From 8c2bbd350b33ad350a96df851a21a485fb9f3996 Mon Sep 17 00:00:00 2001 From: John Murret Date: Thu, 24 Mar 2022 15:50:41 -0600 Subject: [PATCH] Removing the gateway type suffix from the naming conventions for terminating and ingress gateways --- .../ingress_gateway_namespaces_test.go | 4 +- .../ingress-gateway/ingress_gateway_test.go | 4 +- .../ingress-gateways-deployment.yaml | 12 ++-- .../ingress-gateways-podsecuritypolicy.yaml | 4 +- .../templates/ingress-gateways-role.yaml | 10 +-- .../ingress-gateways-rolebinding.yaml | 8 +-- .../templates/ingress-gateways-service.yaml | 6 +- .../ingress-gateways-serviceaccount.yaml | 4 +- .../terminating-gateways-deployment.yaml | 10 +-- ...erminating-gateways-podsecuritypolicy.yaml | 4 +- .../templates/terminating-gateways-role.yaml | 8 +-- .../terminating-gateways-rolebinding.yaml | 8 +-- .../terminating-gateways-serviceaccount.yaml | 4 +- .../unit/ingress-gateways-deployment.bats | 12 ++-- .../ingress-gateways-podsecuritypolicy.bats | 4 +- .../test/unit/ingress-gateways-role.bats | 6 +- .../unit/ingress-gateways-rolebinding.bats | 4 +- .../test/unit/ingress-gateways-service.bats | 6 +- .../unit/ingress-gateways-serviceaccount.bats | 4 +- .../unit/terminating-gateways-deployment.bats | 8 +-- ...erminating-gateways-podsecuritypolicy.bats | 4 +- .../test/unit/terminating-gateways-role.bats | 6 +- .../terminating-gateways-rolebinding.bats | 4 +- .../terminating-gateways-serviceaccount.bats | 4 +- .../subcommand/server-acl-init/command.go | 2 +- .../server-acl-init/command_ent_test.go | 48 +++++++------- .../server-acl-init/command_test.go | 64 +++++++++---------- 27 files changed, 131 insertions(+), 131 deletions(-) diff --git a/acceptance/tests/ingress-gateway/ingress_gateway_namespaces_test.go b/acceptance/tests/ingress-gateway/ingress_gateway_namespaces_test.go index d3346ead69..18e79f794a 100644 --- a/acceptance/tests/ingress-gateway/ingress_gateway_namespaces_test.go +++ b/acceptance/tests/ingress-gateway/ingress_gateway_namespaces_test.go @@ -121,7 +121,7 @@ func TestIngressGatewaySingleNamespace(t *testing.T) { require.NoError(t, err) require.Equal(t, true, created, "config entry failed") - ingressGatewayService := fmt.Sprintf("http://%s-consul-%s-ingress-gateway.%s:8080/", releaseName, igName, ctx.KubectlOptions(t).Namespace) + ingressGatewayService := fmt.Sprintf("http://%s-consul-%s.%s:8080/", releaseName, igName, ctx.KubectlOptions(t).Namespace) // If ACLs are enabled, test that intentions prevent connections. if c.secure { @@ -247,7 +247,7 @@ func TestIngressGatewayNamespaceMirroring(t *testing.T) { require.NoError(t, err) require.Equal(t, true, created, "config entry failed") - ingressGatewayService := fmt.Sprintf("http://%s-consul-%s-ingress-gateway.%s:8080/", releaseName, igName, ctx.KubectlOptions(t).Namespace) + ingressGatewayService := fmt.Sprintf("http://%s-consul-%s.%s:8080/", releaseName, igName, ctx.KubectlOptions(t).Namespace) // If ACLs are enabled, test that intentions prevent connections. if c.secure { diff --git a/acceptance/tests/ingress-gateway/ingress_gateway_test.go b/acceptance/tests/ingress-gateway/ingress_gateway_test.go index 7f386296d3..9c1fd4abbb 100644 --- a/acceptance/tests/ingress-gateway/ingress_gateway_test.go +++ b/acceptance/tests/ingress-gateway/ingress_gateway_test.go @@ -97,7 +97,7 @@ func TestIngressGateway(t *testing.T) { logger.Log(t, "testing intentions prevent ingress") k8s.CheckStaticServerConnectionFailing(t, k8sOptions, staticClientName, "-H", "Host: static-server.ingress.consul", - fmt.Sprintf("http://%s-consul-%s-ingress-gateway:8080/", releaseName, igName)) + fmt.Sprintf("http://%s-consul-%s:8080/", releaseName, igName)) // Now we create the allow intention. logger.Log(t, "creating ingress-gateway => static-server intention") @@ -119,7 +119,7 @@ func TestIngressGateway(t *testing.T) { logger.Log(t, "trying calls to ingress gateway") k8s.CheckStaticServerConnectionSuccessful(t, k8sOptions, staticClientName, "-H", "Host: static-server.ingress.consul", - fmt.Sprintf("http://%s-consul-%s-ingress-gateway:8080/", releaseName, igName)) + fmt.Sprintf("http://%s-consul-%s:8080/", releaseName, igName)) }) } } diff --git a/charts/consul/templates/ingress-gateways-deployment.yaml b/charts/consul/templates/ingress-gateways-deployment.yaml index cb18f6bb63..81656e6920 100644 --- a/charts/consul/templates/ingress-gateways-deployment.yaml +++ b/charts/consul/templates/ingress-gateways-deployment.yaml @@ -26,7 +26,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + name: {{ template "consul.fullname" $root }}-{{ .name }} namespace: {{ $root.Release.Namespace }} labels: app: {{ template "consul.name" $root }} @@ -34,7 +34,7 @@ metadata: heritage: {{ $root.Release.Service }} release: {{ $root.Release.Name }} component: ingress-gateway - ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} spec: replicas: {{ default $defaults.replicas .replicas }} selector: @@ -44,7 +44,7 @@ spec: heritage: {{ $root.Release.Service }} release: {{ $root.Release.Name }} component: ingress-gateway - ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} template: metadata: labels: @@ -53,7 +53,7 @@ spec: heritage: {{ $root.Release.Service }} release: {{ $root.Release.Name }} component: ingress-gateway - ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} annotations: {{- if (and $root.Values.global.secretsBackend.vault.enabled $root.Values.global.tls.enabled) }} "vault.hashicorp.com/agent-init-first": "true" @@ -92,7 +92,7 @@ spec: {{ tpl (default $defaults.tolerations .tolerations) $root | nindent 8 | trim }} {{- end }} terminationGracePeriodSeconds: {{ default $defaults.terminationGracePeriodSeconds .terminationGracePeriodSeconds }} - serviceAccountName: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + serviceAccountName: {{ template "consul.fullname" $root }}-{{ .name }} volumes: - name: consul-bin emptyDir: {} @@ -189,7 +189,7 @@ spec: -log-level={{ $root.Values.global.logLevel }} \ -log-json={{ $root.Values.global.logJSON }} \ -k8s-namespace={{ $root.Release.Namespace }} \ - -name={{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway \ + -name={{ template "consul.fullname" $root }}-{{ .name }} \ -output-file=/tmp/address.txt WAN_ADDR="$(cat /tmp/address.txt)" {{- else }} diff --git a/charts/consul/templates/ingress-gateways-podsecuritypolicy.yaml b/charts/consul/templates/ingress-gateways-podsecuritypolicy.yaml index d1ee0c4843..f7354da2b3 100644 --- a/charts/consul/templates/ingress-gateways-podsecuritypolicy.yaml +++ b/charts/consul/templates/ingress-gateways-podsecuritypolicy.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: - name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + name: {{ template "consul.fullname" $root }}-{{ .name }} namespace: {{ $root.Release.Namespace }} labels: app: {{ template "consul.name" $root }} @@ -12,7 +12,7 @@ metadata: heritage: {{ $root.Release.Service }} release: {{ $root.Release.Name }} component: ingress-gateway - ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} spec: privileged: false # Required to prevent escalations to root. diff --git a/charts/consul/templates/ingress-gateways-role.yaml b/charts/consul/templates/ingress-gateways-role.yaml index ed75bf37e5..49e8486e58 100644 --- a/charts/consul/templates/ingress-gateways-role.yaml +++ b/charts/consul/templates/ingress-gateways-role.yaml @@ -7,7 +7,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + name: {{ template "consul.fullname" $root }}-{{ .name }} namespace: {{ $root.Release.Namespace }} labels: app: {{ template "consul.name" $root }} @@ -15,20 +15,20 @@ metadata: heritage: {{ $root.Release.Service }} release: {{ $root.Release.Name }} component: ingress-gateway - ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} rules: - apiGroups: [""] resources: - services resourceNames: - - {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + - {{ template "consul.fullname" $root }}-{{ .name }} verbs: - get {{- if $root.Values.global.enablePodSecurityPolicies }} - apiGroups: ["policy"] resources: ["podsecuritypolicies"] resourceNames: - - {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + - {{ template "consul.fullname" $root }}-{{ .name }} verbs: - use {{- end }} @@ -37,7 +37,7 @@ rules: resources: - secrets resourceNames: - - {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway-acl-token + - {{ template "consul.fullname" $root }}-{{ .name }}-acl-token verbs: - get {{- end }} diff --git a/charts/consul/templates/ingress-gateways-rolebinding.yaml b/charts/consul/templates/ingress-gateways-rolebinding.yaml index 2bd481ca62..601de775f4 100644 --- a/charts/consul/templates/ingress-gateways-rolebinding.yaml +++ b/charts/consul/templates/ingress-gateways-rolebinding.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + name: {{ template "consul.fullname" $root }}-{{ .name }} namespace: {{ $root.Release.Namespace }} labels: app: {{ template "consul.name" $root }} @@ -12,14 +12,14 @@ metadata: heritage: {{ $root.Release.Service }} release: {{ $root.Release.Name }} component: ingress-gateway - ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + name: {{ template "consul.fullname" $root }}-{{ .name }} subjects: - kind: ServiceAccount - name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + name: {{ template "consul.fullname" $root }}-{{ .name }} --- {{- end }} {{- end }} diff --git a/charts/consul/templates/ingress-gateways-service.yaml b/charts/consul/templates/ingress-gateways-service.yaml index baab72ff42..cf54a740fe 100644 --- a/charts/consul/templates/ingress-gateways-service.yaml +++ b/charts/consul/templates/ingress-gateways-service.yaml @@ -9,7 +9,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + name: {{ template "consul.fullname" $root }}-{{ .name }} namespace: {{ $root.Release.Namespace }} labels: app: {{ template "consul.name" $root }} @@ -17,7 +17,7 @@ metadata: heritage: {{ $root.Release.Service }} release: {{ $root.Release.Name }} component: ingress-gateway - ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} {{- if (or $defaults.service.annotations $service.annotations) }} # We allow both default annotations and gateway-specific annotations annotations: @@ -33,7 +33,7 @@ spec: app: {{ template "consul.name" $root }} release: "{{ $root.Release.Name }}" component: ingress-gateway - ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} ports: {{- range $index, $ports := (default $defaults.service.ports $service.ports) }} - name: gateway-{{ $index }} diff --git a/charts/consul/templates/ingress-gateways-serviceaccount.yaml b/charts/consul/templates/ingress-gateways-serviceaccount.yaml index ad2e3fcb8e..cea6cafc21 100644 --- a/charts/consul/templates/ingress-gateways-serviceaccount.yaml +++ b/charts/consul/templates/ingress-gateways-serviceaccount.yaml @@ -6,7 +6,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + name: {{ template "consul.fullname" $root }}-{{ .name }} namespace: {{ $root.Release.Namespace }} labels: app: {{ template "consul.name" $root }} @@ -14,7 +14,7 @@ metadata: heritage: {{ $root.Release.Service }} release: {{ $root.Release.Name }} component: ingress-gateway - ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-ingress-gateway + ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} {{- if (or $defaults.serviceAccount.annotations $serviceAccount.annotations) }} annotations: {{- if $defaults.serviceAccount.annotations }} diff --git a/charts/consul/templates/terminating-gateways-deployment.yaml b/charts/consul/templates/terminating-gateways-deployment.yaml index 421914230e..4fb5c40f5f 100644 --- a/charts/consul/templates/terminating-gateways-deployment.yaml +++ b/charts/consul/templates/terminating-gateways-deployment.yaml @@ -24,7 +24,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + name: {{ template "consul.fullname" $root }}-{{ .name }} namespace: {{ $root.Release.Namespace }} labels: app: {{ template "consul.name" $root }} @@ -32,7 +32,7 @@ metadata: heritage: {{ $root.Release.Service }} release: {{ $root.Release.Name }} component: terminating-gateway - terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} spec: replicas: {{ default $defaults.replicas .replicas }} selector: @@ -42,7 +42,7 @@ spec: heritage: {{ $root.Release.Service }} release: {{ $root.Release.Name }} component: terminating-gateway - terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} template: metadata: labels: @@ -51,7 +51,7 @@ spec: heritage: {{ $root.Release.Service }} release: {{ $root.Release.Name }} component: terminating-gateway - terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} annotations: {{- if (and $root.Values.global.secretsBackend.vault.enabled $root.Values.global.tls.enabled) }} "vault.hashicorp.com/agent-init-first": "true" @@ -90,7 +90,7 @@ spec: {{ tpl (default $defaults.tolerations .tolerations) $root | nindent 8 | trim }} {{- end }} terminationGracePeriodSeconds: 10 - serviceAccountName: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + serviceAccountName: {{ template "consul.fullname" $root }}-{{ .name }} volumes: - name: consul-bin emptyDir: {} diff --git a/charts/consul/templates/terminating-gateways-podsecuritypolicy.yaml b/charts/consul/templates/terminating-gateways-podsecuritypolicy.yaml index 611cd65abd..97ad2af961 100644 --- a/charts/consul/templates/terminating-gateways-podsecuritypolicy.yaml +++ b/charts/consul/templates/terminating-gateways-podsecuritypolicy.yaml @@ -4,7 +4,7 @@ apiVersion: policy/v1beta1 kind: PodSecurityPolicy metadata: - name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + name: {{ template "consul.fullname" $root }}-{{ .name }} namespace: {{ $root.Release.Namespace }} labels: app: {{ template "consul.name" $root }} @@ -12,7 +12,7 @@ metadata: heritage: {{ $root.Release.Service }} release: {{ $root.Release.Name }} component: terminating-gateway - terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} spec: privileged: false # Required to prevent escalations to root. diff --git a/charts/consul/templates/terminating-gateways-role.yaml b/charts/consul/templates/terminating-gateways-role.yaml index 9108bd121b..4ae280ca81 100644 --- a/charts/consul/templates/terminating-gateways-role.yaml +++ b/charts/consul/templates/terminating-gateways-role.yaml @@ -7,7 +7,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + name: {{ template "consul.fullname" $root }}-{{ .name }} namespace: {{ $root.Release.Namespace }} labels: app: {{ template "consul.name" $root }} @@ -15,14 +15,14 @@ metadata: heritage: {{ $root.Release.Service }} release: {{ $root.Release.Name }} component: terminating-gateway - terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} {{- if (or $root.Values.global.acls.manageSystemACLs $root.Values.global.enablePodSecurityPolicies) }} rules: {{- if $root.Values.global.enablePodSecurityPolicies }} - apiGroups: ["policy"] resources: ["podsecuritypolicies"] resourceNames: - - {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + - {{ template "consul.fullname" $root }}-{{ .name }} verbs: - use {{- end }} @@ -31,7 +31,7 @@ rules: resources: - secrets resourceNames: - - {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway-acl-token + - {{ template "consul.fullname" $root }}-{{ .name }}-acl-token verbs: - get {{- end }} diff --git a/charts/consul/templates/terminating-gateways-rolebinding.yaml b/charts/consul/templates/terminating-gateways-rolebinding.yaml index 397a753b01..4271f8f59c 100644 --- a/charts/consul/templates/terminating-gateways-rolebinding.yaml +++ b/charts/consul/templates/terminating-gateways-rolebinding.yaml @@ -4,7 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + name: {{ template "consul.fullname" $root }}-{{ .name }} namespace: {{ $root.Release.Namespace }} labels: app: {{ template "consul.name" $root }} @@ -12,14 +12,14 @@ metadata: heritage: {{ $root.Release.Service }} release: {{ $root.Release.Name }} component: terminating-gateway - terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + name: {{ template "consul.fullname" $root }}-{{ .name }} subjects: - kind: ServiceAccount - name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + name: {{ template "consul.fullname" $root }}-{{ .name }} namespace: {{ $root.Release.Namespace }} --- {{- end }} diff --git a/charts/consul/templates/terminating-gateways-serviceaccount.yaml b/charts/consul/templates/terminating-gateways-serviceaccount.yaml index 38a79f361c..211fb5c72f 100644 --- a/charts/consul/templates/terminating-gateways-serviceaccount.yaml +++ b/charts/consul/templates/terminating-gateways-serviceaccount.yaml @@ -6,7 +6,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + name: {{ template "consul.fullname" $root }}-{{ .name }} namespace: {{ $root.Release.Namespace }} labels: app: {{ template "consul.name" $root }} @@ -14,7 +14,7 @@ metadata: heritage: {{ $root.Release.Service }} release: {{ $root.Release.Name }} component: terminating-gateway - terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }}-terminating-gateway + terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} {{- if (or $defaults.serviceAccount.annotations $serviceAccount.annotations) }} annotations: {{- if $defaults.serviceAccount.annotations }} diff --git a/charts/consul/test/unit/ingress-gateways-deployment.bats b/charts/consul/test/unit/ingress-gateways-deployment.bats index 2c59b5658a..13dbc2b1c0 100644 --- a/charts/consul/test/unit/ingress-gateways-deployment.bats +++ b/charts/consul/test/unit/ingress-gateways-deployment.bats @@ -22,7 +22,7 @@ load _helpers [ "${actual}" = "true" ] local actual=$(echo $object | yq -r '.metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-ingress-gateway-ingress-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-ingress-gateway" ] } @test "ingressGateways/Deployment: Adds consul service volumeMount to gateway container" { @@ -57,7 +57,7 @@ load _helpers . | tee /dev/stderr | yq -s -r '.[0].spec.template.spec.serviceAccountName' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-ingress-gateway-ingress-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-ingress-gateway" ] } #-------------------------------------------------------------------- @@ -1295,7 +1295,7 @@ key2: value2' \ -log-level=info \ -log-json=false \ -k8s-namespace=default \ - -name=RELEASE-NAME-consul-ingress-gateway-ingress-gateway \ + -name=RELEASE-NAME-consul-ingress-gateway \ -output-file=/tmp/address.txt WAN_ADDR="$(cat /tmp/address.txt)" WAN_PORT=8080 @@ -1365,7 +1365,7 @@ consul-k8s-control-plane service-address \ -log-level=info \ -log-json=false \ -k8s-namespace=default \ - -name=RELEASE-NAME-consul-ingress-gateway-ingress-gateway \ + -name=RELEASE-NAME-consul-ingress-gateway \ -output-file=/tmp/address.txt WAN_ADDR="$(cat /tmp/address.txt)" WAN_PORT=8080 @@ -1592,10 +1592,10 @@ EOF yq -s -r '.' | tee /dev/stderr) local actual=$(echo $object | yq -r '.[0].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway1-ingress-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway1" ] local actual=$(echo $object | yq -r '.[1].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway2-ingress-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway2" ] local actual=$(echo $object | yq '.[0] | length > 0' | tee /dev/stderr) [ "${actual}" = "true" ] diff --git a/charts/consul/test/unit/ingress-gateways-podsecuritypolicy.bats b/charts/consul/test/unit/ingress-gateways-podsecuritypolicy.bats index efb88fbcc1..18fa9283d1 100644 --- a/charts/consul/test/unit/ingress-gateways-podsecuritypolicy.bats +++ b/charts/consul/test/unit/ingress-gateways-podsecuritypolicy.bats @@ -43,8 +43,8 @@ load _helpers [ "${actual}" = "false" ] local actual=$(echo $object | yq -r '.[0].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway1-ingress-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway1" ] local actual=$(echo $object | yq -r '.[1].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway2-ingress-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway2" ] } diff --git a/charts/consul/test/unit/ingress-gateways-role.bats b/charts/consul/test/unit/ingress-gateways-role.bats index f28dfd07ad..d592820b8b 100644 --- a/charts/consul/test/unit/ingress-gateways-role.bats +++ b/charts/consul/test/unit/ingress-gateways-role.bats @@ -46,7 +46,7 @@ load _helpers [ "${actual}" = "secrets" ] local actual=$(echo $object | yq -r '.resourceNames[0]' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-ingress-gateway-ingress-gateway-acl-token" ] + [ "${actual}" = "RELEASE-NAME-consul-ingress-gateway-acl-token" ] } @test "ingressGateways/Role: rules for ingressGateways service" { @@ -87,10 +87,10 @@ load _helpers yq -s -r '.' | tee /dev/stderr) local actual=$(echo $object | yq -r '.[0].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway1-ingress-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway1" ] local actual=$(echo $object | yq -r '.[1].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway2-ingress-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway2" ] local actual=$(echo $object | yq '.[0].rules | length' | tee /dev/stderr) [ "${actual}" = "3" ] diff --git a/charts/consul/test/unit/ingress-gateways-rolebinding.bats b/charts/consul/test/unit/ingress-gateways-rolebinding.bats index e9251f78a6..55f7d51756 100644 --- a/charts/consul/test/unit/ingress-gateways-rolebinding.bats +++ b/charts/consul/test/unit/ingress-gateways-rolebinding.bats @@ -32,10 +32,10 @@ load _helpers yq -s -r '.' | tee /dev/stderr) local actual=$(echo $object | yq -r '.[0].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway1-ingress-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway1" ] local actual=$(echo $object | yq -r '.[1].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway2-ingress-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway2" ] local actual=$(echo $object | yq '.[2] | length > 0' | tee /dev/stderr) [ "${actual}" = "false" ] diff --git a/charts/consul/test/unit/ingress-gateways-service.bats b/charts/consul/test/unit/ingress-gateways-service.bats index 2ad67bc904..8fa3c73482 100644 --- a/charts/consul/test/unit/ingress-gateways-service.bats +++ b/charts/consul/test/unit/ingress-gateways-service.bats @@ -333,7 +333,7 @@ key2: value2' \ --set 'connectInject.enabled=true' \ . | tee /dev/stderr | yq -s -r '.[0].spec.selector."ingress-gateway-name"' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-ingress-gateway-ingress-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-ingress-gateway" ] } #-------------------------------------------------------------------- @@ -351,10 +351,10 @@ key2: value2' \ yq -s -r '.' | tee /dev/stderr) local actual=$(echo $object | yq -r '.[0].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway1-ingress-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway1" ] local actual=$(echo $object | yq -r '.[1].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway2-ingress-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway2" ] local actual=$(echo $object | yq '.[2] | length > 0' | tee /dev/stderr) [ "${actual}" = "false" ] diff --git a/charts/consul/test/unit/ingress-gateways-serviceaccount.bats b/charts/consul/test/unit/ingress-gateways-serviceaccount.bats index 5f6eaaa768..12316908ea 100644 --- a/charts/consul/test/unit/ingress-gateways-serviceaccount.bats +++ b/charts/consul/test/unit/ingress-gateways-serviceaccount.bats @@ -57,10 +57,10 @@ load _helpers yq -s -r '.' | tee /dev/stderr) local actual=$(echo $object | yq -r '.[0].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway1-ingress-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway1" ] local actual=$(echo $object | yq -r '.[1].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway2-ingress-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway2" ] local actual=$(echo "$object" | yq -r '.[2] | length > 0' | tee /dev/stderr) diff --git a/charts/consul/test/unit/terminating-gateways-deployment.bats b/charts/consul/test/unit/terminating-gateways-deployment.bats index d59452c954..15555c81fd 100644 --- a/charts/consul/test/unit/terminating-gateways-deployment.bats +++ b/charts/consul/test/unit/terminating-gateways-deployment.bats @@ -22,7 +22,7 @@ load _helpers [ "${actual}" = "true" ] local actual=$(echo $object | yq -r '.metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-terminating-gateway-terminating-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-terminating-gateway" ] } @test "terminatingGateways/Deployment: Adds consul service volumeMount to gateway container" { @@ -265,7 +265,7 @@ load _helpers . | tee /dev/stderr | yq -s -r '.[0].spec.template.spec.serviceAccountName' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-terminating-gateway-terminating-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-terminating-gateway" ] } #-------------------------------------------------------------------- @@ -1406,10 +1406,10 @@ EOF yq -s -r '.' | tee /dev/stderr) local actual=$(echo $object | yq -r '.[0].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway1-terminating-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway1" ] local actual=$(echo $object | yq -r '.[1].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway2-terminating-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway2" ] local actual=$(echo $object | yq '.[0] | length > 0' | tee /dev/stderr) [ "${actual}" = "true" ] diff --git a/charts/consul/test/unit/terminating-gateways-podsecuritypolicy.bats b/charts/consul/test/unit/terminating-gateways-podsecuritypolicy.bats index e5f684039a..b8595f8e60 100644 --- a/charts/consul/test/unit/terminating-gateways-podsecuritypolicy.bats +++ b/charts/consul/test/unit/terminating-gateways-podsecuritypolicy.bats @@ -43,8 +43,8 @@ load _helpers [ "${actual}" = "false" ] local actual=$(echo $object | yq -r '.[0].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway1-terminating-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway1" ] local actual=$(echo $object | yq -r '.[1].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway2-terminating-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway2" ] } diff --git a/charts/consul/test/unit/terminating-gateways-role.bats b/charts/consul/test/unit/terminating-gateways-role.bats index c91babe71d..708df66a6c 100644 --- a/charts/consul/test/unit/terminating-gateways-role.bats +++ b/charts/consul/test/unit/terminating-gateways-role.bats @@ -46,7 +46,7 @@ load _helpers [ "${actual}" = "secrets" ] local actual=$(echo $object | yq -r '.resourceNames[0]' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-terminating-gateway-terminating-gateway-acl-token" ] + [ "${actual}" = "RELEASE-NAME-consul-terminating-gateway-acl-token" ] } @test "terminatingGateways/Role: rules is empty if no ACLs, PSPs" { @@ -87,10 +87,10 @@ load _helpers yq -s -r '.' | tee /dev/stderr) local actual=$(echo $object | yq -r '.[0].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway1-terminating-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway1" ] local actual=$(echo $object | yq -r '.[1].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway2-terminating-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway2" ] local actual=$(echo $object | yq '.[0].rules | length' | tee /dev/stderr) [ "${actual}" = "2" ] diff --git a/charts/consul/test/unit/terminating-gateways-rolebinding.bats b/charts/consul/test/unit/terminating-gateways-rolebinding.bats index 711ed7ed47..d6e74be896 100644 --- a/charts/consul/test/unit/terminating-gateways-rolebinding.bats +++ b/charts/consul/test/unit/terminating-gateways-rolebinding.bats @@ -32,10 +32,10 @@ load _helpers yq -s -r '.' | tee /dev/stderr) local actual=$(echo $object | yq -r '.[0].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway1-terminating-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway1" ] local actual=$(echo $object | yq -r '.[1].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway2-terminating-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway2" ] local actual=$(echo $object | yq '.[2] | length > 0' | tee /dev/stderr) [ "${actual}" = "false" ] diff --git a/charts/consul/test/unit/terminating-gateways-serviceaccount.bats b/charts/consul/test/unit/terminating-gateways-serviceaccount.bats index e1ef573abf..3052907b54 100644 --- a/charts/consul/test/unit/terminating-gateways-serviceaccount.bats +++ b/charts/consul/test/unit/terminating-gateways-serviceaccount.bats @@ -57,10 +57,10 @@ load _helpers yq -s -r '.' | tee /dev/stderr) local actual=$(echo $object | yq -r '.[0].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway1-terminating-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway1" ] local actual=$(echo $object | yq -r '.[1].metadata.name' | tee /dev/stderr) - [ "${actual}" = "RELEASE-NAME-consul-gateway2-terminating-gateway" ] + [ "${actual}" = "RELEASE-NAME-consul-gateway2" ] local actual=$(echo "$object" | yq -r '.[2] | length > 0' | tee /dev/stderr) diff --git a/control-plane/subcommand/server-acl-init/command.go b/control-plane/subcommand/server-acl-init/command.go index c2f8f07322..495ec7beda 100644 --- a/control-plane/subcommand/server-acl-init/command.go +++ b/control-plane/subcommand/server-acl-init/command.go @@ -797,7 +797,7 @@ func (c *Command) configureGateway(gatewayParams ConfigureGatewayParams, consulC // The names in the Helm chart are specified by users and so may not contain // the words "ingress-gateway" or "terminating-gateway". We need to create unique names for tokens // across all gateway types and so must suffix with either `-ingress-gateway` of `-terminating-gateway`. - serviceAccountName := c.withPrefix(fmt.Sprintf("%s-%s", name, fmt.Sprintf("%s-gateway", gatewayParams.GatewayType))) + serviceAccountName := c.withPrefix(name) err = c.createACLPolicyRoleAndBindingRule(serviceAccountName, rules, gatewayParams.ConsulDC, gatewayParams.PrimaryDC, localPolicy, gatewayParams.Primary, gatewayParams.AuthMethodName, serviceAccountName, consulClient) diff --git a/control-plane/subcommand/server-acl-init/command_ent_test.go b/control-plane/subcommand/server-acl-init/command_ent_test.go index 55834c7ed8..10e3650b12 100644 --- a/control-plane/subcommand/server-acl-init/command_ent_test.go +++ b/control-plane/subcommand/server-acl-init/command_ent_test.go @@ -295,10 +295,10 @@ func TestRun_ACLPolicyUpdates(t *testing.T) { "-connect-inject", "-snapshot-agent", "-create-enterprise-license-token", - "-ingress-gateway-name=gw", - "-ingress-gateway-name=anothergw", - "-terminating-gateway-name=gw", - "-terminating-gateway-name=anothergw", + "-ingress-gateway-name=igw", + "-ingress-gateway-name=anotherigw", + "-terminating-gateway-name=tgw", + "-terminating-gateway-name=anothertgw", "-controller", } // Our second run, we're going to update from partitions and namespaces disabled to @@ -333,10 +333,10 @@ func TestRun_ACLPolicyUpdates(t *testing.T) { "mesh-gateway-policy", "snapshot-agent-policy", "enterprise-license-token", - resourcePrefix + "-gw-ingress-gateway-policy", - resourcePrefix + "-anothergw-ingress-gateway-policy", - resourcePrefix + "-gw-terminating-gateway-policy", - resourcePrefix + "-anothergw-terminating-gateway-policy", + resourcePrefix + "-igw-policy", + resourcePrefix + "-anotherigw-policy", + resourcePrefix + "-tgw-policy", + resourcePrefix + "-anothertgw-policy", "connect-inject-policy", "controller-policy", } @@ -386,10 +386,10 @@ func TestRun_ACLPolicyUpdates(t *testing.T) { "snapshot-agent-policy", "enterprise-license-token", "cross-namespace-policy", - resourcePrefix + "-gw-ingress-gateway-policy", - resourcePrefix + "-anothergw-ingress-gateway-policy", - resourcePrefix + "-gw-terminating-gateway-policy", - resourcePrefix + "-anothergw-terminating-gateway-policy", + resourcePrefix + "-igw-policy", + resourcePrefix + "-anotherigw-policy", + resourcePrefix + "-tgw-policy", + resourcePrefix + "-anothertgw-policy", "controller-policy", "partitions-token", } @@ -776,9 +776,9 @@ func TestRun_GatewayNamespaceParsing(t *testing.T) { TokenFlags: []string{"-ingress-gateway-name=ingress", "-ingress-gateway-name=gateway", "-ingress-gateway-name=another-gateway"}, - PolicyNames: []string{resourcePrefix + "-ingress-ingress-gateway-policy", - resourcePrefix + "-gateway-ingress-gateway-policy", - resourcePrefix + "-another-gateway-ingress-gateway-policy"}, + PolicyNames: []string{resourcePrefix + "-ingress-policy", + resourcePrefix + "-gateway-policy", + resourcePrefix + "-another-gateway-policy"}, ExpectedPolicies: []string{` partition "default" { namespace "default" { @@ -825,9 +825,9 @@ partition "default" { TokenFlags: []string{"-ingress-gateway-name=ingress.", "-ingress-gateway-name=gateway.namespace1", "-ingress-gateway-name=another-gateway.namespace2"}, - PolicyNames: []string{resourcePrefix + "-ingress-ingress-gateway-policy", - resourcePrefix + "-gateway-ingress-gateway-policy", - resourcePrefix + "-another-gateway-ingress-gateway-policy"}, + PolicyNames: []string{resourcePrefix + "-ingress-policy", + resourcePrefix + "-gateway-policy", + resourcePrefix + "-another-gateway-policy"}, ExpectedPolicies: []string{` partition "default" { namespace "default" { @@ -874,9 +874,9 @@ partition "default" { TokenFlags: []string{"-terminating-gateway-name=terminating", "-terminating-gateway-name=gateway", "-terminating-gateway-name=another-gateway"}, - PolicyNames: []string{resourcePrefix + "-terminating-terminating-gateway-policy", - resourcePrefix + "-gateway-terminating-gateway-policy", - resourcePrefix + "-another-gateway-terminating-gateway-policy"}, + PolicyNames: []string{resourcePrefix + "-terminating-policy", + resourcePrefix + "-gateway-policy", + resourcePrefix + "-another-gateway-policy"}, ExpectedPolicies: []string{` partition "default" { namespace "default" { @@ -914,9 +914,9 @@ partition "default" { TokenFlags: []string{"-terminating-gateway-name=terminating.", "-terminating-gateway-name=gateway.namespace1", "-terminating-gateway-name=another-gateway.namespace2"}, - PolicyNames: []string{resourcePrefix + "-terminating-terminating-gateway-policy", - resourcePrefix + "-gateway-terminating-gateway-policy", - resourcePrefix + "-another-gateway-terminating-gateway-policy"}, + PolicyNames: []string{resourcePrefix + "-terminating-policy", + resourcePrefix + "-gateway-policy", + resourcePrefix + "-another-gateway-policy"}, ExpectedPolicies: []string{` partition "default" { namespace "default" { diff --git a/control-plane/subcommand/server-acl-init/command_test.go b/control-plane/subcommand/server-acl-init/command_test.go index 9b08a1f94a..326e3cc57c 100644 --- a/control-plane/subcommand/server-acl-init/command_test.go +++ b/control-plane/subcommand/server-acl-init/command_test.go @@ -2116,24 +2116,24 @@ func TestRun_PoliciesAndBindingRulesForACLLogin_PrimaryDatacenter(t *testing.T) TokenFlags: []string{"-terminating-gateway-name=terminating", "-terminating-gateway-name=gateway", "-terminating-gateway-name=another-gateway"}, - PolicyNames: []string{resourcePrefix + "-terminating-terminating-gateway-policy", - resourcePrefix + "-gateway-terminating-gateway-policy", - resourcePrefix + "-another-gateway-terminating-gateway-policy"}, - Roles: []string{resourcePrefix + "-terminating-terminating-gateway-acl-role", - resourcePrefix + "-gateway-terminating-gateway-acl-role", - resourcePrefix + "-another-gateway-terminating-gateway-acl-role"}, + PolicyNames: []string{resourcePrefix + "-terminating-policy", + resourcePrefix + "-gateway-policy", + resourcePrefix + "-another-gateway-policy"}, + Roles: []string{resourcePrefix + "-terminating-acl-role", + resourcePrefix + "-gateway-acl-role", + resourcePrefix + "-another-gateway-acl-role"}, }, { TestName: "Ingress Gateway", TokenFlags: []string{"-ingress-gateway-name=ingress", "-ingress-gateway-name=gateway", "-ingress-gateway-name=another-gateway"}, - PolicyNames: []string{resourcePrefix + "-ingress-ingress-gateway-policy", - resourcePrefix + "-gateway-ingress-gateway-policy", - resourcePrefix + "-another-gateway-ingress-gateway-policy"}, - Roles: []string{resourcePrefix + "-ingress-ingress-gateway-acl-role", - resourcePrefix + "-gateway-ingress-gateway-acl-role", - resourcePrefix + "-another-gateway-ingress-gateway-acl-role"}, + PolicyNames: []string{resourcePrefix + "-ingress-policy", + resourcePrefix + "-gateway-policy", + resourcePrefix + "-another-gateway-policy"}, + Roles: []string{resourcePrefix + "-ingress-acl-role", + resourcePrefix + "-gateway-acl-role", + resourcePrefix + "-another-gateway-acl-role"}, }, } for _, c := range cases { @@ -2280,12 +2280,12 @@ func TestRun_PoliciesAndBindingRulesACLLogin_SecondaryDatacenter(t *testing.T) { TokenFlags: []string{"-terminating-gateway-name=terminating", "-terminating-gateway-name=gateway", "-terminating-gateway-name=another-gateway"}, - PolicyNames: []string{resourcePrefix + "-terminating-terminating-gateway-policy-" + secondaryDatacenter, - resourcePrefix + "-gateway-terminating-gateway-policy-" + secondaryDatacenter, - resourcePrefix + "-another-gateway-terminating-gateway-policy-" + secondaryDatacenter}, - Roles: []string{resourcePrefix + "-terminating-terminating-gateway-acl-role-" + secondaryDatacenter, - resourcePrefix + "-gateway-terminating-gateway-acl-role-" + secondaryDatacenter, - resourcePrefix + "-another-gateway-terminating-gateway-acl-role-" + secondaryDatacenter}, + PolicyNames: []string{resourcePrefix + "-terminating-policy-" + secondaryDatacenter, + resourcePrefix + "-gateway-policy-" + secondaryDatacenter, + resourcePrefix + "-another-gateway-policy-" + secondaryDatacenter}, + Roles: []string{resourcePrefix + "-terminating-acl-role-" + secondaryDatacenter, + resourcePrefix + "-gateway-acl-role-" + secondaryDatacenter, + resourcePrefix + "-another-gateway-acl-role-" + secondaryDatacenter}, GlobalAuthMethod: false, }, { @@ -2293,12 +2293,12 @@ func TestRun_PoliciesAndBindingRulesACLLogin_SecondaryDatacenter(t *testing.T) { TokenFlags: []string{"-ingress-gateway-name=ingress", "-ingress-gateway-name=gateway", "-ingress-gateway-name=another-gateway"}, - PolicyNames: []string{resourcePrefix + "-ingress-ingress-gateway-policy-" + secondaryDatacenter, - resourcePrefix + "-gateway-ingress-gateway-policy-" + secondaryDatacenter, - resourcePrefix + "-another-gateway-ingress-gateway-policy-" + secondaryDatacenter}, - Roles: []string{resourcePrefix + "-ingress-ingress-gateway-acl-role-" + secondaryDatacenter, - resourcePrefix + "-gateway-ingress-gateway-acl-role-" + secondaryDatacenter, - resourcePrefix + "-another-gateway-ingress-gateway-acl-role-" + secondaryDatacenter}, + PolicyNames: []string{resourcePrefix + "-ingress-policy-" + secondaryDatacenter, + resourcePrefix + "-gateway-policy-" + secondaryDatacenter, + resourcePrefix + "-another-gateway-policy-" + secondaryDatacenter}, + Roles: []string{resourcePrefix + "-ingress-acl-role-" + secondaryDatacenter, + resourcePrefix + "-gateway-acl-role-" + secondaryDatacenter, + resourcePrefix + "-another-gateway-acl-role-" + secondaryDatacenter}, GlobalAuthMethod: false, }, } @@ -2444,15 +2444,15 @@ func TestRun_ValidateLoginToken_PrimaryDatacenter(t *testing.T) { { ComponentName: "terminating-gateway", TokenFlags: []string{"-terminating-gateway-name=terminating"}, - Roles: []string{resourcePrefix + "-terminating-terminating-gateway-acl-role"}, - ServiceAccountName: fmt.Sprintf("%s-%s", resourcePrefix, "terminating-terminating-gateway"), + Roles: []string{resourcePrefix + "-terminating-acl-role"}, + ServiceAccountName: fmt.Sprintf("%s-%s", resourcePrefix, "terminating"), GlobalToken: false, }, { ComponentName: "ingress-gateway", TokenFlags: []string{"-ingress-gateway-name=ingress"}, - Roles: []string{resourcePrefix + "-ingress-ingress-gateway-acl-role"}, - ServiceAccountName: fmt.Sprintf("%s-%s", resourcePrefix, "ingress-ingress-gateway"), + Roles: []string{resourcePrefix + "-ingress-acl-role"}, + ServiceAccountName: fmt.Sprintf("%s-%s", resourcePrefix, "ingress"), GlobalToken: false, }, } @@ -2591,16 +2591,16 @@ func TestRun_ValidateLoginToken_SecondaryDatacenter(t *testing.T) { { ComponentName: "terminating-gateway", TokenFlags: []string{"-terminating-gateway-name=terminating"}, - Roles: []string{resourcePrefix + "-terminating-terminating-gateway-acl-role-dc2"}, - ServiceAccountName: fmt.Sprintf("%s-%s", resourcePrefix, "terminating-terminating-gateway"), + Roles: []string{resourcePrefix + "-terminating-acl-role-dc2"}, + ServiceAccountName: fmt.Sprintf("%s-%s", resourcePrefix, "terminating"), GlobalAuthMethod: false, GlobalToken: false, }, { ComponentName: "ingress-gateway", TokenFlags: []string{"-ingress-gateway-name=ingress"}, - Roles: []string{resourcePrefix + "-ingress-ingress-gateway-acl-role-dc2"}, - ServiceAccountName: fmt.Sprintf("%s-%s", resourcePrefix, "ingress-ingress-gateway"), + Roles: []string{resourcePrefix + "-ingress-acl-role-dc2"}, + ServiceAccountName: fmt.Sprintf("%s-%s", resourcePrefix, "ingress"), GlobalAuthMethod: false, GlobalToken: false, },