ref: method renaming for cataloger endpoint methods

DESIGN.md

@@ -302,11 +302,11 @@ type MeshCataloger interface {
 	// GetSMISpec returns the SMI spec
 	GetSMISpec() smi.MeshSpec
 
-	// ListAllowedInboundServiceIdentities lists the downstream service identities that can connect to the given service account
-	ListAllowedInboundServiceIdentities(service.K8sServiceAccount) ([]service.K8sServiceAccount, error)
+	// ListInboundServiceIdentities lists the downstream service identities that can connect to the given service account
+	ListInboundServiceIdentities(service.K8sServiceAccount) ([]service.K8sServiceAccount, error)
 
-	// ListAllowedOutboundServiceIdentities lists the upstream service identities the given service account can connect to
-	ListAllowedOutboundServiceIdentities(service.K8sServiceAccount) ([]service.K8sServiceAccount, error)
+	// ListOutboundServiceIdentities lists the upstream service identities the given service account can connect to
+	ListOutboundServiceIdentities(service.K8sServiceAccount) ([]service.K8sServiceAccount, error)
 
 	// ListServiceIdentitiesForService lists the service identities associated with the given service
 	ListServiceIdentitiesForService(service.MeshService) ([]service.K8sServiceAccount, error)

pkg/catalog/endpoint.go

@@ -38,8 +38,8 @@ func (mc *MeshCatalog) GetResolvableServiceEndpoints(svc service.MeshService) ([
 	return endpoints, nil
 }
 
-// ListEndpointsForServiceIdentity returns only those endpoints for a allowed outbound service accounts
-// for the given downstream identity
+// ListEndpointsForServiceIdentity returns a list of endpoints that belongs to an upstream service accounts
+// from the given downstream identity's perspective
 // Note: ServiceIdentity must be in the format "name.namespace" [https://github.com/openservicemesh/osm/issues/3188]
 func (mc *MeshCatalog) ListEndpointsForServiceIdentity(downstreamIdentity identity.ServiceIdentity, upstreamSvc service.MeshService) ([]endpoint.Endpoint, error) {
 	outboundEndpoints, err := mc.listEndpointsForService(upstreamSvc)
@@ -52,9 +52,8 @@ func (mc *MeshCatalog) ListEndpointsForServiceIdentity(downstreamIdentity identi
 		ipStr := ep.IP.String()
 		outboundEndpointsSet[ipStr] = append(outboundEndpointsSet[ipStr], ep)
 	}
-	log.Info().Msgf("outbound endpoints: %v", outboundEndpointsSet)
 
-	destSvcIdentities, err := mc.ListAllowedOutboundServiceIdentities(downstreamIdentity)
+	destSvcIdentities, err := mc.ListOutboundServiceIdentities(downstreamIdentity)
 	if err != nil {
 		log.Error().Err(err).Msgf("Error looking up outbound service accounts for downstream identity %s", downstreamIdentity)
 		return nil, err
@@ -64,14 +63,11 @@ func (mc *MeshCatalog) ListEndpointsForServiceIdentity(downstreamIdentity identi
 	// i.e. only those interseting endpoints are taken into cosideration
 	var allowedEndpoints []endpoint.Endpoint
 	for _, destSvcIdentity := range destSvcIdentities {
-		log.Info().Msgf("ups svc endpoints: %v, %v", destSvcIdentity, mc.listEndpointsForServiceIdentity(destSvcIdentity))
-
 		for _, ep := range mc.listEndpointsForServiceIdentity(destSvcIdentity) {
 			epIPStr := ep.IP.String()
 			// check if endpoint IP is allowed
 			if _, ok := outboundEndpointsSet[epIPStr]; ok {
 				// add all allowed endpoints on the pod to result list
-				// TODO(allenlsy): only allow endpoint with matching port
 				allowedEndpoints = append(allowedEndpoints, outboundEndpointsSet[epIPStr]...)
 			}
 		}

pkg/catalog/outbound_traffic_policies.go

@@ -109,9 +109,9 @@ func (mc *MeshCatalog) listOutboundTrafficPoliciesForTrafficSplits(sourceNamespa
 	return outboundPoliciesFromSplits
 }
 
-// ListAllowedOutboundServicesForIdentity list the services the given service account is allowed to initiate outbound connections to
+// ListOutboundServicesForIdentity list the services the given service account is allowed to initiate outbound connections to
 // Note: ServiceIdentity must be in the format "name.namespace" [https://github.com/openservicemesh/osm/issues/3188]
-func (mc *MeshCatalog) ListAllowedOutboundServicesForIdentity(serviceIdentity identity.ServiceIdentity) []service.MeshService {
+func (mc *MeshCatalog) ListOutboundServicesForIdentity(serviceIdentity identity.ServiceIdentity) []service.MeshService {
 	ident := serviceIdentity.ToK8sServiceAccount()
 	if mc.isOSMGateway(serviceIdentity) {
 		var services []service.MeshService
@@ -312,7 +312,7 @@ func (mc *MeshCatalog) GetWeightedClustersForUpstream(upstream service.MeshServi
 // ListMeshServicesForIdentity returns a list of services the service with the
 // given identity can communicate with, including apex TrafficSplit services.
 func (mc *MeshCatalog) ListMeshServicesForIdentity(identity identity.ServiceIdentity) []service.MeshService {
-	upstreamServices := mc.ListAllowedOutboundServicesForIdentity(identity)
+	upstreamServices := mc.ListOutboundServicesForIdentity(identity)
 	if len(upstreamServices) == 0 {
 		log.Debug().Msgf("Proxy with identity %s does not have any allowed upstream services", identity)
 		return nil

pkg/catalog/outbound_traffic_policies_test.go

@@ -753,7 +753,7 @@ func TestListOutboundTrafficPoliciesForTrafficSplits(t *testing.T) {
 	}
 }
 
-func TestListAllowedOutboundServicesForIdentity(t *testing.T) {
+func TestListOutboundServicesForIdentity(t *testing.T) {
 	assert := tassert.New(t)
 
 	testCases := []struct {
@@ -796,7 +796,7 @@ func TestListAllowedOutboundServicesForIdentity(t *testing.T) {
 			mc := newFakeMeshCatalogForRoutes(t, testParams{
 				permissiveMode: tc.permissiveMode,
 			})
-			actualList := mc.ListAllowedOutboundServicesForIdentity(tc.svcIdentity)
+			actualList := mc.ListOutboundServicesForIdentity(tc.svcIdentity)
 			assert.ElementsMatch(actualList, tc.expectedList)
 		})
 	}

pkg/catalog/traffictarget.go

@@ -21,15 +21,15 @@ const (
 	httpRouteGroupKind = "HTTPRouteGroup"
 )
 
-// ListAllowedInboundServiceIdentities lists the downstream service identities that can connect to the given upstream service account
+// ListInboundServiceIdentities lists the downstream service identities that are allowed to connect to the given service identity
 // Note: ServiceIdentity must be in the format "name.namespace" [https://github.com/openservicemesh/osm/issues/3188]
-func (mc *MeshCatalog) ListAllowedInboundServiceIdentities(upstream identity.ServiceIdentity) ([]identity.ServiceIdentity, error) {
+func (mc *MeshCatalog) ListInboundServiceIdentities(upstream identity.ServiceIdentity) ([]identity.ServiceIdentity, error) {
 	return mc.getAllowedDirectionalServiceAccounts(upstream, inbound)
 }
 
-// ListAllowedOutboundServiceIdentities lists the upstream service identities the given downstream service account can connect to
+// ListOutboundServiceIdentities lists the upstream service identities the given service identity are allowed to connect to
 // Note: ServiceIdentity must be in the format "name.namespace" [https://github.com/openservicemesh/osm/issues/3188]
-func (mc *MeshCatalog) ListAllowedOutboundServiceIdentities(downstream identity.ServiceIdentity) ([]identity.ServiceIdentity, error) {
+func (mc *MeshCatalog) ListOutboundServiceIdentities(downstream identity.ServiceIdentity) ([]identity.ServiceIdentity, error) {
 	return mc.getAllowedDirectionalServiceAccounts(downstream, outbound)
 }
 

pkg/catalog/traffictarget_test.go

@@ -17,7 +17,7 @@ import (
 	"github.com/openservicemesh/osm/pkg/trafficpolicy"
 )
 
-func TestListAllowedInboundServiceIdentities(t *testing.T) {
+func TestListInboundServiceIdentities(t *testing.T) {
 	assert := tassert.New(t)
 	mockCtrl := gomock.NewController(t)
 	defer mockCtrl.Finish()
@@ -189,14 +189,14 @@ func TestListAllowedInboundServiceIdentities(t *testing.T) {
 			// Mock TrafficTargets returned by MeshSpec, should return all TrafficTargets relevant for this test
 			mockMeshSpec.EXPECT().ListTrafficTargets().Return(tc.trafficTargets).Times(1)
 
-			actual, err := meshCatalog.ListAllowedInboundServiceIdentities(tc.serviceIdentity)
+			actual, err := meshCatalog.ListInboundServiceIdentities(tc.serviceIdentity)
 			assert.Equal(err != nil, tc.expectError)
 			assert.ElementsMatch(actual, tc.expectedInboundServiceIdentities)
 		})
 	}
 }
 
-func TestListAllowedOutboundServiceIdentities(t *testing.T) {
+func TestListOutboundServiceIdentities(t *testing.T) {
 	assert := tassert.New(t)
 	mockCtrl := gomock.NewController(t)
 	defer mockCtrl.Finish()
@@ -372,7 +372,7 @@ func TestListAllowedOutboundServiceIdentities(t *testing.T) {
 			// Mock TrafficTargets returned by MeshSpec, should return all TrafficTargets relevant for this test
 			mockMeshSpec.EXPECT().ListTrafficTargets().Return(tc.trafficTargets).Times(1)
 
-			actual, err := meshCatalog.ListAllowedOutboundServiceIdentities(tc.serviceIdentity)
+			actual, err := meshCatalog.ListOutboundServiceIdentities(tc.serviceIdentity)
 			assert.Equal(err != nil, tc.expectError)
 			assert.ElementsMatch(actual, tc.expectedOutboundServiceIdentities)
 		})

pkg/catalog/types.go

@@ -49,14 +49,14 @@ type MeshCataloger interface {
 	// ListOutboundTrafficPolicies returns all outbound traffic policies related to the given service identity
 	ListOutboundTrafficPolicies(identity.ServiceIdentity) []*trafficpolicy.OutboundTrafficPolicy
 
-	// ListAllowedOutboundServicesForIdentity list the services the given service identity is allowed to initiate outbound connections to
-	ListAllowedOutboundServicesForIdentity(identity.ServiceIdentity) []service.MeshService
+	// ListOutboundServicesForIdentity list the services the given service identity is allowed to initiate outbound connections to
+	ListOutboundServicesForIdentity(identity.ServiceIdentity) []service.MeshService
 
-	// ListAllowedInboundServiceIdentities lists the downstream service identities that can connect to the given service identity
-	ListAllowedInboundServiceIdentities(identity.ServiceIdentity) ([]identity.ServiceIdentity, error)
+	// ListInboundServiceIdentities lists the downstream service identities that are allowed to connect to the given service identity
+	ListInboundServiceIdentities(identity.ServiceIdentity) ([]identity.ServiceIdentity, error)
 
-	// ListAllowedOutboundServiceIdentities lists the upstream service identities the given service identity can connect to
-	ListAllowedOutboundServiceIdentities(identity.ServiceIdentity) ([]identity.ServiceIdentity, error)
+	// ListOutboundServiceIdentities lists the upstream service identities the given service identity are allowed to connect to
+	ListOutboundServiceIdentities(identity.ServiceIdentity) ([]identity.ServiceIdentity, error)
 
 	// ListServiceIdentitiesForService lists the service identities associated with the given service
 	ListServiceIdentitiesForService(service.MeshService) ([]identity.ServiceIdentity, error)

pkg/envoy/ads/secrets.go

@@ -70,7 +70,7 @@ func makeRequestForAllSecrets(proxy *envoy.Proxy, meshCatalog catalog.MeshCatalo
 
 	// Create an SDS validation cert corresponding to each upstream service that this proxy can connect to.
 	// Each cert is used to validate the certificate presented by the corresponding upstream service.
-	upstreamServices := meshCatalog.ListAllowedOutboundServicesForIdentity(proxyIdentity)
+	upstreamServices := meshCatalog.ListOutboundServicesForIdentity(proxyIdentity)
 	for _, upstream := range upstreamServices {
 		upstreamRootCertResource := secrets.SDSCert{
 			Name:     upstream.NameWithoutCluster(),

pkg/envoy/ads/secrets_test.go

@@ -130,7 +130,7 @@ func TestMakeRequestForAllSecrets(t *testing.T) {
 		t.Run(fmt.Sprintf("Testing test case %d: %s", i, tc.name), func(t *testing.T) {
 			assert := tassert.New(t)
 
-			mockCatalog.EXPECT().ListAllowedOutboundServicesForIdentity(tc.proxyIdentity).Return(tc.allowedOutboundServices).Times(1)
+			mockCatalog.EXPECT().ListOutboundServicesForIdentity(tc.proxyIdentity).Return(tc.allowedOutboundServices).Times(1)
 
 			actual := makeRequestForAllSecrets(testProxy, mockCatalog)
 

pkg/envoy/cds/response.go

@@ -25,7 +25,7 @@ func NewResponse(meshCatalog catalog.MeshCataloger, proxy *envoy.Proxy, _ *xds_d
 
 	if proxy.Kind() == envoy.KindGateway {
 		// Build remote clusters based on allowed outbound services
-		for _, dstService := range meshCatalog.ListAllowedOutboundServicesForIdentity(proxyIdentity) {
+		for _, dstService := range meshCatalog.ListOutboundServicesForIdentity(proxyIdentity) {
 			cluster, err := getUpstreamServiceCluster(proxyIdentity, dstService, cfg)
 			if err != nil {
 				log.Error().Err(err).Msgf("Failed to construct service cluster for service %s for proxy with XDS Certificate SerialNumber=%s on Pod with UID=%s",
@@ -39,7 +39,7 @@ func NewResponse(meshCatalog catalog.MeshCataloger, proxy *envoy.Proxy, _ *xds_d
 	}
 
 	// Build remote clusters based on allowed outbound services
-	for _, dstService := range meshCatalog.ListAllowedOutboundServicesForIdentity(proxyIdentity) {
+	for _, dstService := range meshCatalog.ListOutboundServicesForIdentity(proxyIdentity) {
 		opts := []clusterOption{withTLS}
 		if cfg.IsPermissiveTrafficPolicyMode() {
 			opts = append(opts, permissive)