Skip to content

Ignore partition/namespace on SourceIntention list to match top-level compare logic#1804

Merged
kyhavlov merged 2 commits intomainfrom
kyhavlov/diff-intention-sources
Dec 19, 2022
Merged

Ignore partition/namespace on SourceIntention list to match top-level compare logic#1804
kyhavlov merged 2 commits intomainfrom
kyhavlov/diff-intention-sources

Conversation

@kyhavlov
Copy link
Copy Markdown
Contributor

@kyhavlov kyhavlov commented Dec 19, 2022
edited
Loading

This PR updates the logic in MatchesConsul for intentions to add partition/namespace to the list of ignored fields for the SourceIntention list to match the ignored fields on the top-level config entry struct. This is to fix an issue where upgrading from Consul pre-1.12 to 1.12+ can trigger an update of all config entries due to the partition/namespace fields in the SourceIntentions from Consul being filled in as "default" instead of "".

Here's what the entry coming from consul 1.12+ looks like:

{
  "Kind": "service-intentions",
  "Name": "*",
  "Partition": "default",
  "Namespace": "default",
  "Sources": [
    {
      "Name": "foo",
      "Partition": "default",
      "Namespace": "default",
      "Action": "allow",
      ...
    }
  ],
  ...
}

And this is what consul-k8s generates via the ToConsul function:

{
  "Kind": "service-intentions",
  "Name": "*",
  "Sources": [
    {
      "Name": "foo",
      "Action": "allow",
      ...
    }
  ],
  ...
}

How I've tested this PR:
Created a consul 1.11.1+ent cluster alongside consul-k8s with a couple basic service intention config entries, then upgraded to 1.12.3+ent. Without this change there's an update to each intention because of the diff/MatchesConsul returns false.

How I expect reviewers to test this PR:

Checklist:

  • Tests added
  • CHANGELOG entry added

ndhanushkodi
ndhanushkodi approved these changes Dec 19, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@ndhanushkodi ndhanushkodi left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we just need a changelog, and are we planning to backport this? If so we'll need backport labels. 0.49.x of consul-k8s is supposed to work with 1.13.x and 1.12.x of Consul. I don't think we test with Consul 1.11.x anymore but in theory that should have worked with 0.49.x at some point.

Thanks for fixing, it looks great to me!

@david-yu
Copy link
Copy Markdown
Contributor

david-yu commented Dec 19, 2022

Thanks I've added a backport label for 0.49.x and 1.0.x

@kyhavlov kyhavlov force-pushed the kyhavlov/diff-intention-sources branch from b0fcd67 to 7300245 Compare December 19, 2022 19:26
@kyhavlov kyhavlov merged commit 64e8011 into main Dec 19, 2022
@kyhavlov kyhavlov deleted the kyhavlov/diff-intention-sources branch December 19, 2022 23:41
This was referenced Dec 19, 2022
Merged
Merged
@david-yu david-yu mentioned this pull request Dec 21, 2022
Merged
2 tasks
Merged
2 tasks
@erichaberkorn erichaberkorn mentioned this pull request May 26, 2023
Merged
2 tasks
This was referenced May 31, 2023
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ndhanushkodi ndhanushkodi ndhanushkodi approved these changes

+1 more reviewer

@wilkermichael wilkermichael wilkermichael approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kyhavlov @david-yu @ndhanushkodi @wilkermichael