acls: Show AuthMethodNamespace when reading/listing ACL token meta (#…

…10598)
hashicorp · Jul 15, 2021 · 0527dcf · 0527dcf
1 parent bb67513
commit 0527dcf
Showing 11 changed files with 63 additions and 46 deletions.
diff --git a/.changelog/10598.txt b/.changelog/10598.txt
@@ -0,0 +1,3 @@
+```release-note:enhancement
+acls: Show AuthMethodNamespace when reading/listing ACL tokens
+```
diff --git a/agent/structs/acl.go b/agent/structs/acl.go
@@ -572,28 +572,30 @@ type ACLTokenListStub struct {
 	ModifyIndex       uint64
 	Legacy            bool `json:",omitempty"`
 	EnterpriseMeta
+	ACLAuthMethodEnterpriseMeta
 }
 
 type ACLTokenListStubs []*ACLTokenListStub
 
 func (token *ACLToken) Stub() *ACLTokenListStub {
 	return &ACLTokenListStub{
-		AccessorID:        token.AccessorID,
-		SecretID:          token.SecretID,
-		Description:       token.Description,
-		Policies:          token.Policies,
-		Roles:             token.Roles,
-		ServiceIdentities: token.ServiceIdentities,
-		NodeIdentities:    token.NodeIdentities,
-		Local:             token.Local,
-		AuthMethod:        token.AuthMethod,
-		ExpirationTime:    token.ExpirationTime,
-		CreateTime:        token.CreateTime,
-		Hash:              token.Hash,
-		CreateIndex:       token.CreateIndex,
-		ModifyIndex:       token.ModifyIndex,
-		Legacy:            token.Rules != "",
-		EnterpriseMeta:    token.EnterpriseMeta,
+		AccessorID:                  token.AccessorID,
+		SecretID:                    token.SecretID,
+		Description:                 token.Description,
+		Policies:                    token.Policies,
+		Roles:                       token.Roles,
+		ServiceIdentities:           token.ServiceIdentities,
+		NodeIdentities:              token.NodeIdentities,
+		Local:                       token.Local,
+		AuthMethod:                  token.AuthMethod,
+		ExpirationTime:              token.ExpirationTime,
+		CreateTime:                  token.CreateTime,
+		Hash:                        token.Hash,
+		CreateIndex:                 token.CreateIndex,
+		ModifyIndex:                 token.ModifyIndex,
+		Legacy:                      token.Rules != "",
+		EnterpriseMeta:              token.EnterpriseMeta,
+		ACLAuthMethodEnterpriseMeta: token.ACLAuthMethodEnterpriseMeta,
 	}
 }
 

diff --git a/api/acl.go b/api/acl.go
@@ -52,6 +52,10 @@ type ACLToken struct {
 	// Namespace is the namespace the ACLToken is associated with.
 	// Namespaces are a Consul Enterprise feature.
 	Namespace string `json:",omitempty"`
+
+	// AuthMethodNamespace is the namespace the token's AuthMethod is associated with.
+	// Namespacing is a Consul Enterprise feature.
+	AuthMethodNamespace string `json:",omitempty"`
 }
 
 type ACLTokenListEntry struct {
@@ -74,6 +78,10 @@ type ACLTokenListEntry struct {
 	// Namespace is the namespace the ACLTokenListEntry is associated with.
 	// Namespacing is a Consul Enterprise feature.
 	Namespace string `json:",omitempty"`
+
+	// AuthMethodNamespace is the namespace the token's AuthMethod is associated with.
+	// Namespacing is a Consul Enterprise feature.
+	AuthMethodNamespace string `json:",omitempty"`
 }
 
 // ACLEntry is used to represent a legacy ACL token

diff --git a/command/acl/token/formatter.go b/command/acl/token/formatter.go
@@ -58,7 +58,7 @@ func (f *prettyFormatter) FormatToken(token *api.ACLToken) (string, error) {
 	buffer.WriteString(fmt.Sprintf("Description:      %s\n", token.Description))
 	buffer.WriteString(fmt.Sprintf("Local:            %t\n", token.Local))
 	if token.AuthMethod != "" {
-		buffer.WriteString(fmt.Sprintf("Auth Method:      %s\n", token.AuthMethod))
+		buffer.WriteString(fmt.Sprintf("Auth Method:      %s (Namespace: %s)\n", token.AuthMethod, token.AuthMethodNamespace))
 	}
 	buffer.WriteString(fmt.Sprintf("Create Time:      %v\n", token.CreateTime))
 	if token.ExpirationTime != nil && !token.ExpirationTime.IsZero() {
@@ -132,7 +132,7 @@ func (f *prettyFormatter) formatTokenListEntry(token *api.ACLTokenListEntry) str
 	buffer.WriteString(fmt.Sprintf("Description:      %s\n", token.Description))
 	buffer.WriteString(fmt.Sprintf("Local:            %t\n", token.Local))
 	if token.AuthMethod != "" {
-		buffer.WriteString(fmt.Sprintf("Auth Method:      %s\n", token.AuthMethod))
+		buffer.WriteString(fmt.Sprintf("Auth Method:      %s (Namespace: %s)\n", token.AuthMethod, token.AuthMethodNamespace))
 	}
 	buffer.WriteString(fmt.Sprintf("Create Time:      %v\n", token.CreateTime))
 	if token.ExpirationTime != nil && !token.ExpirationTime.IsZero() {

diff --git a/command/acl/token/formatter_test.go b/command/acl/token/formatter_test.go
@@ -66,17 +66,18 @@ func TestFormatToken(t *testing.T) {
 		},
 		"complex": {
 			token: api.ACLToken{
-				AccessorID:     "fbd2447f-7479-4329-ad13-b021d74f86ba",
-				SecretID:       "869c6e91-4de9-4dab-b56e-87548435f9c6",
-				Namespace:      "foo",
-				Description:    "test token",
-				Local:          false,
-				AuthMethod:     "bar",
-				CreateTime:     time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC),
-				ExpirationTime: timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)),
-				Hash:           []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'},
-				CreateIndex:    5,
-				ModifyIndex:    10,
+				AccessorID:          "fbd2447f-7479-4329-ad13-b021d74f86ba",
+				SecretID:            "869c6e91-4de9-4dab-b56e-87548435f9c6",
+				Namespace:           "foo",
+				Description:         "test token",
+				Local:               false,
+				AuthMethod:          "bar",
+				AuthMethodNamespace: "baz",
+				CreateTime:          time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC),
+				ExpirationTime:      timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)),
+				Hash:                []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'},
+				CreateIndex:         5,
+				ModifyIndex:         10,
 				Policies: []*api.ACLLink{
 					{
 						ID:   "beb04680-815b-4d7c-9e33-3d707c24672c",
@@ -178,17 +179,18 @@ func TestFormatTokenList(t *testing.T) {
 		"complex": {
 			tokens: []*api.ACLTokenListEntry{
 				{
-					AccessorID:     "fbd2447f-7479-4329-ad13-b021d74f86ba",
-					SecretID:       "257ade69-748c-4022-bafd-76d27d9143f8",
-					Namespace:      "foo",
-					Description:    "test token",
-					Local:          false,
-					AuthMethod:     "bar",
-					CreateTime:     time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC),
-					ExpirationTime: timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)),
-					Hash:           []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'},
-					CreateIndex:    5,
-					ModifyIndex:    10,
+					AccessorID:          "fbd2447f-7479-4329-ad13-b021d74f86ba",
+					SecretID:            "257ade69-748c-4022-bafd-76d27d9143f8",
+					Namespace:           "foo",
+					Description:         "test token",
+					Local:               false,
+					AuthMethod:          "bar",
+					AuthMethodNamespace: "baz",
+					CreateTime:          time.Date(2020, 5, 22, 18, 52, 31, 0, time.UTC),
+					ExpirationTime:      timeRef(time.Date(2020, 5, 22, 19, 52, 31, 0, time.UTC)),
+					Hash:                []byte{'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'},
+					CreateIndex:         5,
+					ModifyIndex:         10,
 					Policies: []*api.ACLLink{
 						{
 							ID:   "beb04680-815b-4d7c-9e33-3d707c24672c",

diff --git a/command/acl/token/testdata/FormatToken/complex.json.golden b/command/acl/token/testdata/FormatToken/complex.json.golden
@@ -43,5 +43,6 @@
     "ExpirationTime": "2020-05-22T19:52:31Z",
     "CreateTime": "2020-05-22T18:52:31Z",
     "Hash": "YWJjZGVmZ2g=",
-    "Namespace": "foo"
+    "Namespace": "foo",
+    "AuthMethodNamespace": "baz"
 }
diff --git a/command/acl/token/testdata/FormatToken/complex.pretty-meta.golden b/command/acl/token/testdata/FormatToken/complex.pretty-meta.golden
@@ -3,7 +3,7 @@ SecretID:         869c6e91-4de9-4dab-b56e-87548435f9c6
 Namespace:        foo
 Description:      test token
 Local:            false
-Auth Method:      bar
+Auth Method:      bar (Namespace: baz)
 Create Time:      2020-05-22 18:52:31 +0000 UTC
 Expiration Time:  2020-05-22 19:52:31 +0000 UTC
 Hash:             6162636465666768

diff --git a/command/acl/token/testdata/FormatToken/complex.pretty.golden b/command/acl/token/testdata/FormatToken/complex.pretty.golden
@@ -3,7 +3,7 @@ SecretID:         869c6e91-4de9-4dab-b56e-87548435f9c6
 Namespace:        foo
 Description:      test token
 Local:            false
-Auth Method:      bar
+Auth Method:      bar (Namespace: baz)
 Create Time:      2020-05-22 18:52:31 +0000 UTC
 Expiration Time:  2020-05-22 19:52:31 +0000 UTC
 Policies:

diff --git a/command/acl/token/testdata/FormatTokenList/complex.json.golden b/command/acl/token/testdata/FormatTokenList/complex.json.golden
@@ -45,6 +45,7 @@
         "CreateTime": "2020-05-22T18:52:31Z",
         "Hash": "YWJjZGVmZ2g=",
         "Legacy": false,
-        "Namespace": "foo"
+        "Namespace": "foo",
+        "AuthMethodNamespace": "baz"
     }
 ]
diff --git a/command/acl/token/testdata/FormatTokenList/complex.pretty-meta.golden b/command/acl/token/testdata/FormatTokenList/complex.pretty-meta.golden
@@ -3,7 +3,7 @@ SecretID:         257ade69-748c-4022-bafd-76d27d9143f8
 Namespace:        foo
 Description:      test token
 Local:            false
-Auth Method:      bar
+Auth Method:      bar (Namespace: baz)
 Create Time:      2020-05-22 18:52:31 +0000 UTC
 Expiration Time:  2020-05-22 19:52:31 +0000 UTC
 Legacy:           false

diff --git a/command/acl/token/testdata/FormatTokenList/complex.pretty.golden b/command/acl/token/testdata/FormatTokenList/complex.pretty.golden
@@ -3,7 +3,7 @@ SecretID:         257ade69-748c-4022-bafd-76d27d9143f8
 Namespace:        foo
 Description:      test token
 Local:            false
-Auth Method:      bar
+Auth Method:      bar (Namespace: baz)
 Create Time:      2020-05-22 18:52:31 +0000 UTC
 Expiration Time:  2020-05-22 19:52:31 +0000 UTC
 Legacy:           false