Browse Source

acl: memdb filter of tokens-by-policy was inverted (#5575)

The inversion wasn't noticed because the parallel execution of TokenList
tests was operating incorrectly due to variable shadowing.
pull/5578/head
R.B. Boyer 6 years ago committed by GitHub
parent
commit
0d1b496a52
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
  1. 8
      agent/consul/state/acl.go
  2. 2
      agent/consul/state/acl_test.go

8
agent/consul/state/acl.go

@ -523,16 +523,16 @@ func (s *Store) ACLTokenList(ws memdb.WatchSet, local, global bool, policy strin
iter = memdb.NewFilterIterator(iter, func(raw interface{}) bool { iter = memdb.NewFilterIterator(iter, func(raw interface{}) bool {
token, ok := raw.(*structs.ACLToken) token, ok := raw.(*structs.ACLToken)
if !ok { if !ok {
return false return true
} }
if global && !token.Local { if global && !token.Local {
return true return false
} else if local && token.Local { } else if local && token.Local {
return true return false
} }
return false return true
}) })
} }
} else if global == local { } else if global == local {

2
agent/consul/state/acl_test.go

@ -769,7 +769,6 @@ func TestStateStore_ACLToken_List(t *testing.T) {
policy: "a0625e95-9b3e-42de-a8d6-ceef5b6f3286", policy: "a0625e95-9b3e-42de-a8d6-ceef5b6f3286",
accessors: []string{ accessors: []string{
"47eea4da-bda1-48a6-901c-3e36d2d9262f", "47eea4da-bda1-48a6-901c-3e36d2d9262f",
"4915fc9d-3726-4171-b588-6c271f45eecd",
}, },
}, },
{ {
@ -788,6 +787,7 @@ func TestStateStore_ACLToken_List(t *testing.T) {
} }
for _, tc := range cases { for _, tc := range cases {
tc := tc // capture range variable
t.Run(tc.name, func(t *testing.T) { t.Run(tc.name, func(t *testing.T) {
t.Parallel() t.Parallel()
_, tokens, err := s.ACLTokenList(nil, tc.local, tc.global, tc.policy) _, tokens, err := s.ACLTokenList(nil, tc.local, tc.global, tc.policy)

Loading…
Cancel
Save