Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core: add ACL token expiry state, struct, and RPC handling. #13718

Merged
merged 1 commit into from
Jul 13, 2022
Merged

core: add ACL token expiry state, struct, and RPC handling. #13718

merged 1 commit into from
Jul 13, 2022

Conversation

jrasell
Copy link
Member

@jrasell jrasell commented Jul 12, 2022

The ACL token state schema has been updated to utilise two new
indexes which track expiration of tokens that are configured with
an expiration TTL or time. A new state function allows listing
ACL expired tokens which will be used by internal garbage
collection.

The ACL endpoint has been modified so that all validation happens
within a single function call. This is easier to understand and
see at a glance. The ACL token validation now also includes logic
for expiry TTL and times. The ACL endpoint upsert tests have been
condensed into a single, table driven test.

There is a new token canonicalize which provides a single place
for token canonicalization, rather than logic spread in the RPC
handler.

related: #13120
targets: feature branch

@jrasell jrasell added this to the 1.4.0 milestone Jul 12, 2022
@jrasell jrasell self-assigned this Jul 12, 2022
shoenig
shoenig approved these changes Jul 12, 2022
View reviewed changes
Copy link
Member

@shoenig shoenig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM; just the one question about expiration, and a couple suggestions

Also feel free to s/interface{}/any/g

helper/funcs.go Outdated Show resolved Hide resolved
nomad/acl_endpoint_test.go Outdated Show resolved Hide resolved
nomad/structs/acl.go Outdated Show resolved Hide resolved
@jrasell jrasell force-pushed the f-gh-13120-core-functionality branch 2 times, most recently from 6c89e0e to ccb5cd6 Compare July 13, 2022 07:32
@jrasell jrasell force-pushed the f-gh-13120-core-functionality branch from ccb5cd6 to 927daa5 Compare July 13, 2022 07:39
@jrasell
core: add ACL token expiry state, struct, and RPC handling.
ea98bf5 
The ACL token state schema has been updated to utilise two new
indexes which track expiration of tokens that are configured with
an expiration TTL or time. A new state function allows listing
ACL expired tokens which will be used by internal garbage
collection.

The ACL endpoint has been modified so that all validation happens
within a single function call. This is easier to understand and
see at a glance. The ACL token validation now also includes logic
for expiry TTL and times. The ACL endpoint upsert tests have been
condensed into a single, table driven test.

There is a new token canonicalize which provides a single place
for token canonicalization, rather than logic spread in the RPC
handler.
@jrasell jrasell force-pushed the f-gh-13120-core-functionality branch from 927daa5 to ea98bf5 Compare July 13, 2022 08:32
@jrasell jrasell merged commit 8981c5a into f-gh-13120-acl-token-expiration Jul 13, 2022
@jrasell jrasell deleted the f-gh-13120-core-functionality branch July 13, 2022 13:40
@github-actions
Copy link

I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 11, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@shoenig shoenig shoenig approved these changes

@schmichael schmichael Awaiting requested review from schmichael

Assignees

@jrasell jrasell

Labels
None yet
Projects
None yet
Milestone
1.4.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@jrasell @shoenig