mirror of
https://github.com/status-im/consul.git
synced 2025-01-11 06:16:08 +00:00
agent: disallow API registration with managed proxy if not enabled
This commit is contained in:
parent
f7fc026e18
commit
0d6dcbd2f1
@ -623,6 +623,12 @@ func (s *HTTPServer) AgentRegisterService(resp http.ResponseWriter, req *http.Re
|
|||||||
return nil, nil
|
return nil, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If we have a proxy, verify that we're allowed to add a proxy via the API
|
||||||
|
if proxy != nil && !s.agent.config.ConnectProxyAllowManagedAPIRegistration {
|
||||||
|
return nil, &BadRequestError{
|
||||||
|
Reason: "Managed proxy registration via the API is disallowed."}
|
||||||
|
}
|
||||||
|
|
||||||
// Add the service.
|
// Add the service.
|
||||||
if err := s.agent.AddService(ns, chkTypes, true, token); err != nil {
|
if err := s.agent.AddService(ns, chkTypes, true, token); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
@ -1396,7 +1396,13 @@ func TestAgent_RegisterService_ManagedConnectProxy(t *testing.T) {
|
|||||||
|
|
||||||
assert := assert.New(t)
|
assert := assert.New(t)
|
||||||
require := require.New(t)
|
require := require.New(t)
|
||||||
a := NewTestAgent(t.Name(), "")
|
a := NewTestAgent(t.Name(), `
|
||||||
|
connect {
|
||||||
|
proxy {
|
||||||
|
allow_managed_api_registration = true
|
||||||
|
}
|
||||||
|
}
|
||||||
|
`)
|
||||||
defer a.Shutdown()
|
defer a.Shutdown()
|
||||||
|
|
||||||
// Register a proxy. Note that the destination doesn't exist here on
|
// Register a proxy. Note that the destination doesn't exist here on
|
||||||
@ -1447,6 +1453,42 @@ func TestAgent_RegisterService_ManagedConnectProxy(t *testing.T) {
|
|||||||
assert.Equal("abc123", a.State.ServiceToken("web-proxy"))
|
assert.Equal("abc123", a.State.ServiceToken("web-proxy"))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// This tests local agent service registration with a managed proxy with
|
||||||
|
// API registration disabled (default).
|
||||||
|
func TestAgent_RegisterService_ManagedConnectProxy_Disabled(t *testing.T) {
|
||||||
|
t.Parallel()
|
||||||
|
|
||||||
|
assert := assert.New(t)
|
||||||
|
a := NewTestAgent(t.Name(), ``)
|
||||||
|
defer a.Shutdown()
|
||||||
|
|
||||||
|
// Register a proxy. Note that the destination doesn't exist here on
|
||||||
|
// this agent or in the catalog at all. This is intended and part
|
||||||
|
// of the design.
|
||||||
|
args := &api.AgentServiceRegistration{
|
||||||
|
Name: "web",
|
||||||
|
Port: 8000,
|
||||||
|
Connect: &api.AgentServiceConnect{
|
||||||
|
Proxy: &api.AgentServiceConnectProxy{
|
||||||
|
ExecMode: "script",
|
||||||
|
Command: []string{"proxy.sh"},
|
||||||
|
Config: map[string]interface{}{
|
||||||
|
"foo": "bar",
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
|
||||||
|
req, _ := http.NewRequest("PUT", "/v1/agent/service/register?token=abc123", jsonReader(args))
|
||||||
|
resp := httptest.NewRecorder()
|
||||||
|
_, err := a.srv.AgentRegisterService(resp, req)
|
||||||
|
assert.Error(err)
|
||||||
|
|
||||||
|
// Ensure the target service does not exist
|
||||||
|
_, ok := a.State.Services()["web"]
|
||||||
|
assert.False(ok, "does not has service")
|
||||||
|
}
|
||||||
|
|
||||||
// This tests local agent service registration of a unmanaged connect proxy.
|
// This tests local agent service registration of a unmanaged connect proxy.
|
||||||
// This verifies that it is put in the local state store properly for syncing
|
// This verifies that it is put in the local state store properly for syncing
|
||||||
// later. Note that _managed_ connect proxies are registered as part of the
|
// later. Note that _managed_ connect proxies are registered as part of the
|
||||||
|
Loading…
x
Reference in New Issue
Block a user