status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Stop JWT provider from being written in non default namespace (#18325)

This commit is contained in:
Ronald 2023-07-31 09:13:16 -04:00 committed by GitHub
parent 6ada2e05ff
commit 356b29bf35
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/18325.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
mesh: **(Enterprise Only)** Require that `jwt-provider` config entries are created in the `default` namespace.
```

2
agent/structs/config_entry_jwt_provider.go
View File

@ -509,7 +509,7 @@ func (e *JWTProviderConfigEntry) Validate() error {
return err
}
if err := e.validatePartition(); err != nil {
if err := e.validatePartitionAndNamespace(); err != nil {
return err
}

7
agent/structs/config_entry_jwt_provider_oss.go
View File

@ -12,9 +12,14 @@ import (
"github.com/hashicorp/consul/acl"
)
func (e *JWTProviderConfigEntry) validatePartition() error {
func (e *JWTProviderConfigEntry) validatePartitionAndNamespace() error {
if !acl.IsDefaultPartition(e.PartitionOrDefault()) {
return fmt.Errorf("Partitions are an enterprise only feature")
}
if acl.DefaultNamespaceName != e.NamespaceOrDefault() {
return fmt.Errorf("Namespaces are an enterprise only feature")
}
return nil
}