mirror of
https://github.com/status-im/consul.git
synced 2025-01-10 13:55:55 +00:00
acl: remove unused translate rules endpoint
The CLI command does not use this endpoint, so we can remove it. It was missed in an earlier pass.
This commit is contained in:
parent
2a67c898f3
commit
18b3ac33e8
@ -2,7 +2,6 @@ package agent
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"io/ioutil"
|
||||
"net/http"
|
||||
"strings"
|
||||
|
||||
@ -74,37 +73,6 @@ func (s *HTTPHandlers) ACLReplicationStatus(resp http.ResponseWriter, req *http.
|
||||
return out, nil
|
||||
}
|
||||
|
||||
func (s *HTTPHandlers) ACLRulesTranslate(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
||||
if s.checkACLDisabled(resp, req) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
var token string
|
||||
s.parseToken(req, &token)
|
||||
authz, err := s.agent.delegate.ResolveTokenAndDefaultMeta(token, nil, nil)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
// Should this require lesser permissions? Really the only reason to require authorization at all is
|
||||
// to prevent external entities from DoS Consul with repeated rule translation requests
|
||||
if authz.ACLRead(nil) != acl.Allow {
|
||||
return nil, acl.ErrPermissionDenied
|
||||
}
|
||||
|
||||
policyBytes, err := ioutil.ReadAll(req.Body)
|
||||
if err != nil {
|
||||
return nil, BadRequestError{Reason: fmt.Sprintf("Failed to read body: %v", err)}
|
||||
}
|
||||
|
||||
translated, err := acl.TranslateLegacyRules(policyBytes)
|
||||
if err != nil {
|
||||
return nil, BadRequestError{Reason: err.Error()}
|
||||
}
|
||||
|
||||
resp.Write(translated)
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func (s *HTTPHandlers) ACLPolicyList(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
||||
if s.checkACLDisabled(resp, req) {
|
||||
return nil, nil
|
||||
|
@ -45,7 +45,6 @@ func TestACL_Disabled_Response(t *testing.T) {
|
||||
{"ACLBootstrap", a.srv.ACLBootstrap},
|
||||
{"ACLReplicationStatus", a.srv.ACLReplicationStatus},
|
||||
{"AgentToken", a.srv.AgentToken}, // See TestAgent_Token
|
||||
{"ACLRulesTranslate", a.srv.ACLRulesTranslate},
|
||||
{"ACLPolicyList", a.srv.ACLPolicyList},
|
||||
{"ACLPolicyCRUD", a.srv.ACLPolicyCRUD},
|
||||
{"ACLPolicyCreate", a.srv.ACLPolicyCreate},
|
||||
|
@ -19,8 +19,6 @@ func init() {
|
||||
registerEndpoint("/v1/acl/auth-methods", []string{"GET"}, (*HTTPHandlers).ACLAuthMethodList)
|
||||
registerEndpoint("/v1/acl/auth-method", []string{"PUT"}, (*HTTPHandlers).ACLAuthMethodCreate)
|
||||
registerEndpoint("/v1/acl/auth-method/", []string{"GET", "PUT", "DELETE"}, (*HTTPHandlers).ACLAuthMethodCRUD)
|
||||
registerEndpoint("/v1/acl/rules/translate", []string{"POST"}, (*HTTPHandlers).ACLRulesTranslate)
|
||||
registerEndpoint("/v1/acl/rules/translate/", []string{"GET"}, (*HTTPHandlers).ACLLegacy)
|
||||
registerEndpoint("/v1/acl/tokens", []string{"GET"}, (*HTTPHandlers).ACLTokenList)
|
||||
registerEndpoint("/v1/acl/token", []string{"PUT"}, (*HTTPHandlers).ACLTokenCreate)
|
||||
registerEndpoint("/v1/acl/token/self", []string{"GET"}, (*HTTPHandlers).ACLTokenSelf)
|
||||
@ -126,4 +124,6 @@ func init() {
|
||||
registerEndpoint("/v1/acl/info/", []string{"GET"}, (*HTTPHandlers).ACLLegacy)
|
||||
registerEndpoint("/v1/acl/clone/", []string{"PUT"}, (*HTTPHandlers).ACLLegacy)
|
||||
registerEndpoint("/v1/acl/list", []string{"GET"}, (*HTTPHandlers).ACLLegacy)
|
||||
registerEndpoint("/v1/acl/rules/translate", []string{"POST"}, (*HTTPHandlers).ACLLegacy)
|
||||
registerEndpoint("/v1/acl/rules/translate/", []string{"GET"}, (*HTTPHandlers).ACLLegacy)
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user