From 6e6cd928a22d03d670089fc1c7a2f66af235d318 Mon Sep 17 00:00:00 2001 From: Ashwin Venkatesh Date: Thu, 17 Feb 2022 16:41:27 -0500 Subject: [PATCH] Parse datacenter from request (#12370) * Parse datacenter from request - Parse the value of the datacenter from the create/delete requests for AuthMethods and BindingRules so that they can be created in and deleted from the datacenters specified in the request. --- .changelog/12370.txt | 3 +++ agent/acl_endpoint.go | 14 ++++++-------- agent/acl_endpoint_test.go | 35 +++++++++++++++++++++++++++++++++++ 3 files changed, 44 insertions(+), 8 deletions(-) create mode 100644 .changelog/12370.txt diff --git a/.changelog/12370.txt b/.changelog/12370.txt new file mode 100644 index 0000000000..6b184a63dc --- /dev/null +++ b/.changelog/12370.txt @@ -0,0 +1,3 @@ +```release-note:bug +agent: Parse datacenter from Create/Delete requests for AuthMethods and BindingRules. +``` diff --git a/agent/acl_endpoint.go b/agent/acl_endpoint.go index 952b3431d5..5b9ddec3b9 100644 --- a/agent/acl_endpoint.go +++ b/agent/acl_endpoint.go @@ -751,9 +751,8 @@ func (s *HTTPHandlers) ACLBindingRuleCreate(resp http.ResponseWriter, req *http. } func (s *HTTPHandlers) ACLBindingRuleWrite(resp http.ResponseWriter, req *http.Request, bindingRuleID string) (interface{}, error) { - args := structs.ACLBindingRuleSetRequest{ - Datacenter: s.agent.config.Datacenter, - } + args := structs.ACLBindingRuleSetRequest{} + s.parseDC(req, &args.Datacenter) s.parseToken(req, &args.Token) if err := s.parseEntMeta(req, &args.BindingRule.EnterpriseMeta); err != nil { return nil, err @@ -779,9 +778,9 @@ func (s *HTTPHandlers) ACLBindingRuleWrite(resp http.ResponseWriter, req *http.R func (s *HTTPHandlers) ACLBindingRuleDelete(resp http.ResponseWriter, req *http.Request, bindingRuleID string) (interface{}, error) { args := structs.ACLBindingRuleDeleteRequest{ - Datacenter: s.agent.config.Datacenter, BindingRuleID: bindingRuleID, } + s.parseDC(req, &args.Datacenter) s.parseToken(req, &args.Token) if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil { return nil, err @@ -898,9 +897,8 @@ func (s *HTTPHandlers) ACLAuthMethodCreate(resp http.ResponseWriter, req *http.R } func (s *HTTPHandlers) ACLAuthMethodWrite(resp http.ResponseWriter, req *http.Request, methodName string) (interface{}, error) { - args := structs.ACLAuthMethodSetRequest{ - Datacenter: s.agent.config.Datacenter, - } + args := structs.ACLAuthMethodSetRequest{} + s.parseDC(req, &args.Datacenter) s.parseToken(req, &args.Token) if err := s.parseEntMeta(req, &args.AuthMethod.EnterpriseMeta); err != nil { return nil, err @@ -929,9 +927,9 @@ func (s *HTTPHandlers) ACLAuthMethodWrite(resp http.ResponseWriter, req *http.Re func (s *HTTPHandlers) ACLAuthMethodDelete(resp http.ResponseWriter, req *http.Request, methodName string) (interface{}, error) { args := structs.ACLAuthMethodDeleteRequest{ - Datacenter: s.agent.config.Datacenter, AuthMethodName: methodName, } + s.parseDC(req, &args.Datacenter) s.parseToken(req, &args.Token) if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil { return nil, err diff --git a/agent/acl_endpoint_test.go b/agent/acl_endpoint_test.go index 84efebc195..5087367d83 100644 --- a/agent/acl_endpoint_test.go +++ b/agent/acl_endpoint_test.go @@ -1222,6 +1222,26 @@ func TestACL_LoginProcedure_HTTP(t *testing.T) { methodMap[method.Name] = method }) + t.Run("Create in remote datacenter", func(t *testing.T) { + methodInput := &structs.ACLAuthMethod{ + Name: "other", + Type: "testing", + Description: "test", + Config: map[string]interface{}{ + "SessionID": testSessionID, + }, + TokenLocality: "global", + MaxTokenTTL: 500_000_000_000, + } + + req, _ := http.NewRequest("PUT", "/v1/acl/auth-method?token=root&dc=remote", jsonBody(methodInput)) + resp := httptest.NewRecorder() + _, err := a.srv.ACLAuthMethodCRUD(resp, req) + require.Error(t, err) + _, ok := err.(BadRequestError) + require.True(t, ok) + }) + t.Run("Update Name URL Mismatch", func(t *testing.T) { methodInput := &structs.ACLAuthMethod{ Name: "test", @@ -1394,6 +1414,21 @@ func TestACL_LoginProcedure_HTTP(t *testing.T) { ruleMap[rule.ID] = rule }) + t.Run("Create in remote datacenter", func(t *testing.T) { + ruleInput := &structs.ACLBindingRule{ + Description: "other", + AuthMethod: "test", + Selector: "serviceaccount.namespace==default", + BindType: structs.BindingRuleBindTypeRole, + BindName: "fancy-role", + } + + req, _ := http.NewRequest("PUT", "/v1/acl/binding-rule?token=root&dc=remote", jsonBody(ruleInput)) + resp := httptest.NewRecorder() + _, err := a.srv.ACLBindingRuleCRUD(resp, req) + require.EqualError(t, err, "No path to datacenter") + }) + t.Run("BindingRule CRUD Missing ID in URL", func(t *testing.T) { req, _ := http.NewRequest("GET", "/v1/acl/binding-rule/?token=root", nil) resp := httptest.NewRecorder()