Commit a687d09 1 parent 7839624 commit a687d09 Copy full SHA for a687d09
File tree 3 files changed +78
-8
lines changed
control-plane/subcommand/server-acl-init
3 files changed +78
-8
lines changed Original file line number Diff line number Diff line change 1+ ```release-note:bug
2+ connect-inject: fix issue where the ACL policy for the connect-injector included the `acl = "write"` rule twice when namespaces were not enabled.
3+ ```
Original file line number Diff line number Diff line change @@ -310,11 +310,11 @@ partition "{{ .PartitionName }}" {
310310 }
311311{{- if .EnableNamespaces }}
312312 namespace_prefix "" {
313+ acl = "write"
313314{{- end }}
314315{{- if .EnablePartitions }}
315316 policy = "write"
316317{{- end }}
317- acl = "write"
318318 service_prefix "" {
319319 policy = "write"
320320 intentions = "write"
Original file line number Diff line number Diff line change @@ -883,7 +883,6 @@ func TestInjectRules(t *testing.T) {
883883 node_prefix "" {
884884 policy = "write"
885885 }
886- acl = "write"
887886 service_prefix "" {
888887 policy = "write"
889888 intentions = "write"
@@ -917,7 +916,30 @@ func TestInjectRules(t *testing.T) {
917916 }` ,
918917 },
919918 {
920- EnableNamespaces : true ,
919+ EnableNamespaces : false ,
920+ EnablePartitions : true ,
921+ EnablePeering : false ,
922+ PartitionName : "part-1" ,
923+ Expected : `
924+ partition "part-1" {
925+ mesh = "write"
926+ acl = "write"
927+ node_prefix "" {
928+ policy = "write"
929+ }
930+ policy = "write"
931+ service_prefix "" {
932+ policy = "write"
933+ intentions = "write"
934+ }
935+ identity_prefix "" {
936+ policy = "write"
937+ intentions = "write"
938+ }
939+ }` ,
940+ },
941+ {
942+ EnableNamespaces : false ,
921943 EnablePartitions : false ,
922944 EnablePeering : true ,
923945 Expected : `
@@ -928,17 +950,14 @@ func TestInjectRules(t *testing.T) {
928950 node_prefix "" {
929951 policy = "write"
930952 }
931- namespace_prefix "" {
932- acl = "write"
933953 service_prefix "" {
934954 policy = "write"
935955 intentions = "write"
936956 }
937957 identity_prefix "" {
938958 policy = "write"
939959 intentions = "write"
940- }
941- }` ,
960+ }` ,
942961 },
943962 {
944963 EnableNamespaces : true ,
@@ -953,7 +972,32 @@ partition "part-1" {
953972 policy = "write"
954973 }
955974 namespace_prefix "" {
975+ acl = "write"
956976 policy = "write"
977+ service_prefix "" {
978+ policy = "write"
979+ intentions = "write"
980+ }
981+ identity_prefix "" {
982+ policy = "write"
983+ intentions = "write"
984+ }
985+ }
986+ }` ,
987+ },
988+ {
989+ EnableNamespaces : true ,
990+ EnablePartitions : false ,
991+ EnablePeering : true ,
992+ Expected : `
993+ mesh = "write"
994+ operator = "write"
995+ acl = "write"
996+ peering = "write"
997+ node_prefix "" {
998+ policy = "write"
999+ }
1000+ namespace_prefix "" {
9571001 acl = "write"
9581002 service_prefix "" {
9591003 policy = "write"
@@ -963,7 +1007,30 @@ partition "part-1" {
9631007 policy = "write"
9641008 intentions = "write"
9651009 }
1010+ }` ,
1011+ },
1012+ {
1013+ EnableNamespaces : false ,
1014+ EnablePartitions : true ,
1015+ EnablePeering : true ,
1016+ PartitionName : "part-1" ,
1017+ Expected : `
1018+ partition "part-1" {
1019+ mesh = "write"
1020+ acl = "write"
1021+ peering = "write"
1022+ node_prefix "" {
1023+ policy = "write"
9661024 }
1025+ policy = "write"
1026+ service_prefix "" {
1027+ policy = "write"
1028+ intentions = "write"
1029+ }
1030+ identity_prefix "" {
1031+ policy = "write"
1032+ intentions = "write"
1033+ }
9671034}` ,
9681035 },
9691036 {
@@ -980,8 +1047,8 @@ partition "part-1" {
9801047 policy = "write"
9811048 }
9821049 namespace_prefix "" {
983- policy = "write"
9841050 acl = "write"
1051+ policy = "write"
9851052 service_prefix "" {
9861053 policy = "write"
9871054 intentions = "write"
You can’t perform that action at this time.
0 commit comments