mirror of https://github.com/status-im/consul.git
peering: default to false (#13963)
* defaulting to false because peering will be released as beta * Ignore peering disabled error in bundles cachetype Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> Co-authored-by: freddygv <freddy@hashicorp.com> Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
This commit is contained in:
parent
72b6d69652
commit
988e1fd35d
|
@ -8,6 +8,8 @@ import (
|
||||||
|
|
||||||
"github.com/mitchellh/hashstructure"
|
"github.com/mitchellh/hashstructure"
|
||||||
"google.golang.org/grpc"
|
"google.golang.org/grpc"
|
||||||
|
"google.golang.org/grpc/codes"
|
||||||
|
"google.golang.org/grpc/status"
|
||||||
|
|
||||||
"github.com/hashicorp/consul/agent/cache"
|
"github.com/hashicorp/consul/agent/cache"
|
||||||
external "github.com/hashicorp/consul/agent/grpc-external"
|
external "github.com/hashicorp/consul/agent/grpc-external"
|
||||||
|
@ -87,6 +89,13 @@ func (t *TrustBundles) Fetch(_ cache.FetchOptions, req cache.Request) (cache.Fet
|
||||||
// Fetch
|
// Fetch
|
||||||
reply, err := t.Client.TrustBundleListByService(external.ContextWithToken(context.Background(), reqReal.Token), reqReal.Request)
|
reply, err := t.Client.TrustBundleListByService(external.ContextWithToken(context.Background(), reqReal.Token), reqReal.Request)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
// Return an empty result if the error is due to peering being disabled.
|
||||||
|
// This allows mesh gateways to receive an update and confirm that the watch is set.
|
||||||
|
if e, ok := status.FromError(err); ok && e.Code() == codes.FailedPrecondition {
|
||||||
|
result.Index = 1
|
||||||
|
result.Value = &pbpeering.TrustBundleListByServiceResponse{Index: 1}
|
||||||
|
return result, nil
|
||||||
|
}
|
||||||
return result, err
|
return result, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -7,6 +7,8 @@ import (
|
||||||
|
|
||||||
"github.com/stretchr/testify/mock"
|
"github.com/stretchr/testify/mock"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
"google.golang.org/grpc/codes"
|
||||||
|
grpcstatus "google.golang.org/grpc/status"
|
||||||
|
|
||||||
"github.com/hashicorp/consul/agent/cache"
|
"github.com/hashicorp/consul/agent/cache"
|
||||||
"github.com/hashicorp/consul/proto/pbpeering"
|
"github.com/hashicorp/consul/proto/pbpeering"
|
||||||
|
@ -48,6 +50,29 @@ func TestTrustBundles(t *testing.T) {
|
||||||
}, result)
|
}, result)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestTrustBundles_PeeringDisabled(t *testing.T) {
|
||||||
|
client := NewMockTrustBundleLister(t)
|
||||||
|
typ := &TrustBundles{Client: client}
|
||||||
|
|
||||||
|
var resp *pbpeering.TrustBundleListByServiceResponse
|
||||||
|
|
||||||
|
// Expect the proper call.
|
||||||
|
// This also returns the canned response above.
|
||||||
|
client.On("TrustBundleListByService", mock.Anything, mock.Anything).
|
||||||
|
Return(resp, grpcstatus.Error(codes.FailedPrecondition, "peering must be enabled to use this endpoint"))
|
||||||
|
|
||||||
|
// Fetch and assert against the result.
|
||||||
|
result, err := typ.Fetch(cache.FetchOptions{}, &TrustBundleListRequest{
|
||||||
|
Request: &pbpeering.TrustBundleListByServiceRequest{
|
||||||
|
ServiceName: "foo",
|
||||||
|
},
|
||||||
|
})
|
||||||
|
require.NoError(t, err)
|
||||||
|
require.NotNil(t, result)
|
||||||
|
require.EqualValues(t, 1, result.Index)
|
||||||
|
require.NotNil(t, result.Value)
|
||||||
|
}
|
||||||
|
|
||||||
func TestTrustBundles_badReqType(t *testing.T) {
|
func TestTrustBundles_badReqType(t *testing.T) {
|
||||||
client := pbpeering.NewPeeringServiceClient(nil)
|
client := pbpeering.NewPeeringServiceClient(nil)
|
||||||
typ := &TrustBundles{Client: client}
|
typ := &TrustBundles{Client: client}
|
||||||
|
|
|
@ -104,9 +104,6 @@ func DefaultSource() Source {
|
||||||
kv_max_value_size = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + `
|
kv_max_value_size = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + `
|
||||||
txn_max_req_len = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + `
|
txn_max_req_len = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + `
|
||||||
}
|
}
|
||||||
peering = {
|
|
||||||
enabled = true
|
|
||||||
}
|
|
||||||
performance = {
|
performance = {
|
||||||
leave_drain_time = "5s"
|
leave_drain_time = "5s"
|
||||||
raft_multiplier = ` + strconv.Itoa(int(consul.DefaultRaftMultiplier)) + `
|
raft_multiplier = ` + strconv.Itoa(int(consul.DefaultRaftMultiplier)) + `
|
||||||
|
|
|
@ -5548,16 +5548,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
|
||||||
"tls.grpc was provided but TLS will NOT be enabled on the gRPC listener without an HTTPS listener configured (e.g. via ports.https)",
|
"tls.grpc was provided but TLS will NOT be enabled on the gRPC listener without an HTTPS listener configured (e.g. via ports.https)",
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
run(t, testCase{
|
|
||||||
desc: "peering.enabled defaults to true",
|
|
||||||
args: []string{
|
|
||||||
`-data-dir=` + dataDir,
|
|
||||||
},
|
|
||||||
expected: func(rt *RuntimeConfig) {
|
|
||||||
rt.DataDir = dataDir
|
|
||||||
rt.PeeringEnabled = true
|
|
||||||
},
|
|
||||||
})
|
|
||||||
}
|
}
|
||||||
|
|
||||||
func (tc testCase) run(format string, dataDir string) func(t *testing.T) {
|
func (tc testCase) run(format string, dataDir string) func(t *testing.T) {
|
||||||
|
|
|
@ -517,7 +517,6 @@ func DefaultConfig() *Config {
|
||||||
DefaultQueryTime: 300 * time.Second,
|
DefaultQueryTime: 300 * time.Second,
|
||||||
MaxQueryTime: 600 * time.Second,
|
MaxQueryTime: 600 * time.Second,
|
||||||
|
|
||||||
PeeringEnabled: true,
|
|
||||||
PeeringTestAllowPeerRegistrations: false,
|
PeeringTestAllowPeerRegistrations: false,
|
||||||
|
|
||||||
EnterpriseConfig: DefaultEnterpriseConfig(),
|
EnterpriseConfig: DefaultEnterpriseConfig(),
|
||||||
|
|
|
@ -179,6 +179,7 @@ func testServerConfig(t *testing.T) (string, *Config) {
|
||||||
"IntermediateCertTTL": "288h",
|
"IntermediateCertTTL": "288h",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
config.PeeringEnabled = true
|
||||||
return dir, config
|
return dir, config
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1283,6 +1283,7 @@ func newTestServer(t *testing.T, cb func(conf *consul.Config)) testingServer {
|
||||||
|
|
||||||
ports := freeport.GetN(t, 4) // {rpc, serf_lan, serf_wan, grpc}
|
ports := freeport.GetN(t, 4) // {rpc, serf_lan, serf_wan, grpc}
|
||||||
|
|
||||||
|
conf.PeeringEnabled = true
|
||||||
conf.Bootstrap = true
|
conf.Bootstrap = true
|
||||||
conf.Datacenter = "dc1"
|
conf.Datacenter = "dc1"
|
||||||
conf.DataDir = dir
|
conf.DataDir = dir
|
||||||
|
|
|
@ -138,6 +138,9 @@ func TestConfigHCL(nodeID string) string {
|
||||||
}
|
}
|
||||||
performance {
|
performance {
|
||||||
raft_multiplier = 1
|
raft_multiplier = 1
|
||||||
|
}
|
||||||
|
peering {
|
||||||
|
enabled = true
|
||||||
}`, nodeID, connect.TestClusterID,
|
}`, nodeID, connect.TestClusterID,
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
|
@ -105,6 +105,7 @@ type TestServerConfig struct {
|
||||||
Connect map[string]interface{} `json:"connect,omitempty"`
|
Connect map[string]interface{} `json:"connect,omitempty"`
|
||||||
EnableDebug bool `json:"enable_debug,omitempty"`
|
EnableDebug bool `json:"enable_debug,omitempty"`
|
||||||
SkipLeaveOnInt bool `json:"skip_leave_on_interrupt"`
|
SkipLeaveOnInt bool `json:"skip_leave_on_interrupt"`
|
||||||
|
Peering *TestPeeringConfig `json:"peering,omitempty"`
|
||||||
ReadyTimeout time.Duration `json:"-"`
|
ReadyTimeout time.Duration `json:"-"`
|
||||||
StopTimeout time.Duration `json:"-"`
|
StopTimeout time.Duration `json:"-"`
|
||||||
Stdout io.Writer `json:"-"`
|
Stdout io.Writer `json:"-"`
|
||||||
|
@ -139,6 +140,10 @@ type TestTokens struct {
|
||||||
AgentRecovery string `json:"agent_master,omitempty"`
|
AgentRecovery string `json:"agent_master,omitempty"`
|
||||||
}
|
}
|
||||||
|
|
||||||
|
type TestPeeringConfig struct {
|
||||||
|
Enabled bool `json:"enabled,omitempty"`
|
||||||
|
}
|
||||||
|
|
||||||
// ServerConfigCallback is a function interface which can be
|
// ServerConfigCallback is a function interface which can be
|
||||||
// passed to NewTestServerConfig to modify the server config.
|
// passed to NewTestServerConfig to modify the server config.
|
||||||
type ServerConfigCallback func(c *TestServerConfig)
|
type ServerConfigCallback func(c *TestServerConfig)
|
||||||
|
@ -192,8 +197,9 @@ func defaultServerConfig(t TestingTB) *TestServerConfig {
|
||||||
ReturnPorts: func() {
|
ReturnPorts: func() {
|
||||||
freeport.Return(ports)
|
freeport.Return(ports)
|
||||||
},
|
},
|
||||||
Stdout: logBuffer,
|
Stdout: logBuffer,
|
||||||
Stderr: logBuffer,
|
Stderr: logBuffer,
|
||||||
|
Peering: &TestPeeringConfig{Enabled: true},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,2 +1,5 @@
|
||||||
primary_datacenter = "alpha"
|
primary_datacenter = "alpha"
|
||||||
log_level = "trace"
|
log_level = "trace"
|
||||||
|
peering {
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
peering {
|
||||||
|
enabled = true
|
||||||
|
}
|
|
@ -1,2 +1,5 @@
|
||||||
primary_datacenter = "alpha"
|
primary_datacenter = "alpha"
|
||||||
log_level = "trace"
|
log_level = "trace"
|
||||||
|
peering {
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
peering {
|
||||||
|
enabled = true
|
||||||
|
}
|
|
@ -1,2 +1,5 @@
|
||||||
primary_datacenter = "alpha"
|
primary_datacenter = "alpha"
|
||||||
log_level = "trace"
|
log_level = "trace"
|
||||||
|
peering {
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
peering {
|
||||||
|
enabled = true
|
||||||
|
}
|
|
@ -1,2 +1,5 @@
|
||||||
primary_datacenter = "alpha"
|
primary_datacenter = "alpha"
|
||||||
log_level = "trace"
|
log_level = "trace"
|
||||||
|
peering {
|
||||||
|
enabled = true
|
||||||
|
}
|
||||||
|
|
|
@ -0,0 +1,3 @@
|
||||||
|
peering {
|
||||||
|
enabled = true
|
||||||
|
}
|
|
@ -555,7 +555,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
||||||
|
|
||||||
The following sub-keys are available:
|
The following sub-keys are available:
|
||||||
|
|
||||||
- `enabled` ((#peering_enabled)) (Defaults to `true`) Controls whether cluster peering is enabled.
|
- `enabled` ((#peering_enabled)) (Defaults to `false`) Controls whether cluster peering is enabled.
|
||||||
When disabled, the UI won't show peering, all peering APIs will return
|
When disabled, the UI won't show peering, all peering APIs will return
|
||||||
an error, any peerings stored in Consul already will be ignored (but they will not be deleted),
|
an error, any peerings stored in Consul already will be ignored (but they will not be deleted),
|
||||||
and all peering connections from other clusters will be rejected. This was added in Consul 1.13.0.
|
and all peering connections from other clusters will be rejected. This was added in Consul 1.13.0.
|
||||||
|
|
Loading…
Reference in New Issue