status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

ENT port: test-integ/peering: peer through mesh gateway [NET-4609] (#18605) 

Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
This commit is contained in:
Nick Irvine 2023-09-08 09:04:56 -07:00 committed by GitHub
parent bbc2763b9f
commit 3569d702d5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 89 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
test-integ/peering_commontopo/ac7_2_rotate_leader_test.go
View File

@ -196,7 +196,8 @@ func (s *ac7_2RotateLeaderSuite) test(t *testing.T, ct *commonTopo) {
func rotateLeader(t *testing.T, cl *api.Client) { func rotateLeader(t *testing.T, cl *api.Client) {
t.Helper() t.Helper()
oldLeader := findLeader(t, cl) oldLeader := findLeader(t, cl)
cl.Operator().RaftLeaderTransfer(nil) _, err := cl.Operator().RaftLeaderTransfer(nil)
require.NoError(t, err)
retry.RunWith(&retry.Timer{Timeout: 30 * time.Second, Wait: time.Second}, t, func(r *retry.R) { retry.RunWith(&retry.Timer{Timeout: 30 * time.Second, Wait: time.Second}, t, func(r *retry.R) {
newLeader := findLeader(r, cl) newLeader := findLeader(r, cl)
require.NotEqual(r, oldLeader.ID, newLeader.ID) require.NotEqual(r, oldLeader.ID, newLeader.ID)

13
test-integ/peering_commontopo/commontopo.go
View File

@ -59,12 +59,14 @@ func NewCommonTopo(t *testing.T) *commonTopo {
ct := commonTopo{} ct := commonTopo{}
const nServers = 3
// Make 3-server clusters in dc1 and dc2 // Make 3-server clusters in dc1 and dc2
// For simplicity, the Name and Datacenter of the clusters are the same. // For simplicity, the Name and Datacenter of the clusters are the same.
// dc1 and dc2 should be symmetric. // dc1 and dc2 should be symmetric.
dc1 := clusterWithJustServers("dc1", 3) dc1 := clusterWithJustServers("dc1", nServers)
ct.DC1 = dc1 ct.DC1 = dc1
dc2 := clusterWithJustServers("dc2", 3) dc2 := clusterWithJustServers("dc2", nServers)
ct.DC2 = dc2 ct.DC2 = dc2
// dc3 is a failover cluster for both dc1 and dc2 // dc3 is a failover cluster for both dc1 and dc2
dc3 := clusterWithJustServers("dc3", 1) dc3 := clusterWithJustServers("dc3", 1)
@ -367,6 +369,11 @@ func setupGlobals(clu *topology.Cluster) {
Mode: api.MeshGatewayModeLocal, Mode: api.MeshGatewayModeLocal,
}, },
}, },
&api.MeshConfigEntry{
Peering: &api.PeeringMeshConfig{
PeerThroughMeshGateways: true,
},
},
) )
} }
} }
@ -398,7 +405,7 @@ func clusterWithJustServers(name string, numServers int) *topology.Cluster {
Nodes: newTopologyServerSet( Nodes: newTopologyServerSet(
name+"-server", name+"-server",
numServers, numServers,
[]string{name, "wan"}, []string{name},
nil, nil,
), ),
} }

101
testing/deployer/sprawl/acl_rules.go
View File

@ -107,40 +107,8 @@ func tokenForService(svc *topology.Service, overridePolicy *api.ACLPolicy, enter
return token return token
} }
func policyForMeshGateway(svc *topology.Service, enterprise bool) *api.ACLPolicy { const (
policyName := "mesh-gateway--" + svc.ID.ACLString() meshGatewayCommunityRules = `
policy := &api.ACLPolicy{
Name: policyName,
Description: policyName,
}
if enterprise {
policy.Partition = svc.ID.Partition
policy.Namespace = "default"
}
if enterprise {
policy.Rules = `
namespace_prefix "" {
service "mesh-gateway" {
policy = "write"
}
service_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
}
agent_prefix "" {
policy = "read"
}
# for peering
mesh = "write"
peering = "read"
`
} else {
policy.Rules = `
service "mesh-gateway" { service "mesh-gateway" {
policy = "write" policy = "write"
} }
@ -157,6 +125,71 @@ agent_prefix "" {
mesh = "write" mesh = "write"
peering = "read" peering = "read"
` `
meshGatewayEntDefaultRules = `
namespace_prefix "" {
service "mesh-gateway" {
policy = "write"
}
service_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
}
agent_prefix "" {
policy = "read"
}
# for peering
mesh = "write"
partition_prefix "" {
peering = "read"
}
`
meshGatewayEntNonDefaultRules = `
namespace_prefix "" {
service "mesh-gateway" {
policy = "write"
}
service_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
}
agent_prefix "" {
policy = "read"
}
# for peering
mesh = "write"
`
)
func policyForMeshGateway(svc *topology.Service, enterprise bool) *api.ACLPolicy {
policyName := "mesh-gateway--" + svc.ID.ACLString()
policy := &api.ACLPolicy{
Name: policyName,
Description: policyName,
}
if enterprise {
fmt.Printf("Enterprise mgw ACLS - Partition: %s, Namespace: default", svc.ID.Partition)
policy.Partition = svc.ID.Partition
policy.Namespace = "default"
}
if enterprise {
if svc.ID.Partition == "default" {
policy.Rules = meshGatewayEntDefaultRules
} else {
policy.Rules = meshGatewayEntNonDefaultRules
}
} else {
policy.Rules = meshGatewayCommunityRules
} }
return policy return policy

11
testing/deployer/sprawl/peering.go
View File

@ -5,7 +5,9 @@ package sprawl
import ( import (
"context" "context"
"errors"
"fmt" "fmt"
"net/http"
"strings" "strings"
"time" "time"
@ -89,7 +91,14 @@ func (s *Sprawl) initPeerings() error {
time.Sleep(50 * time.Millisecond) time.Sleep(50 * time.Millisecond)
goto ESTABLISH goto ESTABLISH
} }
return fmt.Errorf("error establishing peering with token for %q: %w", peering.String(), err) // Establish and friends return an api.StatusError value, not pointer
// not sure if this is weird
var asStatusError api.StatusError
if errors.As(err, &asStatusError) && asStatusError.Code == http.StatusGatewayTimeout {
time.Sleep(50 * time.Millisecond)
goto ESTABLISH
}
return fmt.Errorf("error establishing peering with token for %q: %#v", peering.String(), err)
} }
logger.Info("peering established", "peering", peering.String()) logger.Info("peering established", "peering", peering.String())