You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This PR is auto-generated from hashicorp#20544 to be assessed for backporting due to the inclusion of the label backport/1.18.
The below text is copied from the body of the original PR.
Recommended to review commit-by-commit
Description
Adds a new agent configuration field DefaultIntentionPolicy (default_intention_policy) which controls how service-to-service traffic is authorized in the absence of specific intentions.
DefaultIntentionPolicy can be "allow", "deny", or "", where if left blank it will inherit the default ACL policy.
This field will de-couple the ACL subsystem from intentions, allowing users to incrementally adopt secure configurations one step at a time without dealing with implicit dependencies between the two subsystems.
Testing & Reproduction steps
Added unit tests which inject default intention policy and observe that it overrides the default ACL policy
Backport
This PR is auto-generated from hashicorp#20544 to be assessed for backporting due to the inclusion of the label backport/1.18.
The below text is copied from the body of the original PR.
Recommended to review commit-by-commit
Description
Adds a new agent configuration field
DefaultIntentionPolicy(default_intention_policy) which controls how service-to-service traffic is authorized in the absence of specific intentions.DefaultIntentionPolicycan be"allow","deny", or"", where if left blank it will inherit the default ACL policy.This field will de-couple the ACL subsystem from intentions, allowing users to incrementally adopt secure configurations one step at a time without dealing with implicit dependencies between the two subsystems.
Testing & Reproduction steps
PR Checklist
Overview of commits
The text was updated successfully, but these errors were encountered: