mirror of
https://github.com/status-im/consul.git
synced 2025-01-13 15:26:48 +00:00
agent: Reject partitions in legacy intention endpoints (#11181)
This commit is contained in:
parent
53a35181e5
commit
1c9b58a8af
@ -67,7 +67,13 @@ func (s *HTTPHandlers) IntentionCreate(resp http.ResponseWriter, req *http.Reque
|
|||||||
return nil, fmt.Errorf("Failed to decode request body: %s", err)
|
return nil, fmt.Errorf("Failed to decode request body: %s", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO(partitions): reject non-empty/non-default partitions from the decoded body
|
if args.Intention.DestinationPartition != "" && args.Intention.DestinationPartition != "default" {
|
||||||
|
return nil, BadRequestError{Reason: "Cannot specify a destination partition with this endpoint"}
|
||||||
|
}
|
||||||
|
if args.Intention.SourcePartition != "" && args.Intention.SourcePartition != "default" {
|
||||||
|
return nil, BadRequestError{Reason: "Cannot specify a source partition with this endpoint"}
|
||||||
|
}
|
||||||
|
|
||||||
args.Intention.FillPartitionAndNamespace(&entMeta, false)
|
args.Intention.FillPartitionAndNamespace(&entMeta, false)
|
||||||
|
|
||||||
if err := s.validateEnterpriseIntention(args.Intention); err != nil {
|
if err := s.validateEnterpriseIntention(args.Intention); err != nil {
|
||||||
@ -424,6 +430,13 @@ func (s *HTTPHandlers) IntentionSpecificUpdate(id string, resp http.ResponseWrit
|
|||||||
return nil, BadRequestError{Reason: fmt.Sprintf("Request decode failed: %v", err)}
|
return nil, BadRequestError{Reason: fmt.Sprintf("Request decode failed: %v", err)}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if args.Intention.DestinationPartition != "" && args.Intention.DestinationPartition != "default" {
|
||||||
|
return nil, BadRequestError{Reason: "Cannot specify a destination partition with this endpoint"}
|
||||||
|
}
|
||||||
|
if args.Intention.SourcePartition != "" && args.Intention.SourcePartition != "default" {
|
||||||
|
return nil, BadRequestError{Reason: "Cannot specify a source partition with this endpoint"}
|
||||||
|
}
|
||||||
|
|
||||||
args.Intention.FillPartitionAndNamespace(&entMeta, false)
|
args.Intention.FillPartitionAndNamespace(&entMeta, false)
|
||||||
|
|
||||||
// Use the ID from the URL
|
// Use the ID from the URL
|
||||||
|
@ -428,6 +428,27 @@ func TestIntentionCreate(t *testing.T) {
|
|||||||
require.Equal(t, "foo", actual.SourceName)
|
require.Equal(t, "foo", actual.SourceName)
|
||||||
}
|
}
|
||||||
})
|
})
|
||||||
|
|
||||||
|
t.Run("partition rejected", func(t *testing.T) {
|
||||||
|
{
|
||||||
|
args := structs.TestIntention(t)
|
||||||
|
args.SourcePartition = "part1"
|
||||||
|
req, _ := http.NewRequest("POST", "/v1/connect/intentions", jsonReader(args))
|
||||||
|
resp := httptest.NewRecorder()
|
||||||
|
_, err := a.srv.IntentionCreate(resp, req)
|
||||||
|
require.Error(t, err)
|
||||||
|
require.Contains(t, err.Error(), "Cannot specify a source partition")
|
||||||
|
}
|
||||||
|
{
|
||||||
|
args := structs.TestIntention(t)
|
||||||
|
args.DestinationPartition = "part2"
|
||||||
|
req, _ := http.NewRequest("POST", "/v1/connect/intentions", jsonReader(args))
|
||||||
|
resp := httptest.NewRecorder()
|
||||||
|
_, err := a.srv.IntentionCreate(resp, req)
|
||||||
|
require.Error(t, err)
|
||||||
|
require.Contains(t, err.Error(), "Cannot specify a destination partition")
|
||||||
|
}
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestIntentionSpecificGet(t *testing.T) {
|
func TestIntentionSpecificGet(t *testing.T) {
|
||||||
@ -532,6 +553,26 @@ func TestIntentionSpecificUpdate(t *testing.T) {
|
|||||||
actual := resp.Intentions[0]
|
actual := resp.Intentions[0]
|
||||||
require.Equal(t, "bar", actual.SourceName)
|
require.Equal(t, "bar", actual.SourceName)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
t.Run("partitions rejected", func(t *testing.T) {
|
||||||
|
{
|
||||||
|
ixn.DestinationPartition = "part1"
|
||||||
|
req, _ := http.NewRequest("PUT", fmt.Sprintf("/v1/connect/intentions/%s", reply), jsonReader(ixn))
|
||||||
|
resp := httptest.NewRecorder()
|
||||||
|
_, err := a.srv.IntentionSpecific(resp, req)
|
||||||
|
require.Error(t, err)
|
||||||
|
require.Contains(t, err.Error(), "Cannot specify a destination partition")
|
||||||
|
}
|
||||||
|
{
|
||||||
|
ixn.DestinationPartition = "default"
|
||||||
|
ixn.SourcePartition = "part2"
|
||||||
|
req, _ := http.NewRequest("PUT", fmt.Sprintf("/v1/connect/intentions/%s", reply), jsonReader(ixn))
|
||||||
|
resp := httptest.NewRecorder()
|
||||||
|
_, err := a.srv.IntentionSpecific(resp, req)
|
||||||
|
require.Error(t, err)
|
||||||
|
require.Contains(t, err.Error(), "Cannot specify a source partition")
|
||||||
|
}
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestIntentionDeleteExact(t *testing.T) {
|
func TestIntentionDeleteExact(t *testing.T) {
|
||||||
|
Loading…
x
Reference in New Issue
Block a user