diff --git a/agent/consul/peering_backend.go b/agent/consul/peering_backend.go index 0aa0e3f3a5..56f217ee65 100644 --- a/agent/consul/peering_backend.go +++ b/agent/consul/peering_backend.go @@ -112,6 +112,10 @@ func (b *peeringBackend) EnterpriseCheckPartitions(partition string) error { return b.enterpriseCheckPartitions(partition) } +func (b *peeringBackend) EnterpriseCheckNamespaces(namespace string) error { + return b.enterpriseCheckNamespaces(namespace) +} + func (b *peeringBackend) IsLeader() bool { return b.srv.IsLeader() } diff --git a/agent/consul/peering_backend_oss.go b/agent/consul/peering_backend_oss.go index 5f5a117dba..412ce34a24 100644 --- a/agent/consul/peering_backend_oss.go +++ b/agent/consul/peering_backend_oss.go @@ -5,11 +5,19 @@ package consul import ( "fmt" + "strings" ) func (b *peeringBackend) enterpriseCheckPartitions(partition string) error { - if partition != "" { - return fmt.Errorf("Partitions are a Consul Enterprise feature") + if partition == "" || strings.EqualFold(partition, "default") { + return nil } - return nil + return fmt.Errorf("Partitions are a Consul Enterprise feature") +} + +func (b *peeringBackend) enterpriseCheckNamespaces(namespace string) error { + if namespace == "" || strings.EqualFold(namespace, "default") { + return nil + } + return fmt.Errorf("Namespaces are a Consul Enterprise feature") } diff --git a/agent/consul/peering_backend_oss_test.go b/agent/consul/peering_backend_oss_test.go index 75decc0a8c..5996690eae 100644 --- a/agent/consul/peering_backend_oss_test.go +++ b/agent/consul/peering_backend_oss_test.go @@ -49,3 +49,38 @@ func TestPeeringBackend_RejectsPartition(t *testing.T) { require.Error(t, err) require.Contains(t, err.Error(), "Partitions are a Consul Enterprise feature") } + +func TestPeeringBackend_IgnoresDefaultPartition(t *testing.T) { + if testing.Short() { + t.Skip("too slow for testing.Short") + } + + t.Parallel() + _, s1 := testServerWithConfig(t, func(c *Config) { + c.Datacenter = "dc1" + c.Bootstrap = true + }) + + testrpc.WaitForLeader(t, s1.RPC, "dc1") + + // make a grpc client to dial s1 directly + ctx, cancel := context.WithTimeout(context.Background(), 1*time.Second) + t.Cleanup(cancel) + + conn, err := gogrpc.DialContext(ctx, s1.config.RPCAddr.String(), + gogrpc.WithContextDialer(newServerDialer(s1.config.RPCAddr.String())), + gogrpc.WithInsecure(), + gogrpc.WithBlock()) + require.NoError(t, err) + t.Cleanup(func() { conn.Close() }) + + peeringClient := pbpeering.NewPeeringServiceClient(conn) + + req := pbpeering.GenerateTokenRequest{ + Datacenter: "dc1", + PeerName: "my-peer", + Partition: "DeFaUlT", + } + _, err = peeringClient.GenerateToken(ctx, &req) + require.NoError(t, err) +} diff --git a/agent/rpc/peering/service.go b/agent/rpc/peering/service.go index 84d65a4b6e..1b6d565b11 100644 --- a/agent/rpc/peering/service.go +++ b/agent/rpc/peering/service.go @@ -100,6 +100,8 @@ type Backend interface { EnterpriseCheckPartitions(partition string) error + EnterpriseCheckNamespaces(namespace string) error + Subscribe(req *stream.SubscribeRequest) (*stream.Subscription, error) // IsLeader indicates whether the consul server is in a leader state or not. @@ -438,6 +440,9 @@ func (s *Service) TrustBundleListByService(ctx context.Context, req *pbpeering.T if err := s.Backend.EnterpriseCheckPartitions(req.Partition); err != nil { return nil, grpcstatus.Error(codes.InvalidArgument, err.Error()) } + if err := s.Backend.EnterpriseCheckNamespaces(req.Namespace); err != nil { + return nil, grpcstatus.Error(codes.InvalidArgument, err.Error()) + } var resp *pbpeering.TrustBundleListByServiceResponse handled, err := s.Backend.Forward(req, func(conn *grpc.ClientConn) error { diff --git a/agent/rpc/peering/service_oss_test.go b/agent/rpc/peering/service_oss_test.go index 8c7633639a..173e018897 100644 --- a/agent/rpc/peering/service_oss_test.go +++ b/agent/rpc/peering/service_oss_test.go @@ -21,7 +21,7 @@ func TestPeeringService_RejectsPartition(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) t.Cleanup(cancel) - req := &pbpeering.PeeringReadRequest{Name: "foo", Partition: "default"} + req := &pbpeering.PeeringReadRequest{Name: "foo", Partition: "test"} resp, err := client.PeeringRead(ctx, req) require.Contains(t, err.Error(), "Partitions are a Consul Enterprise feature") require.Nil(t, resp) @@ -31,9 +31,32 @@ func TestPeeringService_RejectsPartition(t *testing.T) { ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) t.Cleanup(cancel) - req := &pbpeering.PeeringListRequest{Partition: "default"} + req := &pbpeering.PeeringListRequest{Partition: "test"} resp, err := client.PeeringList(ctx, req) require.Contains(t, err.Error(), "Partitions are a Consul Enterprise feature") require.Nil(t, resp) }) } + +func TestPeeringService_IgnoresDefaultPartition(t *testing.T) { + s := newTestServer(t, nil) + client := pbpeering.NewPeeringServiceClient(s.ClientConn(t)) + + t.Run("read", func(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + t.Cleanup(cancel) + + req := &pbpeering.PeeringReadRequest{Name: "foo", Partition: "DeFaUlT"} + _, err := client.PeeringRead(ctx, req) + require.NoError(t, err) + }) + + t.Run("list", func(t *testing.T) { + ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second) + t.Cleanup(cancel) + + req := &pbpeering.PeeringListRequest{Partition: "DeFaUlT"} + _, err := client.PeeringList(ctx, req) + require.NoError(t, err) + }) +} diff --git a/agent/rpc/peering/stream_test.go b/agent/rpc/peering/stream_test.go index db42e13749..7c29a63426 100644 --- a/agent/rpc/peering/stream_test.go +++ b/agent/rpc/peering/stream_test.go @@ -990,7 +990,11 @@ func (b *testStreamBackend) DecodeToken([]byte) (*structs.PeeringToken, error) { return nil, nil } -func (b *testStreamBackend) EnterpriseCheckPartitions(partition string) error { +func (b *testStreamBackend) EnterpriseCheckPartitions(_ string) error { + return nil +} + +func (b *testStreamBackend) EnterpriseCheckNamespaces(_ string) error { return nil }