status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Stop use of templated-policy and templated-policy-file simultaneously (#19389)

This commit is contained in:
Ronald 2023-10-26 14:15:12 -04:00 committed by GitHub
parent 3b806d41c0
commit ea91e58045
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/19389.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
cli: stop simultaneous usage of -templated-policy and -templated-policy-file when creating a role or token.
```

7
command/acl/role/create/role_create.go
View File

@ -94,6 +94,13 @@ func (c *cmd) Run(args []string) int {
return 1 return 1
} }
if len(c.templatedPolicyFile) != 0 && len(c.templatedPolicy) != 0 {
c.UI.Error("Cannot combine the use of templated-policy flag with templated-policy-file. " +
"To create a role with a single templated policy and simple use case, use -templated-policy. " +
"For multiple templated policies and more complicated use cases, use -templated-policy-file")
return 1
}
client, err := c.http.APIClient() client, err := c.http.APIClient()
if err != nil { if err != nil {
c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err)) c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err))

16
command/acl/role/create/role_create_test.go
View File

@ -115,6 +115,22 @@ func TestRoleCreateCommand_Pretty(t *testing.T) {
require.Len(t, role.NodeIdentities, 1) require.Len(t, role.NodeIdentities, 1)
}) })
t.Run("prevent templated-policy and templated-policy-file simultaneous use", func(t *testing.T) {
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run([]string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-name=role-with-node-identity",
"-templated-policy=builtin/node",
"-var=name:" + a.Config.NodeName,
"-templated-policy-file=test.hcl",
})
require.Equal(t, 1, code)
require.Contains(t, ui.ErrorWriter.String(), "Cannot combine the use of templated-policy flag with templated-policy-file.")
})
} }
func TestRoleCreateCommand_JSON(t *testing.T) { func TestRoleCreateCommand_JSON(t *testing.T) {

7
command/acl/token/create/token_create.go
View File

@ -105,6 +105,13 @@ func (c *cmd) Run(args []string) int {
return 1 return 1
} }
if len(c.templatedPolicyFile) != 0 && len(c.templatedPolicy) != 0 {
c.UI.Error("Cannot combine the use of templated-policy flag with templated-policy-file. " +
"To create a token with a single templated policy and simple use case, use -templated-policy. " +
"For multiple templated policies and more complicated use cases, use -templated-policy-file")
return 1
}
client, err := c.http.APIClient() client, err := c.http.APIClient()
if err != nil { if err != nil {
c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err)) c.UI.Error(fmt.Sprintf("Error connecting to Consul agent: %s", err))

15
command/acl/token/create/token_create_test.go
View File

@ -128,6 +128,21 @@ func TestTokenCreateCommand_Pretty(t *testing.T) {
require.Equal(t, a.Config.NodeName, nodes[0].Node) require.Equal(t, a.Config.NodeName, nodes[0].Node)
}) })
t.Run("prevent templated-policy and templated-policy-file simultaneous use", func(t *testing.T) {
ui := cli.NewMockUi()
cmd := New(ui)
code := cmd.Run(append([]string{
"-http-addr=" + a.HTTPAddr(),
"-token=root",
"-templated-policy=builtin/node",
"-var=name:" + a.Config.NodeName,
"-templated-policy-file=test.hcl",
}, "-format=json"))
require.Equal(t, 1, code)
require.Contains(t, ui.ErrorWriter.String(), "Cannot combine the use of templated-policy flag with templated-policy-file.")
})
// create with accessor and secret // create with accessor and secret
t.Run("predefined-ids", func(t *testing.T) { t.Run("predefined-ids", func(t *testing.T) {
token := run(t, []string{ token := run(t, []string{