4cb251497f
When converting from Consul intentions to xds RBAC rules, services imported from other peers must encode additional data like partition (from the remote cluster) and trust domain. This PR updates the PeeringTrustBundle to hold the sending side's local partition as ExportedPartition. It also updates RBAC code to encode SpiffeIDs of imported services with the ExportedPartition and TrustDomain.
29 lines
786 B
Go
29 lines
786 B
Go
//go:build !consulent
|
|
// +build !consulent
|
|
|
|
package connect
|
|
|
|
import (
|
|
"strings"
|
|
|
|
"github.com/hashicorp/consul/acl"
|
|
)
|
|
|
|
// GetEnterpriseMeta will synthesize an EnterpriseMeta struct from the SpiffeIDService.
|
|
// in OSS this just returns an empty (but never nil) struct pointer
|
|
func (id SpiffeIDService) GetEnterpriseMeta() *acl.EnterpriseMeta {
|
|
return &acl.EnterpriseMeta{}
|
|
}
|
|
|
|
// PartitionOrDefault breaks from OSS's pattern of returning empty strings.
|
|
// Although OSS has no support for partitions, it still needs to be able to
|
|
// handle exportedPartition from peered Consul Enterprise clusters in order
|
|
// to generate the correct SpiffeID.
|
|
func (id SpiffeIDService) PartitionOrDefault() string {
|
|
if id.Partition == "" {
|
|
return "default"
|
|
}
|
|
|
|
return strings.ToLower(id.Partition)
|
|
}
|