From cab492f49084ba4cf55a5ab5407dfe0a42e03408 Mon Sep 17 00:00:00 2001
From: Nitya Dhanushkodi <nitya@hashicorp.com>
Date: Mon, 1 Aug 2022 14:39:05 -0700
Subject: [PATCH] support static addrs

---
 .../templates/connect-inject-deployment.yaml  |  5 +++
 .../test/unit/connect-inject-deployment.bats  | 42 +++++++++++++++++++
 charts/consul/values.yaml                     |  8 +++-
 3 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/charts/consul/templates/connect-inject-deployment.yaml b/charts/consul/templates/connect-inject-deployment.yaml
index 9cd4714600..b8982507ed 100644
--- a/charts/consul/templates/connect-inject-deployment.yaml
+++ b/charts/consul/templates/connect-inject-deployment.yaml
@@ -152,6 +152,11 @@ spec:
                 {{- end }}
                 {{- end }}
                 {{- end }}
+                {{- if (eq .Values.global.peering.tokenGeneration.serverAddresses.source "static") }}
+                {{- range $addr := .Values.global.peering.tokenGeneration.serverAddresses.static }}
+                -server-address="{{ $addr }}" \
+                {{- end }}
+                {{- end }}
                 {{- end }}
                 {{- if .Values.global.openshift.enabled }}
                 -enable-openshift \
diff --git a/charts/consul/test/unit/connect-inject-deployment.bats b/charts/consul/test/unit/connect-inject-deployment.bats
index cc45a26b9a..63a221224a 100755
--- a/charts/consul/test/unit/connect-inject-deployment.bats
+++ b/charts/consul/test/unit/connect-inject-deployment.bats
@@ -1941,6 +1941,48 @@ EOF
   [ "${actual}" = "true" ]
 }
 
+@test "connectInject/Deployment: when peering token generation source is static passes in -server-address flags with static addresses" {
+  cd `chart_dir`
+  local command=$(helm template \
+      -s templates/connect-inject-deployment.yaml  \
+      --set 'global.peering.tokenGeneration.serverAddresses.source=static' \
+      --set 'global.peering.tokenGeneration.serverAddresses.static[0]=1.2.3.4:1234' \
+      --set 'global.peering.tokenGeneration.serverAddresses.static[1]=2.2.3.4:2234' \
+      --set 'connectInject.enabled=true' \
+      --set 'global.peering.enabled=true' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.containers[0].command')
+
+  local actual=$(echo $command | jq -r ' . | any(contains("-server-address=\"1.2.3.4:1234\""))' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+
+  local actual=$(echo $command | jq -r ' . | any(contains("-server-address=\"2.2.3.4:2234\""))' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
+@test "connectInject/Deployment: when peering token generation source is static and externalHosts are set, passes in -server-address flags with static addresses, not externalServers.hosts" {
+  cd `chart_dir`
+  local command=$(helm template \
+      -s templates/connect-inject-deployment.yaml  \
+      --set 'server.enabled=false' \
+      --set 'global.peering.tokenGeneration.serverAddresses.source=static' \
+      --set 'global.peering.tokenGeneration.serverAddresses.static[0]=1.2.3.4:1234' \
+      --set 'global.peering.tokenGeneration.serverAddresses.static[1]=2.2.3.4:2234' \
+      --set 'externalServers.enabled=true' \
+      --set 'externalServers.hosts[0]=1.1.1.1' \
+      --set 'externalServers.hosts[1]=2.2.2.2' \
+      --set 'connectInject.enabled=true' \
+      --set 'global.peering.enabled=true' \
+      . | tee /dev/stderr |
+      yq '.spec.template.spec.containers[0].command')
+
+  local actual=$(echo $command | jq -r ' . | any(contains("-server-address=\"1.2.3.4:1234\""))' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+
+  local actual=$(echo $command | jq -r ' . | any(contains("-server-address=\"2.2.3.4:2234\""))' | tee /dev/stderr)
+  [ "${actual}" = "true" ]
+}
+
 #--------------------------------------------------------------------
 # openshift
 
diff --git a/charts/consul/values.yaml b/charts/consul/values.yaml
index 1ebe3c886d..e7501bd279 100644
--- a/charts/consul/values.yaml
+++ b/charts/consul/values.yaml
@@ -36,13 +36,17 @@ global:
     enabled: false
     tokenGeneration:
       serverAddresses:
-        # Source can be set to "" or "consul".
+        # Source can be set to "","consul" or "static".
         #
-        # "" is the default source. If servers are enabled, it will check if server.exposeService is enabled, and read
+        # "" is the default source. If servers are enabled, it will check if `server.exposeService` is enabled, and read
         # the addresses from that service to use as the peering token server addresses.
         #
         # "consul" will use the Consul advertise addresses in the peering token.
+        #
+        # "static" will use the addresses specified in `global.peering.tokenGeneration.serverAddresses.static`.
         source: ""
+        # Static addresses must be formatted "hostname|ip:port".
+        static: []
 
   # [Enterprise Only] Enabling `adminPartitions` allows creation of Admin Partitions in Kubernetes clusters.
   # It additionally indicates that you are running Consul Enterprise v1.11+ with a valid Consul Enterprise