luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Parse datacenter from request (#12370) 

* Parse datacenter from request
- Parse the value of the datacenter from the create/delete requests for AuthMethods and BindingRules so that they can be created in and deleted from the datacenters specified in the request.
This commit is contained in:
Ashwin Venkatesh 2022-02-17 16:41:27 -05:00 committed by GitHub
parent b62a4187c9
commit 39be071264
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 44 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/12370.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
agent: Parse datacenter from Create/Delete requests for AuthMethods and BindingRules.
```

14
agent/acl_endpoint.go
View File

@ -751,9 +751,8 @@ func (s *HTTPHandlers) ACLBindingRuleCreate(resp http.ResponseWriter, req *http.
} }
func (s *HTTPHandlers) ACLBindingRuleWrite(resp http.ResponseWriter, req *http.Request, bindingRuleID string) (interface{}, error) { func (s *HTTPHandlers) ACLBindingRuleWrite(resp http.ResponseWriter, req *http.Request, bindingRuleID string) (interface{}, error) {
args := structs.ACLBindingRuleSetRequest{ args := structs.ACLBindingRuleSetRequest{}
Datacenter: s.agent.config.Datacenter, s.parseDC(req, &args.Datacenter)
}
s.parseToken(req, &args.Token) s.parseToken(req, &args.Token)
if err := s.parseEntMeta(req, &args.BindingRule.EnterpriseMeta); err != nil { if err := s.parseEntMeta(req, &args.BindingRule.EnterpriseMeta); err != nil {
return nil, err return nil, err
@ -779,9 +778,9 @@ func (s *HTTPHandlers) ACLBindingRuleWrite(resp http.ResponseWriter, req *http.R
func (s *HTTPHandlers) ACLBindingRuleDelete(resp http.ResponseWriter, req *http.Request, bindingRuleID string) (interface{}, error) { func (s *HTTPHandlers) ACLBindingRuleDelete(resp http.ResponseWriter, req *http.Request, bindingRuleID string) (interface{}, error) {
args := structs.ACLBindingRuleDeleteRequest{ args := structs.ACLBindingRuleDeleteRequest{
Datacenter: s.agent.config.Datacenter,
BindingRuleID: bindingRuleID, BindingRuleID: bindingRuleID,
} }
s.parseDC(req, &args.Datacenter)
s.parseToken(req, &args.Token) s.parseToken(req, &args.Token)
if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil { if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
return nil, err return nil, err
@ -898,9 +897,8 @@ func (s *HTTPHandlers) ACLAuthMethodCreate(resp http.ResponseWriter, req *http.R
} }
func (s *HTTPHandlers) ACLAuthMethodWrite(resp http.ResponseWriter, req *http.Request, methodName string) (interface{}, error) { func (s *HTTPHandlers) ACLAuthMethodWrite(resp http.ResponseWriter, req *http.Request, methodName string) (interface{}, error) {
args := structs.ACLAuthMethodSetRequest{ args := structs.ACLAuthMethodSetRequest{}
Datacenter: s.agent.config.Datacenter, s.parseDC(req, &args.Datacenter)
}
s.parseToken(req, &args.Token) s.parseToken(req, &args.Token)
if err := s.parseEntMeta(req, &args.AuthMethod.EnterpriseMeta); err != nil { if err := s.parseEntMeta(req, &args.AuthMethod.EnterpriseMeta); err != nil {
return nil, err return nil, err
@ -929,9 +927,9 @@ func (s *HTTPHandlers) ACLAuthMethodWrite(resp http.ResponseWriter, req *http.Re
func (s *HTTPHandlers) ACLAuthMethodDelete(resp http.ResponseWriter, req *http.Request, methodName string) (interface{}, error) { func (s *HTTPHandlers) ACLAuthMethodDelete(resp http.ResponseWriter, req *http.Request, methodName string) (interface{}, error) {
args := structs.ACLAuthMethodDeleteRequest{ args := structs.ACLAuthMethodDeleteRequest{
Datacenter: s.agent.config.Datacenter,
AuthMethodName: methodName, AuthMethodName: methodName,
} }
s.parseDC(req, &args.Datacenter)
s.parseToken(req, &args.Token) s.parseToken(req, &args.Token)
if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil { if err := s.parseEntMeta(req, &args.EnterpriseMeta); err != nil {
return nil, err return nil, err

35
agent/acl_endpoint_test.go
View File

@ -1222,6 +1222,26 @@ func TestACL_LoginProcedure_HTTP(t *testing.T) {
methodMap[method.Name] = method methodMap[method.Name] = method
}) })
t.Run("Create in remote datacenter", func(t *testing.T) {
methodInput := &structs.ACLAuthMethod{
Name: "other",
Type: "testing",
Description: "test",
Config: map[string]interface{}{
"SessionID": testSessionID,
},
TokenLocality: "global",
MaxTokenTTL: 500_000_000_000,
}
req, _ := http.NewRequest("PUT", "/v1/acl/auth-method?token=root&dc=remote", jsonBody(methodInput))
resp := httptest.NewRecorder()
_, err := a.srv.ACLAuthMethodCRUD(resp, req)
require.Error(t, err)
_, ok := err.(BadRequestError)
require.True(t, ok)
})
t.Run("Update Name URL Mismatch", func(t *testing.T) { t.Run("Update Name URL Mismatch", func(t *testing.T) {
methodInput := &structs.ACLAuthMethod{ methodInput := &structs.ACLAuthMethod{
Name: "test", Name: "test",
@ -1394,6 +1414,21 @@ func TestACL_LoginProcedure_HTTP(t *testing.T) {
ruleMap[rule.ID] = rule ruleMap[rule.ID] = rule
}) })
t.Run("Create in remote datacenter", func(t *testing.T) {
ruleInput := &structs.ACLBindingRule{
Description: "other",
AuthMethod: "test",
Selector: "serviceaccount.namespace==default",
BindType: structs.BindingRuleBindTypeRole,
BindName: "fancy-role",
}
req, _ := http.NewRequest("PUT", "/v1/acl/binding-rule?token=root&dc=remote", jsonBody(ruleInput))
resp := httptest.NewRecorder()
_, err := a.srv.ACLBindingRuleCRUD(resp, req)
require.EqualError(t, err, "No path to datacenter")
})
t.Run("BindingRule CRUD Missing ID in URL", func(t *testing.T) { t.Run("BindingRule CRUD Missing ID in URL", func(t *testing.T) {
req, _ := http.NewRequest("GET", "/v1/acl/binding-rule/?token=root", nil) req, _ := http.NewRequest("GET", "/v1/acl/binding-rule/?token=root", nil)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()