Mahmood Ali
b3e557cae3
address feedback review
...
apply `s/requestAuthToken/requestACLToken/g`
2019-11-26 08:39:04 -05:00
Mahmood Ali
02e20c720b
acl_endpoint: permission denied for unauthenticated requests
...
If ACL Request is unauthenticated, we should honor the anonymous token.
This PR makes few changes:
* `GetPolicy` endpoints may return policy if anonymous policy allows it,
or return permission denied otherwise.
* `ListPolicies` returns an empty policy list, or one with anonymous
policy if one exists.
Without this PR, the we return an incomprehensible error.
Before:
```
$ curl http://localhost:4646/v1/acl/policy/doesntexist ; echo
acl token lookup failed: index error: UUID must be 36 characters
$ curl http://localhost:4646/v1/acl/policies ; echo
acl token lookup failed: index error: UUID must be 36 characters
```
After:
```
$ curl http://localhost:4646/v1/acl/policy/doesntexist ; echo
Permission denied
$ curl http://localhost:4646/v1/acl/policies ; echo
[]
```
2019-11-22 08:43:09 -05:00
Michael Schurter
4b6762511d
Merge pull request #6021 from hashicorp/f-anonymous-policy-access
...
api: Update policy endpoint to permit anonymous access
2019-11-20 15:33:45 -08:00
Buck Doyle
bea9837510
Remove extraneous else block
2019-11-20 11:37:45 -06:00
Buck Doyle
d6a3e571bd
Remove extraneous whitespace
2019-11-20 11:37:01 -06:00
Buck Doyle
db77a24ed3
Merge branch 'master' into f-policy-json
2019-11-20 11:20:07 -06:00
Mahmood Ali
97d0fd009d
404 if token isn't found
2019-11-19 15:52:53 -05:00
Mahmood Ali
6f8bb5e90b
api: acl bootstrap errors aren't 500
...
Noticed that ACL endpoints return 500 status code for user errors. This
is confusing and can lead to false monitoring alerts.
Here, I introduce a concept of RPCCoded errors to be returned by RPC
that signal a code in addition to error message. Codes for now match
HTTP codes to ease reasoning.
```
$ nomad acl bootstrap
Error bootstrapping: Unexpected response code: 500 (ACL bootstrap already done (reset index: 9))
$ nomad acl bootstrap
Error bootstrapping: Unexpected response code: 400 (ACL bootstrap already done (reset index: 9))
```
2019-11-19 15:51:57 -05:00
Buck Doyle
ab96785fc9
Change test to use valid HCL for rules
2019-08-29 16:09:02 -05:00
Buck Doyle
4a159f5dcf
Change parsing error to set rules to nil
2019-08-29 15:50:34 -05:00
Buck Doyle
5495a7e689
Add standard error-handling for parse failure
2019-08-29 11:12:02 -05:00
Buck Doyle
0a1a0419cb
Combine conditionals
2019-07-29 10:38:07 -05:00
Buck Doyle
c3deb7703d
Update policy endpoint to permit anonymous access
2019-07-26 13:07:42 -05:00
Buck Doyle
77f5a38c8f
Add parsed rules to policy response
2019-07-25 10:43:57 -05:00
Alex Dadgar
3c19d01d7a
server
2018-09-15 16:23:13 -07:00
Michael Schurter
7dd7fbcda2
non-Existent -> nonexistent
...
Reverting from #3963
https://www.merriam-webster.com/dictionary/existent
2018-03-12 11:59:33 -07:00
Josh Soref
7f6e4012a0
spelling: existent
2018-03-11 18:30:37 +00:00
Chelsea Holland Komlo
a8becb96c0
review feedback
2017-10-16 17:14:48 -04:00
Chelsea Holland Komlo
2377d97d51
return error if tokens cannot be deleted because they do not exist
2017-10-16 17:14:48 -04:00
Alex Dadgar
5d4f467519
ListPolicies and GetPolicy work w/o management token
2017-10-13 13:12:20 -07:00
Michael Schurter
84d8a51be1
SecretID -> AuthToken
2017-10-12 15:16:33 -07:00
Michael Schurter
e50acae1a9
ForceLeave endpoint must use Server.ResolveToken
...
The ForceLeaveRequest endpoint may only be called on servers, but the
code was using a Client to resolve tokens. This would cause a panic when
an agent wasn't both a Server and a Client.
2017-10-09 15:49:04 -07:00
Michael Schurter
4acff9c2bd
Support AnonymousACLToken in GetPolicies
2017-10-06 14:35:14 -07:00
Michael Schurter
efcc61a253
Merge pull request #3302 from hashicorp/b-remove-structs-from-api
...
Remove `structs` import from `api`
2017-09-29 11:39:43 -07:00
Michael Schurter
a66c53d45a
Remove structs
import from api
...
Goes a step further and removes structs import from api's tests as well
by moving GenerateUUID to its own package.
2017-09-29 10:36:08 -07:00
Alex Dadgar
765b030bec
Fixes
2017-09-27 13:42:56 -07:00
Alex Dadgar
14e6026938
Allow querying self token
...
This PR allows querying self ACL token when the SecretID is for the
AccessorID in question.
2017-09-27 13:00:58 -07:00
Alex Dadgar
4173834231
Enable more linters
2017-09-26 15:26:33 -07:00
Armon Dadgar
20a8e590a0
nomad: support ACL bootstrap reset
2017-09-10 16:03:30 -07:00
Armon Dadgar
97404e3f8c
nomad: compute hash for ACL policies and tokens
2017-09-04 13:09:34 -07:00
Armon Dadgar
6f5150a227
nomad: allow getting policies which are subset of token, fixes client resolution
2017-09-04 13:05:53 -07:00
Armon Dadgar
18ddb910fa
nomad: forward DeleteToken requests for global tokens
2017-09-04 13:05:53 -07:00
Armon Dadgar
b807f5df6f
nomad: forward UpsertToken requests for global tokens
2017-09-04 13:05:53 -07:00
Armon Dadgar
855240b1b5
nomad: ACL endpoints enforce permissions
2017-09-04 13:05:53 -07:00
Armon Dadgar
4bda2fa9e9
nomad: ACL endpoints check support enabled and redirect to authority
2017-09-04 13:05:53 -07:00
Armon Dadgar
e24a4abf2c
nomad: adding ACL bootstrap endpoints
2017-09-04 13:05:53 -07:00
Armon Dadgar
edc38185cc
noamd: Adding batch fetch endpoints for ACL tokens and policies
2017-09-04 13:05:36 -07:00
Armon Dadgar
6a9d4e2dc3
nomad: Adding token resolution endpoint
2017-09-04 13:05:36 -07:00
Armon Dadgar
3efdf1f7d9
Address @chelseakomlo comments
2017-09-04 13:04:45 -07:00
Armon Dadgar
583a11cebd
nomad: Adding ability to filter list of tokens to global only
2017-09-04 13:04:45 -07:00
Armon Dadgar
cb827b6696
nomad: adding policy replication support
2017-09-04 13:04:45 -07:00
Armon Dadgar
bc697dc50e
Address @dadgar feedback
2017-09-04 13:04:45 -07:00
Armon Dadgar
30b607987e
nomad: generate accessor/secret ID server side
2017-09-04 13:04:45 -07:00
Armon Dadgar
bd2db18c80
agent: Adding HTTP endpoints for ACL tokens
2017-09-04 13:04:45 -07:00
Armon Dadgar
f91d2608cb
nomad: renambe PublicID to AccessorID for consistency
2017-09-04 13:04:45 -07:00
Armon Dadgar
e5c69f162c
nomad: implement ACL token endpoints
2017-09-04 13:04:45 -07:00
Armon Dadgar
3702587667
nomad: Adding Validate for ACLPolicy
2017-09-04 13:04:44 -07:00
Armon Dadgar
d52e099fc2
Addressing @dadgar feedback
2017-09-04 13:03:15 -07:00
Armon Dadgar
afdde24799
nomad: adding upsert policy endpoint
2017-09-04 13:03:15 -07:00
Armon Dadgar
e3e243f433
nomad: implement policy delete endpoint
2017-09-04 13:03:15 -07:00
Armon Dadgar
e4f5f305ea
nomad: adding Get/List endpoints for ACL policies
2017-09-04 13:03:15 -07:00