mirror of
https://github.com/status-im/consul.git
synced 2025-01-12 06:44:41 +00:00
a02e9abcc1
When converting from Consul intentions to xds RBAC rules, services imported from other peers must encode additional data like partition (from the remote cluster) and trust domain. This PR updates the PeeringTrustBundle to hold the sending side's local partition as ExportedPartition. It also updates RBAC code to encode SpiffeIDs of imported services with the ExportedPartition and TrustDomain.
32 lines
713 B
Go
32 lines
713 B
Go
//go:build !consulent
|
|
// +build !consulent
|
|
|
|
package connect
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestSpiffeIDServiceURI(t *testing.T) {
|
|
t.Run("default partition; default namespace", func(t *testing.T) {
|
|
svc := &SpiffeIDService{
|
|
Host: "1234.consul",
|
|
Datacenter: "dc1",
|
|
Service: "web",
|
|
}
|
|
require.Equal(t, "spiffe://1234.consul/ns/default/dc/dc1/svc/web", svc.URI().String())
|
|
})
|
|
|
|
t.Run("namespaces are ignored", func(t *testing.T) {
|
|
svc := &SpiffeIDService{
|
|
Host: "1234.consul",
|
|
Namespace: "other",
|
|
Datacenter: "dc1",
|
|
Service: "web",
|
|
}
|
|
require.Equal(t, "spiffe://1234.consul/ns/default/dc/dc1/svc/web", svc.URI().String())
|
|
})
|
|
}
|