diff --git a/sprawl/acl.go b/sprawl/acl.go index 55991085d344..faae5cc57427 100644 --- a/sprawl/acl.go +++ b/sprawl/acl.go @@ -309,7 +309,11 @@ func CreateOrUpdatePolicy(client *api.Client, p *api.ACLPolicy) (*api.ACLPolicy, Partition: p.Partition, Namespace: p.Namespace, }) - if err != nil { + + // There is a quirk about Consul 1.14.x, where: if reading a policy yields + // an empty result, we return "ACL not found". It's safe to ignore this here, + // because if the Client's ACL token truly doesn't exist, then the create fails below. + if err != nil && !strings.Contains(err.Error(), "ACL not found") { return nil, err } else if currentPolicy != nil { p.ID = currentPolicy.ID diff --git a/sprawl/internal/tfgen/agent.go b/sprawl/internal/tfgen/agent.go index 91c0b4ae1686..15ef56389da3 100644 --- a/sprawl/internal/tfgen/agent.go +++ b/sprawl/internal/tfgen/agent.go @@ -107,6 +107,7 @@ func (g *Generator) generateAgentHCL(step Step, node *topology.Node) (string, er b.add("grpc", 8502) b.add("grpc_tls", -1) } + b.add("http", 8500) b.add("dns", 8600) }) diff --git a/sprawl/internal/tfgen/nodes.go b/sprawl/internal/tfgen/nodes.go index b360a3352a70..fdde054ea810 100644 --- a/sprawl/internal/tfgen/nodes.go +++ b/sprawl/internal/tfgen/nodes.go @@ -24,7 +24,7 @@ type terraformConsulAgent struct { ImageResource string HCL string EnterpriseLicense string - // Env: map[string]string{"CONSUL_LICENSE": opts.license}, + Env []string } type terraformMeshGatewayService struct { @@ -94,6 +94,7 @@ func (g *Generator) generateNodeContainers( ImageResource: DockerImageResourceName(node.Images.Consul), HCL: agentHCL, EnterpriseLicense: g.license, + Env: node.AgentEnv, } switch { diff --git a/sprawl/internal/tfgen/templates/container-consul.tf.tmpl b/sprawl/internal/tfgen/templates/container-consul.tf.tmpl index 93b3e2460051..01f7f3fb4d7d 100644 --- a/sprawl/internal/tfgen/templates/container-consul.tf.tmpl +++ b/sprawl/internal/tfgen/templates/container-consul.tf.tmpl @@ -5,9 +5,12 @@ resource "docker_container" "{{.Node.DockerName}}" { restart = "always" env = [ - "CONSUL_UID=0", - "CONSUL_GID=0", - "CONSUL_LICENSE={{.EnterpriseLicense}}", + "CONSUL_UID=0", + "CONSUL_GID=0", + "CONSUL_LICENSE={{.EnterpriseLicense}}", +{{- range .Env }} + "{{.}}", +{{- end}} ] {{- range $k, $v := .Labels }} diff --git a/topology/topology.go b/topology/topology.go index b27a9aa6978d..fbdf2605d53f 100644 --- a/topology/topology.go +++ b/topology/topology.go @@ -429,6 +429,9 @@ type Node struct { // the enclosing Cluster. Images Images + // AgentEnv contains optional environment variables to attach to Consul agents. + AgentEnv []string + Disabled bool `json:",omitempty"` Addresses []*Address @@ -437,8 +440,10 @@ type Node struct { // denormalized at topology compile Cluster string Datacenter string + // computed at topology compile Index int + // generated during network-and-tls TLSCertPrefix string `json:",omitempty"`