Add support for returning ACL secret IDs for accessors with acl:write #10546
Conversation
github-actions
bot
added
theme/api
|
🤔 This PR has changes in the |
There was a problem hiding this comment.
Functionally this looks to do exactly what it set out to and is well done. There is one small bit missing from the implementation to get the pretty cli output format to show the secrets for the consul acl token list command but otherwise things look great.
I started to write a small bit about whether we need the ACLTokenListStub type anymore since it holds pretty much everything the full ACLToken does. While that is true I am not sure we could just get rid of the type and have the ACL.TokenList RPC return a []ACLToken instead due to upgrade concerns. It might be possible but I am not positive.
As a side note I noticed a bug that I think I introduced a while back. Essentially the ACLAuthMethodEnterpriseMeta field from the token isn't being propagated to the stub. Not something to fix in this PR but its one of the things that got me thinking we would be better off without the dual types.
|
The issue for the extra bug in the token list stub conversion is here: #10557 |
Ok, I can take a stab it this next. |
|
🍒 If backport labels were added before merging, cherry-picking will start automatically. To retroactively trigger a backport after merging, add backport labels and re-run https://circleci.com/gh/hashicorp/consul/406153. |
|
🍒✅ Cherry pick of commit 13bd865 onto |
In order to support copying of secret IDs from the UI, we need to include them in the API response with the caveat of when the accessor has only has
acl:readin which case the redacted secret ID will be returned instead.