status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Miscellaneous fixes (#6727)

This commit is contained in:
Matt Keeler 2019-11-01 16:11:44 -04:00 committed by GitHub
parent ec7aeaaa8e
commit d491a3a9d5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
agent/consul/acl_endpoint.go
View File

@ -1458,17 +1458,17 @@ func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) e
return fmt.Errorf("Invalid Role: invalid Name. Only alphanumeric characters, '-' and '_' are allowed")
}
var existing *structs.ACLRole
var err error
if role.ID == "" {
// with no role ID one will be generated
var err error
role.ID, err = lib.GenerateUUID(a.srv.checkRoleUUID)
if err != nil {
return err
}
// validate the name is unique
if _, existing, err := state.ACLRoleGetByName(nil, role.Name, &role.EnterpriseMeta); err != nil {
if _, existing, err = state.ACLRoleGetByName(nil, role.Name, &role.EnterpriseMeta); err != nil {
return fmt.Errorf("acl role lookup by name failed: %v", err)
} else if existing != nil {
return fmt.Errorf("Invalid Role: A Role with Name %q already exists", role.Name)
@ -1479,7 +1479,7 @@ func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) e
}
// Verify the role exists
_, existing, err := state.ACLRoleGetByID(nil, role.ID, nil)
_, existing, err = state.ACLRoleGetByID(nil, role.ID, nil)
if err != nil {
return fmt.Errorf("acl role lookup failed: %v", err)
} else if existing == nil {
@ -1495,6 +1495,11 @@ func (a *ACL) RoleSet(args *structs.ACLRoleSetRequest, reply *structs.ACLRole) e
}
}
// validate the enterprise meta
if err := state.ACLRoleUpsertValidateEnterprise(role, existing); err != nil {
return err
}
policyIDs := make(map[string]struct{})
var policies []structs.ACLRolePolicyLink

19
agent/consul/acl_endpoint_test.go
View File

@ -2079,15 +2079,19 @@ func TestACLEndpoint_TokenList(t *testing.T) {
t2, err := upsertTestToken(codec, "root", "dc1", nil)
require.NoError(t, err)
t3, err := upsertTestToken(codec, "root", "dc1", func(token *structs.ACLToken) {
token.ExpirationTTL = 20 * time.Millisecond
})
require.NoError(t, err)
masterTokenAccessorID, err := retrieveTestTokenAccessorForSecret(codec, "root", "dc1", "root")
require.NoError(t, err)
t.Run("normal", func(t *testing.T) {
// this will still be racey even with inserting the token + ttl inside the test function
// however previously inserting it outside of the subtest func resulted in this being
// extra flakey due to there being more code that needed to run to setup the subtest
// between when we inserted the token and when we performed the listing.
t3, err := upsertTestToken(codec, "root", "dc1", func(token *structs.ACLToken) {
token.ExpirationTTL = 50 * time.Millisecond
})
require.NoError(t, err)
req := structs.ACLTokenListRequest{
Datacenter: "dc1",
QueryOptions: structs.QueryOptions{Token: "root"},
@ -2108,7 +2112,7 @@ func TestACLEndpoint_TokenList(t *testing.T) {
require.ElementsMatch(t, gatherIDs(t, resp.Tokens), tokens)
})
time.Sleep(20 * time.Millisecond) // now 't3' is expired
time.Sleep(50 * time.Millisecond) // now 't3' is expired
t.Run("filter expired", func(t *testing.T) {
req := structs.ACLTokenListRequest{
@ -4434,6 +4438,9 @@ func TestACLEndpoint_SecureIntroEndpoints_OnlyCreateLocalData(t *testing.T) {
})
t.Run("logout of remote token in remote dc", func(t *testing.T) {
// if the other test fails this one will to but will now not segfault
require.NotNil(t, remoteToken)
req := structs.ACLLogoutRequest{
Datacenter: "dc2",
WriteRequest: structs.WriteRequest{Token: remoteToken.SecretID},