diff --git a/.changelog/3116.txt b/.changelog/3118.txt similarity index 100% rename from .changelog/3116.txt rename to .changelog/3118.txt diff --git a/.changelog/3184.txt b/.changelog/3184.txt deleted file mode 100644 index 4e1abf0f35..0000000000 --- a/.changelog/3184.txt +++ /dev/null @@ -1,3 +0,0 @@ -```release-note:bug -consul-telemetry-collector: fix args to consul-dataplane when global.acls.manageSystemACLs -``` \ No newline at end of file diff --git a/.github/workflows/nightly-acceptance-1-3-0.yml b/.github/workflows/nightly-acceptance-1-3-0-rc1.yml similarity index 93% rename from .github/workflows/nightly-acceptance-1-3-0.yml rename to .github/workflows/nightly-acceptance-1-3-0-rc1.yml index e7681a6835..ad2b373ca4 100644 --- a/.github/workflows/nightly-acceptance-1-3-0.yml +++ b/.github/workflows/nightly-acceptance-1-3-0-rc1.yml @@ -1,5 +1,5 @@ # Dispatch to the consul-k8s-workflows with a nightly cron -name: nightly-acceptance-1-3-0 +name: nightly-acceptance on: schedule: # * is a special character in YAML so you have to quote this string @@ -8,7 +8,7 @@ on: # these should be the only settings that you will ever need to change env: - BRANCH: "release/1.3.0" + BRANCH: "release/1.3.0-rc1" CONTEXT: "nightly" jobs: diff --git a/.github/workflows/weekly-acceptance-1-3-x.yml b/.github/workflows/weekly-acceptance-0-49-x.yml similarity index 81% rename from .github/workflows/weekly-acceptance-1-3-x.yml rename to .github/workflows/weekly-acceptance-0-49-x.yml index e0cd935204..5e1c17f3c7 100644 --- a/.github/workflows/weekly-acceptance-1-3-x.yml +++ b/.github/workflows/weekly-acceptance-0-49-x.yml @@ -1,18 +1,16 @@ # Dispatch to the consul-k8s-workflows with a weekly cron # # A separate file is needed for each release because the cron schedules are different for each release. -name: weekly-acceptance-1-3-x +name: weekly-acceptance-0-49-x on: schedule: # * is a special character in YAML so you have to quote this string - # Run weekly on Wednesday at 3AM UTC/11PM EST/8PM PST - # - cron: '0 3 * * 3' - - cron: '0 0 * * *' # Temporarily nightly until 1.2.0 GA - + # Run weekly on Monday at 3AM UTC/11PM EST/8PM PST + - cron: '0 3 * * 1' # these should be the only settings that you will ever need to change env: - BRANCH: "release/1.3.x" + BRANCH: "release/0.49.x" CONTEXT: "weekly" jobs: diff --git a/CHANGELOG.md b/CHANGELOG.md index e2ee998095..64b7152664 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -41,45 +41,6 @@ BUG FIXES: * control-plane: remove extraneous error log in v2 pod controller when a pod is scheduled, but not yet allocated an IP. [[GH-3162](https://github.com/hashicorp/consul-k8s/issues/3162)] * control-plane: remove extraneous error log in v2 pod controller when attempting to delete ACL tokens. [[GH-3172](https://github.com/hashicorp/consul-k8s/issues/3172)] -## 1.2.3 (November 2, 2023) - -SECURITY: - -* Update Envoy version to 1.25.11 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-3119](https://github.com/hashicorp/consul-k8s/issues/3119)] -* Upgrade `google.golang.org/grpc` to 1.56.3. -This resolves vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-3139](https://github.com/hashicorp/consul-k8s/issues/3139)] -* Upgrade to use Go 1.20.10 and `x/net` 0.17.0. -This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) -/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-3085](https://github.com/hashicorp/consul-k8s/issues/3085)] - -BUG FIXES: - -* api-gateway: fix issue where missing `NET_BIND_SERVICE` capability prevented api-gateway `Pod` from starting up when deployed to OpenShift [[GH-3070](https://github.com/hashicorp/consul-k8s/issues/3070)] -* control-plane: only alert on valid errors, not timeouts in gateway [[GH-3128](https://github.com/hashicorp/consul-k8s/issues/3128)] -* crd: fix misspelling of preparedQuery field in ControlPlaneRequestLimit CRD [[GH-3001](https://github.com/hashicorp/consul-k8s/issues/3001)] - -## 1.1.7 (November 2, 2023) - -SECURITY: - -* Update Envoy version to 1.25.11 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-3120](https://github.com/hashicorp/consul-k8s/issues/3120)] -* Upgrade `google.golang.org/grpc` to 1.56.3. -This resolves vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-3139](https://github.com/hashicorp/consul-k8s/issues/3139)] -* Upgrade to use Go 1.20.10 and `x/net` 0.17.0. -This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) -/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-3085](https://github.com/hashicorp/consul-k8s/issues/3085)] - -## 1.0.11 (November 2, 2023) - -SECURITY: - -* Update Envoy version to 1.24.12 to address [CVE-2023-44487](https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76) [[GH-3121](https://github.com/hashicorp/consul-k8s/issues/3121)] -* Upgrade `google.golang.org/grpc` to 1.56.3. -This resolves vulnerability [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-3139](https://github.com/hashicorp/consul-k8s/issues/3139)] -* Upgrade to use Go 1.20.10 and `x/net` 0.17.0. -This resolves [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) -/ [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487). [[GH-3085](https://github.com/hashicorp/consul-k8s/issues/3085)] - ## 1.2.2 (September 21, 2023) SECURITY: diff --git a/Makefile b/Makefile index b5c742d7cd..a1c4e01834 100644 --- a/Makefile +++ b/Makefile @@ -40,14 +40,6 @@ control-plane-dev-docker: ## Build consul-k8s-control-plane dev Docker image. --build-arg 'GIT_DESCRIBE=$(GIT_DESCRIBE)' \ -f $(CURDIR)/control-plane/Dockerfile $(CURDIR)/control-plane -# DANGER: this target is experimental and could be modified/removed at any time. -# Build consul-k8s-control-plane dev Docker image for use with skaffold or local development. -control-plane-dev-skaffold: - @$(SHELL) $(CURDIR)/control-plane/build-support/scripts/build-local.sh -o linux -a $(GOARCH) - @docker build -t '$(DEV_IMAGE)' \ - --build-arg 'TARGETARCH=$(GOARCH)' \ - -f $(CURDIR)/control-plane/Dockerfile.dev $(CURDIR)/control-plane - check-remote-dev-image-env: ifndef REMOTE_DEV_IMAGE $(error REMOTE_DEV_IMAGE is undefined: set this image to /:, e.g. hashicorp/consul-k8s-dev:latest) @@ -297,7 +289,7 @@ endif prepare-rc-branch: prepare-rc-script -prepare-main-dev: +prepare-dev: ifndef CONSUL_K8S_RELEASE_VERSION $(error CONSUL_K8S_RELEASE_VERSION is required) endif @@ -315,24 +307,6 @@ ifndef CONSUL_K8S_NEXT_CONSUL_DATAPLANE_VERSION endif source $(CURDIR)/control-plane/build-support/scripts/functions.sh; prepare_dev $(CURDIR) $(CONSUL_K8S_RELEASE_VERSION) "$(CONSUL_K8S_RELEASE_DATE)" "" $(CONSUL_K8S_NEXT_RELEASE_VERSION) $(CONSUL_K8S_NEXT_CONSUL_VERSION) $(CONSUL_K8S_NEXT_CONSUL_DATAPLANE_VERSION) -prepare-release-dev: -ifndef CONSUL_K8S_RELEASE_VERSION - $(error CONSUL_K8S_RELEASE_VERSION is required) -endif -ifndef CONSUL_K8S_RELEASE_DATE - $(error CONSUL_K8S_RELEASE_DATE is required, use format , (ex. October 4, 2022)) -endif -ifndef CONSUL_K8S_NEXT_RELEASE_VERSION - $(error CONSUL_K8S_RELEASE_VERSION is required) -endif -ifndef CONSUL_K8S_CONSUL_VERSION - $(error CONSUL_K8S_CONSUL_VERSION is required) -endif -ifndef CONSUL_K8S_CONSUL_DATAPLANE_VERSION - $(error CONSUL_K8S_CONSUL_DATAPLANE_VERSION is required) -endif - source $(CURDIR)/control-plane/build-support/scripts/functions.sh; prepare_dev $(CURDIR) $(CONSUL_K8S_RELEASE_VERSION) "$(CONSUL_K8S_RELEASE_DATE)" "" $(CONSUL_K8S_NEXT_RELEASE_VERSION) $(CONSUL_K8S_CONSUL_VERSION) $(CONSUL_K8S_CONSUL_DATAPLANE_VERSION) - # ===========> Makefile config .DEFAULT_GOAL := help .PHONY: gen-helm-docs copy-crds-to-chart generate-external-crds bats-tests help ci.aws-acceptance-test-cleanup version cli-dev prepare-dev prepare-release diff --git a/acceptance/go.mod b/acceptance/go.mod index b34fcf246c..70a446d0b5 100644 --- a/acceptance/go.mod +++ b/acceptance/go.mod @@ -13,8 +13,6 @@ require ( github.com/hashicorp/serf v0.10.1 github.com/hashicorp/vault/api v1.8.3 github.com/stretchr/testify v1.8.3 - go.opentelemetry.io/proto/otlp v1.0.0 - google.golang.org/protobuf v1.31.0 gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.26.3 k8s.io/apimachinery v0.26.3 @@ -63,7 +61,6 @@ require ( github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.1.0 // indirect github.com/google/uuid v1.3.0 // indirect - github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 // indirect github.com/gruntwork-io/gruntwork-cli v0.7.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-bexpr v0.1.11 // indirect @@ -126,7 +123,7 @@ require ( golang.org/x/exp v0.0.0-20230425010034-47ecfdc1ba53 // indirect golang.org/x/mod v0.9.0 // indirect golang.org/x/net v0.17.0 // indirect - golang.org/x/oauth2 v0.8.0 // indirect + golang.org/x/oauth2 v0.7.0 // indirect golang.org/x/sys v0.13.0 // indirect golang.org/x/term v0.13.0 // indirect golang.org/x/text v0.13.0 // indirect @@ -134,9 +131,9 @@ require ( golang.org/x/tools v0.7.0 // indirect gomodules.xyz/jsonpatch/v2 v2.3.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e // indirect google.golang.org/grpc v1.56.3 // indirect + google.golang.org/protobuf v1.30.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/square/go-jose.v2 v2.5.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/acceptance/go.sum b/acceptance/go.sum index 219f7a08ec..f84b054b60 100644 --- a/acceptance/go.sum +++ b/acceptance/go.sum @@ -299,7 +299,6 @@ github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXP github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE= github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -384,8 +383,6 @@ github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:Fecb github.com/grpc-ecosystem/go-grpc-middleware v1.0.1-0.20190118093823-f849b5445de4/go.mod h1:FiyG127CGDf3tlThmgyCl78X/SZQqEOJBCDaAfeWzPs= github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk= github.com/grpc-ecosystem/grpc-gateway v1.9.5/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0 h1:YBftPWNWd4WwGqtY2yeZL2ef8rHAxPBD8KFhJpmcqms= -github.com/grpc-ecosystem/grpc-gateway/v2 v2.16.0/go.mod h1:YN5jB8ie0yfIUg6VvR9Kz84aCaG7AsGZnLjhHbUqwPg= github.com/gruntwork-io/gruntwork-cli v0.7.0 h1:YgSAmfCj9c61H+zuvHwKfYUwlMhu5arnQQLM4RH+CYs= github.com/gruntwork-io/gruntwork-cli v0.7.0/go.mod h1:jp6Z7NcLF2avpY8v71fBx6hds9eOFPELSuD/VPv7w00= github.com/gruntwork-io/terratest v0.31.2 h1:xvYHA80MUq5kx670dM18HInewOrrQrAN+XbVVtytUHg= @@ -510,7 +507,7 @@ github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFB github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= -github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= +github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/pty v1.1.5/go.mod h1:9r2w37qlBe7rQ6e1fg1S/9xpWHSnaqNdHD3WcMdbPDA= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= @@ -768,8 +765,6 @@ go.opentelemetry.io/otel v1.11.1/go.mod h1:1nNhXBbWSD0nsL38H6btgnFN2k4i0sNLHNNMZ go.opentelemetry.io/otel/sdk v1.11.1 h1:F7KmQgoHljhUuJyA+9BiU+EkJfyX5nVVF4wyzWZpKxs= go.opentelemetry.io/otel/trace v1.11.1 h1:ofxdnzsNrGBYXbP7t7zpUK281+go5rF7dvdIZXF8gdQ= go.opentelemetry.io/otel/trace v1.11.1/go.mod h1:f/Q9G7vzk5u91PhbmKbg1Qn0rzH1LJ4vbPHFGkTPtOk= -go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I= -go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM= go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= @@ -889,8 +884,8 @@ golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4Iltr golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b/go.mod h1:DAh4E804XQdzx2j+YRIaUnCqCV2RuMz24cGBJ5QYIrc= -golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= -golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= +golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1126,11 +1121,8 @@ google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20201019141844-1ed22bb0c154/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e h1:Ao9GzfUMPH3zjVfzXG5rlWlk+Q8MXWKwWpwVQE1MXfw= -google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc h1:kVKPf/IiYSBWEWtkIn6wZXwWGCnLKcC8oWfZvXjsGnM= -google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e h1:NumxXLPfHSndr3wBBdeKiVHjGVFzi9RX2HwwQke94iY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1159,8 +1151,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= -google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= +google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/acceptance/tests/api-gateway/api_gateway_kitchen_sink_test.go b/acceptance/tests/api-gateway/api_gateway_kitchen_sink_test.go deleted file mode 100644 index d701220a8c..0000000000 --- a/acceptance/tests/api-gateway/api_gateway_kitchen_sink_test.go +++ /dev/null @@ -1,232 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: MPL-2.0 - -package apigateway - -import ( - "context" - "encoding/base64" - "fmt" - "github.com/hashicorp/consul-k8s/acceptance/framework/k8s" - "testing" - "time" - - "github.com/hashicorp/consul-k8s/acceptance/framework/consul" - "github.com/hashicorp/consul-k8s/acceptance/framework/helpers" - "github.com/hashicorp/consul-k8s/acceptance/framework/logger" - "github.com/hashicorp/consul/api" - "github.com/hashicorp/consul/sdk/testutil/retry" - "github.com/stretchr/testify/require" - "k8s.io/apimachinery/pkg/types" - gwv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" -) - -// Enabled everything possible, see if anything breaks. -func TestAPIGateway_KitchenSink(t *testing.T) { - ctx := suite.Environment().DefaultContext(t) - cfg := suite.Config() - - runWithEnterpriseOnlyFeatures := cfg.EnableEnterprise - - serverHelmValues := map[string]string{ - "global.acls.manageSystemACLs": "true", - "global.tls.enabled": "true", - - // Don't install injector, controller and cni on this cluster so that it's not installed twice. - "connectInject.enabled": "false", - "connectInject.cni.enabled": "false", - } - serverReleaseName := helpers.RandomName() - consulServerCluster := consul.NewHelmCluster(t, serverHelmValues, ctx, cfg, serverReleaseName) - consulServerCluster.Create(t) - - helmValues := map[string]string{ - "server.enabled": "false", - "connectInject.consulNamespaces.mirroringK8S": "true", - "global.acls.manageSystemACLs": "true", - "global.tls.enabled": "true", - "global.logLevel": "trace", - "externalServers.enabled": "true", - "externalServers.hosts[0]": fmt.Sprintf("%s-consul-server", serverReleaseName), - "externalServers.httpsPort": "8501", - "global.tls.caCert.secretName": fmt.Sprintf("%s-consul-ca-cert", serverReleaseName), - "global.tls.caCert.secretKey": "tls.crt", - "global.acls.bootstrapToken.secretName": fmt.Sprintf("%s-consul-bootstrap-acl-token", serverReleaseName), - "global.acls.bootstrapToken.secretKey": "token", - } - - releaseName := helpers.RandomName() - consulCluster := consul.NewHelmCluster(t, helmValues, ctx, cfg, releaseName) - consulCluster.SkipCheckForPreviousInstallations = true - - consulCluster.Create(t) - - // Override the default proxy config settings for this test - consulClient, _ := consulCluster.SetupConsulClient(t, true, serverReleaseName) - logger.Log(t, "have consul client") - _, _, err := consulClient.ConfigEntries().Set(&api.ProxyConfigEntry{ - Kind: api.ProxyDefaults, - Name: api.ProxyConfigGlobal, - Config: map[string]interface{}{ - "protocol": "http", - }, - }, nil) - require.NoError(t, err) - logger.Log(t, "set consul config entry") - - logger.Log(t, "creating other namespace") - out, err := k8s.RunKubectlAndGetOutputE(t, ctx.KubectlOptions(t), "create", "namespace", "other") - require.NoError(t, err, out) - helpers.Cleanup(t, cfg.NoCleanupOnFailure, cfg.NoCleanup, func() { - // Ignore errors here because if the test ran as expected - // the custom resources will have been deleted. - k8s.RunKubectlAndGetOutputE(t, ctx.KubectlOptions(t), "delete", "namespace", "other") - }) - - k8sClient := ctx.ControllerRuntimeClient(t) - - logger.Log(t, "creating api-gateway resources") - fixturePath := "../fixtures/cases/api-gateways/kitchen-sink" - if runWithEnterpriseOnlyFeatures { - fixturePath += "-ent" - } - out, err = k8s.RunKubectlAndGetOutputE(t, ctx.KubectlOptions(t), "apply", "-k", fixturePath) - require.NoError(t, err, out) - helpers.Cleanup(t, cfg.NoCleanupOnFailure, cfg.NoCleanup, func() { - // Ignore errors here because if the test ran as expected - // the custom resources will have been deleted. - k8s.RunKubectlAndGetOutputE(t, ctx.KubectlOptions(t), "delete", "-k", fixturePath) - }) - - // Create certificate secret, we do this separately since - // applying the secret will make an invalid certificate that breaks other tests - logger.Log(t, "creating certificate secret") - out, err = k8s.RunKubectlAndGetOutputE(t, ctx.KubectlOptions(t), "apply", "-f", "../fixtures/bases/api-gateway/certificate.yaml") - require.NoError(t, err, out) - helpers.Cleanup(t, cfg.NoCleanupOnFailure, cfg.NoCleanup, func() { - // Ignore errors here because if the test ran as expected - // the custom resources will have been deleted. - k8s.RunKubectlAndGetOutputE(t, ctx.KubectlOptions(t), "delete", "-f", "../fixtures/bases/api-gateway/certificate.yaml") - }) - - // patch certificate with data - logger.Log(t, "patching certificate secret with generated data") - certificate := generateCertificate(t, nil, "gateway.test.local") - k8s.RunKubectl(t, ctx.KubectlOptions(t), "patch", "secret", "certificate", "-p", fmt.Sprintf(`{"data":{"tls.crt":"%s","tls.key":"%s"}}`, base64.StdEncoding.EncodeToString(certificate.CertPEM), base64.StdEncoding.EncodeToString(certificate.PrivateKeyPEM)), "--type=merge") - - // Create static server and static client - logger.Log(t, "creating static-client pod") - k8s.DeployKustomize(t, ctx.KubectlOptions(t), cfg.NoCleanupOnFailure, cfg.NoCleanup, cfg.DebugDirectory, "../fixtures/bases/static-client") - k8s.RunKubectl(t, ctx.KubectlOptions(t), "wait", "--for=condition=available", "--timeout=5m", fmt.Sprintf("deploy/%s", "static-server")) - - // On startup, the controller can take upwards of 1m to perform - // leader election so we may need to wait a long time for - // the reconcile loop to run (hence the 2m timeout here). - var ( - gatewayAddress string - httpRoute gwv1beta1.HTTPRoute - ) - - counter := &retry.Counter{Count: 60, Wait: 2 * time.Second} - retry.RunWith(counter, t, func(r *retry.R) { - var gateway gwv1beta1.Gateway - err = k8sClient.Get(context.Background(), types.NamespacedName{Name: "gateway", Namespace: "default"}, &gateway) - require.NoError(r, err) - - //CHECK TO MAKE SURE EVERYTHING WAS SET UP CORECTLY BEFORE RUNNING TESTS - require.Len(r, gateway.Finalizers, 1) - require.EqualValues(r, gatewayFinalizer, gateway.Finalizers[0]) - - // check our statuses - checkStatusCondition(r, gateway.Status.Conditions, trueCondition("Accepted", "Accepted")) - checkStatusCondition(r, gateway.Status.Conditions, trueCondition("ConsulAccepted", "Accepted")) - require.Len(r, gateway.Status.Listeners, 2) - - require.EqualValues(r, int32(1), gateway.Status.Listeners[0].AttachedRoutes) - checkStatusCondition(r, gateway.Status.Listeners[0].Conditions, trueCondition("Accepted", "Accepted")) - checkStatusCondition(r, gateway.Status.Listeners[0].Conditions, falseCondition("Conflicted", "NoConflicts")) - checkStatusCondition(r, gateway.Status.Listeners[0].Conditions, trueCondition("ResolvedRefs", "ResolvedRefs")) - - // check that we have an address to use - require.Len(r, gateway.Status.Addresses, 2) - // now we know we have an address, set it so we can use it - gatewayAddress = gateway.Status.Addresses[0].Value - - // http route checks - err = k8sClient.Get(context.Background(), types.NamespacedName{Name: "http-route", Namespace: "default"}, &httpRoute) - require.NoError(r, err) - - // check our finalizers - require.Len(r, httpRoute.Finalizers, 1) - require.EqualValues(r, gatewayFinalizer, httpRoute.Finalizers[0]) - - // check parent status - require.Len(r, httpRoute.Status.Parents, 1) - require.EqualValues(r, gatewayClassControllerName, httpRoute.Status.Parents[0].ControllerName) - require.EqualValues(r, "gateway", httpRoute.Status.Parents[0].ParentRef.Name) - checkStatusCondition(r, httpRoute.Status.Parents[0].Conditions, trueCondition("Accepted", "Accepted")) - checkStatusCondition(r, httpRoute.Status.Parents[0].Conditions, trueCondition("ResolvedRefs", "ResolvedRefs")) - checkStatusCondition(r, httpRoute.Status.Parents[0].Conditions, trueCondition("ConsulAccepted", "Accepted")) - - }) - - // GENERAL Asserts- test that assets were created as expected - entry, _, err := consulClient.ConfigEntries().Get(api.APIGateway, "gateway", nil) - require.NoError(t, err) - gateway := entry.(*api.APIGatewayConfigEntry) - - entry, _, err = consulClient.ConfigEntries().Get(api.HTTPRoute, "http-route", nil) - require.NoError(t, err) - consulHTTPRoute := entry.(*api.HTTPRouteConfigEntry) - - // now check the gateway status conditions - checkConsulStatusCondition(t, gateway.Status.Conditions, trueConsulCondition("Accepted", "Accepted")) - - // and the route status conditions - checkConsulStatusCondition(t, consulHTTPRoute.Status.Conditions, trueConsulCondition("Bound", "Bound")) - - // finally we check that we can actually route to the service(s) via the gateway - k8sOptions := ctx.KubectlOptions(t) - targetHTTPAddress := fmt.Sprintf("http://%s/v1", gatewayAddress) - - // Now we create the allow intention. - _, _, err = consulClient.ConfigEntries().Set(&api.ServiceIntentionsConfigEntry{ - Kind: api.ServiceIntentions, - Name: "static-server", - Sources: []*api.SourceIntention{ - { - Name: "gateway", - Action: api.IntentionActionAllow, - }, - }, - }, nil) - require.NoError(t, err) - - _, _, err = consulClient.ConfigEntries().Set(&api.ServiceIntentionsConfigEntry{ - Kind: api.ServiceIntentions, - Name: "static-server-protected", - Sources: []*api.SourceIntention{ - { - Name: "gateway", - Action: api.IntentionActionAllow, - }, - }, - }, nil) - require.NoError(t, err) - - //asserts only valid when running with enterprise - if runWithEnterpriseOnlyFeatures { - //JWT Related Asserts - // should fail because we're missing JWT - logger.Log(t, "trying calls to api gateway /admin should fail without JWT token") - k8s.CheckStaticServerHTTPConnectionFailing(t, k8sOptions, StaticClientName, targetHTTPAddress) - - // will succeed because we use the token with the correct role and the correct issuer - logger.Log(t, "trying calls to api gateway /admin should succeed with JWT token with correct role") - k8s.CheckStaticServerConnectionSuccessful(t, k8sOptions, StaticClientName, "-H", fmt.Sprintf("Authorization: Bearer %s", doctorToken), targetHTTPAddress) - } else { - // Test that we can make a call to the api gateway - logger.Log(t, "trying calls to api gateway http") - k8s.CheckStaticServerConnectionSuccessful(t, k8sOptions, StaticClientName, targetHTTPAddress) - } -} diff --git a/acceptance/tests/cloud/observability_test.go b/acceptance/tests/cloud/basic_test.go similarity index 58% rename from acceptance/tests/cloud/observability_test.go rename to acceptance/tests/cloud/basic_test.go index 5a2bf7b365..e17169700a 100644 --- a/acceptance/tests/cloud/observability_test.go +++ b/acceptance/tests/cloud/basic_test.go @@ -4,6 +4,12 @@ package cloud import ( + "crypto/tls" + "encoding/json" + "errors" + "fmt" + "io" + "net/http" "strings" "testing" "time" @@ -18,6 +24,10 @@ import ( "github.com/stretchr/testify/require" ) +type TokenResponse struct { + Token string `json:"token"` +} + var ( resourceSecretName = "resource-sec-name" resourceSecretKey = "resource-sec-key" @@ -44,7 +54,47 @@ var ( scadaAddressSecretKeyValue = "fake-server:443" ) -func TestObservabilityCloud(t *testing.T) { +// The fake-server has a requestToken endpoint to retrieve the token. +func requestToken(endpoint string) (string, error) { + tr := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + } + + client := &http.Client{Transport: tr} + url := fmt.Sprintf("https://%s/token", endpoint) + req, err := http.NewRequest("GET", url, nil) + if err != nil { + fmt.Println("Error creating request:", err) + return "", errors.New("error creating request") + } + + // Perform the request + resp, err := client.Do(req) + if err != nil { + fmt.Println("Error sending request:", err) + return "", errors.New("error making request") + } + defer resp.Body.Close() + + // Read the response body + body, err := io.ReadAll(resp.Body) + if err != nil { + fmt.Println("Error reading response:", err) + return "", errors.New("error reading body") + } + + var tokenResponse TokenResponse + err = json.Unmarshal(body, &tokenResponse) + if err != nil { + fmt.Println("Error parsing response:", err) + return "", errors.New("error parsing body") + } + + return tokenResponse.Token, nil + +} + +func TestBasicCloud(t *testing.T) { ctx := suite.Environment().DefaultContext(t) kubectlOptions := ctx.KubectlOptions(t) @@ -88,9 +138,8 @@ func TestObservabilityCloud(t *testing.T) { require.NoError(r, tunnel.ForwardPortE(t)) }) - fsClient := newfakeServerClient(tunnel.Endpoint()) logger.Log(t, "fake-server addr:"+tunnel.Endpoint()) - consulToken, err := fsClient.requestToken() + consulToken, err := requestToken(tunnel.Endpoint()) if err != nil { logger.Log(t, "error finding consul token") return @@ -122,6 +171,13 @@ func TestObservabilityCloud(t *testing.T) { "global.cloud.scadaAddress.secretKey": scadaAddressSecretKey, "connectInject.default": "true", + // TODO: Follow up with this bug + "global.acls.manageSystemACLs": "false", + "global.gossipEncryption.autoGenerate": "false", + "global.tls.enabled": "true", + "global.tls.enableAutoEncrypt": "true", + // TODO: Take this out + "telemetryCollector.enabled": "true", "telemetryCollector.image": cfg.ConsulCollectorImage, "telemetryCollector.cloud.clientId.secretName": clientIDSecretName, @@ -129,6 +185,8 @@ func TestObservabilityCloud(t *testing.T) { "telemetryCollector.cloud.clientSecret.secretName": clientSecretName, "telemetryCollector.cloud.clientSecret.secretKey": clientSecretKey, + // Either we set the global.trustedCAs (make sure it's idented exactly) or we + // set TLS to insecure "telemetryCollector.extraEnvironmentVars.HCP_API_TLS": "insecure", "telemetryCollector.extraEnvironmentVars.HCP_AUTH_TLS": "insecure", @@ -138,10 +196,33 @@ func TestObservabilityCloud(t *testing.T) { "server.extraEnvironmentVars.HCP_API_TLS": "insecure", "server.extraEnvironmentVars.HCP_AUTH_TLS": "insecure", "server.extraEnvironmentVars.HCP_SCADA_TLS": "insecure", + + // This is pregenerated CA used for testing. It can be replaced at any time and isn't + // meant for anything other than testing + // "global.trustedCAs[0]": `-----BEGIN CERTIFICATE----- + // MIICrjCCAZYCCQD5LxMcnMY8rDANBgkqhkiG9w0BAQsFADAZMRcwFQYDVQQDDA5m + // YWtlLXNlcnZlci1jYTAeFw0yMzA1MTkxMjIwMzhaFw0zMzA1MTYxMjIwMzhaMBkx + // FzAVBgNVBAMMDmZha2Utc2VydmVyLWNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A + // MIIBCgKCAQEAwhbiII7sMultedFzQVhVZz5Ti+9lWrpZb8y0ZR6NaNvoxDPX151t + // Adh5NegSeH/+351iDBGZHhmKECtBuk8FJgk88O7y8A7Yg+/lyeZd0SJTEeiYUe7d + // sSaBTYSmixyn6s15Y5MVp9gM7t2YXrocRkFxDtdhLMWf0zwzJEwDouFMMiFZw5II + // yDbI6UfwKyB8C8ln10+TcczbheaOMQ1jGn35YWAG/LEdutU6DO2Y/GZYQ41nyLF1 + // klqh34USQPVQSQW7R7GiDxyhh1fGaDF6RAzH4RerzQSNvvTHmBXIGurB/Hnu1n3p + // CwWeatWMU5POy1es73S/EPM0NpWD5RabSwIDAQABMA0GCSqGSIb3DQEBCwUAA4IB + // AQBayoTltSW55PvKVp9cmqGOBMlkIMKPd6Ny4bCb/3UF+3bzQmIblh3O3kEt7WoY + // fA9vp+6cSRGVqgBfR2bi40RrerLNA79yywIZjfBMteNuRoul5VeD+mLyFCo4197r + // Atl2TEx2kl2V8rjCsEBcTqKqetVOMLYEZ2tbCeUt1A/K7OzaJfHgelEYcsVt68Q9 + // /BLoo2UXfOpRrcsx7u7s5HPVbG3bx+1MvGJZ2C3i0B6agnkGDzEpoM4KZGxEefB9 + // DOHIJfie9d9BQD52nZh3SGHz0b3vfJ430XrQmaNZ26fuIEyIYrpvyAhBXckj2iTD + // 1TXpqr/1D7EUbddktyhXTK9e + // -----END CERTIFICATE-----`, } if cfg.ConsulImage != "" { helmValues["global.image"] = cfg.ConsulImage } + if cfg.ConsulCollectorImage != "" { + helmValues["telemetryCollector.image"] = cfg.ConsulCollectorImage + } consulCluster := consul.NewHelmCluster(t, helmValues, suite.Environment().DefaultContext(t), suite.Config(), releaseName) consulCluster.Create(t) @@ -150,73 +231,56 @@ func TestObservabilityCloud(t *testing.T) { k8s.DeployKustomize(t, ctx.KubectlOptions(t), cfg.NoCleanupOnFailure, cfg.NoCleanup, cfg.DebugDirectory, "../fixtures/bases/static-server") t.Log("Finished deployment. Validating expected conditions now") + // Give some time for collector send metrics + time.Sleep(5 * time.Second) + err = validate(tunnel.Endpoint()) + logger.Log(t, fmt.Sprintf("result: %v", err)) + require.NoError(t, err) - for name, tc := range map[string]struct { - refresh *modifyTelemetryConfigBody - refreshTime int64 - recordsPath string - timeout time.Duration - wait time.Duration - validations *metricValidations - }{ - "collectorExportsMetrics": { - recordsPath: recordsPathCollector, - // High timeout as Collector metrics scraped every 1 minute (https://github.com/hashicorp/consul-telemetry-collector/blob/dfdbf51b91d502a18f3b143a94ab4d50cdff10b8/internal/otel/config/helpers/receivers/prometheus_receiver.go#L54) - timeout: 5 * time.Minute, - wait: 1 * time.Second, - validations: &metricValidations{ - expectedLabelKeys: []string{"service_name", "service_instance_id"}, - expectedMetricName: "otelcol_receiver_accepted_metric_points", - disallowedMetricName: "server.memory_heap_size", - }, - }, - "consulPeriodicRefreshUpdateConfig": { - refresh: &modifyTelemetryConfigBody{ - Filters: []string{"consul.state"}, - Labels: map[string]string{"new_label": "testLabel"}, - }, - recordsPath: recordsPathConsul, - // High timeout as Consul server metrics exported every 1 minute (https://github.com/hashicorp/consul/blob/9776c10efb4472f196b47f88bc0db58b1bfa12ef/agent/hcp/telemetry/otel_sink.go#L27) - timeout: 3 * time.Minute, - wait: 30 * time.Second, - validations: &metricValidations{ - expectedLabelKeys: []string{"node_id", "node_name", "new_label"}, - expectedMetricName: "consul.state.services", - disallowedMetricName: "consul.fsm", - }, - }, - "consulPeriodicRefreshDisabled": { - refresh: &modifyTelemetryConfigBody{ - Filters: []string{"consul.state"}, - Labels: map[string]string{"new_label": "testLabel"}, - Disabled: true, - }, - recordsPath: recordsPathConsul, - // High timeout as Consul server metrics exported every 1 minute (https://github.com/hashicorp/consul/blob/9776c10efb4472f196b47f88bc0db58b1bfa12ef/agent/hcp/telemetry/otel_sink.go#L27) - timeout: 3 * time.Minute, - wait: 30 * time.Second, - validations: &metricValidations{ - disabled: true, - }, - }, - } { - t.Run(name, func(t *testing.T) { - // For a refresh test, we force a telemetry config update before validating metrics using fakeserver's /telemetry_config_modify endpoint. - if tc.refresh != nil { - refreshTime := time.Now() - err := fsClient.modifyTelemetryConfig(tc.refresh) - require.NoError(t, err) - // Add 10 seconds (2 * periodic refresh interval in fakeserver) to allow a periodic refresh from Consul side to take place. - tc.refreshTime = refreshTime.Add(10 * time.Second).UnixNano() - } - - // Validate metrics are correct using fakeserver's /records endpoint to retrieve metric exports that occured from Consul/Collector to fakeserver. - // We use retry as we wait for Consul or the Collector to export metrics. This is the best we can do to avoid flakiness. - retry.RunWith(&retry.Timer{Timeout: tc.timeout, Wait: tc.wait}, t, func(r *retry.R) { - records, err := fsClient.getRecordsForPath(tc.recordsPath, tc.refreshTime) - require.NoError(r, err) - validateMetrics(r, records, tc.validations, tc.refreshTime) - }) - }) +} + +func validate(endpoint string) error { + tr := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + } + + client := &http.Client{Transport: tr} + url := fmt.Sprintf("https://%s/validation", endpoint) + req, err := http.NewRequest("GET", url, nil) + if err != nil { + fmt.Println("Error creating request:", err) + return errors.New("error creating validation request") } + + // Perform the request + resp, err := client.Do(req) + if err != nil { + fmt.Println("Error sending request:", err) + return errors.New("error making validation request") + } + if resp.StatusCode == http.StatusExpectationFailed { + // Read the response body + body, err := io.ReadAll(resp.Body) + if err != nil { + fmt.Println("Error reading response:", err) + return errors.New("error reading body") + } + var message errMsg + err = json.Unmarshal(body, &message) + if err != nil { + fmt.Println("Error parsing response:", err) + return errors.New("error parsing body") + } + + return fmt.Errorf("Failed validation: %s", message) + } else if resp.StatusCode != http.StatusOK { + return errors.New("unexpected status code response from failure") + } + + return nil + +} + +type errMsg struct { + Error string `json:"error"` } diff --git a/acceptance/tests/cloud/fakeserver_client.go b/acceptance/tests/cloud/fakeserver_client.go deleted file mode 100644 index ec668d16e5..0000000000 --- a/acceptance/tests/cloud/fakeserver_client.go +++ /dev/null @@ -1,158 +0,0 @@ -package cloud - -import ( - "bytes" - "crypto/tls" - "encoding/json" - "errors" - "fmt" - "io" - "net/http" - "strconv" -) - -const ( - // recordsPathConsul and recordsPathCollector distinguish metrics for consul vs. collector when fetching records. - recordsPathConsul = "v1/metrics/consul" - recordsPathCollector = "v1/metrics/collector" -) - -var ( - errEncodingPayload = errors.New("failed to encode payload") - errCreatingRequest = errors.New("failed to create HTTP request") - errMakingRequest = errors.New("failed to make request") - errReadingBody = errors.New("failed to read body") - errClosingBody = errors.New("failed to close body") - errParsingBody = errors.New("failed to parse body") -) - -// fakeServerClient provides an interface to communicate with the fakesever (a fake HCP Telemetry Gateway) via HTTP. -type fakeServerClient struct { - client *http.Client - tunnel string -} - -// modifyTelemetryConfigBody is a POST body that provides telemetry config changes to the fakeserver. -type modifyTelemetryConfigBody struct { - Filters []string `json:"filters"` - Labels map[string]string `json:"labels"` - Disabled bool `json:"disabled"` -} - -// TokenResponse is used to read a token response from the fakeserver. -type TokenResponse struct { - Token string `json:"token"` -} - -// RecordsResponse is used to read a /records response from the fakeserver. -type RecordsResponse struct { - Records []*RequestRecord `json:"records"` -} - -// RequestRecord holds info about a single request. -type RequestRecord struct { - Method string `json:"method"` - Path string `json:"path"` - Body []byte `json:"body"` - ValidRequest bool `json:"validRequest"` - Timestamp int64 `json:"timestamp"` -} - -// newfakeServerClient returns a fakeServerClient to be used in tests to communicate with the fake Telemetry Gateway. -func newfakeServerClient(tunnel string) *fakeServerClient { - tr := &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, - } - - return &fakeServerClient{ - client: &http.Client{Transport: tr}, - tunnel: tunnel, - } -} - -// requestToken retrieves a token from the fakeserver's token endpoint. -func (f *fakeServerClient) requestToken() (string, error) { - url := fmt.Sprintf("https://%s/token", f.tunnel) - req, err := http.NewRequest("GET", url, nil) - if err != nil { - return "", fmt.Errorf("%w: %w", errCreatingRequest, err) - } - - resp, err := f.handleRequest(req) - if err != nil { - return "", err - } - - tokenResponse := &TokenResponse{} - err = json.Unmarshal(resp, tokenResponse) - if err != nil { - return "", fmt.Errorf("%w : %w", errParsingBody, err) - } - - return tokenResponse.Token, nil -} - -// modifyTelemetryConfig can update the telemetry config returned by the fakeserver. -// via the fakeserver's modify_telemetry_config endpoint. -func (f *fakeServerClient) modifyTelemetryConfig(payload *modifyTelemetryConfigBody) error { - url := fmt.Sprintf("https://%s/modify_telemetry_config", f.tunnel) - payloadBuf := new(bytes.Buffer) - - err := json.NewEncoder(payloadBuf).Encode(payload) - if err != nil { - return fmt.Errorf("%w:%w", errEncodingPayload, err) - } - - req, err := http.NewRequest("POST", url, payloadBuf) - if err != nil { - return fmt.Errorf("%w: %w", errCreatingRequest, err) - } - - _, err = f.handleRequest(req) - - return err -} - -func (f *fakeServerClient) getRecordsForPath(path string, refreshTime int64) ([]*RequestRecord, error) { - url := fmt.Sprintf("https://%s/records/%s", f.tunnel, path) - req, err := http.NewRequest("GET", url, nil) - if err != nil { - return nil, fmt.Errorf("%w: %w", errCreatingRequest, err) - } - if refreshTime > 0 { - q := req.URL.Query() - q.Add("since", strconv.FormatInt(refreshTime, 10)) - req.URL.RawQuery = q.Encode() - } - - resp, err := f.handleRequest(req) - if err != nil { - return nil, err - } - - recordsResponse := &RecordsResponse{} - err = json.Unmarshal(resp, recordsResponse) - if err != nil { - return nil, fmt.Errorf("%w : %w", errParsingBody, err) - } - - return recordsResponse.Records, nil -} - -// handleRequest returns the response body if the request is succesful. -func (f *fakeServerClient) handleRequest(req *http.Request) ([]byte, error) { - resp, err := f.client.Do(req) - if err != nil { - return nil, fmt.Errorf("%w : %w", errMakingRequest, err) - } - body, err := io.ReadAll(resp.Body) - cErr := resp.Body.Close() - if cErr != nil { - return nil, fmt.Errorf("%w : %w", errClosingBody, err) - } - if err != nil { - return nil, fmt.Errorf("%w : %w", errReadingBody, err) - } - - return body, nil -} diff --git a/acceptance/tests/cloud/metrics_validation.go b/acceptance/tests/cloud/metrics_validation.go deleted file mode 100644 index 558ae54509..0000000000 --- a/acceptance/tests/cloud/metrics_validation.go +++ /dev/null @@ -1,114 +0,0 @@ -package cloud - -import ( - "strings" - - "github.com/hashicorp/serf/testutil/retry" - "github.com/stretchr/testify/require" - otlpcolmetrics "go.opentelemetry.io/proto/otlp/collector/metrics/v1" - otlpcommon "go.opentelemetry.io/proto/otlp/common/v1" - otlpmetrics "go.opentelemetry.io/proto/otlp/metrics/v1" - "google.golang.org/protobuf/proto" -) - -type metricValidations struct { - disabled bool - expectedMetricName string - disallowedMetricName string - expectedLabelKeys []string -} - -// validateMetrics ensure OTLP metrics as recorded by the Collector or Consul as expected. -func validateMetrics(r *retry.R, records []*RequestRecord, validations *metricValidations, since int64) { - // If metrics are disabled, no metrics records should exist, and return early. - if validations.disabled { - require.Empty(r, records) - return - } - - // If metrics are not disabled, records should not be empty. - require.NotEmpty(r, records) - - for _, record := range records { - require.True(r, record.ValidRequest, "expected request to be valid") - - req := &otlpcolmetrics.ExportMetricsServiceRequest{} - err := proto.Unmarshal(record.Body, req) - require.NoError(r, err, "failed to extract metrics from body") - - // Basic validation that metrics are not empty. - require.NotEmpty(r, req.GetResourceMetrics()) - require.NotEmpty(r, req.ResourceMetrics[0].GetScopeMetrics()) - require.NotEmpty(r, req.ResourceMetrics[0].ScopeMetrics[0].GetMetrics()) - - // Verify expected key labels and metric names. - labels := externalLabels(req, since) - for _, key := range validations.expectedLabelKeys { - require.Contains(r, labels, key) - } - validateMetricName(r, req, validations) - } -} - -// validateMetricName ensures an expected metric name has been recorded based on filters and disallowed metrics are not present. -func validateMetricName(t *retry.R, request *otlpcolmetrics.ExportMetricsServiceRequest, validations *metricValidations) { - exists := false - for _, metric := range request.ResourceMetrics[0].ScopeMetrics[0].GetMetrics() { - require.NotContains(t, metric.Name, validations.disallowedMetricName) - - if strings.Contains(metric.Name, validations.expectedMetricName) { - exists = true - } - } - - require.True(t, exists) -} - -// externalLabels converts OTLP labels to a map[string]string format. -func externalLabels(request *otlpcolmetrics.ExportMetricsServiceRequest, since int64) map[string]string { - // For the Consul Telemetry Collector, labels are contained at the higher level scope. - attrs := request.ResourceMetrics[0].GetResource().GetAttributes() - - // For Consul server metrics, labels are contained with individual metrics, and must be extracted. - if len(attrs) < 1 { - attrs = getMetricLabel(request.ResourceMetrics[0].GetScopeMetrics(), since) - } - - labels := make(map[string]string, len(attrs)) - for _, kv := range attrs { - k := strings.ReplaceAll(kv.GetKey(), ".", "_") - labels[k] = kv.GetValue().GetStringValue() - } - - return labels -} - -// getMetricLabel returns labels at each datapoint within a metric. -func getMetricLabel(scopeMetrics []*otlpmetrics.ScopeMetrics, since int64) []*otlpcommon.KeyValue { - // The attributes field can only be accessed on the specific implementation (gauge, sum or hist). - for _, metric := range scopeMetrics[0].Metrics { - switch v := metric.Data.(type) { - case *otlpmetrics.Metric_Gauge: - for _, dp := range v.Gauge.GetDataPoints() { - // When a refresh has occured, filter time since last refresh as older data points may not have latest labels. - if dp.StartTimeUnixNano > uint64(since) { - return dp.Attributes - } - } - case *otlpmetrics.Metric_Histogram: - for _, dp := range v.Histogram.GetDataPoints() { - if dp.StartTimeUnixNano > uint64(since) { - return dp.Attributes - } - } - case *otlpmetrics.Metric_Sum: - for _, dp := range v.Sum.GetDataPoints() { - if dp.StartTimeUnixNano > uint64(since) { - return dp.Attributes - } - } - } - } - - return []*otlpcommon.KeyValue{} -} diff --git a/acceptance/tests/fixtures/bases/cloud/hcp-mock/deployment.yaml b/acceptance/tests/fixtures/bases/cloud/hcp-mock/deployment.yaml index 78547d5118..7278557cdb 100644 --- a/acceptance/tests/fixtures/bases/cloud/hcp-mock/deployment.yaml +++ b/acceptance/tests/fixtures/bases/cloud/hcp-mock/deployment.yaml @@ -19,7 +19,7 @@ spec: containers: - name: fake-server # TODO: move this to a hashicorp mirror - image: docker.io/achooo/fakeserver:latest + image: docker.io/chaapppie/fakeserver:latest ports: - containerPort: 443 name: https diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/api-gateway.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/api-gateway.yaml deleted file mode 100644 index 3b59ada305..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/api-gateway.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - name: gateway -spec: - gatewayClassName: gateway-class - listeners: - - protocol: HTTP - port: 80 - name: http - allowedRoutes: - namespaces: - from: "All" - - protocol: HTTPS - port: 443 - name: https - tls: - certificateRefs: - - name: "certificate" - allowedRoutes: - namespaces: - from: "All" diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/external-ref.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/external-ref.yaml deleted file mode 100644 index 57e6dfee7c..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/external-ref.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -apiVersion: consul.hashicorp.com/v1alpha1 -kind: RouteAuthFilter -metadata: - name: route-jwt-auth-filter - namespace: default -spec: - jwt: - providers: - - name: "local" - verifyClaims: - - path: - - role - value: doctor diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/filters.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/filters.yaml deleted file mode 100644 index a35f41ed61..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/filters.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: consul.hashicorp.com/v1alpha1 -kind: RouteRetryFilter -metadata: - name: retrytrafficfilter -spec: - numRetries: 1 - retryOnConnectFailure: false - retryOn: - - reset - - unavailable - retryOnStatusCodes: - - 500 - - 502 - ---- -apiVersion: consul.hashicorp.com/v1alpha1 -kind: RouteTimeoutFilter -metadata: - name: timeouttrafficfilter -spec: - requestTimeout: "1s" - idleTimeout: "1s" \ No newline at end of file diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/gateway-policy.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/gateway-policy.yaml deleted file mode 100644 index 5552d7e085..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/gateway-policy.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -apiVersion: consul.hashicorp.com/v1alpha1 -kind: GatewayPolicy -metadata: - name: my-policy -spec: - targetRef: - name: gateway - sectionName: http-auth - group: gateway.networking.k8s.io/v1beta1 - kind: Gateway - override: - jwt: - providers: - - name: "local" - default: - jwt: - providers: - - name: "local" - verifyClaims: - - path: - - role - value: pet diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/gatewayclassconfig.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/gatewayclassconfig.yaml deleted file mode 100644 index 42c9bee986..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/gatewayclassconfig.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -apiVersion: consul.hashicorp.com/v1alpha1 -kind: GatewayClassConfig -metadata: - name: gateway-class-config -spec: - deployment: - defaultInstances: 2 - maxInstances: 3 - minInstances: 1 \ No newline at end of file diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/httproute.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/httproute.yaml deleted file mode 100644 index 760791cf51..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/httproute.yaml +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: HTTPRoute -metadata: - name: http-route -spec: - parentRefs: - - name: gateway - sectionName: http - rules: - - matches: - - path: - type: PathPrefix - value: "/v1" - backendRefs: - - name: static-server - port: 8080 - filters: - - type: ExtensionRef - extensionRef: - group: consul.hashicorp.com - kind: RouteAuthFilter - name: route-jwt-auth-filter - - type: ExtensionRef - extensionRef: - group: consul.hashicorp.com - kind: RouteRetryFilter - name: retrytrafficfilter - - type: ExtensionRef - extensionRef: - group: consul.hashicorp.com - kind: RouteTimeoutFilter - name: timeouttrafficfilter - - type: RequestHeaderModifier - requestHeaderModifier: - add: - - name: my-header - value: foo - - type: URLRewrite - urlRewrite: - path: - type: "ReplacePrefixMatch" - replacePrefixMatch: "/v1/test" \ No newline at end of file diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/jwt-provider.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/jwt-provider.yaml deleted file mode 100644 index 1e5cbf35d6..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/jwt-provider.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -apiVersion: consul.hashicorp.com/v1alpha1 -kind: JWTProvider -metadata: - name: local -spec: - issuer: local - jsonWebKeySet: - local: - jwks: "ewogICAgImtleXMiOiBbCiAgICAgICAgewogICAgICAgICAgICAicCI6ICI5TTlWSVhJR0hpR3FlTnhseEJ2V0xFV09oUFh3dXhXZUpod01uM3dGdG9STEtfZmF6VWxjWEc1cUViLTdpMXo3VmlPUWVZRnh6WUZYTS1pbVU3OVFRa1dTVUVSazR2dHZuc2R5UnpUSnVPc3A0ZUhuWFVMSHJPOU51NkJ5bC1VeVprMzFvSnFGeGllM0pHQXlRLUM2OVF2NVFkVjFZV0hfVDkyTzk4d1hYZGMiLAogICAgICAgICAgICAia3R5IjogIlJTQSIsCiAgICAgICAgICAgICJxIjogInFIVnZBb3h0ckgxUTVza25veXNMMkhvbC1ubnU3ZlM3Mjg4clRGdE9jeG9Jb29nWXBKVTljemxwcjctSlo2bjc0TUViVHBBMHRkSUR5TEtQQ0xIN3JKTFRrZzBDZVZNQWpmY01zdkRUcWdFOHNBWE42bzd2ZjYya2hwcExYOHVCU3JxSHkyV1JhZXJsbDROU09hcmRGSkQ2MWhHSVF2cEpXRk4xazFTV3pWcyIsCiAgICAgICAgICAgICJkIjogIlp3elJsVklRZkg5ekZ6d1hOZ2hEMHhkZVctalBCbmRkWnJNZ0wwQ2JjeXZZYlg2X1c0ajlhM1dmYWpobmI2bTFILW9CWjRMczVmNXNRVTB2ZFJ2ZG1laFItUG43aWNRcUdURFNKUTYtdWVtNm15UVRWaEo2UmZiM0lINVJ2VDJTOXUzcVFDZWFadWN3aXFoZ1RCbFhnOWFfV0pwVHJYNFhPQ3JCR1ZsTng3Z2JETVJOamNEN0FnRkZ3S2p2TEZVdDRLTkZmdEJqaFF0TDFLQ2VwblNmamtvRm1RUTVlX3RSS2ozX2U1V3pNSkJkekpQejNkR2YxZEk3OF9wYmJFbmFMcWhqNWg0WUx2UU5JUUhVcURYSGx4ZDc1Qlh3aFJReE1nUDRfd1EwTFk2cVRKNGFDa2Q0RDJBTUtqMzJqeVFiVTRKTE9jQjFNMnZBRWFyc2NTU3l0USIsCiAgICAgICAgICAgICJlIjogIkFRQUIiLAogICAgICAgICAgICAidXNlIjogInNpZyIsCiAgICAgICAgICAgICJraWQiOiAiQy1FMW5DandnQkMtUHVHTTJPNDY3RlJEaEt4OEFrVmN0SVNBYm8zcmlldyIsCiAgICAgICAgICAgICJxaSI6ICJ0N2VOQjhQV21xVHdKREZLQlZKZExrZnJJT2drMFJ4MnREODBGNHB5cjhmNzRuNGlVWXFmWG1haVZtbGx2c2FlT3JlNHlIczQ4UE45NVZsZlVvS3Z6ZEJFaDNZTDFINGZTOGlYYXNzNGJiVnVuWHR4U0hMZFFPYUNZYUplSmhBbGMyUWQ4elR0NFFQWk9yRWVWLVJTYU0tN095ekkwUWtSSF9tcmk1YmRrOXMiLAogICAgICAgICAgICAiZHAiOiAiYnBLckQtVXhrRENDal81MFZLU0NFeE1Ec1Zob2VBZm1tNjMxb1o5aDhUTkZ4TUU1YVptbUJ2VzBJUG9wMm1PUF9qTW9FVWxfUG1RYUlBOEgtVEdqTFp2QTMxSlZBeFN3TU5aQzdwaVFPRjYzVnhneTZUTzlmb1hENVdndC1oLUNxU1N6T2V3eFdmUWNTMmpMcTA3NUFxOTYwTnA2SHhjbE8weUdRN1JDSlpjIiwKICAgICAgICAgICAgImFsZyI6ICJQUzI1NiIsCiAgICAgICAgICAgICJkcSI6ICJpdVZveGwwckFKSEM1c2JzbTZpZWQ3c2ZIVXIwS2Rja0hiVFBLb0lPU1BFcU5YaXBlT3BrWkdEdU55NWlDTXNyRnNHaDFrRW9kTkhZdE40ay1USm5KSDliV296SGdXbGloNnN2R1V0Zi1raFMxWC16ckxaMTJudzlyNDRBbjllWG54bjFaVXMxZm5OakltM3dtZ083algyTWxIeVlNVUZVd0RMd09xNEFPUWsiLAogICAgICAgICAgICAibiI6ICJvUmhjeUREdmp3NFZ4SHRRNTZhRDlNSmRTaWhWSk1nTHd1b2FCQVhhc0RjVDNEWVZjcENlVGxDMVBPdzdPNW1Ec2ZSWVFtcGpoendyRDVZWU8yeDE4REl4czdyNTNJdFMxRy1ybnQxQ1diVE9fUzFJT01DR2xxYzh5VWJnLUhSUkRETXQyb2V3TjJoRGtxYlBKVFJNbXpjRkpNMHRpTm1RZVVMcWViZEVYaWVUblJMT1BkMWg2ZmJycVNLS01mSXlIbGZ1WXFQc1VWSEdkMVBESGljZ3NMazFtZDhtYTNIS1hWM0hJdzZrdUV6R0hQb1gxNHo4YWF6RFFZWndUR3ZxVGlPLUdRUlVDZUJueVo4bVhyWnRmSjNqVk83UUhXcEx3MlM1VDVwVTRwcE0xQXppWTFxUDVfY3ZpOTNZT2Zrb09PalRTX3V3RENZWGFxWjB5bTJHYlEiCiAgICAgICAgfQogICAgXQp9Cg==" diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/jwt-route-filter.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/jwt-route-filter.yaml deleted file mode 100644 index 9ea3ee2acd..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/jwt-route-filter.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -apiVersion: consul.hashicorp.com/v1alpha1 -kind: RouteAuthFilter -metadata: - name: route-jwt-auth-filter -spec: - jwt: - providers: - - name: "local" - verifyClaims: - - path: - - role - value: doctor diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/kustomization.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/kustomization.yaml deleted file mode 100644 index 194fc16b6c..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink-ent/kustomization.yaml +++ /dev/null @@ -1,18 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- ../../../bases/api-gateway -- ../../static-server-inject -- filters.yaml -- jwt-provider.yaml -- jwt-route-filter.yaml -- gateway-policy.yaml - - -patches: -- path: gatewayclassconfig.yaml -- path: httproute.yaml -- path: api-gateway.yaml diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/api-gateway.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/api-gateway.yaml deleted file mode 100644 index 3b59ada305..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/api-gateway.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - name: gateway -spec: - gatewayClassName: gateway-class - listeners: - - protocol: HTTP - port: 80 - name: http - allowedRoutes: - namespaces: - from: "All" - - protocol: HTTPS - port: 443 - name: https - tls: - certificateRefs: - - name: "certificate" - allowedRoutes: - namespaces: - from: "All" diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/external-ref.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/external-ref.yaml deleted file mode 100644 index 57e6dfee7c..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/external-ref.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -apiVersion: consul.hashicorp.com/v1alpha1 -kind: RouteAuthFilter -metadata: - name: route-jwt-auth-filter - namespace: default -spec: - jwt: - providers: - - name: "local" - verifyClaims: - - path: - - role - value: doctor diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/filters.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/filters.yaml deleted file mode 100644 index a35f41ed61..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/filters.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: consul.hashicorp.com/v1alpha1 -kind: RouteRetryFilter -metadata: - name: retrytrafficfilter -spec: - numRetries: 1 - retryOnConnectFailure: false - retryOn: - - reset - - unavailable - retryOnStatusCodes: - - 500 - - 502 - ---- -apiVersion: consul.hashicorp.com/v1alpha1 -kind: RouteTimeoutFilter -metadata: - name: timeouttrafficfilter -spec: - requestTimeout: "1s" - idleTimeout: "1s" \ No newline at end of file diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/gateway-policy.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/gateway-policy.yaml deleted file mode 100644 index 5552d7e085..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/gateway-policy.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -apiVersion: consul.hashicorp.com/v1alpha1 -kind: GatewayPolicy -metadata: - name: my-policy -spec: - targetRef: - name: gateway - sectionName: http-auth - group: gateway.networking.k8s.io/v1beta1 - kind: Gateway - override: - jwt: - providers: - - name: "local" - default: - jwt: - providers: - - name: "local" - verifyClaims: - - path: - - role - value: pet diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/gatewayclassconfig.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/gatewayclassconfig.yaml deleted file mode 100644 index 42c9bee986..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/gatewayclassconfig.yaml +++ /dev/null @@ -1,12 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -apiVersion: consul.hashicorp.com/v1alpha1 -kind: GatewayClassConfig -metadata: - name: gateway-class-config -spec: - deployment: - defaultInstances: 2 - maxInstances: 3 - minInstances: 1 \ No newline at end of file diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/httproute.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/httproute.yaml deleted file mode 100644 index 519b790a4d..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/httproute.yaml +++ /dev/null @@ -1,40 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: HTTPRoute -metadata: - name: http-route -spec: - parentRefs: - - name: gateway - sectionName: http - rules: - - matches: - - path: - type: PathPrefix - value: "/v1" - backendRefs: - - name: static-server - port: 8080 - filters: - - type: ExtensionRef - extensionRef: - group: consul.hashicorp.com - kind: RouteRetryFilter - name: retrytrafficfilter - - type: ExtensionRef - extensionRef: - group: consul.hashicorp.com - kind: RouteTimeoutFilter - name: timeouttrafficfilter - - type: RequestHeaderModifier - requestHeaderModifier: - add: - - name: my-header - value: foo - - type: URLRewrite - urlRewrite: - path: - type: "ReplacePrefixMatch" - replacePrefixMatch: "/v1/test" \ No newline at end of file diff --git a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/kustomization.yaml b/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/kustomization.yaml deleted file mode 100644 index 55a32c7260..0000000000 --- a/acceptance/tests/fixtures/cases/api-gateways/kitchen-sink/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- ../../../bases/api-gateway -- ../../static-server-inject -- filters.yaml - - -patches: -- path: gatewayclassconfig.yaml -- path: httproute.yaml -- path: api-gateway.yaml diff --git a/charts/consul/Chart.yaml b/charts/consul/Chart.yaml index c33e0f4dac..cc174f7206 100644 --- a/charts/consul/Chart.yaml +++ b/charts/consul/Chart.yaml @@ -3,8 +3,8 @@ apiVersion: v2 name: consul -version: 1.4.0-dev -appVersion: 1.18-dev +version: 1.3.1-dev +appVersion: 1.17-dev kubeVersion: ">=1.22.0-0" description: Official HashiCorp Consul Chart home: https://www.consul.io @@ -16,11 +16,11 @@ annotations: artifacthub.io/prerelease: true artifacthub.io/images: | - name: consul - image: docker.mirror.hashicorp.services/hashicorppreview/consul:1.18-dev + image: docker.mirror.hashicorp.services/hashicorppreview/consul:1.17-dev - name: consul-k8s-control-plane - image: docker.mirror.hashicorp.services/hashicorppreview/consul-k8s-control-plane:1.4-dev + image: docker.mirror.hashicorp.services/hashicorppreview/consul-k8s-control-plane:1.3.1-dev - name: consul-dataplane - image: docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.4-dev + image: docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.3-dev - name: envoy image: envoyproxy/envoy:v1.25.11 artifacthub.io/license: MPL-2.0 diff --git a/charts/consul/templates/crd-meshgateways.yaml b/charts/consul/templates/crd-meshgateways.yaml deleted file mode 100644 index c2a376bd12..0000000000 --- a/charts/consul/templates/crd-meshgateways.yaml +++ /dev/null @@ -1,100 +0,0 @@ -{{- if .Values.connectInject.enabled }} -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.1 - labels: - app: {{ template "consul.name" . }} - chart: {{ template "consul.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - component: crd - name: meshgateways.mesh.consul.hashicorp.com -spec: - group: mesh.consul.hashicorp.com - names: - kind: MeshGateway - listKind: MeshGatewayList - plural: meshgateways - shortNames: - - mesh-gateway - singular: meshgateway - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The sync status of the resource with Consul - jsonPath: .status.conditions[?(@.type=="Synced")].status - name: Synced - type: string - - description: The last successful synced time of the resource with Consul - jsonPath: .status.lastSyncedTime - name: Last Synced - type: date - - description: The age of the resource - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v2beta1 - schema: - openAPIV3Schema: - description: MeshGateway is the Schema for the Mesh Gateway API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - status: - properties: - conditions: - description: Conditions indicate the latest available observations - of a resource's current state. - items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: A human readable message indicating details about - the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - status - - type - type: object - type: array - lastSyncedTime: - description: LastSyncedTime is the last time the resource successfully - synced with Consul. - format: date-time - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} -{{- end }} diff --git a/charts/consul/templates/gateway-resources-configmap.yaml b/charts/consul/templates/gateway-resources-configmap.yaml index 5c19fbebe5..591aaa2129 100644 --- a/charts/consul/templates/gateway-resources-configmap.yaml +++ b/charts/consul/templates/gateway-resources-configmap.yaml @@ -16,23 +16,4 @@ data: resources.json: | {{ toJson .Values.connectInject.apiGateway.managedGatewayClass.resources }} {{- end }} - {{- if (mustHas "resource-apis" .Values.global.experiments) }} - config.yaml: | - gatewayClassConfigs: - - apiVersion: mesh.consul.hashicorp.com/v2beta1 - metadata: - name: consul-mesh-gateway - namespace: {{ .Release.Namespace }} - kind: gatewayClassConfig - spec: - deployment: - resources: - {{ .Values.meshGateway.resources }} - nodeSelector: {{ .Values.meshGateway.nodeSelector }} - serviceType: {{ .Values.meshGateway.service.type }} - meshGateways: - - name: mesh-gateway - spec: - gatewayClassName: consul-mesh-gateway - {{- end }} {{- end }} diff --git a/charts/consul/templates/gateway-resources-job.yaml b/charts/consul/templates/gateway-resources-job.yaml index 5934372ed3..1136d2e0fe 100644 --- a/charts/consul/templates/gateway-resources-job.yaml +++ b/charts/consul/templates/gateway-resources-job.yaml @@ -51,7 +51,7 @@ spec: - -heritage={{ .Release.Service }} - -release-name={{ .Release.Name }} - -component=api-gateway - {{- if .Values.apiGateway.enabled }} # Override values from the old stanza. To be removed after ~1.18 (t-eckert 2023-05-19) NET-6263 + {{- if .Values.apiGateway.enabled }} # Overide values from the old stanza. To be removed in 1.17 (t-eckert 2023-05-19) {{- if .Values.apiGateway.managedGatewayClass.deployment }} {{- if .Values.apiGateway.managedGatewayClass.deployment.defaultInstances }} - -deployment-default-instances={{ .Values.apiGateway.managedGatewayClass.deployment.defaultInstances }} diff --git a/charts/consul/templates/telemetry-collector-deployment.yaml b/charts/consul/templates/telemetry-collector-deployment.yaml index 780884f999..396cc147ab 100644 --- a/charts/consul/templates/telemetry-collector-deployment.yaml +++ b/charts/consul/templates/telemetry-collector-deployment.yaml @@ -287,12 +287,13 @@ spec: - -login-auth-method={{ template "consul.fullname" . }}-k8s-auth-method {{- if .Values.global.enableConsulNamespaces }} {{- if .Values.syncCatalog.consulNamespaces.mirroringK8S }} - - -login-namespace=default + - -login-namespace="default" {{- else }} - -login-namespace={{ .Values.syncCatalog.consulNamespaces.consulDestinationNamespace }} {{- end }} {{- end }} {{- if .Values.global.adminPartitions.enabled }} + - foo - -login-partition={{ .Values.global.adminPartitions.name }} {{- end }} {{- end }} diff --git a/charts/consul/templates/telemetry-collector-v2-deployment.yaml b/charts/consul/templates/telemetry-collector-v2-deployment.yaml index 86b4edf159..a88277f3b2 100644 --- a/charts/consul/templates/telemetry-collector-v2-deployment.yaml +++ b/charts/consul/templates/telemetry-collector-v2-deployment.yaml @@ -275,12 +275,13 @@ spec: - -login-auth-method={{ template "consul.fullname" . }}-k8s-auth-method {{- if .Values.global.enableConsulNamespaces }} {{- if .Values.syncCatalog.consulNamespaces.mirroringK8S }} - - -login-namespace=default + - -login-namespace="default" {{- else }} - -login-namespace={{ .Values.syncCatalog.consulNamespaces.consulDestinationNamespace }} {{- end }} {{- end }} {{- if .Values.global.adminPartitions.enabled }} + - foo - -login-partition={{ .Values.global.adminPartitions.name }} {{- end }} {{- end }} diff --git a/charts/consul/test/unit/gateway-resources-configmap.bats b/charts/consul/test/unit/gateway-resources-configmap.bats index 5c0182f602..80225eeefb 100644 --- a/charts/consul/test/unit/gateway-resources-configmap.bats +++ b/charts/consul/test/unit/gateway-resources-configmap.bats @@ -44,28 +44,3 @@ load _helpers local actual=$(echo $resources | jq -r '.limits.cpu') [ $actual = '220m' ] } - -@test "gateway-resources/ConfigMap: does not contain config.yaml resources without .global.experiments equal to resource-apis" { - cd `chart_dir` - local resources=$(helm template \ - -s templates/gateway-resources-configmap.yaml \ - --set 'connectInject.enabled=true' \ - --set 'ui.enabled=false' \ - . | tee /dev/stderr | - yq '.data["config.yaml"]' | tee /dev/stderr) - [ $resources = null ] - -} - -@test "gateway-resources/ConfigMap: contains config.yaml resources with .global.experiments equal to resource-apis" { - cd `chart_dir` - local resources=$(helm template \ - -s templates/gateway-resources-configmap.yaml \ - --set 'connectInject.enabled=true' \ - --set 'global.experiments[0]=resource-apis' \ - --set 'ui.enabled=false' \ - . | tee /dev/stderr | - yq '.data["config.yaml"]' | tee /dev/stderr) - - [ "$resources" != null ] -} diff --git a/charts/consul/test/unit/telemetry-collector-deployment.bats b/charts/consul/test/unit/telemetry-collector-deployment.bats index 60b87961b5..432200541b 100755 --- a/charts/consul/test/unit/telemetry-collector-deployment.bats +++ b/charts/consul/test/unit/telemetry-collector-deployment.bats @@ -1212,40 +1212,4 @@ MIICFjCCAZsCCQCdwLtdjbzlYzAKBggqhkjOPQQDAjB0MQswCQYDVQQGEwJDQTEL' \ --set 'ui.enabled=false' \ --set 'global.experiments[0]=resource-apis' \ . -} - -#-------------------------------------------------------------------- -# Namespaces - -@test "telemetryCollector/Deployment: namespace flags when mirroringK8S" { - cd `chart_dir` - local object=$(helm template \ - -s templates/telemetry-collector-deployment.yaml \ - --set 'telemetryCollector.enabled=true' \ - --set 'telemetryCollector.image=bar' \ - --set 'global.enableConsulNamespaces=true' \ - --set 'global.acls.manageSystemACLs=true' \ - --set 'syncCatalog.consulNamespaces.mirroringK8S=true' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec' | tee /dev/stderr) - - local actual=$(echo $object | jq -r '.containers[1].args | any(contains("-login-namespace=default"))' | tee /dev/stderr) - [ "${actual}" = 'true' ] -} - -@test "telemetryCollector/Deployment: namespace flags when syncCatalog" { - cd `chart_dir` - local object=$(helm template \ - -s templates/telemetry-collector-deployment.yaml \ - --set 'telemetryCollector.enabled=true' \ - --set 'telemetryCollector.image=bar' \ - --set 'global.enableConsulNamespaces=true' \ - --set 'global.acls.manageSystemACLs=true' \ - --set 'syncCatalog.consulNamespaces.mirroringK8S=false' \ - --set 'syncCatalog.consulNamespaces.consulDestinationNamespace=fakenamespace' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers' | tee /dev/stderr) - - local actual=$(echo $object | jq -r '.[1].args | any(contains("-login-namespace=fakenamespace"))' | tee /dev/stderr) - [ "${actual}" = 'true' ] -} +} \ No newline at end of file diff --git a/charts/consul/test/unit/telemetry-collector-v2-deployment.bats b/charts/consul/test/unit/telemetry-collector-v2-deployment.bats index a53882731c..f1d5de2597 100755 --- a/charts/consul/test/unit/telemetry-collector-v2-deployment.bats +++ b/charts/consul/test/unit/telemetry-collector-v2-deployment.bats @@ -1348,43 +1348,3 @@ MIICFjCCAZsCCQCdwLtdjbzlYzAKBggqhkjOPQQDAjB0MQswCQYDVQQGEwJDQTEL' \ --set 'telemetryCollector.image=bar' \ . } - -#-------------------------------------------------------------------- -# Namespaces - -@test "telemetryCollector/Deployment(V2): namespace flags when mirroringK8S" { - cd `chart_dir` - local object=$(helm template \ - -s templates/telemetry-collector-v2-deployment.yaml \ - --set 'ui.enabled=false' \ - --set 'global.experiments[0]=resource-apis' \ - --set 'telemetryCollector.enabled=true' \ - --set 'telemetryCollector.image=bar' \ - --set 'global.enableConsulNamespaces=true' \ - --set 'global.acls.manageSystemACLs=true' \ - --set 'syncCatalog.consulNamespaces.mirroringK8S=true' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec' | tee /dev/stderr) - - local actual=$(echo $object | jq -r '.containers[1].args | any(contains("-login-namespace=default"))' | tee /dev/stderr) - [ "${actual}" = 'true' ] -} - -@test "telemetryCollector/Deployment(V2): namespace flags when syncCatalog" { - cd `chart_dir` - local object=$(helm template \ - -s templates/telemetry-collector-v2-deployment.yaml \ - --set 'ui.enabled=false' \ - --set 'global.experiments[0]=resource-apis' \ - --set 'telemetryCollector.enabled=true' \ - --set 'telemetryCollector.image=bar' \ - --set 'global.enableConsulNamespaces=true' \ - --set 'global.acls.manageSystemACLs=true' \ - --set 'syncCatalog.consulNamespaces.mirroringK8S=false' \ - --set 'syncCatalog.consulNamespaces.consulDestinationNamespace=fakenamespace' \ - . | tee /dev/stderr | - yq -r '.spec.template.spec.containers' | tee /dev/stderr) - - local actual=$(echo $object | jq -r '.[1].args | any(contains("-login-namespace=fakenamespace"))' | tee /dev/stderr) - [ "${actual}" = 'true' ] -} diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml index 577d1af369..8c94af9e60 100644 --- a/charts/consul/values.yaml +++ b/charts/consul/values.yaml @@ -66,7 +66,7 @@ global: # image: "hashicorp/consul-enterprise:1.10.0-ent" # ``` # @default: hashicorp/consul: - image: docker.mirror.hashicorp.services/hashicorppreview/consul:1.18-dev + image: docker.mirror.hashicorp.services/hashicorppreview/consul:1.17-dev # Array of objects containing image pull secret names that will be applied to each service account. # This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image. @@ -86,7 +86,7 @@ global: # image that is used for functionality such as catalog sync. # This can be overridden per component. # @default: hashicorp/consul-k8s-control-plane: - imageK8S: docker.mirror.hashicorp.services/hashicorppreview/consul-k8s-control-plane:1.4-dev + imageK8S: docker.mirror.hashicorp.services/hashicorppreview/consul-k8s-control-plane:1.3.1-dev # The name of the datacenter that the agents should # register as. This can't be changed once the Consul cluster is up and running @@ -639,7 +639,7 @@ global: # The name (and tag) of the consul-dataplane Docker image used for the # connect-injected sidecar proxies and mesh, terminating, and ingress gateways. # @default: hashicorp/consul-dataplane: - imageConsulDataplane: docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.4-dev + imageConsulDataplane: docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.3-dev # Configuration for running this Helm chart on the Red Hat OpenShift platform. # This Helm chart currently supports OpenShift v4.x+. diff --git a/cli/version/version.go b/cli/version/version.go index da2c79a1b4..5a57c3c261 100644 --- a/cli/version/version.go +++ b/cli/version/version.go @@ -17,7 +17,7 @@ var ( // // Version must conform to the format expected by // github.com/hashicorp/go-version for tests to work. - Version = "1.4.0" + Version = "1.3.1" // A pre-release marker for the version. If this is "" (empty string) // then it means that it is a final release. Otherwise, this is a pre-release diff --git a/control-plane/Dockerfile.dev b/control-plane/Dockerfile.dev deleted file mode 100644 index 5da7e2a236..0000000000 --- a/control-plane/Dockerfile.dev +++ /dev/null @@ -1,11 +0,0 @@ -# DANGER: this dockerfile is experimental and could be modified/removed at any time. -# A simple image for testing changes to consul-k8s -# -# Meant to be used with the following make target -# DEV_IMAGE= make control-plane-dev-skaffold - -FROM hashicorp/consul-k8s-control-plane as cache -ARG TARGETARCH - -COPY pkg/bin/linux_${TARGETARCH}/consul-k8s-control-plane /bin -COPY cni/pkg/bin/linux_${TARGETARCH}/consul-cni /bin diff --git a/control-plane/api/mesh/v2beta1/mesh_gateway_types.go b/control-plane/api/mesh/v2beta1/mesh_gateway_types.go deleted file mode 100644 index 59fe712768..0000000000 --- a/control-plane/api/mesh/v2beta1/mesh_gateway_types.go +++ /dev/null @@ -1,151 +0,0 @@ -// // Copyright (c) HashiCorp, Inc. -// // SPDX-License-Identifier: MPL-2.0 -package v2beta1 - -import ( - "fmt" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" - "github.com/hashicorp/consul-k8s/control-plane/api/common" - inject "github.com/hashicorp/consul-k8s/control-plane/connect-inject/common" - "github.com/hashicorp/consul-k8s/control-plane/connect-inject/constants" - pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1" - "github.com/hashicorp/consul/proto-public/pbresource" - "google.golang.org/protobuf/testing/protocmp" - corev1 "k8s.io/api/core/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -const ( - meshGatewayKubeKind = "meshgateway" -) - -func init() { - MeshSchemeBuilder.Register(&MeshGateway{}, &MeshGatewayList{}) -} - -// +kubebuilder:object:root=true -// +kubebuilder:subresource:status - -// MeshGateway is the Schema for the Mesh Gateway API -// +kubebuilder:printcolumn:name="Synced",type="string",JSONPath=".status.conditions[?(@.type==\"Synced\")].status",description="The sync status of the resource with Consul" -// +kubebuilder:printcolumn:name="Last Synced",type="date",JSONPath=".status.lastSyncedTime",description="The last successful synced time of the resource with Consul" -// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="The age of the resource" -// +kubebuilder:resource:shortName="mesh-gateway" -type MeshGateway struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec pbmesh.MeshGateway `json:"spec,omitempty"` - Status `json:"status,omitempty"` -} - -// +kubebuilder:object:root=true - -// MeshGatewayList contains a list of MeshGateway. -type MeshGatewayList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []*MeshGateway `json:"items"` -} - -func (in *MeshGateway) ResourceID(namespace, partition string) *pbresource.ID { - return &pbresource.ID{ - Name: in.Name, - Type: pbmesh.MeshGatewayType, - Tenancy: &pbresource.Tenancy{ - Partition: partition, - Namespace: namespace, - - // Because we are explicitly defining NS/partition, this will not default and must be explicit. - // At a future point, this will move out of the Tenancy block. - PeerName: constants.DefaultConsulPeer, - }, - } -} - -func (in *MeshGateway) Resource(namespace, partition string) *pbresource.Resource { - return &pbresource.Resource{ - Id: in.ResourceID(namespace, partition), - Data: inject.ToProtoAny(&in.Spec), - Metadata: meshConfigMeta(), - } -} - -func (in *MeshGateway) AddFinalizer(f string) { - in.ObjectMeta.Finalizers = append(in.Finalizers(), f) -} - -func (in *MeshGateway) RemoveFinalizer(f string) { - var newFinalizers []string - for _, oldF := range in.Finalizers() { - if oldF != f { - newFinalizers = append(newFinalizers, oldF) - } - } - in.ObjectMeta.Finalizers = newFinalizers -} - -func (in *MeshGateway) Finalizers() []string { - return in.ObjectMeta.Finalizers -} - -func (in *MeshGateway) MatchesConsul(candidate *pbresource.Resource, namespace, partition string) bool { - return cmp.Equal( - in.Resource(namespace, partition), - candidate, - protocmp.IgnoreFields(&pbresource.Resource{}, "status", "generation", "version"), - protocmp.IgnoreFields(&pbresource.ID{}, "uid"), - protocmp.Transform(), - cmpopts.SortSlices(func(a, b any) bool { return fmt.Sprintf("%v", a) < fmt.Sprintf("%v", b) }), - ) -} - -func (in *MeshGateway) KubeKind() string { - return meshGatewayKubeKind -} - -func (in *MeshGateway) KubernetesName() string { - return in.ObjectMeta.Name -} - -func (in *MeshGateway) SetSyncedCondition(status corev1.ConditionStatus, reason, message string) { - in.Status.Conditions = Conditions{ - { - Type: ConditionSynced, - Status: status, - LastTransitionTime: metav1.Now(), - Reason: reason, - Message: message, - }, - } -} - -func (in *MeshGateway) SetLastSyncedTime(time *metav1.Time) { - in.Status.LastSyncedTime = time -} - -func (in *MeshGateway) SyncedCondition() (status corev1.ConditionStatus, reason, message string) { - cond := in.Status.GetCondition(ConditionSynced) - if cond == nil { - return corev1.ConditionUnknown, "", "" - } - return cond.Status, cond.Reason, cond.Message -} - -func (in *MeshGateway) SyncedConditionStatus() corev1.ConditionStatus { - condition := in.Status.GetCondition(ConditionSynced) - if condition == nil { - return corev1.ConditionUnknown - } - return condition.Status -} - -func (in *MeshGateway) Validate(tenancy common.ConsulTenancyConfig) error { - // TODO add validation logic that ensures we only ever write this to the default namespace. - return nil -} - -// DefaultNamespaceFields is required as part of the common.MeshConfig interface. -func (in *MeshGateway) DefaultNamespaceFields(tenancy common.ConsulTenancyConfig) {} diff --git a/control-plane/api/mesh/v2beta1/zz_generated.deepcopy.go b/control-plane/api/mesh/v2beta1/zz_generated.deepcopy.go index 9acfd073ef..2d7aadbee7 100644 --- a/control-plane/api/mesh/v2beta1/zz_generated.deepcopy.go +++ b/control-plane/api/mesh/v2beta1/zz_generated.deepcopy.go @@ -172,69 +172,6 @@ func (in *HTTPRouteList) DeepCopyObject() runtime.Object { return nil } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MeshGateway) DeepCopyInto(out *MeshGateway) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) - in.Spec.DeepCopyInto(&out.Spec) - in.Status.DeepCopyInto(&out.Status) -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshGateway. -func (in *MeshGateway) DeepCopy() *MeshGateway { - if in == nil { - return nil - } - out := new(MeshGateway) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *MeshGateway) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MeshGatewayList) DeepCopyInto(out *MeshGatewayList) { - *out = *in - out.TypeMeta = in.TypeMeta - in.ListMeta.DeepCopyInto(&out.ListMeta) - if in.Items != nil { - in, out := &in.Items, &out.Items - *out = make([]*MeshGateway, len(*in)) - for i := range *in { - if (*in)[i] != nil { - in, out := &(*in)[i], &(*out)[i] - *out = new(MeshGateway) - (*in).DeepCopyInto(*out) - } - } - } -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MeshGatewayList. -func (in *MeshGatewayList) DeepCopy() *MeshGatewayList { - if in == nil { - return nil - } - out := new(MeshGatewayList) - in.DeepCopyInto(out) - return out -} - -// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. -func (in *MeshGatewayList) DeepCopyObject() runtime.Object { - if c := in.DeepCopy(); c != nil { - return c - } - return nil -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ProxyConfiguration) DeepCopyInto(out *ProxyConfiguration) { *out = *in diff --git a/control-plane/config/crd/bases/mesh.consul.hashicorp.com_meshgateways.yaml b/control-plane/config/crd/bases/mesh.consul.hashicorp.com_meshgateways.yaml deleted file mode 100644 index 6fc79979cf..0000000000 --- a/control-plane/config/crd/bases/mesh.consul.hashicorp.com_meshgateways.yaml +++ /dev/null @@ -1,95 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.1 - name: meshgateways.mesh.consul.hashicorp.com -spec: - group: mesh.consul.hashicorp.com - names: - kind: MeshGateway - listKind: MeshGatewayList - plural: meshgateways - shortNames: - - mesh-gateway - singular: meshgateway - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The sync status of the resource with Consul - jsonPath: .status.conditions[?(@.type=="Synced")].status - name: Synced - type: string - - description: The last successful synced time of the resource with Consul - jsonPath: .status.lastSyncedTime - name: Last Synced - type: date - - description: The age of the resource - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v2beta1 - schema: - openAPIV3Schema: - description: MeshGateway is the Schema for the Mesh Gateway API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - status: - properties: - conditions: - description: Conditions indicate the latest available observations - of a resource's current state. - items: - description: 'Conditions define a readiness condition for a Consul - resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition - transitioned from one status to another. - format: date-time - type: string - message: - description: A human readable message indicating details about - the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - required: - - status - - type - type: object - type: array - lastSyncedTime: - description: LastSyncedTime is the last time the resource successfully - synced with Consul. - format: date-time - type: string - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/control-plane/connect-inject/common/common.go b/control-plane/connect-inject/common/common.go index 99372f7aec..baf74dabb3 100644 --- a/control-plane/connect-inject/common/common.go +++ b/control-plane/connect-inject/common/common.go @@ -202,7 +202,7 @@ func ConsulNamespaceIsNotFound(err error) bool { if !ok { return false } - if codes.InvalidArgument == s.Code() && strings.Contains(s.Message(), "namespace not found") { + if codes.InvalidArgument == s.Code() && strings.Contains(s.Message(), "namespace resource not found") { return true } return false diff --git a/control-plane/connect-inject/common/common_test.go b/control-plane/connect-inject/common/common_test.go index f7fff948a6..3f41c414fb 100644 --- a/control-plane/connect-inject/common/common_test.go +++ b/control-plane/connect-inject/common/common_test.go @@ -507,7 +507,7 @@ func Test_ConsulNamespaceIsNotFound(t *testing.T) { }, { name: "namespace is missing", - input: status.Error(codes.InvalidArgument, "namespace not found"), + input: status.Error(codes.InvalidArgument, "namespace resource not found"), expectMissingNamespace: true, }, } @@ -572,7 +572,7 @@ func Test_ConsulNamespaceIsNotFound_ErrorMsg(t *testing.T) { s, ok := status.FromError(err) require.True(t, ok) require.Equal(t, codes.InvalidArgument, s.Code()) - require.Contains(t, s.Message(), "namespace not found") + require.Contains(t, s.Message(), "namespace resource not found") require.True(t, ConsulNamespaceIsNotFound(err)) } diff --git a/control-plane/go.mod b/control-plane/go.mod index eb84c72225..5640ab6f5d 100644 --- a/control-plane/go.mod +++ b/control-plane/go.mod @@ -1,9 +1,5 @@ module github.com/hashicorp/consul-k8s/control-plane -// TODO: Remove this when the next version of the submodule is released. -// We need to use a replace directive instead of directly pinning because `api` requires version `0.5.1` and will clobber the pin, but not the replace directive. -replace github.com/hashicorp/consul/proto-public => github.com/hashicorp/consul/proto-public v0.1.2-0.20231109213314-40c57f10a0fb - require ( github.com/cenkalti/backoff v2.2.1+incompatible github.com/containernetworking/cni v1.1.1 diff --git a/control-plane/go.sum b/control-plane/go.sum index 40c39844ff..161a8184e8 100644 --- a/control-plane/go.sum +++ b/control-plane/go.sum @@ -265,8 +265,8 @@ github.com/hashicorp/consul-server-connection-manager v0.1.6 h1:ktj8Fi+dRXn9hhM+ github.com/hashicorp/consul-server-connection-manager v0.1.6/go.mod h1:HngMIv57MT+pqCVeRQMa1eTB5dqnyMm8uxjyv+Hn8cs= github.com/hashicorp/consul/api v1.26.1 h1:5oSXOO5fboPZeW5SN+TdGFP/BILDgBm19OrPZ/pICIM= github.com/hashicorp/consul/api v1.26.1/go.mod h1:B4sQTeaSO16NtynqrAdwOlahJ7IUDZM9cj2420xYL8A= -github.com/hashicorp/consul/proto-public v0.1.2-0.20231109213314-40c57f10a0fb h1:Vy9tVDskUrWMXCyMJHpChxRjzJVjWSsSZ457X1dZAWo= -github.com/hashicorp/consul/proto-public v0.1.2-0.20231109213314-40c57f10a0fb/go.mod h1:SayEhfXS3DQDnW/vKSZXvkwDObg7XK60KTfrJcp0wrg= +github.com/hashicorp/consul/proto-public v0.5.1 h1:g4xHZ7rJ56iktDi1uThKp+IbvHrP6nveZeGVt2Qw5x0= +github.com/hashicorp/consul/proto-public v0.5.1/go.mod h1:SayEhfXS3DQDnW/vKSZXvkwDObg7XK60KTfrJcp0wrg= github.com/hashicorp/consul/sdk v0.15.0 h1:2qK9nDrr4tiJKRoxPGhm6B7xJjLVIQqkjiab2M4aKjU= github.com/hashicorp/consul/sdk v0.15.0/go.mod h1:r/OmRRPbHOe0yxNahLw7G9x5WG17E1BIECMtCjcPSNo= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= diff --git a/control-plane/version/version.go b/control-plane/version/version.go index da2c79a1b4..5a57c3c261 100644 --- a/control-plane/version/version.go +++ b/control-plane/version/version.go @@ -17,7 +17,7 @@ var ( // // Version must conform to the format expected by // github.com/hashicorp/go-version for tests to work. - Version = "1.4.0" + Version = "1.3.1" // A pre-release marker for the version. If this is "" (empty string) // then it means that it is a final release. Otherwise, this is a pre-release