acl: IntentionDefault => IntentionDefaultAllow
This commit is contained in:
parent
b3584b6355
commit
f983978fb8
12
acl/acl.go
12
acl/acl.go
|
@ -60,9 +60,9 @@ type ACL interface {
|
|||
// EventWrite determines if a specific event may be fired.
|
||||
EventWrite(string) bool
|
||||
|
||||
// IntentionDefault determines the default authorized behavior
|
||||
// IntentionDefaultAllow determines the default authorized behavior
|
||||
// when no intentions match a Connect request.
|
||||
IntentionDefault() bool
|
||||
IntentionDefaultAllow() bool
|
||||
|
||||
// IntentionRead determines if a specific intention can be read.
|
||||
IntentionRead(string) bool
|
||||
|
@ -165,7 +165,7 @@ func (s *StaticACL) EventWrite(string) bool {
|
|||
return s.defaultAllow
|
||||
}
|
||||
|
||||
func (s *StaticACL) IntentionDefault() bool {
|
||||
func (s *StaticACL) IntentionDefaultAllow() bool {
|
||||
return s.defaultAllow
|
||||
}
|
||||
|
||||
|
@ -501,11 +501,11 @@ func (p *PolicyACL) EventWrite(name string) bool {
|
|||
return p.parent.EventWrite(name)
|
||||
}
|
||||
|
||||
// IntentionDefault returns whether the default behavior when there are
|
||||
// IntentionDefaultAllow returns whether the default behavior when there are
|
||||
// no matching intentions is to allow or deny.
|
||||
func (p *PolicyACL) IntentionDefault() bool {
|
||||
func (p *PolicyACL) IntentionDefaultAllow() bool {
|
||||
// We always go up, this can't be determined by a policy.
|
||||
return p.parent.IntentionDefault()
|
||||
return p.parent.IntentionDefaultAllow()
|
||||
}
|
||||
|
||||
// IntentionRead checks if writing (creating, updating, or deleting) of an
|
||||
|
|
|
@ -53,7 +53,7 @@ func TestStaticACL(t *testing.T) {
|
|||
if !all.EventWrite("foobar") {
|
||||
t.Fatalf("should allow")
|
||||
}
|
||||
if !all.IntentionDefault() {
|
||||
if !all.IntentionDefaultAllow() {
|
||||
t.Fatalf("should allow")
|
||||
}
|
||||
if !all.IntentionWrite("foobar") {
|
||||
|
@ -129,7 +129,7 @@ func TestStaticACL(t *testing.T) {
|
|||
if none.EventWrite("") {
|
||||
t.Fatalf("should not allow")
|
||||
}
|
||||
if none.IntentionDefault() {
|
||||
if none.IntentionDefaultAllow() {
|
||||
t.Fatalf("should not allow")
|
||||
}
|
||||
if none.IntentionWrite("foo") {
|
||||
|
@ -199,7 +199,7 @@ func TestStaticACL(t *testing.T) {
|
|||
if !manage.EventWrite("foobar") {
|
||||
t.Fatalf("should allow")
|
||||
}
|
||||
if !manage.IntentionDefault() {
|
||||
if !manage.IntentionDefaultAllow() {
|
||||
t.Fatalf("should allow")
|
||||
}
|
||||
if !manage.IntentionWrite("foobar") {
|
||||
|
@ -465,7 +465,7 @@ func TestPolicyACL(t *testing.T) {
|
|||
}
|
||||
|
||||
// Check default intentions bubble up
|
||||
if !acl.IntentionDefault() {
|
||||
if !acl.IntentionDefaultAllow() {
|
||||
t.Fatal("should allow")
|
||||
}
|
||||
}
|
||||
|
@ -623,7 +623,7 @@ func TestPolicyACL_Parent(t *testing.T) {
|
|||
}
|
||||
|
||||
// Check default intentions
|
||||
if acl.IntentionDefault() {
|
||||
if acl.IntentionDefaultAllow() {
|
||||
t.Fatal("should not allow")
|
||||
}
|
||||
}
|
||||
|
|
|
@ -984,7 +984,7 @@ func (s *HTTPServer) AgentConnectAuthorize(resp http.ResponseWriter, req *http.R
|
|||
authz := true
|
||||
reason := "ACLs disabled, access is allowed by default"
|
||||
if rule != nil {
|
||||
authz = rule.IntentionDefault()
|
||||
authz = rule.IntentionDefaultAllow()
|
||||
reason = "Default behavior configured by ACLs"
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue