Skip to content

Commit

Permalink
intentions fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@absolutelightning
absolutelightning committed Oct 4, 2023
1 parent 28bd93e commit 5ac3ed7
Show file tree
Hide file tree
Showing 2 changed files with 76 additions and 46 deletions.
91 changes: 46 additions & 45 deletions consul/resource_consul_config_entry_service_intentions.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -346,8 +346,6 @@ func (s *serviceIntentions) Decode(d *schema.ResourceData) (consulapi.ConfigEntr
sourceIntention.Action = consulapi.IntentionActionAllow
} else if sourceMap["action"].(string) == "deny" {
sourceIntention.Action = consulapi.IntentionActionDeny
} else {
return nil, fmt.Errorf("action is invalid. it should either be allow or deny")
}
}
if sourceMap["permissions"] != nil {
Expand All @@ -367,51 +365,54 @@ func (s *serviceIntentions) Decode(d *schema.ResourceData) (consulapi.ConfigEntr
if permissionMap["http"] != nil {
var intentionPermissionHTTP *consulapi.IntentionHTTPPermission
intentionPermissionHTTP = new(consulapi.IntentionHTTPPermission)
httpMap := permissionMap["http"].(map[string]interface{})
if httpMap["path_exact"] != nil {
intentionPermissionHTTP.PathExact = httpMap["path_exact"].(string)
}
if httpMap["path_prefix"] != nil {
intentionPermissionHTTP.PathPrefix = httpMap["path_prefix"].(string)
}
if httpMap["path_regex"] != nil {
intentionPermissionHTTP.PathPrefix = httpMap["path_regex"].(string)
}
if httpMap["methods"] != nil {
httpMethods := make([]string, 0)
for _, v := range httpMap["methods"].([]interface{}) {
httpMethods = append(httpMethods, v.(string))
httpMap := permissionMap["http"].(*schema.Set).List()
if len(httpMap) > 0 {
httpMapFirst := httpMap[0].(map[string]interface{})
if httpMapFirst["path_exact"] != nil {
intentionPermissionHTTP.PathExact = httpMapFirst["path_exact"].(string)
}
intentionPermissionHTTP.Methods = httpMethods
}
intentionPermission.HTTP = intentionPermissionHTTP
if httpMap["headers"] != nil {
httpHeaderPermissions := make([]consulapi.IntentionHTTPHeaderPermission, 0)
for _, v := range httpMap["headers"].([]interface{}) {
var httpHeaderPermission consulapi.IntentionHTTPHeaderPermission
headerPermissionMap := v.(map[string]interface{})
if headerPermissionMap["name"] != nil {
httpHeaderPermission.Name = headerPermissionMap["name"].(string)
}
if headerPermissionMap["present"] != nil {
httpHeaderPermission.Present = headerPermissionMap["present"].(bool)
}
if headerPermissionMap["exact"] != nil {
httpHeaderPermission.Exact = headerPermissionMap["exact"].(string)
}
if headerPermissionMap["prefix"] != nil {
httpHeaderPermission.Prefix = headerPermissionMap["prefix"].(string)
}
if headerPermissionMap["suffix"] != nil {
httpHeaderPermission.Suffix = headerPermissionMap["suffix"].(string)
}
if headerPermissionMap["regex"] != nil {
httpHeaderPermission.Regex = headerPermissionMap["regex"].(string)
if httpMapFirst["path_prefix"] != nil {
intentionPermissionHTTP.PathPrefix = httpMapFirst["path_prefix"].(string)
}
if httpMapFirst["path_regex"] != nil {
intentionPermissionHTTP.PathPrefix = httpMapFirst["path_regex"].(string)
}
if httpMapFirst["methods"] != nil {
httpMethods := make([]string, 0)
for _, v := range httpMapFirst["methods"].([]interface{}) {
httpMethods = append(httpMethods, v.(string))
}
if headerPermissionMap["invert"] != nil {
httpHeaderPermission.Invert = headerPermissionMap["invert"].(bool)
intentionPermissionHTTP.Methods = httpMethods
}
intentionPermission.HTTP = intentionPermissionHTTP
if httpMapFirst["headers"] != nil {
httpHeaderPermissions := make([]consulapi.IntentionHTTPHeaderPermission, 0)
for _, v := range httpMapFirst["headers"].([]interface{}) {
var httpHeaderPermission consulapi.IntentionHTTPHeaderPermission
headerPermissionMap := v.(map[string]interface{})
if headerPermissionMap["name"] != nil {
httpHeaderPermission.Name = headerPermissionMap["name"].(string)
}
if headerPermissionMap["present"] != nil {
httpHeaderPermission.Present = headerPermissionMap["present"].(bool)
}
if headerPermissionMap["exact"] != nil {
httpHeaderPermission.Exact = headerPermissionMap["exact"].(string)
}
if headerPermissionMap["prefix"] != nil {
httpHeaderPermission.Prefix = headerPermissionMap["prefix"].(string)
}
if headerPermissionMap["suffix"] != nil {
httpHeaderPermission.Suffix = headerPermissionMap["suffix"].(string)
}
if headerPermissionMap["regex"] != nil {
httpHeaderPermission.Regex = headerPermissionMap["regex"].(string)
}
if headerPermissionMap["invert"] != nil {
httpHeaderPermission.Invert = headerPermissionMap["invert"].(bool)
}
httpHeaderPermissions = append(httpHeaderPermissions, httpHeaderPermission)
}
httpHeaderPermissions = append(httpHeaderPermissions, httpHeaderPermission)
}
}
}
Expand Down Expand Up @@ -514,7 +515,7 @@ func (s *serviceIntentions) Write(ce consulapi.ConfigEntry, sw *stateWriter) err
for _, permission := range source.Permissions {
permissionMap := make(map[string]interface{})
permissionMap["action"] = permission.Action
permissionHttp := make([]map[string]interface{}, 0)
permissionHttp := make([]map[string]interface{}, 1)
permissionHttp[0] = make(map[string]interface{})
permissionHttp[0]["path_exact"] = permission.HTTP.PathExact
permissionHttp[0]["path_prefix"] = permission.HTTP.PathPrefix
Expand Down
31 changes: 30 additions & 1 deletion consul/resource_consul_config_entry_service_intentions_ce_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,5 +25,34 @@ func TestAccConsulConfigEntryServiceIntentionsCETest(t *testing.T) {
}

const testConsulConfigEntryServiceIntentionsCE = `
resource
name = "service-intention-3"
meta = {
key = "value"
}
jwt {
providers {
name = consul_config_entry.jwt_provider.name
verify_claims {
path = ["/", "path1"]
value = ""
}
verify_claims {
path = ["/path"]
value = "value"
}
}
}
sources {
action = "allow"
name = "frontend-webapp"
precedence = 9
type = "consul"
}
sources {
action = "allow"
name = "nightly-cronjob"
precedence = 9
type = "consul"
}
`

0 comments on commit 5ac3ed7

Please sign in to comment.