acl: pass PartitionInfo through ent ACLConfig

This commit is contained in:
Kyle Havlovitz 2021-10-24 18:28:46 -04:00 committed by freddygv
parent d03f849e49
commit 65c9109396
5 changed files with 22 additions and 4 deletions

View File

@ -14,6 +14,11 @@ type Config struct {
EnterpriseConfig EnterpriseConfig
} }
type PartitionExportInfo interface {
// DownstreamPartitions returns the list of partitions the given service has been exported to.
DownstreamPartitions(service string, ctx *AuthorizerContext) []string
}
// GetWildcardName will retrieve the configured wildcard name or provide a default // GetWildcardName will retrieve the configured wildcard name or provide a default
// in the case that the config is Nil or the wildcard name is unset. // in the case that the config is Nil or the wildcard name is unset.
func (c *Config) GetWildcardName() string { func (c *Config) GetWildcardName() string {

View File

@ -1094,7 +1094,7 @@ func (r *ACLResolver) ResolveTokenToIdentityAndAuthorizer(token string) (structs
if r.aclConf != nil { if r.aclConf != nil {
conf = *r.aclConf conf = *r.aclConf
} }
conf.LocalPartition = identity.EnterpriseMetadata().PartitionOrDefault() r.setEnterpriseConf(identity, &conf)
authz, err := policies.Compile(r.cache, &conf) authz, err := policies.Compile(r.cache, &conf)
if err != nil { if err != nil {
@ -1900,3 +1900,9 @@ func filterACL(r *ACLResolver, token string, subj interface{}) error {
filterACLWithAuthorizer(r.logger, authorizer, subj) filterACLWithAuthorizer(r.logger, authorizer, subj)
return nil return nil
} }
type partitionInfoNoop struct{}
func (p *partitionInfoNoop) DownstreamPartitions(service string, ctx *acl.AuthorizerContext) []string {
return []string{}
}

View File

@ -15,7 +15,11 @@ func (s *Server) replicationEnterpriseMeta() *structs.EnterpriseMeta {
return structs.ReplicationEnterpriseMeta() return structs.ReplicationEnterpriseMeta()
} }
func newACLConfig(hclog.Logger) *acl.Config { func serverPartitionInfo(s *Server) acl.PartitionExportInfo {
return &partitionInfoNoop{}
}
func newACLConfig(_ acl.PartitionExportInfo, hclog.Logger) *acl.Config {
return &acl.Config{ return &acl.Config{
WildcardName: structs.WildcardSpecifier, WildcardName: structs.WildcardSpecifier,
} }
@ -41,3 +45,5 @@ func (_ *ACLResolver) resolveEnterpriseIdentityAndPolicies(_ structs.ACLIdentity
func (_ *ACLResolver) resolveLocallyManagedEnterpriseToken(_ string) (structs.ACLIdentity, acl.Authorizer, bool) { func (_ *ACLResolver) resolveLocallyManagedEnterpriseToken(_ string) (structs.ACLIdentity, acl.Authorizer, bool) {
return nil, nil, false return nil, nil, false
} }
func (_ *ACLResolver) setEnterpriseConf(identity structs.ACLIdentity, conf *acl.Config) {}

View File

@ -123,7 +123,7 @@ func NewClient(config *Config, deps Deps) (*Client, error) {
Logger: c.logger, Logger: c.logger,
DisableDuration: aclClientDisabledTTL, DisableDuration: aclClientDisabledTTL,
CacheConfig: clientACLCacheConfig, CacheConfig: clientACLCacheConfig,
ACLConfig: newACLConfig(c.logger), ACLConfig: newACLConfig(&partitionInfoNoop{}, c.logger),
Tokens: deps.Tokens, Tokens: deps.Tokens,
} }
var err error var err error

View File

@ -427,7 +427,8 @@ func NewServer(config *Config, flat Deps) (*Server, error) {
// Initialize the stats fetcher that autopilot will use. // Initialize the stats fetcher that autopilot will use.
s.statsFetcher = NewStatsFetcher(logger, s.connPool, s.config.Datacenter) s.statsFetcher = NewStatsFetcher(logger, s.connPool, s.config.Datacenter)
s.aclConfig = newACLConfig(logger) partitionInfo := serverPartitionInfo(s)
s.aclConfig = newACLConfig(partitionInfo, logger)
aclConfig := ACLResolverConfig{ aclConfig := ACLResolverConfig{
Config: config.ACLResolverSettings, Config: config.ACLResolverSettings,
Delegate: s, Delegate: s,