Backport of Stop JWT provider from being written in non default namespace into release/1.16.x (#18331)

backport of commit f15be60e488a77cf80f78a84c35a4a1154637d03

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
This commit is contained in:
hc-github-team-consul-core 2023-07-31 09:31:52 -04:00 committed by GitHub
parent 5114b031a7
commit 5429e56d1d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 2 deletions

3
.changelog/18325.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
mesh: **(Enterprise Only)** Require that `jwt-provider` config entries are created in the `default` namespace.
```

View File

@ -509,7 +509,7 @@ func (e *JWTProviderConfigEntry) Validate() error {
return err return err
} }
if err := e.validatePartition(); err != nil { if err := e.validatePartitionAndNamespace(); err != nil {
return err return err
} }

View File

@ -12,9 +12,14 @@ import (
"github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/acl"
) )
func (e *JWTProviderConfigEntry) validatePartition() error { func (e *JWTProviderConfigEntry) validatePartitionAndNamespace() error {
if !acl.IsDefaultPartition(e.PartitionOrDefault()) { if !acl.IsDefaultPartition(e.PartitionOrDefault()) {
return fmt.Errorf("Partitions are an enterprise only feature") return fmt.Errorf("Partitions are an enterprise only feature")
} }
if acl.DefaultNamespaceName != e.NamespaceOrDefault() {
return fmt.Errorf("Namespaces are an enterprise only feature")
}
return nil return nil
} }