Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of agent: remove agent cache dependency from service mesh leaf certificate management into release/1.16.x #17704

Merged
merged 2 commits into from
Jun 13, 2023
Merged

Backport of agent: remove agent cache dependency from service mesh leaf certificate management into release/1.16.x #17704

merged 2 commits into from
Jun 13, 2023

Conversation

hc-github-team-consul-core
Copy link
Collaborator

Backport

This PR is auto-generated from #17075 to be assessed for backporting due to the inclusion of the label backport/1.16.

The below text is copied from the body of the original PR.

Description

This extracts the leaf cert management from within the agent cache.

This code was produced by the following process:

  1. All tests in agent/cache, agent/cache-types, agent/auto-config, agent/consul/servercert were run at each stage.
    1. The tests in agent matching .*Leaf were run at each stage.
    2. The tests in agent/leafcert were run at each stage after they existed.
  2. The former leaf cert Fetch implementation was extracted into a new package behind a "fake RPC" endpoint to make it look almost like all other cache type internals.
  3. The old cache type was shimmed to use the fake RPC endpoint and generally cleaned up.
  4. I selectively duplicated all of Get/Notify/NotifyCallback/Prepopulate from the agent/cache.Cache implementation over into the new package. This was renamed as leafcert.Manager.
    1. Code that was irrelevant to the leaf cert type was deleted (inlining blocking=true, refresh=false)
  5. Everything that used the leaf cert cache type (including proxycfg stuff) was shifted to use the leafcert.Manager instead.
  6. agent/cache-types tests were moved and gently replumbed to execute as-is against a leafcert.Manager.
  7. Inspired by some of the locking changes from derek's branch I split the fat lock into N+1 locks.
  8. The waiter chan struct{} was eventually replaced with a singleflight.Group around cache updates, which was likely the biggest net structural change.
  9. The awkward two layers or logic produced as a byproduct of marrying the agent cache management code with the leaf cert type code was slowly coalesced and flattened to remove confusion.
  10. The .*Leaf tests from the agent package were copied and made to work directly against a leafcert.Manager to increase direct coverage.

Testing & Reproduction steps

I have done a best effort attempt to port the previous leaf-cert cache type's tests over in spirit, as well as to take the e2e-ish tests in the agent package with Leaf in the test name and copy those into the agent/leafcert package to get more direct coverage, rather than coverage tangled up in the agent logic.

There is no net-new test coverage, just coverage that was pushed around from elsewhere.

PR Checklist

  • updated test coverage
  • external facing docs updated
    • Depending upon if we ultimately decide to add some token metrics, those pages will need updated.
Overview of commits

@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/leafcerts-without-agent-cache/exactly-joint-tuna branch from fc0359e to 3944ffb Compare June 13, 2023 15:55
@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/leafcerts-without-agent-cache/exactly-joint-tuna branch from 3d576da to 8fe8992 Compare June 13, 2023 15:55
@hc-github-team-consul-core hc-github-team-consul-core enabled auto-merge (squash) June 13, 2023 15:55
github-team-consul-core-pr-approver
github-team-consul-core-pr-approver approved these changes Jun 13, 2023
View reviewed changes
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto approved Consul Bot automated PR

@vercel vercel bot temporarily deployed to Preview – consul June 13, 2023 16:05 Inactive
@hc-github-team-consul-core hc-github-team-consul-core merged commit b00233d into release/1.16.x Jun 13, 2023
@hc-github-team-consul-core hc-github-team-consul-core deleted the backport/leafcerts-without-agent-cache/exactly-joint-tuna branch June 13, 2023 16:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-team-consul-core-pr-approver github-team-consul-core-pr-approver github-team-consul-core-pr-approver approved these changes

@rboyer rboyer Awaiting requested review from rboyer

Assignees

@rboyer rboyer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hc-github-team-consul-core @github-team-consul-core-pr-approver @rboyer