Add feedback from Nitya.

hashicorp · Oct 29, 2021 · efaa483 · efaa483
1 parent 2ee9dc8
commit efaa483
Showing 1 changed file with 31 additions and 22 deletions.
diff --git a/acceptance/tests/partitions/partitions_test.go b/acceptance/tests/partitions/partitions_test.go
@@ -159,9 +159,9 @@ func TestPartitionsWithoutMesh(t *testing.T) {
 			var partitionSvcIP string
 			if !cfg.UseKind {
 				// Get the IP of the partition service to configure the external server address in the values file for the workload cluster.
-				partitionServiceName := fmt.Sprintf("%s-partition-secret", releaseName)
+				partitionSecretName := fmt.Sprintf("%s-partition-secret", releaseName)
 				logger.Logf(t, "retrieving partition service to determine external IP for servers")
-				partitionsSvc, err := serverClusterContext.KubernetesClient(t).CoreV1().Services(serverClusterContext.KubectlOptions(t).Namespace).Get(ctx, partitionServiceName, metav1.GetOptions{})
+				partitionsSvc, err := serverClusterContext.KubernetesClient(t).CoreV1().Services(serverClusterContext.KubectlOptions(t).Namespace).Get(ctx, partitionSecretName, metav1.GetOptions{})
 				require.NoError(t, err)
 				partitionSvcIP = partitionsSvc.Status.LoadBalancer.Ingress[0].IP
 			} else {
@@ -171,11 +171,14 @@ func TestPartitionsWithoutMesh(t *testing.T) {
 				partitionSvcIP = nodeList.Items[0].Status.Addresses[0].Address
 			}
 
-			// The Kubernetes AuthMethod IP for Kind is read from the endpoint for the Kubernetes service. On other clouds,
-			// this can be identified by reading the cluster config.
-			kubernetesEndpoint, err := clientClusterContext.KubernetesClient(t).CoreV1().Endpoints("default").Get(ctx, "kubernetes", metav1.GetOptions{})
-			require.NoError(t, err)
-			k8sAuthMethodHost := fmt.Sprintf("%s:%d", kubernetesEndpoint.Subsets[0].Addresses[0].IP, kubernetesEndpoint.Subsets[0].Ports[0].Port)
+			var k8sAuthMethodHost string
+			if cfg.UseKind {
+				// The Kubernetes AuthMethod IP for Kind is read from the endpoint for the Kubernetes service. On other clouds,
+				// this can be identified by reading the cluster config.
+				kubernetesEndpoint, err := clientClusterContext.KubernetesClient(t).CoreV1().Endpoints(defaultNamespace).Get(ctx, "kubernetes", metav1.GetOptions{})
+				require.NoError(t, err)
+				k8sAuthMethodHost = fmt.Sprintf("%s:%d", kubernetesEndpoint.Subsets[0].Addresses[0].IP, kubernetesEndpoint.Subsets[0].Ports[0].Port)
+			}
 
 			// Create client cluster.
 			clientHelmValues := map[string]string{
@@ -204,10 +207,9 @@ func TestPartitionsWithoutMesh(t *testing.T) {
 				"global.tls.caCert.secretName": tlsCert,
 				"global.tls.caCert.secretKey":  "tls.crt",
 
-				"externalServers.enabled":           "true",
-				"externalServers.hosts[0]":          partitionSvcIP,
-				"externalServers.tlsServerName":     "server.dc1.consul",
-				"externalServers.k8sAuthMethodHost": k8sAuthMethodHost,
+				"externalServers.enabled":       "true",
+				"externalServers.hosts[0]":      partitionSvcIP,
+				"externalServers.tlsServerName": "server.dc1.consul",
 
 				"client.enabled":           "true",
 				"client.exposeGossipPorts": "true",
@@ -218,6 +220,7 @@ func TestPartitionsWithoutMesh(t *testing.T) {
 				// setup partition token if ACLs enabled.
 				clientHelmValues["global.acls.bootstrapToken.secretName"] = partitionToken
 				clientHelmValues["global.acls.bootstrapToken.secretKey"] = "token"
+				clientHelmValues["externalServers.k8sAuthMethodHost"] = k8sAuthMethodHost
 			} else {
 				// provide CA key when auto-encrypt is disabled.
 				clientHelmValues["global.tls.caKey.secretName"] = tlsKey
@@ -590,9 +593,9 @@ func TestPartitionsWithMesh(t *testing.T) {
 			var partitionSvcIP string
 			if !cfg.UseKind {
 				// Get the IP of the partition service to configure the external server address in the values file for the workload cluster.
-				partitionServiceName := fmt.Sprintf("%s-partition-secret", releaseName)
+				partitionSecretName := fmt.Sprintf("%s-partition-secret", releaseName)
 				logger.Logf(t, "retrieving partition service to determine external IP for servers")
-				partitionsSvc, err := serverClusterContext.KubernetesClient(t).CoreV1().Services(serverClusterContext.KubectlOptions(t).Namespace).Get(ctx, partitionServiceName, metav1.GetOptions{})
+				partitionsSvc, err := serverClusterContext.KubernetesClient(t).CoreV1().Services(serverClusterContext.KubectlOptions(t).Namespace).Get(ctx, partitionSecretName, metav1.GetOptions{})
 				require.NoError(t, err)
 				partitionSvcIP = partitionsSvc.Status.LoadBalancer.Ingress[0].IP
 			} else {
@@ -602,11 +605,14 @@ func TestPartitionsWithMesh(t *testing.T) {
 				partitionSvcIP = nodeList.Items[0].Status.Addresses[0].Address
 			}
 
-			// The Kubernetes AuthMethod IP for Kind is read from the endpoint for the Kubernetes service. On other clouds,
-			// this can be identified by reading the cluster config.
-			kubernetesEndpoint, err := clientClusterContext.KubernetesClient(t).CoreV1().Endpoints(defaultNamespace).Get(ctx, "kubernetes", metav1.GetOptions{})
-			require.NoError(t, err)
-			k8sAuthMethodHost := fmt.Sprintf("%s:%d", kubernetesEndpoint.Subsets[0].Addresses[0].IP, kubernetesEndpoint.Subsets[0].Ports[0].Port)
+			var k8sAuthMethodHost string
+			if cfg.UseKind {
+				// The Kubernetes AuthMethod IP for Kind is read from the endpoint for the Kubernetes service. On other clouds,
+				// this can be identified by reading the cluster config.
+				kubernetesEndpoint, err := clientClusterContext.KubernetesClient(t).CoreV1().Endpoints(defaultNamespace).Get(ctx, "kubernetes", metav1.GetOptions{})
+				require.NoError(t, err)
+				k8sAuthMethodHost = fmt.Sprintf("%s:%d", kubernetesEndpoint.Subsets[0].Addresses[0].IP, kubernetesEndpoint.Subsets[0].Ports[0].Port)
+			}
 
 			// Create client cluster.
 			clientHelmValues := map[string]string{
@@ -641,10 +647,9 @@ func TestPartitionsWithMesh(t *testing.T) {
 				"global.tls.caCert.secretName": tlsCert,
 				"global.tls.caCert.secretKey":  "tls.crt",
 
-				"externalServers.enabled":           "true",
-				"externalServers.hosts[0]":          partitionSvcIP,
-				"externalServers.tlsServerName":     "server.dc1.consul",
-				"externalServers.k8sAuthMethodHost": k8sAuthMethodHost,
+				"externalServers.enabled":       "true",
+				"externalServers.hosts[0]":      partitionSvcIP,
+				"externalServers.tlsServerName": "server.dc1.consul",
 
 				"client.enabled":           "true",
 				"client.exposeGossipPorts": "true",
@@ -655,6 +660,7 @@ func TestPartitionsWithMesh(t *testing.T) {
 				// setup partition token if ACLs enabled.
 				clientHelmValues["global.acls.bootstrapToken.secretName"] = partitionToken
 				clientHelmValues["global.acls.bootstrapToken.secretKey"] = "token"
+				clientHelmValues["externalServers.k8sAuthMethodHost"] = k8sAuthMethodHost
 			} else {
 				// provide CA key when auto-encrypt is disabled.
 				clientHelmValues["global.tls.caKey.secretName"] = tlsKey
@@ -821,6 +827,9 @@ func TestPartitionsWithMesh(t *testing.T) {
 			// If a single destination namespace is set, we expect all services
 			// to be registered in that destination Consul namespace.
 			// Server cluster.
+			// We are going to test that static-clients deployed in each partition can
+			// access the static-servers running in another partition.
+			// ie default -> secondary and secondary -> default.
 			services, _, err := consulClient.Catalog().Service(staticServerName, "", serverQueryServerOpts)
 			require.NoError(t, err)
 			require.Len(t, services, 1)