Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[v10] Apply traits to Windows Desktop labels #14016

Merged
merged 2 commits into from
Jul 1, 2022
Merged

[v10] Apply traits to Windows Desktop labels #14016

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a5f1707
Apply traits to Windows Desktop labels
zmb3 Jun 29, 2022
a148ded
Merge branch 'branch/v10' into bot/backport-13991-branch/v10
zmb3 Jul 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions lib/services/role.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -353,6 +353,12 @@ func ApplyTraits(r types.Role, traits map[string][]string) types.Role {
r.SetDatabaseLabels(condition, applyLabelsTraits(inLabels, traits))
}

// apply templates to windows desktop labels
inLabels = r.GetWindowsDesktopLabels(condition)
if inLabels != nil {
r.SetWindowsDesktopLabels(condition, applyLabelsTraits(inLabels, traits))
}

r.SetHostGroups(condition,
applyValueTraitsSlice(r.GetHostGroups(condition), traits, "host_groups"))

Expand Down
67 changes: 41 additions & 26 deletions lib/services/role_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1828,32 +1828,34 @@ func TestCheckRuleSorting(t *testing.T) {

func TestApplyTraits(t *testing.T) {
type rule struct {
inLogins []string
outLogins []string
inWindowsLogins []string
outWindowsLogins []string
inRoleARNs []string
outRoleARNs []string
inLabels types.Labels
outLabels types.Labels
inKubeLabels types.Labels
outKubeLabels types.Labels
inKubeGroups []string
outKubeGroups []string
inKubeUsers []string
outKubeUsers []string
inAppLabels types.Labels
outAppLabels types.Labels
inDBLabels types.Labels
outDBLabels types.Labels
inDBNames []string
outDBNames []string
inDBUsers []string
outDBUsers []string
inImpersonate types.ImpersonateConditions
outImpersonate types.ImpersonateConditions
inSudoers []string
outSudoers []string
inLogins []string
outLogins []string
inWindowsLogins []string
outWindowsLogins []string
inRoleARNs []string
outRoleARNs []string
inLabels types.Labels
outLabels types.Labels
inKubeLabels types.Labels
outKubeLabels types.Labels
inKubeGroups []string
outKubeGroups []string
inKubeUsers []string
outKubeUsers []string
inAppLabels types.Labels
outAppLabels types.Labels
inDBLabels types.Labels
outDBLabels types.Labels
inWindowsDesktopLabels types.Labels
outWindowsDesktopLabels types.Labels
inDBNames []string
outDBNames []string
inDBUsers []string
outDBUsers []string
inImpersonate types.ImpersonateConditions
outImpersonate types.ImpersonateConditions
inSudoers []string
outSudoers []string
}
var tests = []struct {
comment string
Expand Down Expand Up @@ -2239,6 +2241,16 @@ func TestApplyTraits(t *testing.T) {
outDBLabels: types.Labels{`key`: []string{"bar", "baz"}},
},
},
{
comment: "values are expanded in windows desktop labels",
inTraits: map[string][]string{
"foo": {"bar", "baz"},
},
allow: rule{
inWindowsDesktopLabels: types.Labels{`key`: []string{`{{external.foo}}`}},
outWindowsDesktopLabels: types.Labels{`key`: []string{"bar", "baz"}},
},
},
{
comment: "impersonate roles",
inTraits: map[string][]string{
Expand Down Expand Up @@ -2323,6 +2335,7 @@ func TestApplyTraits(t *testing.T) {
DatabaseLabels: tt.allow.inDBLabels,
DatabaseNames: tt.allow.inDBNames,
DatabaseUsers: tt.allow.inDBUsers,
WindowsDesktopLabels: tt.allow.inWindowsDesktopLabels,
Impersonate: &tt.allow.inImpersonate,
HostSudoers: tt.allow.inSudoers,
},
Expand All @@ -2338,6 +2351,7 @@ func TestApplyTraits(t *testing.T) {
DatabaseLabels: tt.deny.inDBLabels,
DatabaseNames: tt.deny.inDBNames,
DatabaseUsers: tt.deny.inDBUsers,
WindowsDesktopLabels: tt.deny.inWindowsDesktopLabels,
Impersonate: &tt.deny.inImpersonate,
HostSudoers: tt.deny.outSudoers,
},
Expand All @@ -2364,6 +2378,7 @@ func TestApplyTraits(t *testing.T) {
require.Equal(t, rule.spec.outDBLabels, outRole.GetDatabaseLabels(rule.condition))
require.Equal(t, rule.spec.outDBNames, outRole.GetDatabaseNames(rule.condition))
require.Equal(t, rule.spec.outDBUsers, outRole.GetDatabaseUsers(rule.condition))
require.Equal(t, rule.spec.outWindowsDesktopLabels, outRole.GetWindowsDesktopLabels(rule.condition))
require.Equal(t, rule.spec.outImpersonate, outRole.GetImpersonateConditions(rule.condition))
require.Equal(t, rule.spec.outSudoers, outRole.GetHostSudoers(rule.condition))
}
Expand Down