From 1c46470a29cef430de7c1a791c6964604aa535e4 Mon Sep 17 00:00:00 2001
From: freddygv <gh@freddygv.xyz>
Date: Wed, 17 Mar 2021 22:15:48 -0600
Subject: [PATCH] Add methods to check intention has wildcard src or dst

---
 agent/consul/state/intention.go   |  4 +---
 agent/structs/structs_oss.go      |  8 ++++++++
 agent/structs/structs_oss_test.go | 32 +++++++++++++++++++++++++++++++
 3 files changed, 41 insertions(+), 3 deletions(-)

diff --git a/agent/consul/state/intention.go b/agent/consul/state/intention.go
index 2da8240b6..5913abe06 100644
--- a/agent/consul/state/intention.go
+++ b/agent/consul/state/intention.go
@@ -965,9 +965,7 @@ func (s *Store) IntentionTopology(ws memdb.WatchSet,
 		// Intentions with wildcard source and destination have the lowest precedence, so they are last in the list
 		ixn := intentions[len(intentions)-1]
 
-		// TODO (freddy) This needs an enterprise split to account for (*/* -> */*)
-		//				 Maybe ixn.HasWildcardSource() && ixn.HasWildcardDestination()
-		if ixn.SourceName == structs.WildcardSpecifier && ixn.DestinationName == structs.WildcardSpecifier {
+		if ixn.HasWildcardSource() && ixn.HasWildcardDestination() {
 			defaultDecision = acl.Allow
 			if ixn.Action == structs.IntentionActionDeny {
 				defaultDecision = acl.Deny
diff --git a/agent/structs/structs_oss.go b/agent/structs/structs_oss.go
index def44b159..7e7e22930 100644
--- a/agent/structs/structs_oss.go
+++ b/agent/structs/structs_oss.go
@@ -150,3 +150,11 @@ func (s *Session) CheckIDs() []types.CheckID {
 	}
 	return checks
 }
+
+func (t *Intention) HasWildcardSource() bool {
+	return t.SourceName == WildcardSpecifier
+}
+
+func (t *Intention) HasWildcardDestination() bool {
+	return t.DestinationName == WildcardSpecifier
+}
diff --git a/agent/structs/structs_oss_test.go b/agent/structs/structs_oss_test.go
index 5d7ab2e4f..f7811e74a 100644
--- a/agent/structs/structs_oss_test.go
+++ b/agent/structs/structs_oss_test.go
@@ -41,3 +41,35 @@ func TestServiceName_String(t *testing.T) {
 		require.Equal(t, "the-id", fmt.Sprintf("%v", &sn))
 	})
 }
+
+func TestIntention_HasWildcardSource(t *testing.T) {
+	t.Run("true", func(t *testing.T) {
+		ixn := Intention{
+			SourceName: WildcardSpecifier,
+		}
+		require.True(t, ixn.HasWildcardSource())
+	})
+
+	t.Run("false", func(t *testing.T) {
+		ixn := Intention{
+			SourceName: "web",
+		}
+		require.False(t, ixn.HasWildcardSource())
+	})
+}
+
+func TestIntention_HasWildcardDestination(t *testing.T) {
+	t.Run("true", func(t *testing.T) {
+		ixn := Intention{
+			DestinationName: WildcardSpecifier,
+		}
+		require.True(t, ixn.HasWildcardDestination())
+	})
+
+	t.Run("false", func(t *testing.T) {
+		ixn := Intention{
+			DestinationName: "web",
+		}
+		require.False(t, ixn.HasWildcardDestination())
+	})
+}