acl: IntentionDefault => IntentionDefaultAllow

This commit is contained in:
Mitchell Hashimoto 2018-03-27 10:08:20 -07:00
parent ac72a0c5fd
commit 5a47a53c70
No known key found for this signature in database
GPG Key ID: 744E147AA52F5B0A
3 changed files with 12 additions and 12 deletions

View File

@ -60,9 +60,9 @@ type ACL interface {
// EventWrite determines if a specific event may be fired. // EventWrite determines if a specific event may be fired.
EventWrite(string) bool EventWrite(string) bool
// IntentionDefault determines the default authorized behavior // IntentionDefaultAllow determines the default authorized behavior
// when no intentions match a Connect request. // when no intentions match a Connect request.
IntentionDefault() bool IntentionDefaultAllow() bool
// IntentionRead determines if a specific intention can be read. // IntentionRead determines if a specific intention can be read.
IntentionRead(string) bool IntentionRead(string) bool
@ -165,7 +165,7 @@ func (s *StaticACL) EventWrite(string) bool {
return s.defaultAllow return s.defaultAllow
} }
func (s *StaticACL) IntentionDefault() bool { func (s *StaticACL) IntentionDefaultAllow() bool {
return s.defaultAllow return s.defaultAllow
} }
@ -501,11 +501,11 @@ func (p *PolicyACL) EventWrite(name string) bool {
return p.parent.EventWrite(name) return p.parent.EventWrite(name)
} }
// IntentionDefault returns whether the default behavior when there are // IntentionDefaultAllow returns whether the default behavior when there are
// no matching intentions is to allow or deny. // no matching intentions is to allow or deny.
func (p *PolicyACL) IntentionDefault() bool { func (p *PolicyACL) IntentionDefaultAllow() bool {
// We always go up, this can't be determined by a policy. // We always go up, this can't be determined by a policy.
return p.parent.IntentionDefault() return p.parent.IntentionDefaultAllow()
} }
// IntentionRead checks if writing (creating, updating, or deleting) of an // IntentionRead checks if writing (creating, updating, or deleting) of an

View File

@ -53,7 +53,7 @@ func TestStaticACL(t *testing.T) {
if !all.EventWrite("foobar") { if !all.EventWrite("foobar") {
t.Fatalf("should allow") t.Fatalf("should allow")
} }
if !all.IntentionDefault() { if !all.IntentionDefaultAllow() {
t.Fatalf("should allow") t.Fatalf("should allow")
} }
if !all.IntentionWrite("foobar") { if !all.IntentionWrite("foobar") {
@ -129,7 +129,7 @@ func TestStaticACL(t *testing.T) {
if none.EventWrite("") { if none.EventWrite("") {
t.Fatalf("should not allow") t.Fatalf("should not allow")
} }
if none.IntentionDefault() { if none.IntentionDefaultAllow() {
t.Fatalf("should not allow") t.Fatalf("should not allow")
} }
if none.IntentionWrite("foo") { if none.IntentionWrite("foo") {
@ -199,7 +199,7 @@ func TestStaticACL(t *testing.T) {
if !manage.EventWrite("foobar") { if !manage.EventWrite("foobar") {
t.Fatalf("should allow") t.Fatalf("should allow")
} }
if !manage.IntentionDefault() { if !manage.IntentionDefaultAllow() {
t.Fatalf("should allow") t.Fatalf("should allow")
} }
if !manage.IntentionWrite("foobar") { if !manage.IntentionWrite("foobar") {
@ -465,7 +465,7 @@ func TestPolicyACL(t *testing.T) {
} }
// Check default intentions bubble up // Check default intentions bubble up
if !acl.IntentionDefault() { if !acl.IntentionDefaultAllow() {
t.Fatal("should allow") t.Fatal("should allow")
} }
} }
@ -623,7 +623,7 @@ func TestPolicyACL_Parent(t *testing.T) {
} }
// Check default intentions // Check default intentions
if acl.IntentionDefault() { if acl.IntentionDefaultAllow() {
t.Fatal("should not allow") t.Fatal("should not allow")
} }
} }

View File

@ -984,7 +984,7 @@ func (s *HTTPServer) AgentConnectAuthorize(resp http.ResponseWriter, req *http.R
authz := true authz := true
reason := "ACLs disabled, access is allowed by default" reason := "ACLs disabled, access is allowed by default"
if rule != nil { if rule != nil {
authz = rule.IntentionDefault() authz = rule.IntentionDefaultAllow()
reason = "Default behavior configured by ACLs" reason = "Default behavior configured by ACLs"
} }