Adds check to verify that the API Gateway is being created with at least one listener

.changelog/16649.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+gateways: Adds validation to ensure the API Gateway has a listener defined when created
+```

agent/structs/config_entry_discoverychain_test.go

@@ -411,7 +411,16 @@ func TestConfigEntries_ListRelatedServices_AndACLs(t *testing.T) {
 		},
 		{
 			name: "api-gateway",
-			entry: &APIGatewayConfigEntry{Name: "test"},
+			entry: &APIGatewayConfigEntry{
+				Name: "test",
+				Listeners: []APIGatewayListener{
+					{
+						Name:     "test",
+						Port:     100,
+						Protocol: "http",
+					},
+				},
+			},
 			expectACLs: []testACL{
 				{
 					name:       "no-authz",

agent/structs/config_entry_gateways.go

@@ -769,6 +769,9 @@ func (e *APIGatewayConfigEntry) Validate() error {
 		return err
 	}
 
+	if len(e.Listeners) == 0 {
+		return fmt.Errorf("api gateway must have at least one listener")
+	}
 	if err := e.validateListenerNames(); err != nil {
 		return err
 	}

agent/structs/config_entry_gateways_test.go

@@ -1126,6 +1126,13 @@ func TestGatewayService_Addresses(t *testing.T) {
 
 func TestAPIGateway_Listeners(t *testing.T) {
 	cases := map[string]configEntryTestcase{
+		"no listeners defined": {
+			entry: &APIGatewayConfigEntry{
+				Kind: "api-gateway",
+				Name: "api-gw-one",
+			},
+			validateErr: "api gateway must have at least one listener",
+		},
 		"listener name conflict": {
 			entry: &APIGatewayConfigEntry{
 				Kind: "api-gateway",

website/content/commands/config/delete.mdx

@@ -27,6 +27,7 @@ are not supported from commands, but may be from the corresponding HTTP endpoint
 
 | Config Entry Kind   | Required ACL       |
 | ------------------- | ------------------ |
+| api-gateway         | `mesh:write`       |
 | ingress-gateway     | `operator:write`   |
 | proxy-defaults      | `operator:write`   |
 | service-defaults    | `service:write`    |
@@ -45,16 +46,16 @@ Usage: `consul config delete [options]`
 - `-kind` - Specifies the kind of the config entry to read.
 
 - `-name` - Specifies the name of the config entry to delete. The name of the
-  `proxy-defaults` config entry must be `global`, and the name of the `mesh`
-  config entry must be `mesh`.
+`proxy-defaults` config entry must be `global`, and the name of the `mesh`
+config entry must be `mesh`.
 
 - `-filename` - Specifies the file describing the config entry to delete.
 
 - `-cas` - Perform a Check-And-Set operation. Specifying this value also
-  requires the -modify-index flag to be set. The default value is false.
+requires the -modify-index flag to be set. The default value is false.
 
 - `-modify-index=<int>` - Unsigned integer representing the ModifyIndex of the
-  config entry. This is used in combination with the -cas flag.
+config entry. This is used in combination with the -cas flag.
 
 #### Enterprise Options
 

website/content/commands/config/list.mdx

@@ -27,6 +27,7 @@ are not supported from commands, but may be from the corresponding HTTP endpoint
 
 | Config Entry Kind   | Required ACL      |
 | ------------------- | ----------------- |
+| api-gateway         | `mesh:read`       |
 | ingress-gateway     | `service:read`    |
 | proxy-defaults      | `<none>`          |
 | service-defaults    | `service:read`    |

website/content/commands/config/read.mdx

@@ -28,6 +28,7 @@ are not supported from commands, but may be from the corresponding HTTP endpoint
 
 | Config Entry Kind   | Required ACL      |
 | ------------------- | ----------------- |
+| api-gateway         | `mesh:read`       |
 | ingress-gateway     | `service:read`    |
 | proxy-defaults      | `<none>`          |
 | service-defaults    | `service:read`    |

website/content/commands/config/write.mdx

@@ -30,6 +30,7 @@ are not supported from commands, but may be from the corresponding HTTP endpoint
 
 | Config Entry Kind   | Required ACL       |
 | ------------------- | ------------------ |
+| api-gateway         | `mesh:write`       |
 | ingress-gateway     | `operator:write`   |
 | proxy-defaults      | `operator:write`   |
 | service-defaults    | `service:write`    |