mirror of https://github.com/status-im/consul.git
Use embedded strings for templated policies (#18829)
This commit is contained in:
Ronald
GitHub
parent
753c8f1774
commit
aff13cd4c2
|
|
@ -1378,7 +1378,7 @@ func TestACL_HTTP(t *testing.T) {
|
||||||
|
|
||||||
require.Equal(t, api.ACLTemplatedPolicyResponse{
|
require.Equal(t, api.ACLTemplatedPolicyResponse{
|
||||||
TemplateName: api.ACLTemplatedPolicyServiceName,
|
TemplateName: api.ACLTemplatedPolicyServiceName,
|
||||||
Schema: structs.ACLTemplatedPolicyIdentitiesSchema,
|
Schema: structs.ACLTemplatedPolicyServiceSchema,
|
||||||
Template: structs.ACLTemplatedPolicyService,
|
Template: structs.ACLTemplatedPolicyService,
|
||||||
}, list[api.ACLTemplatedPolicyServiceName])
|
}, list[api.ACLTemplatedPolicyServiceName])
|
||||||
})
|
})
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@ package structs
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
|
_ "embed"
|
||||||
"fmt"
|
"fmt"
|
||||||
"hash"
|
"hash"
|
||||||
"hash/fnv"
|
"hash/fnv"
|
||||||
|
|
@ -18,26 +19,17 @@ import (
|
||||||
"golang.org/x/exp/slices"
|
"golang.org/x/exp/slices"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
//go:embed acltemplatedpolicy/schemas/node.json
|
||||||
|
var ACLTemplatedPolicyNodeSchema string
|
||||||
|
|
||||||
|
//go:embed acltemplatedpolicy/schemas/service.json
|
||||||
|
var ACLTemplatedPolicyServiceSchema string
|
||||||
|
|
||||||
type ACLTemplatedPolicies []*ACLTemplatedPolicy
|
type ACLTemplatedPolicies []*ACLTemplatedPolicy
|
||||||
|
|
||||||
const (
|
const (
|
||||||
ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004"
|
ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003"
|
||||||
ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003"
|
ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004"
|
||||||
ACLTemplatedPolicyIdentitiesSchema = `
|
|
||||||
{
|
|
||||||
"type": "object",
|
|
||||||
"properties": {
|
|
||||||
"name": { "type": "string", "$ref": "#/definitions/min-length-one" }
|
|
||||||
},
|
|
||||||
"required": ["name"],
|
|
||||||
"definitions": {
|
|
||||||
"min-length-one": {
|
|
||||||
"type": "string",
|
|
||||||
"minLength": 1
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}`
|
|
||||||
|
|
||||||
ACLTemplatedPolicyDNSID = "00000000-0000-0000-0000-000000000005"
|
ACLTemplatedPolicyDNSID = "00000000-0000-0000-0000-000000000005"
|
||||||
ACLTemplatedPolicyDNSSchema = "" // empty schema as it does not require variables
|
ACLTemplatedPolicyDNSSchema = "" // empty schema as it does not require variables
|
||||||
)
|
)
|
||||||
|
|
@ -59,13 +51,13 @@ var (
|
||||||
api.ACLTemplatedPolicyServiceName: {
|
api.ACLTemplatedPolicyServiceName: {
|
||||||
TemplateID: ACLTemplatedPolicyServiceID,
|
TemplateID: ACLTemplatedPolicyServiceID,
|
||||||
TemplateName: api.ACLTemplatedPolicyServiceName,
|
TemplateName: api.ACLTemplatedPolicyServiceName,
|
||||||
Schema: ACLTemplatedPolicyIdentitiesSchema,
|
Schema: ACLTemplatedPolicyServiceSchema,
|
||||||
Template: ACLTemplatedPolicyService,
|
Template: ACLTemplatedPolicyService,
|
||||||
},
|
},
|
||||||
api.ACLTemplatedPolicyNodeName: {
|
api.ACLTemplatedPolicyNodeName: {
|
||||||
TemplateID: ACLTemplatedPolicyNodeID,
|
TemplateID: ACLTemplatedPolicyNodeID,
|
||||||
TemplateName: api.ACLTemplatedPolicyNodeName,
|
TemplateName: api.ACLTemplatedPolicyNodeName,
|
||||||
Schema: ACLTemplatedPolicyIdentitiesSchema,
|
Schema: ACLTemplatedPolicyNodeSchema,
|
||||||
Template: ACLTemplatedPolicyNode,
|
Template: ACLTemplatedPolicyNode,
|
||||||
},
|
},
|
||||||
api.ACLTemplatedPolicyDNSName: {
|
api.ACLTemplatedPolicyDNSName: {
|
||||||
|
|
@ -273,6 +265,7 @@ func GetACLTemplatedPolicyBase(templateName string) (*ACLTemplatedPolicyBase, bo
|
||||||
return nil, false
|
return nil, false
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// GetACLTemplatedPolicyList returns a copy of the list of templated policies
|
||||||
func GetACLTemplatedPolicyList() map[string]*ACLTemplatedPolicyBase {
|
func GetACLTemplatedPolicyList() map[string]*ACLTemplatedPolicyBase {
|
||||||
m := make(map[string]*ACLTemplatedPolicyBase, len(aclTemplatedPoliciesList))
|
m := make(map[string]*ACLTemplatedPolicyBase, len(aclTemplatedPoliciesList))
|
||||||
for k, v := range aclTemplatedPoliciesList {
|
for k, v := range aclTemplatedPoliciesList {
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,13 @@
|
||||||
|
{
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"name": { "type": "string", "$ref": "#/definitions/min-length-one" }
|
||||||
|
},
|
||||||
|
"required": ["name"],
|
||||||
|
"definitions": {
|
||||||
|
"min-length-one": {
|
||||||
|
"type": "string",
|
||||||
|
"minLength": 1
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -0,0 +1,13 @@
|
||||||
|
{
|
||||||
|
"type": "object",
|
||||||
|
"properties": {
|
||||||
|
"name": { "type": "string", "$ref": "#/definitions/min-length-one" }
|
||||||
|
},
|
||||||
|
"required": ["name"],
|
||||||
|
"definitions": {
|
||||||
|
"min-length-one": {
|
||||||
|
"type": "string",
|
||||||
|
"minLength": 1
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -35,7 +35,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
|
||||||
"node-templated-policy": {
|
"node-templated-policy": {
|
||||||
templatedPolicy: api.ACLTemplatedPolicyResponse{
|
templatedPolicy: api.ACLTemplatedPolicyResponse{
|
||||||
TemplateName: api.ACLTemplatedPolicyNodeName,
|
TemplateName: api.ACLTemplatedPolicyNodeName,
|
||||||
Schema: structs.ACLTemplatedPolicyIdentitiesSchema,
|
Schema: structs.ACLTemplatedPolicyNodeSchema,
|
||||||
Template: structs.ACLTemplatedPolicyNode,
|
Template: structs.ACLTemplatedPolicyNode,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -49,7 +49,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
|
||||||
"service-templated-policy": {
|
"service-templated-policy": {
|
||||||
templatedPolicy: api.ACLTemplatedPolicyResponse{
|
templatedPolicy: api.ACLTemplatedPolicyResponse{
|
||||||
TemplateName: api.ACLTemplatedPolicyServiceName,
|
TemplateName: api.ACLTemplatedPolicyServiceName,
|
||||||
Schema: structs.ACLTemplatedPolicyIdentitiesSchema,
|
Schema: structs.ACLTemplatedPolicyServiceSchema,
|
||||||
Template: structs.ACLTemplatedPolicyService,
|
Template: structs.ACLTemplatedPolicyService,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
|
@ -89,7 +89,7 @@ func testFormatTemplatedPolicyList(t *testing.T, dirPath string) {
|
||||||
policies := map[string]api.ACLTemplatedPolicyResponse{
|
policies := map[string]api.ACLTemplatedPolicyResponse{
|
||||||
"builtin/node": {
|
"builtin/node": {
|
||||||
TemplateName: api.ACLTemplatedPolicyNodeName,
|
TemplateName: api.ACLTemplatedPolicyNodeName,
|
||||||
Schema: structs.ACLTemplatedPolicyIdentitiesSchema,
|
Schema: structs.ACLTemplatedPolicyNodeSchema,
|
||||||
Template: structs.ACLTemplatedPolicyNode,
|
Template: structs.ACLTemplatedPolicyNode,
|
||||||
},
|
},
|
||||||
"builtin/dns": {
|
"builtin/dns": {
|
||||||
|
|
@ -99,7 +99,7 @@ func testFormatTemplatedPolicyList(t *testing.T, dirPath string) {
|
||||||
},
|
},
|
||||||
"builtin/service": {
|
"builtin/service": {
|
||||||
TemplateName: api.ACLTemplatedPolicyServiceName,
|
TemplateName: api.ACLTemplatedPolicyServiceName,
|
||||||
Schema: structs.ACLTemplatedPolicyIdentitiesSchema,
|
Schema: structs.ACLTemplatedPolicyServiceSchema,
|
||||||
Template: structs.ACLTemplatedPolicyService,
|
Template: structs.ACLTemplatedPolicyService,
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -128,7 +128,7 @@ func TestTemplatedPolicyReadCommand_JSON(t *testing.T) {
|
||||||
err := json.Unmarshal([]byte(output), &templatedPolicy)
|
err := json.Unmarshal([]byte(output), &templatedPolicy)
|
||||||
|
|
||||||
assert.NoError(t, err)
|
assert.NoError(t, err)
|
||||||
assert.Equal(t, structs.ACLTemplatedPolicyIdentitiesSchema, templatedPolicy.Schema)
|
assert.Equal(t, structs.ACLTemplatedPolicyNodeSchema, templatedPolicy.Schema)
|
||||||
assert.Equal(t, api.ACLTemplatedPolicyNodeName, templatedPolicy.TemplateName)
|
assert.Equal(t, api.ACLTemplatedPolicyNodeName, templatedPolicy.TemplateName)
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
{
|
{
|
||||||
"TemplateName": "builtin/node",
|
"TemplateName": "builtin/node",
|
||||||
"Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||||
"Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
"Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
||||||
}
|
}
|
||||||
|
|
@ -4,7 +4,6 @@ Input variables:
|
||||||
Example usage:
|
Example usage:
|
||||||
consul acl token create -templated-policy builtin/node -var name:node-1
|
consul acl token create -templated-policy builtin/node -var name:node-1
|
||||||
Schema:
|
Schema:
|
||||||
|
|
||||||
{
|
{
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
{
|
{
|
||||||
"TemplateName": "builtin/service",
|
"TemplateName": "builtin/service",
|
||||||
"Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||||
"Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
"Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
||||||
}
|
}
|
||||||
|
|
@ -4,7 +4,6 @@ Input variables:
|
||||||
Example usage:
|
Example usage:
|
||||||
consul acl token create -templated-policy builtin/service -var name:api
|
consul acl token create -templated-policy builtin/service -var name:api
|
||||||
Schema:
|
Schema:
|
||||||
|
|
||||||
{
|
{
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
|
|
|
||||||
|
|
@ -6,12 +6,12 @@
|
||||||
},
|
},
|
||||||
"builtin/node": {
|
"builtin/node": {
|
||||||
"TemplateName": "builtin/node",
|
"TemplateName": "builtin/node",
|
||||||
"Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||||
"Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
"Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
||||||
},
|
},
|
||||||
"builtin/service": {
|
"builtin/service": {
|
||||||
"TemplateName": "builtin/service",
|
"TemplateName": "builtin/service",
|
||||||
"Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||||
"Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
"Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue