status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fix policy lookup to allow for slashes (#18347) 

* Fix policy lookup to allow for slashes

* Fix suggestions

* Fix other test

* Revert some lines
This commit is contained in:
Jeremy Jacobson 2023-08-03 13:21:43 -07:00 committed by GitHub
parent 284e3bdb54
commit 8e5e16de60
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 100 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
agent/acl_endpoint.go
View File

@ -6,6 +6,7 @@ package agent
import ( import (
"fmt" "fmt"
"net/http" "net/http"
"net/url"
"strings" "strings"
"github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/acl"
@ -145,6 +146,12 @@ func (s *HTTPHandlers) ACLPolicyCRUD(resp http.ResponseWriter, req *http.Request
} }
func (s *HTTPHandlers) ACLPolicyRead(resp http.ResponseWriter, req *http.Request, policyID, policyName string) (interface{}, error) { func (s *HTTPHandlers) ACLPolicyRead(resp http.ResponseWriter, req *http.Request, policyID, policyName string) (interface{}, error) {
// policy name needs to be unescaped in case there were `/` characters
policyName, err := url.QueryUnescape(policyName)
if err != nil {
return nil, err
}
args := structs.ACLPolicyGetRequest{ args := structs.ACLPolicyGetRequest{
Datacenter: s.agent.config.Datacenter, Datacenter: s.agent.config.Datacenter,
PolicyID: policyID, PolicyID: policyID,

12
command/acl/acl_helpers.go
View File

@ -45,9 +45,17 @@ func GetTokenAccessorIDFromPartial(client *api.Client, partialAccessorID string)
} }
func GetPolicyIDFromPartial(client *api.Client, partialID string) (string, error) { func GetPolicyIDFromPartial(client *api.Client, partialID string) (string, error) {
if partialID == "global-management" { // try the builtin policies (by name) first
return structs.ACLPolicyGlobalManagementID, nil for _, policy := range structs.ACLBuiltinPolicies {
if partialID == policy.Name {
return policy.ID, nil
} }
}
if policy, ok := structs.ACLBuiltinPolicies[partialID]; ok {
return policy.ID, nil
}
// The full UUID string was given // The full UUID string was given
if len(partialID) == 36 { if len(partialID) == 36 {
return partialID, nil return partialID, nil

83
command/acl/acl_test.go Normal file
View File

@ -0,0 +1,83 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package acl
import (
"fmt"
"io"
"testing"
"github.com/hashicorp/consul/agent"
"github.com/hashicorp/consul/agent/structs"
"github.com/hashicorp/consul/testrpc"
"github.com/stretchr/testify/require"
)
func Test_GetPolicyIDByName_Builtins(t *testing.T) {
t.Parallel()
a := agent.StartTestAgent(t,
agent.TestAgent{
LogOutput: io.Discard,
HCL: `
primary_datacenter = "dc1"
acl {
enabled = true
tokens {
initial_management = "root"
}
}
`,
},
)
defer a.Shutdown()
testrpc.WaitForTestAgent(t, a.RPC, "dc1", testrpc.WithToken("root"))
client := a.Client()
client.AddHeader("X-Consul-Token", "root")
for _, policy := range structs.ACLBuiltinPolicies {
name := fmt.Sprintf("%s policy", policy.Name)
t.Run(name, func(t *testing.T) {
id, err := GetPolicyIDByName(client, policy.Name)
require.NoError(t, err)
require.Equal(t, policy.ID, id)
})
}
}
func Test_GetPolicyIDFromPartial_Builtins(t *testing.T) {
t.Parallel()
a := agent.StartTestAgent(t,
agent.TestAgent{
LogOutput: io.Discard,
HCL: `
primary_datacenter = "dc1"
acl {
enabled = true
tokens {
initial_management = "root"
}
}
`,
},
)
defer a.Shutdown()
testrpc.WaitForTestAgent(t, a.RPC, "dc1", testrpc.WithToken("root"))
client := a.Client()
client.AddHeader("X-Consul-Token", "root")
for _, policy := range structs.ACLBuiltinPolicies {
name := fmt.Sprintf("%s policy", policy.Name)
t.Run(name, func(t *testing.T) {
id, err := GetPolicyIDFromPartial(client, policy.Name)
require.NoError(t, err)
require.Equal(t, policy.ID, id)
})
}
}