mirror of https://github.com/status-im/consul.git
acl: remove unused translate rules endpoint
The CLI command does not use this endpoint, so we can remove it. It was missed in an earlier pass.
This commit is contained in:
parent
2a67c898f3
commit
18b3ac33e8
|
@ -2,7 +2,6 @@ package agent
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
||||||
|
@ -74,37 +73,6 @@ func (s *HTTPHandlers) ACLReplicationStatus(resp http.ResponseWriter, req *http.
|
||||||
return out, nil
|
return out, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s *HTTPHandlers) ACLRulesTranslate(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
|
||||||
if s.checkACLDisabled(resp, req) {
|
|
||||||
return nil, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
var token string
|
|
||||||
s.parseToken(req, &token)
|
|
||||||
authz, err := s.agent.delegate.ResolveTokenAndDefaultMeta(token, nil, nil)
|
|
||||||
if err != nil {
|
|
||||||
return nil, err
|
|
||||||
}
|
|
||||||
// Should this require lesser permissions? Really the only reason to require authorization at all is
|
|
||||||
// to prevent external entities from DoS Consul with repeated rule translation requests
|
|
||||||
if authz.ACLRead(nil) != acl.Allow {
|
|
||||||
return nil, acl.ErrPermissionDenied
|
|
||||||
}
|
|
||||||
|
|
||||||
policyBytes, err := ioutil.ReadAll(req.Body)
|
|
||||||
if err != nil {
|
|
||||||
return nil, BadRequestError{Reason: fmt.Sprintf("Failed to read body: %v", err)}
|
|
||||||
}
|
|
||||||
|
|
||||||
translated, err := acl.TranslateLegacyRules(policyBytes)
|
|
||||||
if err != nil {
|
|
||||||
return nil, BadRequestError{Reason: err.Error()}
|
|
||||||
}
|
|
||||||
|
|
||||||
resp.Write(translated)
|
|
||||||
return nil, nil
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s *HTTPHandlers) ACLPolicyList(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
func (s *HTTPHandlers) ACLPolicyList(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
||||||
if s.checkACLDisabled(resp, req) {
|
if s.checkACLDisabled(resp, req) {
|
||||||
return nil, nil
|
return nil, nil
|
||||||
|
|
|
@ -45,7 +45,6 @@ func TestACL_Disabled_Response(t *testing.T) {
|
||||||
{"ACLBootstrap", a.srv.ACLBootstrap},
|
{"ACLBootstrap", a.srv.ACLBootstrap},
|
||||||
{"ACLReplicationStatus", a.srv.ACLReplicationStatus},
|
{"ACLReplicationStatus", a.srv.ACLReplicationStatus},
|
||||||
{"AgentToken", a.srv.AgentToken}, // See TestAgent_Token
|
{"AgentToken", a.srv.AgentToken}, // See TestAgent_Token
|
||||||
{"ACLRulesTranslate", a.srv.ACLRulesTranslate},
|
|
||||||
{"ACLPolicyList", a.srv.ACLPolicyList},
|
{"ACLPolicyList", a.srv.ACLPolicyList},
|
||||||
{"ACLPolicyCRUD", a.srv.ACLPolicyCRUD},
|
{"ACLPolicyCRUD", a.srv.ACLPolicyCRUD},
|
||||||
{"ACLPolicyCreate", a.srv.ACLPolicyCreate},
|
{"ACLPolicyCreate", a.srv.ACLPolicyCreate},
|
||||||
|
|
|
@ -19,8 +19,6 @@ func init() {
|
||||||
registerEndpoint("/v1/acl/auth-methods", []string{"GET"}, (*HTTPHandlers).ACLAuthMethodList)
|
registerEndpoint("/v1/acl/auth-methods", []string{"GET"}, (*HTTPHandlers).ACLAuthMethodList)
|
||||||
registerEndpoint("/v1/acl/auth-method", []string{"PUT"}, (*HTTPHandlers).ACLAuthMethodCreate)
|
registerEndpoint("/v1/acl/auth-method", []string{"PUT"}, (*HTTPHandlers).ACLAuthMethodCreate)
|
||||||
registerEndpoint("/v1/acl/auth-method/", []string{"GET", "PUT", "DELETE"}, (*HTTPHandlers).ACLAuthMethodCRUD)
|
registerEndpoint("/v1/acl/auth-method/", []string{"GET", "PUT", "DELETE"}, (*HTTPHandlers).ACLAuthMethodCRUD)
|
||||||
registerEndpoint("/v1/acl/rules/translate", []string{"POST"}, (*HTTPHandlers).ACLRulesTranslate)
|
|
||||||
registerEndpoint("/v1/acl/rules/translate/", []string{"GET"}, (*HTTPHandlers).ACLLegacy)
|
|
||||||
registerEndpoint("/v1/acl/tokens", []string{"GET"}, (*HTTPHandlers).ACLTokenList)
|
registerEndpoint("/v1/acl/tokens", []string{"GET"}, (*HTTPHandlers).ACLTokenList)
|
||||||
registerEndpoint("/v1/acl/token", []string{"PUT"}, (*HTTPHandlers).ACLTokenCreate)
|
registerEndpoint("/v1/acl/token", []string{"PUT"}, (*HTTPHandlers).ACLTokenCreate)
|
||||||
registerEndpoint("/v1/acl/token/self", []string{"GET"}, (*HTTPHandlers).ACLTokenSelf)
|
registerEndpoint("/v1/acl/token/self", []string{"GET"}, (*HTTPHandlers).ACLTokenSelf)
|
||||||
|
@ -126,4 +124,6 @@ func init() {
|
||||||
registerEndpoint("/v1/acl/info/", []string{"GET"}, (*HTTPHandlers).ACLLegacy)
|
registerEndpoint("/v1/acl/info/", []string{"GET"}, (*HTTPHandlers).ACLLegacy)
|
||||||
registerEndpoint("/v1/acl/clone/", []string{"PUT"}, (*HTTPHandlers).ACLLegacy)
|
registerEndpoint("/v1/acl/clone/", []string{"PUT"}, (*HTTPHandlers).ACLLegacy)
|
||||||
registerEndpoint("/v1/acl/list", []string{"GET"}, (*HTTPHandlers).ACLLegacy)
|
registerEndpoint("/v1/acl/list", []string{"GET"}, (*HTTPHandlers).ACLLegacy)
|
||||||
|
registerEndpoint("/v1/acl/rules/translate", []string{"POST"}, (*HTTPHandlers).ACLLegacy)
|
||||||
|
registerEndpoint("/v1/acl/rules/translate/", []string{"GET"}, (*HTTPHandlers).ACLLegacy)
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue