From e9960dfdf32515a2ce47be04bdeee59ac77845e7 Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Mon, 1 Aug 2022 12:22:36 -0700 Subject: [PATCH] peering: default to false (#13963) * defaulting to false because peering will be released as beta * Ignore peering disabled error in bundles cachetype Co-authored-by: Matt Keeler Co-authored-by: freddygv Co-authored-by: Matt Keeler --- agent/cache-types/trust_bundles.go | 9 +++++++ agent/cache-types/trust_bundles_test.go | 25 +++++++++++++++++++ agent/config/default.go | 3 --- agent/config/runtime_test.go | 10 -------- agent/consul/config.go | 1 - agent/consul/server_test.go | 1 + agent/rpc/peering/service_test.go | 1 + agent/testagent.go | 3 +++ sdk/testutil/server.go | 10 ++++++-- .../alpha/base.hcl | 3 +++ .../primary/base.hcl | 3 +++ .../case-cross-peers-http/alpha/base.hcl | 3 +++ .../case-cross-peers-http/primary/base.hcl | 3 +++ .../alpha/base.hcl | 3 +++ .../primary/base.hcl | 3 +++ .../envoy/case-cross-peers/alpha/base.hcl | 3 +++ .../envoy/case-cross-peers/primary/base.hcl | 3 +++ .../docs/agent/config/config-files.mdx | 2 +- 18 files changed, 72 insertions(+), 17 deletions(-) create mode 100644 test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl create mode 100644 test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl create mode 100644 test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl create mode 100644 test/integration/connect/envoy/case-cross-peers/primary/base.hcl diff --git a/agent/cache-types/trust_bundles.go b/agent/cache-types/trust_bundles.go index 70c63cb4b..eddc8dabb 100644 --- a/agent/cache-types/trust_bundles.go +++ b/agent/cache-types/trust_bundles.go @@ -8,6 +8,8 @@ import ( "github.com/mitchellh/hashstructure" "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" "github.com/hashicorp/consul/agent/cache" external "github.com/hashicorp/consul/agent/grpc-external" @@ -87,6 +89,13 @@ func (t *TrustBundles) Fetch(_ cache.FetchOptions, req cache.Request) (cache.Fet // Fetch reply, err := t.Client.TrustBundleListByService(external.ContextWithToken(context.Background(), reqReal.Token), reqReal.Request) if err != nil { + // Return an empty result if the error is due to peering being disabled. + // This allows mesh gateways to receive an update and confirm that the watch is set. + if e, ok := status.FromError(err); ok && e.Code() == codes.FailedPrecondition { + result.Index = 1 + result.Value = &pbpeering.TrustBundleListByServiceResponse{Index: 1} + return result, nil + } return result, err } diff --git a/agent/cache-types/trust_bundles_test.go b/agent/cache-types/trust_bundles_test.go index 09d8a80bc..85248dba1 100644 --- a/agent/cache-types/trust_bundles_test.go +++ b/agent/cache-types/trust_bundles_test.go @@ -7,6 +7,8 @@ import ( "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" + "google.golang.org/grpc/codes" + grpcstatus "google.golang.org/grpc/status" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/proto/pbpeering" @@ -48,6 +50,29 @@ func TestTrustBundles(t *testing.T) { }, result) } +func TestTrustBundles_PeeringDisabled(t *testing.T) { + client := NewMockTrustBundleLister(t) + typ := &TrustBundles{Client: client} + + var resp *pbpeering.TrustBundleListByServiceResponse + + // Expect the proper call. + // This also returns the canned response above. + client.On("TrustBundleListByService", mock.Anything, mock.Anything). + Return(resp, grpcstatus.Error(codes.FailedPrecondition, "peering must be enabled to use this endpoint")) + + // Fetch and assert against the result. + result, err := typ.Fetch(cache.FetchOptions{}, &TrustBundleListRequest{ + Request: &pbpeering.TrustBundleListByServiceRequest{ + ServiceName: "foo", + }, + }) + require.NoError(t, err) + require.NotNil(t, result) + require.EqualValues(t, 1, result.Index) + require.NotNil(t, result.Value) +} + func TestTrustBundles_badReqType(t *testing.T) { client := pbpeering.NewPeeringServiceClient(nil) typ := &TrustBundles{Client: client} diff --git a/agent/config/default.go b/agent/config/default.go index bb7821851..861db9e3b 100644 --- a/agent/config/default.go +++ b/agent/config/default.go @@ -104,9 +104,6 @@ func DefaultSource() Source { kv_max_value_size = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + ` txn_max_req_len = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + ` } - peering = { - enabled = true - } performance = { leave_drain_time = "5s" raft_multiplier = ` + strconv.Itoa(int(consul.DefaultRaftMultiplier)) + ` diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index b05b31491..e0266811e 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -5548,16 +5548,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { "tls.grpc was provided but TLS will NOT be enabled on the gRPC listener without an HTTPS listener configured (e.g. via ports.https)", }, }) - run(t, testCase{ - desc: "peering.enabled defaults to true", - args: []string{ - `-data-dir=` + dataDir, - }, - expected: func(rt *RuntimeConfig) { - rt.DataDir = dataDir - rt.PeeringEnabled = true - }, - }) } func (tc testCase) run(format string, dataDir string) func(t *testing.T) { diff --git a/agent/consul/config.go b/agent/consul/config.go index 64bf90257..b897c4f23 100644 --- a/agent/consul/config.go +++ b/agent/consul/config.go @@ -517,7 +517,6 @@ func DefaultConfig() *Config { DefaultQueryTime: 300 * time.Second, MaxQueryTime: 600 * time.Second, - PeeringEnabled: true, PeeringTestAllowPeerRegistrations: false, EnterpriseConfig: DefaultEnterpriseConfig(), diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index b9f9cc4f1..35bbe720e 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -179,6 +179,7 @@ func testServerConfig(t *testing.T) (string, *Config) { "IntermediateCertTTL": "288h", }, } + config.PeeringEnabled = true return dir, config } diff --git a/agent/rpc/peering/service_test.go b/agent/rpc/peering/service_test.go index a4acd945e..54770d6a6 100644 --- a/agent/rpc/peering/service_test.go +++ b/agent/rpc/peering/service_test.go @@ -1283,6 +1283,7 @@ func newTestServer(t *testing.T, cb func(conf *consul.Config)) testingServer { ports := freeport.GetN(t, 4) // {rpc, serf_lan, serf_wan, grpc} + conf.PeeringEnabled = true conf.Bootstrap = true conf.Datacenter = "dc1" conf.DataDir = dir diff --git a/agent/testagent.go b/agent/testagent.go index af6ac87dc..5701834b7 100644 --- a/agent/testagent.go +++ b/agent/testagent.go @@ -138,6 +138,9 @@ func TestConfigHCL(nodeID string) string { } performance { raft_multiplier = 1 + } + peering { + enabled = true }`, nodeID, connect.TestClusterID, ) } diff --git a/sdk/testutil/server.go b/sdk/testutil/server.go index 77fd90e82..db5834c3a 100644 --- a/sdk/testutil/server.go +++ b/sdk/testutil/server.go @@ -105,6 +105,7 @@ type TestServerConfig struct { Connect map[string]interface{} `json:"connect,omitempty"` EnableDebug bool `json:"enable_debug,omitempty"` SkipLeaveOnInt bool `json:"skip_leave_on_interrupt"` + Peering *TestPeeringConfig `json:"peering,omitempty"` ReadyTimeout time.Duration `json:"-"` StopTimeout time.Duration `json:"-"` Stdout io.Writer `json:"-"` @@ -139,6 +140,10 @@ type TestTokens struct { AgentRecovery string `json:"agent_master,omitempty"` } +type TestPeeringConfig struct { + Enabled bool `json:"enabled,omitempty"` +} + // ServerConfigCallback is a function interface which can be // passed to NewTestServerConfig to modify the server config. type ServerConfigCallback func(c *TestServerConfig) @@ -192,8 +197,9 @@ func defaultServerConfig(t TestingTB) *TestServerConfig { ReturnPorts: func() { freeport.Return(ports) }, - Stdout: logBuffer, - Stderr: logBuffer, + Stdout: logBuffer, + Stderr: logBuffer, + Peering: &TestPeeringConfig{Enabled: true}, } } diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl index 68265638f..f81ab0edd 100644 --- a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl +++ b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl @@ -1,2 +1,5 @@ primary_datacenter = "alpha" log_level = "trace" +peering { + enabled = true +} diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl new file mode 100644 index 000000000..c1e134d5a --- /dev/null +++ b/test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl @@ -0,0 +1,3 @@ +peering { + enabled = true +} diff --git a/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl index 68265638f..f81ab0edd 100644 --- a/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl +++ b/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl @@ -1,2 +1,5 @@ primary_datacenter = "alpha" log_level = "trace" +peering { + enabled = true +} diff --git a/test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl new file mode 100644 index 000000000..c1e134d5a --- /dev/null +++ b/test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl @@ -0,0 +1,3 @@ +peering { + enabled = true +} diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl index 68265638f..f81ab0edd 100644 --- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl +++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl @@ -1,2 +1,5 @@ primary_datacenter = "alpha" log_level = "trace" +peering { + enabled = true +} diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl new file mode 100644 index 000000000..c1e134d5a --- /dev/null +++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl @@ -0,0 +1,3 @@ +peering { + enabled = true +} diff --git a/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl index 68265638f..f81ab0edd 100644 --- a/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl +++ b/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl @@ -1,2 +1,5 @@ primary_datacenter = "alpha" log_level = "trace" +peering { + enabled = true +} diff --git a/test/integration/connect/envoy/case-cross-peers/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers/primary/base.hcl new file mode 100644 index 000000000..c1e134d5a --- /dev/null +++ b/test/integration/connect/envoy/case-cross-peers/primary/base.hcl @@ -0,0 +1,3 @@ +peering { + enabled = true +} diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx index c88677508..5c4f7b909 100644 --- a/website/content/docs/agent/config/config-files.mdx +++ b/website/content/docs/agent/config/config-files.mdx @@ -555,7 +555,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." The following sub-keys are available: - - `enabled` ((#peering_enabled)) (Defaults to `true`) Controls whether cluster peering is enabled. + - `enabled` ((#peering_enabled)) (Defaults to `false`) Controls whether cluster peering is enabled. When disabled, the UI won't show peering, all peering APIs will return an error, any peerings stored in Consul already will be ignored (but they will not be deleted), and all peering connections from other clusters will be rejected. This was added in Consul 1.13.0.