From 5a47a53c70d80b350dbc501a80c33f0d643c0ab3 Mon Sep 17 00:00:00 2001 From: Mitchell Hashimoto Date: Tue, 27 Mar 2018 10:08:20 -0700 Subject: [PATCH] acl: IntentionDefault => IntentionDefaultAllow --- acl/acl.go | 12 ++++++------ acl/acl_test.go | 10 +++++----- agent/agent_endpoint.go | 2 +- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/acl/acl.go b/acl/acl.go index 49dc569b97..a8ad0de960 100644 --- a/acl/acl.go +++ b/acl/acl.go @@ -60,9 +60,9 @@ type ACL interface { // EventWrite determines if a specific event may be fired. EventWrite(string) bool - // IntentionDefault determines the default authorized behavior + // IntentionDefaultAllow determines the default authorized behavior // when no intentions match a Connect request. - IntentionDefault() bool + IntentionDefaultAllow() bool // IntentionRead determines if a specific intention can be read. IntentionRead(string) bool @@ -165,7 +165,7 @@ func (s *StaticACL) EventWrite(string) bool { return s.defaultAllow } -func (s *StaticACL) IntentionDefault() bool { +func (s *StaticACL) IntentionDefaultAllow() bool { return s.defaultAllow } @@ -501,11 +501,11 @@ func (p *PolicyACL) EventWrite(name string) bool { return p.parent.EventWrite(name) } -// IntentionDefault returns whether the default behavior when there are +// IntentionDefaultAllow returns whether the default behavior when there are // no matching intentions is to allow or deny. -func (p *PolicyACL) IntentionDefault() bool { +func (p *PolicyACL) IntentionDefaultAllow() bool { // We always go up, this can't be determined by a policy. - return p.parent.IntentionDefault() + return p.parent.IntentionDefaultAllow() } // IntentionRead checks if writing (creating, updating, or deleting) of an diff --git a/acl/acl_test.go b/acl/acl_test.go index 263af0656d..faf6f092f8 100644 --- a/acl/acl_test.go +++ b/acl/acl_test.go @@ -53,7 +53,7 @@ func TestStaticACL(t *testing.T) { if !all.EventWrite("foobar") { t.Fatalf("should allow") } - if !all.IntentionDefault() { + if !all.IntentionDefaultAllow() { t.Fatalf("should allow") } if !all.IntentionWrite("foobar") { @@ -129,7 +129,7 @@ func TestStaticACL(t *testing.T) { if none.EventWrite("") { t.Fatalf("should not allow") } - if none.IntentionDefault() { + if none.IntentionDefaultAllow() { t.Fatalf("should not allow") } if none.IntentionWrite("foo") { @@ -199,7 +199,7 @@ func TestStaticACL(t *testing.T) { if !manage.EventWrite("foobar") { t.Fatalf("should allow") } - if !manage.IntentionDefault() { + if !manage.IntentionDefaultAllow() { t.Fatalf("should allow") } if !manage.IntentionWrite("foobar") { @@ -465,7 +465,7 @@ func TestPolicyACL(t *testing.T) { } // Check default intentions bubble up - if !acl.IntentionDefault() { + if !acl.IntentionDefaultAllow() { t.Fatal("should allow") } } @@ -623,7 +623,7 @@ func TestPolicyACL_Parent(t *testing.T) { } // Check default intentions - if acl.IntentionDefault() { + if acl.IntentionDefaultAllow() { t.Fatal("should not allow") } } diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go index 5a9218c379..20cb047b21 100644 --- a/agent/agent_endpoint.go +++ b/agent/agent_endpoint.go @@ -984,7 +984,7 @@ func (s *HTTPServer) AgentConnectAuthorize(resp http.ResponseWriter, req *http.R authz := true reason := "ACLs disabled, access is allowed by default" if rule != nil { - authz = rule.IntentionDefault() + authz = rule.IntentionDefaultAllow() reason = "Default behavior configured by ACLs" }