diff --git a/charts/consul/templates/server-acl-init-job.yaml b/charts/consul/templates/server-acl-init-job.yaml index 48d38e6ac6..04f4e2de3e 100644 --- a/charts/consul/templates/server-acl-init-job.yaml +++ b/charts/consul/templates/server-acl-init-job.yaml @@ -169,7 +169,7 @@ spec: {{- end }} {{- if .Values.syncCatalog.enabled }} - -create-sync-policy=true \ + -sync-catalog=true \ {{- if .Values.syncCatalog.consulNodeName }} -sync-consul-node-name={{ .Values.syncCatalog.consulNodeName }} \ {{- end }} diff --git a/charts/consul/test/unit/server-acl-init-job.bats b/charts/consul/test/unit/server-acl-init-job.bats index 93b4e8429e..5cbd5a7b8f 100644 --- a/charts/consul/test/unit/server-acl-init-job.bats +++ b/charts/consul/test/unit/server-acl-init-job.bats @@ -249,7 +249,7 @@ load _helpers -s templates/server-acl-init-job.yaml \ --set 'global.acls.manageSystemACLs=true' \ . | tee /dev/stderr | - yq '.spec.template.spec.containers[0].command | any(contains("-create-sync-policy"))' | tee /dev/stderr) + yq '.spec.template.spec.containers[0].command | any(contains("-sync-catalog"))' | tee /dev/stderr) [ "${actual}" = "false" ] } @@ -260,7 +260,7 @@ load _helpers --set 'global.acls.manageSystemACLs=true' \ --set 'syncCatalog.enabled=true' \ . | tee /dev/stderr | - yq '.spec.template.spec.containers[0].command | any(contains("-create-sync-policy"))' | tee /dev/stderr) + yq '.spec.template.spec.containers[0].command | any(contains("-sync-catalog"))' | tee /dev/stderr) [ "${actual}" = "true" ] } diff --git a/control-plane/subcommand/server-acl-init/command.go b/control-plane/subcommand/server-acl-init/command.go index c0efb71b89..e0fa5a540e 100644 --- a/control-plane/subcommand/server-acl-init/command.go +++ b/control-plane/subcommand/server-acl-init/command.go @@ -42,7 +42,7 @@ type Command struct { flagCreateClientToken bool - flagCreateSyncPolicy bool + flagEnableCatalogSync bool flagSyncConsulNodeName string flagEnableConnectInject bool @@ -126,7 +126,7 @@ func (c *Command) init() { c.flags.BoolVar(&c.flagCreateClientToken, "create-client-token", true, "Toggle for creating a client agent token. Default is true.") - c.flags.BoolVar(&c.flagCreateSyncPolicy, "create-sync-policy", false, + c.flags.BoolVar(&c.flagEnableCatalogSync, "sync-catalog", false, "Toggle for creating a catalog sync policy.") c.flags.StringVar(&c.flagSyncConsulNodeName, "sync-consul-node-name", "k8s-sync", "The Consul node name to register for catalog sync. Defaults to k8s-sync. To be discoverable "+ @@ -481,7 +481,7 @@ func (c *Command) Run(args []string) int { } } - if c.flagCreateSyncPolicy { + if c.flagEnableCatalogSync { syncRules, err := c.syncRules() if err != nil { c.log.Error("Error templating sync rules", "err", err) @@ -499,9 +499,9 @@ func (c *Command) Run(args []string) int { if !primary { componentAuthMethodName = globalComponentAuthMethodName } - err = c.createACLPolicyRoleAndBindingRule("sync-catalog", syncRules, consulDC, primaryDC, globalToken, primary, componentAuthMethodName, serviceAccountName, consulClient) + err = c.createACLPolicyRoleAndBindingRule("sync-catalog", syncRules, consulDC, primaryDC, globalPolicy, primary, componentAuthMethodName, serviceAccountName, consulClient) } else { - err = c.createACLPolicyRoleAndBindingRule("sync-catalog", syncRules, consulDC, primaryDC, localToken, primary, componentAuthMethodName, serviceAccountName, consulClient) + err = c.createACLPolicyRoleAndBindingRule("sync-catalog", syncRules, consulDC, primaryDC, localPolicy, primary, componentAuthMethodName, serviceAccountName, consulClient) } if err != nil { c.log.Error(err.Error()) diff --git a/control-plane/subcommand/server-acl-init/command_ent_test.go b/control-plane/subcommand/server-acl-init/command_ent_test.go index 270893e765..a7e3f71e51 100644 --- a/control-plane/subcommand/server-acl-init/command_ent_test.go +++ b/control-plane/subcommand/server-acl-init/command_ent_test.go @@ -287,7 +287,7 @@ func TestRun_ACLPolicyUpdates(t *testing.T) { "-create-client-token", "-allow-dns", "-create-mesh-gateway-token", - "-create-sync-policy", + "-sync-catalog", "-connect-inject", "-create-snapshot-agent-token", "-create-enterprise-license-token", @@ -1073,7 +1073,7 @@ func TestRun_NamespaceEnabled_ValidateLoginToken_PrimaryDatacenter(t *testing.T) }, { ComponentName: "sync-catalog", - TokenFlags: []string{"-create-sync-policy"}, + TokenFlags: []string{"-sync-catalog"}, Roles: []string{resourcePrefix + "-sync-catalog-acl-role"}, Namespace: ns, GlobalToken: false, @@ -1164,7 +1164,7 @@ func TestRun_NamespaceEnabled_ValidateLoginToken_SecondaryDatacenter(t *testing. }, { ComponentName: "sync-catalog", - TokenFlags: []string{"-create-sync-policy"}, + TokenFlags: []string{"-sync-catalog"}, Roles: []string{resourcePrefix + "-sync-catalog-acl-role-dc2"}, Namespace: ns, GlobalToken: true, diff --git a/control-plane/subcommand/server-acl-init/command_test.go b/control-plane/subcommand/server-acl-init/command_test.go index 0082fc6217..5ef67aa388 100644 --- a/control-plane/subcommand/server-acl-init/command_test.go +++ b/control-plane/subcommand/server-acl-init/command_test.go @@ -1013,7 +1013,7 @@ func TestRun_SyncPolicyUpdates(t *testing.T) { "-k8s-namespace=" + ns, "-server-address", strings.Split(testSvr.HTTPAddr, ":")[0], "-server-port", strings.Split(testSvr.HTTPAddr, ":")[1], - "-create-sync-policy", + "-sync-catalog", } firstRunArgs := append(commonArgs, "-sync-consul-node-name=k8s-sync", @@ -1122,7 +1122,7 @@ func TestRun_ErrorsOnDuplicateACLPolicy(t *testing.T) { "-k8s-namespace=" + ns, "-server-address", strings.Split(testAgent.HTTPAddr, ":")[0], "-server-port", strings.Split(testAgent.HTTPAddr, ":")[1], - "-create-sync-policy", + "-sync-catalog", } responseCode := cmd.Run(cmdArgs) @@ -2159,7 +2159,7 @@ func TestRun_PoliciesAndBindingRulesForACLLogin_PrimaryDatacenter(t *testing.T) }, { TestName: "Sync Catalog", - TokenFlags: []string{"-create-sync-policy"}, + TokenFlags: []string{"-sync-catalog"}, PolicyNames: []string{"sync-catalog-policy"}, Roles: []string{resourcePrefix + "-sync-catalog-acl-role"}, }, @@ -2269,7 +2269,7 @@ func TestRun_PoliciesAndBindingRulesACLLogin_SecondaryDatacenter(t *testing.T) { }, { TestName: "Sync Catalog", - TokenFlags: []string{"-create-sync-policy"}, + TokenFlags: []string{"-sync-catalog"}, PolicyNames: []string{"sync-catalog-policy-" + secondaryDatacenter}, Roles: []string{resourcePrefix + "-sync-catalog-acl-role-" + secondaryDatacenter}, GlobalAuthMethod: false, @@ -2378,7 +2378,7 @@ func TestRun_ValidateLoginToken_PrimaryDatacenter(t *testing.T) { }, { ComponentName: "sync-catalog", - TokenFlags: []string{"-create-sync-policy"}, + TokenFlags: []string{"-sync-catalog"}, Roles: []string{resourcePrefix + "-sync-catalog-acl-role"}, }, } @@ -2471,7 +2471,7 @@ func TestRun_ValidateLoginToken_SecondaryDatacenter(t *testing.T) { }, { ComponentName: "sync-catalog", - TokenFlags: []string{"-create-sync-policy"}, + TokenFlags: []string{"-sync-catalog"}, Roles: []string{resourcePrefix + "-sync-catalog-acl-role-dc2"}, GlobalAuthMethod: false, }, diff --git a/control-plane/subcommand/server-acl-init/create_or_update.go b/control-plane/subcommand/server-acl-init/create_or_update.go index 1c869b11bf..f62357b9e1 100644 --- a/control-plane/subcommand/server-acl-init/create_or_update.go +++ b/control-plane/subcommand/server-acl-init/create_or_update.go @@ -313,7 +313,7 @@ func (c *Command) createOrUpdateACLPolicy(policy api.ACLPolicy, consulClient *ap // Allowing the Consul node name to be configurable also requires any sync // policy to be updated in case the node name has changed. if isPolicyExistsErr(err, policy.Name) { - if c.flagEnableNamespaces || c.flagCreateSyncPolicy { + if c.flagEnableNamespaces || c.flagEnableCatalogSync { c.log.Info(fmt.Sprintf("Policy %q already exists, updating", policy.Name)) // The policy ID is required in any PolicyUpdate call, so first we need to diff --git a/control-plane/subcommand/server-acl-init/create_or_update_test.go b/control-plane/subcommand/server-acl-init/create_or_update_test.go index a9e8f0704a..ecc8be6953 100644 --- a/control-plane/subcommand/server-acl-init/create_or_update_test.go +++ b/control-plane/subcommand/server-acl-init/create_or_update_test.go @@ -20,10 +20,10 @@ func TestCreateOrUpdateACLPolicy_ErrorsIfDescriptionDoesNotMatch(t *testing.T) { ui := cli.NewMockUi() k8s := fake.NewSimpleClientset() cmd := Command{ - UI: ui, - clientset: k8s, - log: hclog.NewNullLogger(), - flagCreateSyncPolicy: true, + UI: ui, + clientset: k8s, + log: hclog.NewNullLogger(), + flagEnableCatalogSync: true, } // Start Consul.