Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

acl: remove remaining unused nil ACL object handling #20456

Merged
merged 1 commit into from
Apr 18, 2024
Merged

acl: remove remaining unused nil ACL object handling #20456

merged 1 commit into from
Apr 18, 2024

Conversation

tgross
Copy link
Member

@tgross tgross commented Apr 18, 2024

As of #18754 which shipped in Nomad 1.7, we no longer need to nil-check the object returned by ResolveACL if there's no error return, because in the case where ACLs are disabled we return a special "ACLs disabled" ACL object. Checking nil is not a bug but should be discouraged because it opens us up to future bugs that would bypass ACLs.

We fixed a bunch of these cases in #20150 but I didn't update the semgrep rule, which meant we missed a few more. Update the semgrep rule and fix the remaining cases.

@tgross
acl: remove remaining unused nil ACL object handling
74b231e 
As of #18754 which shipped in Nomad 1.7, we no longer need to nil-check the
object returned by ResolveACL if there's no error return, because in the case
where ACLs are disabled we return a special "ACLs disabled" ACL object. Checking
nil is not a bug but should be discouraged because it opens us up to future bugs
that would bypass ACLs.

We fixed a bunch of these cases in #20150
but I didn't update the semgrep rule, which meant we missed a few more. Update
the semgrep rule and fix the remaining cases.
@tgross tgross added backport/1.7.x backport to 1.7.x release line theme/auth type/tech-debt labels Apr 18, 2024
@tgross tgross added this to the 1.7.x milestone Apr 18, 2024
@tgross tgross marked this pull request as ready for review April 18, 2024 18:08
shoenig
shoenig approved these changes Apr 18, 2024
View reviewed changes
Copy link
Member

@shoenig shoenig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 🧹

@tgross tgross merged commit ea5f2f6 into main Apr 18, 2024
25 checks passed
@tgross tgross deleted the no-nil-acls-check branch April 18, 2024 18:34
@hc-github-team-nomad-core hc-github-team-nomad-core mentioned this pull request Apr 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shoenig shoenig shoenig approved these changes

@gulducat gulducat Awaiting requested review from gulducat

@schmichael schmichael Awaiting requested review from schmichael

Assignees
No one assigned
Labels
backport/1.7.x backport to 1.7.x release line theme/auth type/tech-debt
Projects
None yet
Milestone
1.7.x
Development

Successfully merging this pull request may close these issues.
2 participants
@tgross @shoenig