Fix broken merge

2024-02-12 16:41:42 -05:00 · 2024-02-12 16:41:42 -05:00 · 76afe081a5
parent e484c3c7dc
commit 76afe081a5
1 changed files with 44 additions and 0 deletions
--- a/internal/auth/internal/types/validate.go
+++ b/internal/auth/internal/types/validate.go
@ -5,6 +5,7 @@ package types

 import (
 	"github.com/hashicorp/go-multierror"
+	"golang.org/x/exp/slices"

 	"github.com/hashicorp/consul/internal/resource"
 	pbauth "github.com/hashicorp/consul/proto-public/pbauth/v2beta1"
@ -119,6 +120,12 @@ func validatePermission(p *pbauth.Permission, id *pbresource.ID, wrapErr func(er
 				}
 			}
 		}
+		if dest.IsEmpty() {
+			merr = multierror.Append(merr, wrapDestRuleErr(resource.ErrInvalidListElement{
+				Name:    "destination_rule",
+				Wrapped: errInvalidRule,
+			}))
+		}
 		if len(dest.Exclude) > 0 {
 			for e, excl := range dest.Exclude {
 				wrapExclPermRuleErr := func(err error) error {
@ -136,6 +143,43 @@ func validatePermission(p *pbauth.Permission, id *pbresource.ID, wrapErr func(er
 						Wrapped: errInvalidPrefixValues,
 					}))
 				}
+				for eh, hdr := range excl.Headers {
+					wrapExclHeaderErr := func(err error) error {
+						return wrapDestRuleErr(resource.ErrInvalidListElement{
+							Name:    "exclude_permission_header_rules",
+							Index:   eh,
+							Wrapped: err,
+						})
+					}
+					if len(hdr.Name) == 0 {
+						merr = multierror.Append(merr, wrapExclHeaderErr(resource.ErrInvalidListElement{
+							Name:    "exclude_permission_header_rule",
+							Wrapped: errHeaderRulesInvalid,
+						}))
+					}
+				}
+				for _, m := range excl.Methods {
+					if len(dest.Methods) != 0 && !slices.Contains(dest.Methods, m) {
+						merr = multierror.Append(merr, wrapExclPermRuleErr(resource.ErrInvalidListElement{
+							Name:    "exclude_permission_header_rule",
+							Wrapped: errExclValuesMustBeSubset,
+						}))
+					}
+				}
+				for _, port := range excl.PortNames {
+					if len(dest.PortNames) != 0 && !slices.Contains(dest.PortNames, port) {
+						merr = multierror.Append(merr, wrapExclPermRuleErr(resource.ErrInvalidListElement{
+							Name:    "exclude_permission_header_rule",
+							Wrapped: errExclValuesMustBeSubset,
+						}))
+					}
+				}
+				if excl.IsEmpty() {
+					merr = multierror.Append(merr, wrapExclPermRuleErr(resource.ErrInvalidListElement{
+						Name:    "exclude_permission_rule",
+						Wrapped: errInvalidRule,
+					}))
+				}
 			}
 		}
 	}