diff --git a/admiral/pkg/clusters/configSyncer_test.go b/admiral/pkg/clusters/configSyncer_test.go index 8b54af43f..3394e33f4 100644 --- a/admiral/pkg/clusters/configSyncer_test.go +++ b/admiral/pkg/clusters/configSyncer_test.go @@ -12,8 +12,8 @@ import ( func TestUpdateClusterIdentityState(t *testing.T) { var ( sourceCluster1 = "cluster1" - foobarIdentity = "intuit.foobar.service" - helloWorldIdentity = "intuit.helloworld.service" + foobarIdentity = "org.foobar.service" + helloWorldIdentity = "org.helloworld.service" remoteRegistryHappyCase = &RemoteRegistry{ ClusterIdentityStoreHandler: registry.NewClusterIdentityStoreHandler(), AdmiralCache: &AdmiralCache{ diff --git a/admiral/pkg/clusters/configwriter.go b/admiral/pkg/clusters/configwriter.go index 85c5ca1a0..670f29d3f 100644 --- a/admiral/pkg/clusters/configwriter.go +++ b/admiral/pkg/clusters/configwriter.go @@ -68,9 +68,12 @@ func (b *ServiceEntryBuilder) BuildServiceEntriesFromIdentityConfig(ctxLogger *l tmpSe.Endpoints = append(tmpSe.Endpoints, ep) } sort.Sort(WorkloadEntrySorted(tmpSe.Endpoints)) - serviceEntries = append(serviceEntries, tmpSe) + seMap[env] = tmpSe } } + for _, se := range seMap { + serviceEntries = append(serviceEntries, se) + } return serviceEntries, err } diff --git a/admiral/pkg/clusters/shard_handler_test.go b/admiral/pkg/clusters/shard_handler_test.go index ff0debd8e..327f3be47 100644 --- a/admiral/pkg/clusters/shard_handler_test.go +++ b/admiral/pkg/clusters/shard_handler_test.go @@ -23,7 +23,7 @@ func setupForShardTests() common.AdmiralParams { admiralParams := admiralParamsForServiceEntryTests() admiralParams.EnableAbsoluteFQDN = true admiralParams.EnableAbsoluteFQDNForLocalEndpoints = true - admiralParams.SANPrefix = "pre-prod.api.intuit.com" + admiralParams.SANPrefix = "pre-prod.api.org.com" admiralParams.ExportToMaxNamespaces = 35 admiralParams.AdmiralOperatorMode = true admiralParams.OperatorSyncNamespace = "shard-namespace" @@ -76,7 +76,6 @@ func jsonPrint(v any) string { } func TestShardHandler_Added(t *testing.T) { - t.SkipNow() admiralParams := setupForShardTests() rr, _ := InitAdmiralOperator(context.Background(), admiralParams) rc1 := &RemoteController{ @@ -87,16 +86,16 @@ func TestShardHandler_Added(t *testing.T) { }, } rc2 := &RemoteController{ - ClusterID: "multi-long-1026-usw2-k8s", + ClusterID: "cluster-usw2-k8s", ServiceEntryController: &istio.ServiceEntryController{ IstioClient: istiofake.NewSimpleClientset(), Cache: istio.NewServiceEntryCache(), }, } rr.PutRemoteController("cluster1", rc1) - rr.PutRemoteController("multi-long-1026-usw2-k8s", rc2) + rr.PutRemoteController("cluster-usw2-k8s", rc2) sampleShard1 := createMockShard("shard-sample", "cluster1", "sample", "e2e") - sampleShard2 := createMockShard("blackhole-shard", "multi-long-1026-usw2-k8s", "intuit.services.gateway.ppdmeshtestblackhole", "multi-long-1026-usw2-k8s") + sampleShard2 := createMockShard("blackhole-shard", "cluster-usw2-k8s", "ppdmeshtestblackhole", "ppd") shardHandler := &ShardHandler{ RemoteRegistry: rr, } @@ -107,10 +106,10 @@ func TestShardHandler_Added(t *testing.T) { Resolution: istioNetworkingV1Alpha3.ServiceEntry_DNS, Endpoints: []*istioNetworkingV1Alpha3.WorkloadEntry{{Address: "app-1-spk-root-service.ns-1-usw2-e2e.svc.cluster.local.", Ports: map[string]uint32{"http": 8090}, Labels: map[string]string{"security.istio.io/tlsMode": "istio", "type": "rollout"}, Locality: "us-west-2"}}, ExportTo: []string{common.NamespaceIstioSystem, "ns-1-usw2-e2e", "ns-1-usw2-prf", "ns-1-usw2-qal"}, - SubjectAltNames: []string{"spiffe://pre-prod.api.intuit.com/sample"}, + SubjectAltNames: []string{"spiffe://pre-prod.api.org.com/sample"}, } se2 := &istioNetworkingV1Alpha3.ServiceEntry{ - Hosts: []string{"multi-long-1026-use2-k8s.intuit.services.gateway.ppdmeshtestblackhole.mesh"}, + Hosts: []string{"ppd.ppdmeshtestblackhole.mesh"}, Ports: []*istioNetworkingV1Alpha3.ServicePort{{Number: 80, Protocol: "http", Name: "http"}}, Location: istioNetworkingV1Alpha3.ServiceEntry_MESH_INTERNAL, Resolution: istioNetworkingV1Alpha3.ServiceEntry_DNS, @@ -118,7 +117,7 @@ func TestShardHandler_Added(t *testing.T) { {Address: "abc-elb.us-east-2.elb.amazonaws.com.", Ports: map[string]uint32{"http": 15443}, Labels: map[string]string{"security.istio.io/tlsMode": "istio", "type": "deployment"}, Locality: "us-east-2"}, }, ExportTo: []string{common.NamespaceIstioSystem, "services-inboundd268-usw2-dev"}, - SubjectAltNames: []string{"spiffe://pre-prod.api.intuit.com/intuit.services.gateway.ppdmeshtestblackhole"}, + SubjectAltNames: []string{"spiffe://pre-prod.api.org.com/ppdmeshtestblackhole"}, } testCases := []struct { name string @@ -141,7 +140,7 @@ func TestShardHandler_Added(t *testing.T) { "Then an SE with only remote endpoint and istio-system in exportTo should be built for env B", rc: rc2, shard: sampleShard2, - expectedSEName: "multi-long-1026-use2-k8s.intuit.services.gateway.ppdmeshtestblackhole.mesh-se", + expectedSEName: "ppd.ppdmeshtestblackhole.mesh-se", expectedSE: se2, }, //TODO: Given the server asset we want to write resources for is deployed remotely and locally in the same env, se should have local and remote endpoint and istio-system diff --git a/admiral/pkg/clusters/testdata/ppdmeshtestblackholeIdentityConfiguration.json b/admiral/pkg/clusters/testdata/ppdmeshtestblackholeIdentityConfiguration.json index e2afa6097..c13175975 100644 --- a/admiral/pkg/clusters/testdata/ppdmeshtestblackholeIdentityConfiguration.json +++ b/admiral/pkg/clusters/testdata/ppdmeshtestblackholeIdentityConfiguration.json @@ -1,29 +1,37 @@ { - "identityName": "intuit.services.gateway.ppdmeshtestblackhole", + "identityName": "ppdmeshtestblackhole", "clusters": { - "multi-long-1026-usw2-k8s": { + "cluster-usw2-k8s": { "_comment-1": "THIS SECTION CONTAINS CLUSTER LEVEL DETAILS, WHICH ARE THE SAME FOR THE ASSET IN A GIVEN CLUSTER", - "name": "multi-long-1026-usw2-k8s", + "name": "cluster-usw2-k8s", "locality": "us-west-2", "ingressEndpoint": "abc-elb.us-west-2.elb.amazonaws.com.", "ingressPort": "15443", "ingressPortName": "http", "_comment-2": "THIS SECTION CONTAINS ENVIRONMENT LEVEL DETAILS, FOR THE ASSET IN A GIVEN CLUSTER", "environment": { - "multi-long-1026-usw2-k8s": { - "name": "multi-long-1026-usw2-k8s", + "ppd": { + "name": "prod", "namespace": "services-blackholed268-usw2-dev", - "serviceName": "blackhole-gw", + "serviceName": "blackhole-root-service", + "services": { + "blackhole-root-service": { + "name": "blackhole-root-service", + "weight": -1, + "ports": { + "http": 8090 + } + } + }, "type": "deployment", "selectors": { "app": "blackhole-gw" }, "ports": [ { - "name": "http-service-mesh", - "port": 8090, - "protocol": "TCP", - "targetPort": 8090 + "name": "http", + "number": 80, + "protocol": "http" } ], "trafficPolicy": { @@ -82,29 +90,37 @@ } } }, - "multi-long-1026-use2-k8s": { + "cluster-use2-k8s": { "_comment-1": "THIS SECTION CONTAINS CLUSTER LEVEL DETAILS, WHICH ARE THE SAME FOR THE ASSET IN A GIVEN CLUSTER", - "name": "multi-long-1026-use2-k8s", + "name": "cluster-use2-k8s", "locality": "us-east-2", "ingressEndpoint": "abc-elb.us-east-2.elb.amazonaws.com.", "ingressPort": "15443", "ingressPortName": "http", "_comment-2": "THIS SECTION CONTAINS ENVIRONMENT LEVEL DETAILS, FOR THE ASSET IN A GIVEN CLUSTER", "environment": { - "multi-long-1026-use2-k8s": { - "name": "multi-long-1026-use2-k8s", + "ppd": { + "name": "ppd", "namespace": "services-blackholesh45-use2-dev", - "serviceName": "blackhole-gw", + "serviceName": "blackhole-root-service", + "services": { + "blackhole-root-service": { + "name": "blackhole-root-service", + "weight": -1, + "ports": { + "http": 8090 + } + } + }, "type": "deployment", "selectors": { "app": "blackhole-gw" }, "ports": [ { - "name": "http-service-mesh", - "port": 8090, - "protocol": "TCP", - "targetPort": 8090 + "name": "http", + "number": 80, + "protocol": "http" } ], "trafficPolicy": { @@ -165,6 +181,6 @@ } }, "clientAssets": { - "intuit.services.gateway.ppdmeshtestinbounds": "intuit.services.gateway.ppdmeshtestinbounds" + "ppdmeshtestinbounds": "ppdmeshtestinbounds" } } \ No newline at end of file diff --git a/admiral/pkg/clusters/testdata/ppdmeshtestinboundsIdentityConfiguration.json b/admiral/pkg/clusters/testdata/ppdmeshtestinboundsIdentityConfiguration.json index 9730fb40d..56aaceb9d 100644 --- a/admiral/pkg/clusters/testdata/ppdmeshtestinboundsIdentityConfiguration.json +++ b/admiral/pkg/clusters/testdata/ppdmeshtestinboundsIdentityConfiguration.json @@ -1,29 +1,37 @@ { - "identityName": "intuit.services.gateway.ppdmeshtestinbounds", + "identityName": "ppdmeshtestinbounds", "clusters": { - "multi-long-1026-usw2-k8s": { + "cluster-usw2-k8s": { "_comment-1": "THIS SECTION CONTAINS CLUSTER LEVEL DETAILS, WHICH ARE THE SAME FOR THE ASSET IN A GIVEN CLUSTER", - "name": "multi-long-1026-usw2-k8s", + "name": "cluster-usw2-k8s", "locality": "us-west-2", "ingressEndpoint": "abc-elb.us-west-2.elb.amazonaws.com.", "ingressPort": "15443", "ingressPortName": "http", "_comment-2": "THIS SECTION CONTAINS ENVIRONMENT LEVEL DETAILS, FOR THE ASSET IN A GIVEN CLUSTER", "environment": { - "multi-long-1026-usw2-k8s": { - "name": "multi-long-1026-usw2-k8s", + "ppd": { + "name": "ppd", "namespace": "services-inboundd268-usw2-dev", "serviceName": "inbound-gw", + "services": { + "inbound-root-service": { + "name": "inbound-root-service", + "weight": -1, + "ports": { + "http": 8090 + } + } + }, "type": "deployment", "selectors": { "app": "inbound-gw" }, "ports": [ { - "name": "http-service-mesh", - "port": 8090, - "protocol": "TCP", - "targetPort": 8090 + "name": "http", + "number": 80, + "protocol": "http" } ], "trafficPolicy": { @@ -84,6 +92,6 @@ } }, "clientAssets": { - "intuit.services.gateway.ppdmeshtestinbounds": "intuit.services.gateway.ppdmeshtestinbounds" + "ppdmeshtestinbounds": "ppdmeshtestinbounds" } } \ No newline at end of file diff --git a/admiral/pkg/clusters/testdata/sampleIdentityConfiguration.json b/admiral/pkg/clusters/testdata/sampleIdentityConfiguration.json index 7a2c701d3..eec98387e 100644 --- a/admiral/pkg/clusters/testdata/sampleIdentityConfiguration.json +++ b/admiral/pkg/clusters/testdata/sampleIdentityConfiguration.json @@ -30,7 +30,7 @@ "ports": [ { "name": "http", - "port": 8090, + "number": 80, "protocol": "http" } ], @@ -108,7 +108,7 @@ "ports": [ { "name": "http", - "port": 80, + "number": 80, "protocol": "http" } ], @@ -186,7 +186,7 @@ "ports": [ { "name": "http", - "port": 80, + "number": 80, "protocol": "http" } ],