peering: default to false (#13963)

* defaulting to false because peering will be released as beta
* Ignore peering disabled error in bundles cachetype

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
This commit is contained in:
Luke Kysow 2022-08-01 12:22:36 -07:00 committed by GitHub
parent 72b6d69652
commit 988e1fd35d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 72 additions and 17 deletions

View File

@ -8,6 +8,8 @@ import (
"github.com/mitchellh/hashstructure" "github.com/mitchellh/hashstructure"
"google.golang.org/grpc" "google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/cache"
external "github.com/hashicorp/consul/agent/grpc-external" external "github.com/hashicorp/consul/agent/grpc-external"
@ -87,6 +89,13 @@ func (t *TrustBundles) Fetch(_ cache.FetchOptions, req cache.Request) (cache.Fet
// Fetch // Fetch
reply, err := t.Client.TrustBundleListByService(external.ContextWithToken(context.Background(), reqReal.Token), reqReal.Request) reply, err := t.Client.TrustBundleListByService(external.ContextWithToken(context.Background(), reqReal.Token), reqReal.Request)
if err != nil { if err != nil {
// Return an empty result if the error is due to peering being disabled.
// This allows mesh gateways to receive an update and confirm that the watch is set.
if e, ok := status.FromError(err); ok && e.Code() == codes.FailedPrecondition {
result.Index = 1
result.Value = &pbpeering.TrustBundleListByServiceResponse{Index: 1}
return result, nil
}
return result, err return result, err
} }

View File

@ -7,6 +7,8 @@ import (
"github.com/stretchr/testify/mock" "github.com/stretchr/testify/mock"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"google.golang.org/grpc/codes"
grpcstatus "google.golang.org/grpc/status"
"github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/cache"
"github.com/hashicorp/consul/proto/pbpeering" "github.com/hashicorp/consul/proto/pbpeering"
@ -48,6 +50,29 @@ func TestTrustBundles(t *testing.T) {
}, result) }, result)
} }
func TestTrustBundles_PeeringDisabled(t *testing.T) {
client := NewMockTrustBundleLister(t)
typ := &TrustBundles{Client: client}
var resp *pbpeering.TrustBundleListByServiceResponse
// Expect the proper call.
// This also returns the canned response above.
client.On("TrustBundleListByService", mock.Anything, mock.Anything).
Return(resp, grpcstatus.Error(codes.FailedPrecondition, "peering must be enabled to use this endpoint"))
// Fetch and assert against the result.
result, err := typ.Fetch(cache.FetchOptions{}, &TrustBundleListRequest{
Request: &pbpeering.TrustBundleListByServiceRequest{
ServiceName: "foo",
},
})
require.NoError(t, err)
require.NotNil(t, result)
require.EqualValues(t, 1, result.Index)
require.NotNil(t, result.Value)
}
func TestTrustBundles_badReqType(t *testing.T) { func TestTrustBundles_badReqType(t *testing.T) {
client := pbpeering.NewPeeringServiceClient(nil) client := pbpeering.NewPeeringServiceClient(nil)
typ := &TrustBundles{Client: client} typ := &TrustBundles{Client: client}

View File

@ -104,9 +104,6 @@ func DefaultSource() Source {
kv_max_value_size = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + ` kv_max_value_size = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + `
txn_max_req_len = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + ` txn_max_req_len = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + `
} }
peering = {
enabled = true
}
performance = { performance = {
leave_drain_time = "5s" leave_drain_time = "5s"
raft_multiplier = ` + strconv.Itoa(int(consul.DefaultRaftMultiplier)) + ` raft_multiplier = ` + strconv.Itoa(int(consul.DefaultRaftMultiplier)) + `

View File

@ -5548,16 +5548,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
"tls.grpc was provided but TLS will NOT be enabled on the gRPC listener without an HTTPS listener configured (e.g. via ports.https)", "tls.grpc was provided but TLS will NOT be enabled on the gRPC listener without an HTTPS listener configured (e.g. via ports.https)",
}, },
}) })
run(t, testCase{
desc: "peering.enabled defaults to true",
args: []string{
`-data-dir=` + dataDir,
},
expected: func(rt *RuntimeConfig) {
rt.DataDir = dataDir
rt.PeeringEnabled = true
},
})
} }
func (tc testCase) run(format string, dataDir string) func(t *testing.T) { func (tc testCase) run(format string, dataDir string) func(t *testing.T) {

View File

@ -517,7 +517,6 @@ func DefaultConfig() *Config {
DefaultQueryTime: 300 * time.Second, DefaultQueryTime: 300 * time.Second,
MaxQueryTime: 600 * time.Second, MaxQueryTime: 600 * time.Second,
PeeringEnabled: true,
PeeringTestAllowPeerRegistrations: false, PeeringTestAllowPeerRegistrations: false,
EnterpriseConfig: DefaultEnterpriseConfig(), EnterpriseConfig: DefaultEnterpriseConfig(),

View File

@ -179,6 +179,7 @@ func testServerConfig(t *testing.T) (string, *Config) {
"IntermediateCertTTL": "288h", "IntermediateCertTTL": "288h",
}, },
} }
config.PeeringEnabled = true
return dir, config return dir, config
} }

View File

@ -1283,6 +1283,7 @@ func newTestServer(t *testing.T, cb func(conf *consul.Config)) testingServer {
ports := freeport.GetN(t, 4) // {rpc, serf_lan, serf_wan, grpc} ports := freeport.GetN(t, 4) // {rpc, serf_lan, serf_wan, grpc}
conf.PeeringEnabled = true
conf.Bootstrap = true conf.Bootstrap = true
conf.Datacenter = "dc1" conf.Datacenter = "dc1"
conf.DataDir = dir conf.DataDir = dir

View File

@ -138,6 +138,9 @@ func TestConfigHCL(nodeID string) string {
} }
performance { performance {
raft_multiplier = 1 raft_multiplier = 1
}
peering {
enabled = true
}`, nodeID, connect.TestClusterID, }`, nodeID, connect.TestClusterID,
) )
} }

View File

@ -105,6 +105,7 @@ type TestServerConfig struct {
Connect map[string]interface{} `json:"connect,omitempty"` Connect map[string]interface{} `json:"connect,omitempty"`
EnableDebug bool `json:"enable_debug,omitempty"` EnableDebug bool `json:"enable_debug,omitempty"`
SkipLeaveOnInt bool `json:"skip_leave_on_interrupt"` SkipLeaveOnInt bool `json:"skip_leave_on_interrupt"`
Peering *TestPeeringConfig `json:"peering,omitempty"`
ReadyTimeout time.Duration `json:"-"` ReadyTimeout time.Duration `json:"-"`
StopTimeout time.Duration `json:"-"` StopTimeout time.Duration `json:"-"`
Stdout io.Writer `json:"-"` Stdout io.Writer `json:"-"`
@ -139,6 +140,10 @@ type TestTokens struct {
AgentRecovery string `json:"agent_master,omitempty"` AgentRecovery string `json:"agent_master,omitempty"`
} }
type TestPeeringConfig struct {
Enabled bool `json:"enabled,omitempty"`
}
// ServerConfigCallback is a function interface which can be // ServerConfigCallback is a function interface which can be
// passed to NewTestServerConfig to modify the server config. // passed to NewTestServerConfig to modify the server config.
type ServerConfigCallback func(c *TestServerConfig) type ServerConfigCallback func(c *TestServerConfig)
@ -192,8 +197,9 @@ func defaultServerConfig(t TestingTB) *TestServerConfig {
ReturnPorts: func() { ReturnPorts: func() {
freeport.Return(ports) freeport.Return(ports)
}, },
Stdout: logBuffer, Stdout: logBuffer,
Stderr: logBuffer, Stderr: logBuffer,
Peering: &TestPeeringConfig{Enabled: true},
} }
} }

View File

@ -1,2 +1,5 @@
primary_datacenter = "alpha" primary_datacenter = "alpha"
log_level = "trace" log_level = "trace"
peering {
enabled = true
}

View File

@ -0,0 +1,3 @@
peering {
enabled = true
}

View File

@ -1,2 +1,5 @@
primary_datacenter = "alpha" primary_datacenter = "alpha"
log_level = "trace" log_level = "trace"
peering {
enabled = true
}

View File

@ -0,0 +1,3 @@
peering {
enabled = true
}

View File

@ -1,2 +1,5 @@
primary_datacenter = "alpha" primary_datacenter = "alpha"
log_level = "trace" log_level = "trace"
peering {
enabled = true
}

View File

@ -0,0 +1,3 @@
peering {
enabled = true
}

View File

@ -1,2 +1,5 @@
primary_datacenter = "alpha" primary_datacenter = "alpha"
log_level = "trace" log_level = "trace"
peering {
enabled = true
}

View File

@ -0,0 +1,3 @@
peering {
enabled = true
}

View File

@ -555,7 +555,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
The following sub-keys are available: The following sub-keys are available:
- `enabled` ((#peering_enabled)) (Defaults to `true`) Controls whether cluster peering is enabled. - `enabled` ((#peering_enabled)) (Defaults to `false`) Controls whether cluster peering is enabled.
When disabled, the UI won't show peering, all peering APIs will return When disabled, the UI won't show peering, all peering APIs will return
an error, any peerings stored in Consul already will be ignored (but they will not be deleted), an error, any peerings stored in Consul already will be ignored (but they will not be deleted),
and all peering connections from other clusters will be rejected. This was added in Consul 1.13.0. and all peering connections from other clusters will be rejected. This was added in Consul 1.13.0.