[API Gateway] Fix trust domain for external peered services in synthesis code (#17609)

* [API Gateway] Fix trust domain for external peered services in synthesis code

* Add changelog
This commit is contained in:
Andrew Stucki 2023-06-08 12:18:17 -04:00 committed by GitHub
parent 779647b948
commit 9a4f503b2b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 16 additions and 3 deletions

4
.changelog/17609.txt Normal file
View File

@ -0,0 +1,4 @@
```release-note:bug
gateways: Fixed a bug in API gateways where binding a route that only targets a service imported from a peer results
in the programmed gateway having no routes.
```

View File

@ -741,14 +741,23 @@ type configSnapshotAPIGateway struct {
func (c *configSnapshotAPIGateway) synthesizeChains(datacenter string, listener structs.APIGatewayListener, boundListener structs.BoundAPIGatewayListener) ([]structs.IngressService, structs.Upstreams, []*structs.CompiledDiscoveryChain, error) {
chains := []*structs.CompiledDiscoveryChain{}
trustDomain := ""
// We leverage the test trust domain knowing
// that the domain will get overridden if
// there is a target to something other than an
// external/peered service. If the below
// code doesn't get a trust domain due to all the
// targets being external, the chain will
// have the domain munged anyway during synthesis.
trustDomain := connect.TestTrustDomain
DOMAIN_LOOP:
for _, chain := range c.DiscoveryChain {
for _, target := range chain.Targets {
if !target.External {
trustDomain = connect.TrustDomainForTarget(*target)
if trustDomain != "" {
domain := connect.TrustDomainForTarget(*target)
if domain != "" {
trustDomain = domain
break DOMAIN_LOOP
}
}