From 0527dcff5753ddf2943581c73e1284ea81f66e3c Mon Sep 17 00:00:00 2001 From: Evan Culver Date: Thu, 15 Jul 2021 10:38:52 -0700 Subject: [PATCH] acls: Show `AuthMethodNamespace` when reading/listing ACL token meta (#10598) --- .changelog/10598.txt | 3 ++ agent/structs/acl.go | 34 +++++++------- api/acl.go | 8 ++++ command/acl/token/formatter.go | 4 +- command/acl/token/formatter_test.go | 46 ++++++++++--------- .../testdata/FormatToken/complex.json.golden | 3 +- .../FormatToken/complex.pretty-meta.golden | 2 +- .../FormatToken/complex.pretty.golden | 2 +- .../FormatTokenList/complex.json.golden | 3 +- .../complex.pretty-meta.golden | 2 +- .../FormatTokenList/complex.pretty.golden | 2 +- 11 files changed, 63 insertions(+), 46 deletions(-) create mode 100644 .changelog/10598.txt diff --git a/.changelog/10598.txt b/.changelog/10598.txt new file mode 100644 index 0000000000..021cd6cc5e --- /dev/null +++ b/.changelog/10598.txt @@ -0,0 +1,3 @@ +```release-note:enhancement +acls: Show AuthMethodNamespace when reading/listing ACL tokens +``` diff --git a/agent/structs/acl.go b/agent/structs/acl.go index 7f45b4398f..aba9a16880 100644 --- a/agent/structs/acl.go +++ b/agent/structs/acl.go @@ -572,28 +572,30 @@ type ACLTokenListStub struct { ModifyIndex uint64 Legacy bool `json:",omitempty"` EnterpriseMeta + ACLAuthMethodEnterpriseMeta } type ACLTokenListStubs []*ACLTokenListStub func (token *ACLToken) Stub() *ACLTokenListStub { return &ACLTokenListStub{ - AccessorID: token.AccessorID, - SecretID: token.SecretID, - Description: token.Description, - Policies: token.Policies, - Roles: token.Roles, - ServiceIdentities: token.ServiceIdentities, - NodeIdentities: token.NodeIdentities, - Local: token.Local, - AuthMethod: token.AuthMethod, - ExpirationTime: token.ExpirationTime, - CreateTime: token.CreateTime, - Hash: token.Hash, - CreateIndex: token.CreateIndex, - ModifyIndex: token.ModifyIndex, - Legacy: token.Rules != "", - EnterpriseMeta: token.EnterpriseMeta, + AccessorID: token.AccessorID, + SecretID: token.SecretID, + Description: token.Description, + Policies: token.Policies, + Roles: token.Roles, + ServiceIdentities: token.ServiceIdentities, + NodeIdentities: token.NodeIdentities, + Local: token.Local, + AuthMethod: token.AuthMethod, + ExpirationTime: token.ExpirationTime, + CreateTime: token.CreateTime, + Hash: token.Hash, + CreateIndex: token.CreateIndex, + ModifyIndex: token.ModifyIndex, + Legacy: token.Rules != "", + EnterpriseMeta: token.EnterpriseMeta, + ACLAuthMethodEnterpriseMeta: token.ACLAuthMethodEnterpriseMeta, } } diff --git a/api/acl.go b/api/acl.go index 465e256e27..f48071f002 100644 --- a/api/acl.go +++ b/api/acl.go @@ -52,6 +52,10 @@ type ACLToken struct { // Namespace is the namespace the ACLToken is associated with. // Namespaces are a Consul Enterprise feature. Namespace string `json:",omitempty"` + + // AuthMethodNamespace is the namespace the token's AuthMethod is associated with. + // Namespacing is a Consul Enterprise feature. + AuthMethodNamespace string `json:",omitempty"` } type ACLTokenListEntry struct { @@ -74,6 +78,10 @@ type ACLTokenListEntry struct { // Namespace is the namespace the ACLTokenListEntry is associated with. // Namespacing is a Consul Enterprise feature. Namespace string `json:",omitempty"` + + // AuthMethodNamespace is the namespace the token's AuthMethod is associated with. + // Namespacing is a Consul Enterprise feature. + AuthMethodNamespace string `json:",omitempty"` } // ACLEntry is used to represent a legacy ACL token diff --git a/command/acl/token/formatter.go b/command/acl/token/formatter.go index f80906b615..6e5a5a059c 100644 --- a/command/acl/token/formatter.go +++ b/command/acl/token/formatter.go @@ -58,7 +58,7 @@ func (f *prettyFormatter) FormatToken(token *api.ACLToken) (string, error) { buffer.WriteString(fmt.Sprintf("Description: %s\n", token.Description)) buffer.WriteString(fmt.Sprintf("Local: %t\n", token.Local)) if token.AuthMethod != "" { - buffer.WriteString(fmt.Sprintf("Auth Method: %s\n", token.AuthMethod)) + buffer.WriteString(fmt.Sprintf("Auth Method: %s (Namespace: %s)\n", token.AuthMethod, token.AuthMethodNamespace)) } buffer.WriteString(fmt.Sprintf("Create Time: %v\n", token.CreateTime)) if token.ExpirationTime != nil && !token.ExpirationTime.IsZero() { @@ -132,7 +132,7 @@ func (f *prettyFormatter) formatTokenListEntry(token *api.ACLTokenListEntry) str buffer.WriteString(fmt.Sprintf("Description: %s\n", token.Description)) buffer.WriteString(fmt.Sprintf("Local: %t\n", token.Local)) if token.AuthMethod != "" { - buffer.WriteString(fmt.Sprintf("Auth Method: %s\n", token.AuthMethod)) + buffer.WriteString(fmt.Sprintf("Auth Method: %s (Namespace: %s)\n", token.AuthMethod, token.AuthMethodNamespace)) } buffer.WriteString(fmt.Sprintf("Create Time: %v\n", token.CreateTime)) if token.ExpirationTime != nil && !token.ExpirationTime.IsZero() { diff --git a/command/acl/token/formatter_test.go b/command/acl/token/formatter_test.go index 2dfa683013..a267c385fb 100644 --- a/command/acl/token/formatter_test.go +++ b/command/acl/token/formatter_test.go @@ -66,17 +66,18 @@ func TestFormatToken(t *testing.T) { }, "complex": { token: api.ACLToken{ - AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba", - SecretID: "869c6e91-4de9-4dab-b56e-87548435f9c6", - Namespace: "foo", - Description: "test token", - Local: false, - AuthMethod: "bar", - CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC), - ExpirationTime: timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)), - Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'}, - CreateIndex: 5, - ModifyIndex: 10, + AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba", + SecretID: "869c6e91-4de9-4dab-b56e-87548435f9c6", + Namespace: "foo", + Description: "test token", + Local: false, + AuthMethod: "bar", + AuthMethodNamespace: "baz", + CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC), + ExpirationTime: timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)), + Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'}, + CreateIndex: 5, + ModifyIndex: 10, Policies: []*api.ACLLink{ { ID: "beb04680-815b-4d7c-9e33-3d707c24672c", @@ -178,17 +179,18 @@ func TestFormatTokenList(t *testing.T) { "complex": { tokens: []*api.ACLTokenListEntry{ { - AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba", - SecretID: "257ade69-748c-4022-bafd-76d27d9143f8", - Namespace: "foo", - Description: "test token", - Local: false, - AuthMethod: "bar", - CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC), - ExpirationTime: timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)), - Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'}, - CreateIndex: 5, - ModifyIndex: 10, + AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba", + SecretID: "257ade69-748c-4022-bafd-76d27d9143f8", + Namespace: "foo", + Description: "test token", + Local: false, + AuthMethod: "bar", + AuthMethodNamespace: "baz", + CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC), + ExpirationTime: timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)), + Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'}, + CreateIndex: 5, + ModifyIndex: 10, Policies: []*api.ACLLink{ { ID: "beb04680-815b-4d7c-9e33-3d707c24672c", diff --git a/command/acl/token/testdata/FormatToken/complex.json.golden b/command/acl/token/testdata/FormatToken/complex.json.golden index 4462e29b1b..26e2b0144c 100644 --- a/command/acl/token/testdata/FormatToken/complex.json.golden +++ b/command/acl/token/testdata/FormatToken/complex.json.golden @@ -43,5 +43,6 @@ "ExpirationTime": "2020-05-22T19:52:31Z", "CreateTime": "2020-05-22T18:52:31Z", "Hash": "YWJjZGVmZ2g=", - "Namespace": "foo" + "Namespace": "foo", + "AuthMethodNamespace": "baz" } \ No newline at end of file diff --git a/command/acl/token/testdata/FormatToken/complex.pretty-meta.golden b/command/acl/token/testdata/FormatToken/complex.pretty-meta.golden index dfce557713..b5b33dadc5 100644 --- a/command/acl/token/testdata/FormatToken/complex.pretty-meta.golden +++ b/command/acl/token/testdata/FormatToken/complex.pretty-meta.golden @@ -3,7 +3,7 @@ SecretID: 869c6e91-4de9-4dab-b56e-87548435f9c6 Namespace: foo Description: test token Local: false -Auth Method: bar +Auth Method: bar (Namespace: baz) Create Time: 2020-05-22 18:52:31 +0000 UTC Expiration Time: 2020-05-22 19:52:31 +0000 UTC Hash: 6162636465666768 diff --git a/command/acl/token/testdata/FormatToken/complex.pretty.golden b/command/acl/token/testdata/FormatToken/complex.pretty.golden index 4437281b8d..5d649f35a8 100644 --- a/command/acl/token/testdata/FormatToken/complex.pretty.golden +++ b/command/acl/token/testdata/FormatToken/complex.pretty.golden @@ -3,7 +3,7 @@ SecretID: 869c6e91-4de9-4dab-b56e-87548435f9c6 Namespace: foo Description: test token Local: false -Auth Method: bar +Auth Method: bar (Namespace: baz) Create Time: 2020-05-22 18:52:31 +0000 UTC Expiration Time: 2020-05-22 19:52:31 +0000 UTC Policies: diff --git a/command/acl/token/testdata/FormatTokenList/complex.json.golden b/command/acl/token/testdata/FormatTokenList/complex.json.golden index 7b3f36d82c..f61802d14d 100644 --- a/command/acl/token/testdata/FormatTokenList/complex.json.golden +++ b/command/acl/token/testdata/FormatTokenList/complex.json.golden @@ -45,6 +45,7 @@ "CreateTime": "2020-05-22T18:52:31Z", "Hash": "YWJjZGVmZ2g=", "Legacy": false, - "Namespace": "foo" + "Namespace": "foo", + "AuthMethodNamespace": "baz" } ] \ No newline at end of file diff --git a/command/acl/token/testdata/FormatTokenList/complex.pretty-meta.golden b/command/acl/token/testdata/FormatTokenList/complex.pretty-meta.golden index 0dd88ef77b..7ef9e8a55f 100644 --- a/command/acl/token/testdata/FormatTokenList/complex.pretty-meta.golden +++ b/command/acl/token/testdata/FormatTokenList/complex.pretty-meta.golden @@ -3,7 +3,7 @@ SecretID: 257ade69-748c-4022-bafd-76d27d9143f8 Namespace: foo Description: test token Local: false -Auth Method: bar +Auth Method: bar (Namespace: baz) Create Time: 2020-05-22 18:52:31 +0000 UTC Expiration Time: 2020-05-22 19:52:31 +0000 UTC Legacy: false diff --git a/command/acl/token/testdata/FormatTokenList/complex.pretty.golden b/command/acl/token/testdata/FormatTokenList/complex.pretty.golden index ea5cd3efe3..9005d254bb 100644 --- a/command/acl/token/testdata/FormatTokenList/complex.pretty.golden +++ b/command/acl/token/testdata/FormatTokenList/complex.pretty.golden @@ -3,7 +3,7 @@ SecretID: 257ade69-748c-4022-bafd-76d27d9143f8 Namespace: foo Description: test token Local: false -Auth Method: bar +Auth Method: bar (Namespace: baz) Create Time: 2020-05-22 18:52:31 +0000 UTC Expiration Time: 2020-05-22 19:52:31 +0000 UTC Legacy: false