-
Notifications
You must be signed in to change notification settings - Fork 4.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for returning ACL secret IDs for accessors with acl:write #10546
Conversation
🤔 This PR has changes in the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Functionally this looks to do exactly what it set out to and is well done. There is one small bit missing from the implementation to get the pretty
cli output format to show the secrets for the consul acl token list
command but otherwise things look great.
I started to write a small bit about whether we need the ACLTokenListStub
type anymore since it holds pretty much everything the full ACLToken
does. While that is true I am not sure we could just get rid of the type and have the ACL.TokenList
RPC return a []ACLToken
instead due to upgrade concerns. It might be possible but I am not positive.
As a side note I noticed a bug that I think I introduced a while back. Essentially the ACLAuthMethodEnterpriseMeta
field from the token isn't being propagated to the stub. Not something to fix in this PR but its one of the things that got me thinking we would be better off without the dual types.
The issue for the extra bug in the token list stub conversion is here: #10557 |
Ok, I can take a stab it this next. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
🍒 If backport labels were added before merging, cherry-picking will start automatically. To retroactively trigger a backport after merging, add backport labels and re-run https://circleci.com/gh/hashicorp/consul/406153. |
🍒✅ Cherry pick of commit 13bd865 onto |
In order to support copying of secret IDs from the UI, we need to include them in the API response with the caveat of when the accessor has only has
acl:read
in which case the redacted secret ID will be returned instead.