From 49cb84297ffbae9adfe8cd5de3be0163dd6f08ae Mon Sep 17 00:00:00 2001 From: Ronald Date: Mon, 18 Sep 2023 17:10:35 -0400 Subject: [PATCH] Move ACL templated policies to hcl files (#18853) --- .copywrite.hcl | 3 ++ agent/acl_endpoint_test.go | 2 +- agent/structs/acl_templated_policy.go | 5 ++- agent/structs/acl_templated_policy_ce.go | 40 ++++--------------- .../acltemplatedpolicy/policies/ce/dns.hcl | 10 +++++ .../acltemplatedpolicy/policies/ce/node.hcl | 7 ++++ .../policies/ce/service.hcl | 13 ++++++ command/acl/templatedpolicy/formatter_test.go | 4 +- .../list/templated_policy_list_test.go | 2 +- 9 files changed, 48 insertions(+), 38 deletions(-) create mode 100644 agent/structs/acltemplatedpolicy/policies/ce/dns.hcl create mode 100644 agent/structs/acltemplatedpolicy/policies/ce/node.hcl create mode 100644 agent/structs/acltemplatedpolicy/policies/ce/service.hcl diff --git a/.copywrite.hcl b/.copywrite.hcl index dbe52115c2..243a0a7307 100644 --- a/.copywrite.hcl +++ b/.copywrite.hcl @@ -27,6 +27,9 @@ project { "agent/grpc-middleware/rate_limit_mappings.gen.go", "agent/uiserver/dist/**", + # ignoring policy embedded files + "agent/structs/acltemplatedpolicy/policies/ce/**", + # licensed under MPL - ignoring for now until the copywrite tool can support # multiple licenses per repo. "sdk/**", diff --git a/agent/acl_endpoint_test.go b/agent/acl_endpoint_test.go index ca4fb3668d..e3cc5e4143 100644 --- a/agent/acl_endpoint_test.go +++ b/agent/acl_endpoint_test.go @@ -1401,7 +1401,7 @@ func TestACL_HTTP(t *testing.T) { var templatedPolicy api.ACLTemplatedPolicyResponse require.NoError(t, json.NewDecoder(resp.Body).Decode(&templatedPolicy)) - require.Equal(t, structs.ACLTemplatedPolicyDNSSchema, templatedPolicy.Schema) + require.Equal(t, structs.ACLTemplatedPolicyNoRequiredVariablesSchema, templatedPolicy.Schema) require.Equal(t, api.ACLTemplatedPolicyDNSName, templatedPolicy.TemplateName) require.Equal(t, structs.ACLTemplatedPolicyDNS, templatedPolicy.Template) }) diff --git a/agent/structs/acl_templated_policy.go b/agent/structs/acl_templated_policy.go index fcb5003291..ad5c5f849c 100644 --- a/agent/structs/acl_templated_policy.go +++ b/agent/structs/acl_templated_policy.go @@ -31,7 +31,8 @@ const ( ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003" ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004" ACLTemplatedPolicyDNSID = "00000000-0000-0000-0000-000000000005" - ACLTemplatedPolicyDNSSchema = "" // empty schema as it does not require variables + + ACLTemplatedPolicyNoRequiredVariablesSchema = "" // catch-all schema for all templated policy that don't require a schema ) // ACLTemplatedPolicyBase contains basic information about builtin templated policies @@ -63,7 +64,7 @@ var ( api.ACLTemplatedPolicyDNSName: { TemplateID: ACLTemplatedPolicyDNSID, TemplateName: api.ACLTemplatedPolicyDNSName, - Schema: ACLTemplatedPolicyDNSSchema, + Schema: ACLTemplatedPolicyNoRequiredVariablesSchema, Template: ACLTemplatedPolicyDNS, }, } diff --git a/agent/structs/acl_templated_policy_ce.go b/agent/structs/acl_templated_policy_ce.go index 5645f00281..f4a857b5c6 100644 --- a/agent/structs/acl_templated_policy_ce.go +++ b/agent/structs/acl_templated_policy_ce.go @@ -5,40 +5,16 @@ package structs -const ( - ACLTemplatedPolicyService = ` -service "{{.Name}}" { - policy = "write" -} -service "{{.Name}}-sidecar-proxy" { - policy = "write" -} -service_prefix "" { - policy = "read" -} -node_prefix "" { - policy = "read" -}` +import _ "embed" - ACLTemplatedPolicyNode = ` -node "{{.Name}}" { - policy = "write" -} -service_prefix "" { - policy = "read" -}` +//go:embed acltemplatedpolicy/policies/ce/service.hcl +var ACLTemplatedPolicyService string - ACLTemplatedPolicyDNS = ` -node_prefix "" { - policy = "read" -} -service_prefix "" { - policy = "read" -} -query_prefix "" { - policy = "read" -}` -) +//go:embed acltemplatedpolicy/policies/ce/node.hcl +var ACLTemplatedPolicyNode string + +//go:embed acltemplatedpolicy/policies/ce/dns.hcl +var ACLTemplatedPolicyDNS string func (t *ACLToken) TemplatedPolicyList() []*ACLTemplatedPolicy { if len(t.TemplatedPolicies) == 0 { diff --git a/agent/structs/acltemplatedpolicy/policies/ce/dns.hcl b/agent/structs/acltemplatedpolicy/policies/ce/dns.hcl new file mode 100644 index 0000000000..6627f1c96a --- /dev/null +++ b/agent/structs/acltemplatedpolicy/policies/ce/dns.hcl @@ -0,0 +1,10 @@ + +node_prefix "" { + policy = "read" +} +service_prefix "" { + policy = "read" +} +query_prefix "" { + policy = "read" +} \ No newline at end of file diff --git a/agent/structs/acltemplatedpolicy/policies/ce/node.hcl b/agent/structs/acltemplatedpolicy/policies/ce/node.hcl new file mode 100644 index 0000000000..b6b03a2250 --- /dev/null +++ b/agent/structs/acltemplatedpolicy/policies/ce/node.hcl @@ -0,0 +1,7 @@ + +node "{{.Name}}" { + policy = "write" +} +service_prefix "" { + policy = "read" +} \ No newline at end of file diff --git a/agent/structs/acltemplatedpolicy/policies/ce/service.hcl b/agent/structs/acltemplatedpolicy/policies/ce/service.hcl new file mode 100644 index 0000000000..a8d2faf279 --- /dev/null +++ b/agent/structs/acltemplatedpolicy/policies/ce/service.hcl @@ -0,0 +1,13 @@ + +service "{{.Name}}" { + policy = "write" +} +service "{{.Name}}-sidecar-proxy" { + policy = "write" +} +service_prefix "" { + policy = "read" +} +node_prefix "" { + policy = "read" +} \ No newline at end of file diff --git a/command/acl/templatedpolicy/formatter_test.go b/command/acl/templatedpolicy/formatter_test.go index 887e518ea0..71a3ca1724 100644 --- a/command/acl/templatedpolicy/formatter_test.go +++ b/command/acl/templatedpolicy/formatter_test.go @@ -42,7 +42,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) { "dns-templated-policy": { templatedPolicy: api.ACLTemplatedPolicyResponse{ TemplateName: api.ACLTemplatedPolicyDNSName, - Schema: structs.ACLTemplatedPolicyDNSSchema, + Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema, Template: structs.ACLTemplatedPolicyDNS, }, }, @@ -94,7 +94,7 @@ func testFormatTemplatedPolicyList(t *testing.T, dirPath string) { }, "builtin/dns": { TemplateName: api.ACLTemplatedPolicyDNSName, - Schema: structs.ACLTemplatedPolicyDNSSchema, + Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema, Template: structs.ACLTemplatedPolicyDNS, }, "builtin/service": { diff --git a/command/acl/templatedpolicy/list/templated_policy_list_test.go b/command/acl/templatedpolicy/list/templated_policy_list_test.go index bdde3782d7..5f548918e7 100644 --- a/command/acl/templatedpolicy/list/templated_policy_list_test.go +++ b/command/acl/templatedpolicy/list/templated_policy_list_test.go @@ -98,5 +98,5 @@ func TestTemplatedPolicyListCommand_JSON(t *testing.T) { err := json.Unmarshal([]byte(output), &jsonOutput) assert.NoError(t, err) outputTemplate := jsonOutput[api.ACLTemplatedPolicyDNSName] - assert.Equal(t, structs.ACLTemplatedPolicyDNSSchema, outputTemplate.Schema) + assert.Equal(t, structs.ACLTemplatedPolicyNoRequiredVariablesSchema, outputTemplate.Schema) }