Merge pull request #12780 from hashicorp/oss-expanded-token-fix
oss: Fix namespace default field names in expanded token output
This commit is contained in:
commit
34280fc648
|
@ -381,6 +381,9 @@ func (a *ACL) lookupExpandedTokenInfo(ws memdb.WatchSet, state *state.Store, tok
|
|||
if err != nil {
|
||||
return tokenInfo, err
|
||||
}
|
||||
if role == nil {
|
||||
continue
|
||||
}
|
||||
|
||||
for _, policy := range role.Policies {
|
||||
policyIDs[policy.ID] = struct{}{}
|
||||
|
@ -404,6 +407,9 @@ func (a *ACL) lookupExpandedTokenInfo(ws memdb.WatchSet, state *state.Store, tok
|
|||
if err != nil {
|
||||
return tokenInfo, err
|
||||
}
|
||||
if policy == nil {
|
||||
continue
|
||||
}
|
||||
policies = append(policies, policy)
|
||||
}
|
||||
for _, policy := range identityPolicies {
|
||||
|
|
|
@ -66,8 +66,8 @@ type ACLTokenExpanded struct {
|
|||
ExpandedPolicies []ACLPolicy
|
||||
ExpandedRoles []ACLRole
|
||||
|
||||
NamespaceDefaultPolicies []string
|
||||
NamespaceDefaultRoles []string
|
||||
NamespaceDefaultPolicyIDs []string
|
||||
NamespaceDefaultRoleIDs []string
|
||||
|
||||
AgentACLDefaultPolicy string
|
||||
AgentACLDownPolicy string
|
||||
|
|
|
@ -239,17 +239,17 @@ func (f *prettyFormatter) FormatTokenExpanded(token *api.ACLTokenExpanded) (stri
|
|||
|
||||
buffer.WriteString("=== End of Authorizer Layer 0: Token ===\n")
|
||||
|
||||
if len(token.NamespaceDefaultPolicies) > 0 || len(token.NamespaceDefaultRoles) > 0 {
|
||||
if len(token.NamespaceDefaultPolicyIDs) > 0 || len(token.NamespaceDefaultRoleIDs) > 0 {
|
||||
buffer.WriteString("=== Start of Authorizer Layer 1: Token Namespace’s Defaults (Inherited) ===\n")
|
||||
buffer.WriteString(fmt.Sprintf("Description: ACL Roles inherited by all Tokens in Namespace %q\n\n", token.Namespace))
|
||||
|
||||
buffer.WriteString("Namespace Policy Defaults:\n")
|
||||
for _, policyID := range token.NamespaceDefaultPolicies {
|
||||
for _, policyID := range token.NamespaceDefaultPolicyIDs {
|
||||
formatPolicy(policies[policyID], WHITESPACE_2)
|
||||
}
|
||||
|
||||
buffer.WriteString("Namespace Role Defaults:\n")
|
||||
for _, roleID := range token.NamespaceDefaultRoles {
|
||||
for _, roleID := range token.NamespaceDefaultRoleIDs {
|
||||
formatRole(roles[roleID], WHITESPACE_2)
|
||||
}
|
||||
|
||||
|
|
|
@ -408,11 +408,11 @@ var expandedTokenTestCases = map[string]testCase{
|
|||
},
|
||||
},
|
||||
},
|
||||
NamespaceDefaultPolicies: []string{"2b582ff1-4a43-457f-8a2b-30a8265e29a5"},
|
||||
NamespaceDefaultRoles: []string{"56033f2b-e1a6-4905-b71d-e011c862bc65"},
|
||||
AgentACLDefaultPolicy: "deny",
|
||||
AgentACLDownPolicy: "extend-cache",
|
||||
ResolvedByAgent: "server-1",
|
||||
NamespaceDefaultPolicyIDs: []string{"2b582ff1-4a43-457f-8a2b-30a8265e29a5"},
|
||||
NamespaceDefaultRoleIDs: []string{"56033f2b-e1a6-4905-b71d-e011c862bc65"},
|
||||
AgentACLDefaultPolicy: "deny",
|
||||
AgentACLDownPolicy: "extend-cache",
|
||||
ResolvedByAgent: "server-1",
|
||||
ACLToken: api.ACLToken{
|
||||
AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba",
|
||||
SecretID: "869c6e91-4de9-4dab-b56e-87548435f9c6",
|
||||
|
|
|
@ -22,8 +22,8 @@
|
|||
}
|
||||
],
|
||||
"ExpandedRoles": null,
|
||||
"NamespaceDefaultPolicies": null,
|
||||
"NamespaceDefaultRoles": null,
|
||||
"NamespaceDefaultPolicyIDs": null,
|
||||
"NamespaceDefaultRoleIDs": null,
|
||||
"AgentACLDefaultPolicy": "allow",
|
||||
"AgentACLDownPolicy": "deny",
|
||||
"ResolvedByAgent": "leader",
|
||||
|
|
|
@ -133,10 +133,10 @@
|
|||
"ModifyIndex": 0
|
||||
}
|
||||
],
|
||||
"NamespaceDefaultPolicies": [
|
||||
"NamespaceDefaultPolicyIDs": [
|
||||
"2b582ff1-4a43-457f-8a2b-30a8265e29a5"
|
||||
],
|
||||
"NamespaceDefaultRoles": [
|
||||
"NamespaceDefaultRoleIDs": [
|
||||
"56033f2b-e1a6-4905-b71d-e011c862bc65"
|
||||
],
|
||||
"AgentACLDefaultPolicy": "deny",
|
||||
|
|
Loading…
Reference in New Issue