Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of client: fix role permission issue with duplicate policies. into release/1.4.x #18446

Merged
merged 1 commit into from
Sep 11, 2023
Merged

Backport of client: fix role permission issue with duplicate policies. into release/1.4.x #18446

merged 1 commit into from
Sep 11, 2023

Conversation

hc-github-team-nomad-core
Copy link
Contributor

Backport

This PR is auto-generated from #18419 to be assessed for backporting due to the inclusion of the label backport/1.4.x.

🚨

Warning automatic cherry-pick of commits failed. If the first commit failed,
you will see a blank no-op commit below. If at least one commit succeeded, you
will see the cherry-picked commits up to, not including, the commit where
the merge conflict occurred.

The person who merged in the original PR is:
@jrasell
This person should manually cherry-pick the original PR into a new backport PR,
and close this one when the manual backport PR is merged in.

merge conflict error: POST https://api.github.com/repos/hashicorp/nomad/merges: 409 Merge conflict []

The below text is copied from the body of the original PR.

This change deduplicates the ACL policy list generated from ACL roles referenced within an ACL token on the client.

Previously the list could contain duplicates, which would cause erronous permission denied errors when calling client related RPC/ HTTP API endpoints. This is because the client calls the ACL get policies endpoint which subsequently ensures the caller has permission to view the ACL policies. This check is performed by comparing the requested list args with the policies referenced by the caller ACL token. When a duplicate is present, this check fails, as the check must ensure the slices match exactly.

The linked issue has details on how to reproduce the problem, if readers want to test this before and after the code changes.

Closes #17201

Overview of commits

@hashicorp-cla
Copy link

hashicorp-cla commented Sep 11, 2023
edited

CLA assistant check
All committers have signed the CLA.

@jrasell
client: fix role permission issue with duplicate policies. (#18419)
fe0be62 
This change deduplicates the ACL policy list generated from ACL
roles referenced within an ACL token on the client.

Previously the list could contain duplicates, which would cause
erronous permission denied errors when calling client related RPC/
HTTP API endpoints. This is because the client calls the ACL get
policies endpoint which subsequently ensures the caller has
permission to view the ACL policies. This check is performed by
comparing the requested list args with the policies referenced by
the caller ACL token. When a duplicate is present, this check
fails, as the check must ensure the slices match exactly.
@jrasell jrasell force-pushed the backport/gh-17201/yearly-humane-squirrel branch from becad62 to fe0be62 Compare September 11, 2023 12:00
@jrasell jrasell marked this pull request as ready for review September 11, 2023 12:05
@jrasell jrasell merged commit 0aba34e into release/1.4.x Sep 11, 2023
24 checks passed
@jrasell jrasell deleted the backport/gh-17201/yearly-humane-squirrel branch September 11, 2023 12:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jrasell jrasell Awaiting requested review from jrasell

Assignees

@jrasell jrasell

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@hc-github-team-nomad-core @hashicorp-cla @jrasell