mirror of https://github.com/hashicorp/consul
api: fix panic in 'consul acl set-agent-token' (#5533)
api: fix panic in 'consul acl set-agent-token' Fixes #5531pull/5541/head
R.B. Boyer
GitHub
parent
462a73fa28
commit
f8bcfcfa46
16
api/agent.go
16
api/agent.go
|
|
@ -2,7 +2,9 @@ package api
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bufio"
|
"bufio"
|
||||||
|
"bytes"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
"net/url"
|
||||||
)
|
)
|
||||||
|
|
@ -1000,12 +1002,20 @@ func (a *Agent) updateTokenOnce(target, token string, q *WriteOptions) (*WriteMe
|
||||||
r := a.c.newRequest("PUT", fmt.Sprintf("/v1/agent/token/%s", target))
|
r := a.c.newRequest("PUT", fmt.Sprintf("/v1/agent/token/%s", target))
|
||||||
r.setWriteOptions(q)
|
r.setWriteOptions(q)
|
||||||
r.obj = &AgentToken{Token: token}
|
r.obj = &AgentToken{Token: token}
|
||||||
rtt, resp, err := requireOK(a.c.doRequest(r))
|
|
||||||
|
rtt, resp, err := a.c.doRequest(r)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, resp.StatusCode, err
|
return nil, 0, err
|
||||||
}
|
}
|
||||||
resp.Body.Close()
|
defer resp.Body.Close()
|
||||||
|
|
||||||
wm := &WriteMeta{RequestTime: rtt}
|
wm := &WriteMeta{RequestTime: rtt}
|
||||||
|
|
||||||
|
if resp.StatusCode != 200 {
|
||||||
|
var buf bytes.Buffer
|
||||||
|
io.Copy(&buf, resp.Body)
|
||||||
|
return wm, resp.StatusCode, fmt.Errorf("Unexpected response code: %d (%s)", resp.StatusCode, buf.Bytes())
|
||||||
|
}
|
||||||
|
|
||||||
return wm, resp.StatusCode, nil
|
return wm, resp.StatusCode, nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,9 @@ package api
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
|
"net/http"
|
||||||
|
"net/http/httptest"
|
||||||
|
"net/http/httputil"
|
||||||
"os"
|
"os"
|
||||||
"path/filepath"
|
"path/filepath"
|
||||||
"strings"
|
"strings"
|
||||||
|
|
@ -1243,8 +1246,8 @@ func TestAPI_AgentUpdateToken(t *testing.T) {
|
||||||
c, s := makeACLClient(t)
|
c, s := makeACLClient(t)
|
||||||
defer s.Stop()
|
defer s.Stop()
|
||||||
|
|
||||||
|
t.Run("deprecated", func(t *testing.T) {
|
||||||
agent := c.Agent()
|
agent := c.Agent()
|
||||||
|
|
||||||
if _, err := agent.UpdateACLToken("root", nil); err != nil {
|
if _, err := agent.UpdateACLToken("root", nil); err != nil {
|
||||||
t.Fatalf("err: %v", err)
|
t.Fatalf("err: %v", err)
|
||||||
}
|
}
|
||||||
|
|
@ -1260,7 +1263,10 @@ func TestAPI_AgentUpdateToken(t *testing.T) {
|
||||||
if _, err := agent.UpdateACLReplicationToken("root", nil); err != nil {
|
if _, err := agent.UpdateACLReplicationToken("root", nil); err != nil {
|
||||||
t.Fatalf("err: %v", err)
|
t.Fatalf("err: %v", err)
|
||||||
}
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("new with no fallback", func(t *testing.T) {
|
||||||
|
agent := c.Agent()
|
||||||
if _, err := agent.UpdateDefaultACLToken("root", nil); err != nil {
|
if _, err := agent.UpdateDefaultACLToken("root", nil); err != nil {
|
||||||
t.Fatalf("err: %v", err)
|
t.Fatalf("err: %v", err)
|
||||||
}
|
}
|
||||||
|
|
@ -1276,6 +1282,89 @@ func TestAPI_AgentUpdateToken(t *testing.T) {
|
||||||
if _, err := agent.UpdateReplicationACLToken("root", nil); err != nil {
|
if _, err := agent.UpdateReplicationACLToken("root", nil); err != nil {
|
||||||
t.Fatalf("err: %v", err)
|
t.Fatalf("err: %v", err)
|
||||||
}
|
}
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("new with fallback", func(t *testing.T) {
|
||||||
|
// Respond with 404 for the new paths to trigger fallback.
|
||||||
|
failer := func(w http.ResponseWriter, req *http.Request) {
|
||||||
|
w.WriteHeader(404)
|
||||||
|
}
|
||||||
|
notfound := httptest.NewServer(http.HandlerFunc(failer))
|
||||||
|
defer notfound.Close()
|
||||||
|
|
||||||
|
raw := c // real consul client
|
||||||
|
|
||||||
|
// Set up a reverse proxy that will send some requests to the
|
||||||
|
// 404 server and pass everything else through to the real Consul
|
||||||
|
// server.
|
||||||
|
director := func(req *http.Request) {
|
||||||
|
req.URL.Scheme = "http"
|
||||||
|
|
||||||
|
switch req.URL.Path {
|
||||||
|
case "/v1/agent/token/default",
|
||||||
|
"/v1/agent/token/agent",
|
||||||
|
"/v1/agent/token/agent_master",
|
||||||
|
"/v1/agent/token/replication":
|
||||||
|
req.URL.Host = notfound.URL[7:] // Strip off "http://".
|
||||||
|
default:
|
||||||
|
req.URL.Host = raw.config.Address
|
||||||
|
}
|
||||||
|
}
|
||||||
|
proxy := httptest.NewServer(&httputil.ReverseProxy{Director: director})
|
||||||
|
defer proxy.Close()
|
||||||
|
|
||||||
|
// Make another client that points at the proxy instead of the real
|
||||||
|
// Consul server.
|
||||||
|
config := raw.config
|
||||||
|
config.Address = proxy.URL[7:] // Strip off "http://".
|
||||||
|
c, err := NewClient(&config)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
agent := c.Agent()
|
||||||
|
|
||||||
|
_, err = agent.UpdateDefaultACLToken("root", nil)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
_, err = agent.UpdateAgentACLToken("root", nil)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
_, err = agent.UpdateAgentMasterACLToken("root", nil)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
_, err = agent.UpdateReplicationACLToken("root", nil)
|
||||||
|
require.NoError(t, err)
|
||||||
|
})
|
||||||
|
|
||||||
|
t.Run("new with 403s", func(t *testing.T) {
|
||||||
|
failer := func(w http.ResponseWriter, req *http.Request) {
|
||||||
|
w.WriteHeader(403)
|
||||||
|
}
|
||||||
|
authdeny := httptest.NewServer(http.HandlerFunc(failer))
|
||||||
|
defer authdeny.Close()
|
||||||
|
|
||||||
|
raw := c // real consul client
|
||||||
|
|
||||||
|
// Make another client that points at the proxy instead of the real
|
||||||
|
// Consul server.
|
||||||
|
config := raw.config
|
||||||
|
config.Address = authdeny.URL[7:] // Strip off "http://".
|
||||||
|
c, err := NewClient(&config)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
agent := c.Agent()
|
||||||
|
|
||||||
|
_, err = agent.UpdateDefaultACLToken("root", nil)
|
||||||
|
require.Error(t, err)
|
||||||
|
|
||||||
|
_, err = agent.UpdateAgentACLToken("root", nil)
|
||||||
|
require.Error(t, err)
|
||||||
|
|
||||||
|
_, err = agent.UpdateAgentMasterACLToken("root", nil)
|
||||||
|
require.Error(t, err)
|
||||||
|
|
||||||
|
_, err = agent.UpdateReplicationACLToken("root", nil)
|
||||||
|
require.Error(t, err)
|
||||||
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestAPI_AgentConnectCARoots_empty(t *testing.T) {
|
func TestAPI_AgentConnectCARoots_empty(t *testing.T) {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue