Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

acl: disallow leading / on variable paths #23757

Merged
merged 2 commits into from
Aug 7, 2024
Merged

acl: disallow leading / on variable paths #23757

merged 2 commits into from
Aug 7, 2024

Conversation

tgross
Copy link
Member

@tgross tgross commented Aug 6, 2024

The path for a Variable never begins with a leading /, because it's stripped off in the API before it ever gets to the state store. The CLI and UI allow the leading / for convenience, but this can be misleading when it comes to writing ACL policies. An ACL policy with a path starting with a leading / will never match.

Update the ACL policy parser so that we prevent an incorrect variable path in the policy.

Fixes: #23730

@tgross
acl: disallow leading / on variable paths
9e4f40c 
The path for a Variable never begins with a leading `/`, because it's stripped
off in the API before it ever gets to the state store. The CLI and UI allow the
leading `/` for convenience, but this can be misleading when it comes to writing
ACL policies. An ACL policy with a path starting with a leading `/` will never
match.

Update the ACL policy parser so that we prevent an incorrect variable path in
the policy.

Fixes: #23730
@tgross tgross force-pushed the acl-policy-no-leading-var-slash branch from aab57f2 to 9e4f40c Compare August 6, 2024 21:01
@tgross tgross added theme/acl type/enhancement backport/1.8.x backport to 1.8.x release line labels Aug 6, 2024
@tgross tgross added this to the 1.8.3 milestone Aug 6, 2024
@tgross tgross marked this pull request as ready for review August 6, 2024 21:01
schmichael
schmichael approved these changes Aug 6, 2024
View reviewed changes
acl/policy.go Outdated Show resolved Hide resolved
acl/policy_test.go Outdated Show resolved Hide resolved
@tgross @schmichael
Apply suggestions from code review
92b3e09 
Co-authored-by: Michael Schurter <[email protected]>
@tgross tgross merged commit 4a5921c into main Aug 7, 2024
21 checks passed
@tgross tgross deleted the acl-policy-no-leading-var-slash branch August 7, 2024 13:26
@hc-github-team-nomad-core hc-github-team-nomad-core mentioned this pull request Aug 7, 2024
Merged
@tgross tgross mentioned this pull request Aug 7, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@schmichael schmichael schmichael approved these changes

@gulducat gulducat Awaiting requested review from gulducat

@Juanadelacuesta Juanadelacuesta Awaiting requested review from Juanadelacuesta

@shoenig shoenig Awaiting requested review from shoenig

Assignees
No one assigned
Labels
backport/1.8.x backport to 1.8.x release line theme/acl type/enhancement
Projects
None yet
Milestone
1.8.3
Development

Successfully merging this pull request may close these issues.

Nomad ACL Policy for variables can't accessed when defined with leading slash
2 participants
@tgross @schmichael