From da786f64c7cf3e78f172453bf531e1eb1b4cbc09 Mon Sep 17 00:00:00 2001 From: Tim Gross Date: Tue, 3 Dec 2024 14:02:30 -0500 Subject: [PATCH] helper: sanitize method on ACL token object (#24600) There are several places where we want to redact the secret ID of an ACL token, some of which are in the Enterprise code base for Sentinel. Add a new method `Sanitize` that mirrors the one we have on `Node`. Ref: https://github.com/hashicorp/nomad-enterprise/pull/2087 --- nomad/structs/acl.go | 10 ++++++++++ nomad/structs/event.go | 3 +-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/nomad/structs/acl.go b/nomad/structs/acl.go index b60c1c2f1..eed00046f 100644 --- a/nomad/structs/acl.go +++ b/nomad/structs/acl.go @@ -474,6 +474,16 @@ func (a *ACLToken) UnmarshalJSON(data []byte) (err error) { return nil } +func (a *ACLToken) Sanitize() *ACLToken { + if a == nil { + return nil + } + + out := a.Copy() + out.SecretID = "" + return out +} + // ACLRole is an abstraction for the ACL system which allows the grouping of // ACL policies into a single object. ACL tokens can be created and linked to // a role; the token then inherits all the permissions granted by the policies. diff --git a/nomad/structs/event.go b/nomad/structs/event.go index 1eca62046..466421d38 100644 --- a/nomad/structs/event.go +++ b/nomad/structs/event.go @@ -155,8 +155,7 @@ type ServiceRegistrationStreamEvent struct { // NewACLTokenEvent takes a token and creates a new ACLTokenEvent. It creates // a copy of the passed in ACLToken and empties out the copied tokens SecretID func NewACLTokenEvent(token *ACLToken) *ACLTokenEvent { - c := token.Copy() - c.SecretID = "" + c := token.Sanitize() return &ACLTokenEvent{ ACLToken: c,