mirror of https://github.com/hashicorp/consul
Avoid panic on nil partitionAuthorizer config
partitionAuthorizer.config can be nil if it wasn't provided on calls to newPartitionAuthorizer outside of the ACLResolver. This usage happens often in tests. This commit: adds a nil check when the config is going to be used, updates non-test usage of NewPolicyAuthorizerWithDefaults to pass a non-nil config, and dettaches setEnterpriseConf from the ACLResolver.pull/11433/head
parent
22bdf279d1
commit
df7b5af6f0
|
@ -292,7 +292,10 @@ func agentMasterAuthorizer(nodeName string, entMeta *structs.EnterpriseMeta) (ac
|
|||
},
|
||||
},
|
||||
}
|
||||
return acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), []*acl.Policy{policy}, nil)
|
||||
|
||||
var cfg *acl.Config
|
||||
setEnterpriseConf(entMeta, cfg)
|
||||
return acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), []*acl.Policy{policy}, cfg)
|
||||
}
|
||||
|
||||
func NewACLResolver(config *ACLResolverConfig) (*ACLResolver, error) {
|
||||
|
@ -1094,7 +1097,7 @@ func (r *ACLResolver) ResolveTokenToIdentityAndAuthorizer(token string) (structs
|
|||
if r.aclConf != nil {
|
||||
conf = *r.aclConf
|
||||
}
|
||||
r.setEnterpriseConf(identity, &conf)
|
||||
setEnterpriseConf(identity.EnterpriseMetadata(), &conf)
|
||||
|
||||
authz, err := policies.Compile(r.cache, &conf)
|
||||
if err != nil {
|
||||
|
|
|
@ -46,4 +46,4 @@ func (_ *ACLResolver) resolveLocallyManagedEnterpriseToken(_ string) (structs.AC
|
|||
return nil, nil, false
|
||||
}
|
||||
|
||||
func (_ *ACLResolver) setEnterpriseConf(identity structs.ACLIdentity, conf *acl.Config) {}
|
||||
func setEnterpriseConf(entMeta *structs.EnterpriseMeta, conf *acl.Config) {}
|
||||
|
|
Loading…
Reference in New Issue