mirror of https://github.com/status-im/consul.git
Account for partition in SNI for gateways
This commit is contained in:
parent
110fae820a
commit
935112a47a
|
@ -24,8 +24,17 @@ func UpstreamSNI(u *structs.Upstream, subset string, dc string, trustDomain stri
|
|||
return ServiceSNI(u.DestinationName, subset, u.DestinationNamespace, u.DestinationPartition, dc, trustDomain)
|
||||
}
|
||||
|
||||
func DatacenterSNI(dc string, trustDomain string) string {
|
||||
return fmt.Sprintf("%s.internal.%s", dc, trustDomain)
|
||||
func GatewaySNI(dc string, partition, trustDomain string) string {
|
||||
if partition == "" {
|
||||
partition = "default"
|
||||
}
|
||||
|
||||
switch partition {
|
||||
case "default":
|
||||
return dotJoin(dc, internal, trustDomain)
|
||||
default:
|
||||
return dotJoin(partition, dc, internalVersion, trustDomain)
|
||||
}
|
||||
}
|
||||
|
||||
func ServiceSNI(service string, subset string, namespace string, partition string, datacenter string, trustDomain string) string {
|
||||
|
|
|
@ -95,9 +95,39 @@ func TestUpstreamSNI(t *testing.T) {
|
|||
})
|
||||
}
|
||||
|
||||
func TestDatacenterSNI(t *testing.T) {
|
||||
require.Equal(t, "foo."+testTrustDomainSuffix1, DatacenterSNI("foo", testTrustDomain1))
|
||||
require.Equal(t, "bar."+testTrustDomainSuffix2, DatacenterSNI("bar", testTrustDomain2))
|
||||
func TestGatewaySNI(t *testing.T) {
|
||||
type testCase struct {
|
||||
name string
|
||||
dc string
|
||||
trustDomain string
|
||||
expect string
|
||||
}
|
||||
|
||||
run := func(t *testing.T, tc testCase) {
|
||||
got := GatewaySNI(tc.dc, "", tc.trustDomain)
|
||||
require.Equal(t, tc.expect, got)
|
||||
}
|
||||
|
||||
cases := []testCase{
|
||||
{
|
||||
name: "foo in domain1",
|
||||
dc: "foo",
|
||||
trustDomain: "domain1",
|
||||
expect: "foo.internal.domain1",
|
||||
},
|
||||
{
|
||||
name: "bar in domain2",
|
||||
dc: "bar",
|
||||
trustDomain: "domain2",
|
||||
expect: "bar.internal.domain2",
|
||||
},
|
||||
}
|
||||
|
||||
for _, c := range cases {
|
||||
t.Run(c.name, func(t *testing.T) {
|
||||
run(t, c)
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
func TestServiceSNI(t *testing.T) {
|
||||
|
|
|
@ -214,7 +214,7 @@ func (s *ResourceGenerator) clustersFromSnapshotMeshGateway(cfgSnap *proxycfg.Co
|
|||
}
|
||||
|
||||
opts := gatewayClusterOpts{
|
||||
name: connect.DatacenterSNI(key.Datacenter, cfgSnap.Roots.TrustDomain),
|
||||
name: connect.GatewaySNI(key.Datacenter, key.Partition, cfgSnap.Roots.TrustDomain),
|
||||
hostnameEndpoints: cfgSnap.MeshGateway.HostnameDatacenters[key.String()],
|
||||
isRemote: key.Datacenter != cfgSnap.Datacenter,
|
||||
}
|
||||
|
|
|
@ -130,7 +130,7 @@ func (s *ResourceGenerator) endpointsFromSnapshotMeshGateway(cfgSnap *proxycfg.C
|
|||
}
|
||||
|
||||
{ // standard connect
|
||||
clusterName := connect.DatacenterSNI(key.Datacenter, cfgSnap.Roots.TrustDomain)
|
||||
clusterName := connect.GatewaySNI(key.Datacenter, key.Partition, cfgSnap.Roots.TrustDomain)
|
||||
|
||||
la := makeLoadAssignment(
|
||||
clusterName,
|
||||
|
|
|
@ -1142,7 +1142,7 @@ func (s *ResourceGenerator) makeMeshGatewayListener(name, addr string, port int,
|
|||
if key.Datacenter == cfgSnap.Datacenter {
|
||||
continue // skip local
|
||||
}
|
||||
clusterName := connect.DatacenterSNI(key.Datacenter, cfgSnap.Roots.TrustDomain)
|
||||
clusterName := connect.GatewaySNI(key.Datacenter, key.Partition, cfgSnap.Roots.TrustDomain)
|
||||
filterName := fmt.Sprintf("%s.%s", name, key.String())
|
||||
dcTCPProxy, err := makeTCPProxyFilter(filterName, clusterName, "mesh_gateway_remote.")
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in New Issue