Skip to content

Commit

Permalink
Ensure that token clone copies the roles (#7577)
Browse files Browse the repository at this point in the history
  • Loading branch information
@mkeeler
mkeeler authored Apr 2, 2020
1 parent bcb7a89 commit 8aec09a
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 1 deletion.
1 change: 1 addition & 0 deletions agent/consul/acl_endpoint.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -311,6 +311,7 @@ func (a *ACL) TokenClone(args *structs.ACLTokenSetRequest, reply *structs.ACLTok
Datacenter: args.Datacenter,
ACLToken: structs.ACLToken{
Policies: token.Policies,
Roles: token.Roles,
ServiceIdentities: token.ServiceIdentities,
Local: token.Local,
Description: token.Description,
Expand Down
20 changes: 19 additions & 1 deletion agent/consul/acl_endpoint_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -754,7 +754,23 @@ func TestACLEndpoint_TokenClone(t *testing.T) {

testrpc.WaitForLeader(t, s1.RPC, "dc1")

t1, err := upsertTestToken(codec, "root", "dc1", nil)
p1, err := upsertTestPolicy(codec, "root", "dc1")
require.NoError(t, err)

r1, err := upsertTestRole(codec, "root", "dc1")
require.NoError(t, err)

t1, err := upsertTestToken(codec, "root", "dc1", func(t *structs.ACLToken) {
t.Policies = []structs.ACLTokenPolicyLink{
{ID: p1.ID},
}
t.Roles = []structs.ACLTokenRoleLink{
{ID: r1.ID},
}
t.ServiceIdentities = []*structs.ACLServiceIdentity{
&structs.ACLServiceIdentity{ServiceName: "web"},
}
})
require.NoError(t, err)

endpoint := ACL{srv: s1}
Expand All @@ -773,6 +789,8 @@ func TestACLEndpoint_TokenClone(t *testing.T) {

require.Equal(t, t1.Description, t2.Description)
require.Equal(t, t1.Policies, t2.Policies)
require.Equal(t, t1.Roles, t2.Roles)
require.Equal(t, t1.ServiceIdentities, t2.ServiceIdentities)
require.Equal(t, t1.Rules, t2.Rules)
require.Equal(t, t1.Local, t2.Local)
require.NotEqual(t, t1.AccessorID, t2.AccessorID)
Expand Down

0 comments on commit 8aec09a

Please sign in to comment.