Avoid panic on nil partitionAuthorizer config

partitionAuthorizer.config can be nil if it wasn't provided on calls to
newPartitionAuthorizer outside of the ACLResolver. This usage happens
often in tests.

This commit: adds a nil check when the config is going to be used,
updates non-test usage of NewPolicyAuthorizerWithDefaults to pass a
non-nil config, and dettaches setEnterpriseConf from the ACLResolver.
pull/11433/head
freddygv 2021-10-26 12:02:34 -06:00
parent 22bdf279d1
commit df7b5af6f0
2 changed files with 6 additions and 3 deletions

View File

@ -292,7 +292,10 @@ func agentMasterAuthorizer(nodeName string, entMeta *structs.EnterpriseMeta) (ac
},
},
}
return acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), []*acl.Policy{policy}, nil)
var cfg *acl.Config
setEnterpriseConf(entMeta, cfg)
return acl.NewPolicyAuthorizerWithDefaults(acl.DenyAll(), []*acl.Policy{policy}, cfg)
}
func NewACLResolver(config *ACLResolverConfig) (*ACLResolver, error) {
@ -1094,7 +1097,7 @@ func (r *ACLResolver) ResolveTokenToIdentityAndAuthorizer(token string) (structs
if r.aclConf != nil {
conf = *r.aclConf
}
r.setEnterpriseConf(identity, &conf)
setEnterpriseConf(identity.EnterpriseMetadata(), &conf)
authz, err := policies.Compile(r.cache, &conf)
if err != nil {

View File

@ -46,4 +46,4 @@ func (_ *ACLResolver) resolveLocallyManagedEnterpriseToken(_ string) (structs.AC
return nil, nil, false
}
func (_ *ACLResolver) setEnterpriseConf(identity structs.ACLIdentity, conf *acl.Config) {}
func setEnterpriseConf(entMeta *structs.EnterpriseMeta, conf *acl.Config) {}