luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

acl: IntentionDefault => IntentionDefaultAllow

This commit is contained in:
Mitchell Hashimoto 2018-03-27 10:08:20 -07:00
parent b3584b6355
commit f983978fb8
No known key found for this signature in database
GPG Key ID: 744E147AA52F5B0A
3 changed files with 12 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
acl/acl.go
View File

@ -60,9 +60,9 @@ type ACL interface {
// EventWrite determines if a specific event may be fired.
EventWrite(string) bool
// IntentionDefault determines the default authorized behavior
// IntentionDefaultAllow determines the default authorized behavior
// when no intentions match a Connect request.
IntentionDefault() bool
IntentionDefaultAllow() bool
// IntentionRead determines if a specific intention can be read.
IntentionRead(string) bool
@ -165,7 +165,7 @@ func (s *StaticACL) EventWrite(string) bool {
return s.defaultAllow
}
func (s *StaticACL) IntentionDefault() bool {
func (s *StaticACL) IntentionDefaultAllow() bool {
return s.defaultAllow
}
@ -501,11 +501,11 @@ func (p *PolicyACL) EventWrite(name string) bool {
return p.parent.EventWrite(name)
}
// IntentionDefault returns whether the default behavior when there are
// IntentionDefaultAllow returns whether the default behavior when there are
// no matching intentions is to allow or deny.
func (p *PolicyACL) IntentionDefault() bool {
func (p *PolicyACL) IntentionDefaultAllow() bool {
// We always go up, this can't be determined by a policy.
return p.parent.IntentionDefault()
return p.parent.IntentionDefaultAllow()
}
// IntentionRead checks if writing (creating, updating, or deleting) of an

10
acl/acl_test.go
View File

@ -53,7 +53,7 @@ func TestStaticACL(t *testing.T) {
if !all.EventWrite("foobar") {
t.Fatalf("should allow")
}
if !all.IntentionDefault() {
if !all.IntentionDefaultAllow() {
t.Fatalf("should allow")
}
if !all.IntentionWrite("foobar") {
@ -129,7 +129,7 @@ func TestStaticACL(t *testing.T) {
if none.EventWrite("") {
t.Fatalf("should not allow")
}
if none.IntentionDefault() {
if none.IntentionDefaultAllow() {
t.Fatalf("should not allow")
}
if none.IntentionWrite("foo") {
@ -199,7 +199,7 @@ func TestStaticACL(t *testing.T) {
if !manage.EventWrite("foobar") {
t.Fatalf("should allow")
}
if !manage.IntentionDefault() {
if !manage.IntentionDefaultAllow() {
t.Fatalf("should allow")
}
if !manage.IntentionWrite("foobar") {
@ -465,7 +465,7 @@ func TestPolicyACL(t *testing.T) {
}
// Check default intentions bubble up
if !acl.IntentionDefault() {
if !acl.IntentionDefaultAllow() {
t.Fatal("should allow")
}
}
@ -623,7 +623,7 @@ func TestPolicyACL_Parent(t *testing.T) {
}
// Check default intentions
if acl.IntentionDefault() {
if acl.IntentionDefaultAllow() {
t.Fatal("should not allow")
}
}

2
agent/agent_endpoint.go
View File

@ -984,7 +984,7 @@ func (s *HTTPServer) AgentConnectAuthorize(resp http.ResponseWriter, req *http.R
authz := true
reason := "ACLs disabled, access is allowed by default"
if rule != nil {
authz = rule.IntentionDefault()
authz = rule.IntentionDefaultAllow()
reason = "Default behavior configured by ACLs"
}