Skip to content

Commit

Permalink
Address review comments to Peering Acceptor and Dialer.
Browse files Browse the repository at this point in the history
  • Loading branch information
thisisnotashwin committed Jun 14, 2022
1 parent 9ecfff4 commit 485fd73
Show file tree
Hide file tree
Showing 30 changed files with 531 additions and 494 deletions.
18 changes: 10 additions & 8 deletions charts/consul/templates/connect-inject-clusterrole.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,14 +24,6 @@ rules:
- "get"
- "list"
- "watch"
- apiGroups: [ "" ]
resources: ["secrets"]
verbs:
- "get"
- "list"
- "watch"
- "create"
- "delete"
- apiGroups:
- coordination.k8s.io
resources:
Expand All @@ -52,6 +44,15 @@ rules:
- watch
- patch
{{- end }}
{{- if .Values.global.peering.enabled }}
- apiGroups: [ "" ]
resources: ["secrets"]
verbs:
- "get"
- "list"
- "watch"
- "create"
- "delete"
- apiGroups: ["consul.hashicorp.com"]
resources: ["peeringacceptors"]
verbs:
Expand Down Expand Up @@ -88,6 +89,7 @@ rules:
- get
- patch
- update
{{- end }}
{{- if .Values.global.enablePodSecurityPolicies }}
- apiGroups: [ "policy" ]
resources: [ "podsecuritypolicies" ]
Expand Down
6 changes: 3 additions & 3 deletions charts/consul/templates/crd-exportedservices.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,9 @@ spec:
description: Partition is the admin partition to export
the service to.
type: string
peerName:
description: '[Experimental] PeerName is the name of the
peer to export the service to.'
peer:
description: '[Experimental] Peer is the name of the peer
to export the service to.'
type: string
type: object
type: array
Expand Down
21 changes: 10 additions & 11 deletions control-plane/api/v1alpha1/exportedservices_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -68,8 +68,8 @@ type ExportedService struct {
type ServiceConsumer struct {
// Partition is the admin partition to export the service to.
Partition string `json:"partition,omitempty"`
// [Experimental] PeerName is the name of the peer to export the service to.
PeerName string `json:"peerName,omitempty"`
// [Experimental] Peer is the name of the peer to export the service to.
Peer string `json:"peer,omitempty"`
}

func (in *ExportedServices) GetObjectMeta() metav1.ObjectMeta {
Expand Down Expand Up @@ -165,11 +165,10 @@ func (in *ExportedServices) ToConsul(datacenter string) api.ConfigEntry {
func (in *ExportedService) toConsul() capi.ExportedService {
var consumers []capi.ServiceConsumer
for _, consumer := range in.Consumers {
if consumer.PeerName != "" {
consumers = append(consumers, capi.ServiceConsumer{PeerName: consumer.PeerName})
} else {
consumers = append(consumers, capi.ServiceConsumer{Partition: consumer.Partition})
}
consumers = append(consumers, capi.ServiceConsumer{
Partition: consumer.Partition,
PeerName: consumer.Peer,
})
}
return capi.ExportedService{
Name: in.Name,
Expand Down Expand Up @@ -228,11 +227,11 @@ func (in *ExportedService) validate(path *field.Path, consulMeta common.ConsulMe
}

func (in *ServiceConsumer) validate(path *field.Path, consulMeta common.ConsulMeta) *field.Error {
if in.Partition != "" && in.PeerName != "" {
return field.Invalid(path, *in, "both partition and peerName cannot be specified.")
if in.Partition != "" && in.Peer != "" {
return field.Invalid(path, *in, "both partition and peer cannot be specified.")
}
if in.Partition == "" && in.PeerName == "" {
return field.Invalid(path, *in, "either partition or peerName must be specified.")
if in.Partition == "" && in.Peer == "" {
return field.Invalid(path, *in, "either partition or peer must be specified.")
}
if !consulMeta.PartitionsEnabled && in.Partition != "" {
return field.Invalid(path.Child("partitions"), in.Partition, "Consul Admin Partitions need to be enabled to specify partition.")
Expand Down
92 changes: 77 additions & 15 deletions control-plane/api/v1alpha1/exportedservices_types_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ func TestExportedServices_MatchesConsul(t *testing.T) {
Partition: "third",
},
{
PeerName: "second-peer",
Peer: "second-peer",
},
},
},
Expand All @@ -69,7 +69,7 @@ func TestExportedServices_MatchesConsul(t *testing.T) {
Partition: "fifth",
},
{
PeerName: "third-peer",
Peer: "third-peer",
},
},
},
Expand Down Expand Up @@ -178,7 +178,7 @@ func TestExportedServices_ToConsul(t *testing.T) {
Partition: "third",
},
{
PeerName: "second-peer",
Peer: "second-peer",
},
},
},
Expand All @@ -193,7 +193,7 @@ func TestExportedServices_ToConsul(t *testing.T) {
Partition: "fifth",
},
{
PeerName: "third-peer",
Peer: "third-peer",
},
},
},
Expand Down Expand Up @@ -253,8 +253,10 @@ func TestExportedServices_ToConsul(t *testing.T) {

func TestExportedServices_Validate(t *testing.T) {
cases := map[string]struct {
input *ExportedServices
expectedErrMsgs []string
input *ExportedServices
namespaceEnabled bool
partitionsEnabled bool
expectedErrMsgs []string
}{
"valid": {
input: &ExportedServices{
Expand All @@ -271,14 +273,16 @@ func TestExportedServices_Validate(t *testing.T) {
Partition: "second",
},
{
PeerName: "second-peer",
Peer: "second-peer",
},
},
},
},
},
},
expectedErrMsgs: []string{},
namespaceEnabled: true,
partitionsEnabled: true,
expectedErrMsgs: []string{},
},
"no consumers specified": {
input: &ExportedServices{
Expand All @@ -295,6 +299,8 @@ func TestExportedServices_Validate(t *testing.T) {
},
},
},
namespaceEnabled: true,
partitionsEnabled: true,
expectedErrMsgs: []string{
`spec.services[0]: Invalid value: []v1alpha1.ServiceConsumer{}: service must have at least 1 consumer.`,
},
Expand All @@ -312,15 +318,17 @@ func TestExportedServices_Validate(t *testing.T) {
Consumers: []ServiceConsumer{
{
Partition: "second",
PeerName: "second-peer",
Peer: "second-peer",
},
},
},
},
},
},
namespaceEnabled: true,
partitionsEnabled: true,
expectedErrMsgs: []string{
`spec.services[0].consumers[0]: Invalid value: v1alpha1.ServiceConsumer{Partition:"second", PeerName:"second-peer"}: both partition and peerName cannot be specified.`,
`spec.services[0].consumers[0]: Invalid value: v1alpha1.ServiceConsumer{Partition:"second", Peer:"second-peer"}: both partition and peer cannot be specified.`,
},
},
"neither partition nor peer name specified": {
Expand All @@ -340,8 +348,60 @@ func TestExportedServices_Validate(t *testing.T) {
},
},
},
namespaceEnabled: true,
partitionsEnabled: true,
expectedErrMsgs: []string{
`spec.services[0].consumers[0]: Invalid value: v1alpha1.ServiceConsumer{Partition:"", PeerName:""}: either partition or peerName must be specified.`,
`spec.services[0].consumers[0]: Invalid value: v1alpha1.ServiceConsumer{Partition:"", Peer:""}: either partition or peer must be specified.`,
},
},
"partition provided when partitions are disabled": {
input: &ExportedServices{
ObjectMeta: metav1.ObjectMeta{
Name: common.DefaultConsulPartition,
},
Spec: ExportedServicesSpec{
Services: []ExportedService{
{
Name: "service-frontend",
Namespace: "frontend",
Consumers: []ServiceConsumer{
{
Partition: "test-partition",
},
},
},
},
},
},
namespaceEnabled: true,
partitionsEnabled: false,
expectedErrMsgs: []string{
`spec.services[0].consumers[0].partitions: Invalid value: "test-partition": Consul Admin Partitions need to be enabled to specify partition.`,
},
},
"namespace provided when namespaces are disabled": {
input: &ExportedServices{
ObjectMeta: metav1.ObjectMeta{
Name: common.DefaultConsulPartition,
},
Spec: ExportedServicesSpec{
Services: []ExportedService{
{
Name: "service-frontend",
Namespace: "frontend",
Consumers: []ServiceConsumer{
{
Peer: "test-peer",
},
},
},
},
},
},
namespaceEnabled: false,
partitionsEnabled: false,
expectedErrMsgs: []string{
`spec.services[0]: Invalid value: "frontend": Consul Namespaces must be enabled to specify service namespace.`,
},
},
"multiple errors": {
Expand All @@ -357,24 +417,26 @@ func TestExportedServices_Validate(t *testing.T) {
Consumers: []ServiceConsumer{
{
Partition: "second",
PeerName: "second-peer",
Peer: "second-peer",
},
{},
},
},
},
},
},
namespaceEnabled: true,
partitionsEnabled: true,
expectedErrMsgs: []string{
`spec.services[0].consumers[0]: Invalid value: v1alpha1.ServiceConsumer{Partition:"second", PeerName:"second-peer"}: both partition and peerName cannot be specified.`,
`spec.services[0].consumers[1]: Invalid value: v1alpha1.ServiceConsumer{Partition:"", PeerName:""}: either partition or peerName must be specified.`,
`spec.services[0].consumers[0]: Invalid value: v1alpha1.ServiceConsumer{Partition:"second", Peer:"second-peer"}: both partition and peer cannot be specified.`,
`spec.services[0].consumers[1]: Invalid value: v1alpha1.ServiceConsumer{Partition:"", Peer:""}: either partition or peer must be specified.`,
},
},
}

for name, testCase := range cases {
t.Run(name, func(t *testing.T) {
err := testCase.input.Validate(common.ConsulMeta{NamespacesEnabled: true, PartitionsEnabled: true, Partition: common.DefaultConsulPartition})
err := testCase.input.Validate(common.ConsulMeta{NamespacesEnabled: testCase.namespaceEnabled, PartitionsEnabled: testCase.partitionsEnabled, Partition: common.DefaultConsulPartition})
if len(testCase.expectedErrMsgs) != 0 {
require.Error(t, err)
for _, s := range testCase.expectedErrMsgs {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -68,9 +68,9 @@ spec:
description: Partition is the admin partition to export
the service to.
type: string
peerName:
description: '[Experimental] PeerName is the name of the
peer to export the service to.'
peer:
description: '[Experimental] Peer is the name of the peer
to export the service to.'
type: string
type: object
type: array
Expand Down
2 changes: 1 addition & 1 deletion control-plane/connect-inject/annotations.go
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ const (
annotationTransparentProxyOverwriteProbes = "consul.hashicorp.com/transparent-proxy-overwrite-probes"

// annotationOriginalPod is the value of the pod before being overwritten by the consul
// webhook/handler.
// webhook/meshWebhook.
annotationOriginalPod = "consul.hashicorp.com/original-pod"

// labelServiceIgnore is a label that can be added to a service to prevent it from being
Expand Down
4 changes: 2 additions & 2 deletions control-plane/connect-inject/consul_sidecar.go
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ import (
// the metrics merging server when metrics merging feature is enabled.
// It always disables service registration because for connect we no longer
// need to keep services registered as this is handled in the endpoints-controller.
func (w *ConnectWebhook) consulSidecar(pod corev1.Pod) (corev1.Container, error) {
func (w *MeshWebhook) consulSidecar(pod corev1.Pod) (corev1.Container, error) {
metricsPorts, err := w.MetricsConfig.mergedMetricsServerConfiguration(pod)
if err != nil {
return corev1.Container{}, err
Expand Down Expand Up @@ -48,7 +48,7 @@ func (w *ConnectWebhook) consulSidecar(pod corev1.Pod) (corev1.Container, error)
}, nil
}

func (w *ConnectWebhook) consulSidecarResources(pod corev1.Pod) (corev1.ResourceRequirements, error) {
func (w *MeshWebhook) consulSidecarResources(pod corev1.Pod) (corev1.ResourceRequirements, error) {
resources := corev1.ResourceRequirements{
Limits: corev1.ResourceList{},
Requests: corev1.ResourceList{},
Expand Down
Loading

0 comments on commit 485fd73

Please sign in to comment.