From aff13cd4c2711f8a2fe2ab07659a0f37d4355d46 Mon Sep 17 00:00:00 2001 From: Ronald Date: Fri, 15 Sep 2023 13:49:22 -0400 Subject: [PATCH] Use embedded strings for templated policies (#18829) --- agent/acl_endpoint_test.go | 2 +- agent/structs/acl_templated_policy.go | 31 +++++++------------ .../acltemplatedpolicy/schemas/node.json | 13 ++++++++ .../acltemplatedpolicy/schemas/service.json | 13 ++++++++ command/acl/templatedpolicy/formatter_test.go | 8 ++--- .../read/templated_policy_read_test.go | 2 +- .../ce/node-templated-policy.json.golden | 2 +- .../node-templated-policy.pretty-meta.golden | 1 - .../ce/service-templated-policy.json.golden | 2 +- ...ervice-templated-policy.pretty-meta.golden | 1 - .../ce/list.json.golden | 4 +-- 11 files changed, 48 insertions(+), 31 deletions(-) create mode 100644 agent/structs/acltemplatedpolicy/schemas/node.json create mode 100644 agent/structs/acltemplatedpolicy/schemas/service.json diff --git a/agent/acl_endpoint_test.go b/agent/acl_endpoint_test.go index 50b2ad20d4..ca4fb3668d 100644 --- a/agent/acl_endpoint_test.go +++ b/agent/acl_endpoint_test.go @@ -1378,7 +1378,7 @@ func TestACL_HTTP(t *testing.T) { require.Equal(t, api.ACLTemplatedPolicyResponse{ TemplateName: api.ACLTemplatedPolicyServiceName, - Schema: structs.ACLTemplatedPolicyIdentitiesSchema, + Schema: structs.ACLTemplatedPolicyServiceSchema, Template: structs.ACLTemplatedPolicyService, }, list[api.ACLTemplatedPolicyServiceName]) }) diff --git a/agent/structs/acl_templated_policy.go b/agent/structs/acl_templated_policy.go index 1e62c984ce..fcb5003291 100644 --- a/agent/structs/acl_templated_policy.go +++ b/agent/structs/acl_templated_policy.go @@ -5,6 +5,7 @@ package structs import ( "bytes" + _ "embed" "fmt" "hash" "hash/fnv" @@ -18,26 +19,17 @@ import ( "golang.org/x/exp/slices" ) +//go:embed acltemplatedpolicy/schemas/node.json +var ACLTemplatedPolicyNodeSchema string + +//go:embed acltemplatedpolicy/schemas/service.json +var ACLTemplatedPolicyServiceSchema string + type ACLTemplatedPolicies []*ACLTemplatedPolicy const ( - ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004" - ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003" - ACLTemplatedPolicyIdentitiesSchema = ` -{ - "type": "object", - "properties": { - "name": { "type": "string", "$ref": "#/definitions/min-length-one" } - }, - "required": ["name"], - "definitions": { - "min-length-one": { - "type": "string", - "minLength": 1 - } - } -}` - + ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003" + ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004" ACLTemplatedPolicyDNSID = "00000000-0000-0000-0000-000000000005" ACLTemplatedPolicyDNSSchema = "" // empty schema as it does not require variables ) @@ -59,13 +51,13 @@ var ( api.ACLTemplatedPolicyServiceName: { TemplateID: ACLTemplatedPolicyServiceID, TemplateName: api.ACLTemplatedPolicyServiceName, - Schema: ACLTemplatedPolicyIdentitiesSchema, + Schema: ACLTemplatedPolicyServiceSchema, Template: ACLTemplatedPolicyService, }, api.ACLTemplatedPolicyNodeName: { TemplateID: ACLTemplatedPolicyNodeID, TemplateName: api.ACLTemplatedPolicyNodeName, - Schema: ACLTemplatedPolicyIdentitiesSchema, + Schema: ACLTemplatedPolicyNodeSchema, Template: ACLTemplatedPolicyNode, }, api.ACLTemplatedPolicyDNSName: { @@ -273,6 +265,7 @@ func GetACLTemplatedPolicyBase(templateName string) (*ACLTemplatedPolicyBase, bo return nil, false } +// GetACLTemplatedPolicyList returns a copy of the list of templated policies func GetACLTemplatedPolicyList() map[string]*ACLTemplatedPolicyBase { m := make(map[string]*ACLTemplatedPolicyBase, len(aclTemplatedPoliciesList)) for k, v := range aclTemplatedPoliciesList { diff --git a/agent/structs/acltemplatedpolicy/schemas/node.json b/agent/structs/acltemplatedpolicy/schemas/node.json new file mode 100644 index 0000000000..8a3d193268 --- /dev/null +++ b/agent/structs/acltemplatedpolicy/schemas/node.json @@ -0,0 +1,13 @@ +{ + "type": "object", + "properties": { + "name": { "type": "string", "$ref": "#/definitions/min-length-one" } + }, + "required": ["name"], + "definitions": { + "min-length-one": { + "type": "string", + "minLength": 1 + } + } +} \ No newline at end of file diff --git a/agent/structs/acltemplatedpolicy/schemas/service.json b/agent/structs/acltemplatedpolicy/schemas/service.json new file mode 100644 index 0000000000..8a3d193268 --- /dev/null +++ b/agent/structs/acltemplatedpolicy/schemas/service.json @@ -0,0 +1,13 @@ +{ + "type": "object", + "properties": { + "name": { "type": "string", "$ref": "#/definitions/min-length-one" } + }, + "required": ["name"], + "definitions": { + "min-length-one": { + "type": "string", + "minLength": 1 + } + } +} \ No newline at end of file diff --git a/command/acl/templatedpolicy/formatter_test.go b/command/acl/templatedpolicy/formatter_test.go index d6e8fa4d0c..887e518ea0 100644 --- a/command/acl/templatedpolicy/formatter_test.go +++ b/command/acl/templatedpolicy/formatter_test.go @@ -35,7 +35,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) { "node-templated-policy": { templatedPolicy: api.ACLTemplatedPolicyResponse{ TemplateName: api.ACLTemplatedPolicyNodeName, - Schema: structs.ACLTemplatedPolicyIdentitiesSchema, + Schema: structs.ACLTemplatedPolicyNodeSchema, Template: structs.ACLTemplatedPolicyNode, }, }, @@ -49,7 +49,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) { "service-templated-policy": { templatedPolicy: api.ACLTemplatedPolicyResponse{ TemplateName: api.ACLTemplatedPolicyServiceName, - Schema: structs.ACLTemplatedPolicyIdentitiesSchema, + Schema: structs.ACLTemplatedPolicyServiceSchema, Template: structs.ACLTemplatedPolicyService, }, }, @@ -89,7 +89,7 @@ func testFormatTemplatedPolicyList(t *testing.T, dirPath string) { policies := map[string]api.ACLTemplatedPolicyResponse{ "builtin/node": { TemplateName: api.ACLTemplatedPolicyNodeName, - Schema: structs.ACLTemplatedPolicyIdentitiesSchema, + Schema: structs.ACLTemplatedPolicyNodeSchema, Template: structs.ACLTemplatedPolicyNode, }, "builtin/dns": { @@ -99,7 +99,7 @@ func testFormatTemplatedPolicyList(t *testing.T, dirPath string) { }, "builtin/service": { TemplateName: api.ACLTemplatedPolicyServiceName, - Schema: structs.ACLTemplatedPolicyIdentitiesSchema, + Schema: structs.ACLTemplatedPolicyServiceSchema, Template: structs.ACLTemplatedPolicyService, }, } diff --git a/command/acl/templatedpolicy/read/templated_policy_read_test.go b/command/acl/templatedpolicy/read/templated_policy_read_test.go index 9059ed99c1..99ee66efc9 100644 --- a/command/acl/templatedpolicy/read/templated_policy_read_test.go +++ b/command/acl/templatedpolicy/read/templated_policy_read_test.go @@ -128,7 +128,7 @@ func TestTemplatedPolicyReadCommand_JSON(t *testing.T) { err := json.Unmarshal([]byte(output), &templatedPolicy) assert.NoError(t, err) - assert.Equal(t, structs.ACLTemplatedPolicyIdentitiesSchema, templatedPolicy.Schema) + assert.Equal(t, structs.ACLTemplatedPolicyNodeSchema, templatedPolicy.Schema) assert.Equal(t, api.ACLTemplatedPolicyNodeName, templatedPolicy.TemplateName) }) } diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.json.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.json.golden index 2643a2b9ee..22981af046 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.json.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.json.golden @@ -1,5 +1,5 @@ { "TemplateName": "builtin/node", - "Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}", + "Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}", "Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}" } \ No newline at end of file diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.pretty-meta.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.pretty-meta.golden index ff42bd711f..fda0d9559e 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.pretty-meta.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.pretty-meta.golden @@ -4,7 +4,6 @@ Input variables: Example usage: consul acl token create -templated-policy builtin/node -var name:node-1 Schema: - { "type": "object", "properties": { diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.json.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.json.golden index a23b5f8c7c..e4b71de9b8 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.json.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.json.golden @@ -1,5 +1,5 @@ { "TemplateName": "builtin/service", - "Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}", + "Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}", "Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}" } \ No newline at end of file diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.pretty-meta.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.pretty-meta.golden index 49b347efcb..f3ae5c6d7b 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.pretty-meta.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.pretty-meta.golden @@ -4,7 +4,6 @@ Input variables: Example usage: consul acl token create -templated-policy builtin/service -var name:api Schema: - { "type": "object", "properties": { diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicyList/ce/list.json.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicyList/ce/list.json.golden index 1cb724df8b..b634ddc9d8 100644 --- a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicyList/ce/list.json.golden +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicyList/ce/list.json.golden @@ -6,12 +6,12 @@ }, "builtin/node": { "TemplateName": "builtin/node", - "Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}", + "Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}", "Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}" }, "builtin/service": { "TemplateName": "builtin/service", - "Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}", + "Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}", "Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}" } } \ No newline at end of file