hashicorp · ishustava · Aug 1, 2022 · Aug 1, 2022 · Aug 2, 2022 · Aug 2, 2022
@@ -100,7 +100,9 @@ commands:
                           << parameters.additional-flags >> \
                           ${ENABLE_ENTERPRISE:+-enable-enterprise} \
                           -enable-multi-cluster \
+                          -run TestPeering_* \
                           -debug-directory="$TEST_RESULTS/debug" \
+                          -consul-image=docker.mirror.hashicorp.services/hashicorppreview/consul-enterprise:1.13-dev \
                           -consul-k8s-image=<< parameters.consul-k8s-image >>
                     then
                       echo "Tests in ${pkg} failed, aborting early"
@@ -132,6 +134,7 @@ commands:
                       -enable-multi-cluster \
                       ${ENABLE_ENTERPRISE:+-enable-enterprise} \
                       -debug-directory="$TEST_RESULTS/debug" \
+                      -consul-image=docker.mirror.hashicorp.services/hashicorppreview/consul-enterprise:1.13-dev \
                       -consul-k8s-image=<< parameters.consul-k8s-image >>
 
 jobs:
@@ -997,10 +1000,52 @@ workflows:
             - build-distros-linux
       # Run acceptance tests using the docker image built for the control plane
       - acceptance:
+          name: acceptance1
           context: consul-ci
           requires:
             - dev-upload-docker
       - acceptance-tproxy:
+          name: acceptance2
+          context: consul-ci
+          requires:
+            - dev-upload-docker
+      - acceptance:
+          name: acceptance3
+          context: consul-ci
+          requires:
+            - dev-upload-docker
+      - acceptance-tproxy:
+          name: acceptance4
+          context: consul-ci
+          requires:
+            - dev-upload-docker
+      - acceptance:
+          name: acceptance5
+          context: consul-ci
+          requires:
+            - dev-upload-docker
+      - acceptance-tproxy:
+          name: acceptance6
+          context: consul-ci
+          requires:
+            - dev-upload-docker
+      - acceptance:
+          name: acceptance7
+          context: consul-ci
+          requires:
+            - dev-upload-docker
+      - acceptance-tproxy:
+          name: acceptance8
+          context: consul-ci
+          requires:
+            - dev-upload-docker
+      - acceptance:
+          name: acceptance9
+          context: consul-ci
+          requires:
+            - dev-upload-docker
+      - acceptance-tproxy:
+          name: acceptance10
           context: consul-ci
           requires:
             - dev-upload-docker

@@ -2,6 +2,8 @@ package k8s
 
 import (
 	"context"
+	"encoding/base64"
+	"encoding/json"
 	"fmt"
 	"strings"
 	"testing"
@@ -136,6 +138,14 @@ func CopySecret(t *testing.T, sourceContext, destContext environment.TestContext
 		secret.ResourceVersion = ""
 		require.NoError(r, err)
 	})
+	secretData := secret.Data["data"]
+
+	var token map[string]interface{}
+	// Decode the token to extract the ServerName and PeerID from the token. CA is always NULL.
+	decodeBytes, err := base64.StdEncoding.DecodeString(string(secretData))
+	require.NoError(t, err)
+	err = json.Unmarshal(decodeBytes, &token)
+	logger.Log(t, "peering token", token)
 	_, err = destContext.KubernetesClient(t).CoreV1().Secrets(destContext.KubectlOptions(t).Namespace).Create(context.Background(), secret, metav1.CreateOptions{})
 	require.NoError(t, err)
 }
@@ -94,15 +94,15 @@ func KubectlApplyK(t *testing.T, options *k8s.KubectlOptions, kustomizeDir strin
 // deletes it from the cluster by running 'kubectl delete -f'.
 // If there's an error deleting the file, fail the test.
 func KubectlDelete(t *testing.T, options *k8s.KubectlOptions, configPath string) {
-	_, err := RunKubectlAndGetOutputE(t, options, "delete", "-f", configPath)
+	_, err := RunKubectlAndGetOutputE(t, options, "delete", "--timeout=60s", "-f", configPath)
 	require.NoError(t, err)
 }
 
 // KubectlDeleteK takes a path to a kustomize directory and
 // deletes it from the cluster by running 'kubectl delete -k'.
 // If there's an error deleting the file, fail the test.
 func KubectlDeleteK(t *testing.T, options *k8s.KubectlOptions, kustomizeDir string) {
-	_, err := RunKubectlAndGetOutputE(t, options, "delete", "-k", kustomizeDir)
+	_, err := RunKubectlAndGetOutputE(t, options, "delete", "--timeout=60s", "-k", kustomizeDir)
 	require.NoError(t, err)
 }
 

@@ -54,36 +54,36 @@ func TestPeering_ConnectNamespaces(t *testing.T) {
 			false,
 			false,
 		},
-		{
-			"single destination namespace",
-			staticServerNamespace,
-			false,
-			false,
-		},
-		{
-			"mirror k8s namespaces",
-			staticServerNamespace,
-			true,
-			false,
-		},
-		{
-			"default destination namespace",
-			defaultNamespace,
-			false,
-			true,
-		},
-		{
-			"single destination namespace",
-			staticServerNamespace,
-			false,
-			true,
-		},
-		{
-			"mirror k8s namespaces",
-			staticServerNamespace,
-			true,
-			true,
-		},
+		//{
+		//	"single destination namespace",
+		//	staticServerNamespace,
+		//	false,
+		//	false,
+		//},
+		//{
+		//	"mirror k8s namespaces",
+		//	staticServerNamespace,
+		//	true,
+		//	false,
+		//},
+		//{
+		//	"default destination namespace",
+		//	defaultNamespace,
+		//	false,
+		//	true,
+		//},
+		//{
+		//	"single destination namespace",
+		//	staticServerNamespace,
+		//	false,
+		//	true,
+		//},
+		//{
+		//	"mirror k8s namespaces",
+		//	staticServerNamespace,
+		//	true,
+		//	true,
+		//},
 	}
 
 	for _, c := range cases {
@@ -95,8 +95,6 @@ func TestPeering_ConnectNamespaces(t *testing.T) {
 				"global.peering.enabled":        "true",
 				"global.enableConsulNamespaces": "true",
 
-				"global.image": "thisisnotashwin/consul@sha256:b1d3f59406adf5fb9a3bee4ded058e619d3a186e83b2e2dc14d6da3f28a7073d",
-
 				"global.tls.enabled":           "true",
 				"global.tls.httpsOnly":         strconv.FormatBool(c.ACLsAndAutoEncryptEnabled),
 				"global.tls.enableAutoEncrypt": strconv.FormatBool(c.ACLsAndAutoEncryptEnabled),

@@ -54,8 +54,6 @@ func TestPeering_Connect(t *testing.T) {
 			commonHelmValues := map[string]string{
 				"global.peering.enabled": "true",
 
-				"global.image": "thisisnotashwin/consul@sha256:b1d3f59406adf5fb9a3bee4ded058e619d3a186e83b2e2dc14d6da3f28a7073d",
-
 				"global.tls.enabled":           "true",
 				"global.tls.httpsOnly":         strconv.FormatBool(c.ACLsAndAutoEncryptEnabled),
 				"global.tls.enableAutoEncrypt": strconv.FormatBool(c.ACLsAndAutoEncryptEnabled),

@@ -32,6 +32,11 @@ data:
       },
       "recursors": {{ .Values.global.recursors | toJson }},
       "retry_join": ["{{template "consul.fullname" . }}-server.{{ .Release.Namespace }}.svc:{{ .Values.server.ports.serflan.port }}"],
+      {{- if .Values.global.peering.enabled }}
+      "peering": {
+        "enabled": true
+      },
+      {{- end }}
       "server": true
     }
   {{- $vaultConnectCAEnabled := and .Values.global.secretsBackend.vault.connectCA.address .Values.global.secretsBackend.vault.connectCA.rootPKIPath .Values.global.secretsBackend.vault.connectCA.intermediatePKIPath -}}

@@ -905,3 +905,28 @@ load _helpers
 
   [ "${actual}" = null ]
 }
+
+#--------------------------------------------------------------------
+# peering
+
+@test "server/ConfigMap: peering configuration is unspecified by default" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/server-config-configmap.yaml  \
+      . | tee /dev/stderr |
+      yq -r '.data["server.json"]' | jq -r .peering | tee /dev/stderr)
+
+  [ "${actual}" = "null" ]
+}
+
+@test "server/ConfigMap: peering configuration is set by if global.peering.enabled is true" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/server-config-configmap.yaml  \
+      --set 'global.peering.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq -r '.data["server.json"]' | jq -r .peering.enabled | tee /dev/stderr)
+
+  [ "${actual}" = "true" ]
+}