wip

hashicorp · Mar 7, 2022 · a25a183 · a25a183
1 parent fa539f4
commit a25a183
Show file tree

Hide file tree

Showing 7 changed files with 22 additions and 22 deletions.
diff --git a/charts/consul/templates/server-acl-init-job.yaml b/charts/consul/templates/server-acl-init-job.yaml
@@ -169,7 +169,7 @@ spec:
                 {{- end }}
 
                 {{- if .Values.syncCatalog.enabled }}
-                -create-sync-policy=true \
+                -sync-catalog=true \
                 {{- if .Values.syncCatalog.consulNodeName }}
                 -sync-consul-node-name={{ .Values.syncCatalog.consulNodeName }} \
                 {{- end }}

diff --git a/charts/consul/test/unit/server-acl-init-job.bats b/charts/consul/test/unit/server-acl-init-job.bats
@@ -249,7 +249,7 @@ load _helpers
       -s templates/server-acl-init-job.yaml  \
       --set 'global.acls.manageSystemACLs=true' \
       . | tee /dev/stderr |
-      yq '.spec.template.spec.containers[0].command | any(contains("-create-sync-policy"))' | tee /dev/stderr)
+      yq '.spec.template.spec.containers[0].command | any(contains("-sync-catalog"))' | tee /dev/stderr)
   [ "${actual}" = "false" ]
 }
 
@@ -260,7 +260,7 @@ load _helpers
       --set 'global.acls.manageSystemACLs=true' \
       --set 'syncCatalog.enabled=true' \
       . | tee /dev/stderr |
-      yq '.spec.template.spec.containers[0].command | any(contains("-create-sync-policy"))' | tee /dev/stderr)
+      yq '.spec.template.spec.containers[0].command | any(contains("-sync-catalog"))' | tee /dev/stderr)
   [ "${actual}" = "true" ]
 }
 

diff --git a/control-plane/subcommand/server-acl-init/command.go b/control-plane/subcommand/server-acl-init/command.go
@@ -42,7 +42,7 @@ type Command struct {
 
 	flagCreateClientToken bool
 
-	flagCreateSyncPolicy   bool
+	flagEnableCatalogSync  bool
 	flagSyncConsulNodeName string
 
 	flagEnableConnectInject bool
@@ -126,7 +126,7 @@ func (c *Command) init() {
 	c.flags.BoolVar(&c.flagCreateClientToken, "create-client-token", true,
 		"Toggle for creating a client agent token. Default is true.")
 
-	c.flags.BoolVar(&c.flagCreateSyncPolicy, "create-sync-policy", false,
+	c.flags.BoolVar(&c.flagEnableCatalogSync, "sync-catalog", false,
 		"Toggle for creating a catalog sync policy.")
 	c.flags.StringVar(&c.flagSyncConsulNodeName, "sync-consul-node-name", "k8s-sync",
 		"The Consul node name to register for catalog sync. Defaults to k8s-sync. To be discoverable "+
@@ -481,7 +481,7 @@ func (c *Command) Run(args []string) int {
 		}
 	}
 
-	if c.flagCreateSyncPolicy {
+	if c.flagEnableCatalogSync {
 		syncRules, err := c.syncRules()
 		if err != nil {
 			c.log.Error("Error templating sync rules", "err", err)
@@ -499,9 +499,9 @@ func (c *Command) Run(args []string) int {
 			if !primary {
 				componentAuthMethodName = globalComponentAuthMethodName
 			}
-			err = c.createACLPolicyRoleAndBindingRule("sync-catalog", syncRules, consulDC, primaryDC, globalToken, primary, componentAuthMethodName, serviceAccountName, consulClient)
+			err = c.createACLPolicyRoleAndBindingRule("sync-catalog", syncRules, consulDC, primaryDC, globalPolicy, primary, componentAuthMethodName, serviceAccountName, consulClient)
 		} else {
-			err = c.createACLPolicyRoleAndBindingRule("sync-catalog", syncRules, consulDC, primaryDC, localToken, primary, componentAuthMethodName, serviceAccountName, consulClient)
+			err = c.createACLPolicyRoleAndBindingRule("sync-catalog", syncRules, consulDC, primaryDC, localPolicy, primary, componentAuthMethodName, serviceAccountName, consulClient)
 		}
 		if err != nil {
 			c.log.Error(err.Error())

diff --git a/control-plane/subcommand/server-acl-init/command_ent_test.go b/control-plane/subcommand/server-acl-init/command_ent_test.go
@@ -287,7 +287,7 @@ func TestRun_ACLPolicyUpdates(t *testing.T) {
 				"-create-client-token",
 				"-allow-dns",
 				"-create-mesh-gateway-token",
-				"-create-sync-policy",
+				"-sync-catalog",
 				"-connect-inject",
 				"-create-snapshot-agent-token",
 				"-create-enterprise-license-token",
@@ -1073,7 +1073,7 @@ func TestRun_NamespaceEnabled_ValidateLoginToken_PrimaryDatacenter(t *testing.T)
 		},
 		{
 			ComponentName: "sync-catalog",
-			TokenFlags:    []string{"-create-sync-policy"},
+			TokenFlags:    []string{"-sync-catalog"},
 			Roles:         []string{resourcePrefix + "-sync-catalog-acl-role"},
 			Namespace:     ns,
 			GlobalToken:   false,
@@ -1164,7 +1164,7 @@ func TestRun_NamespaceEnabled_ValidateLoginToken_SecondaryDatacenter(t *testing.
 		},
 		{
 			ComponentName: "sync-catalog",
-			TokenFlags:    []string{"-create-sync-policy"},
+			TokenFlags:    []string{"-sync-catalog"},
 			Roles:         []string{resourcePrefix + "-sync-catalog-acl-role-dc2"},
 			Namespace:     ns,
 			GlobalToken:   true,

diff --git a/control-plane/subcommand/server-acl-init/command_test.go b/control-plane/subcommand/server-acl-init/command_test.go
@@ -1013,7 +1013,7 @@ func TestRun_SyncPolicyUpdates(t *testing.T) {
 		"-k8s-namespace=" + ns,
 		"-server-address", strings.Split(testSvr.HTTPAddr, ":")[0],
 		"-server-port", strings.Split(testSvr.HTTPAddr, ":")[1],
-		"-create-sync-policy",
+		"-sync-catalog",
 	}
 	firstRunArgs := append(commonArgs,
 		"-sync-consul-node-name=k8s-sync",
@@ -1122,7 +1122,7 @@ func TestRun_ErrorsOnDuplicateACLPolicy(t *testing.T) {
 		"-k8s-namespace=" + ns,
 		"-server-address", strings.Split(testAgent.HTTPAddr, ":")[0],
 		"-server-port", strings.Split(testAgent.HTTPAddr, ":")[1],
-		"-create-sync-policy",
+		"-sync-catalog",
 	}
 	responseCode := cmd.Run(cmdArgs)
 
@@ -2159,7 +2159,7 @@ func TestRun_PoliciesAndBindingRulesForACLLogin_PrimaryDatacenter(t *testing.T)
 		},
 		{
 			TestName:    "Sync Catalog",
-			TokenFlags:  []string{"-create-sync-policy"},
+			TokenFlags:  []string{"-sync-catalog"},
 			PolicyNames: []string{"sync-catalog-policy"},
 			Roles:       []string{resourcePrefix + "-sync-catalog-acl-role"},
 		},
@@ -2269,7 +2269,7 @@ func TestRun_PoliciesAndBindingRulesACLLogin_SecondaryDatacenter(t *testing.T) {
 		},
 		{
 			TestName:         "Sync Catalog",
-			TokenFlags:       []string{"-create-sync-policy"},
+			TokenFlags:       []string{"-sync-catalog"},
 			PolicyNames:      []string{"sync-catalog-policy-" + secondaryDatacenter},
 			Roles:            []string{resourcePrefix + "-sync-catalog-acl-role-" + secondaryDatacenter},
 			GlobalAuthMethod: false,
@@ -2378,7 +2378,7 @@ func TestRun_ValidateLoginToken_PrimaryDatacenter(t *testing.T) {
 		},
 		{
 			ComponentName: "sync-catalog",
-			TokenFlags:    []string{"-create-sync-policy"},
+			TokenFlags:    []string{"-sync-catalog"},
 			Roles:         []string{resourcePrefix + "-sync-catalog-acl-role"},
 		},
 	}
@@ -2471,7 +2471,7 @@ func TestRun_ValidateLoginToken_SecondaryDatacenter(t *testing.T) {
 		},
 		{
 			ComponentName:    "sync-catalog",
-			TokenFlags:       []string{"-create-sync-policy"},
+			TokenFlags:       []string{"-sync-catalog"},
 			Roles:            []string{resourcePrefix + "-sync-catalog-acl-role-dc2"},
 			GlobalAuthMethod: false,
 		},

diff --git a/control-plane/subcommand/server-acl-init/create_or_update.go b/control-plane/subcommand/server-acl-init/create_or_update.go
@@ -313,7 +313,7 @@ func (c *Command) createOrUpdateACLPolicy(policy api.ACLPolicy, consulClient *ap
 	// Allowing the Consul node name to be configurable also requires any sync
 	// policy to be updated in case the node name has changed.
 	if isPolicyExistsErr(err, policy.Name) {
-		if c.flagEnableNamespaces || c.flagCreateSyncPolicy {
+		if c.flagEnableNamespaces || c.flagEnableCatalogSync {
 			c.log.Info(fmt.Sprintf("Policy %q already exists, updating", policy.Name))
 
 			// The policy ID is required in any PolicyUpdate call, so first we need to

diff --git a/control-plane/subcommand/server-acl-init/create_or_update_test.go b/control-plane/subcommand/server-acl-init/create_or_update_test.go
@@ -20,10 +20,10 @@ func TestCreateOrUpdateACLPolicy_ErrorsIfDescriptionDoesNotMatch(t *testing.T) {
 	ui := cli.NewMockUi()
 	k8s := fake.NewSimpleClientset()
 	cmd := Command{
-		UI:                   ui,
-		clientset:            k8s,
-		log:                  hclog.NewNullLogger(),
-		flagCreateSyncPolicy: true,
+		UI:                    ui,
+		clientset:             k8s,
+		log:                   hclog.NewNullLogger(),
+		flagEnableCatalogSync: true,
 	}
 
 	// Start Consul.