From 379b47b897ee07e0f968731c710c811fad149f40 Mon Sep 17 00:00:00 2001 From: Luke Kysow <1034429+lkysow@users.noreply.github.com> Date: Mon, 1 Aug 2022 12:22:36 -0700 Subject: [PATCH] peering: default to false (#13963) * defaulting to false because peering will be released as beta * Ignore peering disabled error in bundles cachetype Co-authored-by: Matt Keeler Co-authored-by: freddygv Co-authored-by: Matt Keeler --- agent/cache-types/trust_bundles.go | 9 +++++++ agent/cache-types/trust_bundles_test.go | 25 +++++++++++++++++++ agent/config/default.go | 3 --- agent/config/runtime_test.go | 10 -------- agent/consul/config.go | 2 -- agent/consul/server_test.go | 1 + agent/rpc/peering/service_test.go | 1 + agent/testagent.go | 3 +++ sdk/testutil/server.go | 10 ++++++-- .../alpha/base.hcl | 3 +++ .../primary/base.hcl | 3 +++ .../case-cross-peers-http/alpha/base.hcl | 3 +++ .../case-cross-peers-http/primary/base.hcl | 3 +++ .../alpha/base.hcl | 3 +++ .../primary/base.hcl | 3 +++ .../envoy/case-cross-peers/alpha/base.hcl | 3 +++ .../envoy/case-cross-peers/primary/base.hcl | 3 +++ .../docs/agent/config/config-files.mdx | 2 +- 18 files changed, 72 insertions(+), 18 deletions(-) create mode 100644 test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl create mode 100644 test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl create mode 100644 test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl create mode 100644 test/integration/connect/envoy/case-cross-peers/primary/base.hcl diff --git a/agent/cache-types/trust_bundles.go b/agent/cache-types/trust_bundles.go index 70c63cb4be6..eddc8dabbee 100644 --- a/agent/cache-types/trust_bundles.go +++ b/agent/cache-types/trust_bundles.go @@ -8,6 +8,8 @@ import ( "github.com/mitchellh/hashstructure" "google.golang.org/grpc" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" "github.com/hashicorp/consul/agent/cache" external "github.com/hashicorp/consul/agent/grpc-external" @@ -87,6 +89,13 @@ func (t *TrustBundles) Fetch(_ cache.FetchOptions, req cache.Request) (cache.Fet // Fetch reply, err := t.Client.TrustBundleListByService(external.ContextWithToken(context.Background(), reqReal.Token), reqReal.Request) if err != nil { + // Return an empty result if the error is due to peering being disabled. + // This allows mesh gateways to receive an update and confirm that the watch is set. + if e, ok := status.FromError(err); ok && e.Code() == codes.FailedPrecondition { + result.Index = 1 + result.Value = &pbpeering.TrustBundleListByServiceResponse{Index: 1} + return result, nil + } return result, err } diff --git a/agent/cache-types/trust_bundles_test.go b/agent/cache-types/trust_bundles_test.go index 09d8a80bcb3..85248dba1da 100644 --- a/agent/cache-types/trust_bundles_test.go +++ b/agent/cache-types/trust_bundles_test.go @@ -7,6 +7,8 @@ import ( "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" + "google.golang.org/grpc/codes" + grpcstatus "google.golang.org/grpc/status" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/proto/pbpeering" @@ -48,6 +50,29 @@ func TestTrustBundles(t *testing.T) { }, result) } +func TestTrustBundles_PeeringDisabled(t *testing.T) { + client := NewMockTrustBundleLister(t) + typ := &TrustBundles{Client: client} + + var resp *pbpeering.TrustBundleListByServiceResponse + + // Expect the proper call. + // This also returns the canned response above. + client.On("TrustBundleListByService", mock.Anything, mock.Anything). + Return(resp, grpcstatus.Error(codes.FailedPrecondition, "peering must be enabled to use this endpoint")) + + // Fetch and assert against the result. + result, err := typ.Fetch(cache.FetchOptions{}, &TrustBundleListRequest{ + Request: &pbpeering.TrustBundleListByServiceRequest{ + ServiceName: "foo", + }, + }) + require.NoError(t, err) + require.NotNil(t, result) + require.EqualValues(t, 1, result.Index) + require.NotNil(t, result.Value) +} + func TestTrustBundles_badReqType(t *testing.T) { client := pbpeering.NewPeeringServiceClient(nil) typ := &TrustBundles{Client: client} diff --git a/agent/config/default.go b/agent/config/default.go index d0cc2865dc2..951d9f1263c 100644 --- a/agent/config/default.go +++ b/agent/config/default.go @@ -104,9 +104,6 @@ func DefaultSource() Source { kv_max_value_size = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + ` txn_max_req_len = ` + strconv.FormatInt(raft.SuggestedMaxDataSize, 10) + ` } - peering = { - enabled = true - } performance = { leave_drain_time = "5s" raft_multiplier = ` + strconv.Itoa(int(consul.DefaultRaftMultiplier)) + ` diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index b05b3149190..e0266811e38 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -5548,16 +5548,6 @@ func TestLoad_IntegrationWithFlags(t *testing.T) { "tls.grpc was provided but TLS will NOT be enabled on the gRPC listener without an HTTPS listener configured (e.g. via ports.https)", }, }) - run(t, testCase{ - desc: "peering.enabled defaults to true", - args: []string{ - `-data-dir=` + dataDir, - }, - expected: func(rt *RuntimeConfig) { - rt.DataDir = dataDir - rt.PeeringEnabled = true - }, - }) } func (tc testCase) run(format string, dataDir string) func(t *testing.T) { diff --git a/agent/consul/config.go b/agent/consul/config.go index 469ccc91912..9c9a56429d1 100644 --- a/agent/consul/config.go +++ b/agent/consul/config.go @@ -515,8 +515,6 @@ func DefaultConfig() *Config { DefaultQueryTime: 300 * time.Second, MaxQueryTime: 600 * time.Second, - PeeringEnabled: true, - EnterpriseConfig: DefaultEnterpriseConfig(), } diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index b9f9cc4f147..35bbe720e27 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -179,6 +179,7 @@ func testServerConfig(t *testing.T) (string, *Config) { "IntermediateCertTTL": "288h", }, } + config.PeeringEnabled = true return dir, config } diff --git a/agent/rpc/peering/service_test.go b/agent/rpc/peering/service_test.go index a4acd945e03..54770d6a616 100644 --- a/agent/rpc/peering/service_test.go +++ b/agent/rpc/peering/service_test.go @@ -1283,6 +1283,7 @@ func newTestServer(t *testing.T, cb func(conf *consul.Config)) testingServer { ports := freeport.GetN(t, 4) // {rpc, serf_lan, serf_wan, grpc} + conf.PeeringEnabled = true conf.Bootstrap = true conf.Datacenter = "dc1" conf.DataDir = dir diff --git a/agent/testagent.go b/agent/testagent.go index 6b1c2ed518a..d60090db76e 100644 --- a/agent/testagent.go +++ b/agent/testagent.go @@ -138,6 +138,9 @@ func TestConfigHCL(nodeID string) string { } performance { raft_multiplier = 1 + } + peering { + enabled = true }`, nodeID, connect.TestClusterID, ) } diff --git a/sdk/testutil/server.go b/sdk/testutil/server.go index 77fd90e8245..db5834c3a85 100644 --- a/sdk/testutil/server.go +++ b/sdk/testutil/server.go @@ -105,6 +105,7 @@ type TestServerConfig struct { Connect map[string]interface{} `json:"connect,omitempty"` EnableDebug bool `json:"enable_debug,omitempty"` SkipLeaveOnInt bool `json:"skip_leave_on_interrupt"` + Peering *TestPeeringConfig `json:"peering,omitempty"` ReadyTimeout time.Duration `json:"-"` StopTimeout time.Duration `json:"-"` Stdout io.Writer `json:"-"` @@ -139,6 +140,10 @@ type TestTokens struct { AgentRecovery string `json:"agent_master,omitempty"` } +type TestPeeringConfig struct { + Enabled bool `json:"enabled,omitempty"` +} + // ServerConfigCallback is a function interface which can be // passed to NewTestServerConfig to modify the server config. type ServerConfigCallback func(c *TestServerConfig) @@ -192,8 +197,9 @@ func defaultServerConfig(t TestingTB) *TestServerConfig { ReturnPorts: func() { freeport.Return(ports) }, - Stdout: logBuffer, - Stderr: logBuffer, + Stdout: logBuffer, + Stderr: logBuffer, + Peering: &TestPeeringConfig{Enabled: true}, } } diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl index 68265638f9c..f81ab0edd6e 100644 --- a/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl +++ b/test/integration/connect/envoy/case-cross-peers-http-router/alpha/base.hcl @@ -1,2 +1,5 @@ primary_datacenter = "alpha" log_level = "trace" +peering { + enabled = true +} diff --git a/test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl new file mode 100644 index 00000000000..c1e134d5a25 --- /dev/null +++ b/test/integration/connect/envoy/case-cross-peers-http-router/primary/base.hcl @@ -0,0 +1,3 @@ +peering { + enabled = true +} diff --git a/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl index 68265638f9c..f81ab0edd6e 100644 --- a/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl +++ b/test/integration/connect/envoy/case-cross-peers-http/alpha/base.hcl @@ -1,2 +1,5 @@ primary_datacenter = "alpha" log_level = "trace" +peering { + enabled = true +} diff --git a/test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl new file mode 100644 index 00000000000..c1e134d5a25 --- /dev/null +++ b/test/integration/connect/envoy/case-cross-peers-http/primary/base.hcl @@ -0,0 +1,3 @@ +peering { + enabled = true +} diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl index 68265638f9c..f81ab0edd6e 100644 --- a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl +++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/alpha/base.hcl @@ -1,2 +1,5 @@ primary_datacenter = "alpha" log_level = "trace" +peering { + enabled = true +} diff --git a/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl new file mode 100644 index 00000000000..c1e134d5a25 --- /dev/null +++ b/test/integration/connect/envoy/case-cross-peers-resolver-redirect-tcp/primary/base.hcl @@ -0,0 +1,3 @@ +peering { + enabled = true +} diff --git a/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl b/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl index 68265638f9c..f81ab0edd6e 100644 --- a/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl +++ b/test/integration/connect/envoy/case-cross-peers/alpha/base.hcl @@ -1,2 +1,5 @@ primary_datacenter = "alpha" log_level = "trace" +peering { + enabled = true +} diff --git a/test/integration/connect/envoy/case-cross-peers/primary/base.hcl b/test/integration/connect/envoy/case-cross-peers/primary/base.hcl new file mode 100644 index 00000000000..c1e134d5a25 --- /dev/null +++ b/test/integration/connect/envoy/case-cross-peers/primary/base.hcl @@ -0,0 +1,3 @@ +peering { + enabled = true +} diff --git a/website/content/docs/agent/config/config-files.mdx b/website/content/docs/agent/config/config-files.mdx index c886775084b..5c4f7b909d9 100644 --- a/website/content/docs/agent/config/config-files.mdx +++ b/website/content/docs/agent/config/config-files.mdx @@ -555,7 +555,7 @@ Valid time units are 'ns', 'us' (or 'µs'), 'ms', 's', 'm', 'h'." The following sub-keys are available: - - `enabled` ((#peering_enabled)) (Defaults to `true`) Controls whether cluster peering is enabled. + - `enabled` ((#peering_enabled)) (Defaults to `false`) Controls whether cluster peering is enabled. When disabled, the UI won't show peering, all peering APIs will return an error, any peerings stored in Consul already will be ignored (but they will not be deleted), and all peering connections from other clusters will be rejected. This was added in Consul 1.13.0.