Merge 65b82cb into backport/add-checks-apigw-creation-no-routes/perso…

…nally-winning-foxhound
hashicorp · Mar 20, 2023 · ceeddce · ceeddce
2 parents 07209ef + 65b82cb
commit ceeddce
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 3 deletions.
diff --git a/.changelog/16649.txt b/.changelog/16649.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+gateways: Adds validation to ensure the API Gateway has a listener defined when created
+```
diff --git a/agent/structs/config_entry_gateways.go b/agent/structs/config_entry_gateways.go
@@ -1,7 +1,6 @@
 package structs
 
 import (
-	"errors"
 	"fmt"
 	"regexp"
 	"sort"
@@ -771,7 +770,7 @@ func (e *APIGatewayConfigEntry) Validate() error {
 	}
 
 	if len(e.Listeners) == 0 {
-		return errors.New("api gateway must have at least one listener")
+		return fmt.Errorf("api gateway must have at least one listener")
 	}
 	if err := e.validateListenerNames(); err != nil {
 		return err
@@ -830,7 +829,7 @@ func (e *APIGatewayConfigEntry) validateListeners() error {
 		}
 		if listener.Port <= 0 || listener.Port > 65535 {
 			return fmt.Errorf("listener port %d not in the range 1-65535", listener.Port)
-		}
+		}| api-gateway         | `mesh:write`   |
 		if strings.ContainsRune(strings.TrimPrefix(listener.Hostname, wildcardPrefix), '*') {
 			return fmt.Errorf("host %q is not valid, a wildcard specifier is only allowed as the left-most label", listener.Hostname)
 		}

diff --git a/website/content/commands/config/delete.mdx b/website/content/commands/config/delete.mdx
@@ -27,6 +27,7 @@ are not supported from commands, but may be from the corresponding HTTP endpoint
 
 | Config Entry Kind   | Required ACL       |
 | ------------------- | ------------------ |
+| api-gateway         | `mesh:write`   |
 | ingress-gateway     | `operator:write`   |
 | proxy-defaults      | `operator:write`   |
 | service-defaults    | `service:write`    |

diff --git a/website/content/commands/config/list.mdx b/website/content/commands/config/list.mdx
@@ -27,6 +27,7 @@ are not supported from commands, but may be from the corresponding HTTP endpoint
 
 | Config Entry Kind   | Required ACL      |
 | ------------------- | ----------------- |
+| api-gateway     | `mesh:read`    |
 | ingress-gateway     | `service:read`    |
 | proxy-defaults      | `<none>`          |
 | service-defaults    | `service:read`    |

diff --git a/website/content/commands/config/read.mdx b/website/content/commands/config/read.mdx
@@ -28,6 +28,7 @@ are not supported from commands, but may be from the corresponding HTTP endpoint
 
 | Config Entry Kind   | Required ACL      |
 | ------------------- | ----------------- |
+| api-gateway     | `mesh:read`    |
 | ingress-gateway     | `service:read`    |
 | proxy-defaults      | `<none>`          |
 | service-defaults    | `service:read`    |

diff --git a/website/content/commands/config/write.mdx b/website/content/commands/config/write.mdx
@@ -30,6 +30,7 @@ are not supported from commands, but may be from the corresponding HTTP endpoint
 
 | Config Entry Kind   | Required ACL       |
 | ------------------- | ------------------ |
+| api-gateway         | `mesh:write`   |
 | ingress-gateway     | `operator:write`   |
 | proxy-defaults      | `operator:write`   |
 | service-defaults    | `service:write`    |