From 81a9331fd2c539bd8d87176803897e7df7b6cd85 Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Fri, 3 Dec 2021 17:02:02 -0500 Subject: [PATCH 01/16] Rename partitionExports to exportedServices - Update anonymous token job to not run in non-default partitions. The current implementation breaks against the latest consul version. --- .../exportedservices_controller.go | 46 ++++++++++++++ control-plane/controllers/suite_test.go | 60 +++++++++++++++++++ control-plane/go.mod | 4 ++ 3 files changed, 110 insertions(+) create mode 100644 control-plane/controllers/exportedservices_controller.go create mode 100644 control-plane/controllers/suite_test.go diff --git a/control-plane/controllers/exportedservices_controller.go b/control-plane/controllers/exportedservices_controller.go new file mode 100644 index 0000000000..3b11783a49 --- /dev/null +++ b/control-plane/controllers/exportedservices_controller.go @@ -0,0 +1,46 @@ +package controllers + +import ( + "context" + + "github.com/go-logr/logr" + "k8s.io/apimachinery/pkg/runtime" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" +) + +// ExportedServicesReconciler reconciles a ExportedServices object +type ExportedServicesReconciler struct { + client.Client + Log logr.Logger + Scheme *runtime.Scheme +} + +//+kubebuilder:rbac:groups=consul.hashicorp.com,resources=exportedservices,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=consul.hashicorp.com,resources=exportedservices/status,verbs=get;update;patch + +// Reconcile is part of the main kubernetes reconciliation loop which aims to +// move the current state of the cluster closer to the desired state. +// TODO(user): Modify the Reconcile function to compare the state specified by +// the ExportedServices object against the actual cluster state, and then +// perform operations to make the cluster state reflect the state specified by +// the user. +// +// For more details, check Reconcile and its Result here: +// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.6.4/pkg/reconcile +func (r *ExportedServicesReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { + _ = context.Background() + _ = r.Log.WithValues("exportedservices", req.NamespacedName) + + // your logic here + + return ctrl.Result{}, nil +} + +// SetupWithManager sets up the controller with the Manager. +func (r *ExportedServicesReconciler) SetupWithManager(mgr ctrl.Manager) error { + return ctrl.NewControllerManagedBy(mgr). + // Uncomment the following line adding a pointer to an instance of the controlled resource as an argument + // For(). + Complete(r) +} diff --git a/control-plane/controllers/suite_test.go b/control-plane/controllers/suite_test.go new file mode 100644 index 0000000000..d81e985dc5 --- /dev/null +++ b/control-plane/controllers/suite_test.go @@ -0,0 +1,60 @@ +package controllers + +import ( + "path/filepath" + "testing" + + . "github.com/onsi/ginkgo" + . "github.com/onsi/gomega" + "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/rest" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/envtest" + "sigs.k8s.io/controller-runtime/pkg/envtest/printer" + logf "sigs.k8s.io/controller-runtime/pkg/log" + "sigs.k8s.io/controller-runtime/pkg/log/zap" + //+kubebuilder:scaffold:imports +) + +// These tests use Ginkgo (BDD-style Go testing framework). Refer to +// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. + +var cfg *rest.Config +var k8sClient client.Client +var testEnv *envtest.Environment + +func TestAPIs(t *testing.T) { + RegisterFailHandler(Fail) + + RunSpecsWithDefaultAndCustomReporters(t, + "Controller Suite", + []Reporter{printer.NewlineReporter{}}) +} + +var _ = BeforeSuite(func(done Done) { + logf.SetLogger(zap.LoggerTo(GinkgoWriter, true)) + + By("bootstrapping test environment") + testEnv = &envtest.Environment{ + CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")}, + } + + var err error + cfg, err = testEnv.Start() + Expect(err).ToNot(HaveOccurred()) + Expect(cfg).ToNot(BeNil()) + + //+kubebuilder:scaffold:scheme + + k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) + Expect(err).ToNot(HaveOccurred()) + Expect(k8sClient).ToNot(BeNil()) + + close(done) +}, 60) + +var _ = AfterSuite(func() { + By("tearing down the test environment") + err := testEnv.Stop() + Expect(err).ToNot(HaveOccurred()) +}) diff --git a/control-plane/go.mod b/control-plane/go.mod index 2e1a81424b..edb3e93d03 100644 --- a/control-plane/go.mod +++ b/control-plane/go.mod @@ -16,6 +16,8 @@ require ( github.com/mitchellh/cli v1.1.0 github.com/mitchellh/go-homedir v1.1.0 github.com/mitchellh/mapstructure v1.4.1 + github.com/onsi/ginkgo v1.16.4 + github.com/onsi/gomega v1.15.0 github.com/stretchr/testify v1.7.0 go.uber.org/zap v1.19.0 golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac @@ -87,6 +89,7 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.1 // indirect github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2 // indirect + github.com/nxadm/tail v1.4.8 // indirect github.com/packethost/packngo v0.1.1-0.20180711074735-b9cb5096f54c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect @@ -120,6 +123,7 @@ require ( google.golang.org/protobuf v1.26.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/resty.v1 v1.12.0 // indirect + gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect k8s.io/apiextensions-apiserver v0.22.2 // indirect From c38b3cb392f4ae49db99f8d52775ca08fd5490be Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Sat, 4 Dec 2021 09:16:27 -0500 Subject: [PATCH 02/16] Update consul API where exportedservices are renamed. --- .../exportedservices_controller.go | 46 -------------- control-plane/controllers/suite_test.go | 60 ------------------- control-plane/go.mod | 4 -- 3 files changed, 110 deletions(-) delete mode 100644 control-plane/controllers/exportedservices_controller.go delete mode 100644 control-plane/controllers/suite_test.go diff --git a/control-plane/controllers/exportedservices_controller.go b/control-plane/controllers/exportedservices_controller.go deleted file mode 100644 index 3b11783a49..0000000000 --- a/control-plane/controllers/exportedservices_controller.go +++ /dev/null @@ -1,46 +0,0 @@ -package controllers - -import ( - "context" - - "github.com/go-logr/logr" - "k8s.io/apimachinery/pkg/runtime" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" -) - -// ExportedServicesReconciler reconciles a ExportedServices object -type ExportedServicesReconciler struct { - client.Client - Log logr.Logger - Scheme *runtime.Scheme -} - -//+kubebuilder:rbac:groups=consul.hashicorp.com,resources=exportedservices,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=consul.hashicorp.com,resources=exportedservices/status,verbs=get;update;patch - -// Reconcile is part of the main kubernetes reconciliation loop which aims to -// move the current state of the cluster closer to the desired state. -// TODO(user): Modify the Reconcile function to compare the state specified by -// the ExportedServices object against the actual cluster state, and then -// perform operations to make the cluster state reflect the state specified by -// the user. -// -// For more details, check Reconcile and its Result here: -// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.6.4/pkg/reconcile -func (r *ExportedServicesReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error) { - _ = context.Background() - _ = r.Log.WithValues("exportedservices", req.NamespacedName) - - // your logic here - - return ctrl.Result{}, nil -} - -// SetupWithManager sets up the controller with the Manager. -func (r *ExportedServicesReconciler) SetupWithManager(mgr ctrl.Manager) error { - return ctrl.NewControllerManagedBy(mgr). - // Uncomment the following line adding a pointer to an instance of the controlled resource as an argument - // For(). - Complete(r) -} diff --git a/control-plane/controllers/suite_test.go b/control-plane/controllers/suite_test.go deleted file mode 100644 index d81e985dc5..0000000000 --- a/control-plane/controllers/suite_test.go +++ /dev/null @@ -1,60 +0,0 @@ -package controllers - -import ( - "path/filepath" - "testing" - - . "github.com/onsi/ginkgo" - . "github.com/onsi/gomega" - "k8s.io/client-go/kubernetes/scheme" - "k8s.io/client-go/rest" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/envtest" - "sigs.k8s.io/controller-runtime/pkg/envtest/printer" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - //+kubebuilder:scaffold:imports -) - -// These tests use Ginkgo (BDD-style Go testing framework). Refer to -// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. - -var cfg *rest.Config -var k8sClient client.Client -var testEnv *envtest.Environment - -func TestAPIs(t *testing.T) { - RegisterFailHandler(Fail) - - RunSpecsWithDefaultAndCustomReporters(t, - "Controller Suite", - []Reporter{printer.NewlineReporter{}}) -} - -var _ = BeforeSuite(func(done Done) { - logf.SetLogger(zap.LoggerTo(GinkgoWriter, true)) - - By("bootstrapping test environment") - testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")}, - } - - var err error - cfg, err = testEnv.Start() - Expect(err).ToNot(HaveOccurred()) - Expect(cfg).ToNot(BeNil()) - - //+kubebuilder:scaffold:scheme - - k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) - Expect(err).ToNot(HaveOccurred()) - Expect(k8sClient).ToNot(BeNil()) - - close(done) -}, 60) - -var _ = AfterSuite(func() { - By("tearing down the test environment") - err := testEnv.Stop() - Expect(err).ToNot(HaveOccurred()) -}) diff --git a/control-plane/go.mod b/control-plane/go.mod index edb3e93d03..2e1a81424b 100644 --- a/control-plane/go.mod +++ b/control-plane/go.mod @@ -16,8 +16,6 @@ require ( github.com/mitchellh/cli v1.1.0 github.com/mitchellh/go-homedir v1.1.0 github.com/mitchellh/mapstructure v1.4.1 - github.com/onsi/ginkgo v1.16.4 - github.com/onsi/gomega v1.15.0 github.com/stretchr/testify v1.7.0 go.uber.org/zap v1.19.0 golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac @@ -89,7 +87,6 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.1 // indirect github.com/nicolai86/scaleway-sdk v1.10.2-0.20180628010248-798f60e20bb2 // indirect - github.com/nxadm/tail v1.4.8 // indirect github.com/packethost/packngo v0.1.1-0.20180711074735-b9cb5096f54c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect @@ -123,7 +120,6 @@ require ( google.golang.org/protobuf v1.26.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/resty.v1 v1.12.0 // indirect - gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect k8s.io/apiextensions-apiserver v0.22.2 // indirect From 841018f5e3db661f4e70b9a98ca57ae912a0100f Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Mon, 6 Dec 2021 12:20:15 -0500 Subject: [PATCH 03/16] Run against latest consul version --- .circleci/config.yml | 2 +- charts/consul/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index f84aed3235..34da7909f5 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -70,7 +70,7 @@ commands: type: string consul-k8s-image: type: string - default: "docker.mirror.hashicorp.services/hashicorpdev/consul-k8s-control-plane:latest" + default: "ashwinvenkatesh/consul-k8s@sha256:ca2bde89a28563d40100039c217df6f750cc8b3bd72b31036bb1aaaff74f23fc" go-path: type: string default: "/home/circleci/.go_workspace" diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml index 709e3c2b46..f0b44d6089 100644 --- a/charts/consul/values.yaml +++ b/charts/consul/values.yaml @@ -85,7 +85,7 @@ global: # image: "hashicorp/consul-enterprise:1.10.0-ent" # ``` # @default: hashicorp/consul: - image: "hashicorp/consul:1.10.4" + image: "ashwinvenkatesh/consul@sha256:4be07b9c90fc590827ad72328da332c2003a14d237df317a0c977817f6fdaf0b" # Array of objects containing image pull secret names that will be applied to each service account. # This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image. From aceb2d235528b16d9307413d43a259d054cfbcfd Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Tue, 7 Dec 2021 10:05:52 -0500 Subject: [PATCH 04/16] Use latest consul --- charts/consul/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml index f0b44d6089..cea61a7dda 100644 --- a/charts/consul/values.yaml +++ b/charts/consul/values.yaml @@ -85,7 +85,7 @@ global: # image: "hashicorp/consul-enterprise:1.10.0-ent" # ``` # @default: hashicorp/consul: - image: "ashwinvenkatesh/consul@sha256:4be07b9c90fc590827ad72328da332c2003a14d237df317a0c977817f6fdaf0b" + image: "ashwinvenkatesh/consul@sha256:dce7a25b9e15271d8102a0f14fae71af0b9c789bafd8cbe4a7d0f8c34abe0296" # Array of objects containing image pull secret names that will be applied to each service account. # This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image. From bc5609067de38ea940b475b0f366214fef8ac7db Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Tue, 7 Dec 2021 15:34:52 -0500 Subject: [PATCH 05/16] fix acceptance --- charts/consul/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml index cea61a7dda..709e3c2b46 100644 --- a/charts/consul/values.yaml +++ b/charts/consul/values.yaml @@ -85,7 +85,7 @@ global: # image: "hashicorp/consul-enterprise:1.10.0-ent" # ``` # @default: hashicorp/consul: - image: "ashwinvenkatesh/consul@sha256:dce7a25b9e15271d8102a0f14fae71af0b9c789bafd8cbe4a7d0f8c34abe0296" + image: "hashicorp/consul:1.10.4" # Array of objects containing image pull secret names that will be applied to each service account. # This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image. From c3221828f37b338fa2132704f205dfa28b273eb2 Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Tue, 7 Dec 2021 16:52:18 -0500 Subject: [PATCH 06/16] fix tests --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 34da7909f5..00c78e1e99 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -70,7 +70,7 @@ commands: type: string consul-k8s-image: type: string - default: "ashwinvenkatesh/consul-k8s@sha256:ca2bde89a28563d40100039c217df6f750cc8b3bd72b31036bb1aaaff74f23fc" + default: "ashwinvenkatesh/consul-k8s@sha256:5cccabeb3d5dfe4497279d5aebdaf363f3e96cdca9cfd1a0a005a75837d8fb63" go-path: type: string default: "/home/circleci/.go_workspace" From 7706c238cc24410c6fe96e71eb65259cc86a6cfc Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Sat, 4 Dec 2021 09:16:27 -0500 Subject: [PATCH 07/16] Update consul API where exportedservices are renamed. --- acceptance/go.mod | 4 +++- acceptance/go.sum | 6 ++---- control-plane/go.mod | 2 +- control-plane/go.sum | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/acceptance/go.mod b/acceptance/go.mod index 62efc96a62..f91df929e2 100644 --- a/acceptance/go.mod +++ b/acceptance/go.mod @@ -4,7 +4,7 @@ go 1.17 require ( github.com/gruntwork-io/terratest v0.31.2 - github.com/hashicorp/consul-k8s/control-plane v0.0.0-20211118191758-929940b5ab51 + github.com/hashicorp/consul-k8s/control-plane v0.0.0-20211207212234-aea9efea5638 github.com/hashicorp/consul/api v1.10.1-0.20211206193229-9b44861ce4bc github.com/hashicorp/consul/sdk v0.8.0 github.com/hashicorp/vault/api v1.2.0 @@ -70,6 +70,8 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.1 // indirect github.com/oklog/run v1.0.0 // indirect + github.com/onsi/ginkgo v1.16.4 // indirect + github.com/onsi/gomega v1.15.0 // indirect github.com/pierrec/lz4 v2.5.2+incompatible // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect diff --git a/acceptance/go.sum b/acceptance/go.sum index 3340d47075..09f1837457 100644 --- a/acceptance/go.sum +++ b/acceptance/go.sum @@ -383,11 +383,10 @@ github.com/gruntwork-io/gruntwork-cli v0.7.0 h1:YgSAmfCj9c61H+zuvHwKfYUwlMhu5arn github.com/gruntwork-io/gruntwork-cli v0.7.0/go.mod h1:jp6Z7NcLF2avpY8v71fBx6hds9eOFPELSuD/VPv7w00= github.com/gruntwork-io/terratest v0.31.2 h1:xvYHA80MUq5kx670dM18HInewOrrQrAN+XbVVtytUHg= github.com/gruntwork-io/terratest v0.31.2/go.mod h1:EEgJie28gX/4AD71IFqgMj6e99KP5mi81hEtzmDjxTo= -github.com/hashicorp/consul-k8s/control-plane v0.0.0-20211118191758-929940b5ab51 h1:Km6RYuAsJVVu3gipkTWF1SVYuvSJrksBtT89rO4hcdA= -github.com/hashicorp/consul-k8s/control-plane v0.0.0-20211118191758-929940b5ab51/go.mod h1:+Ay3RL0eZdI0wgT193r+EJTOk9cSn1WUlvBvk6Lfnmo= +github.com/hashicorp/consul-k8s/control-plane v0.0.0-20211207212234-aea9efea5638 h1:z68s6H6O3RjxDmNvou/2/3UBrsJkrMcNzI0IQN5scAM= +github.com/hashicorp/consul-k8s/control-plane v0.0.0-20211207212234-aea9efea5638/go.mod h1:7ZeaiADGbvJDuoWAT8UKj6KCcLsFUk+34OkUGMVtdXg= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= github.com/hashicorp/consul/api v1.10.1-0.20211116182834-e6956893fb6f/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0= -github.com/hashicorp/consul/api v1.10.1-0.20211116182834-e6956893fb6f/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0= github.com/hashicorp/consul/api v1.10.1-0.20211206193229-9b44861ce4bc h1:tUgL1cinAFDtidyKqgsJzlxLkEi9atLmN6j8kgCr17Q= github.com/hashicorp/consul/api v1.10.1-0.20211206193229-9b44861ce4bc/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= @@ -1291,7 +1290,6 @@ sigs.k8s.io/controller-runtime v0.10.2/go.mod h1:CQp8eyUQZ/Q7PJvnIrB6/hgfTC1kBkG sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI= sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06 h1:zD2IemQ4LmOcAumeiyDWXKUI2SO0NYDe3H6QGvPOVgU= -sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06 h1:zD2IemQ4LmOcAumeiyDWXKUI2SO0NYDe3H6QGvPOVgU= sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18= sigs.k8s.io/structured-merge-diff v1.0.1-0.20191108220359-b1b620dd3f06/go.mod h1:/ULNhyfzRopfcjskuui0cTITekDduZ7ycKN3oUT9R18= sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= diff --git a/control-plane/go.mod b/control-plane/go.mod index 2e1a81424b..6ee04a168a 100644 --- a/control-plane/go.mod +++ b/control-plane/go.mod @@ -6,7 +6,7 @@ require ( github.com/go-logr/logr v0.4.0 github.com/google/go-cmp v0.5.6 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 - github.com/hashicorp/consul/api v1.10.1-0.20211206193229-9b44861ce4bc + github.com/hashicorp/consul/api v1.10.1-0.20211204004731-ed6076db26e7 github.com/hashicorp/consul/sdk v0.8.0 github.com/hashicorp/go-discover v0.0.0-20200812215701-c4b85f6ed31f github.com/hashicorp/go-hclog v0.16.1 diff --git a/control-plane/go.sum b/control-plane/go.sum index 6877dd034c..2c4f602d07 100644 --- a/control-plane/go.sum +++ b/control-plane/go.sum @@ -297,8 +297,8 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgf github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/api v1.10.1-0.20211206193229-9b44861ce4bc h1:tUgL1cinAFDtidyKqgsJzlxLkEi9atLmN6j8kgCr17Q= -github.com/hashicorp/consul/api v1.10.1-0.20211206193229-9b44861ce4bc/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0= +github.com/hashicorp/consul/api v1.10.1-0.20211204004731-ed6076db26e7 h1:TnQe+bnRQtGQqzgM0aK/y19FaRGrOjeA8MsiW8J+J9M= +github.com/hashicorp/consul/api v1.10.1-0.20211204004731-ed6076db26e7/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.8.0 h1:OJtKBtEjboEZvG6AOUdh4Z1Zbyu0WcxQ0qatRrZHTVU= github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms= From 58a21ee2428d0865477580c221e2c74b6d843409 Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Tue, 7 Dec 2021 10:05:52 -0500 Subject: [PATCH 08/16] Use latest consul --- acceptance/go.sum | 2 ++ control-plane/go.mod | 2 +- control-plane/go.sum | 4 ++-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/acceptance/go.sum b/acceptance/go.sum index 09f1837457..9b20650867 100644 --- a/acceptance/go.sum +++ b/acceptance/go.sum @@ -383,6 +383,8 @@ github.com/gruntwork-io/gruntwork-cli v0.7.0 h1:YgSAmfCj9c61H+zuvHwKfYUwlMhu5arn github.com/gruntwork-io/gruntwork-cli v0.7.0/go.mod h1:jp6Z7NcLF2avpY8v71fBx6hds9eOFPELSuD/VPv7w00= github.com/gruntwork-io/terratest v0.31.2 h1:xvYHA80MUq5kx670dM18HInewOrrQrAN+XbVVtytUHg= github.com/gruntwork-io/terratest v0.31.2/go.mod h1:EEgJie28gX/4AD71IFqgMj6e99KP5mi81hEtzmDjxTo= +github.com/hashicorp/consul/api v1.10.1-0.20211206193229-9b44861ce4bc h1:tUgL1cinAFDtidyKqgsJzlxLkEi9atLmN6j8kgCr17Q= +github.com/hashicorp/consul/api v1.10.1-0.20211206193229-9b44861ce4bc/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0= github.com/hashicorp/consul-k8s/control-plane v0.0.0-20211207212234-aea9efea5638 h1:z68s6H6O3RjxDmNvou/2/3UBrsJkrMcNzI0IQN5scAM= github.com/hashicorp/consul-k8s/control-plane v0.0.0-20211207212234-aea9efea5638/go.mod h1:7ZeaiADGbvJDuoWAT8UKj6KCcLsFUk+34OkUGMVtdXg= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= diff --git a/control-plane/go.mod b/control-plane/go.mod index 6ee04a168a..2e1a81424b 100644 --- a/control-plane/go.mod +++ b/control-plane/go.mod @@ -6,7 +6,7 @@ require ( github.com/go-logr/logr v0.4.0 github.com/google/go-cmp v0.5.6 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 - github.com/hashicorp/consul/api v1.10.1-0.20211204004731-ed6076db26e7 + github.com/hashicorp/consul/api v1.10.1-0.20211206193229-9b44861ce4bc github.com/hashicorp/consul/sdk v0.8.0 github.com/hashicorp/go-discover v0.0.0-20200812215701-c4b85f6ed31f github.com/hashicorp/go-hclog v0.16.1 diff --git a/control-plane/go.sum b/control-plane/go.sum index 2c4f602d07..6877dd034c 100644 --- a/control-plane/go.sum +++ b/control-plane/go.sum @@ -297,8 +297,8 @@ github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgf github.com/grpc-ecosystem/grpc-gateway v1.9.0/go.mod h1:vNeuVxBJEsws4ogUvrchl83t/GYV9WGTSLVdBhOQFDY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q= -github.com/hashicorp/consul/api v1.10.1-0.20211204004731-ed6076db26e7 h1:TnQe+bnRQtGQqzgM0aK/y19FaRGrOjeA8MsiW8J+J9M= -github.com/hashicorp/consul/api v1.10.1-0.20211204004731-ed6076db26e7/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0= +github.com/hashicorp/consul/api v1.10.1-0.20211206193229-9b44861ce4bc h1:tUgL1cinAFDtidyKqgsJzlxLkEi9atLmN6j8kgCr17Q= +github.com/hashicorp/consul/api v1.10.1-0.20211206193229-9b44861ce4bc/go.mod h1:6pVBMo0ebnYdt2S3H87XhekM/HHrUoTD2XXb/VrZVy0= github.com/hashicorp/consul/sdk v0.1.1/go.mod h1:VKf9jXwCTEY1QZP2MOLRhb5i/I/ssyNV1vwHyQBF0x8= github.com/hashicorp/consul/sdk v0.8.0 h1:OJtKBtEjboEZvG6AOUdh4Z1Zbyu0WcxQ0qatRrZHTVU= github.com/hashicorp/consul/sdk v0.8.0/go.mod h1:GBvyrGALthsZObzUGsfgHZQDXjg4lOjagTIwIR1vPms= From 3dfdb84097a4fbf51042984edf62007bba8cb8f3 Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Mon, 6 Dec 2021 12:21:40 -0500 Subject: [PATCH 09/16] Add support for tproxy for partitions test --- .../tests/partitions/partitions_test.go | 96 ++++++++++++++----- 1 file changed, 70 insertions(+), 26 deletions(-) diff --git a/acceptance/tests/partitions/partitions_test.go b/acceptance/tests/partitions/partitions_test.go index 7f2d21581b..ceeb8fb85d 100644 --- a/acceptance/tests/partitions/partitions_test.go +++ b/acceptance/tests/partitions/partitions_test.go @@ -110,7 +110,6 @@ func TestPartitions(t *testing.T) { // When mirroringK8S is set, this setting is ignored. "connectInject.consulNamespaces.consulDestinationNamespace": c.destinationNamespace, "connectInject.consulNamespaces.mirroringK8S": strconv.FormatBool(c.mirrorK8S), - "connectInject.transparentProxy.defaultEnabled": "false", "global.acls.manageSystemACLs": strconv.FormatBool(c.secure), @@ -205,7 +204,6 @@ func TestPartitions(t *testing.T) { // When mirroringK8S is set, this setting is ignored. "connectInject.consulNamespaces.consulDestinationNamespace": c.destinationNamespace, "connectInject.consulNamespaces.mirroringK8S": strconv.FormatBool(c.mirrorK8S), - "connectInject.transparentProxy.defaultEnabled": "false", "global.acls.manageSystemACLs": strconv.FormatBool(c.secure), @@ -364,17 +362,25 @@ func TestPartitions(t *testing.T) { logger.Log(t, "test in-partition networking") logger.Log(t, "creating static-server and static-client deployments in server cluster") k8s.DeployKustomize(t, serverClusterStaticServerOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-server-inject") - if c.destinationNamespace == defaultNamespace { - k8s.DeployKustomize(t, serverClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-inject") + if cfg.EnableTransparentProxy { + k8s.DeployKustomize(t, serverClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-tproxy") } else { - k8s.DeployKustomize(t, serverClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-namespaces") + if c.destinationNamespace == defaultNamespace { + k8s.DeployKustomize(t, serverClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-inject") + } else { + k8s.DeployKustomize(t, serverClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-namespaces") + } } logger.Log(t, "creating static-server and static-client deployments in client cluster") k8s.DeployKustomize(t, clientClusterStaticServerOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-server-inject") - if c.destinationNamespace == defaultNamespace { - k8s.DeployKustomize(t, clientClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-inject") + if cfg.EnableTransparentProxy { + k8s.DeployKustomize(t, clientClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-tproxy") } else { - k8s.DeployKustomize(t, clientClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-namespaces") + if c.destinationNamespace == defaultNamespace { + k8s.DeployKustomize(t, clientClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-inject") + } else { + k8s.DeployKustomize(t, clientClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-namespaces") + } } // Check that both static-server and static-client have been injected and now have 2 containers in server cluster. for _, labelSelector := range []string{"app=static-server", "app=static-client"} { @@ -422,8 +428,13 @@ func TestPartitions(t *testing.T) { if c.secure { logger.Log(t, "checking that the connection is not successful because there's no intention") - k8s.CheckStaticServerConnectionFailing(t, serverClusterStaticClientOpts, "http://localhost:1234") - k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, "http://localhost:1234") + if cfg.EnableTransparentProxy { + k8s.CheckStaticServerConnectionFailing(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.%s", staticServerNamespace)) + k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.%s", staticServerNamespace)) + } else { + k8s.CheckStaticServerConnectionFailing(t, serverClusterStaticClientOpts, "http://localhost:1234") + k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, "http://localhost:1234") + } intention := &api.ServiceIntentionsConfigEntry{ Kind: api.ServiceIntentions, @@ -453,8 +464,13 @@ func TestPartitions(t *testing.T) { } logger.Log(t, "checking that connection is successful") - k8s.CheckStaticServerConnectionSuccessful(t, serverClusterStaticClientOpts, "http://localhost:1234") - k8s.CheckStaticServerConnectionSuccessful(t, clientClusterStaticClientOpts, "http://localhost:1234") + if cfg.EnableTransparentProxy { + k8s.CheckStaticServerConnectionSuccessful(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.%s", staticServerNamespace)) + k8s.CheckStaticServerConnectionSuccessful(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.%s", staticServerNamespace)) + } else { + k8s.CheckStaticServerConnectionSuccessful(t, serverClusterStaticClientOpts, "http://localhost:1234") + k8s.CheckStaticServerConnectionSuccessful(t, clientClusterStaticClientOpts, "http://localhost:1234") + } // Test that kubernetes readiness status is synced to Consul. // Create the file so that the readiness probe of the static-server pod fails. @@ -468,25 +484,38 @@ func TestPartitions(t *testing.T) { // there will be no healthy proxy host to connect to. That's why we can't assert that we receive an empty reply // from server, which is the case when a connection is unsuccessful due to intentions in other tests. logger.Log(t, "checking that connection is unsuccessful") - k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server"}, "http://localhost:1234") - k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server"}, "http://localhost:1234") + if cfg.EnableTransparentProxy { + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.%s", staticServerNamespace)) + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.%s", staticServerNamespace)) + } else { + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server"}, "http://localhost:1234") + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server"}, "http://localhost:1234") + } }) // This section of the tests run the cross-partition networking tests. t.Run("cross-partition", func(t *testing.T) { logger.Log(t, "test cross-partition networking") logger.Log(t, "creating static-server and static-client deployments in server cluster") k8s.DeployKustomize(t, serverClusterStaticServerOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-server-inject") - if c.destinationNamespace == defaultNamespace { - k8s.DeployKustomize(t, serverClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-partitions/default-ns-partition") + if cfg.EnableTransparentProxy { + k8s.DeployKustomize(t, serverClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-tproxy") } else { - k8s.DeployKustomize(t, serverClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-partitions/ns-partition") + if c.destinationNamespace == defaultNamespace { + k8s.DeployKustomize(t, serverClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-partitions/default-ns-partition") + } else { + k8s.DeployKustomize(t, serverClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-partitions/ns-partition") + } } logger.Log(t, "creating static-server and static-client deployments in client cluster") k8s.DeployKustomize(t, clientClusterStaticServerOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-server-inject") - if c.destinationNamespace == defaultNamespace { - k8s.DeployKustomize(t, clientClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-partitions/default-ns-default-partition") + if cfg.EnableTransparentProxy { + k8s.DeployKustomize(t, clientClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-tproxy") } else { - k8s.DeployKustomize(t, clientClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-partitions/ns-default-partition") + if c.destinationNamespace == defaultNamespace { + k8s.DeployKustomize(t, clientClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-partitions/default-ns-default-partition") + } else { + k8s.DeployKustomize(t, clientClusterStaticClientOpts, cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-partitions/ns-default-partition") + } } // Check that both static-server and static-client have been injected and now have 2 containers in server cluster. for _, labelSelector := range []string{"app=static-server", "app=static-client"} { @@ -554,8 +583,13 @@ func TestPartitions(t *testing.T) { if c.secure { logger.Log(t, "checking that the connection is not successful because there's no intention") - k8s.CheckStaticServerConnectionFailing(t, serverClusterStaticClientOpts, "http://localhost:1234") - k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, "http://localhost:1234") + if cfg.EnableTransparentProxy { + k8s.CheckStaticServerConnectionFailing(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, secondaryPartition)) + k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, defaultPartition)) + } else { + k8s.CheckStaticServerConnectionFailing(t, serverClusterStaticClientOpts, "http://localhost:1234") + k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, "http://localhost:1234") + } intention := &api.ServiceIntentionsConfigEntry{ Name: staticServerName, @@ -587,8 +621,13 @@ func TestPartitions(t *testing.T) { } logger.Log(t, "checking that connection is successful") - k8s.CheckStaticServerConnectionSuccessful(t, serverClusterStaticClientOpts, "http://localhost:1234") - k8s.CheckStaticServerConnectionSuccessful(t, clientClusterStaticClientOpts, "http://localhost:1234") + if cfg.EnableTransparentProxy { + k8s.CheckStaticServerConnectionSuccessful(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, secondaryPartition)) + k8s.CheckStaticServerConnectionSuccessful(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, defaultPartition)) + } else { + k8s.CheckStaticServerConnectionSuccessful(t, serverClusterStaticClientOpts, "http://localhost:1234") + k8s.CheckStaticServerConnectionSuccessful(t, clientClusterStaticClientOpts, "http://localhost:1234") + } // Test that kubernetes readiness status is synced to Consul. // Create the file so that the readiness probe of the static-server pod fails. @@ -602,8 +641,13 @@ func TestPartitions(t *testing.T) { // there will be no healthy proxy host to connect to. That's why we can't assert that we receive an empty reply // from server, which is the case when a connection is unsuccessful due to intentions in other tests. logger.Log(t, "checking that connection is unsuccessful") - k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server"}, "http://localhost:1234") - k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server"}, "http://localhost:1234") + if cfg.EnableTransparentProxy { + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.vitual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, secondaryPartition)) + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.vitual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, defaultPartition)) + } else { + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server"}, "http://localhost:1234") + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server"}, "http://localhost:1234") + } }) }) } From 277662920b90e39714464de738456a4ce86a10ce Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Mon, 6 Dec 2021 15:43:18 -0500 Subject: [PATCH 10/16] Update fixtures for exported services --- .../tests/partitions/partitions_test.go | 39 ++++++++++++++++--- 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/acceptance/tests/partitions/partitions_test.go b/acceptance/tests/partitions/partitions_test.go index ceeb8fb85d..aa093180d3 100644 --- a/acceptance/tests/partitions/partitions_test.go +++ b/acceptance/tests/partitions/partitions_test.go @@ -117,6 +117,8 @@ func TestPartitions(t *testing.T) { "meshGateway.replicas": "1", "controller.enabled": "true", + + "dns.enabled": "true", } if cfg.UseKind { @@ -126,6 +128,10 @@ func TestPartitions(t *testing.T) { serverHelmValues["meshGateway.service.nodePort"] = "30100" } + if cfg.EnableTransparentProxy { + serverHelmValues["dns.enableRedirection"] = "true" + } + releaseName := helpers.RandomName() // Install the consul cluster with servers in the default kubernetes context. @@ -226,6 +232,8 @@ func TestPartitions(t *testing.T) { "client.enabled": "true", "client.exposeGossipPorts": "true", "client.join[0]": partitionSvcIP, + + "dns.enabled": "true", } if c.secure { @@ -245,6 +253,10 @@ func TestPartitions(t *testing.T) { clientHelmValues["meshGateway.service.nodePort"] = "30100" } + if cfg.EnableTransparentProxy { + serverHelmValues["dns.enableRedirection"] = "true" + } + // Install the consul cluster without servers in the client cluster kubernetes context. clientConsulCluster := consul.NewHelmCluster(t, clientHelmValues, clientClusterContext, cfg, releaseName) clientConsulCluster.Create(t) @@ -584,8 +596,13 @@ func TestPartitions(t *testing.T) { if c.secure { logger.Log(t, "checking that the connection is not successful because there's no intention") if cfg.EnableTransparentProxy { - k8s.CheckStaticServerConnectionFailing(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, secondaryPartition)) - k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, defaultPartition)) + if c.destinationNamespace == defaultNamespace { + k8s.CheckStaticServerConnectionFailing(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, secondaryPartition)) + k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, defaultPartition)) + } else { + k8s.CheckStaticServerConnectionFailing(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, secondaryPartition)) + k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, defaultPartition)) + } } else { k8s.CheckStaticServerConnectionFailing(t, serverClusterStaticClientOpts, "http://localhost:1234") k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, "http://localhost:1234") @@ -622,8 +639,13 @@ func TestPartitions(t *testing.T) { logger.Log(t, "checking that connection is successful") if cfg.EnableTransparentProxy { - k8s.CheckStaticServerConnectionSuccessful(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, secondaryPartition)) - k8s.CheckStaticServerConnectionSuccessful(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, defaultPartition)) + if c.destinationNamespace == defaultNamespace { + k8s.CheckStaticServerConnectionSuccessful(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, secondaryPartition)) + k8s.CheckStaticServerConnectionSuccessful(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, defaultPartition)) + } else { + k8s.CheckStaticServerConnectionSuccessful(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, secondaryPartition)) + k8s.CheckStaticServerConnectionSuccessful(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, defaultPartition)) + } } else { k8s.CheckStaticServerConnectionSuccessful(t, serverClusterStaticClientOpts, "http://localhost:1234") k8s.CheckStaticServerConnectionSuccessful(t, clientClusterStaticClientOpts, "http://localhost:1234") @@ -642,8 +664,13 @@ func TestPartitions(t *testing.T) { // from server, which is the case when a connection is unsuccessful due to intentions in other tests. logger.Log(t, "checking that connection is unsuccessful") if cfg.EnableTransparentProxy { - k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.vitual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, secondaryPartition)) - k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.vitual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, defaultPartition)) + if c.destinationNamespace == defaultNamespace { + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.vitual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, secondaryPartition)) + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.vitual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, defaultPartition)) + } else { + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.vitual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, secondaryPartition)) + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.vitual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, defaultPartition)) + } } else { k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server"}, "http://localhost:1234") k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server"}, "http://localhost:1234") From a12efbffca31cdec5cead67133925ac3cacd51b3 Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Mon, 6 Dec 2021 18:06:55 -0500 Subject: [PATCH 11/16] Update go.mod --- acceptance/tests/controller/controller_namespaces_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/acceptance/tests/controller/controller_namespaces_test.go b/acceptance/tests/controller/controller_namespaces_test.go index e303246bfe..483fc96106 100644 --- a/acceptance/tests/controller/controller_namespaces_test.go +++ b/acceptance/tests/controller/controller_namespaces_test.go @@ -74,7 +74,7 @@ func TestControllerNamespaces(t *testing.T) { ctx := suite.Environment().DefaultContext(t) helmValues := map[string]string{ - "global.image": "ashwinvenkatesh/consul@sha256:4be07b9c90fc590827ad72328da332c2003a14d237df317a0c977817f6fdaf0b", + "global.image": "ashwinvenkatesh/consul@sha256:dce7a25b9e15271d8102a0f14fae71af0b9c789bafd8cbe4a7d0f8c34abe0296", "global.enableConsulNamespaces": "true", "global.adminPartitions.enabled": "true", From 3d81d9b057d15fe8c9ba6a99636bd490b5dae4eb Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Tue, 7 Dec 2021 12:01:53 -0500 Subject: [PATCH 12/16] Add service intentions as CRDs --- .../exportedservices-default.yaml | 0 .../kustomization.yaml | 0 .../exportedservices-secondary.yaml | 0 .../kustomization.yaml | 0 .../partitions/intentions/kustomization.yaml | 2 + .../intentions/serviceintentions.yaml | 5 +++ .../kustomization.yaml | 2 +- .../default-partition-ns1/kustomization.yaml | 2 +- .../kustomization.yaml | 5 +++ .../intentions-default-default/patch.yaml | 13 ++++++ .../kustomization.yaml | 5 +++ .../intentions-default-namespaces/patch.yaml | 13 ++++++ .../kustomization.yaml | 5 +++ .../intentions-secondary-default/patch.yaml | 13 ++++++ .../kustomization.yaml | 5 +++ .../patch.yaml | 13 ++++++ .../kustomization.yaml | 2 +- .../kustomization.yaml | 2 +- .../tests/partitions/partitions_test.go | 41 +++++++------------ 19 files changed, 98 insertions(+), 30 deletions(-) rename acceptance/tests/fixtures/bases/{ => partitions}/exportedservices-default/exportedservices-default.yaml (100%) rename acceptance/tests/fixtures/bases/{ => partitions}/exportedservices-default/kustomization.yaml (100%) rename acceptance/tests/fixtures/bases/{ => partitions}/exportedservices-secondary/exportedservices-secondary.yaml (100%) rename acceptance/tests/fixtures/bases/{ => partitions}/exportedservices-secondary/kustomization.yaml (100%) create mode 100644 acceptance/tests/fixtures/bases/partitions/intentions/kustomization.yaml create mode 100644 acceptance/tests/fixtures/bases/partitions/intentions/serviceintentions.yaml create mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/kustomization.yaml create mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/patch.yaml create mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/kustomization.yaml create mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/patch.yaml create mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/kustomization.yaml create mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/patch.yaml create mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/kustomization.yaml create mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/patch.yaml diff --git a/acceptance/tests/fixtures/bases/exportedservices-default/exportedservices-default.yaml b/acceptance/tests/fixtures/bases/partitions/exportedservices-default/exportedservices-default.yaml similarity index 100% rename from acceptance/tests/fixtures/bases/exportedservices-default/exportedservices-default.yaml rename to acceptance/tests/fixtures/bases/partitions/exportedservices-default/exportedservices-default.yaml diff --git a/acceptance/tests/fixtures/bases/exportedservices-default/kustomization.yaml b/acceptance/tests/fixtures/bases/partitions/exportedservices-default/kustomization.yaml similarity index 100% rename from acceptance/tests/fixtures/bases/exportedservices-default/kustomization.yaml rename to acceptance/tests/fixtures/bases/partitions/exportedservices-default/kustomization.yaml diff --git a/acceptance/tests/fixtures/bases/exportedservices-secondary/exportedservices-secondary.yaml b/acceptance/tests/fixtures/bases/partitions/exportedservices-secondary/exportedservices-secondary.yaml similarity index 100% rename from acceptance/tests/fixtures/bases/exportedservices-secondary/exportedservices-secondary.yaml rename to acceptance/tests/fixtures/bases/partitions/exportedservices-secondary/exportedservices-secondary.yaml diff --git a/acceptance/tests/fixtures/bases/exportedservices-secondary/kustomization.yaml b/acceptance/tests/fixtures/bases/partitions/exportedservices-secondary/kustomization.yaml similarity index 100% rename from acceptance/tests/fixtures/bases/exportedservices-secondary/kustomization.yaml rename to acceptance/tests/fixtures/bases/partitions/exportedservices-secondary/kustomization.yaml diff --git a/acceptance/tests/fixtures/bases/partitions/intentions/kustomization.yaml b/acceptance/tests/fixtures/bases/partitions/intentions/kustomization.yaml new file mode 100644 index 0000000000..aff115793a --- /dev/null +++ b/acceptance/tests/fixtures/bases/partitions/intentions/kustomization.yaml @@ -0,0 +1,2 @@ +resources: + - serviceintentions.yaml diff --git a/acceptance/tests/fixtures/bases/partitions/intentions/serviceintentions.yaml b/acceptance/tests/fixtures/bases/partitions/intentions/serviceintentions.yaml new file mode 100644 index 0000000000..48a642dfa4 --- /dev/null +++ b/acceptance/tests/fixtures/bases/partitions/intentions/serviceintentions.yaml @@ -0,0 +1,5 @@ +apiVersion: consul.hashicorp.com/v1alpha1 +kind: ServiceIntentions +metadata: + name: intentions +spec: {} diff --git a/acceptance/tests/fixtures/cases/crd-partitions/default-partition-default/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/default-partition-default/kustomization.yaml index 499fdc5bc1..6055280660 100644 --- a/acceptance/tests/fixtures/cases/crd-partitions/default-partition-default/kustomization.yaml +++ b/acceptance/tests/fixtures/cases/crd-partitions/default-partition-default/kustomization.yaml @@ -1,5 +1,5 @@ resources: - - ../../../bases/exportedservices-default + - ../../../bases/partitions/exportedservices-default patchesStrategicMerge: - patch.yaml diff --git a/acceptance/tests/fixtures/cases/crd-partitions/default-partition-ns1/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/default-partition-ns1/kustomization.yaml index 499fdc5bc1..6055280660 100644 --- a/acceptance/tests/fixtures/cases/crd-partitions/default-partition-ns1/kustomization.yaml +++ b/acceptance/tests/fixtures/cases/crd-partitions/default-partition-ns1/kustomization.yaml @@ -1,5 +1,5 @@ resources: - - ../../../bases/exportedservices-default + - ../../../bases/partitions/exportedservices-default patchesStrategicMerge: - patch.yaml diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/kustomization.yaml new file mode 100644 index 0000000000..b3784897f8 --- /dev/null +++ b/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - ../../../bases/partitions/intentions + +patchesStrategicMerge: +- patch.yaml diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/patch.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/patch.yaml new file mode 100644 index 0000000000..df1976c7b2 --- /dev/null +++ b/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/patch.yaml @@ -0,0 +1,13 @@ +apiVersion: consul.hashicorp.com/v1alpha1 +kind: ServiceIntentions +metadata: + name: intentions +spec: + destination: + name: static-server + namespace: default + sources: + - name: static-client + namespace: default + partition: secondary + action: allow diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/kustomization.yaml new file mode 100644 index 0000000000..b3784897f8 --- /dev/null +++ b/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - ../../../bases/partitions/intentions + +patchesStrategicMerge: +- patch.yaml diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/patch.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/patch.yaml new file mode 100644 index 0000000000..e87ab17ba3 --- /dev/null +++ b/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/patch.yaml @@ -0,0 +1,13 @@ +apiVersion: consul.hashicorp.com/v1alpha1 +kind: ServiceIntentions +metadata: + name: intentions +spec: + destination: + name: static-server + namespace: ns1 + sources: + - name: static-client + namespace: ns2 + partition: secondary + action: allow diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/kustomization.yaml new file mode 100644 index 0000000000..b3784897f8 --- /dev/null +++ b/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - ../../../bases/partitions/intentions + +patchesStrategicMerge: +- patch.yaml diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/patch.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/patch.yaml new file mode 100644 index 0000000000..b37311357d --- /dev/null +++ b/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/patch.yaml @@ -0,0 +1,13 @@ +apiVersion: consul.hashicorp.com/v1alpha1 +kind: ServiceIntentions +metadata: + name: intentions +spec: + destination: + name: static-server + namespace: default + sources: + - name: static-client + namespace: default + partition: default + action: allow diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/kustomization.yaml new file mode 100644 index 0000000000..b3784897f8 --- /dev/null +++ b/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/kustomization.yaml @@ -0,0 +1,5 @@ +resources: + - ../../../bases/partitions/intentions + +patchesStrategicMerge: +- patch.yaml diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/patch.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/patch.yaml new file mode 100644 index 0000000000..b908e66970 --- /dev/null +++ b/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/patch.yaml @@ -0,0 +1,13 @@ +apiVersion: consul.hashicorp.com/v1alpha1 +kind: ServiceIntentions +metadata: + name: intentions +spec: + destination: + name: static-server + namespace: ns1 + sources: + - name: static-client + namespace: ns2 + partition: default + action: allow diff --git a/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-default/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-default/kustomization.yaml index 5a9c8412aa..a75dcf8e40 100644 --- a/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-default/kustomization.yaml +++ b/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-default/kustomization.yaml @@ -1,5 +1,5 @@ resources: - - ../../../bases/exportedservices-secondary + - ../../../bases/partitions/exportedservices-secondary patchesStrategicMerge: - patch.yaml diff --git a/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-ns1/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-ns1/kustomization.yaml index 5a9c8412aa..a75dcf8e40 100644 --- a/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-ns1/kustomization.yaml +++ b/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-ns1/kustomization.yaml @@ -1,5 +1,5 @@ resources: - - ../../../bases/exportedservices-secondary + - ../../../bases/partitions/exportedservices-secondary patchesStrategicMerge: - patch.yaml diff --git a/acceptance/tests/partitions/partitions_test.go b/acceptance/tests/partitions/partitions_test.go index aa093180d3..ee53cafbdb 100644 --- a/acceptance/tests/partitions/partitions_test.go +++ b/acceptance/tests/partitions/partitions_test.go @@ -608,33 +608,22 @@ func TestPartitions(t *testing.T) { k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, "http://localhost:1234") } - intention := &api.ServiceIntentionsConfigEntry{ - Name: staticServerName, - Kind: api.ServiceIntentions, - Namespace: staticServerNamespace, - Sources: []*api.SourceIntention{ - { - Name: staticClientName, - Namespace: staticClientNamespace, - Action: api.IntentionActionAllow, - }, - }, - } - - // Set the destination namespace to be the same - // unless mirrorK8S is true. - if !c.mirrorK8S { - intention.Namespace = c.destinationNamespace - intention.Sources[0].Namespace = c.destinationNamespace - } - logger.Log(t, "creating intention") - intention.Sources[0].Partition = secondaryPartition - _, _, err := consulClient.ConfigEntries().Set(intention, &api.WriteOptions{Partition: defaultPartition}) - require.NoError(t, err) - intention.Sources[0].Partition = defaultPartition - _, _, err = consulClient.ConfigEntries().Set(intention, &api.WriteOptions{Partition: secondaryPartition}) - require.NoError(t, err) + if c.destinationNamespace == defaultNamespace { + k8s.KubectlApplyK(t, serverClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-default-default") + k8s.KubectlApplyK(t, clientClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-secondary-default") + helpers.Cleanup(t, cfg.NoCleanupOnFailure, func() { + k8s.KubectlDeleteK(t, serverClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-default-default") + k8s.KubectlDeleteK(t, clientClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-secondary-default") + }) + } else { + k8s.KubectlApplyK(t, serverClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-default-namespaces") + k8s.KubectlApplyK(t, clientClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-secondary-namespaces") + helpers.Cleanup(t, cfg.NoCleanupOnFailure, func() { + k8s.KubectlDeleteK(t, serverClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-default-namespaces") + k8s.KubectlDeleteK(t, clientClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-secondary-namespaces") + }) + } } logger.Log(t, "checking that connection is successful") From d4b3b82e63f5d7f20038ae41a356eb97014b3238 Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Tue, 7 Dec 2021 14:01:25 -0500 Subject: [PATCH 13/16] Revert "Add service intentions as CRDs" This reverts commit 1965c1a6bd7c44ae27a0d82f6178682c01a24c27. --- .../exportedservices-default.yaml | 0 .../kustomization.yaml | 0 .../exportedservices-secondary.yaml | 0 .../kustomization.yaml | 0 .../partitions/intentions/kustomization.yaml | 2 - .../intentions/serviceintentions.yaml | 5 --- .../kustomization.yaml | 2 +- .../default-partition-ns1/kustomization.yaml | 2 +- .../kustomization.yaml | 5 --- .../intentions-default-default/patch.yaml | 13 ------ .../kustomization.yaml | 5 --- .../intentions-default-namespaces/patch.yaml | 13 ------ .../kustomization.yaml | 5 --- .../intentions-secondary-default/patch.yaml | 13 ------ .../kustomization.yaml | 5 --- .../patch.yaml | 13 ------ .../kustomization.yaml | 2 +- .../kustomization.yaml | 2 +- .../tests/partitions/partitions_test.go | 41 ++++++++++++------- 19 files changed, 30 insertions(+), 98 deletions(-) rename acceptance/tests/fixtures/bases/{partitions => }/exportedservices-default/exportedservices-default.yaml (100%) rename acceptance/tests/fixtures/bases/{partitions => }/exportedservices-default/kustomization.yaml (100%) rename acceptance/tests/fixtures/bases/{partitions => }/exportedservices-secondary/exportedservices-secondary.yaml (100%) rename acceptance/tests/fixtures/bases/{partitions => }/exportedservices-secondary/kustomization.yaml (100%) delete mode 100644 acceptance/tests/fixtures/bases/partitions/intentions/kustomization.yaml delete mode 100644 acceptance/tests/fixtures/bases/partitions/intentions/serviceintentions.yaml delete mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/kustomization.yaml delete mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/patch.yaml delete mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/kustomization.yaml delete mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/patch.yaml delete mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/kustomization.yaml delete mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/patch.yaml delete mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/kustomization.yaml delete mode 100644 acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/patch.yaml diff --git a/acceptance/tests/fixtures/bases/partitions/exportedservices-default/exportedservices-default.yaml b/acceptance/tests/fixtures/bases/exportedservices-default/exportedservices-default.yaml similarity index 100% rename from acceptance/tests/fixtures/bases/partitions/exportedservices-default/exportedservices-default.yaml rename to acceptance/tests/fixtures/bases/exportedservices-default/exportedservices-default.yaml diff --git a/acceptance/tests/fixtures/bases/partitions/exportedservices-default/kustomization.yaml b/acceptance/tests/fixtures/bases/exportedservices-default/kustomization.yaml similarity index 100% rename from acceptance/tests/fixtures/bases/partitions/exportedservices-default/kustomization.yaml rename to acceptance/tests/fixtures/bases/exportedservices-default/kustomization.yaml diff --git a/acceptance/tests/fixtures/bases/partitions/exportedservices-secondary/exportedservices-secondary.yaml b/acceptance/tests/fixtures/bases/exportedservices-secondary/exportedservices-secondary.yaml similarity index 100% rename from acceptance/tests/fixtures/bases/partitions/exportedservices-secondary/exportedservices-secondary.yaml rename to acceptance/tests/fixtures/bases/exportedservices-secondary/exportedservices-secondary.yaml diff --git a/acceptance/tests/fixtures/bases/partitions/exportedservices-secondary/kustomization.yaml b/acceptance/tests/fixtures/bases/exportedservices-secondary/kustomization.yaml similarity index 100% rename from acceptance/tests/fixtures/bases/partitions/exportedservices-secondary/kustomization.yaml rename to acceptance/tests/fixtures/bases/exportedservices-secondary/kustomization.yaml diff --git a/acceptance/tests/fixtures/bases/partitions/intentions/kustomization.yaml b/acceptance/tests/fixtures/bases/partitions/intentions/kustomization.yaml deleted file mode 100644 index aff115793a..0000000000 --- a/acceptance/tests/fixtures/bases/partitions/intentions/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: - - serviceintentions.yaml diff --git a/acceptance/tests/fixtures/bases/partitions/intentions/serviceintentions.yaml b/acceptance/tests/fixtures/bases/partitions/intentions/serviceintentions.yaml deleted file mode 100644 index 48a642dfa4..0000000000 --- a/acceptance/tests/fixtures/bases/partitions/intentions/serviceintentions.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: consul.hashicorp.com/v1alpha1 -kind: ServiceIntentions -metadata: - name: intentions -spec: {} diff --git a/acceptance/tests/fixtures/cases/crd-partitions/default-partition-default/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/default-partition-default/kustomization.yaml index 6055280660..499fdc5bc1 100644 --- a/acceptance/tests/fixtures/cases/crd-partitions/default-partition-default/kustomization.yaml +++ b/acceptance/tests/fixtures/cases/crd-partitions/default-partition-default/kustomization.yaml @@ -1,5 +1,5 @@ resources: - - ../../../bases/partitions/exportedservices-default + - ../../../bases/exportedservices-default patchesStrategicMerge: - patch.yaml diff --git a/acceptance/tests/fixtures/cases/crd-partitions/default-partition-ns1/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/default-partition-ns1/kustomization.yaml index 6055280660..499fdc5bc1 100644 --- a/acceptance/tests/fixtures/cases/crd-partitions/default-partition-ns1/kustomization.yaml +++ b/acceptance/tests/fixtures/cases/crd-partitions/default-partition-ns1/kustomization.yaml @@ -1,5 +1,5 @@ resources: - - ../../../bases/partitions/exportedservices-default + - ../../../bases/exportedservices-default patchesStrategicMerge: - patch.yaml diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/kustomization.yaml deleted file mode 100644 index b3784897f8..0000000000 --- a/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: - - ../../../bases/partitions/intentions - -patchesStrategicMerge: -- patch.yaml diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/patch.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/patch.yaml deleted file mode 100644 index df1976c7b2..0000000000 --- a/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-default/patch.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: consul.hashicorp.com/v1alpha1 -kind: ServiceIntentions -metadata: - name: intentions -spec: - destination: - name: static-server - namespace: default - sources: - - name: static-client - namespace: default - partition: secondary - action: allow diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/kustomization.yaml deleted file mode 100644 index b3784897f8..0000000000 --- a/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: - - ../../../bases/partitions/intentions - -patchesStrategicMerge: -- patch.yaml diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/patch.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/patch.yaml deleted file mode 100644 index e87ab17ba3..0000000000 --- a/acceptance/tests/fixtures/cases/crd-partitions/intentions-default-namespaces/patch.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: consul.hashicorp.com/v1alpha1 -kind: ServiceIntentions -metadata: - name: intentions -spec: - destination: - name: static-server - namespace: ns1 - sources: - - name: static-client - namespace: ns2 - partition: secondary - action: allow diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/kustomization.yaml deleted file mode 100644 index b3784897f8..0000000000 --- a/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: - - ../../../bases/partitions/intentions - -patchesStrategicMerge: -- patch.yaml diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/patch.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/patch.yaml deleted file mode 100644 index b37311357d..0000000000 --- a/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-default/patch.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: consul.hashicorp.com/v1alpha1 -kind: ServiceIntentions -metadata: - name: intentions -spec: - destination: - name: static-server - namespace: default - sources: - - name: static-client - namespace: default - partition: default - action: allow diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/kustomization.yaml deleted file mode 100644 index b3784897f8..0000000000 --- a/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: - - ../../../bases/partitions/intentions - -patchesStrategicMerge: -- patch.yaml diff --git a/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/patch.yaml b/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/patch.yaml deleted file mode 100644 index b908e66970..0000000000 --- a/acceptance/tests/fixtures/cases/crd-partitions/intentions-secondary-namespaces/patch.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: consul.hashicorp.com/v1alpha1 -kind: ServiceIntentions -metadata: - name: intentions -spec: - destination: - name: static-server - namespace: ns1 - sources: - - name: static-client - namespace: ns2 - partition: default - action: allow diff --git a/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-default/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-default/kustomization.yaml index a75dcf8e40..5a9c8412aa 100644 --- a/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-default/kustomization.yaml +++ b/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-default/kustomization.yaml @@ -1,5 +1,5 @@ resources: - - ../../../bases/partitions/exportedservices-secondary + - ../../../bases/exportedservices-secondary patchesStrategicMerge: - patch.yaml diff --git a/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-ns1/kustomization.yaml b/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-ns1/kustomization.yaml index a75dcf8e40..5a9c8412aa 100644 --- a/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-ns1/kustomization.yaml +++ b/acceptance/tests/fixtures/cases/crd-partitions/secondary-partition-ns1/kustomization.yaml @@ -1,5 +1,5 @@ resources: - - ../../../bases/partitions/exportedservices-secondary + - ../../../bases/exportedservices-secondary patchesStrategicMerge: - patch.yaml diff --git a/acceptance/tests/partitions/partitions_test.go b/acceptance/tests/partitions/partitions_test.go index ee53cafbdb..aa093180d3 100644 --- a/acceptance/tests/partitions/partitions_test.go +++ b/acceptance/tests/partitions/partitions_test.go @@ -608,22 +608,33 @@ func TestPartitions(t *testing.T) { k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, "http://localhost:1234") } - logger.Log(t, "creating intention") - if c.destinationNamespace == defaultNamespace { - k8s.KubectlApplyK(t, serverClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-default-default") - k8s.KubectlApplyK(t, clientClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-secondary-default") - helpers.Cleanup(t, cfg.NoCleanupOnFailure, func() { - k8s.KubectlDeleteK(t, serverClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-default-default") - k8s.KubectlDeleteK(t, clientClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-secondary-default") - }) - } else { - k8s.KubectlApplyK(t, serverClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-default-namespaces") - k8s.KubectlApplyK(t, clientClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-secondary-namespaces") - helpers.Cleanup(t, cfg.NoCleanupOnFailure, func() { - k8s.KubectlDeleteK(t, serverClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-default-namespaces") - k8s.KubectlDeleteK(t, clientClusterContext.KubectlOptions(t), "../fixtures/cases/crd-partitions/intentions-secondary-namespaces") - }) + intention := &api.ServiceIntentionsConfigEntry{ + Name: staticServerName, + Kind: api.ServiceIntentions, + Namespace: staticServerNamespace, + Sources: []*api.SourceIntention{ + { + Name: staticClientName, + Namespace: staticClientNamespace, + Action: api.IntentionActionAllow, + }, + }, + } + + // Set the destination namespace to be the same + // unless mirrorK8S is true. + if !c.mirrorK8S { + intention.Namespace = c.destinationNamespace + intention.Sources[0].Namespace = c.destinationNamespace } + + logger.Log(t, "creating intention") + intention.Sources[0].Partition = secondaryPartition + _, _, err := consulClient.ConfigEntries().Set(intention, &api.WriteOptions{Partition: defaultPartition}) + require.NoError(t, err) + intention.Sources[0].Partition = defaultPartition + _, _, err = consulClient.ConfigEntries().Set(intention, &api.WriteOptions{Partition: secondaryPartition}) + require.NoError(t, err) } logger.Log(t, "checking that connection is successful") From 27333f83c44e4864fe8228029d4103fa882343b6 Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Tue, 7 Dec 2021 14:50:55 -0500 Subject: [PATCH 14/16] fix test --- .../tests/partitions/partitions_test.go | 22 ++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/acceptance/tests/partitions/partitions_test.go b/acceptance/tests/partitions/partitions_test.go index aa093180d3..f017945e93 100644 --- a/acceptance/tests/partitions/partitions_test.go +++ b/acceptance/tests/partitions/partitions_test.go @@ -254,7 +254,7 @@ func TestPartitions(t *testing.T) { } if cfg.EnableTransparentProxy { - serverHelmValues["dns.enableRedirection"] = "true" + clientHelmValues["dns.enableRedirection"] = "true" } // Install the consul cluster without servers in the client cluster kubernetes context. @@ -473,6 +473,12 @@ func TestPartitions(t *testing.T) { require.NoError(t, err) _, _, err = consulClient.ConfigEntries().Set(intention, &api.WriteOptions{Partition: secondaryPartition}) require.NoError(t, err) + helpers.Cleanup(t, cfg.NoCleanupOnFailure, func() { + _, err := consulClient.ConfigEntries().Delete(api.ServiceIntentions, staticServerName, &api.WriteOptions{Partition: defaultPartition}) + require.NoError(t, err) + _, err = consulClient.ConfigEntries().Delete(api.ServiceIntentions, staticServerName, &api.WriteOptions{Partition: secondaryPartition}) + require.NoError(t, err) + }) } logger.Log(t, "checking that connection is successful") @@ -635,6 +641,12 @@ func TestPartitions(t *testing.T) { intention.Sources[0].Partition = defaultPartition _, _, err = consulClient.ConfigEntries().Set(intention, &api.WriteOptions{Partition: secondaryPartition}) require.NoError(t, err) + helpers.Cleanup(t, cfg.NoCleanupOnFailure, func() { + _, err := consulClient.ConfigEntries().Delete(api.ServiceIntentions, staticServerName, &api.WriteOptions{Partition: defaultPartition}) + require.NoError(t, err) + _, err = consulClient.ConfigEntries().Delete(api.ServiceIntentions, staticServerName, &api.WriteOptions{Partition: secondaryPartition}) + require.NoError(t, err) + }) } logger.Log(t, "checking that connection is successful") @@ -665,11 +677,11 @@ func TestPartitions(t *testing.T) { logger.Log(t, "checking that connection is unsuccessful") if cfg.EnableTransparentProxy { if c.destinationNamespace == defaultNamespace { - k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.vitual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, secondaryPartition)) - k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.vitual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, defaultPartition)) + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, secondaryPartition)) + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, defaultPartition)) } else { - k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.vitual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, secondaryPartition)) - k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.vitual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, defaultPartition)) + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, secondaryPartition)) + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, defaultPartition)) } } else { k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server"}, "http://localhost:1234") From a696ae6465f8042a0f282b94a7006f6a62051050 Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Tue, 7 Dec 2021 18:39:14 -0500 Subject: [PATCH 15/16] add new error message --- acceptance/framework/k8s/deploy.go | 1 + acceptance/tests/partitions/partitions_test.go | 18 +++++++++--------- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/acceptance/framework/k8s/deploy.go b/acceptance/framework/k8s/deploy.go index 6616e6f45c..2cf5e8876a 100644 --- a/acceptance/framework/k8s/deploy.go +++ b/acceptance/framework/k8s/deploy.go @@ -134,6 +134,7 @@ func CheckStaticServerConnectionFailing(t *testing.T, options *k8s.KubectlOption CheckStaticServerConnection(t, options, false, []string{ "curl: (52) Empty reply from server", "curl: (7) Failed to connect", + "curl: (56) Recv failure: Connection reset by peer", }, curlArgs...) } diff --git a/acceptance/tests/partitions/partitions_test.go b/acceptance/tests/partitions/partitions_test.go index f017945e93..e109193501 100644 --- a/acceptance/tests/partitions/partitions_test.go +++ b/acceptance/tests/partitions/partitions_test.go @@ -602,9 +602,9 @@ func TestPartitions(t *testing.T) { if c.secure { logger.Log(t, "checking that the connection is not successful because there's no intention") if cfg.EnableTransparentProxy { - if c.destinationNamespace == defaultNamespace { - k8s.CheckStaticServerConnectionFailing(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, secondaryPartition)) - k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, defaultPartition)) + if !c.mirrorK8S { + k8s.CheckStaticServerConnectionFailing(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", c.destinationNamespace, secondaryPartition)) + k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", c.destinationNamespace, defaultPartition)) } else { k8s.CheckStaticServerConnectionFailing(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, secondaryPartition)) k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, defaultPartition)) @@ -651,9 +651,9 @@ func TestPartitions(t *testing.T) { logger.Log(t, "checking that connection is successful") if cfg.EnableTransparentProxy { - if c.destinationNamespace == defaultNamespace { - k8s.CheckStaticServerConnectionSuccessful(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, secondaryPartition)) - k8s.CheckStaticServerConnectionSuccessful(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, defaultPartition)) + if !c.mirrorK8S { + k8s.CheckStaticServerConnectionSuccessful(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", c.destinationNamespace, secondaryPartition)) + k8s.CheckStaticServerConnectionSuccessful(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", c.destinationNamespace, defaultPartition)) } else { k8s.CheckStaticServerConnectionSuccessful(t, serverClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, secondaryPartition)) k8s.CheckStaticServerConnectionSuccessful(t, clientClusterStaticClientOpts, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, defaultPartition)) @@ -676,9 +676,9 @@ func TestPartitions(t *testing.T) { // from server, which is the case when a connection is unsuccessful due to intentions in other tests. logger.Log(t, "checking that connection is unsuccessful") if cfg.EnableTransparentProxy { - if c.destinationNamespace == defaultNamespace { - k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, secondaryPartition)) - k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", defaultNamespace, defaultPartition)) + if !c.mirrorK8S { + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", c.destinationNamespace, secondaryPartition)) + k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", c.destinationNamespace, defaultPartition)) } else { k8s.CheckStaticServerConnectionMultipleFailureMessages(t, serverClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, secondaryPartition)) k8s.CheckStaticServerConnectionMultipleFailureMessages(t, clientClusterStaticClientOpts, false, []string{"curl: (56) Recv failure: Connection reset by peer", "curl: (52) Empty reply from server", "curl: (7) Failed to connect to static-server.ns1 port 80: Connection refused"}, fmt.Sprintf("http://static-server.virtual.%s.ns.%s.ap.dc1.dc.consul", staticServerNamespace, defaultPartition)) From dd60b95ac7442f84aba6aaf80fcc1dec7762c512 Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Wed, 8 Dec 2021 10:00:02 -0500 Subject: [PATCH 16/16] skip t-proxy tests --- .circleci/config.yml | 2 +- acceptance/tests/partitions/partitions_test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 00c78e1e99..f84aed3235 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -70,7 +70,7 @@ commands: type: string consul-k8s-image: type: string - default: "ashwinvenkatesh/consul-k8s@sha256:5cccabeb3d5dfe4497279d5aebdaf363f3e96cdca9cfd1a0a005a75837d8fb63" + default: "docker.mirror.hashicorp.services/hashicorpdev/consul-k8s-control-plane:latest" go-path: type: string default: "/home/circleci/.go_workspace" diff --git a/acceptance/tests/partitions/partitions_test.go b/acceptance/tests/partitions/partitions_test.go index e109193501..001a2f431c 100644 --- a/acceptance/tests/partitions/partitions_test.go +++ b/acceptance/tests/partitions/partitions_test.go @@ -37,7 +37,7 @@ func TestPartitions(t *testing.T) { } if cfg.EnableTransparentProxy { - t.Skipf("skipping this test because -enable-transparent-proxy is true") + t.Skipf("skipping this test as Transparent Proxy behavior is flaky") } const defaultPartition = "default"