Skip to content

Commit

Permalink
Fix topoloy intention with mixed connect-native/normal services.
Browse files Browse the repository at this point in the history
If a service is registered twice, once with connect-native and once
without, the topology views would prune the existing intentions. This
change brings the code more in line with the transparent proxy behavior.
  • Loading branch information
apollo13 committed Feb 27, 2023
1 parent c771346 commit 4e3320e
Show file tree
Hide file tree
Showing 3 changed files with 74 additions and 7 deletions.
3 changes: 3 additions & 0 deletions .changelog/13023.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
ui: the topology view now properly checks for intentions with mixed connect native / normal services.
```
12 changes: 8 additions & 4 deletions agent/consul/state/catalog.go
Original file line number Diff line number Diff line change
Expand Up @@ -4373,13 +4373,17 @@ func (s *Store) ServiceTopology(
maxIdx = idx
}

// Store downstreams with at least one instance in transparent proxy mode.
// Store downstreams with at least one instance in transparent proxy or connect native mode.
// This is to avoid returning downstreams from intentions when none of the downstreams are transparent proxies.
tproxyMap := make(map[structs.ServiceName]struct{})
proxyMap := make(map[structs.ServiceName]struct{})
for _, downstream := range unfilteredDownstreams {
if downstream.Service.Proxy.Mode == structs.ProxyModeTransparent {
sn := structs.NewServiceName(downstream.Service.Proxy.DestinationServiceName, &downstream.Service.EnterpriseMeta)
tproxyMap[sn] = struct{}{}
proxyMap[sn] = struct{}{}
}
if downstream.Service.Connect.Native {
sn := structs.NewServiceName(downstream.Service.Service, &downstream.Service.EnterpriseMeta)
proxyMap[sn] = struct{}{}
}
}

Expand All @@ -4389,7 +4393,7 @@ func (s *Store) ServiceTopology(
if downstream.Service.Kind == structs.ServiceKindConnectProxy {
sn = structs.NewServiceName(downstream.Service.Proxy.DestinationServiceName, &downstream.Service.EnterpriseMeta)
}
if _, ok := tproxyMap[sn]; !ok && !downstream.Service.Connect.Native && downstreamSources[sn.String()] != structs.TopologySourceRegistration {
if _, ok := proxyMap[sn]; !ok && downstreamSources[sn.String()] != structs.TopologySourceRegistration {
// If downstream is not a transparent proxy or connect native, remove references
delete(downstreamSources, sn.String())
delete(downstreamDecisions, sn.String())
Expand Down
66 changes: 63 additions & 3 deletions agent/ui_endpoint_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1678,19 +1678,43 @@ func TestUIServiceTopology(t *testing.T) {
SkipNodeUpdate: true,
Service: &structs.NodeService{
Kind: structs.ServiceKindTypical,
ID: "cproxy",
ID: "cproxy-https",
Service: "cproxy",
Port: 1111,
Address: "198.18.1.70",
Tags: []string{"https"},
Connect: structs.ServiceConnect{Native: true},
},
Checks: structs.HealthChecks{
&structs.HealthCheck{
Node: "cnative",
CheckID: "cnative:cproxy",
CheckID: "cnative:cproxy-https",
Name: "cproxy-liveness",
Status: api.HealthPassing,
ServiceID: "cproxy",
ServiceID: "cproxy-https",
ServiceName: "cproxy",
},
},
},
"Service cproxy/http on cnative": {
Datacenter: "dc1",
Node: "cnative",
SkipNodeUpdate: true,
Service: &structs.NodeService{
Kind: structs.ServiceKindTypical,
ID: "cproxy-http",
Service: "cproxy",
Port: 1112,
Address: "198.18.1.70",
Tags: []string{"http"},
},
Checks: structs.HealthChecks{
&structs.HealthCheck{
Node: "cnative",
CheckID: "cnative:cproxy-http",
Name: "cproxy-liveness",
Status: api.HealthPassing,
ServiceID: "cproxy-http",
ServiceName: "cproxy",
},
},
Expand Down Expand Up @@ -2116,6 +2140,42 @@ func TestUIServiceTopology(t *testing.T) {
FilteredByACLs: false,
},
},
{
name: "cbackend",
httpReq: func() *http.Request {
req, _ := http.NewRequest("GET", "/v1/internal/ui/service-topology/cbackend?kind=", nil)
return req
}(),
want: &ServiceTopology{
Protocol: "http",
TransparentProxy: false,
Upstreams: []*ServiceTopologySummary{},
Downstreams: []*ServiceTopologySummary{
{
ServiceSummary: ServiceSummary{
Name: "cproxy",
Datacenter: "dc1",
Tags: []string{"http", "https"},
Nodes: []string{"cnative", "cnative", "cnative"},
InstanceCount: 3,
ChecksPassing: 3,
ChecksWarning: 0,
ChecksCritical: 0,
ConnectNative: true,
EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition(),
},
Intention: structs.IntentionDecisionSummary{
DefaultAllow: true,
Allowed: true,
HasPermissions: false,
HasExact: true,
},
Source: structs.TopologySourceSpecificIntention,
},
},
FilteredByACLs: false,
},
},
}

for _, tc := range tcs {
Expand Down

0 comments on commit 4e3320e

Please sign in to comment.