peering: default to false (#13963)

* defaulting to false because peering will be released as beta
* Ignore peering disabled error in bundles cachetype

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
This commit is contained in:
Luke Kysow 2022-08-01 12:22:36 -07:00 committed by GitHub
parent 593add2ec0
commit e9960dfdf3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
18 changed files with 72 additions and 17 deletions

View File

@ -8,6 +8,8 @@ import (
"github.com/mitchellh/hashstructure"
"google.golang.org/grpc"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"github.com/hashicorp/consul/agent/cache"
external "github.com/hashicorp/consul/agent/grpc-external"
@ -87,6 +89,13 @@ func (t *TrustBundles) Fetch(_ cache.FetchOptions, req cache.Request) (cache.Fet
// Fetch
reply, err := t.Client.TrustBundleListByService(external.ContextWithToken(context.Background(), reqReal.Token), reqReal.Request)
if err != nil {
// Return an empty result if the error is due to peering being disabled.
// This allows mesh gateways to receive an update and confirm that the watch is set.
if e, ok := status.FromError(err); ok && e.Code() == codes.FailedPrecondition {
result.Index = 1
result.Value = &pbpeering.TrustBundleListByServiceResponse{Index: 1}
return result, nil
}
return result, err
}

View File

@ -7,6 +7,8 @@ import (
"github.com/stretchr/testify/mock"
"github.com/stretchr/testify/require"
"google.golang.org/grpc/codes"
grpcstatus "google.golang.org/grpc/status"
"github.com/hashicorp/consul/agent/cache"
"github.com/hashicorp/consul/proto/pbpeering"
@ -48,6 +50,29 @@ func TestTrustBundles(t *testing.T) {
}, result)
}
func TestTrustBundles_PeeringDisabled(t *testing.T) {
client := NewMockTrustBundleLister(t)
typ := &TrustBundles{Client: client}
var resp *pbpeering.TrustBundleListByServiceResponse
// Expect the proper call.
// This also returns the canned response above.
client.On("TrustBundleListByService", mock.Anything, mock.Anything).
Return(resp, grpcstatus.Error(codes.FailedPrecondition, "peering must be enabled to use this endpoint"))
// Fetch and assert against the result.
result, err := typ.Fetch(cache.FetchOptions{}, &TrustBundleListRequest{
Request: &pbpeering.TrustBundleListByServiceRequest{
ServiceName: "foo",
},
})
require.NoError(t, err)
require.NotNil(t, result)
require.EqualValues(t, 1, result.Index)
require.NotNil(t, result.Value)
}
func TestTrustBundles_badReqType(t *testing.T) {
client := pbpeering.NewPeeringServiceClient(nil)
typ := &TrustBundles{Client: client}

View File

@ -104,9 +104,6 @@ func DefaultSource() Source {
kv_max_value_size = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + `
txn_max_req_len = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + `
}
peering = {
enabled = true
}
performance = {
leave_drain_time = "5s"
raft_multiplier = ` + strconv.Itoa(int(consul.DefaultRaftMultiplier)) + `

View File

@ -5548,16 +5548,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
"tls.grpc was provided but TLS will NOT be enabled on the gRPC listener without an HTTPS listener configured (e.g. via ports.https)",
},
})
run(t, testCase{
desc: "peering.enabled defaults to true",
args: []string{
`-data-dir=` + dataDir,
},
expected: func(rt *RuntimeConfig) {
rt.DataDir = dataDir
rt.PeeringEnabled = true
},
})
}
func (tc testCase) run(format string, dataDir string) func(t *testing.T) {

View File

@ -517,7 +517,6 @@ func DefaultConfig() *Config {
DefaultQueryTime: 300 * time.Second,
MaxQueryTime: 600 * time.Second,
PeeringEnabled: true,
PeeringTestAllowPeerRegistrations: false,
EnterpriseConfig: DefaultEnterpriseConfig(),

View File

@ -179,6 +179,7 @@ func testServerConfig(t *testing.T) (string, *Config) {
"IntermediateCertTTL": "288h",
},
}
config.PeeringEnabled = true
return dir, config
}

View File

@ -1283,6 +1283,7 @@ func newTestServer(t *testing.T, cb func(conf *consul.Config)) testingServer {
ports := freeport.GetN(t, 4) // {rpc, serf_lan, serf_wan, grpc}
conf.PeeringEnabled = true
conf.Bootstrap = true
conf.Datacenter = "dc1"
conf.DataDir = dir

View File

@ -138,6 +138,9 @@ func TestConfigHCL(nodeID string) string {
}
performance {
raft_multiplier = 1
}
peering {
enabled = true
}`, nodeID, connect.TestClusterID,
)
}

View File

@ -105,6 +105,7 @@ type TestServerConfig struct {
Connect map[string]interface{} `json:"connect,omitempty"`
EnableDebug bool `json:"enable_debug,omitempty"`
SkipLeaveOnInt bool `json:"skip_leave_on_interrupt"`
Peering *TestPeeringConfig `json:"peering,omitempty"`
ReadyTimeout time.Duration `json:"-"`
StopTimeout time.Duration `json:"-"`
Stdout io.Writer `json:"-"`
@ -139,6 +140,10 @@ type TestTokens struct {
AgentRecovery string `json:"agent_master,omitempty"`
}
type TestPeeringConfig struct {
Enabled bool `json:"enabled,omitempty"`
}
// ServerConfigCallback is a function interface which can be
// passed to NewTestServerConfig to modify the server config.
type ServerConfigCallback func(c *TestServerConfig)
@ -194,6 +199,7 @@ func defaultServerConfig(t TestingTB) *TestServerConfig {
},
Stdout: logBuffer,
Stderr: logBuffer,
Peering: &TestPeeringConfig{Enabled: true},
}
}

View File

@ -1,2 +1,5 @@
primary_datacenter = "alpha"
log_level = "trace"
peering {
enabled = true
}

View File

@ -0,0 +1,3 @@
peering {
enabled = true
}

View File

@ -1,2 +1,5 @@
primary_datacenter = "alpha"
log_level = "trace"
peering {
enabled = true
}

View File

@ -0,0 +1,3 @@
peering {
enabled = true
}

View File

@ -1,2 +1,5 @@
primary_datacenter = "alpha"
log_level = "trace"
peering {
enabled = true
}

View File

@ -0,0 +1,3 @@
peering {
enabled = true
}

View File

@ -1,2 +1,5 @@
primary_datacenter = "alpha"
log_level = "trace"
peering {
enabled = true
}

View File

@ -0,0 +1,3 @@
peering {
enabled = true
}

View File

@ -555,7 +555,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
The following sub-keys are available:
- `enabled` ((#peering_enabled)) (Defaults to `true`) Controls whether cluster peering is enabled.
- `enabled` ((#peering_enabled)) (Defaults to `false`) Controls whether cluster peering is enabled.
When disabled, the UI won't show peering, all peering APIs will return
an error, any peerings stored in Consul already will be ignored (but they will not be deleted),
and all peering connections from other clusters will be rejected. This was added in Consul 1.13.0.