status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
20,628 Commits 445 Branches 179 Tags 481 MiB
Commit Graph

10 Commits

Author SHA1 Message Date
Chris S. Kim b43cde5d19
Add workload identity hooks (#19045) 2023-10-04 14:24:32 +00:00
Eric Haberkorn f2b7b4591a
Fix Traffic Permissions Default Deny (#19028) 
Whenver a traffic permission exists for a given workload identity, turn on default deny.

Previously, this was only working at the port level.
 2023-10-04 09:58:28 -04:00
skpratt 21ea527089
TrafficPermissions: add ACL hooks (#19023) 
* add ACL hooks

* add hooks for CTPs
 2023-10-02 15:24:19 -05:00
Eric Haberkorn 7ce6ebaeb3
Handle Traffic Permissions With Empty Sources Properly (#19024) 
Fix issues with empty sources

* Validate that each permission on traffic permissions resources has at least one source.
* Don't construct RBAC policies when there aren't any principals. This resulted in Envoy rejecting xDS updates with a validation error.

```
error=
  | rpc error: code = Internal desc = Error adding/updating listener(s) public_listener: Proto constraint validation failed (RBACValidationError.Rules: embedded message failed validation | caused by RBACValidationError.Policies[consul-intentions-layer4-1]: embedded message failed validation | caused by PolicyValidationError.Principals: value must contain at least 1 item(s)): rules {
```
 2023-09-28 15:11:59 -04:00
skpratt 202090e5d5
v2 explicit destination traffic permissions (#18823) 
* workload identity boilerplate

* notes from discussion with Iryna

* WIP traffic permissions controller poc

* workload identity, traffic permissions validation, errors, types

* traffic permissions mapper framing, traffic permissions controller updates.

* more roughing out of the controller

* cleanup

* controller and mapper logic

* tests

* refactor mapper logic, add tests

* clean up tenancy and integration test stubs

* consolidate mapping

* cleanup cache leak, revert bimapper changes

* address review comments

* test fix and rebase

* use resource helper

---------

Co-authored-by: John Landa <john.landa@hashicorp.com>
 2023-09-25 16:50:07 +00:00
Iryna Shustava e6b724d062
catalog,mesh,auth: Move resource types to the proto-public module (#18935) 2023-09-22 15:50:56 -06:00
Eric Haberkorn 4d6ff29392
Traffic Permissions Validations (#18907) 
add TP validations and mutation and add CTP validations
 2023-09-22 16:10:10 -04:00
Iryna Shustava d88888ee8b
catalog,mesh,auth: Bump versions to v2beta1 (#18930) 2023-09-22 10:51:15 -06:00
Eric Haberkorn 170417ac97
Honor Default Traffic Permissions in V2 (#18886) 
wire up v2 default traffic permissions
 2023-09-19 10:42:32 -04:00
skpratt e5808d85f7
register traffic permission and workload identity types (#18704) 
* add workload identity and traffic permission protos

* register new types

* add generated pb code

* fix exports.go path

* add proto newlines

* fix type name

Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com>

* address review

* fix protos and add tests

* fix validation constraints

* add tests

---------

Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com>
 2023-09-14 12:40:54 -05:00