Avoid panic on nil partitionAuthorizer config
partitionAuthorizer.config can be nil if it wasn't provided on calls to newPartitionAuthorizer outside of the ACLResolver. This usage happens often in tests. This commit: adds a nil check when the config is going to be used, updates non-test usage of NewPolicyAuthorizerWithDefaults to pass a non-nil config, and dettaches setEnterpriseConf from the ACLResolver.
This commit is contained in:
freddygv
parent
015d85cd74
commit
4a2e40aa3c
|
|
@ -292,7 +292,10 @@ func agentMasterAuthorizer(nodeName string, entMeta *structs.EnterpriseMeta) (ac
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
return acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), []*acl.Policy{policy}, nil)
|
|
||||||
|
var cfg *acl.Config
|
||||||
|
setEnterpriseConf(entMeta, cfg)
|
||||||
|
return acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), []*acl.Policy{policy}, cfg)
|
||||||
}
|
}
|
||||||
|
|
||||||
func NewACLResolver(config *ACLResolverConfig) (*ACLResolver, error) {
|
func NewACLResolver(config *ACLResolverConfig) (*ACLResolver, error) {
|
||||||
|
|
@ -1094,7 +1097,7 @@ func (r *ACLResolver) ResolveTokenToIdentityAndAuthorizer(token string) (structs
|
||||||
if r.aclConf != nil {
|
if r.aclConf != nil {
|
||||||
conf = *r.aclConf
|
conf = *r.aclConf
|
||||||
}
|
}
|
||||||
r.setEnterpriseConf(identity, &conf)
|
setEnterpriseConf(identity.EnterpriseMetadata(), &conf)
|
||||||
|
|
||||||
authz, err := policies.Compile(r.cache, &conf)
|
authz, err := policies.Compile(r.cache, &conf)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
|
||||||
|
|
@ -46,4 +46,4 @@ func (_ *ACLResolver) resolveLocallyManagedEnterpriseToken(_ string) (structs.AC
|
||||||
return nil, nil, false
|
return nil, nil, false
|
||||||
}
|
}
|
||||||
|
|
||||||
func (_ *ACLResolver) setEnterpriseConf(identity structs.ACLIdentity, conf *acl.Config) {}
|
func setEnterpriseConf(entMeta *structs.EnterpriseMeta, conf *acl.Config) {}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue