From 622cd2b3747c54afcb7089f3235e5afb1936d291 Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Wed, 6 Mar 2024 21:53:55 +0000 Subject: [PATCH 1/6] backport of commit 3790378d7514ccc9695df68ab3a402a59ed67bc0 --- agent/consul/state/catalog.go | 17 +++++------ agent/consul/state/catalog_test.go | 40 ++++++++++++++++++++++++++ agent/proxycfg/snapshot.go | 5 ++++ agent/proxycfg/terminating_gateway.go | 1 + agent/structs/config_entry_gateways.go | 4 +++ agent/xds/routes.go | 5 ++-- api/config_entry_gateways.go | 3 ++ 7 files changed, 65 insertions(+), 10 deletions(-) diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go index b89f2c727ea..ce40fda3e0e 100644 --- a/agent/consul/state/catalog.go +++ b/agent/consul/state/catalog.go @@ -3757,14 +3757,15 @@ func terminatingConfigGatewayServices( return false, nil, fmt.Errorf("failed to get gateway service kind for service %s: %v", svc.Name, err) } mapping := &structs.GatewayService{ - Gateway: gateway, - Service: structs.NewServiceName(svc.Name, &svc.EnterpriseMeta), - GatewayKind: structs.ServiceKindTerminatingGateway, - KeyFile: svc.KeyFile, - CertFile: svc.CertFile, - CAFile: svc.CAFile, - SNI: svc.SNI, - ServiceKind: kind, + Gateway: gateway, + Service: structs.NewServiceName(svc.Name, &svc.EnterpriseMeta), + GatewayKind: structs.ServiceKindTerminatingGateway, + KeyFile: svc.KeyFile, + CertFile: svc.CertFile, + CAFile: svc.CAFile, + SNI: svc.SNI, + ServiceKind: kind, + AutoHostRewrite: !svc.DisableAutoHostRewrite, } gatewayServices = append(gatewayServices, mapping) diff --git a/agent/consul/state/catalog_test.go b/agent/consul/state/catalog_test.go index f18b9beae84..f85844909e1 100644 --- a/agent/consul/state/catalog_test.go +++ b/agent/consul/state/catalog_test.go @@ -9089,3 +9089,43 @@ func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) } } + +func Test_terminatingConfigGatewayServices(t *testing.T) { + s := testConfigStateStore(t) + + cfg := &structs.TerminatingGatewayConfigEntry{ + Kind: structs.TerminatingGateway, + Name: "terminating-gateway", + Services: []structs.LinkedService{ + { + Name: "service-default-behavior", + }, + { + Name: "service-disabled-behavior", + DisableAutoHostRewrite: true, + }, + }, + } + + expected := structs.GatewayServices{ + &structs.GatewayService{ + Gateway: structs.ServiceName{Name: "terminating-gateway"}, + Service: structs.ServiceName{Name: "service-default-behavior"}, + GatewayKind: "terminating-gateway", + AutoHostRewrite: true, + }, + &structs.GatewayService{ + Gateway: structs.ServiceName{Name: "terminating-gateway"}, + Service: structs.ServiceName{Name: "service-disabled-behavior"}, + GatewayKind: "terminating-gateway", + AutoHostRewrite: false, + }, + } + + txn := s.db.Txn(false) + + _, services, err := terminatingConfigGatewayServices(txn, structs.ServiceName{Name: "terminating-gateway"}, cfg, nil) + require.NoError(t, err) + require.Equal(t, services, expected) + +} diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go index 8f407c1afcd..68769467df6 100644 --- a/agent/proxycfg/snapshot.go +++ b/agent/proxycfg/snapshot.go @@ -220,6 +220,11 @@ type configSnapshotTerminatingGateway struct { // a service altogether we then cancel watching that service for its endpoints. WatchedServices map[structs.ServiceName]context.CancelFunc + // AutoHostRewriteServices is a map of service name to a bool that determines + // if the terminating gateway service should auto rewrite the host + // header before forwarding the request. + AutoHostRewriteServices map[structs.ServiceName]bool + // WatchedIntentions is a map of service name to a cancel function. // This cancel function is tied to the watch of intentions for linked services. // As with WatchedServices, intention watches will be cancelled when services diff --git a/agent/proxycfg/terminating_gateway.go b/agent/proxycfg/terminating_gateway.go index a465808390a..a164c43419f 100644 --- a/agent/proxycfg/terminating_gateway.go +++ b/agent/proxycfg/terminating_gateway.go @@ -57,6 +57,7 @@ func (s *handlerTerminatingGateway) initialize(ctx context.Context) (ConfigSnaps } snap.TerminatingGateway.WatchedServices = make(map[structs.ServiceName]context.CancelFunc) + snap.TerminatingGateway.AutoHostRewriteServices = make(map[structs.ServiceName]bool) snap.TerminatingGateway.WatchedIntentions = make(map[structs.ServiceName]context.CancelFunc) snap.TerminatingGateway.Intentions = make(map[structs.ServiceName]structs.SimplifiedIntentions) snap.TerminatingGateway.WatchedLeaves = make(map[structs.ServiceName]context.CancelFunc) diff --git a/agent/structs/config_entry_gateways.go b/agent/structs/config_entry_gateways.go index e3ccfbbb35d..7f3af219323 100644 --- a/agent/structs/config_entry_gateways.go +++ b/agent/structs/config_entry_gateways.go @@ -518,6 +518,9 @@ type LinkedService struct { // SNI is the optional name to specify during the TLS handshake with a linked service SNI string `json:",omitempty"` + //DisableAutoHostRewrite disables terminating gateways auto host rewrite feature when set to true. + DisableAutoHostRewrite bool `json:",omitempty"` + acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"` } @@ -668,6 +671,7 @@ type GatewayService struct { FromWildcard bool `json:",omitempty"` ServiceKind GatewayServiceKind `json:",omitempty"` RaftIndex + AutoHostRewrite bool `json:",omitempty"` } type GatewayServices []*GatewayService diff --git a/agent/xds/routes.go b/agent/xds/routes.go index 3d05e2a21ad..4c124ae081d 100644 --- a/agent/xds/routes.go +++ b/agent/xds/routes.go @@ -158,11 +158,12 @@ func (s *ResourceGenerator) routesForTerminatingGateway(cfgSnap *proxycfg.Config "error", err, ) } + autoHostRewrite := cfgSnap.TerminatingGateway.AutoHostRewriteServices[svc] if !structs.IsProtocolHTTPLike(cfg.Protocol) { // Routes can only be defined for HTTP services continue } - routes, err := s.makeRoutes(cfgSnap, svc, clusterName, true) + routes, err := s.makeRoutes(cfgSnap, svc, clusterName, autoHostRewrite) if err != nil { return nil, err } @@ -231,7 +232,7 @@ func (s *ResourceGenerator) makeRoutes( // If there is a service-resolver for this service then also setup routes for each subset for name := range resolver.Subsets { clusterName = connect.ServiceSNI(svc.Name, name, svc.NamespaceOrDefault(), svc.PartitionOrDefault(), cfgSnap.Datacenter, cfgSnap.Roots.TrustDomain) - route, err := makeNamedDefaultRouteWithLB(clusterName, lb, resolver.RequestTimeout, true) + route, err := makeNamedDefaultRouteWithLB(clusterName, lb, resolver.RequestTimeout, autoHostRewrite) if err != nil { s.Logger.Error("failed to make route", "cluster", clusterName, "error", err) return nil, err diff --git a/api/config_entry_gateways.go b/api/config_entry_gateways.go index baf274e2da0..ba2bac19efe 100644 --- a/api/config_entry_gateways.go +++ b/api/config_entry_gateways.go @@ -195,6 +195,9 @@ type TerminatingGatewayConfigEntry struct { type LinkedService struct { // Referencing other partitions is not supported. + //DisableAutoHostRewrite disables terminating gateways auto host rewrite feature when set to true. + DisableAutoHostRewrite bool `json:",omitempty"` + // Namespace is where the service is registered. Namespace string `json:",omitempty"` From ff190292f93a8d21af8da982131be117bc7833a9 Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Wed, 6 Mar 2024 22:08:17 +0000 Subject: [PATCH 2/6] backport of commit bad1b43b736b439e2a550a26a09e9b2a6360034f --- .changelog/20802.txt | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .changelog/20802.txt diff --git a/.changelog/20802.txt b/.changelog/20802.txt new file mode 100644 index 00000000000..16a8267b5ff --- /dev/null +++ b/.changelog/20802.txt @@ -0,0 +1,3 @@ +```release-note:improvement +connect: Add ability to disable Auto Host Header Rewrite on Terminating Gateway at the service level +``` \ No newline at end of file From 92399d9aba385f9a604a87414ffe8c1df2e50c09 Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Wed, 6 Mar 2024 22:41:16 +0000 Subject: [PATCH 3/6] backport of commit 542c9d8da78fe35c335627161c6da4346784d6b4 --- agent/proxycfg/snapshot.go | 5 -- agent/proxycfg/terminating_gateway.go | 1 - agent/proxycfg/testing_terminating_gateway.go | 77 +++++++++++-------- agent/xds/routes.go | 3 +- 4 files changed, 47 insertions(+), 39 deletions(-) diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go index 68769467df6..8f407c1afcd 100644 --- a/agent/proxycfg/snapshot.go +++ b/agent/proxycfg/snapshot.go @@ -220,11 +220,6 @@ type configSnapshotTerminatingGateway struct { // a service altogether we then cancel watching that service for its endpoints. WatchedServices map[structs.ServiceName]context.CancelFunc - // AutoHostRewriteServices is a map of service name to a bool that determines - // if the terminating gateway service should auto rewrite the host - // header before forwarding the request. - AutoHostRewriteServices map[structs.ServiceName]bool - // WatchedIntentions is a map of service name to a cancel function. // This cancel function is tied to the watch of intentions for linked services. // As with WatchedServices, intention watches will be cancelled when services diff --git a/agent/proxycfg/terminating_gateway.go b/agent/proxycfg/terminating_gateway.go index a164c43419f..a465808390a 100644 --- a/agent/proxycfg/terminating_gateway.go +++ b/agent/proxycfg/terminating_gateway.go @@ -57,7 +57,6 @@ func (s *handlerTerminatingGateway) initialize(ctx context.Context) (ConfigSnaps } snap.TerminatingGateway.WatchedServices = make(map[structs.ServiceName]context.CancelFunc) - snap.TerminatingGateway.AutoHostRewriteServices = make(map[structs.ServiceName]bool) snap.TerminatingGateway.WatchedIntentions = make(map[structs.ServiceName]context.CancelFunc) snap.TerminatingGateway.Intentions = make(map[structs.ServiceName]structs.SimplifiedIntentions) snap.TerminatingGateway.WatchedLeaves = make(map[structs.ServiceName]context.CancelFunc) diff --git a/agent/proxycfg/testing_terminating_gateway.go b/agent/proxycfg/testing_terminating_gateway.go index 4b4f086e6e0..8fb02ffe67c 100644 --- a/agent/proxycfg/testing_terminating_gateway.go +++ b/agent/proxycfg/testing_terminating_gateway.go @@ -160,20 +160,24 @@ func TestConfigSnapshotTerminatingGateway(t testing.T, populateServices bool, ns tgtwyServices = append(tgtwyServices, &structs.GatewayService{ - Service: web, - CAFile: "ca.cert.pem", + Service: web, + CAFile: "ca.cert.pem", + AutoHostRewrite: true, }, &structs.GatewayService{ - Service: api, - CAFile: "ca.cert.pem", - CertFile: "api.cert.pem", - KeyFile: "api.key.pem", + Service: api, + CAFile: "ca.cert.pem", + CertFile: "api.cert.pem", + KeyFile: "api.key.pem", + AutoHostRewrite: true, }, &structs.GatewayService{ - Service: db, + Service: db, + AutoHostRewrite: true, }, &structs.GatewayService{ - Service: cache, + Service: cache, + AutoHostRewrite: true, }, ) @@ -359,26 +363,31 @@ func TestConfigSnapshotTerminatingGatewayDestinations(t testing.T, populateDesti if populateDestinations { tgtwyServices = append(tgtwyServices, &structs.GatewayService{ - Service: externalIPTCP, - ServiceKind: structs.GatewayServiceKindDestination, + Service: externalIPTCP, + ServiceKind: structs.GatewayServiceKindDestination, + AutoHostRewrite: true, }, &structs.GatewayService{ - Service: externalHostnameTCP, - ServiceKind: structs.GatewayServiceKindDestination, + Service: externalHostnameTCP, + ServiceKind: structs.GatewayServiceKindDestination, + AutoHostRewrite: true, }, &structs.GatewayService{ - Service: externalIPHTTP, - ServiceKind: structs.GatewayServiceKindDestination, + Service: externalIPHTTP, + ServiceKind: structs.GatewayServiceKindDestination, + AutoHostRewrite: true, }, &structs.GatewayService{ - Service: externalHostnameHTTP, - ServiceKind: structs.GatewayServiceKindDestination, + Service: externalHostnameHTTP, + ServiceKind: structs.GatewayServiceKindDestination, + AutoHostRewrite: true, }, &structs.GatewayService{ - Service: externalHostnameWithSNI, - ServiceKind: structs.GatewayServiceKindDestination, - CAFile: "cert.pem", - SNI: "api.test.com", + Service: externalHostnameWithSNI, + ServiceKind: structs.GatewayServiceKindDestination, + CAFile: "cert.pem", + SNI: "api.test.com", + AutoHostRewrite: true, }, ) @@ -713,16 +722,18 @@ func TestConfigSnapshotTerminatingGatewaySNI(t testing.T) *ConfigSnapshot { Result: &structs.IndexedGatewayServices{ Services: []*structs.GatewayService{ { - Service: structs.NewServiceName("web", nil), - CAFile: "ca.cert.pem", - SNI: "foo.com", + Service: structs.NewServiceName("web", nil), + CAFile: "ca.cert.pem", + SNI: "foo.com", + AutoHostRewrite: true, }, { - Service: structs.NewServiceName("api", nil), - CAFile: "ca.cert.pem", - CertFile: "api.cert.pem", - KeyFile: "api.key.pem", - SNI: "bar.com", + Service: structs.NewServiceName("api", nil), + CAFile: "ca.cert.pem", + CertFile: "api.cert.pem", + KeyFile: "api.key.pem", + SNI: "bar.com", + AutoHostRewrite: true, }, }, }, @@ -739,8 +750,9 @@ func TestConfigSnapshotTerminatingGatewayHTTP2(t testing.T) *ConfigSnapshot { Result: &structs.IndexedGatewayServices{ Services: []*structs.GatewayService{ { - Service: web, - CAFile: "ca.cert.pem", + Service: web, + CAFile: "ca.cert.pem", + AutoHostRewrite: true, }, }, }, @@ -799,8 +811,9 @@ func TestConfigSnapshotTerminatingGatewaySubsetsHTTP2(t testing.T) *ConfigSnapsh Result: &structs.IndexedGatewayServices{ Services: []*structs.GatewayService{ { - Service: web, - CAFile: "ca.cert.pem", + Service: web, + CAFile: "ca.cert.pem", + AutoHostRewrite: true, }, }, }, diff --git a/agent/xds/routes.go b/agent/xds/routes.go index 4c124ae081d..41309b674e8 100644 --- a/agent/xds/routes.go +++ b/agent/xds/routes.go @@ -158,7 +158,8 @@ func (s *ResourceGenerator) routesForTerminatingGateway(cfgSnap *proxycfg.Config "error", err, ) } - autoHostRewrite := cfgSnap.TerminatingGateway.AutoHostRewriteServices[svc] + service := cfgSnap.TerminatingGateway.GatewayServices[svc] + autoHostRewrite := service.AutoHostRewrite if !structs.IsProtocolHTTPLike(cfg.Protocol) { // Routes can only be defined for HTTP services continue From a9f37256a41ba3d5befe3dda2d3448251082fdb1 Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Thu, 7 Mar 2024 17:02:57 +0000 Subject: [PATCH 4/6] backport of commit 7eeb5949599cb18d048c4bc149552d50f84a7307 --- .../docs/connect/config-entries/terminating-gateway.mdx | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/website/content/docs/connect/config-entries/terminating-gateway.mdx b/website/content/docs/connect/config-entries/terminating-gateway.mdx index 36b1a2dc207..4512cf1a814 100644 --- a/website/content/docs/connect/config-entries/terminating-gateway.mdx +++ b/website/content/docs/connect/config-entries/terminating-gateway.mdx @@ -679,6 +679,12 @@ spec: `An optional hostname or domain name to specify during the TLS handshake. This option will also configure [strict SAN matching](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#envoy-v3-api-field-extensions-transport-sockets-tls-v3-certificatevalidationcontext-match-typed-subject-alt-names), which requires the external services to have certificates with SANs, not having which will result in \`CERTIFICATE_VERIFY_FAILED\` error.`, }, + { + name: 'DisableAutoHostRewrite', + type: 'bool: ""', + description: + 'When set to true, Terminating Gateway will not modify the incoming requests host header for this service.', + }, ], }, ]} From 0e80ed50739539a870b99621f5a3e404cb7b2899 Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Tue, 12 Mar 2024 19:53:29 +0000 Subject: [PATCH 5/6] backport of commit 11e4a74762c37d883975830601628eb1e6fc6526 --- agent/catalog_endpoint_test.go | 43 +++++---- agent/consul/catalog_endpoint_test.go | 27 +++--- agent/consul/internal_endpoint_test.go | 31 +++--- agent/consul/state/catalog_test.go | 123 ++++++++++++------------ agent/consul/state/config_entry_test.go | 3 + agent/structs/config_entry_gateways.go | 17 ++-- 6 files changed, 126 insertions(+), 118 deletions(-) diff --git a/agent/catalog_endpoint_test.go b/agent/catalog_endpoint_test.go index 10b1c8b887b..5a5b2433d50 100644 --- a/agent/catalog_endpoint_test.go +++ b/agent/catalog_endpoint_test.go @@ -1938,11 +1938,12 @@ func TestCatalog_GatewayServices_Terminating(t *testing.T) { SNI: "my-domain", }, { - Name: "*", - CAFile: "ca.crt", - CertFile: "client.crt", - KeyFile: "client.key", - SNI: "my-alt-domain", + Name: "*", + CAFile: "ca.crt", + CertFile: "client.crt", + KeyFile: "client.key", + SNI: "my-alt-domain", + DisableAutoHostRewrite: true, }, }, }, @@ -1965,23 +1966,25 @@ func TestCatalog_GatewayServices_Terminating(t *testing.T) { expect := structs.GatewayServices{ { - Service: structs.NewServiceName("api", nil), - Gateway: structs.NewServiceName("terminating", nil), - GatewayKind: structs.ServiceKindTerminatingGateway, - CAFile: "api/ca.crt", - CertFile: "api/client.crt", - KeyFile: "api/client.key", - SNI: "my-domain", + Service: structs.NewServiceName("api", nil), + Gateway: structs.NewServiceName("terminating", nil), + GatewayKind: structs.ServiceKindTerminatingGateway, + CAFile: "api/ca.crt", + CertFile: "api/client.crt", + KeyFile: "api/client.key", + SNI: "my-domain", + AutoHostRewrite: true, }, { - Service: structs.NewServiceName("redis", nil), - Gateway: structs.NewServiceName("terminating", nil), - GatewayKind: structs.ServiceKindTerminatingGateway, - CAFile: "ca.crt", - CertFile: "client.crt", - KeyFile: "client.key", - SNI: "my-alt-domain", - FromWildcard: true, + Service: structs.NewServiceName("redis", nil), + Gateway: structs.NewServiceName("terminating", nil), + GatewayKind: structs.ServiceKindTerminatingGateway, + CAFile: "ca.crt", + CertFile: "client.crt", + KeyFile: "client.key", + SNI: "my-alt-domain", + FromWildcard: true, + AutoHostRewrite: false, }, } diff --git a/agent/consul/catalog_endpoint_test.go b/agent/consul/catalog_endpoint_test.go index 628ad83ae4d..8c7b9827aa4 100644 --- a/agent/consul/catalog_endpoint_test.go +++ b/agent/consul/catalog_endpoint_test.go @@ -3345,10 +3345,11 @@ func TestCatalog_GatewayServices_BothGateways(t *testing.T) { expect := structs.GatewayServices{ { - Service: structs.NewServiceName("api", nil), - Gateway: structs.NewServiceName("gateway", nil), - GatewayKind: structs.ServiceKindTerminatingGateway, - ServiceKind: structs.GatewayServiceKindService, + Service: structs.NewServiceName("api", nil), + Gateway: structs.NewServiceName("gateway", nil), + GatewayKind: structs.ServiceKindTerminatingGateway, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, } @@ -3568,16 +3569,18 @@ service "gateway" { expect := structs.GatewayServices{ { - Service: structs.NewServiceName("db", nil), - Gateway: structs.NewServiceName("gateway", nil), - GatewayKind: structs.ServiceKindTerminatingGateway, - ServiceKind: structs.GatewayServiceKindService, + Service: structs.NewServiceName("db", nil), + Gateway: structs.NewServiceName("gateway", nil), + GatewayKind: structs.ServiceKindTerminatingGateway, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, { - Service: structs.NewServiceName("db_replica", nil), - Gateway: structs.NewServiceName("gateway", nil), - GatewayKind: structs.ServiceKindTerminatingGateway, - ServiceKind: structs.GatewayServiceKindUnknown, + Service: structs.NewServiceName("db_replica", nil), + Gateway: structs.NewServiceName("gateway", nil), + GatewayKind: structs.ServiceKindTerminatingGateway, + ServiceKind: structs.GatewayServiceKindUnknown, + AutoHostRewrite: true, }, } diff --git a/agent/consul/internal_endpoint_test.go b/agent/consul/internal_endpoint_test.go index a7f13281014..e4b9a14b700 100644 --- a/agent/consul/internal_endpoint_test.go +++ b/agent/consul/internal_endpoint_test.go @@ -1217,10 +1217,11 @@ func TestInternal_GatewayServiceDump_Terminating(t *testing.T) { }, }, GatewayService: &structs.GatewayService{ - Gateway: structs.NewServiceName("terminating-gateway", nil), - Service: structs.NewServiceName("db", nil), - GatewayKind: "terminating-gateway", - ServiceKind: structs.GatewayServiceKindService, + Gateway: structs.NewServiceName("terminating-gateway", nil), + Service: structs.NewServiceName("db", nil), + GatewayKind: "terminating-gateway", + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, }, { @@ -1251,21 +1252,23 @@ func TestInternal_GatewayServiceDump_Terminating(t *testing.T) { }, }, GatewayService: &structs.GatewayService{ - Gateway: structs.NewServiceName("terminating-gateway", nil), - Service: structs.NewServiceName("db", nil), - GatewayKind: "terminating-gateway", - ServiceKind: structs.GatewayServiceKindService, + Gateway: structs.NewServiceName("terminating-gateway", nil), + Service: structs.NewServiceName("db", nil), + GatewayKind: "terminating-gateway", + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, }, { // Only GatewayService should be returned when linked service isn't registered GatewayService: &structs.GatewayService{ - Gateway: structs.NewServiceName("terminating-gateway", nil), - Service: structs.NewServiceName("redis", nil), - GatewayKind: "terminating-gateway", - CAFile: "/etc/certs/ca.pem", - CertFile: "/etc/certs/cert.pem", - KeyFile: "/etc/certs/key.pem", + Gateway: structs.NewServiceName("terminating-gateway", nil), + Service: structs.NewServiceName("redis", nil), + GatewayKind: "terminating-gateway", + CAFile: "/etc/certs/ca.pem", + CertFile: "/etc/certs/cert.pem", + KeyFile: "/etc/certs/key.pem", + AutoHostRewrite: true, }, }, } diff --git a/agent/consul/state/catalog_test.go b/agent/consul/state/catalog_test.go index f85844909e1..cef608bc1c5 100644 --- a/agent/consul/state/catalog_test.go +++ b/agent/consul/state/catalog_test.go @@ -5197,7 +5197,8 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("db", nil), @@ -5207,7 +5208,8 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -5241,7 +5243,8 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("db", nil), @@ -5251,7 +5254,8 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -5302,7 +5306,8 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 22, ModifyIndex: 22, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("db", nil), @@ -5312,7 +5317,8 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 22, ModifyIndex: 22, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -5340,7 +5346,8 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 22, ModifyIndex: 22, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("db", nil), @@ -5350,7 +5357,8 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 22, ModifyIndex: 22, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("redis", nil), @@ -5365,7 +5373,8 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 23, ModifyIndex: 23, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -5393,7 +5402,8 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 22, ModifyIndex: 22, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("db", nil), @@ -5403,7 +5413,8 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 22, ModifyIndex: 22, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -5435,7 +5446,8 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 25, ModifyIndex: 25, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -5467,6 +5479,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 26, ModifyIndex: 26, }, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("db", nil), @@ -5477,6 +5490,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 26, ModifyIndex: 26, }, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -5504,6 +5518,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 26, ModifyIndex: 26, }, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("db", nil), @@ -5514,6 +5529,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 26, ModifyIndex: 26, }, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("destination1", nil), @@ -5525,6 +5541,7 @@ func TestStateStore_GatewayServices_Terminating(t *testing.T) { CreateIndex: 27, ModifyIndex: 27, }, + AutoHostRewrite: true, }, } assert.ElementsMatch(t, expectWildcardIncludesDest, out) @@ -6018,7 +6035,8 @@ func TestStateStore_GatewayServices_ServiceDeletion(t *testing.T) { CreateIndex: 19, ModifyIndex: 19, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -6040,6 +6058,7 @@ func TestStateStore_GatewayServices_ServiceDeletion(t *testing.T) { CreateIndex: 20, ModifyIndex: 20, }, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("db", nil), @@ -6050,6 +6069,7 @@ func TestStateStore_GatewayServices_ServiceDeletion(t *testing.T) { CreateIndex: 20, ModifyIndex: 20, }, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -6077,6 +6097,7 @@ func TestStateStore_GatewayServices_ServiceDeletion(t *testing.T) { CreateIndex: 19, ModifyIndex: 20, }, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -6097,6 +6118,7 @@ func TestStateStore_GatewayServices_ServiceDeletion(t *testing.T) { CreateIndex: 20, ModifyIndex: 20, }, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -7016,6 +7038,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { // Read everything back. ws = memdb.NewWatchSet() idx, out, err := s.DumpGatewayServices(ws) + fmt.Println(out) assert.Nil(t, err) assert.Equal(t, idx, uint64(21)) assert.Len(t, out, 2) @@ -7033,7 +7056,8 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("db", nil), @@ -7043,7 +7067,8 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -7077,6 +7102,7 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { assert.False(t, watchFired(ws)) idx, out, err := s.DumpGatewayServices(ws) + fmt.Println(out) assert.Nil(t, err) assert.Equal(t, idx, uint64(21)) assert.Len(t, out, 2) @@ -7094,7 +7120,8 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("db", nil), @@ -7104,7 +7131,8 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -7134,7 +7162,8 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("db", nil), @@ -7144,7 +7173,8 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("redis", nil), @@ -7159,7 +7189,8 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 22, ModifyIndex: 22, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -7189,7 +7220,8 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("db", nil), @@ -7199,7 +7231,8 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 21, ModifyIndex: 21, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -7233,7 +7266,8 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 24, ModifyIndex: 24, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, } assert.Equal(t, expect, out) @@ -7291,7 +7325,8 @@ func TestStateStore_DumpGatewayServices(t *testing.T) { CreateIndex: 24, ModifyIndex: 24, }, - ServiceKind: structs.GatewayServiceKindService, + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, { Service: structs.NewServiceName("api", nil), @@ -9089,43 +9124,3 @@ func assertDeepEqual(t *testing.T, x, y interface{}, opts ...cmp.Option) { t.Fatalf("assertion failed: values are not equal\n--- expected\n+++ actual\n%v", diff) } } - -func Test_terminatingConfigGatewayServices(t *testing.T) { - s := testConfigStateStore(t) - - cfg := &structs.TerminatingGatewayConfigEntry{ - Kind: structs.TerminatingGateway, - Name: "terminating-gateway", - Services: []structs.LinkedService{ - { - Name: "service-default-behavior", - }, - { - Name: "service-disabled-behavior", - DisableAutoHostRewrite: true, - }, - }, - } - - expected := structs.GatewayServices{ - &structs.GatewayService{ - Gateway: structs.ServiceName{Name: "terminating-gateway"}, - Service: structs.ServiceName{Name: "service-default-behavior"}, - GatewayKind: "terminating-gateway", - AutoHostRewrite: true, - }, - &structs.GatewayService{ - Gateway: structs.ServiceName{Name: "terminating-gateway"}, - Service: structs.ServiceName{Name: "service-disabled-behavior"}, - GatewayKind: "terminating-gateway", - AutoHostRewrite: false, - }, - } - - txn := s.db.Txn(false) - - _, services, err := terminatingConfigGatewayServices(txn, structs.ServiceName{Name: "terminating-gateway"}, cfg, nil) - require.NoError(t, err) - require.Equal(t, services, expected) - -} diff --git a/agent/consul/state/config_entry_test.go b/agent/consul/state/config_entry_test.go index c1bd3e35def..f2794d50431 100644 --- a/agent/consul/state/config_entry_test.go +++ b/agent/consul/state/config_entry_test.go @@ -772,6 +772,7 @@ func TestStore_ServiceDefaults_Kind_Destination_Wildcard(t *testing.T) { CreateIndex: 8, ModifyIndex: 8, }, + AutoHostRewrite: true, }, } require.Equal(t, expected, gatewayServices) @@ -819,6 +820,7 @@ func TestStore_ServiceDefaults_Kind_Destination_Wildcard(t *testing.T) { CreateIndex: 7, ModifyIndex: 7, }, + AutoHostRewrite: true, }, } require.Equal(t, expected, gatewayServices) @@ -843,6 +845,7 @@ func TestStore_ServiceDefaults_Kind_Destination_Wildcard(t *testing.T) { CreateIndex: 7, ModifyIndex: 9, }, + AutoHostRewrite: true, }, } require.Equal(t, expected, gatewayServices) diff --git a/agent/structs/config_entry_gateways.go b/agent/structs/config_entry_gateways.go index 7f3af219323..a15b42a0139 100644 --- a/agent/structs/config_entry_gateways.go +++ b/agent/structs/config_entry_gateways.go @@ -719,14 +719,15 @@ func (g *GatewayService) Clone() *GatewayService { Port: g.Port, Protocol: g.Protocol, // See https://github.com/go101/go101/wiki/How-to-efficiently-clone-a-slice%3F - Hosts: append(g.Hosts[:0:0], g.Hosts...), - CAFile: g.CAFile, - CertFile: g.CertFile, - KeyFile: g.KeyFile, - SNI: g.SNI, - FromWildcard: g.FromWildcard, - RaftIndex: g.RaftIndex, - ServiceKind: g.ServiceKind, + Hosts: append(g.Hosts[:0:0], g.Hosts...), + CAFile: g.CAFile, + CertFile: g.CertFile, + KeyFile: g.KeyFile, + SNI: g.SNI, + FromWildcard: g.FromWildcard, + RaftIndex: g.RaftIndex, + ServiceKind: g.ServiceKind, + AutoHostRewrite: g.AutoHostRewrite, } } From 98aef5d1ff8e847f0555f2a5cb694de5762a203c Mon Sep 17 00:00:00 2001 From: Sarah Alsmiller Date: Tue, 12 Mar 2024 20:16:42 +0000 Subject: [PATCH 6/6] backport of commit 5bdf8b06cbb1d55d5d6e9d2184d75b0e9dd1a3a1 --- agent/consul/catalog_endpoint_test.go | 49 ++++++++++++++------------- 1 file changed, 26 insertions(+), 23 deletions(-) diff --git a/agent/consul/catalog_endpoint_test.go b/agent/consul/catalog_endpoint_test.go index 8c7b9827aa4..d1fb2a6e974 100644 --- a/agent/consul/catalog_endpoint_test.go +++ b/agent/consul/catalog_endpoint_test.go @@ -3187,33 +3187,36 @@ func TestCatalog_GatewayServices_TerminatingGateway(t *testing.T) { expect := structs.GatewayServices{ { - Service: structs.NewServiceName("api", nil), - Gateway: structs.NewServiceName("gateway", nil), - GatewayKind: structs.ServiceKindTerminatingGateway, - CAFile: "api/ca.crt", - CertFile: "api/client.crt", - KeyFile: "api/client.key", - SNI: "my-domain", - ServiceKind: structs.GatewayServiceKindService, + Service: structs.NewServiceName("api", nil), + Gateway: structs.NewServiceName("gateway", nil), + GatewayKind: structs.ServiceKindTerminatingGateway, + CAFile: "api/ca.crt", + CertFile: "api/client.crt", + KeyFile: "api/client.key", + SNI: "my-domain", + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, { - Service: structs.NewServiceName("db", nil), - Gateway: structs.NewServiceName("gateway", nil), - GatewayKind: structs.ServiceKindTerminatingGateway, - CAFile: "", - CertFile: "", - KeyFile: "", - ServiceKind: structs.GatewayServiceKindService, + Service: structs.NewServiceName("db", nil), + Gateway: structs.NewServiceName("gateway", nil), + GatewayKind: structs.ServiceKindTerminatingGateway, + CAFile: "", + CertFile: "", + KeyFile: "", + ServiceKind: structs.GatewayServiceKindService, + AutoHostRewrite: true, }, { - Service: structs.NewServiceName("redis", nil), - Gateway: structs.NewServiceName("gateway", nil), - GatewayKind: structs.ServiceKindTerminatingGateway, - CAFile: "ca.crt", - CertFile: "client.crt", - KeyFile: "client.key", - SNI: "my-alt-domain", - FromWildcard: true, + Service: structs.NewServiceName("redis", nil), + Gateway: structs.NewServiceName("gateway", nil), + GatewayKind: structs.ServiceKindTerminatingGateway, + CAFile: "ca.crt", + CertFile: "client.crt", + KeyFile: "client.key", + SNI: "my-alt-domain", + FromWildcard: true, + AutoHostRewrite: true, }, }