[NET-5332] Add nomad server templated policy (#18888)

* [NET-5332] Add nomad server templated policy * slksfd
hashicorp · Sep 20, 2023 · c829952 · c829952
1 parent 6533e70
commit c829952
Show file tree

Hide file tree

Showing 10 changed files with 69 additions and 12 deletions.
diff --git a/agent/acl_endpoint_test.go b/agent/acl_endpoint_test.go
@@ -1374,7 +1374,7 @@ func TestACL_HTTP(t *testing.T) {
 
 			var list map[string]api.ACLTemplatedPolicyResponse
 			require.NoError(t, json.NewDecoder(resp.Body).Decode(&list))
-			require.Len(t, list, 3)
+			require.Len(t, list, 4)
 
 			require.Equal(t, api.ACLTemplatedPolicyResponse{
 				TemplateName: api.ACLTemplatedPolicyServiceName,

diff --git a/agent/structs/acl_templated_policy.go b/agent/structs/acl_templated_policy.go
@@ -28,9 +28,10 @@ var ACLTemplatedPolicyServiceSchema string
 type ACLTemplatedPolicies []*ACLTemplatedPolicy
 
 const (
-	ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003"
-	ACLTemplatedPolicyNodeID    = "00000000-0000-0000-0000-000000000004"
-	ACLTemplatedPolicyDNSID     = "00000000-0000-0000-0000-000000000005"
+	ACLTemplatedPolicyServiceID     = "00000000-0000-0000-0000-000000000003"
+	ACLTemplatedPolicyNodeID        = "00000000-0000-0000-0000-000000000004"
+	ACLTemplatedPolicyDNSID         = "00000000-0000-0000-0000-000000000005"
+	ACLTemplatedPolicyNomadServerID = "00000000-0000-0000-0000-000000000006"
 
 	ACLTemplatedPolicyNoRequiredVariablesSchema = "" // catch-all schema for all templated policy that don't require a schema
 )
@@ -45,7 +46,6 @@ type ACLTemplatedPolicyBase struct {
 }
 
 var (
-	// This supports: node, service and dns templates
 	// Note: when adding a new builtin template, ensure you update `command/acl/templatedpolicy/formatter.go`
 	// to handle the new templates required variables and schema.
 	aclTemplatedPoliciesList = map[string]*ACLTemplatedPolicyBase{
@@ -67,6 +67,12 @@ var (
 			Schema:       ACLTemplatedPolicyNoRequiredVariablesSchema,
 			Template:     ACLTemplatedPolicyDNS,
 		},
+		api.ACLTemplatedPolicyNomadServerName: {
+			TemplateID:   ACLTemplatedPolicyNomadServerID,
+			TemplateName: api.ACLTemplatedPolicyNomadServerName,
+			Schema:       ACLTemplatedPolicyNoRequiredVariablesSchema,
+			Template:     ACLTemplatedPolicyNomadServer,
+		},
 	}
 )
 

diff --git a/agent/structs/acl_templated_policy_ce.go b/agent/structs/acl_templated_policy_ce.go
@@ -16,6 +16,9 @@ var ACLTemplatedPolicyNode string
 //go:embed acltemplatedpolicy/policies/ce/dns.hcl
 var ACLTemplatedPolicyDNS string
 
+//go:embed acltemplatedpolicy/policies/ce/nomad-server.hcl
+var ACLTemplatedPolicyNomadServer string
+
 func (t *ACLToken) TemplatedPolicyList() []*ACLTemplatedPolicy {
 	if len(t.TemplatedPolicies) == 0 {
 		return nil

diff --git a/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl b/agent/structs/acltemplatedpolicy/policies/ce/nomad-server.hcl
@@ -0,0 +1,11 @@
+
+acl = "write"
+agent_prefix "" {
+  policy = "read"
+}
+node_prefix "" {
+  policy = "read"
+}
+service_prefix "" {
+  policy = "write"
+}
diff --git a/api/acl.go b/api/acl.go
@@ -21,9 +21,10 @@ const (
 	ACLManagementType = "management"
 
 	// ACLTemplatedPolicy names
-	ACLTemplatedPolicyServiceName = "builtin/service"
-	ACLTemplatedPolicyNodeName    = "builtin/node"
-	ACLTemplatedPolicyDNSName     = "builtin/dns"
+	ACLTemplatedPolicyServiceName     = "builtin/service"
+	ACLTemplatedPolicyNodeName        = "builtin/node"
+	ACLTemplatedPolicyDNSName         = "builtin/dns"
+	ACLTemplatedPolicyNomadServerName = "builtin/nomad-server"
 )
 
 type ACLLink struct {

diff --git a/command/acl/templatedpolicy/formatter.go b/command/acl/templatedpolicy/formatter.go
@@ -76,10 +76,8 @@ func (f *prettyFormatter) FormatTemplatedPolicy(templatedPolicy api.ACLTemplated
 		buffer.WriteString(fmt.Sprintf("\n%sName: String - Required - The node name.\n", WhitespaceIndent))
 		buffer.WriteString("Example usage:\n")
 		buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy builtin/node -var name:node-1\n", WhitespaceIndent))
-	case api.ACLTemplatedPolicyDNSName:
-		buffer.WriteString(" None\n")
-		buffer.WriteString("Example usage:\n")
-		buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy builtin/dns\n", WhitespaceIndent))
+	case api.ACLTemplatedPolicyDNSName, api.ACLTemplatedPolicyNomadServerName:
+		noRequiredVariablesOutput(&buffer, templatedPolicy.TemplateName)
 	default:
 		buffer.WriteString("   None\n")
 	}
@@ -94,6 +92,12 @@ func (f *prettyFormatter) FormatTemplatedPolicy(templatedPolicy api.ACLTemplated
 	return buffer.String(), nil
 }
 
+func noRequiredVariablesOutput(buffer *bytes.Buffer, templateName string) {
+	buffer.WriteString(" None\n")
+	buffer.WriteString("Example usage:\n")
+	buffer.WriteString(fmt.Sprintf("%sconsul acl token create -templated-policy %s\n", WhitespaceIndent, templateName))
+}
+
 func (f *prettyFormatter) FormatTemplatedPolicyList(policies map[string]api.ACLTemplatedPolicyResponse) (string, error) {
 	var buffer bytes.Buffer
 

diff --git a/command/acl/templatedpolicy/formatter_test.go b/command/acl/templatedpolicy/formatter_test.go
@@ -53,6 +53,13 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
 				Template:     structs.ACLTemplatedPolicyService,
 			},
 		},
+		"nomad-server-templated-policy": {
+			templatedPolicy: api.ACLTemplatedPolicyResponse{
+				TemplateName: api.ACLTemplatedPolicyNomadServerName,
+				Schema:       structs.ACLTemplatedPolicyNoRequiredVariablesSchema,
+				Template:     structs.ACLTemplatedPolicyNomadServer,
+			},
+		},
 	}
 
 	formatters := map[string]Formatter{

diff --git a/...mplatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden b/...mplatedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.json.golden
@@ -0,0 +1,5 @@
+{
+    "TemplateName": "builtin/nomad-server",
+    "Schema": "",
+    "Template": "\nacl = \"write\"\nagent_prefix \"\" {\n  policy = \"read\"\n}\nnode_prefix \"\" {\n  policy = \"read\"\n}\nservice_prefix \"\" {\n  policy = \"write\"\n}"
+}
diff --git a/...policy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden b/...policy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty-meta.golden
@@ -0,0 +1,16 @@
+Name:            builtin/nomad-server
+Input variables: None
+Example usage:
+	consul acl token create -templated-policy builtin/nomad-server
+Raw Template:
+
+acl = "write"
+agent_prefix "" {
+  policy = "read"
+}
+node_prefix "" {
+  policy = "read"
+}
+service_prefix "" {
+  policy = "write"
+}
diff --git a/...latedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty.golden b/...latedpolicy/testdata/FormatTemplatedPolicy/ce/nomad-server-templated-policy.pretty.golden
@@ -0,0 +1,4 @@
+Name:            builtin/nomad-server
+Input variables: None
+Example usage:
+	consul acl token create -templated-policy builtin/nomad-server