R.B. Boyer 6742340878
mesh: add ComputedImplicitDestinations resource for future use (#20547)
Creates a new controller to create ComputedImplicitDestinations resources by 
composing ComputedRoutes, Services, and ComputedTrafficPermissions to 
infer all ParentRef services that could possibly send some portion of traffic to a 
Service that has at least one accessible Workload Identity. A followup PR will 
rewire the sidecar controller to make use of this new resource.

As this is a performance optimization, rather than a security feature the following 
aspects of traffic permissions have been ignored:

- DENY rules
- port rules (all ports are allowed)

Also:

- Add some v2 TestController machinery to help test complex dependency mappers.
2024-02-09 15:42:10 -06:00

69 lines
2.2 KiB
Go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1
package dependency
import (
"context"
"google.golang.org/protobuf/proto"
"github.com/hashicorp/consul/internal/controller"
"github.com/hashicorp/consul/internal/resource"
"github.com/hashicorp/consul/proto-public/pbresource"
)
// MapOwner implements a DependencyMapper that returns the updated resource's owner.
func MapOwner(_ context.Context, _ controller.Runtime, res *pbresource.Resource) ([]controller.Request, error) {
var reqs []controller.Request
if res.Owner != nil {
reqs = append(reqs, controller.Request{ID: res.Owner})
}
return reqs, nil
}
// MapOwnerFiltered creates a DependencyMapper that returns owner IDs as Requests
// if the type of the owner ID matches the given filter type.
func MapOwnerFiltered(filter *pbresource.Type) controller.DependencyMapper {
return func(_ context.Context, _ controller.Runtime, res *pbresource.Resource) ([]controller.Request, error) {
if res.Owner == nil {
return nil, nil
}
if !resource.EqualType(res.Owner.GetType(), filter) {
return nil, nil
}
return []controller.Request{{ID: res.Owner}}, nil
}
}
// ReplaceType creates a DependencyMapper that returns request IDs with the same
// name and tenancy as the original resource but with the type replaced with
// the type specified as this functions parameter.
func ReplaceType(desiredType *pbresource.Type) controller.DependencyMapper {
return func(_ context.Context, _ controller.Runtime, res *pbresource.Resource) ([]controller.Request, error) {
return []controller.Request{
{
ID: &pbresource.ID{
Type: desiredType,
Tenancy: res.Id.Tenancy,
Name: res.Id.Name,
},
},
}, nil
}
}
type DecodedDependencyMapper[T proto.Message] func(context.Context, controller.Runtime, *resource.DecodedResource[T]) ([]controller.Request, error)
func MapDecoded[T proto.Message](mapper DecodedDependencyMapper[T]) controller.DependencyMapper {
return func(ctx context.Context, rt controller.Runtime, res *pbresource.Resource) ([]controller.Request, error) {
decoded, err := resource.Decode[T](res)
if err != nil {
return nil, err
}
return mapper(ctx, rt, decoded)
}
}