mirror of https://github.com/status-im/consul.git
agent: rename test to check
This commit is contained in:
parent
d1c21a8629
commit
0accfc1628
|
@ -254,24 +254,24 @@ func (s *Intention) Match(
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Test tests a source/destination and returns whether it would be allowed
|
// Check tests a source/destination and returns whether it would be allowed
|
||||||
// or denied based on the current ACL configuration.
|
// or denied based on the current ACL configuration.
|
||||||
//
|
//
|
||||||
// Note: Whenever the logic for this method is changed, you should take
|
// Note: Whenever the logic for this method is changed, you should take
|
||||||
// a look at the agent authorize endpoint (agent/agent_endpoint.go) since
|
// a look at the agent authorize endpoint (agent/agent_endpoint.go) since
|
||||||
// the logic there is similar.
|
// the logic there is similar.
|
||||||
func (s *Intention) Test(
|
func (s *Intention) Check(
|
||||||
args *structs.IntentionQueryRequest,
|
args *structs.IntentionQueryRequest,
|
||||||
reply *structs.IntentionQueryTestResponse) error {
|
reply *structs.IntentionQueryCheckResponse) error {
|
||||||
// Forward maybe
|
// Forward maybe
|
||||||
if done, err := s.srv.forward("Intention.Test", args, args, reply); done {
|
if done, err := s.srv.forward("Intention.Check", args, args, reply); done {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the test args, and defensively guard against nil
|
// Get the test args, and defensively guard against nil
|
||||||
query := args.Test
|
query := args.Check
|
||||||
if query == nil {
|
if query == nil {
|
||||||
return errors.New("Test must be specified on args")
|
return errors.New("Check must be specified on args")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Build the URI
|
// Build the URI
|
||||||
|
@ -322,7 +322,7 @@ func (s *Intention) Test(
|
||||||
return errors.New("internal error loading matches")
|
return errors.New("internal error loading matches")
|
||||||
}
|
}
|
||||||
|
|
||||||
// Test the authorization for each match
|
// Check the authorization for each match
|
||||||
for _, ixn := range matches[0] {
|
for _, ixn := range matches[0] {
|
||||||
if auth, ok := uri.Authorize(ixn); ok {
|
if auth, ok := uri.Authorize(ixn); ok {
|
||||||
reply.Allowed = auth
|
reply.Allowed = auth
|
||||||
|
|
|
@ -1009,8 +1009,8 @@ service "bar" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Test the Test method defaults to allow with no ACL set.
|
// Test the Check method defaults to allow with no ACL set.
|
||||||
func TestIntentionTest_defaultNoACL(t *testing.T) {
|
func TestIntentionCheck_defaultNoACL(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
require := require.New(t)
|
require := require.New(t)
|
||||||
|
@ -1025,7 +1025,7 @@ func TestIntentionTest_defaultNoACL(t *testing.T) {
|
||||||
// Test
|
// Test
|
||||||
req := &structs.IntentionQueryRequest{
|
req := &structs.IntentionQueryRequest{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Test: &structs.IntentionQueryTest{
|
Check: &structs.IntentionQueryCheck{
|
||||||
SourceNS: "foo",
|
SourceNS: "foo",
|
||||||
SourceName: "bar",
|
SourceName: "bar",
|
||||||
DestinationNS: "foo",
|
DestinationNS: "foo",
|
||||||
|
@ -1033,13 +1033,13 @@ func TestIntentionTest_defaultNoACL(t *testing.T) {
|
||||||
SourceType: structs.IntentionSourceConsul,
|
SourceType: structs.IntentionSourceConsul,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
var resp structs.IntentionQueryTestResponse
|
var resp structs.IntentionQueryCheckResponse
|
||||||
require.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Test", req, &resp))
|
require.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Check", req, &resp))
|
||||||
require.True(resp.Allowed)
|
require.True(resp.Allowed)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Test the Test method defaults to deny with whitelist ACLs.
|
// Test the Check method defaults to deny with whitelist ACLs.
|
||||||
func TestIntentionTest_defaultACLDeny(t *testing.T) {
|
func TestIntentionCheck_defaultACLDeny(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
require := require.New(t)
|
require := require.New(t)
|
||||||
|
@ -1055,10 +1055,10 @@ func TestIntentionTest_defaultACLDeny(t *testing.T) {
|
||||||
|
|
||||||
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
||||||
|
|
||||||
// Test
|
// Check
|
||||||
req := &structs.IntentionQueryRequest{
|
req := &structs.IntentionQueryRequest{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Test: &structs.IntentionQueryTest{
|
Check: &structs.IntentionQueryCheck{
|
||||||
SourceNS: "foo",
|
SourceNS: "foo",
|
||||||
SourceName: "bar",
|
SourceName: "bar",
|
||||||
DestinationNS: "foo",
|
DestinationNS: "foo",
|
||||||
|
@ -1067,13 +1067,13 @@ func TestIntentionTest_defaultACLDeny(t *testing.T) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
req.Token = "root"
|
req.Token = "root"
|
||||||
var resp structs.IntentionQueryTestResponse
|
var resp structs.IntentionQueryCheckResponse
|
||||||
require.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Test", req, &resp))
|
require.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Check", req, &resp))
|
||||||
require.False(resp.Allowed)
|
require.False(resp.Allowed)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Test the Test method defaults to deny with blacklist ACLs.
|
// Test the Check method defaults to deny with blacklist ACLs.
|
||||||
func TestIntentionTest_defaultACLAllow(t *testing.T) {
|
func TestIntentionCheck_defaultACLAllow(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
require := require.New(t)
|
require := require.New(t)
|
||||||
|
@ -1089,10 +1089,10 @@ func TestIntentionTest_defaultACLAllow(t *testing.T) {
|
||||||
|
|
||||||
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
testrpc.WaitForLeader(t, s1.RPC, "dc1")
|
||||||
|
|
||||||
// Test
|
// Check
|
||||||
req := &structs.IntentionQueryRequest{
|
req := &structs.IntentionQueryRequest{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Test: &structs.IntentionQueryTest{
|
Check: &structs.IntentionQueryCheck{
|
||||||
SourceNS: "foo",
|
SourceNS: "foo",
|
||||||
SourceName: "bar",
|
SourceName: "bar",
|
||||||
DestinationNS: "foo",
|
DestinationNS: "foo",
|
||||||
|
@ -1101,13 +1101,13 @@ func TestIntentionTest_defaultACLAllow(t *testing.T) {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
req.Token = "root"
|
req.Token = "root"
|
||||||
var resp structs.IntentionQueryTestResponse
|
var resp structs.IntentionQueryCheckResponse
|
||||||
require.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Test", req, &resp))
|
require.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Check", req, &resp))
|
||||||
require.True(resp.Allowed)
|
require.True(resp.Allowed)
|
||||||
}
|
}
|
||||||
|
|
||||||
// Test the Test method requires service:read permission.
|
// Test the Check method requires service:read permission.
|
||||||
func TestIntentionTest_aclDeny(t *testing.T) {
|
func TestIntentionCheck_aclDeny(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
require := require.New(t)
|
require := require.New(t)
|
||||||
|
@ -1144,10 +1144,10 @@ service "bar" {
|
||||||
require.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
|
require.Nil(msgpackrpc.CallWithCodec(codec, "ACL.Apply", &req, &token))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Test
|
// Check
|
||||||
req := &structs.IntentionQueryRequest{
|
req := &structs.IntentionQueryRequest{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Test: &structs.IntentionQueryTest{
|
Check: &structs.IntentionQueryCheck{
|
||||||
SourceNS: "foo",
|
SourceNS: "foo",
|
||||||
SourceName: "qux",
|
SourceName: "qux",
|
||||||
DestinationNS: "foo",
|
DestinationNS: "foo",
|
||||||
|
@ -1156,13 +1156,13 @@ service "bar" {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
req.Token = token
|
req.Token = token
|
||||||
var resp structs.IntentionQueryTestResponse
|
var resp structs.IntentionQueryCheckResponse
|
||||||
err := msgpackrpc.CallWithCodec(codec, "Intention.Test", req, &resp)
|
err := msgpackrpc.CallWithCodec(codec, "Intention.Check", req, &resp)
|
||||||
require.True(acl.IsErrPermissionDenied(err))
|
require.True(acl.IsErrPermissionDenied(err))
|
||||||
}
|
}
|
||||||
|
|
||||||
// Test the Test method returns allow/deny properly.
|
// Test the Check method returns allow/deny properly.
|
||||||
func TestIntentionTest_match(t *testing.T) {
|
func TestIntentionCheck_match(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
require := require.New(t)
|
require := require.New(t)
|
||||||
|
@ -1227,10 +1227,10 @@ service "bar" {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Test
|
// Check
|
||||||
req := &structs.IntentionQueryRequest{
|
req := &structs.IntentionQueryRequest{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Test: &structs.IntentionQueryTest{
|
Check: &structs.IntentionQueryCheck{
|
||||||
SourceNS: "foo",
|
SourceNS: "foo",
|
||||||
SourceName: "qux",
|
SourceName: "qux",
|
||||||
DestinationNS: "foo",
|
DestinationNS: "foo",
|
||||||
|
@ -1239,15 +1239,15 @@ service "bar" {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
req.Token = token
|
req.Token = token
|
||||||
var resp structs.IntentionQueryTestResponse
|
var resp structs.IntentionQueryCheckResponse
|
||||||
require.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Test", req, &resp))
|
require.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Check", req, &resp))
|
||||||
require.True(resp.Allowed)
|
require.True(resp.Allowed)
|
||||||
|
|
||||||
// Test no match for sanity
|
// Test no match for sanity
|
||||||
{
|
{
|
||||||
req := &structs.IntentionQueryRequest{
|
req := &structs.IntentionQueryRequest{
|
||||||
Datacenter: "dc1",
|
Datacenter: "dc1",
|
||||||
Test: &structs.IntentionQueryTest{
|
Check: &structs.IntentionQueryCheck{
|
||||||
SourceNS: "baz",
|
SourceNS: "baz",
|
||||||
SourceName: "qux",
|
SourceName: "qux",
|
||||||
DestinationNS: "foo",
|
DestinationNS: "foo",
|
||||||
|
@ -1256,8 +1256,8 @@ service "bar" {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
req.Token = token
|
req.Token = token
|
||||||
var resp structs.IntentionQueryTestResponse
|
var resp structs.IntentionQueryCheckResponse
|
||||||
require.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Test", req, &resp))
|
require.Nil(msgpackrpc.CallWithCodec(codec, "Intention.Check", req, &resp))
|
||||||
require.False(resp.Allowed)
|
require.False(resp.Allowed)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -48,7 +48,7 @@ func init() {
|
||||||
registerEndpoint("/v1/connect/ca/roots", []string{"GET"}, (*HTTPServer).ConnectCARoots)
|
registerEndpoint("/v1/connect/ca/roots", []string{"GET"}, (*HTTPServer).ConnectCARoots)
|
||||||
registerEndpoint("/v1/connect/intentions", []string{"GET", "POST"}, (*HTTPServer).IntentionEndpoint)
|
registerEndpoint("/v1/connect/intentions", []string{"GET", "POST"}, (*HTTPServer).IntentionEndpoint)
|
||||||
registerEndpoint("/v1/connect/intentions/match", []string{"GET"}, (*HTTPServer).IntentionMatch)
|
registerEndpoint("/v1/connect/intentions/match", []string{"GET"}, (*HTTPServer).IntentionMatch)
|
||||||
registerEndpoint("/v1/connect/intentions/test", []string{"GET"}, (*HTTPServer).IntentionTest)
|
registerEndpoint("/v1/connect/intentions/check", []string{"GET"}, (*HTTPServer).IntentionCheck)
|
||||||
registerEndpoint("/v1/connect/intentions/", []string{"GET", "PUT", "DELETE"}, (*HTTPServer).IntentionSpecific)
|
registerEndpoint("/v1/connect/intentions/", []string{"GET", "PUT", "DELETE"}, (*HTTPServer).IntentionSpecific)
|
||||||
registerEndpoint("/v1/coordinate/datacenters", []string{"GET"}, (*HTTPServer).CoordinateDatacenters)
|
registerEndpoint("/v1/coordinate/datacenters", []string{"GET"}, (*HTTPServer).CoordinateDatacenters)
|
||||||
registerEndpoint("/v1/coordinate/nodes", []string{"GET"}, (*HTTPServer).CoordinateNodes)
|
registerEndpoint("/v1/coordinate/nodes", []string{"GET"}, (*HTTPServer).CoordinateNodes)
|
||||||
|
|
|
@ -123,9 +123,9 @@ func (s *HTTPServer) IntentionMatch(resp http.ResponseWriter, req *http.Request)
|
||||||
}
|
}
|
||||||
|
|
||||||
// GET /v1/connect/intentions/test
|
// GET /v1/connect/intentions/test
|
||||||
func (s *HTTPServer) IntentionTest(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
func (s *HTTPServer) IntentionCheck(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
||||||
// Prepare args
|
// Prepare args
|
||||||
args := &structs.IntentionQueryRequest{Test: &structs.IntentionQueryTest{}}
|
args := &structs.IntentionQueryRequest{Check: &structs.IntentionQueryCheck{}}
|
||||||
if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
|
if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
@ -133,9 +133,9 @@ func (s *HTTPServer) IntentionTest(resp http.ResponseWriter, req *http.Request)
|
||||||
q := req.URL.Query()
|
q := req.URL.Query()
|
||||||
|
|
||||||
// Set the source type if set
|
// Set the source type if set
|
||||||
args.Test.SourceType = structs.IntentionSourceConsul
|
args.Check.SourceType = structs.IntentionSourceConsul
|
||||||
if sourceType, ok := q["source-type"]; ok && len(sourceType) > 0 {
|
if sourceType, ok := q["source-type"]; ok && len(sourceType) > 0 {
|
||||||
args.Test.SourceType = structs.IntentionSourceType(sourceType[0])
|
args.Check.SourceType = structs.IntentionSourceType(sourceType[0])
|
||||||
}
|
}
|
||||||
|
|
||||||
// Extract the source/destination
|
// Extract the source/destination
|
||||||
|
@ -149,14 +149,14 @@ func (s *HTTPServer) IntentionTest(resp http.ResponseWriter, req *http.Request)
|
||||||
}
|
}
|
||||||
|
|
||||||
// We parse them the same way as matches to extract namespace/name
|
// We parse them the same way as matches to extract namespace/name
|
||||||
args.Test.SourceName = source[0]
|
args.Check.SourceName = source[0]
|
||||||
if args.Test.SourceType == structs.IntentionSourceConsul {
|
if args.Check.SourceType == structs.IntentionSourceConsul {
|
||||||
entry, err := parseIntentionMatchEntry(source[0])
|
entry, err := parseIntentionMatchEntry(source[0])
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("source %q is invalid: %s", source[0], err)
|
return nil, fmt.Errorf("source %q is invalid: %s", source[0], err)
|
||||||
}
|
}
|
||||||
args.Test.SourceNS = entry.Namespace
|
args.Check.SourceNS = entry.Namespace
|
||||||
args.Test.SourceName = entry.Name
|
args.Check.SourceName = entry.Name
|
||||||
}
|
}
|
||||||
|
|
||||||
// The destination is always in the Consul format
|
// The destination is always in the Consul format
|
||||||
|
@ -164,11 +164,11 @@ func (s *HTTPServer) IntentionTest(resp http.ResponseWriter, req *http.Request)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("destination %q is invalid: %s", destination[0], err)
|
return nil, fmt.Errorf("destination %q is invalid: %s", destination[0], err)
|
||||||
}
|
}
|
||||||
args.Test.DestinationNS = entry.Namespace
|
args.Check.DestinationNS = entry.Namespace
|
||||||
args.Test.DestinationName = entry.Name
|
args.Check.DestinationName = entry.Name
|
||||||
|
|
||||||
var reply structs.IntentionQueryTestResponse
|
var reply structs.IntentionQueryCheckResponse
|
||||||
if err := s.agent.RPC("Intention.Test", args, &reply); err != nil {
|
if err := s.agent.RPC("Intention.Check", args, &reply); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -181,7 +181,7 @@ func TestIntentionsMatch_noName(t *testing.T) {
|
||||||
assert.Nil(obj)
|
assert.Nil(obj)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestIntentionsTest_basic(t *testing.T) {
|
func TestIntentionsCheck_basic(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
require := require.New(t)
|
require := require.New(t)
|
||||||
|
@ -219,9 +219,9 @@ func TestIntentionsTest_basic(t *testing.T) {
|
||||||
req, _ := http.NewRequest("GET",
|
req, _ := http.NewRequest("GET",
|
||||||
"/v1/connect/intentions/test?source=foo/bar&destination=foo/baz", nil)
|
"/v1/connect/intentions/test?source=foo/bar&destination=foo/baz", nil)
|
||||||
resp := httptest.NewRecorder()
|
resp := httptest.NewRecorder()
|
||||||
obj, err := a.srv.IntentionTest(resp, req)
|
obj, err := a.srv.IntentionCheck(resp, req)
|
||||||
require.Nil(err)
|
require.Nil(err)
|
||||||
value := obj.(*structs.IntentionQueryTestResponse)
|
value := obj.(*structs.IntentionQueryCheckResponse)
|
||||||
require.False(value.Allowed)
|
require.False(value.Allowed)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -230,14 +230,14 @@ func TestIntentionsTest_basic(t *testing.T) {
|
||||||
req, _ := http.NewRequest("GET",
|
req, _ := http.NewRequest("GET",
|
||||||
"/v1/connect/intentions/test?source=foo/bar&destination=bar/qux", nil)
|
"/v1/connect/intentions/test?source=foo/bar&destination=bar/qux", nil)
|
||||||
resp := httptest.NewRecorder()
|
resp := httptest.NewRecorder()
|
||||||
obj, err := a.srv.IntentionTest(resp, req)
|
obj, err := a.srv.IntentionCheck(resp, req)
|
||||||
require.Nil(err)
|
require.Nil(err)
|
||||||
value := obj.(*structs.IntentionQueryTestResponse)
|
value := obj.(*structs.IntentionQueryCheckResponse)
|
||||||
require.True(value.Allowed)
|
require.True(value.Allowed)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestIntentionsTest_noSource(t *testing.T) {
|
func TestIntentionsCheck_noSource(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
require := require.New(t)
|
require := require.New(t)
|
||||||
|
@ -248,13 +248,13 @@ func TestIntentionsTest_noSource(t *testing.T) {
|
||||||
req, _ := http.NewRequest("GET",
|
req, _ := http.NewRequest("GET",
|
||||||
"/v1/connect/intentions/test?destination=B", nil)
|
"/v1/connect/intentions/test?destination=B", nil)
|
||||||
resp := httptest.NewRecorder()
|
resp := httptest.NewRecorder()
|
||||||
obj, err := a.srv.IntentionTest(resp, req)
|
obj, err := a.srv.IntentionCheck(resp, req)
|
||||||
require.NotNil(err)
|
require.NotNil(err)
|
||||||
require.Contains(err.Error(), "'source' not set")
|
require.Contains(err.Error(), "'source' not set")
|
||||||
require.Nil(obj)
|
require.Nil(obj)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestIntentionsTest_noDestination(t *testing.T) {
|
func TestIntentionsCheck_noDestination(t *testing.T) {
|
||||||
t.Parallel()
|
t.Parallel()
|
||||||
|
|
||||||
require := require.New(t)
|
require := require.New(t)
|
||||||
|
@ -265,7 +265,7 @@ func TestIntentionsTest_noDestination(t *testing.T) {
|
||||||
req, _ := http.NewRequest("GET",
|
req, _ := http.NewRequest("GET",
|
||||||
"/v1/connect/intentions/test?source=B", nil)
|
"/v1/connect/intentions/test?source=B", nil)
|
||||||
resp := httptest.NewRecorder()
|
resp := httptest.NewRecorder()
|
||||||
obj, err := a.srv.IntentionTest(resp, req)
|
obj, err := a.srv.IntentionCheck(resp, req)
|
||||||
require.NotNil(err)
|
require.NotNil(err)
|
||||||
require.Contains(err.Error(), "'destination' not set")
|
require.Contains(err.Error(), "'destination' not set")
|
||||||
require.Nil(obj)
|
require.Nil(obj)
|
||||||
|
|
|
@ -261,9 +261,9 @@ type IntentionQueryRequest struct {
|
||||||
// resolving wildcards.
|
// resolving wildcards.
|
||||||
Match *IntentionQueryMatch
|
Match *IntentionQueryMatch
|
||||||
|
|
||||||
// Test is non-nil if we're performing a test query. A test will
|
// Check is non-nil if we're performing a test query. A test will
|
||||||
// return allowed/deny based on an exact match.
|
// return allowed/deny based on an exact match.
|
||||||
Test *IntentionQueryTest
|
Check *IntentionQueryCheck
|
||||||
|
|
||||||
// Options for queries
|
// Options for queries
|
||||||
QueryOptions
|
QueryOptions
|
||||||
|
@ -317,8 +317,8 @@ type IntentionMatchEntry struct {
|
||||||
Name string
|
Name string
|
||||||
}
|
}
|
||||||
|
|
||||||
// IntentionQueryTest are the parameters for performing a test request.
|
// IntentionQueryCheck are the parameters for performing a test request.
|
||||||
type IntentionQueryTest struct {
|
type IntentionQueryCheck struct {
|
||||||
// SourceNS, SourceName, DestinationNS, and DestinationName are the
|
// SourceNS, SourceName, DestinationNS, and DestinationName are the
|
||||||
// source and namespace, respectively, for the test. These must be
|
// source and namespace, respectively, for the test. These must be
|
||||||
// exact values.
|
// exact values.
|
||||||
|
@ -332,12 +332,12 @@ type IntentionQueryTest struct {
|
||||||
// GetACLPrefix returns the prefix to look up the ACL policy for this
|
// GetACLPrefix returns the prefix to look up the ACL policy for this
|
||||||
// request, and a boolean noting whether the prefix is valid to check
|
// request, and a boolean noting whether the prefix is valid to check
|
||||||
// or not. You must check the ok value before using the prefix.
|
// or not. You must check the ok value before using the prefix.
|
||||||
func (q *IntentionQueryTest) GetACLPrefix() (string, bool) {
|
func (q *IntentionQueryCheck) GetACLPrefix() (string, bool) {
|
||||||
return q.DestinationName, q.DestinationName != ""
|
return q.DestinationName, q.DestinationName != ""
|
||||||
}
|
}
|
||||||
|
|
||||||
// IntentionQueryTestResponse is the response for a test request.
|
// IntentionQueryCheckResponse is the response for a test request.
|
||||||
type IntentionQueryTestResponse struct {
|
type IntentionQueryCheckResponse struct {
|
||||||
Allowed bool
|
Allowed bool
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue