hashicorp · DanStough · Sep 13, 2022 · Sep 2, 2022
diff --git a/agent/structs/config_entry_mesh.go b/agent/structs/config_entry_mesh.go
@@ -17,6 +17,8 @@ type MeshConfigEntry struct {
 
 	HTTP *MeshHTTPConfig `json:",omitempty"`
 
+	Peering *PeeringMeshConfig `json:",omitempty"`
+
 	Meta               map[string]string `json:",omitempty"`
 	acl.EnterpriseMeta `hcl:",squash" mapstructure:",squash"`
 	RaftIndex
@@ -48,6 +50,16 @@ type MeshHTTPConfig struct {
 	SanitizeXForwardedClientCert bool `alias:"sanitize_x_forwarded_client_cert"`
 }
 
+// PeeringMeshConfig contains cluster-wide options pertaining to peering.
+type PeeringMeshConfig struct {
+	// PeerThroughMeshGateways determines whether peering traffic between
+	// control planes should flow through mesh gateways. If enabled,
+	// Consul servers will advertise mesh gateway addresses as their own.
+	// Additionally, mesh gateways will configure themselves to expose
+	// the local servers using a peering-specific SNI.
+	PeerThroughMeshGateways bool `alias:"peer_through_mesh_gateways"`
+}
+
 func (e *MeshConfigEntry) GetKind() string {
 	return MeshConfig
 }

diff --git a/agent/structs/config_entry_test.go b/agent/structs/config_entry_test.go
@@ -1815,6 +1815,9 @@ func TestDecodeConfigEntry(t *testing.T) {
 				http {
 					sanitize_x_forwarded_client_cert = true
 				}
+				peering {
+					peer_through_mesh_gateways = true
+				}
 			`,
 			camel: `
 				Kind = "mesh"
@@ -1845,7 +1848,10 @@ func TestDecodeConfigEntry(t *testing.T) {
 				}
 				HTTP {
 					SanitizeXForwardedClientCert = true
-				}	
+				}
+				Peering {
+					PeerThroughMeshGateways = true
+				}
 			`,
 			expect: &MeshConfigEntry{
 				Meta: map[string]string{
@@ -1876,6 +1882,9 @@ func TestDecodeConfigEntry(t *testing.T) {
 				HTTP: &MeshHTTPConfig{
 					SanitizeXForwardedClientCert: true,
 				},
+				Peering: &PeeringMeshConfig{
+					PeerThroughMeshGateways: true,
+				},
 			},
 		},
 		{

diff --git a/api/config_entry_mesh.go b/api/config_entry_mesh.go
@@ -23,6 +23,8 @@ type MeshConfigEntry struct {
 
 	HTTP *MeshHTTPConfig `json:",omitempty"`
 
+	Peering *PeeringMeshConfig `json:",omitempty"`
+
 	Meta map[string]string `json:",omitempty"`
 
 	// CreateIndex is the Raft index this entry was created at. This is a
@@ -54,6 +56,10 @@ type MeshHTTPConfig struct {
 	SanitizeXForwardedClientCert bool `alias:"sanitize_x_forwarded_client_cert"`
 }
 
+type PeeringMeshConfig struct {
+	PeerThroughMeshGateways bool `json:",omitempty" alias:"peer_through_mesh_gateways"`
+}
+
 func (e *MeshConfigEntry) GetKind() string            { return MeshConfig }
 func (e *MeshConfigEntry) GetName() string            { return MeshConfigMesh }
 func (e *MeshConfigEntry) GetPartition() string       { return e.Partition }

diff --git a/api/config_entry_test.go b/api/config_entry_test.go
@@ -1314,6 +1314,9 @@ func TestDecodeConfigEntry(t *testing.T) {
 				},
 				"HTTP": {
 					"SanitizeXForwardedClientCert": true
+				},
+				"Peering": {
+					"PeerThroughMeshGateways": true
 				}
 			}
 			`,
@@ -1346,6 +1349,9 @@ func TestDecodeConfigEntry(t *testing.T) {
 				HTTP: &MeshHTTPConfig{
 					SanitizeXForwardedClientCert: true,
 				},
+				Peering: &PeeringMeshConfig{
+					PeerThroughMeshGateways: true,
+				},
 			},
 		},
 	} {