mirror of https://github.com/status-im/consul.git
Parse datacenter from request (#12370)
* Parse datacenter from request - Parse the value of the datacenter from the create/delete requests for AuthMethods and BindingRules so that they can be created in and deleted from the datacenters specified in the request.
This commit is contained in:
parent
3defe2e3ae
commit
6e6cd928a2
|
@ -0,0 +1,3 @@
|
|||
```release-note:bug
|
||||
agent: Parse datacenter from Create/Delete requests for AuthMethods and BindingRules.
|
||||
```
|
|
@ -751,9 +751,8 @@ func (s *HTTPHandlers) ACLBindingRuleCreate(resp http.ResponseWriter, req *http.
|
|||
}
|
||||
|
||||
func (s *HTTPHandlers) ACLBindingRuleWrite(resp http.ResponseWriter, req *http.Request, bindingRuleID string) (interface{}, error) {
|
||||
args := structs.ACLBindingRuleSetRequest{
|
||||
Datacenter: s.agent.config.Datacenter,
|
||||
}
|
||||
args := structs.ACLBindingRuleSetRequest{}
|
||||
s.parseDC(req, &args.Datacenter)
|
||||
s.parseToken(req, &args.Token)
|
||||
if err := s.parseEntMeta(req, &args.BindingRule.EnterpriseMeta); err != nil {
|
||||
return nil, err
|
||||
|
@ -779,9 +778,9 @@ func (s *HTTPHandlers) ACLBindingRuleWrite(resp http.ResponseWriter, req *http.R
|
|||
|
||||
func (s *HTTPHandlers) ACLBindingRuleDelete(resp http.ResponseWriter, req *http.Request, bindingRuleID string) (interface{}, error) {
|
||||
args := structs.ACLBindingRuleDeleteRequest{
|
||||
Datacenter: s.agent.config.Datacenter,
|
||||
BindingRuleID: bindingRuleID,
|
||||
}
|
||||
s.parseDC(req, &args.Datacenter)
|
||||
s.parseToken(req, &args.Token)
|
||||
if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
|
||||
return nil, err
|
||||
|
@ -898,9 +897,8 @@ func (s *HTTPHandlers) ACLAuthMethodCreate(resp http.ResponseWriter, req *http.R
|
|||
}
|
||||
|
||||
func (s *HTTPHandlers) ACLAuthMethodWrite(resp http.ResponseWriter, req *http.Request, methodName string) (interface{}, error) {
|
||||
args := structs.ACLAuthMethodSetRequest{
|
||||
Datacenter: s.agent.config.Datacenter,
|
||||
}
|
||||
args := structs.ACLAuthMethodSetRequest{}
|
||||
s.parseDC(req, &args.Datacenter)
|
||||
s.parseToken(req, &args.Token)
|
||||
if err := s.parseEntMeta(req, &args.AuthMethod.EnterpriseMeta); err != nil {
|
||||
return nil, err
|
||||
|
@ -929,9 +927,9 @@ func (s *HTTPHandlers) ACLAuthMethodWrite(resp http.ResponseWriter, req *http.Re
|
|||
|
||||
func (s *HTTPHandlers) ACLAuthMethodDelete(resp http.ResponseWriter, req *http.Request, methodName string) (interface{}, error) {
|
||||
args := structs.ACLAuthMethodDeleteRequest{
|
||||
Datacenter: s.agent.config.Datacenter,
|
||||
AuthMethodName: methodName,
|
||||
}
|
||||
s.parseDC(req, &args.Datacenter)
|
||||
s.parseToken(req, &args.Token)
|
||||
if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
|
||||
return nil, err
|
||||
|
|
|
@ -1222,6 +1222,26 @@ func TestACL_LoginProcedure_HTTP(t *testing.T) {
|
|||
methodMap[method.Name] = method
|
||||
})
|
||||
|
||||
t.Run("Create in remote datacenter", func(t *testing.T) {
|
||||
methodInput := &structs.ACLAuthMethod{
|
||||
Name: "other",
|
||||
Type: "testing",
|
||||
Description: "test",
|
||||
Config: map[string]interface{}{
|
||||
"SessionID": testSessionID,
|
||||
},
|
||||
TokenLocality: "global",
|
||||
MaxTokenTTL: 500_000_000_000,
|
||||
}
|
||||
|
||||
req, _ := http.NewRequest("PUT", "/v1/acl/auth-method?token=root&dc=remote", jsonBody(methodInput))
|
||||
resp := httptest.NewRecorder()
|
||||
_, err := a.srv.ACLAuthMethodCRUD(resp, req)
|
||||
require.Error(t, err)
|
||||
_, ok := err.(BadRequestError)
|
||||
require.True(t, ok)
|
||||
})
|
||||
|
||||
t.Run("Update Name URL Mismatch", func(t *testing.T) {
|
||||
methodInput := &structs.ACLAuthMethod{
|
||||
Name: "test",
|
||||
|
@ -1394,6 +1414,21 @@ func TestACL_LoginProcedure_HTTP(t *testing.T) {
|
|||
ruleMap[rule.ID] = rule
|
||||
})
|
||||
|
||||
t.Run("Create in remote datacenter", func(t *testing.T) {
|
||||
ruleInput := &structs.ACLBindingRule{
|
||||
Description: "other",
|
||||
AuthMethod: "test",
|
||||
Selector: "serviceaccount.namespace==default",
|
||||
BindType: structs.BindingRuleBindTypeRole,
|
||||
BindName: "fancy-role",
|
||||
}
|
||||
|
||||
req, _ := http.NewRequest("PUT", "/v1/acl/binding-rule?token=root&dc=remote", jsonBody(ruleInput))
|
||||
resp := httptest.NewRecorder()
|
||||
_, err := a.srv.ACLBindingRuleCRUD(resp, req)
|
||||
require.EqualError(t, err, "No path to datacenter")
|
||||
})
|
||||
|
||||
t.Run("BindingRule CRUD Missing ID in URL", func(t *testing.T) {
|
||||
req, _ := http.NewRequest("GET", "/v1/acl/binding-rule/?token=root", nil)
|
||||
resp := httptest.NewRecorder()
|
||||
|
|
Loading…
Reference in New Issue