From eb6c0cbea0f5272574de60c139953763436ead27 Mon Sep 17 00:00:00 2001 From: freddygv Date: Mon, 15 Mar 2021 17:50:47 -0600 Subject: [PATCH] Fixup typo, comments, and regression --- agent/consul/helper_test.go | 2 +- agent/consul/intention_endpoint.go | 4 ++++ agent/consul/internal_endpoint.go | 2 +- agent/consul/internal_endpoint_test.go | 4 ++-- agent/consul/state/catalog.go | 2 +- 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/agent/consul/helper_test.go b/agent/consul/helper_test.go index a80bb97ea..0b44f87f3 100644 --- a/agent/consul/helper_test.go +++ b/agent/consul/helper_test.go @@ -911,7 +911,7 @@ func registerTestTopologyEntries(t *testing.T, codec rpc.ClientCodec, token stri } } -func registetIntentionUpstreamEntries(t *testing.T, codec rpc.ClientCodec, token string) { +func registerIntentionUpstreamEntries(t *testing.T, codec rpc.ClientCodec, token string) { t.Helper() // api and api-proxy on node foo diff --git a/agent/consul/intention_endpoint.go b/agent/consul/intention_endpoint.go index 58bb1a77d..cb6208293 100644 --- a/agent/consul/intention_endpoint.go +++ b/agent/consul/intention_endpoint.go @@ -683,6 +683,10 @@ func (s *Intention) Check(args *structs.IntentionQueryRequest, reply *structs.In return fmt.Errorf("Invalid destination namespace %q: %v", query.DestinationNS, err) } + if query.SourceType != structs.IntentionSourceConsul { + return fmt.Errorf("unsupported SourceType: %q", query.SourceType) + } + // Perform the ACL check. For Check we only require ServiceRead and // NOT IntentionRead because the Check API only returns pass/fail and // returns no other information about the intentions used. We could check diff --git a/agent/consul/internal_endpoint.go b/agent/consul/internal_endpoint.go index f138e486e..9a82f136b 100644 --- a/agent/consul/internal_endpoint.go +++ b/agent/consul/internal_endpoint.go @@ -188,7 +188,7 @@ func (m *Internal) ServiceTopology(args *structs.ServiceSpecificRequest, reply * }) } -// IntentionUpstreams returns the upstreams or downstreams of a service. Upstreams and downstreams are inferred from intentions. +// IntentionUpstreams returns the upstreams of a service. Upstreams are inferred from intentions. // If intentions allow a connection from the target to some candidate service, the candidate service is considered // an upstream of the target. func (m *Internal) IntentionUpstreams(args *structs.ServiceSpecificRequest, reply *structs.IndexedServiceList) error { diff --git a/agent/consul/internal_endpoint_test.go b/agent/consul/internal_endpoint_test.go index 5117a0e05..f845da827 100644 --- a/agent/consul/internal_endpoint_test.go +++ b/agent/consul/internal_endpoint_test.go @@ -1908,7 +1908,7 @@ func TestInternal_IntentionUpstreams(t *testing.T) { // Intentions // * -> * (deny) intention // web -> api (allow) - registetIntentionUpstreamEntries(t, codec, "") + registerIntentionUpstreamEntries(t, codec, "") t.Run("web", func(t *testing.T) { retry.Run(t, func(r *retry.R) { @@ -1957,7 +1957,7 @@ func TestInternal_IntentionUpstreams_ACL(t *testing.T) { // Intentions // * -> * (deny) intention // web -> api (allow) - registetIntentionUpstreamEntries(t, codec, TestDefaultMasterToken) + registerIntentionUpstreamEntries(t, codec, TestDefaultMasterToken) t.Run("valid token", func(t *testing.T) { // Token grants read to read api service diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go index 00d862e1a..40bd73374 100644 --- a/agent/consul/state/catalog.go +++ b/agent/consul/state/catalog.go @@ -747,7 +747,7 @@ func serviceListTxn(tx ReadTxn, ws memdb.WatchSet, svc := service.(*structs.ServiceNode) // TODO (freddy) This is a hack to exclude certain kinds. // Need a new index to query by kind and namespace, have to coordinate with consul foundations first - if include != nil && include(svc) { + if include == nil || include(svc) { unique[svc.CompoundServiceName()] = struct{}{} } }