Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consul prefix services ACLs #905

Merged
merged 1 commit into from
May 6, 2015
Merged

Consul prefix services ACLs #905

merged 1 commit into from
May 6, 2015

Conversation

maver1ck
Copy link

@maver1ck maver1ck commented May 5, 2015

Hi,
I'm changed the way of consul checking service ACLs.
It's prefix based in this commit. No exact match like before.

What do you think about merging this to repo ?

@armon
Copy link
Member

armon commented May 6, 2015

@maver1ck Is this something that you guys need? To me prefix-based on service name seems a bit odd. I think exact match is simpler to reason about, but I'd appreciate the feedback

@maver1ck
Copy link
Author

maver1ck commented May 6, 2015

Hi,
For me it's necessery.

I explain why.
Let's assume that we have many service providers (e.g. SP1 and SP2)
I'd like to differentiate service name based on service provider.
So I'll have services:

  • sp1/service1
  • sp1/service2
  • sp2/service1
  • sp2/service2

Then I'd like to:

  • give SP1 rights to registers services only like sp1/* (same for SP2)
  • give clients rights to read services only from specified service providers.

It'll be rather microservices architecture so I will have A LOT of services and making ACL for every will be labor-intensive and difficult to maintain.

I hope I made it clear.

Maybe we could do this as an option in config file.

@armon
Copy link
Member

armon commented May 6, 2015

@maver1ck This makes sense to me!

armon added a commit that referenced this pull request May 6, 2015
Consul prefix services ACLs
@armon armon merged commit e111c38 into hashicorp:master May 6, 2015
duckhan pushed a commit to duckhan/consul that referenced this pull request Oct 24, 2021
Support transparent proxy in the consul helm chart
* Add new connectInject.transparentProxy.defaultEnabled value (default to true)
  that will allow users to enable or disable tproxy for each helm installation.
* Add acceptance tests for connect-inject to test with tproxy
* Acceptance tests default to tproxy not enabled since we don't fully support it for all features yet.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants