Stop JWT provider from being written in non default namespace

hashicorp · Jul 28, 2023 · b4ca14b · b4ca14b
1 parent 449e050
commit b4ca14b
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 2 deletions.
diff --git a/.changelog/PLACEHOLDER.txt b/.changelog/PLACEHOLDER.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+mesh: Stop jwt providers from being created in non-default namespaces
+```
diff --git a/agent/structs/config_entry_jwt_provider.go b/agent/structs/config_entry_jwt_provider.go
@@ -509,7 +509,7 @@ func (e *JWTProviderConfigEntry) Validate() error {
 		return err
 	}
 
-	if err := e.validatePartition(); err != nil {
+	if err := e.validatePartitionAndNamespace(); err != nil {
 		return err
 	}
 

diff --git a/agent/structs/config_entry_jwt_provider_oss.go b/agent/structs/config_entry_jwt_provider_oss.go
@@ -12,9 +12,14 @@ import (
 	"github.com/hashicorp/consul/acl"
 )
 
-func (e *JWTProviderConfigEntry) validatePartition() error {
+func (e *JWTProviderConfigEntry) validatePartitionAndNamespace() error {
 	if !acl.IsDefaultPartition(e.PartitionOrDefault()) {
 		return fmt.Errorf("Partitions are an enterprise only feature")
 	}
+
+	if !acl.IsDefaultPartition(e.PartitionOrDefault()) {
+		return fmt.Errorf("Namespace are an enterprise only feature")
+	}
+
 	return nil
 }