kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

acl: use token locality consts when validating auth methods. (#18975)

Browse Source
This commit is contained in:
James Rasell
2023-11-03 07:22:54 +00:00
committed by GitHub
parent 1604dba508
commit 5f98e6473c
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
nomad/mock/acl.go
View File

@@ -268,7 +268,7 @@ func ACLOIDCAuthMethod() *structs.ACLAuthMethod {
method := structs.ACLAuthMethod{ method := structs.ACLAuthMethod{
Name: fmt.Sprintf("acl-auth-method-%s", uuid.Short()), Name: fmt.Sprintf("acl-auth-method-%s", uuid.Short()),
Type: "OIDC", Type: "OIDC",
TokenLocality: "local", TokenLocality: structs.ACLAuthMethodTokenLocalityLocal,
MaxTokenTTL: maxTokenTTL, MaxTokenTTL: maxTokenTTL,
Default: false, Default: false,
Config: &structs.ACLAuthMethodConfig{ Config: &structs.ACLAuthMethodConfig{
@@ -297,7 +297,7 @@ func ACLJWTAuthMethod() *structs.ACLAuthMethod {
method := structs.ACLAuthMethod{ method := structs.ACLAuthMethod{
Name: fmt.Sprintf("acl-auth-method-%s", uuid.Short()), Name: fmt.Sprintf("acl-auth-method-%s", uuid.Short()),
Type: "JWT", Type: "JWT",
TokenLocality: "local", TokenLocality: structs.ACLAuthMethodTokenLocalityLocal,
MaxTokenTTL: maxTokenTTL, MaxTokenTTL: maxTokenTTL,
Default: false, Default: false,
Config: &structs.ACLAuthMethodConfig{ Config: &structs.ACLAuthMethodConfig{

8
nomad/structs/acl.go
View File

@@ -222,7 +222,7 @@ var (
// ValidACLAuthMethod is used to validate an ACL auth method name. // ValidACLAuthMethod is used to validate an ACL auth method name.
ValidACLAuthMethod = regexp.MustCompile("^[a-zA-Z0-9-]{1,128}$") ValidACLAuthMethod = regexp.MustCompile("^[a-zA-Z0-9-]{1,128}$")
// ValitACLAuthMethodTypes lists supported auth method types. // ValidACLAuthMethodTypes lists supported auth method types.
ValidACLAuthMethodTypes = []string{ACLAuthMethodTypeOIDC, ACLAuthMethodTypeJWT} ValidACLAuthMethodTypes = []string{ACLAuthMethodTypeOIDC, ACLAuthMethodTypeJWT}
) )
@@ -924,7 +924,7 @@ func (a *ACLAuthMethod) Validate(minTTL, maxTTL time.Duration) error {
mErr.Errors = append(mErr.Errors, fmt.Errorf("invalid name '%s'", a.Name)) mErr.Errors = append(mErr.Errors, fmt.Errorf("invalid name '%s'", a.Name))
} }
if !slices.Contains([]string{"local", "global"}, a.TokenLocality) { if !slices.Contains([]string{ACLAuthMethodTokenLocalityLocal, ACLAuthMethodTokenLocalityGlobal}, a.TokenLocality) {
mErr.Errors = append( mErr.Errors = append(
mErr.Errors, fmt.Errorf("invalid token locality '%s'", a.TokenLocality)) mErr.Errors, fmt.Errorf("invalid token locality '%s'", a.TokenLocality))
} }
@@ -945,7 +945,9 @@ func (a *ACLAuthMethod) Validate(minTTL, maxTTL time.Duration) error {
// TokenLocalityIsGlobal returns whether the auth method creates global ACL // TokenLocalityIsGlobal returns whether the auth method creates global ACL
// tokens or not. // tokens or not.
func (a *ACLAuthMethod) TokenLocalityIsGlobal() bool { return a.TokenLocality == "global" } func (a *ACLAuthMethod) TokenLocalityIsGlobal() bool {
return a.TokenLocality == ACLAuthMethodTokenLocalityGlobal
}
// ACLAuthMethodConfig is used to store configuration of an auth method // ACLAuthMethodConfig is used to store configuration of an auth method
type ACLAuthMethodConfig struct { type ACLAuthMethodConfig struct {