From 1c9b58a8af49f448e7dad2868eba52347b202337 Mon Sep 17 00:00:00 2001 From: "Chris S. Kim" Date: Fri, 1 Oct 2021 13:18:57 -0400 Subject: [PATCH] agent: Reject partitions in legacy intention endpoints (#11181) --- agent/intentions_endpoint.go | 15 ++++++++++- agent/intentions_endpoint_test.go | 41 +++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+), 1 deletion(-) diff --git a/agent/intentions_endpoint.go b/agent/intentions_endpoint.go index 184eec3b7d..e276c4072a 100644 --- a/agent/intentions_endpoint.go +++ b/agent/intentions_endpoint.go @@ -67,7 +67,13 @@ func (s *HTTPHandlers) IntentionCreate(resp http.ResponseWriter, req *http.Reque return nil, fmt.Errorf("Failed to decode request body: %s", err) } - // TODO(partitions): reject non-empty/non-default partitions from the decoded body + if args.Intention.DestinationPartition != "" && args.Intention.DestinationPartition != "default" { + return nil, BadRequestError{Reason: "Cannot specify a destination partition with this endpoint"} + } + if args.Intention.SourcePartition != "" && args.Intention.SourcePartition != "default" { + return nil, BadRequestError{Reason: "Cannot specify a source partition with this endpoint"} + } + args.Intention.FillPartitionAndNamespace(&entMeta, false) if err := s.validateEnterpriseIntention(args.Intention); err != nil { @@ -424,6 +430,13 @@ func (s *HTTPHandlers) IntentionSpecificUpdate(id string, resp http.ResponseWrit return nil, BadRequestError{Reason: fmt.Sprintf("Request decode failed: %v", err)} } + if args.Intention.DestinationPartition != "" && args.Intention.DestinationPartition != "default" { + return nil, BadRequestError{Reason: "Cannot specify a destination partition with this endpoint"} + } + if args.Intention.SourcePartition != "" && args.Intention.SourcePartition != "default" { + return nil, BadRequestError{Reason: "Cannot specify a source partition with this endpoint"} + } + args.Intention.FillPartitionAndNamespace(&entMeta, false) // Use the ID from the URL diff --git a/agent/intentions_endpoint_test.go b/agent/intentions_endpoint_test.go index f7627bd57f..5b7965c5c5 100644 --- a/agent/intentions_endpoint_test.go +++ b/agent/intentions_endpoint_test.go @@ -428,6 +428,27 @@ func TestIntentionCreate(t *testing.T) { require.Equal(t, "foo", actual.SourceName) } }) + + t.Run("partition rejected", func(t *testing.T) { + { + args := structs.TestIntention(t) + args.SourcePartition = "part1" + req, _ := http.NewRequest("POST", "/v1/connect/intentions", jsonReader(args)) + resp := httptest.NewRecorder() + _, err := a.srv.IntentionCreate(resp, req) + require.Error(t, err) + require.Contains(t, err.Error(), "Cannot specify a source partition") + } + { + args := structs.TestIntention(t) + args.DestinationPartition = "part2" + req, _ := http.NewRequest("POST", "/v1/connect/intentions", jsonReader(args)) + resp := httptest.NewRecorder() + _, err := a.srv.IntentionCreate(resp, req) + require.Error(t, err) + require.Contains(t, err.Error(), "Cannot specify a destination partition") + } + }) } func TestIntentionSpecificGet(t *testing.T) { @@ -532,6 +553,26 @@ func TestIntentionSpecificUpdate(t *testing.T) { actual := resp.Intentions[0] require.Equal(t, "bar", actual.SourceName) } + + t.Run("partitions rejected", func(t *testing.T) { + { + ixn.DestinationPartition = "part1" + req, _ := http.NewRequest("PUT", fmt.Sprintf("/v1/connect/intentions/%s", reply), jsonReader(ixn)) + resp := httptest.NewRecorder() + _, err := a.srv.IntentionSpecific(resp, req) + require.Error(t, err) + require.Contains(t, err.Error(), "Cannot specify a destination partition") + } + { + ixn.DestinationPartition = "default" + ixn.SourcePartition = "part2" + req, _ := http.NewRequest("PUT", fmt.Sprintf("/v1/connect/intentions/%s", reply), jsonReader(ixn)) + resp := httptest.NewRecorder() + _, err := a.srv.IntentionSpecific(resp, req) + require.Error(t, err) + require.Contains(t, err.Error(), "Cannot specify a source partition") + } + }) } func TestIntentionDeleteExact(t *testing.T) {