backport of commit 5f98e6473ccf2c5dd643fa6d79c43d113c56519b (#18987)

Co-authored-by: James Rasell <jrasell@users.noreply.github.com>
This commit is contained in:
hc-github-team-nomad-core 2023-11-03 03:59:05 -05:00 committed by GitHub
parent 3052ddf8f1
commit b9581ad187
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 5 deletions

View file

@ -268,7 +268,7 @@ func ACLOIDCAuthMethod() *structs.ACLAuthMethod {
method := structs.ACLAuthMethod{
Name: fmt.Sprintf("acl-auth-method-%s", uuid.Short()),
Type: "OIDC",
TokenLocality: "local",
TokenLocality: structs.ACLAuthMethodTokenLocalityLocal,
MaxTokenTTL: maxTokenTTL,
Default: false,
Config: &structs.ACLAuthMethodConfig{
@ -297,7 +297,7 @@ func ACLJWTAuthMethod() *structs.ACLAuthMethod {
method := structs.ACLAuthMethod{
Name: fmt.Sprintf("acl-auth-method-%s", uuid.Short()),
Type: "JWT",
TokenLocality: "local",
TokenLocality: structs.ACLAuthMethodTokenLocalityLocal,
MaxTokenTTL: maxTokenTTL,
Default: false,
Config: &structs.ACLAuthMethodConfig{

View file

@ -222,7 +222,7 @@ var (
// ValidACLAuthMethod is used to validate an ACL auth method name.
ValidACLAuthMethod = regexp.MustCompile("^[a-zA-Z0-9-]{1,128}$")
// ValitACLAuthMethodTypes lists supported auth method types.
// ValidACLAuthMethodTypes lists supported auth method types.
ValidACLAuthMethodTypes = []string{ACLAuthMethodTypeOIDC, ACLAuthMethodTypeJWT}
)
@ -924,7 +924,7 @@ func (a *ACLAuthMethod) Validate(minTTL, maxTTL time.Duration) error {
mErr.Errors = append(mErr.Errors, fmt.Errorf("invalid name '%s'", a.Name))
}
if !slices.Contains([]string{"local", "global"}, a.TokenLocality) {
if !slices.Contains([]string{ACLAuthMethodTokenLocalityLocal, ACLAuthMethodTokenLocalityGlobal}, a.TokenLocality) {
mErr.Errors = append(
mErr.Errors, fmt.Errorf("invalid token locality '%s'", a.TokenLocality))
}
@ -945,7 +945,9 @@ func (a *ACLAuthMethod) Validate(minTTL, maxTTL time.Duration) error {
// TokenLocalityIsGlobal returns whether the auth method creates global ACL
// tokens or not.
func (a *ACLAuthMethod) TokenLocalityIsGlobal() bool { return a.TokenLocality == "global" }
func (a *ACLAuthMethod) TokenLocalityIsGlobal() bool {
return a.TokenLocality == ACLAuthMethodTokenLocalityGlobal
}
// ACLAuthMethodConfig is used to store configuration of an auth method
type ACLAuthMethodConfig struct {