From c8299522b54345243bec89bcf126e4eefd669de9 Mon Sep 17 00:00:00 2001 From: Ronald Date: Wed, 20 Sep 2023 12:10:55 -0400 Subject: [PATCH] [NET-5332] Add nomad server templated policy (#18888) * [NET-5332] Add nomad server templated policy * slksfd --- agent/acl_endpoint_test.go | 2 +- agent/structs/acl_templated_policy.go | 14 ++++++++++---- agent/structs/acl_templated_policy_ce.go | 3 +++ .../policies/ce/nomad-server.hcl | 11 +++++++++++ api/acl.go | 7 ++++--- command/acl/templatedpolicy/formatter.go | 12 ++++++++---- command/acl/templatedpolicy/formatter_test.go | 7 +++++++ .../ce/nomad-server-templated-policy.json.golden | 5 +++++ ...ad-server-templated-policy.pretty-meta.golden | 16 ++++++++++++++++ .../nomad-server-templated-policy.pretty.golden | 4 ++++ 10 files changed, 69 insertions(+), 12 deletions(-) create mode 100644 agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl create mode 100644 command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden create mode 100644 command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden create mode 100644 command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty.golden diff --git a/agent/acl_endpoint_test.go b/agent/acl_endpoint_test.go index e3cc5e4143..942eaec856 100644 --- a/agent/acl_endpoint_test.go +++ b/agent/acl_endpoint_test.go @@ -1374,7 +1374,7 @@ func TestACL_HTTP(t *testing.T) { var list map[string]api.ACLTemplatedPolicyResponse require.NoError(t, json.NewDecoder(resp.Body).Decode(&list)) - require.Len(t, list, 3) + require.Len(t, list, 4) require.Equal(t, api.ACLTemplatedPolicyResponse{ TemplateName: api.ACLTemplatedPolicyServiceName, diff --git a/agent/structs/acl_templated_policy.go b/agent/structs/acl_templated_policy.go index ad5c5f849c..eeb1537988 100644 --- a/agent/structs/acl_templated_policy.go +++ b/agent/structs/acl_templated_policy.go @@ -28,9 +28,10 @@ var ACLTemplatedPolicyServiceSchema string type ACLTemplatedPolicies []*ACLTemplatedPolicy const ( - ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003" - ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004" - ACLTemplatedPolicyDNSID = "00000000-0000-0000-0000-000000000005" + ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003" + ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004" + ACLTemplatedPolicyDNSID = "00000000-0000-0000-0000-000000000005" + ACLTemplatedPolicyNomadServerID = "00000000-0000-0000-0000-000000000006" ACLTemplatedPolicyNoRequiredVariablesSchema = "" // catch-all schema for all templated policy that don't require a schema ) @@ -45,7 +46,6 @@ type ACLTemplatedPolicyBase struct { } var ( - // This supports: node, service and dns templates // Note: when adding a new builtin template, ensure you update `command/acl/templatedpolicy/formatter.go` // to handle the new templates required variables and schema. aclTemplatedPoliciesList = map[string]*ACLTemplatedPolicyBase{ @@ -67,6 +67,12 @@ var ( Schema: ACLTemplatedPolicyNoRequiredVariablesSchema, Template: ACLTemplatedPolicyDNS, }, + api.ACLTemplatedPolicyNomadServerName: { + TemplateID: ACLTemplatedPolicyNomadServerID, + TemplateName: api.ACLTemplatedPolicyNomadServerName, + Schema: ACLTemplatedPolicyNoRequiredVariablesSchema, + Template: ACLTemplatedPolicyNomadServer, + }, } ) diff --git a/agent/structs/acl_templated_policy_ce.go b/agent/structs/acl_templated_policy_ce.go index f4a857b5c6..0783a259ab 100644 --- a/agent/structs/acl_templated_policy_ce.go +++ b/agent/structs/acl_templated_policy_ce.go @@ -16,6 +16,9 @@ var ACLTemplatedPolicyNode string //go:embed acltemplatedpolicy/policies/ce/dns.hcl var ACLTemplatedPolicyDNS string +//go:embed acltemplatedpolicy/policies/ce/nomad-server.hcl +var ACLTemplatedPolicyNomadServer string + func (t *ACLToken) TemplatedPolicyList() []*ACLTemplatedPolicy { if len(t.TemplatedPolicies) == 0 { return nil diff --git a/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl b/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl new file mode 100644 index 0000000000..7030ff771a --- /dev/null +++ b/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl @@ -0,0 +1,11 @@ + +acl = "write" +agent_prefix "" { + policy = "read" +} +node_prefix "" { + policy = "read" +} +service_prefix "" { + policy = "write" +} \ No newline at end of file diff --git a/api/acl.go b/api/acl.go index 68d6f1f54c..f406001821 100644 --- a/api/acl.go +++ b/api/acl.go @@ -21,9 +21,10 @@ const ( ACLManagementType = "management" // ACLTemplatedPolicy names - ACLTemplatedPolicyServiceName = "builtin/service" - ACLTemplatedPolicyNodeName = "builtin/node" - ACLTemplatedPolicyDNSName = "builtin/dns" + ACLTemplatedPolicyServiceName = "builtin/service" + ACLTemplatedPolicyNodeName = "builtin/node" + ACLTemplatedPolicyDNSName = "builtin/dns" + ACLTemplatedPolicyNomadServerName = "builtin/nomad-server" ) type ACLLink struct { diff --git a/command/acl/templatedpolicy/formatter.go b/command/acl/templatedpolicy/formatter.go index 7945f168f8..dec8378bcc 100644 --- a/command/acl/templatedpolicy/formatter.go +++ b/command/acl/templatedpolicy/formatter.go @@ -76,10 +76,8 @@ func (f *prettyFormatter) FormatTemplatedPolicy(templatedPolicy api.ACLTemplated buffer.WriteString(fmt.Sprintf("\n%sName: String - Required - The node name.\n", WhitespaceIndent)) buffer.WriteString("Example usage:\n") buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy builtin/node -var name:node-1\n", WhitespaceIndent)) - case api.ACLTemplatedPolicyDNSName: - buffer.WriteString(" None\n") - buffer.WriteString("Example usage:\n") - buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy builtin/dns\n", WhitespaceIndent)) + case api.ACLTemplatedPolicyDNSName, api.ACLTemplatedPolicyNomadServerName: + noRequiredVariablesOutput(&buffer, templatedPolicy.TemplateName) default: buffer.WriteString(" None\n") } @@ -94,6 +92,12 @@ func (f *prettyFormatter) FormatTemplatedPolicy(templatedPolicy api.ACLTemplated return buffer.String(), nil } +func noRequiredVariablesOutput(buffer *bytes.Buffer, templateName string) { + buffer.WriteString(" None\n") + buffer.WriteString("Example usage:\n") + buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy %s\n", WhitespaceIndent, templateName)) +} + func (f *prettyFormatter) FormatTemplatedPolicyList(policies map[string]api.ACLTemplatedPolicyResponse) (string, error) { var buffer bytes.Buffer diff --git a/command/acl/templatedpolicy/formatter_test.go b/command/acl/templatedpolicy/formatter_test.go index 71a3ca1724..aa00854980 100644 --- a/command/acl/templatedpolicy/formatter_test.go +++ b/command/acl/templatedpolicy/formatter_test.go @@ -53,6 +53,13 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) { Template: structs.ACLTemplatedPolicyService, }, }, + "nomad-server-templated-policy": { + templatedPolicy: api.ACLTemplatedPolicyResponse{ + TemplateName: api.ACLTemplatedPolicyNomadServerName, + Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema, + Template: structs.ACLTemplatedPolicyNomadServer, + }, + }, } formatters := map[string]Formatter{ diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden new file mode 100644 index 0000000000..7c9981e7f8 --- /dev/null +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden @@ -0,0 +1,5 @@ +{ + "TemplateName": "builtin/nomad-server", + "Schema": "", + "Template": "\nacl = \"write\"\nagent_prefix \"\" {\n policy = \"read\"\n}\nnode_prefix \"\" {\n policy = \"read\"\n}\nservice_prefix \"\" {\n policy = \"write\"\n}" +} \ No newline at end of file diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden new file mode 100644 index 0000000000..be000cce1d --- /dev/null +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden @@ -0,0 +1,16 @@ +Name: builtin/nomad-server +Input variables: None +Example usage: + consul acl token create -templated-policy builtin/nomad-server +Raw Template: + +acl = "write" +agent_prefix "" { + policy = "read" +} +node_prefix "" { + policy = "read" +} +service_prefix "" { + policy = "write" +} diff --git a/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty.golden b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty.golden new file mode 100644 index 0000000000..d4943665e7 --- /dev/null +++ b/command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty.golden @@ -0,0 +1,4 @@ +Name: builtin/nomad-server +Input variables: None +Example usage: + consul acl token create -templated-policy builtin/nomad-server