diff --git a/.changelog/15001.txt b/.changelog/15001.txt new file mode 100644 index 0000000000..18d658547e --- /dev/null +++ b/.changelog/15001.txt @@ -0,0 +1,4 @@ +```release-note:improvement +ingress-gateways: Don't log error when gateway is registered without a config entry +``` + diff --git a/agent/proxycfg/ingress_gateway.go b/agent/proxycfg/ingress_gateway.go index a6549af009..b6c1cd6e02 100644 --- a/agent/proxycfg/ingress_gateway.go +++ b/agent/proxycfg/ingress_gateway.go @@ -91,6 +91,9 @@ func (s *handlerIngressGateway) handleUpdate(ctx context.Context, u UpdateEvent, if !ok { return fmt.Errorf("invalid type for response: %T", u.Result) } + if resp.Entry == nil { + return nil + } gatewayConf, ok := resp.Entry.(*structs.IngressGatewayConfigEntry) if !ok { return fmt.Errorf("invalid type for config entry: %T", resp.Entry) diff --git a/agent/proxycfg/testing_ingress_gateway.go b/agent/proxycfg/testing_ingress_gateway.go index bf471051af..f2f5ab67f7 100644 --- a/agent/proxycfg/testing_ingress_gateway.go +++ b/agent/proxycfg/testing_ingress_gateway.go @@ -102,6 +102,47 @@ func TestConfigSnapshotIngressGateway( }, nsFn, nil, testSpliceEvents(baseEvents, extraUpdates)) } +// TestConfigSnapshotIngressGateway_NilConfigEntry is used to test when +// the update event for the config entry returns nil +// since this always happens on the first watch if it doesn't exist. +func TestConfigSnapshotIngressGateway_NilConfigEntry( + t testing.T, +) *ConfigSnapshot { + roots, placeholderLeaf := TestCerts(t) + + baseEvents := []UpdateEvent{ + { + CorrelationID: rootsWatchID, + Result: roots, + }, + { + CorrelationID: gatewayConfigWatchID, + Result: &structs.ConfigEntryResponse{ + Entry: nil, // The first watch on a config entry will return nil if the config entry doesn't exist. + }, + }, + { + CorrelationID: leafWatchID, + Result: placeholderLeaf, + }, + { + CorrelationID: gatewayServicesWatchID, + Result: &structs.IndexedGatewayServices{ + Services: nil, + }, + }, + } + + return testConfigSnapshotFixture(t, &structs.NodeService{ + Kind: structs.ServiceKindIngressGateway, + Service: "ingress-gateway", + Port: 9999, + Address: "1.2.3.4", + Meta: nil, + TaggedAddresses: nil, + }, nil, nil, testSpliceEvents(baseEvents, nil)) +} + func TestConfigSnapshotIngressGatewaySDS_GatewayLevel_MixedTLS(t testing.T) *ConfigSnapshot { secureUID := UpstreamIDFromString("secure") secureChain := discoverychain.TestCompileConfigEntries( diff --git a/agent/xds/clusters_test.go b/agent/xds/clusters_test.go index b9355b44de..f8cde23edb 100644 --- a/agent/xds/clusters_test.go +++ b/agent/xds/clusters_test.go @@ -430,6 +430,12 @@ func TestClustersFromSnapshot(t *testing.T) { "default", nil, nil, nil) }, }, + { + name: "ingress-gateway-nil-config-entry", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t) + }, + }, { name: "ingress-gateway-with-tls-outgoing-min-version", create: func(t testinf.T) *proxycfg.ConfigSnapshot { diff --git a/agent/xds/endpoints_test.go b/agent/xds/endpoints_test.go index 432ecfa2c6..725fff00f6 100644 --- a/agent/xds/endpoints_test.go +++ b/agent/xds/endpoints_test.go @@ -368,6 +368,12 @@ func TestEndpointsFromSnapshot(t *testing.T) { "default", nil, nil, nil) }, }, + { + name: "ingress-gateway-nil-config-entry", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t) + }, + }, { name: "ingress-gateway-no-services", create: func(t testinf.T) *proxycfg.ConfigSnapshot { diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go index ed9dca5a9f..5cff623bb3 100644 --- a/agent/xds/listeners_test.go +++ b/agent/xds/listeners_test.go @@ -532,6 +532,12 @@ func TestListenersFromSnapshot(t *testing.T) { return proxycfg.TestConfigSnapshotIngressGateway(t, true, "tcp", "default", nil, nil, nil) }, }, + { + name: "ingress-gateway-nil-config-entry", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t) + }, + }, { name: "ingress-gateway-bind-addrs", create: func(t testinf.T) *proxycfg.ConfigSnapshot { diff --git a/agent/xds/routes_test.go b/agent/xds/routes_test.go index f4b6a75f9e..c9aaf612f2 100644 --- a/agent/xds/routes_test.go +++ b/agent/xds/routes_test.go @@ -82,6 +82,12 @@ func TestRoutesFromSnapshot(t *testing.T) { }, // TODO(rb): test match stanza skipped for grpc // Start ingress gateway test cases + { + name: "ingress-config-entry-nil", + create: func(t testinf.T) *proxycfg.ConfigSnapshot { + return proxycfg.TestConfigSnapshotIngressGateway_NilConfigEntry(t) + }, + }, { name: "ingress-defaults-no-chain", create: func(t testinf.T) *proxycfg.ConfigSnapshot { diff --git a/agent/xds/testdata/clusters/ingress-gateway-nil-config-entry.latest.golden b/agent/xds/testdata/clusters/ingress-gateway-nil-config-entry.latest.golden new file mode 100644 index 0000000000..cd8f56517e --- /dev/null +++ b/agent/xds/testdata/clusters/ingress-gateway-nil-config-entry.latest.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.cluster.v3.Cluster", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/endpoints/ingress-gateway-nil-config-entry.latest.golden b/agent/xds/testdata/endpoints/ingress-gateway-nil-config-entry.latest.golden new file mode 100644 index 0000000000..8504dae2b8 --- /dev/null +++ b/agent/xds/testdata/endpoints/ingress-gateway-nil-config-entry.latest.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.endpoint.v3.ClusterLoadAssignment", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/listeners/ingress-gateway-nil-config-entry.latest.golden b/agent/xds/testdata/listeners/ingress-gateway-nil-config-entry.latest.golden new file mode 100644 index 0000000000..53b67bb373 --- /dev/null +++ b/agent/xds/testdata/listeners/ingress-gateway-nil-config-entry.latest.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.listener.v3.Listener", + "nonce": "00000001" +} \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-config-entry-nil.latest.golden b/agent/xds/testdata/routes/ingress-config-entry-nil.latest.golden new file mode 100644 index 0000000000..9c050cbe6b --- /dev/null +++ b/agent/xds/testdata/routes/ingress-config-entry-nil.latest.golden @@ -0,0 +1,5 @@ +{ + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" +} \ No newline at end of file