mirror of https://github.com/status-im/consul.git
Cross port of ent #1383 "Reject non-default datacenter when making partitioned ACLs" On the OSS side this is a minor refactor to add some more checks that are only applicable to enterprise code. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
This commit is contained in:
parent
599a4d6619
commit
a89ffba2d4
|
@ -700,9 +700,8 @@ func (a *ACL) tokenSetInternal(args *structs.ACLTokenSetRequest, reply *structs.
|
|||
|
||||
token.SetHash(true)
|
||||
|
||||
// validate the enterprise meta
|
||||
err = state.ACLTokenUpsertValidateEnterprise(token, accessorMatch)
|
||||
if err != nil {
|
||||
// validate the enterprise specific fields
|
||||
if err = a.tokenUpsertValidateEnterprise(token, accessorMatch); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
@ -1181,9 +1180,8 @@ func (a *ACL) PolicySet(args *structs.ACLPolicySetRequest, reply *structs.ACLPol
|
|||
return err
|
||||
}
|
||||
|
||||
// validate the enterprise meta
|
||||
err = state.ACLPolicyUpsertValidateEnterprise(policy, idMatch)
|
||||
if err != nil {
|
||||
// validate the enterprise specific fields
|
||||
if err = a.policyUpsertValidateEnterprise(policy, idMatch); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
@ -1543,8 +1541,8 @@ func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) e
|
|||
}
|
||||
}
|
||||
|
||||
// validate the enterprise meta
|
||||
if err := state.ACLRoleUpsertValidateEnterprise(role, existing); err != nil {
|
||||
// validate the enterprise specific fields
|
||||
if err := a.roleUpsertValidateEnterprise(role, existing); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
|
@ -8,6 +8,21 @@ import (
|
|||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
func (a *ACL) tokenUpsertValidateEnterprise(token *structs.ACLToken, existing *structs.ACLToken) error {
|
||||
state := a.srv.fsm.State()
|
||||
return state.ACLTokenUpsertValidateEnterprise(token, existing)
|
||||
}
|
||||
|
||||
func (a *ACL) policyUpsertValidateEnterprise(policy *structs.ACLPolicy, existing *structs.ACLPolicy) error {
|
||||
state := a.srv.fsm.State()
|
||||
return state.ACLPolicyUpsertValidateEnterprise(policy, existing)
|
||||
}
|
||||
|
||||
func (a *ACL) roleUpsertValidateEnterprise(role *structs.ACLRole, existing *structs.ACLRole) error {
|
||||
state := a.srv.fsm.State()
|
||||
return state.ACLRoleUpsertValidateEnterprise(role, existing)
|
||||
}
|
||||
|
||||
func (a *ACL) enterpriseAuthMethodTypeValidation(authMethodType string) error {
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -94,3 +94,7 @@ func (r *ACLRole) NodeIdentityList() []*ACLNodeIdentity {
|
|||
}
|
||||
return out
|
||||
}
|
||||
|
||||
func IsValidPartitionAndDatacenter(meta EnterpriseMeta, datacenters []string, primaryDatacenter string) bool {
|
||||
return true
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue