consul/command/intention/check/check.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1

package check

import (
	"flag"
	"fmt"
	"io"

	"github.com/hashicorp/consul/api"
	"github.com/hashicorp/consul/command/flags"
	"github.com/mitchellh/cli"
)

func New(ui cli.Ui) *cmd {
	c := &cmd{UI: ui}
	c.init()
	return c
}

type cmd struct {
	UI    cli.Ui
	flags *flag.FlagSet
	http  *flags.HTTPFlags
	help  string

	// testStdin is the input for testing.
	testStdin io.Reader
}

func (c *cmd) init() {
	c.flags = flag.NewFlagSet("", flag.ContinueOnError)
	c.http = &flags.HTTPFlags{}
	flags.Merge(c.flags, c.http.ClientFlags())
	flags.Merge(c.flags, c.http.ServerFlags())
	flags.Merge(c.flags, c.http.MultiTenancyFlags())
	c.help = flags.Usage(help, c.flags)
}

func (c *cmd) Run(args []string) int {
	if err := c.flags.Parse(args); err != nil {
		return 2
	}

	args = c.flags.Args()
	if len(args) != 2 {
		c.UI.Error(fmt.Sprintf("Error: command requires exactly two arguments: src and dst"))
		return 2
	}

	// Create and test the HTTP client
	client, err := c.http.APIClient()
	if err != nil {
		c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err))
		return 2
	}

	// Check the intention
	allowed, _, err := client.Connect().IntentionCheck(&api.IntentionCheck{
		Source:      args[0],
		Destination: args[1],
		SourceType:  api.IntentionSourceConsul,
	}, nil)
	if err != nil {
		c.UI.Error(fmt.Sprintf("Error checking the connection: %s", err))
		return 2
	}

	if allowed {
		c.UI.Output("Allowed")
		return 0
	}

	c.UI.Output("Denied")
	return 1
}

func (c *cmd) Synopsis() string {
	return synopsis
}

func (c *cmd) Help() string {
	return c.help
}

const (
	synopsis = "Check whether a connection between two services is allowed."
	help     = `
Usage: consul intention check [options] SRC DST

  Check whether a connection between SRC and DST would be allowed by
  Connect given the current Consul configuration.

      $ consul intention check web db

`
)