mirror of https://github.com/status-im/consul.git
peering: block Intention.Apply ops (#13451)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
This commit is contained in:
parent
b3e99784a6
commit
bd4ddb3720
|
@ -77,6 +77,10 @@ func (s *Intention) Apply(args *structs.IntentionRequest, reply *string) error {
|
|||
return ErrConnectNotEnabled
|
||||
}
|
||||
|
||||
if args.Intention != nil && args.Intention.SourcePeer != "" {
|
||||
return fmt.Errorf("SourcePeer field is not supported on this endpoint. Use config entries instead")
|
||||
}
|
||||
|
||||
// Ensure that all service-intentions config entry writes go to the primary
|
||||
// datacenter. These will then be replicated to all the other datacenters.
|
||||
args.Datacenter = s.srv.config.PrimaryDatacenter
|
||||
|
|
|
@ -273,6 +273,41 @@ func TestIntentionApply_updateGood(t *testing.T) {
|
|||
}
|
||||
}
|
||||
|
||||
// TestIntentionApply_NoSourcePeer makes sure that no intention is created with a SourcePeer since this is not supported
|
||||
func TestIntentionApply_NoSourcePeer(t *testing.T) {
|
||||
if testing.Short() {
|
||||
t.Skip("too slow for testing.Short")
|
||||
}
|
||||
|
||||
t.Parallel()
|
||||
|
||||
_, s1 := testServer(t)
|
||||
codec := rpcClient(t, s1)
|
||||
|
||||
waitForLeaderEstablishment(t, s1)
|
||||
|
||||
// Setup a basic record to create
|
||||
ixn := structs.IntentionRequest{
|
||||
Datacenter: "dc1",
|
||||
Op: structs.IntentionOpCreate,
|
||||
Intention: &structs.Intention{
|
||||
SourceNS: structs.IntentionDefaultNamespace,
|
||||
SourceName: "test",
|
||||
SourcePeer: "peer1",
|
||||
DestinationNS: structs.IntentionDefaultNamespace,
|
||||
DestinationName: "test",
|
||||
Action: structs.IntentionActionAllow,
|
||||
SourceType: structs.IntentionSourceConsul,
|
||||
Meta: map[string]string{},
|
||||
},
|
||||
}
|
||||
var reply string
|
||||
err := msgpackrpc.CallWithCodec(codec, "Intention.Apply", &ixn, &reply)
|
||||
require.Error(t, err)
|
||||
require.Contains(t, err, "SourcePeer field is not supported on this endpoint. Use config entries instead")
|
||||
require.Empty(t, reply)
|
||||
}
|
||||
|
||||
// Shouldn't be able to update a non-existent intention
|
||||
func TestIntentionApply_updateNonExist(t *testing.T) {
|
||||
if testing.Short() {
|
||||
|
|
Loading…
Reference in New Issue