mirror of
https://github.com/status-im/consul.git
synced 2025-01-26 21:51:39 +00:00
agent: Reject partitions in legacy intention endpoints (#11181)
This commit is contained in:
parent
53a35181e5
commit
1c9b58a8af
@ -67,7 +67,13 @@ func (s *HTTPHandlers) IntentionCreate(resp http.ResponseWriter, req *http.Reque
|
||||
return nil, fmt.Errorf("Failed to decode request body: %s", err)
|
||||
}
|
||||
|
||||
// TODO(partitions): reject non-empty/non-default partitions from the decoded body
|
||||
if args.Intention.DestinationPartition != "" && args.Intention.DestinationPartition != "default" {
|
||||
return nil, BadRequestError{Reason: "Cannot specify a destination partition with this endpoint"}
|
||||
}
|
||||
if args.Intention.SourcePartition != "" && args.Intention.SourcePartition != "default" {
|
||||
return nil, BadRequestError{Reason: "Cannot specify a source partition with this endpoint"}
|
||||
}
|
||||
|
||||
args.Intention.FillPartitionAndNamespace(&entMeta, false)
|
||||
|
||||
if err := s.validateEnterpriseIntention(args.Intention); err != nil {
|
||||
@ -424,6 +430,13 @@ func (s *HTTPHandlers) IntentionSpecificUpdate(id string, resp http.ResponseWrit
|
||||
return nil, BadRequestError{Reason: fmt.Sprintf("Request decode failed: %v", err)}
|
||||
}
|
||||
|
||||
if args.Intention.DestinationPartition != "" && args.Intention.DestinationPartition != "default" {
|
||||
return nil, BadRequestError{Reason: "Cannot specify a destination partition with this endpoint"}
|
||||
}
|
||||
if args.Intention.SourcePartition != "" && args.Intention.SourcePartition != "default" {
|
||||
return nil, BadRequestError{Reason: "Cannot specify a source partition with this endpoint"}
|
||||
}
|
||||
|
||||
args.Intention.FillPartitionAndNamespace(&entMeta, false)
|
||||
|
||||
// Use the ID from the URL
|
||||
|
@ -428,6 +428,27 @@ func TestIntentionCreate(t *testing.T) {
|
||||
require.Equal(t, "foo", actual.SourceName)
|
||||
}
|
||||
})
|
||||
|
||||
t.Run("partition rejected", func(t *testing.T) {
|
||||
{
|
||||
args := structs.TestIntention(t)
|
||||
args.SourcePartition = "part1"
|
||||
req, _ := http.NewRequest("POST", "/v1/connect/intentions", jsonReader(args))
|
||||
resp := httptest.NewRecorder()
|
||||
_, err := a.srv.IntentionCreate(resp, req)
|
||||
require.Error(t, err)
|
||||
require.Contains(t, err.Error(), "Cannot specify a source partition")
|
||||
}
|
||||
{
|
||||
args := structs.TestIntention(t)
|
||||
args.DestinationPartition = "part2"
|
||||
req, _ := http.NewRequest("POST", "/v1/connect/intentions", jsonReader(args))
|
||||
resp := httptest.NewRecorder()
|
||||
_, err := a.srv.IntentionCreate(resp, req)
|
||||
require.Error(t, err)
|
||||
require.Contains(t, err.Error(), "Cannot specify a destination partition")
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func TestIntentionSpecificGet(t *testing.T) {
|
||||
@ -532,6 +553,26 @@ func TestIntentionSpecificUpdate(t *testing.T) {
|
||||
actual := resp.Intentions[0]
|
||||
require.Equal(t, "bar", actual.SourceName)
|
||||
}
|
||||
|
||||
t.Run("partitions rejected", func(t *testing.T) {
|
||||
{
|
||||
ixn.DestinationPartition = "part1"
|
||||
req, _ := http.NewRequest("PUT", fmt.Sprintf("/v1/connect/intentions/%s", reply), jsonReader(ixn))
|
||||
resp := httptest.NewRecorder()
|
||||
_, err := a.srv.IntentionSpecific(resp, req)
|
||||
require.Error(t, err)
|
||||
require.Contains(t, err.Error(), "Cannot specify a destination partition")
|
||||
}
|
||||
{
|
||||
ixn.DestinationPartition = "default"
|
||||
ixn.SourcePartition = "part2"
|
||||
req, _ := http.NewRequest("PUT", fmt.Sprintf("/v1/connect/intentions/%s", reply), jsonReader(ixn))
|
||||
resp := httptest.NewRecorder()
|
||||
_, err := a.srv.IntentionSpecific(resp, req)
|
||||
require.Error(t, err)
|
||||
require.Contains(t, err.Error(), "Cannot specify a source partition")
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
func TestIntentionDeleteExact(t *testing.T) {
|
||||
|
Loading…
x
Reference in New Issue
Block a user