|
||||
# for peering
|
||||
mesh = "write"
|
||||
`
|
||||
)
|
||||
|
||||
func policyForMeshGateway(svc *topology.Service, enterprise bool) *api.ACLPolicy {
|
||||
policyName := "mesh-gateway--" + svc.ID.ACLString()
|
||||
|
||||
policy := &api.ACLPolicy{
|
||||
Name: policyName,
|
||||
Description: policyName,
|
||||
}
|
||||
if enterprise {
|
||||
fmt.Printf("Enterprise mgw ACLS - Partition: %s, Namespace: default", svc.ID.Partition)
|
||||
policy.Partition = svc.ID.Partition
|
||||
policy.Namespace = "default"
|
||||
}
|
||||
|
||||
if enterprise {
|
||||
if svc.ID.Partition == "default" {
|
||||
policy.Rules = meshGatewayEntDefaultRules
|
||||
} else {
|
||||
policy.Rules = meshGatewayEntNonDefaultRules
|
||||
}
|
||||
} else {
|
||||
policy.Rules = meshGatewayCommunityRules
|
||||
}
|
||||
|
||||
return policy
|
||||
|
|
|
|||
|
|
@ -5,7 +5,9 @@ package sprawl
|
|||
|
||||
import (
|
||||
"context"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
|
|
@ -89,7 +91,14 @@ func (s *Sprawl) initPeerings() error {
|
|||
time.Sleep(50 * time.Millisecond)
|
||||
goto ESTABLISH
|
||||
}
|
||||
return fmt.Errorf("error establishing peering with token for %q: %w", peering.String(), err)
|
||||
// Establish and friends return an api.StatusError value, not pointer
|
||||
// not sure if this is weird
|
||||
var asStatusError api.StatusError
|
||||
if errors.As(err, &asStatusError) && asStatusError.Code == http.StatusGatewayTimeout {
|
||||
time.Sleep(50 * time.Millisecond)
|
||||
goto ESTABLISH
|
||||
}
|
||||
return fmt.Errorf("error establishing peering with token for %q: %#v", peering.String(), err)
|
||||
}
|
||||
|
||||
logger.Info("peering established", "peering", peering.String())
|
||||
|
|
|
|||
Loading…
Reference in New Issue