|
|
|
@ -1063,12 +1063,40 @@ func (s *Store) intentionTopologyTxn(
|
|
|
|
|
// Ideally those should be excluded as well, since they can't be upstreams/downstreams without a proxy.
|
|
|
|
|
// Maybe narrow serviceNamesOfKindTxn to services represented by proxies? (ingress, sidecar-
|
|
|
|
|
wildcardMeta := structs.WildcardEnterpriseMetaInPartition(structs.WildcardSpecifier) |
|
|
|
|
var services []*KindServiceName |
|
|
|
|
|
|
|
|
|
services := make(map[structs.ServiceName]struct{}) |
|
|
|
|
addSvcs := func(svcs []*KindServiceName) { |
|
|
|
|
for _, s := range svcs { |
|
|
|
|
services[s.Service] = struct{}{} |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
var tempServices []*KindServiceName |
|
|
|
|
if intentionTarget == structs.IntentionTargetService { |
|
|
|
|
index, services, err = serviceNamesOfKindTxn(tx, ws, structs.ServiceKindTypical, *wildcardMeta) |
|
|
|
|
index, tempServices, err = serviceNamesOfKindTxn(tx, ws, structs.ServiceKindTypical, *wildcardMeta) |
|
|
|
|
if err != nil { |
|
|
|
|
return index, nil, fmt.Errorf("failed to list service names: %v", err) |
|
|
|
|
} |
|
|
|
|
addSvcs(tempServices) |
|
|
|
|
|
|
|
|
|
// Query the virtual ip table as well to include virtual services that don't have a registered instance yet.
|
|
|
|
|
vipIndex, vipServices, err := servicesVirtualIPsTxn(tx) |
|
|
|
|
if err != nil { |
|
|
|
|
return index, nil, fmt.Errorf("failed to list service virtual IPs: %v", err) |
|
|
|
|
} |
|
|
|
|
for _, svc := range vipServices { |
|
|
|
|
services[svc.Service.ServiceName] = struct{}{} |
|
|
|
|
} |
|
|
|
|
if vipIndex > index { |
|
|
|
|
index = vipIndex |
|
|
|
|
} |
|
|
|
|
} else { |
|
|
|
|
// destinations can only ever be upstream, since they are only allowed as intention destination.
|
|
|
|
|
index, services, err = serviceNamesOfKindTxn(tx, ws, structs.ServiceKindDestination, *wildcardMeta) |
|
|
|
|
index, tempServices, err = serviceNamesOfKindTxn(tx, ws, structs.ServiceKindDestination, *wildcardMeta) |
|
|
|
|
if err != nil { |
|
|
|
|
return index, nil, fmt.Errorf("failed to list destination service names: %v", err) |
|
|
|
|
} |
|
|
|
|
addSvcs(tempServices) |
|
|
|
|
} |
|
|
|
|
if err != nil { |
|
|
|
|
return index, nil, fmt.Errorf("failed to list ingress service names: %v", err) |
|
|
|
@ -1086,7 +1114,7 @@ func (s *Store) intentionTopologyTxn(
|
|
|
|
|
if index > maxIdx { |
|
|
|
|
maxIdx = index |
|
|
|
|
} |
|
|
|
|
services = append(services, ingress...) |
|
|
|
|
addSvcs(ingress) |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// When checking authorization to upstreams, the match type for the decision is `destination` because we are deciding
|
|
|
|
@ -1097,8 +1125,7 @@ func (s *Store) intentionTopologyTxn(
|
|
|
|
|
decisionMatchType = structs.IntentionMatchSource |
|
|
|
|
} |
|
|
|
|
result := make([]ServiceWithDecision, 0, len(services)) |
|
|
|
|
for _, svc := range services { |
|
|
|
|
candidate := svc.Service |
|
|
|
|
for candidate := range services { |
|
|
|
|
if candidate.Name == structs.ConsulServiceName { |
|
|
|
|
continue |
|
|
|
|
} |
|
|
|
|