Store intention upstreams in snapshot

2021-12-13 15:13:33 -07:00 · 2021-12-13 15:13:33 -07:00 · 70d6358426
parent 81ea8129d7
commit 70d6358426
3 changed files with 12 additions and 0 deletions
--- a/agent/proxycfg/connect_proxy.go
+++ b/agent/proxycfg/connect_proxy.go
@ -271,6 +271,7 @@ func (s *handlerConnectProxy) handleUpdate(ctx context.Context, u cache.UpdateEv
 				return fmt.Errorf("failed to watch discovery chain for %s: %v", svc.String(), err)
 			}
 		}
+		snap.ConnectProxy.IntentionUpstreams = seenServices

 		// Clean up data from services that were not in the update
 		for sn, targets := range snap.ConnectProxy.WatchedUpstreams {
--- a/agent/proxycfg/snapshot.go
+++ b/agent/proxycfg/snapshot.go
@ -17,6 +17,7 @@ import (
 // A shared data structure that contains information about discovered upstreams
 type ConfigSnapshotUpstreams struct {
 	Leaf *structs.IssuedCert
+
 	// DiscoveryChain is a map of upstream.Identifier() ->
 	// CompiledDiscoveryChain's, and is used to determine what services could be
 	// targeted by this upstream. We then instantiate watches for those targets.
@ -53,6 +54,11 @@ type ConfigSnapshotUpstreams struct {

 	// PassthroughEndpoints is a map of: ServiceName -> ServicePassthroughAddrs.
 	PassthroughUpstreams map[string]ServicePassthroughAddrs
+
+	// IntentionUpstreams is a set of upstreams inferred from intentions.
+	// The keys are created with structs.ServiceName.String().
+	// This list only applies to proxies registered in 'transparent' mode.
+	IntentionUpstreams map[string]struct{}
 }

 type GatewayKey struct {
@ -129,6 +135,7 @@ func (c *configSnapshotConnectProxy) IsEmpty() bool {
 		len(c.PreparedQueryEndpoints) == 0 &&
 		len(c.UpstreamConfig) == 0 &&
 		len(c.PassthroughUpstreams) == 0 &&
+		len(c.IntentionUpstreams) == 0 &&
 		!c.MeshConfigSet
 }

--- a/agent/proxycfg/state_test.go
+++ b/agent/proxycfg/state_test.go
@ -1833,6 +1833,8 @@ func TestState_WatchesAndUpdates(t *testing.T) {
 					verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) {
 						require.True(t, snap.Valid(), "should still be valid")

+						require.Equal(t, map[string]struct{}{db.String(): {}}, snap.ConnectProxy.IntentionUpstreams)
+
 						// Should start watch for db's chain
 						require.Contains(t, snap.ConnectProxy.WatchedDiscoveryChains, db.String())

@ -2062,6 +2064,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
 						require.Empty(t, snap.ConnectProxy.WatchedGateways)
 						require.Empty(t, snap.ConnectProxy.WatchedGatewayEndpoints)
 						require.Empty(t, snap.ConnectProxy.DiscoveryChain)
+						require.Empty(t, snap.ConnectProxy.IntentionUpstreams)
 					},
 				},
 			},
@ -2225,6 +2228,7 @@ func TestState_WatchesAndUpdates(t *testing.T) {
 					},
 					verifySnapshot: func(t testing.TB, snap *ConfigSnapshot) {
 						require.True(t, snap.Valid(), "should still be valid")
+						require.Empty(t, snap.ConnectProxy.IntentionUpstreams)

 						// Explicit upstream discovery chain watches don't get stored in these maps because they don't
 						// get canceled unless the proxy registration is modified.