Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix missing permissions for mesh gateway #215

Merged
merged 15 commits into from
Jan 22, 2024
Merged

Fix missing permissions for mesh gateway #215

merged 15 commits into from
Jan 22, 2024

Conversation

Ganeshrockz
Copy link
Contributor

@Ganeshrockz Ganeshrockz commented Jan 22, 2024
edited
Loading

Changes proposed in this PR:

  • Adds the missing mesh:write and peering:read permissions for mesh gateway based ECS tasks according to https://developer.hashicorp.com/consul/docs/security/acl/tokens/create/create-a-mesh-gateway-token#consul-enterprise-in-default-partition.
  • Following are the changes made in the PR to support the same
    • Create a role named consul-ecs-mesh-gateway-role by default.
    • Create a policy named consul-ecs-mesh-gateway-policy with the relevant rules and link it to the role.
    • Create a binding rule to the auth method for mesh-gateway based service kind iam entity tags. Whenever a login is performed from a mesh gtw based ECS task, the binding rule makes sure to link the token to the existing mesh gateway role.

How I've tested this PR:

CI

How I expect reviewers to test this PR:

Checklist:

  • Tests added
  • CHANGELOG entry added

@Ganeshrockz Ganeshrockz temporarily deployed to dockerhub/hashicorpdev January 22, 2024 04:17 — with GitHub Actions Inactive
@Ganeshrockz Ganeshrockz temporarily deployed to dockerhub/hashicorpdev January 22, 2024 04:57 — with GitHub Actions Inactive
@Ganeshrockz Ganeshrockz changed the title Add mesh GTW inbuilt policy Fix missing permissions for mesh gateway Jan 22, 2024
@Ganeshrockz Ganeshrockz marked this pull request as ready for review January 22, 2024 06:31
@Ganeshrockz Ganeshrockz requested review from a team and aahel and removed request for a team January 22, 2024 06:31
@Ganeshrockz Ganeshrockz temporarily deployed to dockerhub/hashicorpdev January 22, 2024 06:48 — with GitHub Actions Inactive
@Ganeshrockz Ganeshrockz mentioned this pull request Jan 22, 2024
Merged
2 tasks
tauhid621
tauhid621 approved these changes Jan 22, 2024
View reviewed changes
Copy link
Collaborator

@tauhid621 tauhid621 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good. Left minor comments

subcommand/controller/command.go Outdated Show resolved Hide resolved
subcommand/controller/command.go Outdated Show resolved Hide resolved
@Ganeshrockz Ganeshrockz temporarily deployed to dockerhub/hashicorpdev January 22, 2024 17:43 — with GitHub Actions Inactive
@Ganeshrockz Ganeshrockz merged commit 1ccb4a1 into main Jan 22, 2024
21 checks passed
@Ganeshrockz Ganeshrockz deleted the net-7314/mesh-gtw-policy branch January 22, 2024 18:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tauhid621 tauhid621 tauhid621 approved these changes

@aahel aahel Awaiting requested review from aahel

Assignees
No one assigned
Labels
consul-india
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Ganeshrockz @tauhid621