mirror of https://github.com/status-im/consul.git
Add methods to check intention has wildcard src or dst
This commit is contained in:
parent
eca45f107a
commit
9713e3ba38
|
@ -965,9 +965,7 @@ func (s *Store) IntentionTopology(ws memdb.WatchSet,
|
||||||
// Intentions with wildcard source and destination have the lowest precedence, so they are last in the list
|
// Intentions with wildcard source and destination have the lowest precedence, so they are last in the list
|
||||||
ixn := intentions[len(intentions)-1]
|
ixn := intentions[len(intentions)-1]
|
||||||
|
|
||||||
// TODO (freddy) This needs an enterprise split to account for (*/* -> */*)
|
if ixn.HasWildcardSource() && ixn.HasWildcardDestination() {
|
||||||
// Maybe ixn.HasWildcardSource() && ixn.HasWildcardDestination()
|
|
||||||
if ixn.SourceName == structs.WildcardSpecifier && ixn.DestinationName == structs.WildcardSpecifier {
|
|
||||||
defaultDecision = acl.Allow
|
defaultDecision = acl.Allow
|
||||||
if ixn.Action == structs.IntentionActionDeny {
|
if ixn.Action == structs.IntentionActionDeny {
|
||||||
defaultDecision = acl.Deny
|
defaultDecision = acl.Deny
|
||||||
|
|
|
@ -150,3 +150,11 @@ func (s *Session) CheckIDs() []types.CheckID {
|
||||||
}
|
}
|
||||||
return checks
|
return checks
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (t *Intention) HasWildcardSource() bool {
|
||||||
|
return t.SourceName == WildcardSpecifier
|
||||||
|
}
|
||||||
|
|
||||||
|
func (t *Intention) HasWildcardDestination() bool {
|
||||||
|
return t.DestinationName == WildcardSpecifier
|
||||||
|
}
|
||||||
|
|
|
@ -41,3 +41,35 @@ func TestServiceName_String(t *testing.T) {
|
||||||
require.Equal(t, "the-id", fmt.Sprintf("%v", &sn))
|
require.Equal(t, "the-id", fmt.Sprintf("%v", &sn))
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestIntention_HasWildcardSource(t *testing.T) {
|
||||||
|
t.Run("true", func(t *testing.T) {
|
||||||
|
ixn := Intention{
|
||||||
|
SourceName: WildcardSpecifier,
|
||||||
|
}
|
||||||
|
require.True(t, ixn.HasWildcardSource())
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("false", func(t *testing.T) {
|
||||||
|
ixn := Intention{
|
||||||
|
SourceName: "web",
|
||||||
|
}
|
||||||
|
require.False(t, ixn.HasWildcardSource())
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
|
func TestIntention_HasWildcardDestination(t *testing.T) {
|
||||||
|
t.Run("true", func(t *testing.T) {
|
||||||
|
ixn := Intention{
|
||||||
|
DestinationName: WildcardSpecifier,
|
||||||
|
}
|
||||||
|
require.True(t, ixn.HasWildcardDestination())
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("false", func(t *testing.T) {
|
||||||
|
ixn := Intention{
|
||||||
|
DestinationName: "web",
|
||||||
|
}
|
||||||
|
require.False(t, ixn.HasWildcardDestination())
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue