72a515f5ec
Highlights: - add new endpoint to query for intentions by exact match - using this endpoint from the CLI instead of the dump+filter approach - enforcing that OSS can only read/write intentions with a SourceNS or DestinationNS field of "default". - preexisting OSS intentions with now-invalid namespace fields will delete those intentions on initial election or for wildcard namespaces an attempt will be made to downgrade them to "default" unless one exists. - also allow the '-namespace' CLI arg on all of the intention subcommands - update lots of docs
49 lines
1.1 KiB
Go
49 lines
1.1 KiB
Go
// +build !consulent
|
|
|
|
package agent
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestOSS_IntentionsCreate_failure(t *testing.T) {
|
|
t.Parallel()
|
|
|
|
a := NewTestAgent(t, "")
|
|
defer a.Shutdown()
|
|
|
|
doCreate := func(t *testing.T, srcNS, dstNS string) {
|
|
t.Helper()
|
|
args := structs.TestIntention(t)
|
|
args.SourceNS = srcNS
|
|
args.SourceName = "*"
|
|
args.DestinationNS = dstNS
|
|
args.DestinationName = "*"
|
|
req, _ := http.NewRequest("POST", "/v1/connect/intentions", jsonReader(args))
|
|
resp := httptest.NewRecorder()
|
|
_, err := a.srv.IntentionCreate(resp, req)
|
|
require.Error(t, err)
|
|
}
|
|
|
|
t.Run("wildcard source namespace", func(t *testing.T) {
|
|
doCreate(t, "*", "default")
|
|
})
|
|
t.Run("wildcard destination namespace", func(t *testing.T) {
|
|
doCreate(t, "default", "*")
|
|
})
|
|
t.Run("wildcard source and destination namespaces", func(t *testing.T) {
|
|
doCreate(t, "*", "*")
|
|
})
|
|
t.Run("non-default source namespace", func(t *testing.T) {
|
|
doCreate(t, "foo", "default")
|
|
})
|
|
t.Run("non-default destination namespace", func(t *testing.T) {
|
|
doCreate(t, "default", "foo")
|
|
})
|
|
}
|