agent: Reject partitions in legacy intention endpoints (#11181)

2021-10-01 13:18:57 -04:00 · 2021-10-01 13:18:57 -04:00 · 1c9b58a8af
parent 53a35181e5
commit 1c9b58a8af
2 changed files with 55 additions and 1 deletions
--- a/agent/intentions_endpoint.go
+++ b/agent/intentions_endpoint.go
@ -67,7 +67,13 @@ func (s *HTTPHandlers) IntentionCreate(resp http.ResponseWriter, req *http.Reque
 		return nil, fmt.Errorf("Failed to decode request body: %s", err)
 	}
-	// TODO(partitions): reject non-empty/non-default partitions from the decoded body
+	if args.Intention.DestinationPartition != "" && args.Intention.DestinationPartition != "default" {
 		return nil, BadRequestError{Reason: "Cannot specify a destination partition with this endpoint"}
 	}
 	if args.Intention.SourcePartition != "" && args.Intention.SourcePartition != "default" {
 		return nil, BadRequestError{Reason: "Cannot specify a source partition with this endpoint"}
 	}
 	args.Intention.FillPartitionAndNamespace(&entMeta, false)
 	if err := s.validateEnterpriseIntention(args.Intention); err != nil {
@ -424,6 +430,13 @@ func (s *HTTPHandlers) IntentionSpecificUpdate(id string, resp http.ResponseWrit
 		return nil, BadRequestError{Reason: fmt.Sprintf("Request decode failed: %v", err)}
 	}
 	if args.Intention.DestinationPartition != "" && args.Intention.DestinationPartition != "default" {
 		return nil, BadRequestError{Reason: "Cannot specify a destination partition with this endpoint"}
 	}
 	if args.Intention.SourcePartition != "" && args.Intention.SourcePartition != "default" {
 		return nil, BadRequestError{Reason: "Cannot specify a source partition with this endpoint"}
 	}
 	args.Intention.FillPartitionAndNamespace(&entMeta, false)
 	// Use the ID from the URL
--- a/agent/intentions_endpoint_test.go
+++ b/agent/intentions_endpoint_test.go
@ -428,6 +428,27 @@ func TestIntentionCreate(t *testing.T) {
 			require.Equal(t, "foo", actual.SourceName)
 		}
 	})
 	t.Run("partition rejected", func(t *testing.T) {
 		{
 			args := structs.TestIntention(t)
 			args.SourcePartition = "part1"
 			req, _ := http.NewRequest("POST", "/v1/connect/intentions", jsonReader(args))
 			resp := httptest.NewRecorder()
 			_, err := a.srv.IntentionCreate(resp, req)
 			require.Error(t, err)
 			require.Contains(t, err.Error(), "Cannot specify a source partition")
 		}
 		{
 			args := structs.TestIntention(t)
 			args.DestinationPartition = "part2"
 			req, _ := http.NewRequest("POST", "/v1/connect/intentions", jsonReader(args))
 			resp := httptest.NewRecorder()
 			_, err := a.srv.IntentionCreate(resp, req)
 			require.Error(t, err)
 			require.Contains(t, err.Error(), "Cannot specify a destination partition")
 		}
 	})
 }
 func TestIntentionSpecificGet(t *testing.T) {
@ -532,6 +553,26 @@ func TestIntentionSpecificUpdate(t *testing.T) {
 		actual := resp.Intentions[0]
 		require.Equal(t, "bar", actual.SourceName)
 	}
 	t.Run("partitions rejected", func(t *testing.T) {
 		{
 			ixn.DestinationPartition = "part1"
 			req, _ := http.NewRequest("PUT", fmt.Sprintf("/v1/connect/intentions/%s", reply), jsonReader(ixn))
 			resp := httptest.NewRecorder()
 			_, err := a.srv.IntentionSpecific(resp, req)
 			require.Error(t, err)
 			require.Contains(t, err.Error(), "Cannot specify a destination partition")
 		}
 		{
 			ixn.DestinationPartition = "default"
 			ixn.SourcePartition = "part2"
 			req, _ := http.NewRequest("PUT", fmt.Sprintf("/v1/connect/intentions/%s", reply), jsonReader(ixn))
 			resp := httptest.NewRecorder()
 			_, err := a.srv.IntentionSpecific(resp, req)
 			require.Error(t, err)
 			require.Contains(t, err.Error(), "Cannot specify a source partition")
 		}
 	})
 }
 func TestIntentionDeleteExact(t *testing.T) {