status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

acl: parsing intentions in service block

This commit is contained in:
Mitchell Hashimoto 2018-03-03 16:14:33 -08:00
parent 0719ff6905
commit 437cc76af5
No known key found for this signature in database
GPG Key ID: 744E147AA52F5B0A
2 changed files with 90 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
acl/policy.go
View File

@ -73,6 +73,11 @@ type ServicePolicy struct {
Name string `hcl:",key"` Name string `hcl:",key"`
Policy string Policy string
Sentinel Sentinel Sentinel Sentinel
// Intentions is the policy for intentions where this service is the
// destination. This may be empty, in which case the Policy determines
// the intentions policy.
Intentions string
} }
func (s *ServicePolicy) GoString() string { func (s *ServicePolicy) GoString() string {
@ -197,6 +202,9 @@ func Parse(rules string, sentinel sentinel.Evaluator) (*Policy, error) {
if !isPolicyValid(sp.Policy) { if !isPolicyValid(sp.Policy) {
return nil, fmt.Errorf("Invalid service policy: %#v", sp) return nil, fmt.Errorf("Invalid service policy: %#v", sp)
} }
if sp.Intentions != "" && !isPolicyValid(sp.Intentions) {
return nil, fmt.Errorf("Invalid service intentions policy: %#v", sp)
}
if err := isSentinelValid(sentinel, sp.Policy, sp.Sentinel); err != nil { if err := isSentinelValid(sentinel, sp.Policy, sp.Sentinel); err != nil {
return nil, fmt.Errorf("Invalid service Sentinel policy: %#v, got error:%v", sp, err) return nil, fmt.Errorf("Invalid service Sentinel policy: %#v, got error:%v", sp, err)
} }

82
acl/policy_test.go
View File

@ -6,6 +6,88 @@ import (
"testing" "testing"
) )
func TestParse_table(t *testing.T) {
// Note that the table tests are newer than other tests. Many of the
// other aspects of policy parsing are tested in older tests below. New
// parsing tests should be added to this table as its easier to maintain.
cases := []struct {
Name string
Input string
Expected *Policy
Err string
}{
{
"service no intentions",
`
service "foo" {
policy = "write"
}
`,
&Policy{
Services: []*ServicePolicy{
{
Name: "foo",
Policy: "write",
},
},
},
"",
},
{
"service intentions",
`
service "foo" {
policy = "write"
intentions = "read"
}
`,
&Policy{
Services: []*ServicePolicy{
{
Name: "foo",
Policy: "write",
Intentions: "read",
},
},
},
"",
},
{
"service intention: invalid value",
`
service "foo" {
policy = "write"
intentions = "foo"
}
`,
nil,
"service intentions",
},
}
for _, tc := range cases {
t.Run(tc.Name, func(t *testing.T) {
actual, err := Parse(tc.Input, nil)
if (err != nil) != (tc.Err != "") {
t.Fatalf("err: %s", err)
}
if err != nil {
if !strings.Contains(err.Error(), tc.Err) {
t.Fatalf("err: %s", err)
}
return
}
if !reflect.DeepEqual(actual, tc.Expected) {
t.Fatalf("bad: %#v", actual)
}
})
}
}
func TestACLPolicy_Parse_HCL(t *testing.T) { func TestACLPolicy_Parse_HCL(t *testing.T) {
inp := ` inp := `
agent "foo" { agent "foo" {