Allow configuring primary DC and gateways via designated Helm values

acceptance/framework/config/config.go

@@ -63,11 +63,11 @@ func (t *TestConfig) HelmValuesFromConfig() (map[string]string, error) {
 			return nil, err
 		}
 		setIfNotEmpty(helmValues, "global.image", entImage)
-	}
 
-	if t.EnterpriseLicense != "" {
-		setIfNotEmpty(helmValues, "global.enterpriseLicense.secretName", LicenseSecretName)
-		setIfNotEmpty(helmValues, "global.enterpriseLicense.secretKey", LicenseSecretKey)
+		if t.EnterpriseLicense != "" {
+			setIfNotEmpty(helmValues, "global.enterpriseLicense.secretName", LicenseSecretName)
+			setIfNotEmpty(helmValues, "global.enterpriseLicense.secretKey", LicenseSecretKey)
+		}
 	}
 
 	if t.EnableOpenshift {

acceptance/framework/config/config_test.go

@@ -58,12 +58,15 @@ func TestConfig_HelmValuesFromConfig(t *testing.T) {
 		{
 			"sets ent license secret",
 			TestConfig{
+				EnableEnterprise:  true,
 				EnterpriseLicense: "ent-license",
+				ConsulImage:       "consul:test-version",
 			},
 			map[string]string{
 				"global.enterpriseLicense.secretName":           "license",
 				"global.enterpriseLicense.secretKey":            "key",
 				"connectInject.transparentProxy.defaultEnabled": "false",
+				"global.image": "consul:test-version",
 			},
 		},
 		{
@@ -109,7 +112,7 @@ func TestConfig_HelmValuesFromConfig(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			values, err := tt.testConfig.HelmValuesFromConfig()
 			require.NoError(t, err)
-			require.Equal(t, values, tt.want)
+			require.Equal(t, tt.want, values)
 		})
 	}
 }

acceptance/tests/vault/vault_wan_fed_test.go

@@ -199,11 +199,12 @@ func TestVault_WANFederationViaGateways(t *testing.T) {
 
 	// Get the address of the mesh gateway.
 	primaryMeshGWAddress := meshGatewayAddress(t, cfg, primaryCtx, consulReleaseName)
-	serverExtraConfig := fmt.Sprintf(`"{\"primary_gateways\":[\"%s\"]\,\"primary_datacenter\":\"dc1\"}"`, primaryMeshGWAddress)
 	secondaryConsulHelmValues := map[string]string{
 		"global.datacenter": "dc2",
 
-		"global.federation.enabled": "true",
+		"global.federation.enabled":            "true",
+		"global.federation.primaryDatacenter":  "dc1",
+		"global.federation.primaryGateways[0]": primaryMeshGWAddress,
 
 		// TLS config.
 		"global.tls.enabled":           "true",
@@ -229,7 +230,6 @@ func TestVault_WANFederationViaGateways(t *testing.T) {
 		"server.extraVolumes[0].type": "secret",
 		"server.extraVolumes[0].name": vaultCASecretName,
 		"server.extraVolumes[0].load": "false",
-		"server.extraConfig":          serverExtraConfig,
 
 		// Vault config.
 		"global.secretsBackend.vault.enabled":                       "true",

charts/consul/templates/server-config-configmap.yaml

@@ -78,4 +78,11 @@ data:
     {
       "enable_central_service_config": true
     }
+  {{- if .Values.global.federation.enabled }}
+  federation-config.json: |-
+    {
+      "primary_datacenter": "{{ .Values.global.federation.primaryDatacenter }}",
+      "primary_gateways": {{ .Values.global.federation.primaryGateways | toJson }}
+    }
+  {{- end }}
 {{- end }}

charts/consul/test/unit/server-config-configmap.bats

@@ -492,4 +492,42 @@ load _helpers
       . | tee /dev/stderr |
       yq '.data["connect-ca-config.json"] | contains("\"ca_file\": \"/consul/vault-ca/tls.crt\"")' | tee /dev/stderr)
   [ "${actual}" = "true" ]
+}
+
+@test "server/ConfigMap: doesn't add federation config by default" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/server-config-configmap.yaml  \
+      . | tee /dev/stderr |
+      yq '.data["federation-config.json"] | length > 0' | tee /dev/stderr)
+  [ "${actual}" = "false" ]
+}
+
+@test "server/ConfigMap: adds empty federation config when global.federation.enabled is true" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/server-config-configmap.yaml  \
+      --set 'global.federation.enabled=true' \
+      --set 'global.tls.enabled=true' \
+      --set 'meshGateway.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq '.data["federation-config.json"]' | tee /dev/stderr)
+  [ "${actual}" = '"{\n  \"primary_datacenter\": \"\",\n  \"primary_gateways\": []\n}"' ]
+}
+
+@test "server/ConfigMap: can set primary dc and gateways when global.federation.enabled is true" {
+  cd `chart_dir`
+  local actual=$(helm template \
+      -s templates/server-config-configmap.yaml  \
+      --set 'global.federation.enabled=true' \
+      --set 'global.federation.primaryDatacenter=dc1' \
+      --set 'global.federation.primaryGateways[0]=1.1.1.1:443' \
+      --set 'global.federation.primaryGateways[1]=2.2.2.2:443' \
+      --set 'global.tls.enabled=true' \
+      --set 'meshGateway.enabled=true' \
+      --set 'connectInject.enabled=true' \
+      . | tee /dev/stderr |
+      yq '.data["federation-config.json"]' | tee /dev/stderr)
+  [ "${actual}" = '"{\n  \"primary_datacenter\": \"dc1\",\n  \"primary_gateways\": [\"1.1.1.1:443\",\"2.2.2.2:443\"]\n}"' ]
 }

charts/consul/values.yaml

@@ -430,6 +430,14 @@ global:
     # `<helm-release-name>-consul-federation`.
     createFederationSecret: false
 
+    # The name of the primary datacenter.
+    primaryDatacenter: ""
+
+    # A list of addresses of the primary mesh gateways in the form <ip>:<port>.
+    # (e.g. ["1.1.1.1:443", "2.3.4.5:443"] 
+    # @type: array<string>
+    primaryGateways: []
+
   # Configures metrics for Consul service mesh
   metrics:
     # Configures the Helm chart’s components