fix ACL bugs in listing allocs across all namespaces #9278
Conversation
| return true | ||
| } | ||
|
|
||
| return namespaces[alloc.Namespace] |
There was a problem hiding this comment.
this filter was backwards... it also didn't account for the case where namespaces == nil, which is what is returned by a short-circuit for management tokens.
the specificity of this method ultimately wasn't very useful.
| require.NoError(t, err) | ||
| err = state.UpsertAllocs(structs.MsgTypeTestSetup, 1000, []*structs.Allocation{alloc}) | ||
| require.NoError(t, err) | ||
| // two namespaces |
There was a problem hiding this comment.
this previously didn't test multiple namespaces, so i expanded it while i was here
| @@ -29,6 +29,10 @@ func (a *Alloc) List(args *structs.AllocListRequest, reply *structs.AllocListRes | |||
| } | |||
| defer metrics.MeasureSince([]string{"nomad", "alloc", "list"}, time.Now()) | |||
|
|
|||
| if args.RequestNamespace() == structs.AllNamespacesSentinel { | |||
| return a.listAllNamespaces(args, reply) | |||
| } | |||
There was a problem hiding this comment.
this early jump is the same pattern employed for /v1/jobs and /v1/scaling/policies:
Lines 1301 to 1303 in 3926317
nomad/nomad/scaling_endpoint.go
Lines 31 to 33 in 3926317
|
I'm going to lock this pull request because it has been closed for 120 days ⏳. This helps our maintainers find and focus on the active contributions. |
resolves #9268
first commit adds a test that multi-namespace queries actually works... as well as a documenting test that ACLs with multi-namespace query didn't work.
second commit fixes the discovered issues, using the multi-namespace pattern employed by
/v1/jobsand/v1/scaling/policies