status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Use embedded strings for templated policies (#18829)

This commit is contained in:
Ronald 2023-09-15 13:49:22 -04:00 committed by GitHub
parent 753c8f1774
commit aff13cd4c2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 48 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
agent/acl_endpoint_test.go
View File

@ -1378,7 +1378,7 @@ func TestACL_HTTP(t *testing.T) {
require.Equal(t, api.ACLTemplatedPolicyResponse{
TemplateName: api.ACLTemplatedPolicyServiceName,
Schema: structs.ACLTemplatedPolicyIdentitiesSchema,
Schema: structs.ACLTemplatedPolicyServiceSchema,
Template: structs.ACLTemplatedPolicyService,
}, list[api.ACLTemplatedPolicyServiceName])
})

29
agent/structs/acl_templated_policy.go
View File

@ -5,6 +5,7 @@ package structs
import (
"bytes"
_ "embed"
"fmt"
"hash"
"hash/fnv"
@ -18,26 +19,17 @@ import (
"golang.org/x/exp/slices"
)
//go:embed acltemplatedpolicy/schemas/node.json
var ACLTemplatedPolicyNodeSchema string
//go:embed acltemplatedpolicy/schemas/service.json
var ACLTemplatedPolicyServiceSchema string
type ACLTemplatedPolicies []*ACLTemplatedPolicy
const (
ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004"
ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003"
ACLTemplatedPolicyIdentitiesSchema = `
{
"type": "object",
"properties": {
"name": { "type": "string", "$ref": "#/definitions/min-length-one" }
},
"required": ["name"],
"definitions": {
"min-length-one": {
"type": "string",
"minLength": 1
}
}
}`
ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004"
ACLTemplatedPolicyDNSID = "00000000-0000-0000-0000-000000000005"
ACLTemplatedPolicyDNSSchema = "" // empty schema as it does not require variables
)
@ -59,13 +51,13 @@ var (
api.ACLTemplatedPolicyServiceName: {
TemplateID: ACLTemplatedPolicyServiceID,
TemplateName: api.ACLTemplatedPolicyServiceName,
Schema: ACLTemplatedPolicyIdentitiesSchema,
Schema: ACLTemplatedPolicyServiceSchema,
Template: ACLTemplatedPolicyService,
},
api.ACLTemplatedPolicyNodeName: {
TemplateID: ACLTemplatedPolicyNodeID,
TemplateName: api.ACLTemplatedPolicyNodeName,
Schema: ACLTemplatedPolicyIdentitiesSchema,
Schema: ACLTemplatedPolicyNodeSchema,
Template: ACLTemplatedPolicyNode,
},
api.ACLTemplatedPolicyDNSName: {
@ -273,6 +265,7 @@ func GetACLTemplatedPolicyBase(templateName string) (*ACLTemplatedPolicyBase, bo
return nil, false
}
// GetACLTemplatedPolicyList returns a copy of the list of templated policies
func GetACLTemplatedPolicyList() map[string]*ACLTemplatedPolicyBase {
m := make(map[string]*ACLTemplatedPolicyBase, len(aclTemplatedPoliciesList))
for k, v := range aclTemplatedPoliciesList {

13
agent/structs/acltemplatedpolicy/schemas/node.json Normal file
View File

@ -0,0 +1,13 @@
{
"type": "object",
"properties": {
"name": { "type": "string", "$ref": "#/definitions/min-length-one" }
},
"required": ["name"],
"definitions": {
"min-length-one": {
"type": "string",
"minLength": 1
}
}
}

13
agent/structs/acltemplatedpolicy/schemas/service.json Normal file
View File

@ -0,0 +1,13 @@
{
"type": "object",
"properties": {
"name": { "type": "string", "$ref": "#/definitions/min-length-one" }
},
"required": ["name"],
"definitions": {
"min-length-one": {
"type": "string",
"minLength": 1
}
}
}

8
command/acl/templatedpolicy/formatter_test.go
View File

@ -35,7 +35,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
"node-templated-policy": {
templatedPolicy: api.ACLTemplatedPolicyResponse{
TemplateName: api.ACLTemplatedPolicyNodeName,
Schema: structs.ACLTemplatedPolicyIdentitiesSchema,
Schema: structs.ACLTemplatedPolicyNodeSchema,
Template: structs.ACLTemplatedPolicyNode,
},
},
@ -49,7 +49,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
"service-templated-policy": {
templatedPolicy: api.ACLTemplatedPolicyResponse{
TemplateName: api.ACLTemplatedPolicyServiceName,
Schema: structs.ACLTemplatedPolicyIdentitiesSchema,
Schema: structs.ACLTemplatedPolicyServiceSchema,
Template: structs.ACLTemplatedPolicyService,
},
},
@ -89,7 +89,7 @@ func testFormatTemplatedPolicyList(t *testing.T, dirPath string) {
policies := map[string]api.ACLTemplatedPolicyResponse{
"builtin/node": {
TemplateName: api.ACLTemplatedPolicyNodeName,
Schema: structs.ACLTemplatedPolicyIdentitiesSchema,
Schema: structs.ACLTemplatedPolicyNodeSchema,
Template: structs.ACLTemplatedPolicyNode,
},
"builtin/dns": {
@ -99,7 +99,7 @@ func testFormatTemplatedPolicyList(t *testing.T, dirPath string) {
},
"builtin/service": {
TemplateName: api.ACLTemplatedPolicyServiceName,
Schema: structs.ACLTemplatedPolicyIdentitiesSchema,
Schema: structs.ACLTemplatedPolicyServiceSchema,
Template: structs.ACLTemplatedPolicyService,
},
}

2
command/acl/templatedpolicy/read/templated_policy_read_test.go
View File

@ -128,7 +128,7 @@ func TestTemplatedPolicyReadCommand_JSON(t *testing.T) {
err := json.Unmarshal([]byte(output), &templatedPolicy)
assert.NoError(t, err)
assert.Equal(t, structs.ACLTemplatedPolicyIdentitiesSchema, templatedPolicy.Schema)
assert.Equal(t, structs.ACLTemplatedPolicyNodeSchema, templatedPolicy.Schema)
assert.Equal(t, api.ACLTemplatedPolicyNodeName, templatedPolicy.TemplateName)
})
}

2
command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.json.golden vendored
View File

@ -1,5 +1,5 @@
{
"TemplateName": "builtin/node",
"Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
"Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}"
}

1
command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.pretty-meta.golden vendored
View File

@ -4,7 +4,6 @@ Input variables:
Example usage:
consul acl token create -templated-policy builtin/node -var name:node-1
Schema:
{
"type": "object",
"properties": {

2
command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.json.golden vendored
View File

@ -1,5 +1,5 @@
{
"TemplateName": "builtin/service",
"Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
"Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}"
}

1
command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.pretty-meta.golden vendored
View File

@ -4,7 +4,6 @@ Input variables:
Example usage:
consul acl token create -templated-policy builtin/service -var name:api
Schema:
{
"type": "object",
"properties": {

4
command/acl/templatedpolicy/testdata/FormatTemplatedPolicyList/ce/list.json.golden vendored
View File

@ -6,12 +6,12 @@
},
"builtin/node": {
"TemplateName": "builtin/node",
"Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
"Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}"
},
"builtin/service": {
"TemplateName": "builtin/service",
"Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
"Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}"
}
}