Account for partition in SNI for gateways

This commit is contained in:
freddygv 2021-10-24 09:16:28 -06:00
parent 110fae820a
commit 935112a47a
5 changed files with 47 additions and 8 deletions

View File

@ -24,8 +24,17 @@ func UpstreamSNI(u *structs.Upstream, subset string, dc string, trustDomain stri
return ServiceSNI(u.DestinationName, subset, u.DestinationNamespace, u.DestinationPartition, dc, trustDomain)
}
func DatacenterSNI(dc string, trustDomain string) string {
return fmt.Sprintf("%s.internal.%s", dc, trustDomain)
func GatewaySNI(dc string, partition, trustDomain string) string {
if partition == "" {
partition = "default"
}
switch partition {
case "default":
return dotJoin(dc, internal, trustDomain)
default:
return dotJoin(partition, dc, internalVersion, trustDomain)
}
}
func ServiceSNI(service string, subset string, namespace string, partition string, datacenter string, trustDomain string) string {

View File

@ -95,9 +95,39 @@ func TestUpstreamSNI(t *testing.T) {
})
}
func TestDatacenterSNI(t *testing.T) {
require.Equal(t, "foo."+testTrustDomainSuffix1, DatacenterSNI("foo", testTrustDomain1))
require.Equal(t, "bar."+testTrustDomainSuffix2, DatacenterSNI("bar", testTrustDomain2))
func TestGatewaySNI(t *testing.T) {
type testCase struct {
name string
dc string
trustDomain string
expect string
}
run := func(t *testing.T, tc testCase) {
got := GatewaySNI(tc.dc, "", tc.trustDomain)
require.Equal(t, tc.expect, got)
}
cases := []testCase{
{
name: "foo in domain1",
dc: "foo",
trustDomain: "domain1",
expect: "foo.internal.domain1",
},
{
name: "bar in domain2",
dc: "bar",
trustDomain: "domain2",
expect: "bar.internal.domain2",
},
}
for _, c := range cases {
t.Run(c.name, func(t *testing.T) {
run(t, c)
})
}
}
func TestServiceSNI(t *testing.T) {

View File

@ -214,7 +214,7 @@ func (s *ResourceGenerator) clustersFromSnapshotMeshGateway(cfgSnap *proxycfg.Co
}
opts := gatewayClusterOpts{
name: connect.DatacenterSNI(key.Datacenter, cfgSnap.Roots.TrustDomain),
name: connect.GatewaySNI(key.Datacenter, key.Partition, cfgSnap.Roots.TrustDomain),
hostnameEndpoints: cfgSnap.MeshGateway.HostnameDatacenters[key.String()],
isRemote: key.Datacenter != cfgSnap.Datacenter,
}

View File

@ -130,7 +130,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C
}
{ // standard connect
clusterName := connect.DatacenterSNI(key.Datacenter, cfgSnap.Roots.TrustDomain)
clusterName := connect.GatewaySNI(key.Datacenter, key.Partition, cfgSnap.Roots.TrustDomain)
la := makeLoadAssignment(
clusterName,

View File

@ -1142,7 +1142,7 @@ func (s *ResourceGenerator) makeMeshGatewayListener(name, addr string, port int,
if key.Datacenter == cfgSnap.Datacenter {
continue // skip local
}
clusterName := connect.DatacenterSNI(key.Datacenter, cfgSnap.Roots.TrustDomain)
clusterName := connect.GatewaySNI(key.Datacenter, key.Partition, cfgSnap.Roots.TrustDomain)
filterName := fmt.Sprintf("%s.%s", name, key.String())
dcTCPProxy, err := makeTCPProxyFilter(filterName, clusterName, "mesh_gateway_remote.")
if err != nil {