Merge pull request #12780 from hashicorp/oss-expanded-token-fix

oss: Fix namespace default field names in expanded token output
This commit is contained in:
Kyle Havlovitz 2022-04-13 17:35:01 -07:00 committed by GitHub
commit 34280fc648
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 20 additions and 14 deletions

View File

@ -381,6 +381,9 @@ func (a *ACL) lookupExpandedTokenInfo(ws memdb.WatchSet, state *state.Store, tok
if err != nil {
return tokenInfo, err
}
if role == nil {
continue
}
for _, policy := range role.Policies {
policyIDs[policy.ID] = struct{}{}
@ -404,6 +407,9 @@ func (a *ACL) lookupExpandedTokenInfo(ws memdb.WatchSet, state *state.Store, tok
if err != nil {
return tokenInfo, err
}
if policy == nil {
continue
}
policies = append(policies, policy)
}
for _, policy := range identityPolicies {

View File

@ -66,8 +66,8 @@ type ACLTokenExpanded struct {
ExpandedPolicies []ACLPolicy
ExpandedRoles []ACLRole
NamespaceDefaultPolicies []string
NamespaceDefaultRoles []string
NamespaceDefaultPolicyIDs []string
NamespaceDefaultRoleIDs []string
AgentACLDefaultPolicy string
AgentACLDownPolicy string

View File

@ -239,17 +239,17 @@ func (f *prettyFormatter) FormatTokenExpanded(token *api.ACLTokenExpanded) (stri
buffer.WriteString("=== End of Authorizer Layer 0: Token ===\n")
if len(token.NamespaceDefaultPolicies) > 0 || len(token.NamespaceDefaultRoles) > 0 {
if len(token.NamespaceDefaultPolicyIDs) > 0 || len(token.NamespaceDefaultRoleIDs) > 0 {
buffer.WriteString("=== Start of Authorizer Layer 1: Token Namespaces Defaults (Inherited) ===\n")
buffer.WriteString(fmt.Sprintf("Description: ACL Roles inherited by all Tokens in Namespace %q\n\n", token.Namespace))
buffer.WriteString("Namespace Policy Defaults:\n")
for _, policyID := range token.NamespaceDefaultPolicies {
for _, policyID := range token.NamespaceDefaultPolicyIDs {
formatPolicy(policies[policyID], WHITESPACE_2)
}
buffer.WriteString("Namespace Role Defaults:\n")
for _, roleID := range token.NamespaceDefaultRoles {
for _, roleID := range token.NamespaceDefaultRoleIDs {
formatRole(roles[roleID], WHITESPACE_2)
}

View File

@ -408,11 +408,11 @@ var expandedTokenTestCases = map[string]testCase{
},
},
},
NamespaceDefaultPolicies: []string{"2b582ff1-4a43-457f-8a2b-30a8265e29a5"},
NamespaceDefaultRoles: []string{"56033f2b-e1a6-4905-b71d-e011c862bc65"},
AgentACLDefaultPolicy: "deny",
AgentACLDownPolicy: "extend-cache",
ResolvedByAgent: "server-1",
NamespaceDefaultPolicyIDs: []string{"2b582ff1-4a43-457f-8a2b-30a8265e29a5"},
NamespaceDefaultRoleIDs: []string{"56033f2b-e1a6-4905-b71d-e011c862bc65"},
AgentACLDefaultPolicy: "deny",
AgentACLDownPolicy: "extend-cache",
ResolvedByAgent: "server-1",
ACLToken: api.ACLToken{
AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba",
SecretID: "869c6e91-4de9-4dab-b56e-87548435f9c6",

View File

@ -22,8 +22,8 @@
}
],
"ExpandedRoles": null,
"NamespaceDefaultPolicies": null,
"NamespaceDefaultRoles": null,
"NamespaceDefaultPolicyIDs": null,
"NamespaceDefaultRoleIDs": null,
"AgentACLDefaultPolicy": "allow",
"AgentACLDownPolicy": "deny",
"ResolvedByAgent": "leader",

View File

@ -133,10 +133,10 @@
"ModifyIndex": 0
}
],
"NamespaceDefaultPolicies": [
"NamespaceDefaultPolicyIDs": [
"2b582ff1-4a43-457f-8a2b-30a8265e29a5"
],
"NamespaceDefaultRoles": [
"NamespaceDefaultRoleIDs": [
"56033f2b-e1a6-4905-b71d-e011c862bc65"
],
"AgentACLDefaultPolicy": "deny",