Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of Add default intention policy into release/1.18.x #20546

Merged
merged 2 commits into from
Feb 8, 2024
Merged

Backport of Add default intention policy into release/1.18.x #20546

merged 2 commits into from
Feb 8, 2024

Conversation

hc-github-team-consul-core
Copy link
Collaborator

Backport

This PR is auto-generated from #20544 to be assessed for backporting due to the inclusion of the label backport/1.18.

The below text is copied from the body of the original PR.

Recommended to review commit-by-commit

Description

Adds a new agent configuration field DefaultIntentionPolicy (default_intention_policy) which controls how service-to-service traffic is authorized in the absence of specific intentions.

DefaultIntentionPolicy can be "allow", "deny", or "", where if left blank it will inherit the default ACL policy.

This field will de-couple the ACL subsystem from intentions, allowing users to incrementally adopt secure configurations one step at a time without dealing with implicit dependencies between the two subsystems.

Testing & Reproduction steps

  • Added unit tests which inject default intention policy and observe that it overrides the default ACL policy

PR Checklist

  • updated test coverage
  • external facing docs updated
  • appropriate backport labels added
  • not a security concern
Overview of commits

@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/kisunji/default-intention-policy-backport/kindly-organic-narwhal branch from f4a5069 to e42ca7d Compare February 8, 2024 20:25
@hc-github-team-consul-core hc-github-team-consul-core requested a review from a team as a code owner February 8, 2024 20:25
@github-actions github-actions bot added theme/acls ACL and token generation theme/config Relating to Consul Agent configuration, including reloading labels Feb 8, 2024
github-team-consul-core-pr-approver
github-team-consul-core-pr-approver approved these changes Feb 8, 2024
View reviewed changes
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auto approved Consul Bot automated PR

@kisunji kisunji enabled auto-merge (squash) February 8, 2024 20:53
@kisunji kisunji merged commit 112201a into release/1.18.x Feb 8, 2024
88 checks passed
@kisunji kisunji deleted the backport/kisunji/default-intention-policy-backport/kindly-organic-narwhal branch February 8, 2024 21:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-team-consul-core-pr-approver github-team-consul-core-pr-approver github-team-consul-core-pr-approver approved these changes

@kisunji kisunji Awaiting requested review from kisunji

Assignees

@kisunji kisunji

Labels
theme/acls ACL and token generation theme/config Relating to Consul Agent configuration, including reloading
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@hc-github-team-consul-core @github-team-consul-core-pr-approver @kisunji