feat(api/consul): allow configuring identities for sidecar_task

[3nprob]

Description

Allow configuring non-default identity for sidecar_task.

Testing & Reproduction steps

Sample job spec excerpt:

job "foo" {
  group "foo" {
    consul {}
    service {
      identity {
        aud = ["consul.io"]
      }
      connect {
        sidecar_service {}
        sidecar_task {
          identity {
            aud = ["consul.io"]
          }
        }
      }
    }
    task "foo" {
      # ...
    }
  }
}

Links

• Allow identity blocks in sidecar_task blocks #24660

Contributor Checklist

• Changelog Entry If this PR changes user-facing behavior, please generate and add a
  changelog entry using the make cl command.
• Testing Please add tests to cover any new functionality or to demonstrate bug fixes and
  ensure regressions will be caught.
• Documentation If the change impacts user-facing functionality such as the CLI, API, UI,
  and job configuration, please update the Nomad website documentation to reflect this. Refer to
  the website README for docs guidelines. Please also consider whether the
  change requires notes within the upgrade guide.

Reviewer Checklist

• Backport Labels Please add the correct backport labels as described by the internal
  backporting document.
• Commit Type Ensure the correct merge method is selected which should be "squash and merge"
  in the majority of situations. The main exceptions are long-lived feature branches or merges where
  history should be preserved.
• Enterprise PRs If this is an enterprise only PR, please add any required changelog entry
  within the public repository.

[hashicorp-cla-app]

All committers have signed the CLA.

[hashicorp-cla-app]

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

---

3np seems not to be a GitHub user.
You need a GitHub account to be able to sign the CLA.
If you have already a GitHub account, please add the email address used for this commit to your account.

_{Have you signed the CLA already but the status is still pending? Recheck it.}

[3nprob]

This has been manually tested. ✔️

[aimeeu]

Thanks for updating the docs. Approving the docs content only.

[3nprob]

Rebased on main and had to resolve merge-conflict in docs. No further changes.

[aimeeu]

Docs approval

[jrasell]

Hi @3nprob and thanks for raising this PR.

Before I perform manual testing and thorough code review, would it be possible to add units tests for the new functionality covered? Once these are added I'll go ahead and review. Thanks.

[3nprob]

Hi @3nprob and thanks for raising this PR.

Before I perform manual testing and thorough code review, would it be possible to add units tests for the new functionality covered?

I did add a unit test for the api change just now. In case that is insufficient, could you point me to:

• Which additional test units you expect to be updated?
• How to run those locally?
  • make test and make test-nomad yield a lot of unrelated failures for me (missing deps and other assumptions not holding here) and as I def won't have time to sort out the entire integration suite locally it would be helpful to know what is expected to change/pass.

[jrasell]

Hi @3nprob; some of the initial entry points to check out:

• TestJobDiff
• TestSidecarTask_Equal
• TestConversion_apiConnectSidecarTaskToStructs

The CopySliceWorkloadIdentity should be tested to ensure all objects are copied correctly and that we have a new object (not the same memory address). e2e testing would also be nice, but certainly something I would not block the PR on at this stage.

In order to target tests to run, Go supports a-run flag within go test that can be used: https://pkg.go.dev/cmd/go#hdr-Testing_flags

If you have any problems please let me know and I'll be happy to help. I can also work on pushing tests to this PR if you want, just let me know.

[3nprob]

In order to target tests to run, Go supports a-run flag within go test that can be used: https://pkg.go.dev/cmd/go#hdr-Testing_flags

Probably skill issue on my end but what is the actual arguments to pass for this project? E.g. to run the test I added and/or the ones you listed above?

Attempts yield all-or-nothing so far:

$ go test -v -run '.*'
testing: warning: no tests to run
PASS
ok      github.com/hashicorp/nomad      0.300s

Getting same for .*/.*, .*/.*/.*, etc.

go test -list just showing the one top-level:

$ go test -list
ok     github.com/hashicorp/nomad      0.203s

go test -list '.*' ./... takes ~5 min and lists a bunch but no TestSidecarTask_Canonicalize.

If you have any problems please let me know and I'll be happy to help. I can also work on pushing tests to this PR if you want, just let me know.

That would also be super helpful!

[3nprob]

@jrasell PTAL

[3nprob]

Realistic hoping for this to land on CE 1.10?