status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[NET-5332] Add nomad server templated policy (#18888) 

* [NET-5332] Add nomad server templated policy

* slksfd
This commit is contained in:
Ronald 2023-09-20 12:10:55 -04:00 committed by GitHub
parent 6533e70141
commit c8299522b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 69 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
agent/acl_endpoint_test.go
View File

@ -1374,7 +1374,7 @@ func TestACL_HTTP(t *testing.T) {
var list map[string]api.ACLTemplatedPolicyResponse var list map[string]api.ACLTemplatedPolicyResponse
require.NoError(t, json.NewDecoder(resp.Body).Decode(&list)) require.NoError(t, json.NewDecoder(resp.Body).Decode(&list))
require.Len(t, list, 3) require.Len(t, list, 4)
require.Equal(t, api.ACLTemplatedPolicyResponse{ require.Equal(t, api.ACLTemplatedPolicyResponse{
TemplateName: api.ACLTemplatedPolicyServiceName, TemplateName: api.ACLTemplatedPolicyServiceName,

8
agent/structs/acl_templated_policy.go
View File

@ -31,6 +31,7 @@ const (
ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003" ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003"
ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004" ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004"
ACLTemplatedPolicyDNSID = "00000000-0000-0000-0000-000000000005" ACLTemplatedPolicyDNSID = "00000000-0000-0000-0000-000000000005"
ACLTemplatedPolicyNomadServerID = "00000000-0000-0000-0000-000000000006"
ACLTemplatedPolicyNoRequiredVariablesSchema = "" // catch-all schema for all templated policy that don't require a schema ACLTemplatedPolicyNoRequiredVariablesSchema = "" // catch-all schema for all templated policy that don't require a schema
) )
@ -45,7 +46,6 @@ type ACLTemplatedPolicyBase struct {
} }
var ( var (
// This supports: node, service and dns templates
// Note: when adding a new builtin template, ensure you update `command/acl/templatedpolicy/formatter.go` // Note: when adding a new builtin template, ensure you update `command/acl/templatedpolicy/formatter.go`
// to handle the new templates required variables and schema. // to handle the new templates required variables and schema.
aclTemplatedPoliciesList = map[string]*ACLTemplatedPolicyBase{ aclTemplatedPoliciesList = map[string]*ACLTemplatedPolicyBase{
@ -67,6 +67,12 @@ var (
Schema: ACLTemplatedPolicyNoRequiredVariablesSchema, Schema: ACLTemplatedPolicyNoRequiredVariablesSchema,
Template: ACLTemplatedPolicyDNS, Template: ACLTemplatedPolicyDNS,
}, },
api.ACLTemplatedPolicyNomadServerName: {
TemplateID: ACLTemplatedPolicyNomadServerID,
TemplateName: api.ACLTemplatedPolicyNomadServerName,
Schema: ACLTemplatedPolicyNoRequiredVariablesSchema,
Template: ACLTemplatedPolicyNomadServer,
},
} }
) )

3
agent/structs/acl_templated_policy_ce.go
View File

@ -16,6 +16,9 @@ var ACLTemplatedPolicyNode string
//go:embed acltemplatedpolicy/policies/ce/dns.hcl //go:embed acltemplatedpolicy/policies/ce/dns.hcl
var ACLTemplatedPolicyDNS string var ACLTemplatedPolicyDNS string
//go:embed acltemplatedpolicy/policies/ce/nomad-server.hcl
var ACLTemplatedPolicyNomadServer string
func (t *ACLToken) TemplatedPolicyList() []*ACLTemplatedPolicy { func (t *ACLToken) TemplatedPolicyList() []*ACLTemplatedPolicy {
if len(t.TemplatedPolicies) == 0 { if len(t.TemplatedPolicies) == 0 {
return nil return nil

11
agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl Normal file
View File

@ -0,0 +1,11 @@
acl = "write"
agent_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
service_prefix "" {
policy = "write"
}

1
api/acl.go
View File

@ -24,6 +24,7 @@ const (
ACLTemplatedPolicyServiceName = "builtin/service" ACLTemplatedPolicyServiceName = "builtin/service"
ACLTemplatedPolicyNodeName = "builtin/node" ACLTemplatedPolicyNodeName = "builtin/node"
ACLTemplatedPolicyDNSName = "builtin/dns" ACLTemplatedPolicyDNSName = "builtin/dns"
ACLTemplatedPolicyNomadServerName = "builtin/nomad-server"
) )
type ACLLink struct { type ACLLink struct {

12
command/acl/templatedpolicy/formatter.go
View File

@ -76,10 +76,8 @@ func (f *prettyFormatter) FormatTemplatedPolicy(templatedPolicy api.ACLTemplated
buffer.WriteString(fmt.Sprintf("\n%sName: String - Required - The node name.\n", WhitespaceIndent)) buffer.WriteString(fmt.Sprintf("\n%sName: String - Required - The node name.\n", WhitespaceIndent))
buffer.WriteString("Example usage:\n") buffer.WriteString("Example usage:\n")
buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy builtin/node -var name:node-1\n", WhitespaceIndent)) buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy builtin/node -var name:node-1\n", WhitespaceIndent))
case api.ACLTemplatedPolicyDNSName: case api.ACLTemplatedPolicyDNSName, api.ACLTemplatedPolicyNomadServerName:
buffer.WriteString(" None\n") noRequiredVariablesOutput(&buffer, templatedPolicy.TemplateName)
buffer.WriteString("Example usage:\n")
buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy builtin/dns\n", WhitespaceIndent))
default: default:
buffer.WriteString(" None\n") buffer.WriteString(" None\n")
} }
@ -94,6 +92,12 @@ func (f *prettyFormatter) FormatTemplatedPolicy(templatedPolicy api.ACLTemplated
return buffer.String(), nil return buffer.String(), nil
} }
func noRequiredVariablesOutput(buffer *bytes.Buffer, templateName string) {
buffer.WriteString(" None\n")
buffer.WriteString("Example usage:\n")
buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy %s\n", WhitespaceIndent, templateName))
}
func (f *prettyFormatter) FormatTemplatedPolicyList(policies map[string]api.ACLTemplatedPolicyResponse) (string, error) { func (f *prettyFormatter) FormatTemplatedPolicyList(policies map[string]api.ACLTemplatedPolicyResponse) (string, error) {
var buffer bytes.Buffer var buffer bytes.Buffer

7
command/acl/templatedpolicy/formatter_test.go
View File

@ -53,6 +53,13 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
Template: structs.ACLTemplatedPolicyService, Template: structs.ACLTemplatedPolicyService,
}, },
}, },
"nomad-server-templated-policy": {
templatedPolicy: api.ACLTemplatedPolicyResponse{
TemplateName: api.ACLTemplatedPolicyNomadServerName,
Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema,
Template: structs.ACLTemplatedPolicyNomadServer,
},
},
} }
formatters := map[string]Formatter{ formatters := map[string]Formatter{

5
command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden vendored Normal file
View File

@ -0,0 +1,5 @@
{
"TemplateName": "builtin/nomad-server",
"Schema": "",
"Template": "\nacl = \"write\"\nagent_prefix \"\" {\n policy = \"read\"\n}\nnode_prefix \"\" {\n policy = \"read\"\n}\nservice_prefix \"\" {\n policy = \"write\"\n}"
}

16
command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden vendored Normal file
View File

@ -0,0 +1,16 @@
Name: builtin/nomad-server
Input variables: None
Example usage:
consul acl token create -templated-policy builtin/nomad-server
Raw Template:
acl = "write"
agent_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
service_prefix "" {
policy = "write"
}

4
command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty.golden vendored Normal file
View File

@ -0,0 +1,4 @@
Name: builtin/nomad-server
Input variables: None
Example usage:
consul acl token create -templated-policy builtin/nomad-server