luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/consul
History
Matt Keeler baa89c7c65
Intentions ACL enforcement updates (#7028) 
* Renamed structs.IntentionWildcard to structs.WildcardSpecifier

* Refactor ACL Config

Get rid of remnants of enterprise only renaming.

Add a WildcardName field for specifying what string should be used to indicate a wildcard.

* Add wildcard support in the ACL package

For read operations they can call anyAllowed to determine if any read access to the given resource would be granted.

For write operations they can call allAllowed to ensure that write access is granted to everything.

* Make v1/agent/connect/authorize namespace aware

* Update intention ACL enforcement

This also changes how intention:read is granted. Before the Intention.List RPC would allow viewing an intention if the token had intention:read on the destination. However Intention.Match allowed viewing if access was allowed for either the source or dest side. Now Intention.List and Intention.Get fall in line with Intention.Matches previous behavior.

Due to this being done a few different places ACL enforcement for a singular intention is now done with the CanRead and CanWrite methods on the intention itself.

* Refactor Intention.Apply to make things easier to follow.
 		2020-01-13 15:51:40 -05:00
..
authmethod Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) 2019-10-24 14:38:09 -04:00
autopilot autopilot: fix dead server removal condition to use correct failure tolerance (#4017) 2019-12-16 23:35:13 +01:00
discoverychain connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340) 2019-08-19 13:03:03 -05:00
fsm connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011) 2020-01-09 16:32:19 +01:00
prepared_query Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
state Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
testdata Fix support for RSA CA keys in Connect. (#6638) 2019-11-01 13:20:26 +00:00
acl.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
acl_authmethod.go Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) 2019-10-24 14:38:09 -04:00
acl_authmethod_test.go acl: adding support for kubernetes auth provider login (#5600) 2019-04-26 14:49:25 -05:00
acl_client.go OSS changes for implementing token based namespace inferencing 2019-12-18 14:07:08 -05:00
acl_endpoint.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
acl_endpoint_legacy.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
acl_endpoint_test.go Unflake the TestACLEndpoint_TokenList test 2019-12-18 14:07:07 -05:00
acl_oss.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
acl_oss_test.go Update the ACL Resolver to allow for Consul Enterprise specific hooks. (#6687) 2019-10-25 11:06:16 -04:00
acl_replication.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
acl_replication_legacy.go Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) 2019-10-24 14:38:09 -04:00
acl_replication_legacy_test.go Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) 2019-10-24 14:38:09 -04:00
acl_replication_test.go Miscellaneous Fixes (#6896) 2019-12-06 14:01:34 -05:00
acl_replication_types.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
acl_server.go OSS changes for implementing token based namespace inferencing 2019-12-18 14:07:08 -05:00
acl_test.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
acl_token_exp.go Ensure that cache entries for tokens are prefixed “token-secret… (#6688) 2019-10-25 13:05:43 -04:00
acl_token_exp_test.go acl: adding support for kubernetes auth provider login (#5600) 2019-04-26 14:49:25 -05:00
auto_encrypt.go Make all Connect Cert Common Names valid FQDNs (#6423) 2019-11-11 17:11:54 +00:00
auto_encrypt_endpoint.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
auto_encrypt_endpoint_test.go Make all Connect Cert Common Names valid FQDNs (#6423) 2019-11-11 17:11:54 +00:00
auto_encrypt_test.go make sure auto_encrypt has private key type and bits 2019-08-26 13:09:50 +02:00
autopilot.go Remove failed nodes from serfWAN (#6028) 2019-06-28 12:40:07 -05:00
autopilot_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
autopilot_test.go autopilot: fix dead server removal condition to use correct failure tolerance (#4017) 2019-12-16 23:35:13 +01:00
catalog_endpoint.go OSS changes for implementing token based namespace inferencing 2019-12-18 14:07:08 -05:00
catalog_endpoint_test.go connect: remove managed proxies (#6220) 2019-08-09 15:19:30 -04:00
client.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
client_serf.go Call RemoveServer for reap events (#5317) 2019-03-04 09:19:35 -05:00
client_test.go sdk: add freelist tracking and ephemeral port range skipping to freeport 2019-09-17 14:30:43 -05:00
config.go Add EnterpriseConfig stubs (#6566) 2019-10-01 14:34:55 -04:00
config_endpoint.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
config_endpoint_test.go Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
config_replication.go Implement config entry replication (#5706) 2019-04-26 13:38:39 -04:00
config_replication_test.go Add integration test for central config; fix central config WIP (#5752) 2019-05-01 16:39:31 -07:00
connect_ca_endpoint.go connect: Add AWS PCA provider (#6795) 2019-11-21 17:40:29 +00:00
connect_ca_endpoint_test.go Support Connect CAs that can't cross sign (#6726) 2019-11-11 21:36:22 +00:00
consul_ca_delegate.go connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011) 2020-01-09 16:32:19 +01:00
coordinate_endpoint.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
coordinate_endpoint_test.go Add fmt and vet (#5671) 2019-04-25 12:26:33 -04:00
discovery_chain_endpoint.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
discovery_chain_endpoint_test.go connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340) 2019-08-19 13:03:03 -05:00
enterprise_client_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
enterprise_config_oss.go Add EnterpriseConfig stubs (#6566) 2019-10-01 14:34:55 -04:00
enterprise_server_oss.go Add hook for validating the enterprise meta attached to a reque… (#6695) 2019-10-30 12:42:39 -04:00
filter.go Rename EnterpriseAuthorizerContext -> AuthorizerContext 2019-12-18 13:43:24 -05:00
filter_test.go OSS KV Modifications to Support Namespaces 2019-11-25 12:57:35 -05:00
flood.go Add segment addr field to tags for LAN flood joiner 2017-08-30 11:58:29 -07:00
health_endpoint.go OSS changes for implementing token based namespace inferencing 2019-12-18 14:07:08 -05:00
health_endpoint_test.go Implement data filtering of some endpoints (#5579) 2019-04-16 12:00:15 -04:00
helper_test.go Implement Mesh Gateways 2019-07-01 16:28:30 -04:00
intention_endpoint.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
intention_endpoint_test.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
internal_endpoint.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
internal_endpoint_test.go Merge Consul OSS branch 'master' at commit 8f7586b339dbb518eff3a2eec27d7b8eae7a3fbb 2019-08-13 02:00:43 +00:00
issue_test.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
kvs_endpoint.go OSS changes for implementing token based namespace inferencing 2019-12-18 14:07:08 -05:00
kvs_endpoint_test.go OSS KV Modifications to Support Namespaces 2019-11-25 12:57:35 -05:00
leader.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
leader_connect.go connect: ensure that updates to the secondary root CA configuration use the correct signing key ID values for comparison (#7012) 2020-01-09 16:28:16 +01:00
leader_connect_test.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
leader_routine_manager.go Implement Leader Routine Management (#6580) 2019-10-04 13:08:45 -04:00
leader_routine_manager_test.go Implement Leader Routine Management (#6580) 2019-10-04 13:08:45 -04:00
leader_test.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
merge.go Takes the skip out of the client check. 2017-09-06 17:05:40 -07:00
merge_test.go Skips unique node ID check for old versions of Consul. 2017-09-05 22:57:29 -07:00
operator_autopilot_endpoint.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
operator_autopilot_endpoint_test.go Set MinQuorum variable in Autopilot (#6654) 2019-10-29 09:04:41 -05:00
operator_endpoint.go pkg refactor 2017-06-10 18:52:45 +02:00
operator_raft_endpoint.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
operator_raft_endpoint_test.go sdk: add freelist tracking and ephemeral port range skipping to freeport 2019-09-17 14:30:43 -05:00
prepared_query_endpoint.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
prepared_query_endpoint_test.go OSS Modifications necessary for sessions namespacing 2019-11-25 12:07:04 -05:00
raft_rpc.go agent: move conn pool for muxed connections into separate pkg 2017-06-21 05:42:39 +02:00
replication.go More Replication Abstractions (#6689) 2019-10-28 13:49:57 -04:00
replication_test.go More Replication Abstractions (#6689) 2019-10-28 13:49:57 -04:00
rpc.go rpc: log method when a server/server RPC call fails (#4548) 2020-01-13 19:55:29 +01:00
rpc_test.go Add fmt and vet (#5671) 2019-04-25 12:26:33 -04:00
rtt.go Added Coordinate.Node rpc endpoint and client api method 2017-10-26 19:16:40 -07:00
rtt_test.go Fix more unstable tests in agent and command 2018-09-12 14:49:27 +01:00
segment_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
serf_test.go pkg refactor 2017-06-10 18:52:45 +02:00
server.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
server_lookup.go Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
server_lookup_test.go More cleanup from code review 2017-08-30 12:31:36 -05:00
server_oss.go connect: expose an API endpoint to compile the discovery chain (#6248) 2019-08-02 15:34:54 -05:00
server_serf.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
server_test.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
session_endpoint.go OSS changes for implementing token based namespace inferencing 2019-12-18 14:07:08 -05:00
session_endpoint_test.go OSS Modifications necessary for sessions namespacing 2019-11-25 12:07:04 -05:00
session_timers.go address review comments 2017-07-07 09:22:34 +02:00
session_timers_test.go rpc: refactor sessionTimers and fix racy tests 2017-07-07 09:22:34 +02:00
session_ttl.go OSS Modifications necessary for sessions namespacing 2019-11-25 12:07:04 -05:00
session_ttl_test.go OSS Modifications necessary for sessions namespacing 2019-11-25 12:07:04 -05:00
snapshot_endpoint.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
snapshot_endpoint_test.go OSS Modifications necessary for sessions namespacing 2019-11-25 12:07:04 -05:00
stats_fetcher.go Clean up StatsFetcher work when context is exceeded (#6086) 2019-07-12 08:23:28 -06:00
stats_fetcher_test.go Flaky test overhaul (#6100) 2019-07-12 09:52:26 -06:00
status_endpoint.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
status_endpoint_test.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
txn_endpoint.go fix typos reported by golangci-lint:misspell (#5434) 2019-03-06 11:13:28 -06:00
txn_endpoint_test.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
util.go Filter out left/leaving serf members when determining if new AC… (#6332) 2019-08-16 10:34:18 -04:00
util_test.go Filter out left/leaving serf members when determining if new AC… (#6332) 2019-08-16 10:34:18 -04:00