luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity

Support AnonymousACLToken in GetPolicies

Browse source
This commit is contained in:
Michael Schurter 2017-10-04 14:52:00 -07:00
parent 7c8a5228d4
commit 4acff9c2bd
1 changed files with 14 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
nomad/acl_endpoint.go
View file

@ -227,13 +227,21 @@ func (a *ACL) GetPolicies(args *structs.ACLPolicySetRequest, reply *structs.ACLP
}
defer metrics.MeasureSince([]string{"nomad", "acl", "get_policies"}, time.Now())
// For client typed tokens, allow them to query any policies associated with that token.
// This is used by clients which are resolving the policies to enforce. Any associated
// policies need to be fetched so that the client can determine what to allow.
token, err := a.srv.State().ACLTokenBySecretID(nil, args.SecretID)
if err != nil {
return err
var token *structs.ACLToken
var err error
if args.SecretID == "" {
// No need to look up the anonymous token
token = structs.AnonymousACLToken
} else {
// For client typed tokens, allow them to query any policies associated with that token.
// This is used by clients which are resolving the policies to enforce. Any associated
// policies need to be fetched so that the client can determine what to allow.
token, err = a.srv.State().ACLTokenBySecretID(nil, args.SecretID)
if err != nil {
return err
}
}
if token == nil {
return structs.ErrTokenNotFound
}