From 389f89274a68f56b48bc6b7a60472170057a498f Mon Sep 17 00:00:00 2001 From: Ryan Uber Date: Thu, 11 Jun 2015 16:46:15 -0700 Subject: [PATCH] consul: fail badly if an unsupported type is passed to the ACL filter --- consul/acl.go | 4 ++++ consul/acl_test.go | 17 +++++++++++++++++ consul/catalog_endpoint.go | 2 +- 3 files changed, 22 insertions(+), 1 deletion(-) diff --git a/consul/acl.go b/consul/acl.go index c095334f5f..56acbda672 100644 --- a/consul/acl.go +++ b/consul/acl.go @@ -2,6 +2,7 @@ package consul import ( "errors" + "fmt" "log" "os" "strings" @@ -355,6 +356,9 @@ func (s *Server) filterACL(token string, subj interface{}) error { case *structs.IndexedNodeDump: filt.filterNodeDump(&v.Dump) + + default: + panic(fmt.Errorf("Unhandled type passed to ACL filter: %#v", subj)) } return nil diff --git a/consul/acl_test.go b/consul/acl_test.go index e5efedb978..dc7a1b2149 100644 --- a/consul/acl_test.go +++ b/consul/acl_test.go @@ -861,6 +861,23 @@ func TestACL_filterNodeDump(t *testing.T) { } } +func TestACL_unhandledFilterType(t *testing.T) { + defer func(t *testing.T) { + if recover() == nil { + t.Fatalf("should panic") + } + }(t) + + // Create the server + dir, token, srv, client := testACLFilterServer(t) + defer os.RemoveAll(dir) + defer srv.Shutdown() + defer client.Close() + + // Pass an unhandled type into the ACL filter. + srv.filterACL(token, &structs.HealthCheck{}) +} + var testACLPolicy = ` key "" { policy = "deny" diff --git a/consul/catalog_endpoint.go b/consul/catalog_endpoint.go index 043a6bd502..17d3f5d5c3 100644 --- a/consul/catalog_endpoint.go +++ b/consul/catalog_endpoint.go @@ -126,7 +126,7 @@ func (c *Catalog) ListNodes(args *structs.DCSpecificRequest, reply *structs.Inde state.QueryTables("Nodes"), func() error { reply.Index, reply.Nodes = state.Nodes() - return c.srv.filterACL(args.Token, reply) + return nil }) }