mirror of https://github.com/status-im/consul.git
[NET-5332] Add nomad server templated policy (#18888)
* [NET-5332] Add nomad server templated policy * slksfd
This commit is contained in:
parent
6533e70141
commit
c8299522b5
|
@ -1374,7 +1374,7 @@ func TestACL_HTTP(t *testing.T) {
|
|||
|
||||
var list map[string]api.ACLTemplatedPolicyResponse
|
||||
require.NoError(t, json.NewDecoder(resp.Body).Decode(&list))
|
||||
require.Len(t, list, 3)
|
||||
require.Len(t, list, 4)
|
||||
|
||||
require.Equal(t, api.ACLTemplatedPolicyResponse{
|
||||
TemplateName: api.ACLTemplatedPolicyServiceName,
|
||||
|
|
|
@ -31,6 +31,7 @@ const (
|
|||
ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003"
|
||||
ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004"
|
||||
ACLTemplatedPolicyDNSID = "00000000-0000-0000-0000-000000000005"
|
||||
ACLTemplatedPolicyNomadServerID = "00000000-0000-0000-0000-000000000006"
|
||||
|
||||
ACLTemplatedPolicyNoRequiredVariablesSchema = "" // catch-all schema for all templated policy that don't require a schema
|
||||
)
|
||||
|
@ -45,7 +46,6 @@ type ACLTemplatedPolicyBase struct {
|
|||
}
|
||||
|
||||
var (
|
||||
// This supports: node, service and dns templates
|
||||
// Note: when adding a new builtin template, ensure you update `command/acl/templatedpolicy/formatter.go`
|
||||
// to handle the new templates required variables and schema.
|
||||
aclTemplatedPoliciesList = map[string]*ACLTemplatedPolicyBase{
|
||||
|
@ -67,6 +67,12 @@ var (
|
|||
Schema: ACLTemplatedPolicyNoRequiredVariablesSchema,
|
||||
Template: ACLTemplatedPolicyDNS,
|
||||
},
|
||||
api.ACLTemplatedPolicyNomadServerName: {
|
||||
TemplateID: ACLTemplatedPolicyNomadServerID,
|
||||
TemplateName: api.ACLTemplatedPolicyNomadServerName,
|
||||
Schema: ACLTemplatedPolicyNoRequiredVariablesSchema,
|
||||
Template: ACLTemplatedPolicyNomadServer,
|
||||
},
|
||||
}
|
||||
)
|
||||
|
||||
|
|
|
@ -16,6 +16,9 @@ var ACLTemplatedPolicyNode string
|
|||
//go:embed acltemplatedpolicy/policies/ce/dns.hcl
|
||||
var ACLTemplatedPolicyDNS string
|
||||
|
||||
//go:embed acltemplatedpolicy/policies/ce/nomad-server.hcl
|
||||
var ACLTemplatedPolicyNomadServer string
|
||||
|
||||
func (t *ACLToken) TemplatedPolicyList() []*ACLTemplatedPolicy {
|
||||
if len(t.TemplatedPolicies) == 0 {
|
||||
return nil
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
|
||||
acl = "write"
|
||||
agent_prefix "" {
|
||||
policy = "read"
|
||||
}
|
||||
node_prefix "" {
|
||||
policy = "read"
|
||||
}
|
||||
service_prefix "" {
|
||||
policy = "write"
|
||||
}
|
|
@ -24,6 +24,7 @@ const (
|
|||
ACLTemplatedPolicyServiceName = "builtin/service"
|
||||
ACLTemplatedPolicyNodeName = "builtin/node"
|
||||
ACLTemplatedPolicyDNSName = "builtin/dns"
|
||||
ACLTemplatedPolicyNomadServerName = "builtin/nomad-server"
|
||||
)
|
||||
|
||||
type ACLLink struct {
|
||||
|
|
|
@ -76,10 +76,8 @@ func (f *prettyFormatter) FormatTemplatedPolicy(templatedPolicy api.ACLTemplated
|
|||
buffer.WriteString(fmt.Sprintf("\n%sName: String - Required - The node name.\n", WhitespaceIndent))
|
||||
buffer.WriteString("Example usage:\n")
|
||||
buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy builtin/node -var name:node-1\n", WhitespaceIndent))
|
||||
case api.ACLTemplatedPolicyDNSName:
|
||||
buffer.WriteString(" None\n")
|
||||
buffer.WriteString("Example usage:\n")
|
||||
buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy builtin/dns\n", WhitespaceIndent))
|
||||
case api.ACLTemplatedPolicyDNSName, api.ACLTemplatedPolicyNomadServerName:
|
||||
noRequiredVariablesOutput(&buffer, templatedPolicy.TemplateName)
|
||||
default:
|
||||
buffer.WriteString(" None\n")
|
||||
}
|
||||
|
@ -94,6 +92,12 @@ func (f *prettyFormatter) FormatTemplatedPolicy(templatedPolicy api.ACLTemplated
|
|||
return buffer.String(), nil
|
||||
}
|
||||
|
||||
func noRequiredVariablesOutput(buffer *bytes.Buffer, templateName string) {
|
||||
buffer.WriteString(" None\n")
|
||||
buffer.WriteString("Example usage:\n")
|
||||
buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy %s\n", WhitespaceIndent, templateName))
|
||||
}
|
||||
|
||||
func (f *prettyFormatter) FormatTemplatedPolicyList(policies map[string]api.ACLTemplatedPolicyResponse) (string, error) {
|
||||
var buffer bytes.Buffer
|
||||
|
||||
|
|
|
@ -53,6 +53,13 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
|
|||
Template: structs.ACLTemplatedPolicyService,
|
||||
},
|
||||
},
|
||||
"nomad-server-templated-policy": {
|
||||
templatedPolicy: api.ACLTemplatedPolicyResponse{
|
||||
TemplateName: api.ACLTemplatedPolicyNomadServerName,
|
||||
Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema,
|
||||
Template: structs.ACLTemplatedPolicyNomadServer,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
formatters := map[string]Formatter{
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
{
|
||||
"TemplateName": "builtin/nomad-server",
|
||||
"Schema": "",
|
||||
"Template": "\nacl = \"write\"\nagent_prefix \"\" {\n policy = \"read\"\n}\nnode_prefix \"\" {\n policy = \"read\"\n}\nservice_prefix \"\" {\n policy = \"write\"\n}"
|
||||
}
|
|
@ -0,0 +1,16 @@
|
|||
Name: builtin/nomad-server
|
||||
Input variables: None
|
||||
Example usage:
|
||||
consul acl token create -templated-policy builtin/nomad-server
|
||||
Raw Template:
|
||||
|
||||
acl = "write"
|
||||
agent_prefix "" {
|
||||
policy = "read"
|
||||
}
|
||||
node_prefix "" {
|
||||
policy = "read"
|
||||
}
|
||||
service_prefix "" {
|
||||
policy = "write"
|
||||
}
|
|
@ -0,0 +1,4 @@
|
|||
Name: builtin/nomad-server
|
||||
Input variables: None
|
||||
Example usage:
|
||||
consul acl token create -templated-policy builtin/nomad-server
|
Loading…
Reference in New Issue