added check if anonymous token policy exists by aahel · Pull Request #2790 · hashicorp/consul-k8s

aahel · 2023-08-18T05:20:21Z

Changes proposed in this PR:

Prevent updating anonymous token if it already exists and is attached to the anonymous token policy

How I've tested this PR:

setup the deafault partiton and create a non-default partition called my-partition.
modified the anonymous token policy rule.
created helm deployment in my-partiton using acl bootstrap token with following policies.

acl = "read"
operator = "read"
agent_prefix "" {
  policy = "read"
}

partition "my-partition" {
  acl = "write"
  mesh = "write"
  peering = "write"
  namespace_prefix "" {
    policy = "write"
  }
  service_prefix "" {
    policy = "write"
  }
}

server-acl-acl init was successfull and anonymous token policy rule didn't get updated

How I expect reviewers to test this PR:

Checklist:

Tests added
CHANGELOG entry added

control-plane/subcommand/server-acl-init/anonymous_token.go

Ganeshrockz

It would be good to add test for the changes in configureAnonymousPolicy function

control-plane/subcommand/server-acl-init/anonymous_token.go

Ganeshrockz

Looks good to me. Deferring the approval to someone with more domain context

control-plane/subcommand/server-acl-init/anonymous_token_test.go

thisisnotashwin

This is looking good. i think we need to think about the unit-test a little more to ensure we are testing this behavior correctly. Otherwise, i like this.

control-plane/subcommand/server-acl-init/anonymous_token.go

control-plane/subcommand/server-acl-init/anonymous_token_test.go

thisisnotashwin

This looks good. I dont think i need to review this again but I think we should update the names of the policy in the test.

control-plane/subcommand/server-acl-init/anonymous_token_test.go

aahel · 2023-08-29T15:35:13Z

@david-yu which versions should we backport this to?

david-yu · 2023-08-29T16:19:08Z

Added backports, thank you.

* added check if anonymous token policy exists * changed checkIfAnonymousTokenPolicyExists impl * made consts private * added test for configureAnonymousPolicy * fixed unit test * fixed test and minor refactoring * fix typo * changed some var names * added changelog

…/1.2.x (#2864) * backport of commit deecdb9 * added check if anonymous token policy exists (#2790) * added check if anonymous token policy exists * changed checkIfAnonymousTokenPolicyExists impl * made consts private * added test for configureAnonymousPolicy * fixed unit test * fixed test and minor refactoring * fix typo * changed some var names * added changelog --------- Co-authored-by: aahel <aahel.guha@hashicorp.com>

…/1.1.x (#2863) * backport of commit deecdb9 * added check if anonymous token policy exists (#2790) * added check if anonymous token policy exists * changed checkIfAnonymousTokenPolicyExists impl * made consts private * added test for configureAnonymousPolicy * fixed unit test * fixed test and minor refactoring * fix typo * changed some var names * added changelog --------- Co-authored-by: aahel <aahel.guha@hashicorp.com>

added check if anonymous token policy exists (#2790) * added check if anonymous token policy exists * changed checkIfAnonymousTokenPolicyExists impl * made consts private * added test for configureAnonymousPolicy * fixed unit test * fixed test and minor refactoring * fix typo * changed some var names * added changelog

added check if anonymous token policy exists

deecdb9

aahel requested a review from Ganeshrockz August 18, 2023 05:20

aahel added the consul-india PRs/Issues assigned to Consul India team label Aug 18, 2023

Ganeshrockz reviewed Aug 18, 2023

View reviewed changes

changed checkIfAnonymousTokenPolicyExists impl

8d89601

aahel requested a review from Ganeshrockz August 18, 2023 05:54

Ganeshrockz reviewed Aug 18, 2023

View reviewed changes

control-plane/subcommand/server-acl-init/anonymous_token.go Outdated Show resolved Hide resolved

david-yu linked an issue Aug 18, 2023 that may be closed by this pull request

Improve server-acl-init: Avoid forcibly creating the anonymous token policy when it already exists #2732

Closed

aahel added 2 commits August 21, 2023 10:44

made consts private

10946ed

added test for configureAnonymousPolicy

18c2824

aahel requested a review from Ganeshrockz August 23, 2023 04:11

fixed unit test

78d17e7

Ganeshrockz reviewed Aug 23, 2023

View reviewed changes

control-plane/subcommand/server-acl-init/anonymous_token_test.go Outdated Show resolved Hide resolved

thisisnotashwin reviewed Aug 23, 2023

View reviewed changes

fixed test and minor refactoring

525e56b

aahel requested a review from thisisnotashwin August 23, 2023 15:49

fix typo

977050c

thisisnotashwin approved these changes Aug 23, 2023

View reviewed changes

control-plane/subcommand/server-acl-init/anonymous_token_test.go Outdated Show resolved Hide resolved

changed some var names

0d4e107

david-yu added backport/1.0.x backport/1.1.x Backport to release/1.1.x branch backport/1.2.x This release branch is no longer active. labels Aug 29, 2023

Ganeshrockz approved these changes Aug 29, 2023

View reviewed changes

added changelog

905e681

aahel merged commit 3056323 into main Aug 30, 2023

aahel deleted the NET-5174/anonymous-token-policy branch August 30, 2023 05:24

This was referenced Aug 30, 2023

Backport of added check if anonymous token policy exists into release/1.0.x #2862

Closed

Backport of added check if anonymous token policy exists into release/1.1.x #2863

Merged

hc-github-team-consul-core mentioned this pull request Aug 30, 2023

Backport of added check if anonymous token policy exists into release/1.2.x #2864

Merged

2 tasks

bnycohoe mentioned this pull request Sep 25, 2023

Anonymous token loses policies during big upgrades #3007

Open

aahel self-assigned this Dec 27, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

added check if anonymous token policy exists#2790

added check if anonymous token policy exists#2790
aahel merged 9 commits intomainfrom
NET-5174/anonymous-token-policy

aahel commented Aug 18, 2023 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Ganeshrockz left a comment

Uh oh!

Uh oh!

Ganeshrockz left a comment

Uh oh!

Uh oh!

thisisnotashwin left a comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

thisisnotashwin left a comment

Uh oh!

Uh oh!

aahel commented Aug 29, 2023

Uh oh!

david-yu commented Aug 29, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

Conversation

aahel commented Aug 18, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Ganeshrockz left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Ganeshrockz left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

thisisnotashwin left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

thisisnotashwin left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

aahel commented Aug 29, 2023

Uh oh!

david-yu commented Aug 29, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

aahel commented Aug 18, 2023 •

edited

Loading