kemko/nomad
1
0
Fork 0
mirror of https://github.com/kemko/nomad.git synced 2026-01-01 16:05:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

eventstream: Handle missing policy documents in event streams (#15495)

Browse Source 
Fixes https://github.com/hashicorp/nomad/issues/15493

Co-authored-by: Tim Gross <tgross@hashicorp.com>
This commit is contained in:
Will Nicholson
2023-02-14 16:27:39 +00:00
committed by GitHub
parent 8373434b69
commit fd011ce8f2
2 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/15495.txt Normal file
View File

@@ -0,0 +1,3 @@
```release-note:bug
event stream: Fixed a bug where undefined ACL policies on the request's ACL would result in incorrect authentication errors
```

14
nomad/stream/event_broker.go
View File

@@ -295,9 +295,14 @@ func aclObjFromSnapshotForTokenSecretID(
for _, policyName := range aclToken.Policies {
policy, err := aclSnapshot.ACLPolicyByName(nil, policyName)
if err != nil || policy == nil {
if err != nil {
return nil, nil, errors.New("error finding acl policy")
}
if policy == nil {
// Ignore policies that don't exist, since they don't grant any
// more privilege.
continue
}
aclPolicies = append(aclPolicies, policy)
}
@@ -315,9 +320,14 @@ func aclObjFromSnapshotForTokenSecretID(
for _, policyLink := range role.Policies {
policy, err := aclSnapshot.ACLPolicyByName(nil, policyLink.Name)
if err != nil || policy == nil {
if err != nil {
return nil, nil, errors.New("error finding acl policy")
}
if policy == nil {
// Ignore policies that don't exist, since they don't grant any
// more privilege.
continue
}
aclPolicies = append(aclPolicies, policy)
}
}