mirror of https://github.com/status-im/consul.git
acl: Clarify node/service identities must be lowercase (#12807)
Modify ACL error message for invalid node/service identities names to clearly state only lowercase alphanumeric characters are supported.
This commit is contained in:
parent
f81880a39d
commit
c786c49282
|
@ -0,0 +1,3 @@
|
|||
```release-note:improvement
|
||||
acl: Clarify node/service identities must be lowercase
|
||||
```
|
|
@ -1142,6 +1142,41 @@ func TestACL_HTTP(t *testing.T) {
|
|||
_, err := a.srv.ACLTokenCreate(resp, req)
|
||||
require.Error(t, err)
|
||||
})
|
||||
|
||||
t.Run("Create with uppercase node identity", func(t *testing.T) {
|
||||
tokenInput := &structs.ACLToken{
|
||||
Description: "agent token for foo node",
|
||||
NodeIdentities: []*structs.ACLNodeIdentity{
|
||||
{
|
||||
NodeName: "FOO",
|
||||
Datacenter: "bar",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
req, _ := http.NewRequest("PUT", "/v1/acl/token?token=root", jsonBody(tokenInput))
|
||||
resp := httptest.NewRecorder()
|
||||
_, err := a.srv.ACLTokenCreate(resp, req)
|
||||
require.Error(t, err)
|
||||
testutil.RequireErrorContains(t, err, "Only lowercase alphanumeric")
|
||||
})
|
||||
|
||||
t.Run("Create with uppercase service identity", func(t *testing.T) {
|
||||
tokenInput := &structs.ACLToken{
|
||||
Description: "token for service identity foo",
|
||||
ServiceIdentities: []*structs.ACLServiceIdentity{
|
||||
{
|
||||
ServiceName: "FOO",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
req, _ := http.NewRequest("PUT", "/v1/acl/token?token=root", jsonBody(tokenInput))
|
||||
resp := httptest.NewRecorder()
|
||||
_, err := a.srv.ACLTokenCreate(resp, req)
|
||||
require.Error(t, err)
|
||||
testutil.RequireErrorContains(t, err, "Only lowercase alphanumeric")
|
||||
})
|
||||
})
|
||||
}
|
||||
|
||||
|
|
|
@ -770,7 +770,7 @@ func (a *ACL) tokenSetInternal(args *structs.ACLTokenSetRequest, reply *structs.
|
|||
return fmt.Errorf("Service identity %q cannot specify a list of datacenters on a local token", svcid.ServiceName)
|
||||
}
|
||||
if !isValidServiceIdentityName(svcid.ServiceName) {
|
||||
return fmt.Errorf("Service identity %q has an invalid name. Only alphanumeric characters, '-' and '_' are allowed", svcid.ServiceName)
|
||||
return fmt.Errorf("Service identity %q has an invalid name. Only lowercase alphanumeric characters, '-' and '_' are allowed", svcid.ServiceName)
|
||||
}
|
||||
}
|
||||
token.ServiceIdentities = dedupeServiceIdentities(token.ServiceIdentities)
|
||||
|
@ -783,7 +783,7 @@ func (a *ACL) tokenSetInternal(args *structs.ACLTokenSetRequest, reply *structs.
|
|||
return fmt.Errorf("Node identity is missing the datacenter field on this token")
|
||||
}
|
||||
if !isValidNodeIdentityName(nodeid.NodeName) {
|
||||
return fmt.Errorf("Node identity has an invalid name. Only alphanumeric characters, '-' and '_' are allowed")
|
||||
return fmt.Errorf("Node identity has an invalid name. Only lowercase alphanumeric characters, '-' and '_' are allowed")
|
||||
}
|
||||
}
|
||||
token.NodeIdentities = dedupeNodeIdentities(token.NodeIdentities)
|
||||
|
@ -1682,7 +1682,7 @@ func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) e
|
|||
return fmt.Errorf("Service identity is missing the service name field on this role")
|
||||
}
|
||||
if !isValidServiceIdentityName(svcid.ServiceName) {
|
||||
return fmt.Errorf("Service identity %q has an invalid name. Only alphanumeric characters, '-' and '_' are allowed", svcid.ServiceName)
|
||||
return fmt.Errorf("Service identity %q has an invalid name. Only lowercase alphanumeric characters, '-' and '_' are allowed", svcid.ServiceName)
|
||||
}
|
||||
}
|
||||
role.ServiceIdentities = dedupeServiceIdentities(role.ServiceIdentities)
|
||||
|
@ -1695,7 +1695,7 @@ func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) e
|
|||
return fmt.Errorf("Node identity is missing the datacenter field on this role")
|
||||
}
|
||||
if !isValidNodeIdentityName(nodeid.NodeName) {
|
||||
return fmt.Errorf("Node identity has an invalid name. Only alphanumeric characters, '-' and '_' are allowed")
|
||||
return fmt.Errorf("Node identity has an invalid name. Only lowercase alphanumeric characters, '-' and '_' are allowed")
|
||||
}
|
||||
}
|
||||
role.NodeIdentities = dedupeNodeIdentities(role.NodeIdentities)
|
||||
|
|
Loading…
Reference in New Issue