From 8aec09aa8f0828f72e45cbee24b52413aa51d19e Mon Sep 17 00:00:00 2001 From: Matt Keeler Date: Thu, 2 Apr 2020 12:09:35 -0400 Subject: [PATCH] Ensure that token clone copies the roles (#7577) --- agent/consul/acl_endpoint.go | 1 + agent/consul/acl_endpoint_test.go | 20 +++++++++++++++++++- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go index e5dda2bf52..641e57b5a4 100644 --- a/agent/consul/acl_endpoint.go +++ b/agent/consul/acl_endpoint.go @@ -311,6 +311,7 @@ func (a *ACL) TokenClone(args *structs.ACLTokenSetRequest, reply *structs.ACLTok Datacenter: args.Datacenter, ACLToken: structs.ACLToken{ Policies: token.Policies, + Roles: token.Roles, ServiceIdentities: token.ServiceIdentities, Local: token.Local, Description: token.Description, diff --git a/agent/consul/acl_endpoint_test.go b/agent/consul/acl_endpoint_test.go index 8d8f79a0d6..a252cc6fe2 100644 --- a/agent/consul/acl_endpoint_test.go +++ b/agent/consul/acl_endpoint_test.go @@ -754,7 +754,23 @@ func TestACLEndpoint_TokenClone(t *testing.T) { testrpc.WaitForLeader(t, s1.RPC, "dc1") - t1, err := upsertTestToken(codec, "root", "dc1", nil) + p1, err := upsertTestPolicy(codec, "root", "dc1") + require.NoError(t, err) + + r1, err := upsertTestRole(codec, "root", "dc1") + require.NoError(t, err) + + t1, err := upsertTestToken(codec, "root", "dc1", func(t *structs.ACLToken) { + t.Policies = []structs.ACLTokenPolicyLink{ + {ID: p1.ID}, + } + t.Roles = []structs.ACLTokenRoleLink{ + {ID: r1.ID}, + } + t.ServiceIdentities = []*structs.ACLServiceIdentity{ + &structs.ACLServiceIdentity{ServiceName: "web"}, + } + }) require.NoError(t, err) endpoint := ACL{srv: s1} @@ -773,6 +789,8 @@ func TestACLEndpoint_TokenClone(t *testing.T) { require.Equal(t, t1.Description, t2.Description) require.Equal(t, t1.Policies, t2.Policies) + require.Equal(t, t1.Roles, t2.Roles) + require.Equal(t, t1.ServiceIdentities, t2.ServiceIdentities) require.Equal(t, t1.Rules, t2.Rules) require.Equal(t, t1.Local, t2.Local) require.NotEqual(t, t1.AccessorID, t2.AccessorID)