Fix to not create a watch to Internal.ServiceDump when mesh gateway is not used

.changelog/20168.txt

@@ -0,0 +1,7 @@
+```release-note:enhancement
+ProxyCfg: avoid setting a watch on `Internal.ServiceDump` when mesh gateway is not used.
+```
+
+```release-note:enhancement
+ProxyCfg: only return the nodes list when querying the `Internal.ServiceDump` watch from proxycfg
+```

agent/consul/internal_endpoint.go

@@ -197,56 +197,58 @@ func (m *Internal) ServiceDump(args *structs.ServiceDumpRequest, reply *structs.
 				}
 				reply.Nodes = nodes
 
-				// get a list of all peerings
-				index, listedPeerings, err := state.PeeringList(ws, args.EnterpriseMeta)
-				if err != nil {
-					return fmt.Errorf("could not list peers for service dump %w", err)
-				}
-
-				if index > maxIndex {
-					maxIndex = index
-				}
-
-				for _, p := range listedPeerings {
-					// Note we fetch imported services with wildcard namespace because imported services' namespaces
-					// are in a different locality; regardless of our local namespace, we return all imported services
-					// of the local partition.
-					index, importedNodes, err := state.ServiceDump(ws, args.ServiceKind, args.UseServiceKind, args.EnterpriseMeta.WithWildcardNamespace(), p.Name)
+				if !args.NodesOnly {
+					// get a list of all peerings
+					index, listedPeerings, err := state.PeeringList(ws, args.EnterpriseMeta)
 					if err != nil {
-						return fmt.Errorf("could not get a service dump for peer %q: %w", p.Name, err)
+						return fmt.Errorf("could not list peers for service dump %w", err)
 					}
 
 					if index > maxIndex {
 						maxIndex = index
 					}
-					reply.ImportedNodes = append(reply.ImportedNodes, importedNodes...)
-				}
 
-				// Get, store, and filter gateway services
-				idx, gatewayServices, err := state.DumpGatewayServices(ws)
-				if err != nil {
-					return err
-				}
-				reply.Gateways = gatewayServices
+					for _, p := range listedPeerings {
+						// Note we fetch imported services with wildcard namespace because imported services' namespaces
+						// are in a different locality; regardless of our local namespace, we return all imported services
+						// of the local partition.
+						index, importedNodes, err := state.ServiceDump(ws, args.ServiceKind, args.UseServiceKind, args.EnterpriseMeta.WithWildcardNamespace(), p.Name)
+						if err != nil {
+							return fmt.Errorf("could not get a service dump for peer %q: %w", p.Name, err)
+						}
+
+						if index > maxIndex {
+							maxIndex = index
+						}
+						reply.ImportedNodes = append(reply.ImportedNodes, importedNodes...)
+					}
+
+					// Get, store, and filter gateway services
+					idx, gatewayServices, err := state.DumpGatewayServices(ws)
+					if err != nil {
+						return err
+					}
+					reply.Gateways = gatewayServices
 
-				if idx > maxIndex {
-					maxIndex = idx
+					if idx > maxIndex {
+						maxIndex = idx
+					}
 				}
 				reply.Index = maxIndex
-
 				raw, err := filter.Execute(reply.Nodes)
 				if err != nil {
 					return fmt.Errorf("could not filter local service dump: %w", err)
 				}
 				reply.Nodes = raw.(structs.CheckServiceNodes)
 			}
 
-			importedRaw, err := filter.Execute(reply.ImportedNodes)
-			if err != nil {
-				return fmt.Errorf("could not filter peer service dump: %w", err)
+			if !args.NodesOnly {
+				importedRaw, err := filter.Execute(reply.ImportedNodes)
+				if err != nil {
+					return fmt.Errorf("could not filter peer service dump: %w", err)
+				}
+				reply.ImportedNodes = importedRaw.(structs.CheckServiceNodes)
 			}
-			reply.ImportedNodes = importedRaw.(structs.CheckServiceNodes)
-
 			// Note: we filter the results with ACLs *after* applying the user-supplied
 			// bexpr filter, to ensure QueryMeta.ResultsFilteredByACLs does not include
 			// results that would be filtered out even if the user did have permission.

agent/consul/internal_endpoint_test.go

@@ -1779,10 +1779,11 @@ func TestInternal_ServiceDump_Peering(t *testing.T) {
 	// prep the cluster with some data we can use in our filters
 	registerTestCatalogEntries(t, codec)
 
-	doRequest := func(t *testing.T, filter string) structs.IndexedNodesWithGateways {
+	doRequest := func(t *testing.T, filter string, onlyNodes bool) structs.IndexedNodesWithGateways {
 		t.Helper()
-		args := structs.DCSpecificRequest{
+		args := structs.ServiceDumpRequest{
 			QueryOptions: structs.QueryOptions{Filter: filter},
+			NodesOnly:    onlyNodes,
 		}
 
 		var out structs.IndexedNodesWithGateways
@@ -1792,7 +1793,7 @@ func TestInternal_ServiceDump_Peering(t *testing.T) {
 	}
 
 	t.Run("No peerings", func(t *testing.T) {
-		nodes := doRequest(t, "")
+		nodes := doRequest(t, "", false)
 		// redis (3), web (3), critical (1), warning (1) and consul (1)
 		require.Len(t, nodes.Nodes, 9)
 		require.Len(t, nodes.ImportedNodes, 0)
@@ -1809,19 +1810,27 @@ func TestInternal_ServiceDump_Peering(t *testing.T) {
 	require.NoError(t, err)
 
 	t.Run("peerings", func(t *testing.T) {
-		nodes := doRequest(t, "")
+		nodes := doRequest(t, "", false)
 		// redis (3), web (3), critical (1), warning (1) and consul (1)
 		require.Len(t, nodes.Nodes, 9)
 		// service (1)
 		require.Len(t, nodes.ImportedNodes, 1)
 	})
 
+	t.Run("peerings onlynodes", func(t *testing.T) {
+		nodes := doRequest(t, "", true)
+		// redis (3), web (3), critical (1), warning (1) and consul (1)
+		require.Len(t, nodes.Nodes, 9)
+		// service (1)
+		require.Len(t, nodes.ImportedNodes, 0)
+	})
+
 	t.Run("peerings w filter", func(t *testing.T) {
-		nodes := doRequest(t, "Node.PeerName == foo")
+		nodes := doRequest(t, "Node.PeerName == foo", false)
 		require.Len(t, nodes.Nodes, 0)
 		require.Len(t, nodes.ImportedNodes, 0)
 
-		nodes2 := doRequest(t, "Node.PeerName == peer1")
+		nodes2 := doRequest(t, "Node.PeerName == peer1", false)
 		require.Len(t, nodes2.Nodes, 0)
 		require.Len(t, nodes2.ImportedNodes, 1)
 	})

agent/proxycfg/mesh_gateway.go

@@ -295,6 +295,7 @@ func (s *handlerMeshGateway) handleUpdate(ctx context.Context, u UpdateEvent, sn
 					QueryOptions:   structs.QueryOptions{Token: s.token},
 					ServiceKind:    structs.ServiceKindMeshGateway,
 					UseServiceKind: true,
+					NodesOnly:      true,
 					Source:         *s.source,
 					EnterpriseMeta: *entMeta,
 				}, fmt.Sprintf("mesh-gateway:%s", gk.String()), s.ch)

agent/proxycfg/state.go

@@ -544,6 +544,7 @@ func watchMeshGateway(ctx context.Context, opts gatewayWatchOpts) error {
 		QueryOptions:   structs.QueryOptions{Token: opts.token},
 		ServiceKind:    structs.ServiceKindMeshGateway,
 		UseServiceKind: true,
+		NodesOnly:      true,
 		Source:         opts.source,
 		EnterpriseMeta: *structs.DefaultEnterpriseMetaInPartition(opts.key.Partition),
 	}, correlationId, opts.notifyCh)