Migrate intentions from legacy intentions to config entries

acceptance/tests/connect/connect_helper.go

@@ -87,10 +87,15 @@ func ConnectInjectConnectivityCheck(t *testing.T, ctx environment.TestContext, c
 		}
 
 		logger.Log(t, "creating intention")
-		_, err := consulClient.Connect().IntentionUpsert(&api.Intention{
-			SourceName:      staticClientName,
-			DestinationName: staticServerName,
-			Action:          api.IntentionActionAllow,
+		_, _, err := consulClient.ConfigEntries().Set(&api.ServiceIntentionsConfigEntry{
+			Kind: api.ServiceIntentions,
+			Name: staticServerName,
+			Sources: []*api.SourceIntention{
+				{
+					Name:   staticClientName,
+					Action: api.IntentionActionAllow,
+				},
+			},
 		}, nil)
 		require.NoError(t, err)
 	}

acceptance/tests/connect/connect_inject_namespaces_test.go

@@ -182,23 +182,28 @@ func TestConnectInjectNamespaces(t *testing.T) {
 					k8s.CheckStaticServerConnectionFailing(t, staticClientOpts, "http://localhost:1234")
 				}
 
-				intention := &api.Intention{
-					SourceName:      staticClientName,
-					SourceNS:        staticClientNamespace,
-					DestinationName: staticServerName,
-					DestinationNS:   staticServerNamespace,
-					Action:          api.IntentionActionAllow,
+				intention := &api.ServiceIntentionsConfigEntry{
+					Kind:      api.ServiceIntentions,
+					Name:      staticServerName,
+					Namespace: staticServerNamespace,
+					Sources: []*api.SourceIntention{
+						{
+							Name:      staticClientName,
+							Namespace: staticClientNamespace,
+							Action:    api.IntentionActionAllow,
+						},
+					},
 				}
 
 				// Set the destination namespace to be the same
 				// unless mirrorK8S is true.
 				if !c.mirrorK8S {
-					intention.SourceNS = c.destinationNamespace
-					intention.DestinationNS = c.destinationNamespace
+					intention.Namespace = c.destinationNamespace
+					intention.Sources[0].Namespace = c.destinationNamespace
 				}
 
 				logger.Log(t, "creating intention")
-				_, err := consulClient.Connect().IntentionUpsert(intention, nil)
+				_, _, err := consulClient.ConfigEntries().Set(intention, nil)
 				require.NoError(t, err)
 			}
 

acceptance/tests/ingress-gateway/ingress_gateway_namespaces_test.go

@@ -132,12 +132,17 @@ func TestIngressGatewaySingleNamespace(t *testing.T) {
 
 				// Now we create the allow intention.
 				logger.Log(t, "creating ingress-gateway => static-server intention")
-				_, err = consulClient.Connect().IntentionUpsert(&api.Intention{
-					SourceName:      "ingress-gateway",
-					SourceNS:        testNamespace,
-					DestinationName: "static-server",
-					DestinationNS:   testNamespace,
-					Action:          api.IntentionActionAllow,
+				_, _, err = consulClient.ConfigEntries().Set(&api.ServiceIntentionsConfigEntry{
+					Kind:      api.ServiceIntentions,
+					Name:      "static-server",
+					Namespace: testNamespace,
+					Sources: []*api.SourceIntention{
+						{
+							Name:      "ingress-gateway",
+							Namespace: testNamespace,
+							Action:    api.IntentionActionAllow,
+						},
+					},
 				}, nil)
 				require.NoError(t, err)
 			}
@@ -252,12 +257,17 @@ func TestIngressGatewayNamespaceMirroring(t *testing.T) {
 
 				// Now we create the allow intention.
 				logger.Log(t, "creating ingress-gateway => static-server intention")
-				_, err = consulClient.Connect().IntentionUpsert(&api.Intention{
-					SourceName:      "ingress-gateway",
-					SourceNS:        "default",
-					DestinationName: "static-server",
-					DestinationNS:   testNamespace,
-					Action:          api.IntentionActionAllow,
+				_, _, err = consulClient.ConfigEntries().Set(&api.ServiceIntentionsConfigEntry{
+					Kind:      api.ServiceIntentions,
+					Name:      "static-server",
+					Namespace: testNamespace,
+					Sources: []*api.SourceIntention{
+						{
+							Name:      "ingress-gateway",
+							Namespace: "default",
+							Action:    api.IntentionActionAllow,
+						},
+					},
 				}, nil)
 				require.NoError(t, err)
 			}

acceptance/tests/ingress-gateway/ingress_gateway_test.go

@@ -96,10 +96,15 @@ func TestIngressGateway(t *testing.T) {
 
 				// Now we create the allow intention.
 				logger.Log(t, "creating ingress-gateway => static-server intention")
-				_, err = consulClient.Connect().IntentionUpsert(&api.Intention{
-					SourceName:      "ingress-gateway",
-					DestinationName: "static-server",
-					Action:          api.IntentionActionAllow,
+				_, _, err = consulClient.ConfigEntries().Set(&api.ServiceIntentionsConfigEntry{
+					Kind: api.ServiceIntentions,
+					Name: "static-server",
+					Sources: []*api.SourceIntention{
+						{
+							Name:   "ingress-gateway",
+							Action: api.IntentionActionAllow,
+						},
+					},
 				}, nil)
 				require.NoError(t, err)
 			}

acceptance/tests/mesh-gateway/mesh_gateway_test.go

@@ -249,10 +249,15 @@ func TestMeshGatewaySecure(t *testing.T) {
 			k8s.DeployKustomize(t, primaryContext.KubectlOptions(t), cfg.NoCleanupOnFailure, cfg.DebugDirectory, "../fixtures/cases/static-client-multi-dc")
 
 			logger.Log(t, "creating intention")
-			_, err = primaryClient.Connect().IntentionUpsert(&api.Intention{
-				SourceName:      staticClientName,
-				DestinationName: "static-server",
-				Action:          api.IntentionActionAllow,
+			_, _, err = primaryClient.ConfigEntries().Set(&api.ServiceIntentionsConfigEntry{
+				Kind: api.ServiceIntentions,
+				Name: "static-server",
+				Sources: []*api.SourceIntention{
+					{
+						Name:   staticClientName,
+						Action: api.IntentionActionAllow,
+					},
+				},
 			}, nil)
 			require.NoError(t, err)
 

acceptance/tests/partitions/partitions_test.go

@@ -425,25 +425,30 @@ func TestPartitions(t *testing.T) {
 					k8s.CheckStaticServerConnectionFailing(t, serverClusterStaticClientOpts, "http://localhost:1234")
 					k8s.CheckStaticServerConnectionFailing(t, clientClusterStaticClientOpts, "http://localhost:1234")
 
-					intention := &api.Intention{
-						SourceName:      staticClientName,
-						SourceNS:        staticClientNamespace,
-						DestinationName: staticServerName,
-						DestinationNS:   staticServerNamespace,
-						Action:          api.IntentionActionAllow,
+					intention := &api.ServiceIntentionsConfigEntry{
+						Kind:      api.ServiceIntentions,
+						Name:      staticServerName,
+						Namespace: staticServerNamespace,
+						Sources: []*api.SourceIntention{
+							{
+								Name:      staticClientName,
+								Namespace: staticClientNamespace,
+								Action:    api.IntentionActionAllow,
+							},
+						},
 					}
 
 					// Set the destination namespace to be the same
 					// unless mirrorK8S is true.
 					if !c.mirrorK8S {
-						intention.SourceNS = c.destinationNamespace
-						intention.DestinationNS = c.destinationNamespace
+						intention.Namespace = c.destinationNamespace
+						intention.Sources[0].Namespace = c.destinationNamespace
 					}
 
 					logger.Log(t, "creating intention")
-					_, err := consulClient.Connect().IntentionUpsert(intention, &api.WriteOptions{Partition: defaultPartition})
+					_, _, err := consulClient.ConfigEntries().Set(intention, &api.WriteOptions{Partition: defaultPartition})
 					require.NoError(t, err)
-					_, err = consulClient.Connect().IntentionUpsert(intention, &api.WriteOptions{Partition: secondaryPartition})
+					_, _, err = consulClient.ConfigEntries().Set(intention, &api.WriteOptions{Partition: secondaryPartition})
 					require.NoError(t, err)
 				}
 

acceptance/tests/terminating-gateway/terminating_gateway_test.go

@@ -194,12 +194,17 @@ func assertNoConnectionAndAddIntention(t *testing.T, consulClient *api.Client, k
 	k8s.CheckStaticServerConnectionFailing(t, k8sOptions, "http://localhost:1234")
 
 	logger.Log(t, "creating static-client => static-server intention")
-	_, err := consulClient.Connect().IntentionUpsert(&api.Intention{
-		SourceName:      staticClientName,
-		SourceNS:        sourceNS,
-		DestinationName: staticServerName,
-		DestinationNS:   destinationNS,
-		Action:          api.IntentionActionAllow,
+	_, _, err := consulClient.ConfigEntries().Set(&api.ServiceIntentionsConfigEntry{
+		Kind:      api.ServiceIntentions,
+		Name:      staticServerName,
+		Namespace: destinationNS,
+		Sources: []*api.SourceIntention{
+			{
+				Name:      staticClientName,
+				Namespace: sourceNS,
+				Action:    api.IntentionActionAllow,
+			},
+		},
 	}, nil)
 	require.NoError(t, err)
 }