status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

acl: change authmethod.Validator to take a logger (#7758)

This commit is contained in:
R.B. Boyer 2020-05-01 15:55:26 -05:00 committed by GitHub
parent 8927b54121
commit 54ba8e3868
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
agent/consul/acl_authmethod.go
View File

@ -25,7 +25,7 @@ func (s *Server) loadAuthMethodValidator(idx uint64, method *structs.ACLAuthMeth
return v, nil return v, nil
} }
v, err := authmethod.NewValidator(method) v, err := authmethod.NewValidator(s.logger, method)
if err != nil { if err != nil {
return nil, fmt.Errorf("auth method validator for %q could not be initialized: %v", method.Name, err) return nil, fmt.Errorf("auth method validator for %q could not be initialized: %v", method.Name, err)
} }

2
agent/consul/acl_endpoint.go
View File

@ -2111,7 +2111,7 @@ func (a *ACL) AuthMethodSet(args *structs.ACLAuthMethodSetRequest, reply *struct
// Instantiate a validator but do not cache it yet. This will validate the // Instantiate a validator but do not cache it yet. This will validate the
// configuration. // configuration.
if _, err := authmethod.NewValidator(method); err != nil { if _, err := authmethod.NewValidator(a.srv.logger, method); err != nil {
return fmt.Errorf("Invalid Auth Method: %v", err) return fmt.Errorf("Invalid Auth Method: %v", err)
} }

9
agent/consul/authmethod/authmethods.go
View File

@ -6,6 +6,7 @@ import (
"sync" "sync"
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/go-hclog"
"github.com/mitchellh/mapstructure" "github.com/mitchellh/mapstructure"
) )
@ -24,7 +25,7 @@ type Cache interface {
Purge() Purge()
} }
type ValidatorFactory func(method *structs.ACLAuthMethod) (Validator, error) type ValidatorFactory func(logger hclog.Logger, method *structs.ACLAuthMethod) (Validator, error)
type Validator interface { type Validator interface {
// Name returns the name of the auth method backing this validator. // Name returns the name of the auth method backing this validator.
@ -131,7 +132,7 @@ func (c *authMethodCache) Purge() {
// NewValidator instantiates a new Validator for the given auth method // NewValidator instantiates a new Validator for the given auth method
// configuration. If no auth method is registered with the provided type an // configuration. If no auth method is registered with the provided type an
// error is returned. // error is returned.
func NewValidator(method *structs.ACLAuthMethod) (Validator, error) { func NewValidator(logger hclog.Logger, method *structs.ACLAuthMethod) (Validator, error) {
typesMu.RLock() typesMu.RLock()
factory, ok := types[method.Type] factory, ok := types[method.Type]
typesMu.RUnlock() typesMu.RUnlock()
@ -140,7 +141,9 @@ func NewValidator(method *structs.ACLAuthMethod) (Validator, error) {
return nil, fmt.Errorf("no auth method registered with type: %s", method.Type) return nil, fmt.Errorf("no auth method registered with type: %s", method.Type)
} }
return factory(method) logger = logger.Named("authmethod").With("type", method.Type, "name", method.Name)
return factory(logger, method)
} }
// Types returns a sorted list of the names of the registered types. // Types returns a sorted list of the names of the registered types.

3
agent/consul/authmethod/kubeauth/k8s.go
View File

@ -8,6 +8,7 @@ import (
"github.com/hashicorp/consul/agent/consul/authmethod" "github.com/hashicorp/consul/agent/consul/authmethod"
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
cleanhttp "github.com/hashicorp/go-cleanhttp" cleanhttp "github.com/hashicorp/go-cleanhttp"
"github.com/hashicorp/go-hclog"
"gopkg.in/square/go-jose.v2/jwt" "gopkg.in/square/go-jose.v2/jwt"
authv1 "k8s.io/api/authentication/v1" authv1 "k8s.io/api/authentication/v1"
client_metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" client_metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@ -20,7 +21,7 @@ import (
func init() { func init() {
// register this as an available auth method type // register this as an available auth method type
authmethod.Register("kubernetes", func(method *structs.ACLAuthMethod) (authmethod.Validator, error) { authmethod.Register("kubernetes", func(_ hclog.Logger, method *structs.ACLAuthMethod) (authmethod.Validator, error) {
v, err := NewValidator(method) v, err := NewValidator(method)
if err != nil { if err != nil {
return nil, err return nil, err

3
agent/consul/authmethod/testauth/testing.go
View File

@ -7,6 +7,7 @@ import (
"github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/acl"
"github.com/hashicorp/consul/agent/consul/authmethod" "github.com/hashicorp/consul/agent/consul/authmethod"
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/go-hclog"
"github.com/hashicorp/go-uuid" "github.com/hashicorp/go-uuid"
) )
@ -84,7 +85,7 @@ type Config struct {
enterpriseConfig `mapstructure:",squash"` enterpriseConfig `mapstructure:",squash"`
} }
func newValidator(method *structs.ACLAuthMethod) (authmethod.Validator, error) { func newValidator(logger hclog.Logger, method *structs.ACLAuthMethod) (authmethod.Validator, error) {
if method.Type != "testing" { if method.Type != "testing" {
return nil, fmt.Errorf("%q is not a testing auth method", method.Name) return nil, fmt.Errorf("%q is not a testing auth method", method.Name)
} }