status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

resource: ensure resource.AuthorizerContext properly strips the local… (#18908) 

resource: ensure resource.AuthorizerContext properly strips the local peer name
This commit is contained in:
R.B. Boyer 2023-09-19 17:14:15 -05:00 committed by GitHub
parent 019c62e1ba
commit 07d916e84f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 75 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
internal/resource/authz.go Normal file
View File

@ -0,0 +1,20 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1
package resource
func peerNameV2ToV1(peer string) string {
// The name of the local/default peer is different between v1 and v2.
if peer == "local" {
return ""
}
return peer
}
func peerNameV1ToV2(peer string) string {
// The name of the local/default peer is different between v1 and v2.
if peer == "" {
return "local"
}
return peer
}

4
internal/resource/authz_ce.go
View File

@ -13,5 +13,7 @@ import (
// AuthorizerContext builds an ACL AuthorizerContext for the given tenancy.
func AuthorizerContext(t *pbresource.Tenancy) *acl.AuthorizerContext {
return &acl.AuthorizerContext{Peer: t.PeerName}
return &acl.AuthorizerContext{
Peer: peerNameV2ToV1(t.PeerName),
}
}

52
internal/resource/authz_ce_test.go Normal file
View File

@ -0,0 +1,52 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1
//go:build !consulent
// +build !consulent
package resource
import (
"testing"
"github.com/stretchr/testify/require"
"github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/proto-public/pbresource"
)
func TestAuthorizerContext_CE(t *testing.T) {
t.Run("no peer", func(t *testing.T) {
require.Equal(t,
&acl.AuthorizerContext{},
AuthorizerContext(&pbresource.Tenancy{
Partition: "foo",
Namespace: "bar",
}),
)
})
t.Run("with local peer", func(t *testing.T) {
require.Equal(t,
&acl.AuthorizerContext{},
AuthorizerContext(&pbresource.Tenancy{
Partition: "foo",
Namespace: "bar",
PeerName: "local",
}),
)
})
t.Run("with non-local peer", func(t *testing.T) {
require.Equal(t,
&acl.AuthorizerContext{
Peer: "remote",
},
AuthorizerContext(&pbresource.Tenancy{
Partition: "foo",
Namespace: "bar",
PeerName: "remote",
}),
)
})
}