agent: GET /v1/connect/intentions/match

agent/http_oss.go

@@ -40,6 +40,7 @@ func init() {
 	registerEndpoint("/v1/catalog/service/", []string{"GET"}, (*HTTPServer).CatalogServiceNodes)
 	registerEndpoint("/v1/catalog/node/", []string{"GET"}, (*HTTPServer).CatalogNodeServices)
 	registerEndpoint("/v1/connect/intentions", []string{"GET", "POST"}, (*HTTPServer).IntentionEndpoint)
+	registerEndpoint("/v1/connect/intentions/match", []string{"GET"}, (*HTTPServer).IntentionMatch)
 	registerEndpoint("/v1/connect/intentions/", []string{"GET"}, (*HTTPServer).IntentionSpecific)
 	registerEndpoint("/v1/coordinate/datacenters", []string{"GET"}, (*HTTPServer).CoordinateDatacenters)
 	registerEndpoint("/v1/coordinate/nodes", []string{"GET"}, (*HTTPServer).CoordinateNodes)

agent/intentions_endpoint.go

@@ -67,6 +67,70 @@ func (s *HTTPServer) IntentionCreate(resp http.ResponseWriter, req *http.Request
 	return intentionCreateResponse{reply}, nil
 }
 
+// GET /v1/connect/intentions/match
+func (s *HTTPServer) IntentionMatch(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
+	// Test the method
+	if req.Method != "GET" {
+		return nil, MethodNotAllowedError{req.Method, []string{"GET"}}
+	}
+
+	// Prepare args
+	args := &structs.IntentionQueryRequest{Match: &structs.IntentionQueryMatch{}}
+	if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
+		return nil, nil
+	}
+
+	q := req.URL.Query()
+
+	// Extract the "by" query parameter
+	if by, ok := q["by"]; !ok || len(by) != 1 {
+		return nil, fmt.Errorf("required query parameter 'by' not set")
+	} else {
+		switch v := structs.IntentionMatchType(by[0]); v {
+		case structs.IntentionMatchSource, structs.IntentionMatchDestination:
+			args.Match.Type = v
+		default:
+			return nil, fmt.Errorf("'by' parameter must be one of 'source' or 'destination'")
+		}
+	}
+
+	// Extract all the match names
+	names, ok := q["name"]
+	if !ok || len(names) == 0 {
+		return nil, fmt.Errorf("required query parameter 'name' not set")
+	}
+
+	// Build the entries in order. The order matters since that is the
+	// order of the returned responses.
+	args.Match.Entries = make([]structs.IntentionMatchEntry, len(names))
+	for i, n := range names {
+		entry, err := parseIntentionMatchEntry(n)
+		if err != nil {
+			return nil, fmt.Errorf("name %q is invalid: %s", n, err)
+		}
+
+		args.Match.Entries[i] = entry
+	}
+
+	var reply structs.IndexedIntentionMatches
+	if err := s.agent.RPC("Intention.Match", args, &reply); err != nil {
+		return nil, err
+	}
+
+	// We must have an identical count of matches
+	if len(reply.Matches) != len(names) {
+		return nil, fmt.Errorf("internal error: match response count didn't match input count")
+	}
+
+	// Use empty list instead of nil.
+	response := make(map[string]structs.Intentions)
+	for i, ixns := range reply.Matches {
+		response[names[i]] = ixns
+	}
+
+	return response, nil
+}
+
 // IntentionSpecific handles the endpoint for /v1/connection/intentions/:id
 func (s *HTTPServer) IntentionSpecific(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
 	id := strings.TrimPrefix(req.URL.Path, "/v1/connect/intentions/")
@@ -161,3 +225,28 @@ func (s *HTTPServer) IntentionSpecificDelete(id string, resp http.ResponseWriter
 
 // intentionCreateResponse is the response structure for creating an intention.
 type intentionCreateResponse struct{ ID string }
+
+// parseIntentionMatchEntry parses the query parameter for an intention
+// match query entry.
+func parseIntentionMatchEntry(input string) (structs.IntentionMatchEntry, error) {
+	var result structs.IntentionMatchEntry
+
+	// TODO(mitchellh): when namespaces are introduced, set the default
+	// namespace to be the namespace of the requestor.
+
+	// Get the index to the '/'. If it doesn't exist, we have just a name
+	// so just set that and return.
+	idx := strings.IndexByte(input, '/')
+	if idx == -1 {
+		result.Name = input
+		return result, nil
+	}
+
+	result.Namespace = input[:idx]
+	result.Name = input[idx+1:]
+	if strings.IndexByte(result.Name, '/') != -1 {
+		return result, fmt.Errorf("input can contain at most one '/'")
+	}
+
+	return result, nil
+}

agent/intentions_endpoint_test.go

@@ -72,6 +72,125 @@ func TestIntentionsList_values(t *testing.T) {
 	}
 }
 
+func TestIntentionsMatch_basic(t *testing.T) {
+	t.Parallel()
+
+	a := NewTestAgent(t.Name(), "")
+	defer a.Shutdown()
+
+	// Create some intentions
+	{
+		insert := [][]string{
+			{"foo", "*"},
+			{"foo", "bar"},
+			{"foo", "baz"}, // shouldn't match
+			{"bar", "bar"}, // shouldn't match
+			{"bar", "*"},   // shouldn't match
+			{"*", "*"},
+		}
+
+		for _, v := range insert {
+			ixn := structs.IntentionRequest{
+				Datacenter: "dc1",
+				Op:         structs.IntentionOpCreate,
+				Intention: &structs.Intention{
+					SourceNS:        "default",
+					SourceName:      "test",
+					DestinationNS:   v[0],
+					DestinationName: v[1],
+				},
+			}
+
+			// Create
+			var reply string
+			if err := a.RPC("Intention.Apply", &ixn, &reply); err != nil {
+				t.Fatalf("err: %v", err)
+			}
+		}
+	}
+
+	// Request
+	req, _ := http.NewRequest("GET",
+		"/v1/connect/intentions/match?by=destination&name=foo/bar", nil)
+	resp := httptest.NewRecorder()
+	obj, err := a.srv.IntentionMatch(resp, req)
+	if err != nil {
+		t.Fatalf("err: %v", err)
+	}
+
+	value := obj.(map[string]structs.Intentions)
+	if len(value) != 1 {
+		t.Fatalf("bad: %v", value)
+	}
+
+	var actual [][]string
+	expected := [][]string{{"foo", "bar"}, {"foo", "*"}, {"*", "*"}}
+	for _, ixn := range value["foo/bar"] {
+		actual = append(actual, []string{ixn.DestinationNS, ixn.DestinationName})
+	}
+
+	if !reflect.DeepEqual(actual, expected) {
+		t.Fatalf("bad (got, wanted):\n\n%#v\n\n%#v", actual, expected)
+	}
+}
+
+func TestIntentionsMatch_noBy(t *testing.T) {
+	t.Parallel()
+
+	a := NewTestAgent(t.Name(), "")
+	defer a.Shutdown()
+
+	// Request
+	req, _ := http.NewRequest("GET",
+		"/v1/connect/intentions/match?name=foo/bar", nil)
+	resp := httptest.NewRecorder()
+	obj, err := a.srv.IntentionMatch(resp, req)
+	if err == nil || !strings.Contains(err.Error(), "by") {
+		t.Fatalf("err: %v", err)
+	}
+	if obj != nil {
+		t.Fatal("should have no response")
+	}
+}
+
+func TestIntentionsMatch_byInvalid(t *testing.T) {
+	t.Parallel()
+
+	a := NewTestAgent(t.Name(), "")
+	defer a.Shutdown()
+
+	// Request
+	req, _ := http.NewRequest("GET",
+		"/v1/connect/intentions/match?by=datacenter", nil)
+	resp := httptest.NewRecorder()
+	obj, err := a.srv.IntentionMatch(resp, req)
+	if err == nil || !strings.Contains(err.Error(), "'by' parameter") {
+		t.Fatalf("err: %v", err)
+	}
+	if obj != nil {
+		t.Fatal("should have no response")
+	}
+}
+
+func TestIntentionsMatch_noName(t *testing.T) {
+	t.Parallel()
+
+	a := NewTestAgent(t.Name(), "")
+	defer a.Shutdown()
+
+	// Request
+	req, _ := http.NewRequest("GET",
+		"/v1/connect/intentions/match?by=source", nil)
+	resp := httptest.NewRecorder()
+	obj, err := a.srv.IntentionMatch(resp, req)
+	if err == nil || !strings.Contains(err.Error(), "'name' not set") {
+		t.Fatalf("err: %v", err)
+	}
+	if obj != nil {
+		t.Fatal("should have no response")
+	}
+}
+
 func TestIntentionsCreate_good(t *testing.T) {
 	t.Parallel()
 
@@ -273,5 +392,51 @@ func TestIntentionsSpecificDelete_good(t *testing.T) {
 			t.Fatalf("err: %v", err)
 		}
 	}
-
+}
+
+func TestParseIntentionMatchEntry(t *testing.T) {
+	cases := []struct {
+		Input    string
+		Expected structs.IntentionMatchEntry
+		Err      bool
+	}{
+		{
+			"foo",
+			structs.IntentionMatchEntry{
+				Name: "foo",
+			},
+			false,
+		},
+
+		{
+			"foo/bar",
+			structs.IntentionMatchEntry{
+				Namespace: "foo",
+				Name:      "bar",
+			},
+			false,
+		},
+
+		{
+			"foo/bar/baz",
+			structs.IntentionMatchEntry{},
+			true,
+		},
+	}
+
+	for _, tc := range cases {
+		t.Run(tc.Input, func(t *testing.T) {
+			actual, err := parseIntentionMatchEntry(tc.Input)
+			if (err != nil) != tc.Err {
+				t.Fatalf("err: %s", err)
+			}
+			if err != nil {
+				return
+			}
+
+			if !reflect.DeepEqual(actual, tc.Expected) {
+				t.Fatalf("bad: %#v", actual)
+			}
+		})
+	}
 }