backport of commit 5f98e6473ccf2c5dd643fa6d79c43d113c56519b (#18987)
Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
This commit is contained in:
parent
3052ddf8f1
commit
b9581ad187
|
@ -268,7 +268,7 @@ func ACLOIDCAuthMethod() *structs.ACLAuthMethod {
|
|||
method := structs.ACLAuthMethod{
|
||||
Name: fmt.Sprintf("acl-auth-method-%s", uuid.Short()),
|
||||
Type: "OIDC",
|
||||
TokenLocality: "local",
|
||||
TokenLocality: structs.ACLAuthMethodTokenLocalityLocal,
|
||||
MaxTokenTTL: maxTokenTTL,
|
||||
Default: false,
|
||||
Config: &structs.ACLAuthMethodConfig{
|
||||
|
@ -297,7 +297,7 @@ func ACLJWTAuthMethod() *structs.ACLAuthMethod {
|
|||
method := structs.ACLAuthMethod{
|
||||
Name: fmt.Sprintf("acl-auth-method-%s", uuid.Short()),
|
||||
Type: "JWT",
|
||||
TokenLocality: "local",
|
||||
TokenLocality: structs.ACLAuthMethodTokenLocalityLocal,
|
||||
MaxTokenTTL: maxTokenTTL,
|
||||
Default: false,
|
||||
Config: &structs.ACLAuthMethodConfig{
|
||||
|
|
|
@ -222,7 +222,7 @@ var (
|
|||
// ValidACLAuthMethod is used to validate an ACL auth method name.
|
||||
ValidACLAuthMethod = regexp.MustCompile("^[a-zA-Z0-9-]{1,128}$")
|
||||
|
||||
// ValitACLAuthMethodTypes lists supported auth method types.
|
||||
// ValidACLAuthMethodTypes lists supported auth method types.
|
||||
ValidACLAuthMethodTypes = []string{ACLAuthMethodTypeOIDC, ACLAuthMethodTypeJWT}
|
||||
)
|
||||
|
||||
|
@ -924,7 +924,7 @@ func (a *ACLAuthMethod) Validate(minTTL, maxTTL time.Duration) error {
|
|||
mErr.Errors = append(mErr.Errors, fmt.Errorf("invalid name '%s'", a.Name))
|
||||
}
|
||||
|
||||
if !slices.Contains([]string{"local", "global"}, a.TokenLocality) {
|
||||
if !slices.Contains([]string{ACLAuthMethodTokenLocalityLocal, ACLAuthMethodTokenLocalityGlobal}, a.TokenLocality) {
|
||||
mErr.Errors = append(
|
||||
mErr.Errors, fmt.Errorf("invalid token locality '%s'", a.TokenLocality))
|
||||
}
|
||||
|
@ -945,7 +945,9 @@ func (a *ACLAuthMethod) Validate(minTTL, maxTTL time.Duration) error {
|
|||
|
||||
// TokenLocalityIsGlobal returns whether the auth method creates global ACL
|
||||
// tokens or not.
|
||||
func (a *ACLAuthMethod) TokenLocalityIsGlobal() bool { return a.TokenLocality == "global" }
|
||||
func (a *ACLAuthMethod) TokenLocalityIsGlobal() bool {
|
||||
return a.TokenLocality == ACLAuthMethodTokenLocalityGlobal
|
||||
}
|
||||
|
||||
// ACLAuthMethodConfig is used to store configuration of an auth method
|
||||
type ACLAuthMethodConfig struct {
|
||||
|
|
Loading…
Reference in a new issue