From 02a87df0446a1a4d62445051e361d1d324bbc849 Mon Sep 17 00:00:00 2001 From: James Phillips Date: Wed, 9 Aug 2017 15:06:20 -0700 Subject: [PATCH] =?UTF-8?q?Revert=20"Ensure=20that=20we=20return=20a=20per?= =?UTF-8?q?mission=20denied=20only=20if=20the=20list=20of=20keys/en?= =?UTF-8?q?=E2=80=A6"?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- agent/consul/filter.go | 6 ++-- agent/consul/filter_test.go | 12 -------- agent/consul/kvs_endpoint_test.go | 51 ------------------------------- 3 files changed, 3 insertions(+), 66 deletions(-) diff --git a/agent/consul/filter.go b/agent/consul/filter.go index f3f16e7f13..040aa8ef60 100644 --- a/agent/consul/filter.go +++ b/agent/consul/filter.go @@ -25,7 +25,7 @@ func (d *dirEntFilter) Move(dst, src, span int) { func FilterDirEnt(acl acl.ACL, ent structs.DirEntries) (structs.DirEntries, error) { df := dirEntFilter{acl: acl, ent: ent} filtered := ent[:FilterEntries(&df)] - if len(ent) > 0 && len(filtered) == 0 { + if len(filtered) == 0 { return nil, errPermissionDenied } return filtered, nil @@ -52,7 +52,7 @@ func (k *keyFilter) Move(dst, src, span int) { func FilterKeys(acl acl.ACL, keys []string) ([]string, error) { kf := keyFilter{acl: acl, keys: keys} filteredKeys := keys[:FilterEntries(&kf)] - if len(keys) > 0 && len(filteredKeys) == 0 { + if len(filteredKeys) == 0 { return nil, errPermissionDenied } return filteredKeys, nil @@ -84,7 +84,7 @@ func (t *txnResultsFilter) Move(dst, src, span int) { func FilterTxnResults(acl acl.ACL, results structs.TxnResults) (structs.TxnResults, error) { rf := txnResultsFilter{acl: acl, results: results} filtered := results[:FilterEntries(&rf)] - if len(results) > 0 && len(filtered) == 0 { + if len(filtered) == 0 { return nil, errPermissionDenied } return filtered, nil diff --git a/agent/consul/filter_test.go b/agent/consul/filter_test.go index 4ad3f2af5e..ac8fcff9f1 100644 --- a/agent/consul/filter_test.go +++ b/agent/consul/filter_test.go @@ -32,10 +32,6 @@ func TestFilter_DirEnt(t *testing.T) { in: []string{"abe", "foo/1", "foo/2", "foo/3", "nope"}, out: []string{"foo/1", "foo/2", "foo/3"}, }, - tcase{ - in: []string{}, - out: nil, - }, } for _, tc := range cases { @@ -82,10 +78,6 @@ func TestFilter_Keys(t *testing.T) { in: []string{"abe", "foo/1", "foo/2", "foo/3", "nope"}, out: []string{"foo/1", "foo/2", "foo/3"}, }, - tcase{ - in: []string{}, - out: []string{}, - }, } for _, tc := range cases { @@ -124,10 +116,6 @@ func TestFilter_TxnResults(t *testing.T) { in: []string{"abe", "foo/1", "foo/2", "foo/3", "nope"}, out: []string{"foo/1", "foo/2", "foo/3"}, }, - tcase{ - in: []string{}, - out: nil, - }, } for _, tc := range cases { diff --git a/agent/consul/kvs_endpoint_test.go b/agent/consul/kvs_endpoint_test.go index 626dfdded1..de668e3168 100644 --- a/agent/consul/kvs_endpoint_test.go +++ b/agent/consul/kvs_endpoint_test.go @@ -622,57 +622,6 @@ func TestKVSEndpoint_ListKeys_ACLDeny(t *testing.T) { } } -func TestKVSEndpoint_EmptyKeys_ACLAllow(t *testing.T) { - t.Parallel() - dir1, s1 := testServerWithConfig(t, func(c *Config) { - c.ACLDatacenter = "dc1" - c.ACLMasterToken = "root" - c.ACLDefaultPolicy = "deny" - }) - defer os.RemoveAll(dir1) - defer s1.Shutdown() - codec := rpcClient(t, s1) - defer codec.Close() - - testrpc.WaitForLeader(t, s1.RPC, "dc1") - - getKeyR := structs.KeyListRequest{ - Datacenter: "dc1", - Prefix: "abc", - Seperator: "/", - QueryOptions: structs.QueryOptions{Token: "root"}, - } - var keyent structs.IndexedKeyList - if err := msgpackrpc.CallWithCodec(codec, "KVS.ListKeys", &getKeyR, &keyent); err != nil { - t.Fatalf("err: %v", err) - } - if keyent.Index == 0 { - t.Fatalf("Bad: %v", keyent) - } - if len(keyent.Keys) != 0 { - t.Fatalf("Bad: %v", keyent.Keys) - } - - getR := structs.KeyRequest{ - Datacenter: "dc1", - Key: "abc", - QueryOptions: structs.QueryOptions{Token: "root"}, - } - - var dirent structs.IndexedDirEntries - if err := msgpackrpc.CallWithCodec(codec, "KVS.List", &getR, &dirent); err != nil { - t.Fatalf("err: %v", err) - } - - if dirent.Index == 0 { - t.Fatalf("Bad: %v", dirent) - } - if len(dirent.Entries) != 0 { - t.Fatalf("Bad: %v", dirent.Entries) - } - -} - func TestKVS_Apply_LockDelay(t *testing.T) { t.Parallel() dir1, s1 := testServer(t)