hashicorp · absolutelightning · Oct 26, 2023 · Oct 9, 2023 · Oct 9, 2023 · Oct 9, 2023
@@ -7,6 +7,7 @@ import (
 	"github.com/hashicorp/consul/internal/auth"
 	"github.com/hashicorp/consul/internal/catalog"
 	"github.com/hashicorp/consul/internal/mesh"
+	"github.com/hashicorp/consul/internal/multicluster"
 	"github.com/hashicorp/consul/internal/resource"
 	"github.com/hashicorp/consul/internal/resource/demo"
 	"github.com/hashicorp/consul/internal/tenancy"
@@ -27,6 +28,7 @@ func NewTypeRegistry() resource.Registry {
 	catalog.RegisterTypes(registry)
 	auth.RegisterTypes(registry)
 	tenancy.RegisterTypes(registry)
+	multicluster.RegisterTypes(registry)
 
 	return registry
 }
@@ -0,0 +1,22 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package multicluster
+
+import (
+	"github.com/hashicorp/consul/internal/multicluster/internal/types"
+	"github.com/hashicorp/consul/internal/resource"
+)
+
+var (
+	// API Group Information
+	APIGroup        = types.GroupName
+	VersionV1Alpha1 = types.VersionV1Alpha1
+	CurrentVersion  = types.CurrentVersion
+)
+
+// RegisterTypes adds all resource types within the "multicluster" API group
+// to the given type registry
+func RegisterTypes(r resource.Registry) {
+	types.Register(r)
+}
@@ -0,0 +1,61 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package types
+
+import (
+	"fmt"
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/internal/resource"
+	pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/go-multierror"
+)
+
+const (
+	ComputedExportedServicesName = "global"
+)
+
+func RegisterComputedExportedServices(r resource.Registry) {
+	r.Register(resource.Registration{
+		Type:     pbmulticluster.ComputedExportedServicesType,
+		Proto:    &pbmulticluster.ComputedExportedServices{},
+		Scope:    resource.ScopePartition,
+		Validate: ValidateComputedExportedServices,
+		ACLs: &resource.ACLHooks{
+			Read:  aclReadHookComputedExportedServices,
+			Write: aclWriteHookComputedExportedServices,
+			List:  aclListHookComputedExportedServices,
+		},
+	})
+}
+
+func ValidateComputedExportedServices(res *pbresource.Resource) error {
+	var computedExportedServices pbmulticluster.ComputedExportedServices
+
+	if err := res.Data.UnmarshalTo(&computedExportedServices); err != nil {
+		return resource.NewErrDataParse(&computedExportedServices, err)
+	}
+
+	var merr error
+
+	if res.Id.Name != ComputedExportedServicesName {
+		merr = multierror.Append(merr, resource.ErrInvalidField{
+			Name:    "name",
+			Wrapped: fmt.Errorf("name can only be \"global\""),
+		})
+	}
+	return merr
+}
+
+func aclReadHookComputedExportedServices(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID, _ *pbresource.Resource) error {
+	return authorizer.ToAllowAuthorizer().MeshReadAllowed(authzContext)
+}
+
+func aclWriteHookComputedExportedServices(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error {
+	return authorizer.ToAllowAuthorizer().MeshWriteAllowed(authzContext)
+}
+
+func aclListHookComputedExportedServices(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext) error {
+	return nil
+}
@@ -0,0 +1,97 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package types
+
+import (
+	"errors"
+	multiclusterv1alpha1 "github.com/hashicorp/consul/proto-public/pbmulticluster/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/types/known/anypb"
+	"testing"
+)
+
+func createComputedExportedServicesResource(t *testing.T, data protoreflect.ProtoMessage, name string) *pbresource.Resource {
+	res := &pbresource.Resource{
+		Id: &pbresource.ID{
+			Type: multiclusterv1alpha1.ComputedExportedServicesType,
+			Name: name,
+		},
+	}
+
+	var err error
+	res.Data, err = anypb.New(data)
+	require.NoError(t, err)
+	return res
+}
+
+func validComputedExportedServicesWithPeer() *multiclusterv1alpha1.ComputedExportedServices {
+	consumers := make([]*multiclusterv1alpha1.ComputedExportedService, 1)
+	consumers[0] = new(multiclusterv1alpha1.ComputedExportedService)
+	var computedExportedServicePeer *multiclusterv1alpha1.ComputedExportedServicesConsumer_Peer
+	computedExportedServicePeer = new(multiclusterv1alpha1.ComputedExportedServicesConsumer_Peer)
+	computedExportedServicePeer.Peer = "peer"
+	consumers[0].Consumers = []*multiclusterv1alpha1.ComputedExportedServicesConsumer{
+		{
+			ConsumerTenancy: computedExportedServicePeer,
+		},
+	}
+	return &multiclusterv1alpha1.ComputedExportedServices{
+		Consumers: consumers,
+	}
+}
+
+func validComputedExportedServicesWithPartition() *multiclusterv1alpha1.ComputedExportedServices {
+	consumers := make([]*multiclusterv1alpha1.ComputedExportedService, 1)
+	consumers[0] = new(multiclusterv1alpha1.ComputedExportedService)
+	var computedExportedServicePartition *multiclusterv1alpha1.ComputedExportedServicesConsumer_Partition
+	computedExportedServicePartition = new(multiclusterv1alpha1.ComputedExportedServicesConsumer_Partition)
+	computedExportedServicePartition.Partition = "partition"
+	consumers[0].Consumers = []*multiclusterv1alpha1.ComputedExportedServicesConsumer{
+		{
+			ConsumerTenancy: computedExportedServicePartition,
+		},
+	}
+	return &multiclusterv1alpha1.ComputedExportedServices{
+		Consumers: consumers,
+	}
+}
+
+func TestValidateComputedExportedServicesWithPeer_Ok(t *testing.T) {
+	res := createComputedExportedServicesResource(t, validComputedExportedServicesWithPeer(), ComputedExportedServicesName)
+
+	err := ValidateComputedExportedServices(res)
+	require.NoError(t, err)
+
+	var resDecoded multiclusterv1alpha1.ComputedExportedServices
+	err = res.Data.UnmarshalTo(&resDecoded)
+	require.NoError(t, err)
+	require.Equal(t, 1, len(resDecoded.Consumers))
+	require.Equal(t, 1, len(resDecoded.Consumers[0].Consumers))
+	require.Equal(t, "peer", resDecoded.Consumers[0].Consumers[0].GetPeer())
+}
+
+func TestValidateComputedExportedServicesWithPartition_Ok(t *testing.T) {
+	res := createComputedExportedServicesResource(t, validComputedExportedServicesWithPartition(), ComputedExportedServicesName)
+
+	err := ValidateComputedExportedServices(res)
+	require.NoError(t, err)
+
+	var resDecoded multiclusterv1alpha1.ComputedExportedServices
+	err = res.Data.UnmarshalTo(&resDecoded)
+	require.NoError(t, err)
+	require.Equal(t, 1, len(resDecoded.Consumers))
+	require.Equal(t, 1, len(resDecoded.Consumers[0].Consumers))
+	require.Equal(t, "partition", resDecoded.Consumers[0].Consumers[0].GetPartition())
+}
+
+func TestValidateComputedExportedServices_InvalidName(t *testing.T) {
+	res := createComputedExportedServicesResource(t, validComputedExportedServicesWithPartition(), "computed-service")
+
+	err := ValidateComputedExportedServices(res)
+	require.Error(t, err)
+	expectedError := errors.New("invalid \"name\" field: name can only be \"global\"")
+	require.ErrorAs(t, err, &expectedError)
+}
@@ -0,0 +1,61 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package types
+
+import (
+	"fmt"
+	"github.com/hashicorp/consul/acl"
+	"github.com/hashicorp/consul/internal/resource"
+	pbmulticluster "github.com/hashicorp/consul/proto-public/pbmulticluster/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/hashicorp/go-multierror"
+)
+
+func RegisterExportedServices(r resource.Registry) {
+	r.Register(resource.Registration{
+		Type:     pbmulticluster.ExportedServicesType,
+		Proto:    &pbmulticluster.ExportedServices{},
+		Scope:    resource.ScopeNamespace,
+		Validate: ValidateExportedServices,
+		ACLs: &resource.ACLHooks{
+			Read:  aclReadHookExportedServices,
+			Write: aclWriteHookExportedServices,
+			List:  aclListHookExportedServices,
+		},
+	})
+}
+
+func ValidateExportedServices(res *pbresource.Resource) error {
+	var exportedService pbmulticluster.ExportedServices
+
+	if err := res.Data.UnmarshalTo(&exportedService); err != nil {
+		return resource.NewErrDataParse(&exportedService, err)
+	}
+
+	var merr error
+
+	if exportedService.Services == nil || len(exportedService.Services) == 0 {
+		merr = multierror.Append(merr, resource.ErrInvalidField{
+			Name:    "services",
+			Wrapped: fmt.Errorf("at least one service must be set"),
+		})
+	}
+	return merr
+}
+
+func aclReadHookExportedServices(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, id *pbresource.ID, _ *pbresource.Resource) error {
+	serviceName := id.Name
+
+	return authorizer.ToAllowAuthorizer().ServiceReadAllowed(serviceName, authzContext)
+}
+
+func aclWriteHookExportedServices(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error {
+	serviceName := res.Id.Name
+
+	return authorizer.ToAllowAuthorizer().ServiceWriteAllowed(serviceName, authzContext)
+}
+
+func aclListHookExportedServices(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext) error {
+	return nil
+}
@@ -0,0 +1,110 @@
+// Copyright (c) HashiCorp, Inc.
+// SPDX-License-Identifier: BUSL-1.1
+
+package types
+
+import (
+	"errors"
+	multiclusterv1alpha1 "github.com/hashicorp/consul/proto-public/pbmulticluster/v1alpha1"
+	"github.com/hashicorp/consul/proto-public/pbresource"
+	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/reflect/protoreflect"
+	"google.golang.org/protobuf/types/known/anypb"
+	"testing"
+)
+
+func createExportedServicesResource(t *testing.T, data protoreflect.ProtoMessage) *pbresource.Resource {
+	res := &pbresource.Resource{
+		Id: &pbresource.ID{
+			Type: multiclusterv1alpha1.ExportedServicesType,
+			Name: "exported-services-1",
+		},
+	}
+
+	var err error
+	res.Data, err = anypb.New(data)
+	require.NoError(t, err)
+	return res
+}
+
+func validExportedServicesWithPeer() *multiclusterv1alpha1.ExportedServices {
+	consumers := make([]*multiclusterv1alpha1.ExportedServicesConsumer, 1)
+	consumers[0] = new(multiclusterv1alpha1.ExportedServicesConsumer)
+	consumers[0].ConsumerTenancy = &multiclusterv1alpha1.ExportedServicesConsumer_Peer{Peer: "peer"}
+	return &multiclusterv1alpha1.ExportedServices{
+		Services:  []string{"api", "frontend", "backend"},
+		Consumers: consumers,
+	}
+}
+
+func validExportedServicesWithPartition() *multiclusterv1alpha1.ExportedServices {
+	consumers := make([]*multiclusterv1alpha1.ExportedServicesConsumer, 1)
+	consumers[0] = new(multiclusterv1alpha1.ExportedServicesConsumer)
+	consumers[0].ConsumerTenancy = &multiclusterv1alpha1.ExportedServicesConsumer_Partition{Partition: "partition"}
+	return &multiclusterv1alpha1.ExportedServices{
+		Services:  []string{"api", "frontend", "backend"},
+		Consumers: consumers,
+	}
+}
+
+func validExportedServicesWithSamenessGroup() *multiclusterv1alpha1.ExportedServices {
+	consumers := make([]*multiclusterv1alpha1.ExportedServicesConsumer, 1)
+	consumers[0] = new(multiclusterv1alpha1.ExportedServicesConsumer)
+	consumers[0].ConsumerTenancy = &multiclusterv1alpha1.ExportedServicesConsumer_SamenessGroup{SamenessGroup: "sameness_group"}
+	return &multiclusterv1alpha1.ExportedServices{
+		Services:  []string{"api", "frontend", "backend"},
+		Consumers: consumers,
+	}
+}
+
+func inValidExportedServices() *multiclusterv1alpha1.ExportedServices {
+	return &multiclusterv1alpha1.ExportedServices{}
+}
+
+func TestValidateExportedServicesWithPeer_Ok(t *testing.T) {
+	res := createExportedServicesResource(t, validExportedServicesWithPeer())
+
+	err := ValidateExportedServices(res)
+	require.NoError(t, err)
+
+	var resDecoded multiclusterv1alpha1.ExportedServices
+	err = res.Data.UnmarshalTo(&resDecoded)
+	require.NoError(t, err)
+	require.Equal(t, 1, len(resDecoded.Consumers))
+	require.Equal(t, "peer", resDecoded.Consumers[0].GetPeer())
+}
+
+func TestValidateExportedServicesWithPartition_Ok(t *testing.T) {
+	res := createExportedServicesResource(t, validExportedServicesWithPartition())
+
+	err := ValidateExportedServices(res)
+	require.NoError(t, err)
+
+	var resDecoded multiclusterv1alpha1.ExportedServices
+	err = res.Data.UnmarshalTo(&resDecoded)
+	require.NoError(t, err)
+	require.Equal(t, 1, len(resDecoded.Consumers))
+	require.Equal(t, "partition", resDecoded.Consumers[0].GetPartition())
+}
+
+func TestValidateExportedServicesWithSamenessGroup_Ok(t *testing.T) {
+	res := createExportedServicesResource(t, validExportedServicesWithSamenessGroup())
+
+	err := ValidateExportedServices(res)
+	require.NoError(t, err)
+
+	var resDecoded multiclusterv1alpha1.ExportedServices
+	err = res.Data.UnmarshalTo(&resDecoded)
+	require.NoError(t, err)
+	require.Equal(t, 1, len(resDecoded.Consumers))
+	require.Equal(t, "sameness_group", resDecoded.Consumers[0].GetSamenessGroup())
+}
+
+func TestValidateExportedServices_NoServices(t *testing.T) {
+	res := createExportedServicesResource(t, inValidExportedServices())
+
+	err := ValidateExportedServices(res)
+	require.Error(t, err)
+	expectedError := errors.New("invalid \"services\" field: at least one service must be set")
+	require.ErrorAs(t, err, &expectedError)
+}