From 5140c3e51fdacdc5751cd19b7e66a0c54aa78d59 Mon Sep 17 00:00:00 2001 From: freddygv Date: Tue, 6 Apr 2021 14:48:54 -0600 Subject: [PATCH] Finish resolving upstream defaults in proxycfg --- agent/proxycfg/state.go | 15 +++++++++++++++ agent/proxycfg/state_test.go | 32 +++++++++++++++++++++++++++----- 2 files changed, 42 insertions(+), 5 deletions(-) diff --git a/agent/proxycfg/state.go b/agent/proxycfg/state.go index 31b8c352d1..0a4354e0b9 100644 --- a/agent/proxycfg/state.go +++ b/agent/proxycfg/state.go @@ -333,6 +333,11 @@ func (s *state) initWatchesConnectProxy(snap *ConfigSnapshot) error { for i := range s.proxyCfg.Upstreams { u := s.proxyCfg.Upstreams[i] + // Store defaults keyed under wildcard so they can be applied to centrally configured upstreams + if u.DestinationName == structs.WildcardSpecifier { + snap.ConnectProxy.UpstreamConfig[u.DestinationID().String()] = &u + } + // This can be true if the upstream is a synthetic entry populated from centralized upstream config. // Watches should not be created for them. if u.CentrallyConfigured { @@ -795,6 +800,16 @@ func (s *state) handleUpdateConnectProxy(u cache.UpdateEvent, snap *ConfigSnapsh u, ok := snap.ConnectProxy.UpstreamConfig[svc.String()] if ok { cfgMap = u.Config + } else { + // Use the centralized upstream defaults if they exist and there isn't specific configuration for this upstream + // This is only relevant to upstreams from intentions because for explicit upstreams the defaulting is handled + // by the ResolveServiceConfig endpoint. + wildcardSID := structs.NewServiceID(structs.WildcardSpecifier, structs.WildcardEnterpriseMeta()) + defaults, ok := snap.ConnectProxy.UpstreamConfig[wildcardSID.String()] + if ok { + cfgMap = defaults.Config + snap.ConnectProxy.UpstreamConfig[svc.String()] = defaults + } } cfg, err := parseReducedUpstreamConfig(cfgMap) diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go index bc8a4daa6e..40e3a547cf 100644 --- a/agent/proxycfg/state_test.go +++ b/agent/proxycfg/state_test.go @@ -5,6 +5,7 @@ import ( "fmt" "sync" "testing" + "time" "github.com/stretchr/testify/require" @@ -1606,6 +1607,16 @@ func TestState_WatchesAndUpdates(t *testing.T) { Proxy: structs.ConnectProxyConfig{ DestinationServiceName: "api", TransparentProxy: true, + Upstreams: structs.Upstreams{ + { + CentrallyConfigured: true, + DestinationName: structs.WildcardSpecifier, + DestinationNamespace: structs.WildcardSpecifier, + Config: map[string]interface{}{ + "connect_timeout_ms": 6000, + }, + }, + }, }, }, sourceDC: "dc1", @@ -1622,10 +1633,13 @@ func TestState_WatchesAndUpdates(t *testing.T) { }, verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) { require.False(t, snap.Valid(), "proxy without roots/leaf/intentions is not valid") - require.True(t, snap.ConnectProxy.IsEmpty()) require.True(t, snap.MeshGateway.IsEmpty()) require.True(t, snap.IngressGateway.IsEmpty()) require.True(t, snap.TerminatingGateway.IsEmpty()) + + // Centrally configured upstream defaults should be stored so that upstreams from intentions can inherit them + require.Len(t, snap.ConnectProxy.UpstreamConfig, 1) + require.Contains(t, snap.ConnectProxy.UpstreamConfig, "*") }, }, // Valid snapshot after roots, leaf, and intentions @@ -1694,16 +1708,24 @@ func TestState_WatchesAndUpdates(t *testing.T) { // Should not have results yet require.Empty(t, snap.ConnectProxy.DiscoveryChain) + + require.Len(t, snap.ConnectProxy.UpstreamConfig, 2) + cfg, ok := snap.ConnectProxy.UpstreamConfig[db.String()] + require.True(t, ok) + + // Upstream config should have been inherited from defaults under wildcard key + require.Equal(t, cfg.Config["connect_timeout_ms"], 6000) }, }, // Discovery chain updates should be stored { requiredWatches: map[string]verifyWatchRequest{ "discovery-chain:" + dbStr: genVerifyDiscoveryChainWatch(&structs.DiscoveryChainRequest{ - Name: "db", - EvaluateInDatacenter: "dc1", - EvaluateInNamespace: "default", - Datacenter: "dc1", + Name: "db", + EvaluateInDatacenter: "dc1", + EvaluateInNamespace: "default", + Datacenter: "dc1", + OverrideConnectTimeout: 6 * time.Second, }), }, events: []cache.UpdateEvent{