mirror of
https://github.com/status-im/consul.git
synced 2025-01-31 07:57:17 +00:00
6742340878
Creates a new controller to create ComputedImplicitDestinations resources by composing ComputedRoutes, Services, and ComputedTrafficPermissions to infer all ParentRef services that could possibly send some portion of traffic to a Service that has at least one accessible Workload Identity. A followup PR will rewire the sidecar controller to make use of this new resource. As this is a performance optimization, rather than a security feature the following aspects of traffic permissions have been ignored: - DENY rules - port rules (all ports are allowed) Also: - Add some v2 TestController machinery to help test complex dependency mappers.
25 lines
893 B
Protocol Buffer
25 lines
893 B
Protocol Buffer
syntax = "proto3";
|
|
|
|
package hashicorp.consul.mesh.v2beta1;
|
|
|
|
import "pbresource/annotations.proto";
|
|
import "pbresource/resource.proto";
|
|
|
|
// ImplicitDestinations tracks destination services for a given workload identity.
|
|
message ComputedImplicitDestinations {
|
|
option (hashicorp.consul.resource.spec) = {scope: SCOPE_NAMESPACE};
|
|
// destinations is the list of destinations.
|
|
repeated ImplicitDestination destinations = 1;
|
|
|
|
// BoundReferences is a slice of mixed type references of resources that were
|
|
// involved in the formulation of this resource.
|
|
repeated hashicorp.consul.resource.Reference bound_references = 2;
|
|
}
|
|
|
|
// ImplicitDestination contains a reference to a catalog service and a list of
|
|
// port names that are allowed by TrafficPermissions.
|
|
message ImplicitDestination {
|
|
hashicorp.consul.resource.Reference destination_ref = 1;
|
|
repeated string destination_ports = 2;
|
|
}
|