github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Move ACL templated policies to hcl files (#18853)

pull/18868/head
Ronald 1 year ago committed by GitHub
parent
087539fc7b
commit
49cb84297f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 48 additions and 38 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      .copywrite.hcl
  2. 2
      agent/acl_endpoint_test.go
  3. 5
      agent/structs/acl_templated_policy.go
  4. 40
      agent/structs/acl_templated_policy_ce.go
  5. 10
      agent/structs/acltemplatedpolicy/policies/ce/dns.hcl
  6. 7
      agent/structs/acltemplatedpolicy/policies/ce/node.hcl
  7. 13
      agent/structs/acltemplatedpolicy/policies/ce/service.hcl
  8. 4
      command/acl/templatedpolicy/formatter_test.go
  9. 2
      command/acl/templatedpolicy/list/templated_policy_list_test.go

3
.copywrite.hcl
Unescape View File

@ -27,6 +27,9 @@ project {
"agent/grpc-middleware/rate_limit_mappings.gen.go",
"agent/uiserver/dist/**",
# ignoring policy embedded files
"agent/structs/acltemplatedpolicy/policies/ce/**",
# licensed under MPL - ignoring for now until the copywrite tool can support
# multiple licenses per repo.
"sdk/**",

2
agent/acl_endpoint_test.go
Unescape View File

@ -1401,7 +1401,7 @@ func TestACL_HTTP(t *testing.T) {
var templatedPolicy api.ACLTemplatedPolicyResponse
require.NoError(t, json.NewDecoder(resp.Body).Decode(&templatedPolicy))
require.Equal(t, structs.ACLTemplatedPolicyDNSSchema, templatedPolicy.Schema)
require.Equal(t, structs.ACLTemplatedPolicyNoRequiredVariablesSchema, templatedPolicy.Schema)
require.Equal(t, api.ACLTemplatedPolicyDNSName, templatedPolicy.TemplateName)
require.Equal(t, structs.ACLTemplatedPolicyDNS, templatedPolicy.Template)
})

5
agent/structs/acl_templated_policy.go
Unescape View File

@ -31,7 +31,8 @@ const (
ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003"
ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004"
ACLTemplatedPolicyDNSID = "00000000-0000-0000-0000-000000000005"
ACLTemplatedPolicyDNSSchema = "" // empty schema as it does not require variables
ACLTemplatedPolicyNoRequiredVariablesSchema = "" // catch-all schema for all templated policy that don't require a schema
)
// ACLTemplatedPolicyBase contains basic information about builtin templated policies
@ -63,7 +64,7 @@ var (
api.ACLTemplatedPolicyDNSName: {
TemplateID: ACLTemplatedPolicyDNSID,
TemplateName: api.ACLTemplatedPolicyDNSName,
Schema: ACLTemplatedPolicyDNSSchema,
Schema: ACLTemplatedPolicyNoRequiredVariablesSchema,
Template: ACLTemplatedPolicyDNS,
},
}

40
agent/structs/acl_templated_policy_ce.go
Unescape View File

@ -5,40 +5,16 @@
package structs
const (
ACLTemplatedPolicyService = `
service "{{.Name}}" {
policy = "write"
}
service "{{.Name}}-sidecar-proxy" {
policy = "write"
}
service_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}`
import _ "embed"
ACLTemplatedPolicyNode = `
node "{{.Name}}" {
policy = "write"
}
service_prefix "" {
policy = "read"
}`
//go:embed acltemplatedpolicy/policies/ce/service.hcl
var ACLTemplatedPolicyService string
ACLTemplatedPolicyDNS = `
node_prefix "" {
policy = "read"
}
service_prefix "" {
policy = "read"
}
query_prefix "" {
policy = "read"
}`
)
//go:embed acltemplatedpolicy/policies/ce/node.hcl
var ACLTemplatedPolicyNode string
//go:embed acltemplatedpolicy/policies/ce/dns.hcl
var ACLTemplatedPolicyDNS string
func (t *ACLToken) TemplatedPolicyList() []*ACLTemplatedPolicy {
if len(t.TemplatedPolicies) == 0 {

10
agent/structs/acltemplatedpolicy/policies/ce/dns.hcl
Unescape View File

@ -0,0 +1,10 @@
node_prefix "" {
policy = "read"
}
service_prefix "" {
policy = "read"
}
query_prefix "" {
policy = "read"
}

7
agent/structs/acltemplatedpolicy/policies/ce/node.hcl
Unescape View File

@ -0,0 +1,7 @@
node "{{.Name}}" {
policy = "write"
}
service_prefix "" {
policy = "read"
}

13
agent/structs/acltemplatedpolicy/policies/ce/service.hcl
Unescape View File

@ -0,0 +1,13 @@
service "{{.Name}}" {
policy = "write"
}
service "{{.Name}}-sidecar-proxy" {
policy = "write"
}
service_prefix "" {
policy = "read"
}
node_prefix "" {
policy = "read"
}

4
command/acl/templatedpolicy/formatter_test.go
Unescape View File

@ -42,7 +42,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
"dns-templated-policy": {
templatedPolicy: api.ACLTemplatedPolicyResponse{
TemplateName: api.ACLTemplatedPolicyDNSName,
Schema: structs.ACLTemplatedPolicyDNSSchema,
Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema,
Template: structs.ACLTemplatedPolicyDNS,
},
},
@ -94,7 +94,7 @@ func testFormatTemplatedPolicyList(t *testing.T, dirPath string) {
},
"builtin/dns": {
TemplateName: api.ACLTemplatedPolicyDNSName,
Schema: structs.ACLTemplatedPolicyDNSSchema,
Schema: structs.ACLTemplatedPolicyNoRequiredVariablesSchema,
Template: structs.ACLTemplatedPolicyDNS,
},
"builtin/service": {

2
command/acl/templatedpolicy/list/templated_policy_list_test.go
Unescape View File

@ -98,5 +98,5 @@ func TestTemplatedPolicyListCommand_JSON(t *testing.T) {
err := json.Unmarshal([]byte(output), &jsonOutput)
assert.NoError(t, err)
outputTemplate := jsonOutput[api.ACLTemplatedPolicyDNSName]
assert.Equal(t, structs.ACLTemplatedPolicyDNSSchema, outputTemplate.Schema)
assert.Equal(t, structs.ACLTemplatedPolicyNoRequiredVariablesSchema, outputTemplate.Schema)
}

Write Preview
Loading…
Cancel
Save