acls: Show `AuthMethodNamespace` when reading/listing ACL token meta (#10598)

This commit is contained in:
Evan Culver 2021-07-15 10:38:52 -07:00 committed by GitHub
parent b4ab87111c
commit 521c423075
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 63 additions and 46 deletions

3
.changelog/10598.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:enhancement
acls: Show AuthMethodNamespace when reading/listing ACL tokens
```

View File

@ -572,28 +572,30 @@ type ACLTokenListStub struct {
ModifyIndex uint64
Legacy bool `json:",omitempty"`
EnterpriseMeta
ACLAuthMethodEnterpriseMeta
}
type ACLTokenListStubs []*ACLTokenListStub
func (token *ACLToken) Stub() *ACLTokenListStub {
return &ACLTokenListStub{
AccessorID: token.AccessorID,
SecretID: token.SecretID,
Description: token.Description,
Policies: token.Policies,
Roles: token.Roles,
ServiceIdentities: token.ServiceIdentities,
NodeIdentities: token.NodeIdentities,
Local: token.Local,
AuthMethod: token.AuthMethod,
ExpirationTime: token.ExpirationTime,
CreateTime: token.CreateTime,
Hash: token.Hash,
CreateIndex: token.CreateIndex,
ModifyIndex: token.ModifyIndex,
Legacy: token.Rules != "",
EnterpriseMeta: token.EnterpriseMeta,
AccessorID: token.AccessorID,
SecretID: token.SecretID,
Description: token.Description,
Policies: token.Policies,
Roles: token.Roles,
ServiceIdentities: token.ServiceIdentities,
NodeIdentities: token.NodeIdentities,
Local: token.Local,
AuthMethod: token.AuthMethod,
ExpirationTime: token.ExpirationTime,
CreateTime: token.CreateTime,
Hash: token.Hash,
CreateIndex: token.CreateIndex,
ModifyIndex: token.ModifyIndex,
Legacy: token.Rules != "",
EnterpriseMeta: token.EnterpriseMeta,
ACLAuthMethodEnterpriseMeta: token.ACLAuthMethodEnterpriseMeta,
}
}

View File

@ -52,6 +52,10 @@ type ACLToken struct {
// Namespace is the namespace the ACLToken is associated with.
// Namespaces are a Consul Enterprise feature.
Namespace string `json:",omitempty"`
// AuthMethodNamespace is the namespace the token's AuthMethod is associated with.
// Namespacing is a Consul Enterprise feature.
AuthMethodNamespace string `json:",omitempty"`
}
type ACLTokenListEntry struct {
@ -74,6 +78,10 @@ type ACLTokenListEntry struct {
// Namespace is the namespace the ACLTokenListEntry is associated with.
// Namespacing is a Consul Enterprise feature.
Namespace string `json:",omitempty"`
// AuthMethodNamespace is the namespace the token's AuthMethod is associated with.
// Namespacing is a Consul Enterprise feature.
AuthMethodNamespace string `json:",omitempty"`
}
// ACLEntry is used to represent a legacy ACL token

View File

@ -58,7 +58,7 @@ func (f *prettyFormatter) FormatToken(token *api.ACLToken) (string, error) {
buffer.WriteString(fmt.Sprintf("Description: %s\n", token.Description))
buffer.WriteString(fmt.Sprintf("Local: %t\n", token.Local))
if token.AuthMethod != "" {
buffer.WriteString(fmt.Sprintf("Auth Method: %s\n", token.AuthMethod))
buffer.WriteString(fmt.Sprintf("Auth Method: %s (Namespace: %s)\n", token.AuthMethod, token.AuthMethodNamespace))
}
buffer.WriteString(fmt.Sprintf("Create Time: %v\n", token.CreateTime))
if token.ExpirationTime != nil && !token.ExpirationTime.IsZero() {
@ -132,7 +132,7 @@ func (f *prettyFormatter) formatTokenListEntry(token *api.ACLTokenListEntry) str
buffer.WriteString(fmt.Sprintf("Description: %s\n", token.Description))
buffer.WriteString(fmt.Sprintf("Local: %t\n", token.Local))
if token.AuthMethod != "" {
buffer.WriteString(fmt.Sprintf("Auth Method: %s\n", token.AuthMethod))
buffer.WriteString(fmt.Sprintf("Auth Method: %s (Namespace: %s)\n", token.AuthMethod, token.AuthMethodNamespace))
}
buffer.WriteString(fmt.Sprintf("Create Time: %v\n", token.CreateTime))
if token.ExpirationTime != nil && !token.ExpirationTime.IsZero() {

View File

@ -66,17 +66,18 @@ func TestFormatToken(t *testing.T) {
},
"complex": {
token: api.ACLToken{
AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba",
SecretID: "869c6e91-4de9-4dab-b56e-87548435f9c6",
Namespace: "foo",
Description: "test token",
Local: false,
AuthMethod: "bar",
CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC),
ExpirationTime: timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)),
Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'},
CreateIndex: 5,
ModifyIndex: 10,
AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba",
SecretID: "869c6e91-4de9-4dab-b56e-87548435f9c6",
Namespace: "foo",
Description: "test token",
Local: false,
AuthMethod: "bar",
AuthMethodNamespace: "baz",
CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC),
ExpirationTime: timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)),
Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'},
CreateIndex: 5,
ModifyIndex: 10,
Policies: []*api.ACLLink{
{
ID: "beb04680-815b-4d7c-9e33-3d707c24672c",
@ -178,17 +179,18 @@ func TestFormatTokenList(t *testing.T) {
"complex": {
tokens: []*api.ACLTokenListEntry{
{
AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba",
SecretID: "257ade69-748c-4022-bafd-76d27d9143f8",
Namespace: "foo",
Description: "test token",
Local: false,
AuthMethod: "bar",
CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC),
ExpirationTime: timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)),
Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'},
CreateIndex: 5,
ModifyIndex: 10,
AccessorID: "fbd2447f-7479-4329-ad13-b021d74f86ba",
SecretID: "257ade69-748c-4022-bafd-76d27d9143f8",
Namespace: "foo",
Description: "test token",
Local: false,
AuthMethod: "bar",
AuthMethodNamespace: "baz",
CreateTime: time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC),
ExpirationTime: timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)),
Hash: []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'},
CreateIndex: 5,
ModifyIndex: 10,
Policies: []*api.ACLLink{
{
ID: "beb04680-815b-4d7c-9e33-3d707c24672c",

View File

@ -43,5 +43,6 @@
"ExpirationTime": "2020-05-22T19:52:31Z",
"CreateTime": "2020-05-22T18:52:31Z",
"Hash": "YWJjZGVmZ2g=",
"Namespace": "foo"
"Namespace": "foo",
"AuthMethodNamespace": "baz"
}

View File

@ -3,7 +3,7 @@ SecretID: 869c6e91-4de9-4dab-b56e-87548435f9c6
Namespace: foo
Description: test token
Local: false
Auth Method: bar
Auth Method: bar (Namespace: baz)
Create Time: 2020-05-22 18:52:31 +0000 UTC
Expiration Time: 2020-05-22 19:52:31 +0000 UTC
Hash: 6162636465666768

View File

@ -3,7 +3,7 @@ SecretID: 869c6e91-4de9-4dab-b56e-87548435f9c6
Namespace: foo
Description: test token
Local: false
Auth Method: bar
Auth Method: bar (Namespace: baz)
Create Time: 2020-05-22 18:52:31 +0000 UTC
Expiration Time: 2020-05-22 19:52:31 +0000 UTC
Policies:

View File

@ -45,6 +45,7 @@
"CreateTime": "2020-05-22T18:52:31Z",
"Hash": "YWJjZGVmZ2g=",
"Legacy": false,
"Namespace": "foo"
"Namespace": "foo",
"AuthMethodNamespace": "baz"
}
]

View File

@ -3,7 +3,7 @@ SecretID: 257ade69-748c-4022-bafd-76d27d9143f8
Namespace: foo
Description: test token
Local: false
Auth Method: bar
Auth Method: bar (Namespace: baz)
Create Time: 2020-05-22 18:52:31 +0000 UTC
Expiration Time: 2020-05-22 19:52:31 +0000 UTC
Legacy: false

View File

@ -3,7 +3,7 @@ SecretID: 257ade69-748c-4022-bafd-76d27d9143f8
Namespace: foo
Description: test token
Local: false
Auth Method: bar
Auth Method: bar (Namespace: baz)
Create Time: 2020-05-22 18:52:31 +0000 UTC
Expiration Time: 2020-05-22 19:52:31 +0000 UTC
Legacy: false