Use embedded strings for templated policies (#18829)

agent/acl_endpoint_test.go

@@ -1378,7 +1378,7 @@ func TestACL_HTTP(t *testing.T) {
 
 			require.Equal(t, api.ACLTemplatedPolicyResponse{
 				TemplateName: api.ACLTemplatedPolicyServiceName,
-				Schema:       structs.ACLTemplatedPolicyIdentitiesSchema,
+				Schema:       structs.ACLTemplatedPolicyServiceSchema,
 				Template:     structs.ACLTemplatedPolicyService,
 			}, list[api.ACLTemplatedPolicyServiceName])
 		})

agent/structs/acl_templated_policy.go

@@ -5,6 +5,7 @@ package structs
 
 import (
 	"bytes"
+	_ "embed"
 	"fmt"
 	"hash"
 	"hash/fnv"
@@ -18,26 +19,17 @@ import (
 	"golang.org/x/exp/slices"
 )
 
+//go:embed acltemplatedpolicy/schemas/node.json
+var ACLTemplatedPolicyNodeSchema string
+
+//go:embed acltemplatedpolicy/schemas/service.json
+var ACLTemplatedPolicyServiceSchema string
+
 type ACLTemplatedPolicies []*ACLTemplatedPolicy
 
 const (
-	ACLTemplatedPolicyNodeID           = "00000000-0000-0000-0000-000000000004"
-	ACLTemplatedPolicyServiceID        = "00000000-0000-0000-0000-000000000003"
-	ACLTemplatedPolicyIdentitiesSchema = `
-{
-	"type": "object",
-	"properties": {
-		"name": { "type": "string", "$ref": "#/definitions/min-length-one" }
-	},
-	"required": ["name"],
-	"definitions": {
-		"min-length-one": {
-				"type": "string",
-				"minLength": 1
-		}
-	}
-}`
-
+	ACLTemplatedPolicyServiceID = "00000000-0000-0000-0000-000000000003"
+	ACLTemplatedPolicyNodeID    = "00000000-0000-0000-0000-000000000004"
 	ACLTemplatedPolicyDNSID     = "00000000-0000-0000-0000-000000000005"
 	ACLTemplatedPolicyDNSSchema = "" // empty schema as it does not require variables
 )
@@ -59,13 +51,13 @@ var (
 		api.ACLTemplatedPolicyServiceName: {
 			TemplateID:   ACLTemplatedPolicyServiceID,
 			TemplateName: api.ACLTemplatedPolicyServiceName,
-			Schema:       ACLTemplatedPolicyIdentitiesSchema,
+			Schema:       ACLTemplatedPolicyServiceSchema,
 			Template:     ACLTemplatedPolicyService,
 		},
 		api.ACLTemplatedPolicyNodeName: {
 			TemplateID:   ACLTemplatedPolicyNodeID,
 			TemplateName: api.ACLTemplatedPolicyNodeName,
-			Schema:       ACLTemplatedPolicyIdentitiesSchema,
+			Schema:       ACLTemplatedPolicyNodeSchema,
 			Template:     ACLTemplatedPolicyNode,
 		},
 		api.ACLTemplatedPolicyDNSName: {
@@ -273,6 +265,7 @@ func GetACLTemplatedPolicyBase(templateName string) (*ACLTemplatedPolicyBase, bo
 	return nil, false
 }
 
+// GetACLTemplatedPolicyList returns a copy of the list of templated policies
 func GetACLTemplatedPolicyList() map[string]*ACLTemplatedPolicyBase {
 	m := make(map[string]*ACLTemplatedPolicyBase, len(aclTemplatedPoliciesList))
 	for k, v := range aclTemplatedPoliciesList {

agent/structs/acltemplatedpolicy/schemas/node.json

@@ -0,0 +1,13 @@
+{
+	"type": "object",
+	"properties": {
+		"name": { "type": "string", "$ref": "#/definitions/min-length-one" }
+	},
+	"required": ["name"],
+	"definitions": {
+		"min-length-one": {
+				"type": "string",
+				"minLength": 1
+		}
+	}
+}

agent/structs/acltemplatedpolicy/schemas/service.json

@@ -0,0 +1,13 @@
+{
+	"type": "object",
+	"properties": {
+		"name": { "type": "string", "$ref": "#/definitions/min-length-one" }
+	},
+	"required": ["name"],
+	"definitions": {
+		"min-length-one": {
+				"type": "string",
+				"minLength": 1
+		}
+	}
+}

command/acl/templatedpolicy/formatter_test.go

@@ -35,7 +35,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
 		"node-templated-policy": {
 			templatedPolicy: api.ACLTemplatedPolicyResponse{
 				TemplateName: api.ACLTemplatedPolicyNodeName,
-				Schema:       structs.ACLTemplatedPolicyIdentitiesSchema,
+				Schema:       structs.ACLTemplatedPolicyNodeSchema,
 				Template:     structs.ACLTemplatedPolicyNode,
 			},
 		},
@@ -49,7 +49,7 @@ func testFormatTemplatedPolicy(t *testing.T, dirPath string) {
 		"service-templated-policy": {
 			templatedPolicy: api.ACLTemplatedPolicyResponse{
 				TemplateName: api.ACLTemplatedPolicyServiceName,
-				Schema:       structs.ACLTemplatedPolicyIdentitiesSchema,
+				Schema:       structs.ACLTemplatedPolicyServiceSchema,
 				Template:     structs.ACLTemplatedPolicyService,
 			},
 		},
@@ -89,7 +89,7 @@ func testFormatTemplatedPolicyList(t *testing.T, dirPath string) {
 	policies := map[string]api.ACLTemplatedPolicyResponse{
 		"builtin/node": {
 			TemplateName: api.ACLTemplatedPolicyNodeName,
-			Schema:       structs.ACLTemplatedPolicyIdentitiesSchema,
+			Schema:       structs.ACLTemplatedPolicyNodeSchema,
 			Template:     structs.ACLTemplatedPolicyNode,
 		},
 		"builtin/dns": {
@@ -99,7 +99,7 @@ func testFormatTemplatedPolicyList(t *testing.T, dirPath string) {
 		},
 		"builtin/service": {
 			TemplateName: api.ACLTemplatedPolicyServiceName,
-			Schema:       structs.ACLTemplatedPolicyIdentitiesSchema,
+			Schema:       structs.ACLTemplatedPolicyServiceSchema,
 			Template:     structs.ACLTemplatedPolicyService,
 		},
 	}

command/acl/templatedpolicy/read/templated_policy_read_test.go

@@ -128,7 +128,7 @@ func TestTemplatedPolicyReadCommand_JSON(t *testing.T) {
 		err := json.Unmarshal([]byte(output), &templatedPolicy)
 
 		assert.NoError(t, err)
-		assert.Equal(t, structs.ACLTemplatedPolicyIdentitiesSchema, templatedPolicy.Schema)
+		assert.Equal(t, structs.ACLTemplatedPolicyNodeSchema, templatedPolicy.Schema)
 		assert.Equal(t, api.ACLTemplatedPolicyNodeName, templatedPolicy.TemplateName)
 	})
 }

command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.json.golden

@@ -1,5 +1,5 @@
 {
     "TemplateName": "builtin/node",
-    "Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
+    "Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
     "Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}"
 }

command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/node-templated-policy.pretty-meta.golden

@@ -4,7 +4,6 @@ Input variables:
 Example usage:
 	consul acl token create -templated-policy builtin/node -var name:node-1
 Schema:
-
 {
 	"type": "object",
 	"properties": {

command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.json.golden

@@ -1,5 +1,5 @@
 {
     "TemplateName": "builtin/service",
-    "Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
+    "Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
     "Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}"
 }

command/acl/templatedpolicy/testdata/FormatTemplatedPolicy/ce/service-templated-policy.pretty-meta.golden

@@ -4,7 +4,6 @@ Input variables:
 Example usage:
 	consul acl token create -templated-policy builtin/service -var name:api
 Schema:
-
 {
 	"type": "object",
 	"properties": {

command/acl/templatedpolicy/testdata/FormatTemplatedPolicyList/ce/list.json.golden

@@ -6,12 +6,12 @@
     },
     "builtin/node": {
         "TemplateName": "builtin/node",
-        "Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
+        "Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
         "Template": "\nnode \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}"
     },
     "builtin/service": {
         "TemplateName": "builtin/service",
-        "Schema": "\n{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
+        "Schema": "{\n\t\"type\": \"object\",\n\t\"properties\": {\n\t\t\"name\": { \"type\": \"string\", \"$ref\": \"#/definitions/min-length-one\" }\n\t},\n\t\"required\": [\"name\"],\n\t\"definitions\": {\n\t\t\"min-length-one\": {\n\t\t\t\t\"type\": \"string\",\n\t\t\t\t\"minLength\": 1\n\t\t}\n\t}\n}",
         "Template": "\nservice \"{{.Name}}\" {\n\tpolicy = \"write\"\n}\nservice \"{{.Name}}-sidecar-proxy\" {\n\tpolicy = \"write\"\n}\nservice_prefix \"\" {\n\tpolicy = \"read\"\n}\nnode_prefix \"\" {\n\tpolicy = \"read\"\n}"
     }
 }