[NET-6426] Modify Reconcile Loop for Mesh Gateway Resources to Correc…

…tly Write Proxy State Template (#20085)
hashicorp · Jan 9, 2024 · c6c2d8b · c6c2d8b
1 parent 3b11127
commit c6c2d8b
Show file tree

Hide file tree

Showing 6 changed files with 330 additions and 14 deletions.
diff --git a/internal/mesh/internal/controllers/gatewayproxy/builder/builder.go b/internal/mesh/internal/controllers/gatewayproxy/builder/builder.go
@@ -4,6 +4,9 @@
 package builder
 
 import (
+	"github.com/hashicorp/go-hclog"
+
+	"github.com/hashicorp/consul/internal/mesh/internal/controllers/gatewayproxy/fetcher"
 	"github.com/hashicorp/consul/internal/mesh/internal/types"
 	pbauth "github.com/hashicorp/consul/proto-public/pbauth/v2beta1"
 	meshv2beta1 "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1"
@@ -12,12 +15,22 @@ import (
 )
 
 type proxyStateTemplateBuilder struct {
-	workload *types.DecodedWorkload
+	workload         *types.DecodedWorkload
+	dataFetcher      *fetcher.Fetcher
+	dc               string
+	exportedServices *types.DecodedComputedExportedServices
+	logger           hclog.Logger
+	trustDomain      string
 }
 
-func NewProxyStateTemplateBuilder(workload *types.DecodedWorkload) *proxyStateTemplateBuilder {
+func NewProxyStateTemplateBuilder(workload *types.DecodedWorkload, exportedServices *types.DecodedComputedExportedServices, logger hclog.Logger, dataFetcher *fetcher.Fetcher, dc, trustDomain string) *proxyStateTemplateBuilder {
 	return &proxyStateTemplateBuilder{
-		workload: workload,
+		workload:         workload,
+		dataFetcher:      dataFetcher,
+		dc:               dc,
+		exportedServices: exportedServices,
+		logger:           logger,
+		trustDomain:      trustDomain,
 	}
 }
 

diff --git a/internal/mesh/internal/controllers/gatewayproxy/controller.go b/internal/mesh/internal/controllers/gatewayproxy/controller.go
@@ -13,32 +13,41 @@ import (
 	"github.com/hashicorp/consul/internal/controller/dependency"
 	"github.com/hashicorp/consul/internal/mesh/internal/controllers/gatewayproxy/builder"
 	"github.com/hashicorp/consul/internal/mesh/internal/controllers/gatewayproxy/fetcher"
+	"github.com/hashicorp/consul/internal/mesh/internal/controllers/sidecarproxy"
 	"github.com/hashicorp/consul/internal/mesh/internal/controllers/sidecarproxy/cache"
+	"github.com/hashicorp/consul/internal/mesh/internal/types"
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1"
 	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1"
+	pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v2beta1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
 // ControllerName is the name for this controller. It's used for logging or status keys.
-const ControllerName = "consul.io/gateway-proxy-controller"
+const ControllerName = "consul.io/gateway-proxy"
 
 // Controller is responsible for triggering reconciler for watched resources
-func Controller(cache *cache.Cache) *controller.Controller {
+func Controller(cache *cache.Cache, trustDomainFetcher sidecarproxy.TrustDomainFetcher, dc string, defaultAllow bool) *controller.Controller {
 	// TODO NET-7016 Use caching functionality in NewController being implemented at time of writing
 	// TODO NET-7017 Add the host of other types we should watch
 	return controller.NewController(ControllerName, pbmesh.ProxyStateTemplateType).
 		WithWatch(pbcatalog.WorkloadType, dependency.ReplaceType(pbmesh.ProxyStateTemplateType)).
 		WithWatch(pbmesh.ComputedProxyConfigurationType, dependency.ReplaceType(pbmesh.ProxyStateTemplateType)).
 		WithReconciler(&reconciler{
-			cache: cache,
+			cache:          cache,
+			dc:             dc,
+			defaultAllow:   defaultAllow,
+			getTrustDomain: trustDomainFetcher,
 		})
 }
 
 // reconciler is responsible for managing the ProxyStateTemplate for all
 // gateway types: mesh, api (future) and terminating (future).
 type reconciler struct {
-	cache *cache.Cache
+	cache          *cache.Cache
+	dc             string
+	defaultAllow   bool
+	getTrustDomain sidecarproxy.TrustDomainFetcher
 }
 
 // Reconcile is responsible for creating and updating the pbmesh.ProxyStateTemplate
@@ -60,9 +69,8 @@ func (r *reconciler) Reconcile(ctx context.Context, rt controller.Runtime, req c
 	}
 
 	if workload == nil {
-		// If workload has been deleted, then return as ProxyStateTemplate should be cleaned up
-		// by the garbage collector because of the owner reference.
 		rt.Logger.Trace("workload doesn't exist; skipping reconciliation", "workload", workloadID)
+		// Workload no longer exists, let garbage collector clean up
 		return nil
 	}
 
@@ -104,7 +112,27 @@ func (r *reconciler) Reconcile(ctx context.Context, rt controller.Runtime, req c
 		rt.Logger.Trace("proxy state template for this gateway doesn't yet exist; generating a new one")
 	}
 
-	newPST := builder.NewProxyStateTemplateBuilder(workload).Build()
+	exportedServicesID := &pbresource.ID{
+		Name: "global",
+		Tenancy: &pbresource.Tenancy{
+			Partition: req.ID.Tenancy.Partition,
+		},
+		Type: pbmulticluster.ExportedServicesType,
+	}
+
+	exportedServices, err := dataFetcher.FetchExportedServices(ctx, exportedServicesID)
+	if err != nil {
+		rt.Logger.Error("error reading the associated exported services", "error", err)
+		exportedServices = &types.DecodedComputedExportedServices{}
+	}
+
+	trustDomain, err := r.getTrustDomain()
+	if err != nil {
+		rt.Logger.Error("error fetching trust domain to compute proxy state template", "error", err)
+		return err
+	}
+
+	newPST := builder.NewProxyStateTemplateBuilder(workload, exportedServices, rt.Logger, dataFetcher, r.dc, trustDomain).Build()
 
 	proxyTemplateData, err := anypb.New(newPST)
 	if err != nil {

diff --git a/internal/mesh/internal/controllers/gatewayproxy/fetcher/data_fetcher.go b/internal/mesh/internal/controllers/gatewayproxy/fetcher/data_fetcher.go
@@ -11,6 +11,7 @@ import (
 	"github.com/hashicorp/consul/internal/resource"
 	pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1"
 	pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1"
+	pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v2beta1"
 	"github.com/hashicorp/consul/proto-public/pbresource"
 )
 
@@ -34,7 +35,7 @@ func (f *Fetcher) FetchMeshGateway(ctx context.Context, id *pbresource.ID) (*typ
 		return nil, nil
 	}
 
-	return dec, err
+	return dec, nil
 }
 
 func (f *Fetcher) FetchProxyStateTemplate(ctx context.Context, id *pbresource.ID) (*types.DecodedProxyStateTemplate, error) {
@@ -45,7 +46,7 @@ func (f *Fetcher) FetchProxyStateTemplate(ctx context.Context, id *pbresource.ID
 		return nil, nil
 	}
 
-	return dec, err
+	return dec, nil
 }
 
 func (f *Fetcher) FetchWorkload(ctx context.Context, id *pbresource.ID) (*types.DecodedWorkload, error) {
@@ -56,5 +57,27 @@ func (f *Fetcher) FetchWorkload(ctx context.Context, id *pbresource.ID) (*types.
 		return nil, nil
 	}
 
-	return dec, err
+	return dec, nil
+}
+
+func (f *Fetcher) FetchExportedServices(ctx context.Context, id *pbresource.ID) (*types.DecodedComputedExportedServices, error) {
+	dec, err := resource.GetDecodedResource[*pbmulticluster.ComputedExportedServices](ctx, f.client, id)
+	if err != nil {
+		return nil, err
+	} else if dec == nil {
+		return nil, nil
+	}
+
+	return dec, nil
+}
+
+func (f *Fetcher) FetchService(ctx context.Context, id *pbresource.ID) (*types.DecodedService, error) {
+	dec, err := resource.GetDecodedResource[*pbcatalog.Service](ctx, f.client, id)
+	if err != nil {
+		return nil, err
+	} else if dec == nil {
+		return nil, nil
+	}
+
+	return dec, nil
 }