open-consul/agent/http_oss.go

// +build !consulent

package agent

import (
	"fmt"
	"net/http"
	"strings"

	"github.com/hashicorp/consul/agent/structs"
)

func (s *HTTPServer) parseEntMeta(req *http.Request, entMeta *structs.EnterpriseMeta) error {
	if headerNS := req.Header.Get("X-Consul-Namespace"); headerNS != "" {
		return BadRequestError{Reason: "Invalid header: \"X-Consul-Namespace\" - Namespaces is a Consul Enterprise feature"}
	}
	if queryNS := req.URL.Query().Get("ns"); queryNS != "" {
		return BadRequestError{Reason: "Invalid query parameter: \"ns\" - Namespaces is a Consul Enterprise feature"}
	}
	return nil
}

func (s *HTTPServer) parseEntMetaNoWildcard(req *http.Request, _ *structs.EnterpriseMeta) error {
	return s.parseEntMeta(req, nil)
}

func (s *HTTPServer) rewordUnknownEnterpriseFieldError(err error) error {
	if err == nil {
		return nil
	}

	msg := err.Error()

	if strings.Contains(msg, "json: unknown field ") {
		quotedField := strings.TrimPrefix(msg, "json: unknown field ")

		switch quotedField {
		case `"Namespace"`:
			return fmt.Errorf("%v - Namespaces is a Consul Enterprise feature", err)
		}
	}

	return err
}

func (s *HTTPServer) addEnterpriseHTMLTemplateVars(vars map[string]interface{}) {}

func parseACLAuthMethodEnterpriseMeta(req *http.Request, _ *structs.ACLAuthMethodEnterpriseMeta) error {
	if methodNS := req.URL.Query().Get("authmethod-ns"); methodNS != "" {
		return BadRequestError{Reason: "Invalid query parameter: \"authmethod-ns\" - Namespaces is a Consul Enterprise feature"}
	}

	return nil
}

// auditReq is a noop stub for the corresponding func in http_ent.go
func (s *HTTPServer) auditReq(req *http.Request) interface{} {
	// note(kit): We return an nil here so we can pass it to auditResp. Auditing the response requires the
	//  request object for context, so we have it pass it even when it's disabled
	return nil
}

// auditResp is a noop stub for the corresponding func in http_ent.go
func (s *HTTPServer) auditResp(reqPayload interface{}, httpCode int) {
}
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) Main Changes: • method signature updates everywhere to account for passing around enterprise meta. • populate the EnterpriseAuthorizerContext for all ACL related authorizations. • ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing. • Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation. Secondary Changes: • Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies. • Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure) • AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise. • Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally. • Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token. • Added a bunch of ACL test helpers for inserting ACL resource test data. 2019-10-24 18:38:09 +00:00			`// +build !consulent`

Creates HTTP endpoint registry. 2017-11-29 00:06:26 +00:00			`package agent`

Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) Main Changes: • method signature updates everywhere to account for passing around enterprise meta. • populate the EnterpriseAuthorizerContext for all ACL related authorizations. • ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing. • Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation. Secondary Changes: • Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies. • Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure) • AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise. • Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally. • Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token. • Added a bunch of ACL test helpers for inserting ACL resource test data. 2019-10-24 18:38:09 +00:00			`import (`
Add Namespace support to the API module and the CLI commands (#6874) Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent. Add Namespace HTTP API docs Make all API endpoints disallow unknown fields 2019-12-06 16:14:56 +00:00			`"fmt"`
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) Main Changes: • method signature updates everywhere to account for passing around enterprise meta. • populate the EnterpriseAuthorizerContext for all ACL related authorizations. • ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing. • Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation. Secondary Changes: • Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies. • Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure) • AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise. • Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally. • Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token. • Added a bunch of ACL test helpers for inserting ACL resource test data. 2019-10-24 18:38:09 +00:00			`"net/http"`
Add Namespace support to the API module and the CLI commands (#6874) Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent. Add Namespace HTTP API docs Make all API endpoints disallow unknown fields 2019-12-06 16:14:56 +00:00			`"strings"`
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) Main Changes: • method signature updates everywhere to account for passing around enterprise meta. • populate the EnterpriseAuthorizerContext for all ACL related authorizations. • ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing. • Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation. Secondary Changes: • Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies. • Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure) • AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise. • Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally. • Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token. • Added a bunch of ACL test helpers for inserting ACL resource test data. 2019-10-24 18:38:09 +00:00
			`"github.com/hashicorp/consul/agent/structs"`
			`)`
Initialise `allowedMethods` in init() 2018-02-18 01:31:24 +00:00
Add Namespace support to the API module and the CLI commands (#6874) Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent. Add Namespace HTTP API docs Make all API endpoints disallow unknown fields 2019-12-06 16:14:56 +00:00			`func (s HTTPServer) parseEntMeta(req http.Request, entMeta *structs.EnterpriseMeta) error {`
			`if headerNS := req.Header.Get("X-Consul-Namespace"); headerNS != "" {`
			`return BadRequestError{Reason: "Invalid header: \"X-Consul-Namespace\" - Namespaces is a Consul Enterprise feature"}`
			`}`
			`if queryNS := req.URL.Query().Get("ns"); queryNS != "" {`
			`return BadRequestError{Reason: "Invalid query parameter: \"ns\" - Namespaces is a Consul Enterprise feature"}`
			`}`
			`return nil`
			`}`

Miscellaneous Fixes (#6896) Ensure we close the Sentinel Evaluator so as not to leak go routines Fix a bunch of test logging so that various warnings when starting a test agent go to the ltest logger and not straight to stdout. Various canned ent meta types always return a valid pointer (no more nils). This allows us to blindly deref + assign in various places. Update ACL index tracking to ensure oss -> ent upgrades will work as expected. Update ent meta parsing to include function to disallow wildcarding. 2019-12-06 19:01:34 +00:00			`func (s HTTPServer) parseEntMetaNoWildcard(req http.Request, _ *structs.EnterpriseMeta) error {`
			`return s.parseEntMeta(req, nil)`
			`}`

Add Namespace support to the API module and the CLI commands (#6874) Also update the Docs and fixup the HTTP API to return proper errors when someone attempts to use Namespaces with an OSS agent. Add Namespace HTTP API docs Make all API endpoints disallow unknown fields 2019-12-06 16:14:56 +00:00			`func (s *HTTPServer) rewordUnknownEnterpriseFieldError(err error) error {`
			`if err == nil {`
			`return nil`
			`}`

			`msg := err.Error()`

			`if strings.Contains(msg, "json: unknown field ") {`
			`quotedField := strings.TrimPrefix(msg, "json: unknown field ")`

			`switch quotedField {`
			case `"Namespace"`:
			`return fmt.Errorf("%v - Namespaces is a Consul Enterprise feature", err)`
			`}`
			`}`

			`return err`
Creates HTTP endpoint registry. 2017-11-29 00:06:26 +00:00			`}`
ui: feature support templating for index.html (#6921) 2019-12-13 19:50:07 +00:00
			`func (s *HTTPServer) addEnterpriseHTMLTemplateVars(vars map[string]interface{}) {}`
AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 15:09:29 +00:00
			`func parseACLAuthMethodEnterpriseMeta(req http.Request, _ structs.ACLAuthMethodEnterpriseMeta) error {`
			`if methodNS := req.URL.Query().Get("authmethod-ns"); methodNS != "" {`
fix spelling errors (#7135) 2020-01-27 13:00:33 +00:00			`return BadRequestError{Reason: "Invalid query parameter: \"authmethod-ns\" - Namespaces is a Consul Enterprise feature"}`
AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 15:09:29 +00:00			`}`

			`return nil`
			`}`
agent: stub out auditing functionality in OSS 2020-04-16 22:07:52 +00:00
			`// auditReq is a noop stub for the corresponding func in http_ent.go`
			`func (s HTTPServer) auditReq(req http.Request) interface{} {`
			`// note(kit): We return an nil here so we can pass it to auditResp. Auditing the response requires the`
			`// request object for context, so we have it pass it even when it's disabled`
			`return nil`
			`}`

			`// auditResp is a noop stub for the corresponding func in http_ent.go`
			`func (s *HTTPServer) auditResp(reqPayload interface{}, httpCode int) {`
			`}`