peering: default to false (#13963)
* defaulting to false because peering will be released as beta * Ignore peering disabled error in bundles cachetype Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> Co-authored-by: freddygv <freddy@hashicorp.com> Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
This commit is contained in:
parent
593add2ec0
commit
e9960dfdf3
|
@ -8,6 +8,8 @@ import (
|
|||
|
||||
"github.com/mitchellh/hashstructure"
|
||||
"google.golang.org/grpc"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/status"
|
||||
|
||||
"github.com/hashicorp/consul/agent/cache"
|
||||
external "github.com/hashicorp/consul/agent/grpc-external"
|
||||
|
@ -87,6 +89,13 @@ func (t *TrustBundles) Fetch(_ cache.FetchOptions, req cache.Request) (cache.Fet
|
|||
// Fetch
|
||||
reply, err := t.Client.TrustBundleListByService(external.ContextWithToken(context.Background(), reqReal.Token), reqReal.Request)
|
||||
if err != nil {
|
||||
// Return an empty result if the error is due to peering being disabled.
|
||||
// This allows mesh gateways to receive an update and confirm that the watch is set.
|
||||
if e, ok := status.FromError(err); ok && e.Code() == codes.FailedPrecondition {
|
||||
result.Index = 1
|
||||
result.Value = &pbpeering.TrustBundleListByServiceResponse{Index: 1}
|
||||
return result, nil
|
||||
}
|
||||
return result, err
|
||||
}
|
||||
|
||||
|
|
|
@ -7,6 +7,8 @@ import (
|
|||
|
||||
"github.com/stretchr/testify/mock"
|
||||
"github.com/stretchr/testify/require"
|
||||
"google.golang.org/grpc/codes"
|
||||
grpcstatus "google.golang.org/grpc/status"
|
||||
|
||||
"github.com/hashicorp/consul/agent/cache"
|
||||
"github.com/hashicorp/consul/proto/pbpeering"
|
||||
|
@ -48,6 +50,29 @@ func TestTrustBundles(t *testing.T) {
|
|||
}, result)
|
||||
}
|
||||
|
||||
func TestTrustBundles_PeeringDisabled(t *testing.T) {
|
||||
client := NewMockTrustBundleLister(t)
|
||||
typ := &TrustBundles{Client: client}
|
||||
|
||||
var resp *pbpeering.TrustBundleListByServiceResponse
|
||||
|
||||
// Expect the proper call.
|
||||
// This also returns the canned response above.
|
||||
client.On("TrustBundleListByService", mock.Anything, mock.Anything).
|
||||
Return(resp, grpcstatus.Error(codes.FailedPrecondition, "peering must be enabled to use this endpoint"))
|
||||
|
||||
// Fetch and assert against the result.
|
||||
result, err := typ.Fetch(cache.FetchOptions{}, &TrustBundleListRequest{
|
||||
Request: &pbpeering.TrustBundleListByServiceRequest{
|
||||
ServiceName: "foo",
|
||||
},
|
||||
})
|
||||
require.NoError(t, err)
|
||||
require.NotNil(t, result)
|
||||
require.EqualValues(t, 1, result.Index)
|
||||
require.NotNil(t, result.Value)
|
||||
}
|
||||
|
||||
func TestTrustBundles_badReqType(t *testing.T) {
|
||||
client := pbpeering.NewPeeringServiceClient(nil)
|
||||
typ := &TrustBundles{Client: client}
|
||||
|
|
|
@ -104,9 +104,6 @@ func DefaultSource() Source {
|
|||
kv_max_value_size = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + `
|
||||
txn_max_req_len = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + `
|
||||
}
|
||||
peering = {
|
||||
enabled = true
|
||||
}
|
||||
performance = {
|
||||
leave_drain_time = "5s"
|
||||
raft_multiplier = ` + strconv.Itoa(int(consul.DefaultRaftMultiplier)) + `
|
||||
|
|
|
@ -5548,16 +5548,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) {
|
|||
"tls.grpc was provided but TLS will NOT be enabled on the gRPC listener without an HTTPS listener configured (e.g. via ports.https)",
|
||||
},
|
||||
})
|
||||
run(t, testCase{
|
||||
desc: "peering.enabled defaults to true",
|
||||
args: []string{
|
||||
`-data-dir=` + dataDir,
|
||||
},
|
||||
expected: func(rt *RuntimeConfig) {
|
||||
rt.DataDir = dataDir
|
||||
rt.PeeringEnabled = true
|
||||
},
|
||||
})
|
||||
}
|
||||
|
||||
func (tc testCase) run(format string, dataDir string) func(t *testing.T) {
|
||||
|
|
|
@ -517,7 +517,6 @@ func DefaultConfig() *Config {
|
|||
DefaultQueryTime: 300 * time.Second,
|
||||
MaxQueryTime: 600 * time.Second,
|
||||
|
||||
PeeringEnabled: true,
|
||||
PeeringTestAllowPeerRegistrations: false,
|
||||
|
||||
EnterpriseConfig: DefaultEnterpriseConfig(),
|
||||
|
|
|
@ -179,6 +179,7 @@ func testServerConfig(t *testing.T) (string, *Config) {
|
|||
"IntermediateCertTTL": "288h",
|
||||
},
|
||||
}
|
||||
config.PeeringEnabled = true
|
||||
return dir, config
|
||||
}
|
||||
|
||||
|
|
|
@ -1283,6 +1283,7 @@ func newTestServer(t *testing.T, cb func(conf *consul.Config)) testingServer {
|
|||
|
||||
ports := freeport.GetN(t, 4) // {rpc, serf_lan, serf_wan, grpc}
|
||||
|
||||
conf.PeeringEnabled = true
|
||||
conf.Bootstrap = true
|
||||
conf.Datacenter = "dc1"
|
||||
conf.DataDir = dir
|
||||
|
|
|
@ -138,6 +138,9 @@ func TestConfigHCL(nodeID string) string {
|
|||
}
|
||||
performance {
|
||||
raft_multiplier = 1
|
||||
}
|
||||
peering {
|
||||
enabled = true
|
||||
}`, nodeID, connect.TestClusterID,
|
||||
)
|
||||
}
|
||||
|
|
|
@ -105,6 +105,7 @@ type TestServerConfig struct {
|
|||
Connect map[string]interface{} `json:"connect,omitempty"`
|
||||
EnableDebug bool `json:"enable_debug,omitempty"`
|
||||
SkipLeaveOnInt bool `json:"skip_leave_on_interrupt"`
|
||||
Peering *TestPeeringConfig `json:"peering,omitempty"`
|
||||
ReadyTimeout time.Duration `json:"-"`
|
||||
StopTimeout time.Duration `json:"-"`
|
||||
Stdout io.Writer `json:"-"`
|
||||
|
@ -139,6 +140,10 @@ type TestTokens struct {
|
|||
AgentRecovery string `json:"agent_master,omitempty"`
|
||||
}
|
||||
|
||||
type TestPeeringConfig struct {
|
||||
Enabled bool `json:"enabled,omitempty"`
|
||||
}
|
||||
|
||||
// ServerConfigCallback is a function interface which can be
|
||||
// passed to NewTestServerConfig to modify the server config.
|
||||
type ServerConfigCallback func(c *TestServerConfig)
|
||||
|
@ -194,6 +199,7 @@ func defaultServerConfig(t TestingTB) *TestServerConfig {
|
|||
},
|
||||
Stdout: logBuffer,
|
||||
Stderr: logBuffer,
|
||||
Peering: &TestPeeringConfig{Enabled: true},
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -1,2 +1,5 @@
|
|||
primary_datacenter = "alpha"
|
||||
log_level = "trace"
|
||||
peering {
|
||||
enabled = true
|
||||
}
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
peering {
|
||||
enabled = true
|
||||
}
|
|
@ -1,2 +1,5 @@
|
|||
primary_datacenter = "alpha"
|
||||
log_level = "trace"
|
||||
peering {
|
||||
enabled = true
|
||||
}
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
peering {
|
||||
enabled = true
|
||||
}
|
|
@ -1,2 +1,5 @@
|
|||
primary_datacenter = "alpha"
|
||||
log_level = "trace"
|
||||
peering {
|
||||
enabled = true
|
||||
}
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
peering {
|
||||
enabled = true
|
||||
}
|
|
@ -1,2 +1,5 @@
|
|||
primary_datacenter = "alpha"
|
||||
log_level = "trace"
|
||||
peering {
|
||||
enabled = true
|
||||
}
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
peering {
|
||||
enabled = true
|
||||
}
|
|
@ -555,7 +555,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'."
|
|||
|
||||
The following sub-keys are available:
|
||||
|
||||
- `enabled` ((#peering_enabled)) (Defaults to `true`) Controls whether cluster peering is enabled.
|
||||
- `enabled` ((#peering_enabled)) (Defaults to `false`) Controls whether cluster peering is enabled.
|
||||
When disabled, the UI won't show peering, all peering APIs will return
|
||||
an error, any peerings stored in Consul already will be ignored (but they will not be deleted),
|
||||
and all peering connections from other clusters will be rejected. This was added in Consul 1.13.0.
|
||||
|
|
Loading…
Reference in New Issue