[NET-5332] Add nomad server templated policy (#18888)

* [NET-5332] Add nomad server templated policy

* slksfd
This commit is contained in:
Ronald 2023-09-20 12:10:55 -04:00 committed by GitHub
parent 6533e70141
commit c8299522b5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
10 changed files with 69 additions and 12 deletions

View File

@ -1374,7 +1374,7 @@ func TestACL_HTTP(t *testing.T) {
var list map[string]api.ACLTemplatedPolicyResponse
require.NoError(t, json.NewDecoder(resp.Body).Decode(&list))
require.Len(t, list, 3)
require.Len(t, list, 4)
require.Equal(t, api.ACLTemplatedPolicyResponse{
TemplateName: api.ACLTemplatedPolicyServiceName,

View File

@ -31,6 +31,7 @@ const (
ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003"
ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004"
ACLTemplatedPolicyDNSID = "00000000-0000-0000-0000-000000000005"
ACLTemplatedPolicyNomadServerID = "00000000-0000-0000-0000-000000000006"
ACLTemplatedPolicyNoRequiredVariablesSchema = "" // catch-all schema for all templated policy that don't require a schema
)
@ -45,7 +46,6 @@ type ACLTemplatedPolicyBase struct {
}
var (
// This supports: node, service and dns templates
// Note: when adding a new builtin template, ensure you update `command/acl/templatedpolicy/formatter.go`
// to handle the new templates required variables and schema.
aclTemplatedPoliciesList = map[string]*ACLTemplatedPolicyBase{
@ -67,6 +67,12 @@ var (
Schema: ACLTemplatedPolicyNoRequiredVariablesSchema,
Template: ACLTemplatedPolicyDNS,
},
api.ACLTemplatedPolicyNomadServerName: {
TemplateID: ACLTemplatedPolicyNomadServerID,
TemplateName: api.ACLTemplatedPolicyNomadServerName,
Schema: ACLTemplatedPolicyNoRequiredVariablesSchema,
Template: ACLTemplatedPolicyNomadServer,
},
}
)

View File

@ -16,6 +16,9 @@ var ACLTemplatedPolicyNode string
//go:embed acltemplatedpolicy/policies/ce/dns.hcl
var ACLTemplatedPolicyDNS string
//go:embed acltemplatedpolicy/policies/ce/nomad-server.hcl
var ACLTemplatedPolicyNomadServer string
func (t *ACLToken) TemplatedPolicyList() []*ACLTemplatedPolicy {
if len(t.TemplatedPolicies) == 0 {
return nil

View File

@ -0,0 +1,11 @@
acl = "write"
agent_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
service_prefix "" {
policy = "write"
}

View File

@ -24,6 +24,7 @@ const (
ACLTemplatedPolicyServiceName = "builtin/service"
ACLTemplatedPolicyNodeName = "builtin/node"
ACLTemplatedPolicyDNSName = "builtin/dns"
ACLTemplatedPolicyNomadServerName = "builtin/nomad-server"
)
type ACLLink struct {

View File

@ -76,10 +76,8 @@ func (f *prettyFormatter) FormatTemplatedPolicy(templatedPolicy api.ACLTemplated
buffer.WriteString(fmt.Sprintf("\n%sName: String - Required - The node name.\n", WhitespaceIndent))
buffer.WriteString("Example usage:\n")
buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy builtin/node -var name:node-1\n", WhitespaceIndent))
case api.ACLTemplatedPolicyDNSName:
buffer.WriteString(" None\n")
buffer.WriteString("Example usage:\n")
buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy builtin/dns\n", WhitespaceIndent))
case api.ACLTemplatedPolicyDNSName, api.ACLTemplatedPolicyNomadServerName:
noRequiredVariablesOutput(&buffer, templatedPolicy.TemplateName)
default:
buffer.WriteString(" None\n")
}
@ -94,6 +92,12 @@ func (f *prettyFormatter) FormatTemplatedPolicy(templatedPolicy api.ACLTemplated
return buffer.String(), nil
}
func noRequiredVariablesOutput(buffer *bytes.Buffer, templateName string) {
buffer.WriteString(" None\n")
buffer.WriteString("Example usage:\n")
buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy %s\n", WhitespaceIndent, templateName))
}
func (f *prettyFormatter) FormatTemplatedPolicyList(policies map[string]api.ACLTemplatedPolicyResponse) (string, error) {
var buffer bytes.Buffer

View File

@ -53,6 +53,13 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
Template: structs.ACLTemplatedPolicyService,
},
},
"nomad-server-templated-policy": {
templatedPolicy: api.ACLTemplatedPolicyResponse{
TemplateName: api.ACLTemplatedPolicyNomadServerName,
Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema,
Template: structs.ACLTemplatedPolicyNomadServer,
},
},
}
formatters := map[string]Formatter{

View File

@ -0,0 +1,5 @@
{
"TemplateName": "builtin/nomad-server",
"Schema": "",
"Template": "\nacl = \"write\"\nagent_prefix \"\" {\n policy = \"read\"\n}\nnode_prefix \"\" {\n policy = \"read\"\n}\nservice_prefix \"\" {\n policy = \"write\"\n}"
}

View File

@ -0,0 +1,16 @@
Name: builtin/nomad-server
Input variables: None
Example usage:
consul acl token create -templated-policy builtin/nomad-server
Raw Template:
acl = "write"
agent_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}
service_prefix "" {
policy = "write"
}

View File

@ -0,0 +1,4 @@
Name: builtin/nomad-server
Input variables: None
Example usage:
consul acl token create -templated-policy builtin/nomad-server