mirror of https://github.com/hashicorp/consul
Use embedded strings for templated policies (#18829)
parent
753c8f1774
commit
aff13cd4c2
|
@ -1378,7 +1378,7 @@ func TestACL_HTTP(t *testing.T) {
|
|||
|
||||
require.Equal(t, api.ACLTemplatedPolicyResponse{
|
||||
TemplateName: api.ACLTemplatedPolicyServiceName,
|
||||
Schema: structs.ACLTemplatedPolicyIdentitiesSchema,
|
||||
Schema: structs.ACLTemplatedPolicyServiceSchema,
|
||||
Template: structs.ACLTemplatedPolicyService,
|
||||
}, list[api.ACLTemplatedPolicyServiceName])
|
||||
})
|
||||
|
|
|
@ -5,6 +5,7 @@ package structs
|
|||
|
||||
import (
|
||||
"bytes"
|
||||
_ "embed"
|
||||
"fmt"
|
||||
"hash"
|
||||
"hash/fnv"
|
||||
|
@ -18,26 +19,17 @@ import (
|
|||
"golang.org/x/exp/slices"
|
||||
)
|
||||
|
||||
//go:embed acltemplatedpolicy/schemas/node.json
|
||||
var ACLTemplatedPolicyNodeSchema string
|
||||
|
||||
//go:embed acltemplatedpolicy/schemas/service.json
|
||||
var ACLTemplatedPolicyServiceSchema string
|
||||
|
||||
type ACLTemplatedPolicies []*ACLTemplatedPolicy
|
||||
|
||||
const (
|
||||
ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004"
|
||||
ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003"
|
||||
ACLTemplatedPolicyIdentitiesSchema = `
|
||||
{
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"name": { "type": "string", "$ref": "#/definitions/min-length-one" }
|
||||
},
|
||||
"required": ["name"],
|
||||
"definitions": {
|
||||
"min-length-one": {
|
||||
"type": "string",
|
||||
"minLength": 1
|
||||
}
|
||||
}
|
||||
}`
|
||||
|
||||
ACLTemplatedPolicyNodeID = "00000000-0000-0000-0000-000000000004"
|
||||
ACLTemplatedPolicyDNSID = "00000000-0000-0000-0000-000000000005"
|
||||
ACLTemplatedPolicyDNSSchema = "" // empty schema as it does not require variables
|
||||
)
|
||||
|
@ -59,13 +51,13 @@ var (
|
|||
api.ACLTemplatedPolicyServiceName: {
|
||||
TemplateID: ACLTemplatedPolicyServiceID,
|
||||
TemplateName: api.ACLTemplatedPolicyServiceName,
|
||||
Schema: ACLTemplatedPolicyIdentitiesSchema,
|
||||
Schema: ACLTemplatedPolicyServiceSchema,
|
||||
Template: ACLTemplatedPolicyService,
|
||||
},
|
||||
api.ACLTemplatedPolicyNodeName: {
|
||||
TemplateID: ACLTemplatedPolicyNodeID,
|
||||
TemplateName: api.ACLTemplatedPolicyNodeName,
|
||||
Schema: ACLTemplatedPolicyIdentitiesSchema,
|
||||
Schema: ACLTemplatedPolicyNodeSchema,
|
||||
Template: ACLTemplatedPolicyNode,
|
||||
},
|
||||
api.ACLTemplatedPolicyDNSName: {
|
||||
|
@ -273,6 +265,7 @@ func GetACLTemplatedPolicyBase(templateName string) (*ACLTemplatedPolicyBase, bo
|
|||
return nil, false
|
||||
}
|
||||
|
||||
// GetACLTemplatedPolicyList returns a copy of the list of templated policies
|
||||
func GetACLTemplatedPolicyList() map[string]*ACLTemplatedPolicyBase {
|
||||
m := make(map[string]*ACLTemplatedPolicyBase, len(aclTemplatedPoliciesList))
|
||||
for k, v := range aclTemplatedPoliciesList {
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"name": { "type": "string", "$ref": "#/definitions/min-length-one" }
|
||||
},
|
||||
"required": ["name"],
|
||||
"definitions": {
|
||||
"min-length-one": {
|
||||
"type": "string",
|
||||
"minLength": 1
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
"type": "object",
|
||||
"properties": {
|
||||
"name": { "type": "string", "$ref": "#/definitions/min-length-one" }
|
||||
},
|
||||
"required": ["name"],
|
||||
"definitions": {
|
||||
"min-length-one": {
|
||||
"type": "string",
|
||||
"minLength": 1
|
||||
}
|
||||
}
|
||||
}
|
|
@ -35,7 +35,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
|
|||
"node-templated-policy": {
|
||||
templatedPolicy: api.ACLTemplatedPolicyResponse{
|
||||
TemplateName: api.ACLTemplatedPolicyNodeName,
|
||||
Schema: structs.ACLTemplatedPolicyIdentitiesSchema,
|
||||
Schema: structs.ACLTemplatedPolicyNodeSchema,
|
||||
Template: structs.ACLTemplatedPolicyNode,
|
||||
},
|
||||
},
|
||||
|
@ -49,7 +49,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
|
|||
"service-templated-policy": {
|
||||
templatedPolicy: api.ACLTemplatedPolicyResponse{
|
||||
TemplateName: api.ACLTemplatedPolicyServiceName,
|
||||
Schema: structs.ACLTemplatedPolicyIdentitiesSchema,
|
||||
Schema: structs.ACLTemplatedPolicyServiceSchema,
|
||||
Template: structs.ACLTemplatedPolicyService,
|
||||
},
|
||||
},
|
||||
|
@ -89,7 +89,7 @@ func testFormatTemplatedPolicyList(t *testing.T, dirPath string) {
|
|||
policies := map[string]api.ACLTemplatedPolicyResponse{
|
||||
"builtin/node": {
|
||||
TemplateName: api.ACLTemplatedPolicyNodeName,
|
||||
Schema: structs.ACLTemplatedPolicyIdentitiesSchema,
|
||||
Schema: structs.ACLTemplatedPolicyNodeSchema,
|
||||
Template: structs.ACLTemplatedPolicyNode,
|
||||
},
|
||||
"builtin/dns": {
|
||||
|
@ -99,7 +99,7 @@ func testFormatTemplatedPolicyList(t *testing.T, dirPath string) {
|
|||
},
|
||||
"builtin/service": {
|
||||
TemplateName: api.ACLTemplatedPolicyServiceName,
|
||||
Schema: structs.ACLTemplatedPolicyIdentitiesSchema,
|
||||
Schema: structs.ACLTemplatedPolicyServiceSchema,
|
||||
Template: structs.ACLTemplatedPolicyService,
|
||||
},
|
||||
}
|
||||
|
|
|
@ -128,7 +128,7 @@ func TestTemplatedPolicyReadCommand_JSON(t *testing.T) {
|
|||
err := json.Unmarshal([]byte(output), &templatedPolicy)
|
||||
|
||||
assert.NoError(t, err)
|
||||
assert.Equal(t, structs.ACLTemplatedPolicyIdentitiesSchema, templatedPolicy.Schema)
|
||||
assert.Equal(t, structs.ACLTemplatedPolicyNodeSchema, templatedPolicy.Schema)
|
||||
assert.Equal(t, api.ACLTemplatedPolicyNodeName, templatedPolicy.TemplateName)
|
||||
})
|
||||
}
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"TemplateName": "builtin/node",
|
||||
"Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||
"Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
||||
}
|
|
@ -4,7 +4,6 @@ Input variables:
|
|||
Example usage:
|
||||
consul acl token create -templated-policy builtin/node -var name:node-1
|
||||
Schema:
|
||||
|
||||
{
|
||||
"type": "object",
|
||||
"properties": {
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{
|
||||
"TemplateName": "builtin/service",
|
||||
"Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||
"Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
||||
}
|
|
@ -4,7 +4,6 @@ Input variables:
|
|||
Example usage:
|
||||
consul acl token create -templated-policy builtin/service -var name:api
|
||||
Schema:
|
||||
|
||||
{
|
||||
"type": "object",
|
||||
"properties": {
|
||||
|
|
|
@ -6,12 +6,12 @@
|
|||
},
|
||||
"builtin/node": {
|
||||
"TemplateName": "builtin/node",
|
||||
"Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||
"Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
||||
},
|
||||
"builtin/service": {
|
||||
"TemplateName": "builtin/service",
|
||||
"Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||
"Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
|
||||
"Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}"
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue