2023-09-11 17:50:52 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: BUSL-1.1
|
|
|
|
|
2023-08-29 15:15:34 +00:00
|
|
|
package proxytracker
|
2023-08-24 22:44:14 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"github.com/hashicorp/consul/acl"
|
2023-10-03 22:02:23 +00:00
|
|
|
"github.com/hashicorp/consul/internal/resource"
|
2023-09-22 16:51:15 +00:00
|
|
|
pbmesh "github.com/hashicorp/consul/proto-public/pbmesh/v2beta1"
|
2023-08-24 22:44:14 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// ProxyState is an implementation of the ProxySnapshot interface for pbmesh.ProxyState.
|
|
|
|
// It is a simple wrapper around pbmesh.ProxyState so that it can be used
|
|
|
|
// by the ProxyWatcher interface in XDS processing. This struct is necessary
|
|
|
|
// because pbmesh.ProxyState is a proto definition and there were complications
|
|
|
|
// adding these functions directly to that proto definition.
|
|
|
|
type ProxyState struct {
|
|
|
|
*pbmesh.ProxyState
|
|
|
|
}
|
|
|
|
|
|
|
|
// TODO(proxystate): need to modify ProxyState to carry a type/kind (connect proxy, mesh gateway, etc.)
|
|
|
|
// for sidecar proxies, all Allow* functions
|
|
|
|
// should return false, but for different gateways we'd need to add it to IR.
|
|
|
|
|
|
|
|
func (p *ProxyState) AllowEmptyListeners() bool {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
func (p *ProxyState) AllowEmptyRoutes() bool {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
func (p *ProxyState) AllowEmptyClusters() bool {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
|
|
|
func (p *ProxyState) Authorize(authz acl.Authorizer) error {
|
2023-10-03 22:02:23 +00:00
|
|
|
// authorize for mesh proxies.
|
|
|
|
// TODO(proxystate): implement differently for gateways
|
|
|
|
allow := authz.ToAllowAuthorizer()
|
|
|
|
if err := allow.IdentityWriteAllowed(p.Identity.Name, resource.AuthorizerContext(p.Identity.Tenancy)); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2023-08-24 22:44:14 +00:00
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (p *ProxyState) LoggerName() string {
|
|
|
|
return ""
|
|
|
|
}
|