G-Research · marcin-krystianc · Jul 1, 2024 · Jun 26, 2024 · Jul 1, 2024
diff --git a/Consul.Test/AgentTest.cs b/Consul.Test/AgentTest.cs
@@ -1025,6 +1025,20 @@ public async Task Agent_Metrics()
             Assert.NotNull(agentMetrics.Response.Samples);
         }
 
+        [Fact]
+        public async Task Agent_ConnectAuthorize()
+        {
+            var parameters = new AgentAuthorizeParameters
+            {
+                Target = "foo",
+                ClientCertSerial = "fake",
+                ClientCertURI = "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/ny1/svc/web",
+            };
+            var result = await _client.Agent.ConnectAuthorize(parameters);
+            Assert.True(result.Response.Authorized);
+            Assert.Equal("Default behavior configured by ACLs", result.Response.Reason);
+        }
+
         [Fact]
         public async Task Agent_CARoots()
         {

diff --git a/Consul/Agent.cs b/Consul/Agent.cs
@@ -676,6 +676,19 @@ public class Sample
         public Dictionary<string, string> Labels { get; set; }
     }
 
+    public class AgentAuthorizeParameters
+    {
+        public string Target { get; set; }
+        public string ClientCertURI { get; set; }
+        public string ClientCertSerial { get; set; }
+    }
+
+    public class AgentAuthorizeResponse
+    {
+        public bool Authorized { get; set; }
+        public string Reason { get; set; }
+    }
+
     public class CARoots
     {
         public string ActiveRootID { get; set; }
@@ -1177,6 +1190,29 @@ public async Task<QueryResult<ServiceConfiguration>> GetServiceConfiguration(str
             return await _client.Get<ServiceConfiguration>($"/v1/agent/service/{serviceId}", q).Execute(ct).ConfigureAwait(false);
         }
 
+        /// <summary>
+        /// ConnectAuthorize tests whether a connection is authorized between two services
+        /// </summary>
+        /// <param name="parameters">Parameters for the request</param>
+        /// <param name="ct">Cancellation Token</param>
+        /// <returns>An Authorize Response</returns>
+        public async Task<WriteResult<AgentAuthorizeResponse>> ConnectAuthorize(AgentAuthorizeParameters parameters, CancellationToken ct = default)
+        {
+            return await ConnectAuthorize(parameters, WriteOptions.Default, ct).ConfigureAwait(false);
+        }
+
+        /// <summary>
+        /// ConnectAuthorize tests whether a connection is authorized between two services
+        /// </summary>
+        /// <param name="parameters">Parameters for the request</param>
+        /// <param name="w">Write Options</param>
+        /// <param name="ct">Cancellation Token</param>
+        /// <returns>An Authorize Response</returns>
+        public async Task<WriteResult<AgentAuthorizeResponse>> ConnectAuthorize(AgentAuthorizeParameters parameters, WriteOptions w, CancellationToken ct = default)
+        {
+            return await _client.Post<AgentAuthorizeParameters, AgentAuthorizeResponse>("/v1/agent/connect/authorize", parameters, w).Execute(ct).ConfigureAwait(false);
+        }
+
         /// <summary>
         /// GetCARoots returns root certificates in the cluster
         /// </summary>

diff --git a/Consul/Interfaces/IAgentEndpoint.cs b/Consul/Interfaces/IAgentEndpoint.cs
@@ -63,6 +63,8 @@ public interface IAgentEndpoint
         Task<QueryResult<LocalServiceHealth>> GetLocalServiceHealthByID(string serviceID, QueryOptions q, CancellationToken ct = default);
         Task<QueryResult<LocalServiceHealth>> GetLocalServiceHealthByID(string serviceID, CancellationToken ct = default);
         Task<QueryResult<Metrics>> GetAgentMetrics(CancellationToken ct = default);
+        Task<WriteResult<AgentAuthorizeResponse>> ConnectAuthorize(AgentAuthorizeParameters parameters, CancellationToken ct = default);
+        Task<WriteResult<AgentAuthorizeResponse>> ConnectAuthorize(AgentAuthorizeParameters parameters, WriteOptions w, CancellationToken ct = default);
         Task<QueryResult<CARoots>> GetCARoots(CancellationToken ct = default);
         Task<QueryResult<CARoots>> GetCARoots(QueryOptions q, CancellationToken ct = default);
         Task<QueryResult<CALeaf>> GetCALeaf(string serviceId, CancellationToken ct = default);