diff --git a/agent/consul/config_replication.go b/agent/consul/config_replication.go index 536f75dc7e..e5cb8e5337 100644 --- a/agent/consul/config_replication.go +++ b/agent/consul/config_replication.go @@ -92,6 +92,10 @@ func (s *Server) reconcileLocalConfig(ctx context.Context, configs []structs.Con defer ticker.Stop() for i, entry := range configs { + // Partition exports only apply to the primary datacenter. + if entry.GetKind() == structs.PartitionExports { + continue + } req := structs.ConfigEntryRequest{ Op: op, Datacenter: s.config.Datacenter, diff --git a/agent/consul/config_replication_test.go b/agent/consul/config_replication_test.go index fa10d4efe8..5c25101e21 100644 --- a/agent/consul/config_replication_test.go +++ b/agent/consul/config_replication_test.go @@ -6,10 +6,11 @@ import ( "testing" "time" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil/retry" "github.com/hashicorp/consul/testrpc" - "github.com/stretchr/testify/require" ) func TestReplication_ConfigSort(t *testing.T) { @@ -91,6 +92,107 @@ func TestReplication_ConfigSort(t *testing.T) { } } +func TestReplication_DisallowedConfigEntries(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + dir1, s1 := testServerWithConfig(t, func(c *Config) { + c.PrimaryDatacenter = "dc1" + }) + defer os.RemoveAll(dir1) + defer s1.Shutdown() + testrpc.WaitForLeader(t, s1.RPC, "dc1") + client := rpcClient(t, s1) + defer client.Close() + + dir2, s2 := testServerWithConfig(t, func(c *Config) { + c.Datacenter = "dc2" + c.PrimaryDatacenter = "dc1" + c.ConfigReplicationRate = 100 + c.ConfigReplicationBurst = 100 + c.ConfigReplicationApplyLimit = 1000000 + }) + testrpc.WaitForLeader(t, s2.RPC, "dc2") + defer os.RemoveAll(dir2) + defer s2.Shutdown() + + // Try to join. + joinWAN(t, s2, s1) + testrpc.WaitForLeader(t, s1.RPC, "dc1") + testrpc.WaitForLeader(t, s1.RPC, "dc2") + + args := []structs.ConfigEntryRequest{ + { + Datacenter: "dc1", + Op: structs.ConfigEntryUpsert, + Entry: &structs.ServiceConfigEntry{ + Kind: structs.ServiceDefaults, + Name: "foo", + Protocol: "http2", + }, + }, + { + Datacenter: "dc1", + Op: structs.ConfigEntryUpsert, + Entry: &structs.PartitionExportsConfigEntry{ + Name: "default", + Services: []structs.ExportedService{ + { + Name: structs.WildcardSpecifier, + Consumers: []structs.ServiceConsumer{ + { + Partition: "non-default", + }, + }, + }, + }, + }, + }, + { + Datacenter: "dc1", + Op: structs.ConfigEntryUpsert, + Entry: &structs.ProxyConfigEntry{ + Kind: structs.ProxyDefaults, + Name: "global", + Config: map[string]interface{}{ + "Protocol": "http", + }, + }, + }, + { + Datacenter: "dc1", + Op: structs.ConfigEntryUpsert, + Entry: &structs.MeshConfigEntry{ + TransparentProxy: structs.TransparentProxyMeshConfig{ + MeshDestinationsOnly: true, + }, + }, + }, + } + for _, arg := range args { + out := false + require.NoError(t, s1.RPC("ConfigEntry.Apply", &arg, &out)) + } + + retry.Run(t, func(r *retry.R) { + _, local, err := s2.fsm.State().ConfigEntries(nil, structs.ReplicationEnterpriseMeta()) + require.NoError(r, err) + require.Len(r, local, 3) + + localKinds := make([]string, 0) + for _, entry := range local { + localKinds = append(localKinds, entry.GetKind()) + } + + // Should have all inserted kinds except for partition-exports. + expectKinds := []string{ + structs.ProxyDefaults, structs.ServiceDefaults, structs.MeshConfig, + } + require.ElementsMatch(r, expectKinds, localKinds) + }) +} + func TestReplication_ConfigEntries(t *testing.T) { if testing.Short() { t.Skip("too slow for testing.Short")