syncing changes back from enterprise (#12701)
This commit is contained in:
parent
9d67f34614
commit
12523197f9
|
@ -19,6 +19,8 @@ type policyRulesMergeContext struct {
|
||||||
servicePrefixRules map[string]*ServiceRule
|
servicePrefixRules map[string]*ServiceRule
|
||||||
sessionRules map[string]*SessionRule
|
sessionRules map[string]*SessionRule
|
||||||
sessionPrefixRules map[string]*SessionRule
|
sessionPrefixRules map[string]*SessionRule
|
||||||
|
// namespaceRule is an enterprise-only field
|
||||||
|
namespaceRule string
|
||||||
}
|
}
|
||||||
|
|
||||||
func (p *policyRulesMergeContext) init() {
|
func (p *policyRulesMergeContext) init() {
|
||||||
|
|
|
@ -47,9 +47,9 @@ func (m *delegateMock) RemoveFailedNode(node string, prune bool, entMeta *struct
|
||||||
return m.Called(node, prune, entMeta).Error(0)
|
return m.Called(node, prune, entMeta).Error(0)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *delegateMock) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error) {
|
func (m *delegateMock) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) {
|
||||||
ret := m.Called(token, entMeta, authzContext)
|
ret := m.Called(token, entMeta, authzContext)
|
||||||
return ret.Get(0).(acl.Authorizer), ret.Error(1)
|
return ret.Get(0).(consul.ACLResolveResult), ret.Error(1)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (m *delegateMock) RPC(method string, args interface{}, reply interface{}) error {
|
func (m *delegateMock) RPC(method string, args interface{}, reply interface{}) error {
|
||||||
|
|
|
@ -237,6 +237,10 @@ func prepTokenPolicies(t *testing.T, acl *ACL) (policies []*ACLPolicy) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func prepTokenPoliciesInPartition(t *testing.T, acl *ACL, partition string) (policies []*ACLPolicy) {
|
func prepTokenPoliciesInPartition(t *testing.T, acl *ACL, partition string) (policies []*ACLPolicy) {
|
||||||
|
datacenters := []string{"dc1", "dc2"}
|
||||||
|
if partition != "" && partition != "default" {
|
||||||
|
datacenters = []string{"dc1"}
|
||||||
|
}
|
||||||
var wqPart *WriteOptions
|
var wqPart *WriteOptions
|
||||||
if partition != "" {
|
if partition != "" {
|
||||||
wqPart = &WriteOptions{Partition: partition}
|
wqPart = &WriteOptions{Partition: partition}
|
||||||
|
@ -245,7 +249,7 @@ func prepTokenPoliciesInPartition(t *testing.T, acl *ACL, partition string) (pol
|
||||||
Name: "one",
|
Name: "one",
|
||||||
Description: "one description",
|
Description: "one description",
|
||||||
Rules: `acl = "read"`,
|
Rules: `acl = "read"`,
|
||||||
Datacenters: []string{"dc1", "dc2"},
|
Datacenters: datacenters,
|
||||||
}, wqPart)
|
}, wqPart)
|
||||||
|
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
@ -256,7 +260,7 @@ func prepTokenPoliciesInPartition(t *testing.T, acl *ACL, partition string) (pol
|
||||||
Name: "two",
|
Name: "two",
|
||||||
Description: "two description",
|
Description: "two description",
|
||||||
Rules: `node_prefix "" { policy = "read" }`,
|
Rules: `node_prefix "" { policy = "read" }`,
|
||||||
Datacenters: []string{"dc1", "dc2"},
|
Datacenters: datacenters,
|
||||||
}, wqPart)
|
}, wqPart)
|
||||||
|
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
|
@ -9,15 +9,16 @@ import (
|
||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"github.com/hashicorp/go-uuid"
|
||||||
|
"github.com/mitchellh/cli"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/hashicorp/consul/agent"
|
"github.com/hashicorp/consul/agent"
|
||||||
"github.com/hashicorp/consul/agent/connect"
|
"github.com/hashicorp/consul/agent/connect"
|
||||||
"github.com/hashicorp/consul/api"
|
"github.com/hashicorp/consul/api"
|
||||||
"github.com/hashicorp/consul/command/acl"
|
"github.com/hashicorp/consul/command/acl"
|
||||||
"github.com/hashicorp/consul/sdk/testutil"
|
"github.com/hashicorp/consul/sdk/testutil"
|
||||||
"github.com/hashicorp/consul/testrpc"
|
"github.com/hashicorp/consul/testrpc"
|
||||||
"github.com/hashicorp/go-uuid"
|
|
||||||
"github.com/mitchellh/cli"
|
|
||||||
"github.com/stretchr/testify/require"
|
|
||||||
|
|
||||||
// activate testing auth method
|
// activate testing auth method
|
||||||
_ "github.com/hashicorp/consul/agent/consul/authmethod/testauth"
|
_ "github.com/hashicorp/consul/agent/consul/authmethod/testauth"
|
||||||
|
@ -293,6 +294,7 @@ func TestAuthMethodCreateCommand_JSON(t *testing.T) {
|
||||||
delete(raw, "CreateIndex")
|
delete(raw, "CreateIndex")
|
||||||
delete(raw, "ModifyIndex")
|
delete(raw, "ModifyIndex")
|
||||||
delete(raw, "Namespace")
|
delete(raw, "Namespace")
|
||||||
|
delete(raw, "Partition")
|
||||||
|
|
||||||
require.Equal(t, map[string]interface{}{
|
require.Equal(t, map[string]interface{}{
|
||||||
"Name": name,
|
"Name": name,
|
||||||
|
@ -342,6 +344,7 @@ func TestAuthMethodCreateCommand_JSON(t *testing.T) {
|
||||||
delete(raw, "CreateIndex")
|
delete(raw, "CreateIndex")
|
||||||
delete(raw, "ModifyIndex")
|
delete(raw, "ModifyIndex")
|
||||||
delete(raw, "Namespace")
|
delete(raw, "Namespace")
|
||||||
|
delete(raw, "Partition")
|
||||||
|
|
||||||
require.Equal(t, map[string]interface{}{
|
require.Equal(t, map[string]interface{}{
|
||||||
"Name": name,
|
"Name": name,
|
||||||
|
@ -613,6 +616,9 @@ func getTestMethod(t *testing.T, client *api.Client, methodName string) *api.ACL
|
||||||
if method.Namespace == "default" {
|
if method.Namespace == "default" {
|
||||||
method.Namespace = ""
|
method.Namespace = ""
|
||||||
}
|
}
|
||||||
|
if method.Partition == "default" {
|
||||||
|
method.Partition = ""
|
||||||
|
}
|
||||||
|
|
||||||
return method
|
return method
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,15 +8,16 @@ import (
|
||||||
"strings"
|
"strings"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/hashicorp/go-uuid"
|
||||||
|
"github.com/mitchellh/cli"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/hashicorp/consul/agent"
|
"github.com/hashicorp/consul/agent"
|
||||||
"github.com/hashicorp/consul/agent/connect"
|
"github.com/hashicorp/consul/agent/connect"
|
||||||
"github.com/hashicorp/consul/api"
|
"github.com/hashicorp/consul/api"
|
||||||
"github.com/hashicorp/consul/command/acl"
|
"github.com/hashicorp/consul/command/acl"
|
||||||
"github.com/hashicorp/consul/sdk/testutil"
|
"github.com/hashicorp/consul/sdk/testutil"
|
||||||
"github.com/hashicorp/consul/testrpc"
|
"github.com/hashicorp/consul/testrpc"
|
||||||
"github.com/hashicorp/go-uuid"
|
|
||||||
"github.com/mitchellh/cli"
|
|
||||||
"github.com/stretchr/testify/require"
|
|
||||||
|
|
||||||
// activate testing auth method
|
// activate testing auth method
|
||||||
_ "github.com/hashicorp/consul/agent/consul/authmethod/testauth"
|
_ "github.com/hashicorp/consul/agent/consul/authmethod/testauth"
|
||||||
|
@ -941,6 +942,9 @@ func getTestMethod(t *testing.T, client *api.Client, methodName string) *api.ACL
|
||||||
if method.Namespace == "default" {
|
if method.Namespace == "default" {
|
||||||
method.Namespace = ""
|
method.Namespace = ""
|
||||||
}
|
}
|
||||||
|
if method.Partition == "default" {
|
||||||
|
method.Partition = ""
|
||||||
|
}
|
||||||
|
|
||||||
return method
|
return method
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,11 +3,12 @@ package expose
|
||||||
import (
|
import (
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"github.com/mitchellh/cli"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/hashicorp/consul/agent"
|
"github.com/hashicorp/consul/agent"
|
||||||
"github.com/hashicorp/consul/api"
|
"github.com/hashicorp/consul/api"
|
||||||
"github.com/hashicorp/consul/testrpc"
|
"github.com/hashicorp/consul/testrpc"
|
||||||
"github.com/mitchellh/cli"
|
|
||||||
"github.com/stretchr/testify/require"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestConnectExpose(t *testing.T) {
|
func TestConnectExpose(t *testing.T) {
|
||||||
|
@ -47,6 +48,7 @@ func TestConnectExpose(t *testing.T) {
|
||||||
Kind: api.IngressGateway,
|
Kind: api.IngressGateway,
|
||||||
Name: "ingress",
|
Name: "ingress",
|
||||||
Namespace: ns,
|
Namespace: ns,
|
||||||
|
Partition: ap,
|
||||||
Listeners: []api.IngressListener{
|
Listeners: []api.IngressListener{
|
||||||
{
|
{
|
||||||
Port: 8888,
|
Port: 8888,
|
||||||
|
@ -280,6 +282,7 @@ func TestConnectExpose_existingConfig(t *testing.T) {
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
})
|
})
|
||||||
|
ingressConf.Partition = entryConf.Partition
|
||||||
ingressConf.Namespace = entryConf.Namespace
|
ingressConf.Namespace = entryConf.Namespace
|
||||||
for i, listener := range ingressConf.Listeners {
|
for i, listener := range ingressConf.Listeners {
|
||||||
listener.Services[0].Namespace = entryConf.Listeners[i].Services[0].Namespace
|
listener.Services[0].Namespace = entryConf.Listeners[i].Services[0].Namespace
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
snapshot_envoy_admin localhost:19000 s1 primary || true
|
||||||
|
snapshot_envoy_admin localhost:19001 s2 primary || true
|
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
snapshot_envoy_admin localhost:19000 s1 primary || true
|
||||||
|
snapshot_envoy_admin localhost:19001 s2 primary || true
|
Loading…
Reference in New Issue