status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Cross port of ent #1383 (#11726) 

Cross port of ent #1383 "Reject non-default datacenter when making partitioned ACLs"

On the OSS side this is a minor refactor to add some more checks that are only applicable to enterprise code.

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
This commit is contained in:
Mark Anderson 2021-12-03 10:20:25 -08:00 committed by GitHub
parent 599a4d6619
commit a89ffba2d4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 25 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
agent/consul/acl_endpoint.go
View File

@ -700,9 +700,8 @@ func (a *ACL) tokenSetInternal(args *structs.ACLTokenSetRequest, reply *structs.
token.SetHash(true) token.SetHash(true)
// validate the enterprise meta // validate the enterprise specific fields
err = state.ACLTokenUpsertValidateEnterprise(token, accessorMatch) if err = a.tokenUpsertValidateEnterprise(token, accessorMatch); err != nil {
if err != nil {
return err return err
} }
@ -1181,9 +1180,8 @@ func (a *ACL) PolicySet(args *structs.ACLPolicySetRequest, reply *structs.ACLPol
return err return err
} }
// validate the enterprise meta // validate the enterprise specific fields
err = state.ACLPolicyUpsertValidateEnterprise(policy, idMatch) if err = a.policyUpsertValidateEnterprise(policy, idMatch); err != nil {
if err != nil {
return err return err
} }
@ -1543,8 +1541,8 @@ func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) e
} }
} }
// validate the enterprise meta // validate the enterprise specific fields
if err := state.ACLRoleUpsertValidateEnterprise(role, existing); err != nil { if err := a.roleUpsertValidateEnterprise(role, existing); err != nil {
return err return err
} }

15
agent/consul/acl_endpoint_oss.go
View File

@ -8,6 +8,21 @@ import (
"github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/structs"
) )
func (a *ACL) tokenUpsertValidateEnterprise(token *structs.ACLToken, existing *structs.ACLToken) error {
state := a.srv.fsm.State()
return state.ACLTokenUpsertValidateEnterprise(token, existing)
}
func (a *ACL) policyUpsertValidateEnterprise(policy *structs.ACLPolicy, existing *structs.ACLPolicy) error {
state := a.srv.fsm.State()
return state.ACLPolicyUpsertValidateEnterprise(policy, existing)
}
func (a *ACL) roleUpsertValidateEnterprise(role *structs.ACLRole, existing *structs.ACLRole) error {
state := a.srv.fsm.State()
return state.ACLRoleUpsertValidateEnterprise(role, existing)
}
func (a *ACL) enterpriseAuthMethodTypeValidation(authMethodType string) error { func (a *ACL) enterpriseAuthMethodTypeValidation(authMethodType string) error {
return nil return nil
} }

4
agent/structs/acl_oss.go
View File

@ -94,3 +94,7 @@ func (r *ACLRole) NodeIdentityList() []*ACLNodeIdentity {
} }
return out return out
} }
func IsValidPartitionAndDatacenter(meta EnterpriseMeta, datacenters []string, primaryDatacenter string) bool {
return true
}