Merge pull request #11680 from hashicorp/ap/partition-exports-oss

.changelog/11680.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+server: block enterprise-specific partition-exports config entry from being used in OSS Consul.
+```

agent/consul/config_replication_test.go

@@ -92,107 +92,6 @@ func TestReplication_ConfigSort(t *testing.T) {
 	}
 }
 
-func TestReplication_DisallowedConfigEntries(t *testing.T) {
-	if testing.Short() {
-		t.Skip("too slow for testing.Short")
-	}
-
-	dir1, s1 := testServerWithConfig(t, func(c *Config) {
-		c.PrimaryDatacenter = "dc1"
-	})
-	defer os.RemoveAll(dir1)
-	defer s1.Shutdown()
-	testrpc.WaitForLeader(t, s1.RPC, "dc1")
-	client := rpcClient(t, s1)
-	defer client.Close()
-
-	dir2, s2 := testServerWithConfig(t, func(c *Config) {
-		c.Datacenter = "dc2"
-		c.PrimaryDatacenter = "dc1"
-		c.ConfigReplicationRate = 100
-		c.ConfigReplicationBurst = 100
-		c.ConfigReplicationApplyLimit = 1000000
-	})
-	testrpc.WaitForLeader(t, s2.RPC, "dc2")
-	defer os.RemoveAll(dir2)
-	defer s2.Shutdown()
-
-	// Try to join.
-	joinWAN(t, s2, s1)
-	testrpc.WaitForLeader(t, s1.RPC, "dc1")
-	testrpc.WaitForLeader(t, s1.RPC, "dc2")
-
-	args := []structs.ConfigEntryRequest{
-		{
-			Datacenter: "dc1",
-			Op:         structs.ConfigEntryUpsert,
-			Entry: &structs.ServiceConfigEntry{
-				Kind:     structs.ServiceDefaults,
-				Name:     "foo",
-				Protocol: "http2",
-			},
-		},
-		{
-			Datacenter: "dc1",
-			Op:         structs.ConfigEntryUpsert,
-			Entry: &structs.PartitionExportsConfigEntry{
-				Name: "default",
-				Services: []structs.ExportedService{
-					{
-						Name: structs.WildcardSpecifier,
-						Consumers: []structs.ServiceConsumer{
-							{
-								Partition: "non-default",
-							},
-						},
-					},
-				},
-			},
-		},
-		{
-			Datacenter: "dc1",
-			Op:         structs.ConfigEntryUpsert,
-			Entry: &structs.ProxyConfigEntry{
-				Kind: structs.ProxyDefaults,
-				Name: "global",
-				Config: map[string]interface{}{
-					"Protocol": "http",
-				},
-			},
-		},
-		{
-			Datacenter: "dc1",
-			Op:         structs.ConfigEntryUpsert,
-			Entry: &structs.MeshConfigEntry{
-				TransparentProxy: structs.TransparentProxyMeshConfig{
-					MeshDestinationsOnly: true,
-				},
-			},
-		},
-	}
-	for _, arg := range args {
-		out := false
-		require.NoError(t, s1.RPC("ConfigEntry.Apply", &arg, &out))
-	}
-
-	retry.Run(t, func(r *retry.R) {
-		_, local, err := s2.fsm.State().ConfigEntries(nil, structs.ReplicationEnterpriseMeta())
-		require.NoError(r, err)
-		require.Len(r, local, 3)
-
-		localKinds := make([]string, 0)
-		for _, entry := range local {
-			localKinds = append(localKinds, entry.GetKind())
-		}
-
-		// Should have all inserted kinds except for partition-exports.
-		expectKinds := []string{
-			structs.ProxyDefaults, structs.ServiceDefaults, structs.MeshConfig,
-		}
-		require.ElementsMatch(r, expectKinds, localKinds)
-	})
-}
-
 func TestReplication_ConfigEntries(t *testing.T) {
 	if testing.Short() {
 		t.Skip("too slow for testing.Short")

agent/structs/config_entry_exports.go

@@ -113,7 +113,12 @@ func (e *PartitionExportsConfigEntry) Validate() error {
 		return fmt.Errorf("partition-exports Name must be the name of a partition, and not a wildcard")
 	}
 
-	validationErr := validateConfigEntryMeta(e.Meta)
+	if err := requireEnterprise(e.GetKind()); err != nil {
+		return err
+	}
+	if err := validateConfigEntryMeta(e.Meta); err != nil {
+		return err
+	}
 
 	for _, svc := range e.Services {
 		if svc.Name == "" {
@@ -128,8 +133,7 @@ func (e *PartitionExportsConfigEntry) Validate() error {
 			}
 		}
 	}
-
-	return validationErr
+	return nil
 }
 
 func (e *PartitionExportsConfigEntry) CanRead(authz acl.Authorizer) bool {

agent/structs/config_entry_oss.go

@@ -35,3 +35,7 @@ func validateUnusedKeys(unused []string) error {
 func validateInnerEnterpriseMeta(_, _ *EnterpriseMeta) error {
 	return nil
 }
+
+func requireEnterprise(kind string) error {
+	return fmt.Errorf("Config entry kind %q requires Consul Enterprise", kind)
+}