From b4ca14b08d41de6ca42f90639e879728da83d680 Mon Sep 17 00:00:00 2001 From: Ronald Ekambi Date: Fri, 28 Jul 2023 15:47:28 -0400 Subject: [PATCH] Stop JWT provider from being written in non default namespace --- .changelog/PLACEHOLDER.txt | 3 +++ agent/structs/config_entry_jwt_provider.go | 2 +- agent/structs/config_entry_jwt_provider_oss.go | 7 ++++++- 3 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 .changelog/PLACEHOLDER.txt diff --git a/.changelog/PLACEHOLDER.txt b/.changelog/PLACEHOLDER.txt new file mode 100644 index 0000000000000..c96f0e6a82f11 --- /dev/null +++ b/.changelog/PLACEHOLDER.txt @@ -0,0 +1,3 @@ +```release-note:bug +mesh: Stop jwt providers from being created in non-default namespaces +``` \ No newline at end of file diff --git a/agent/structs/config_entry_jwt_provider.go b/agent/structs/config_entry_jwt_provider.go index cc9a37be0c484..7336027d70954 100644 --- a/agent/structs/config_entry_jwt_provider.go +++ b/agent/structs/config_entry_jwt_provider.go @@ -509,7 +509,7 @@ func (e *JWTProviderConfigEntry) Validate() error { return err } - if err := e.validatePartition(); err != nil { + if err := e.validatePartitionAndNamespace(); err != nil { return err } diff --git a/agent/structs/config_entry_jwt_provider_oss.go b/agent/structs/config_entry_jwt_provider_oss.go index 2152f139f0f70..a2026e0cdff1e 100644 --- a/agent/structs/config_entry_jwt_provider_oss.go +++ b/agent/structs/config_entry_jwt_provider_oss.go @@ -12,9 +12,14 @@ import ( "github.com/hashicorp/consul/acl" ) -func (e *JWTProviderConfigEntry) validatePartition() error { +func (e *JWTProviderConfigEntry) validatePartitionAndNamespace() error { if !acl.IsDefaultPartition(e.PartitionOrDefault()) { return fmt.Errorf("Partitions are an enterprise only feature") } + + if !acl.IsDefaultPartition(e.PartitionOrDefault()) { + return fmt.Errorf("Namespace are an enterprise only feature") + } + return nil }