mirror of
https://github.com/argoproj/argo-cd
synced 2026-05-24 09:50:08 +00:00
fix: impossible to config RBAC if group name includes ',' (#3013)
* fix: impossible to config RBAC if group name includes ',' * apply reviewer notes
This commit is contained in:
Alexander Matyushentsev
jannfis
parent
5bc59003af
commit
6ada626dda
2 changed files with 26 additions and 4 deletions
|
|
@ -2,6 +2,7 @@ package rbac
|
|||
|
||||
import (
|
||||
"context"
|
||||
"encoding/csv"
|
||||
"errors"
|
||||
"fmt"
|
||||
"strings"
|
||||
|
|
@ -11,7 +12,6 @@ import (
|
|||
|
||||
"github.com/casbin/casbin"
|
||||
"github.com/casbin/casbin/model"
|
||||
"github.com/casbin/casbin/persist"
|
||||
jwt "github.com/dgrijalva/jwt-go"
|
||||
log "github.com/sirupsen/logrus"
|
||||
"google.golang.org/grpc/codes"
|
||||
|
|
@ -270,15 +270,34 @@ func newAdapter(builtinPolicy, userDefinedPolicy, runtimePolicy string) *argocdA
|
|||
func (a *argocdAdapter) LoadPolicy(model model.Model) error {
|
||||
for _, policyStr := range []string{a.builtinPolicy, a.userDefinedPolicy, a.runtimePolicy} {
|
||||
for _, line := range strings.Split(policyStr, "\n") {
|
||||
if line == "" {
|
||||
continue
|
||||
if err := loadPolicyLine(strings.TrimSpace(line), model); err != nil {
|
||||
return err
|
||||
}
|
||||
persist.LoadPolicyLine(line, model)
|
||||
}
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// The modified version of LoadPolicyLine function defined in "persist" package of github.com/casbin/casbin.
|
||||
// Uses CVS parser to correctly handle quotes in policy line.
|
||||
func loadPolicyLine(line string, model model.Model) error {
|
||||
if line == "" || strings.HasPrefix(line, "#") {
|
||||
return nil
|
||||
}
|
||||
|
||||
reader := csv.NewReader(strings.NewReader(line))
|
||||
reader.TrimLeadingSpace = true
|
||||
tokens, err := reader.Read()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
key := tokens[0]
|
||||
sec := key[:1]
|
||||
model[sec][key].Policy = append(model[sec][key].Policy, tokens[1:])
|
||||
return nil
|
||||
}
|
||||
|
||||
func (a *argocdAdapter) SavePolicy(model model.Model) error {
|
||||
return errors.New("not implemented")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -371,6 +371,9 @@ func TestValidatePolicy(t *testing.T) {
|
|||
goodPolicies := []string{
|
||||
"p, role:admin, projects, delete, *, allow",
|
||||
"",
|
||||
"#",
|
||||
`p, "role,admin", projects, delete, *, allow`,
|
||||
` p, role:admin, projects, delete, *, allow `,
|
||||
}
|
||||
for _, good := range goodPolicies {
|
||||
assert.Nil(t, ValidatePolicy(good))
|
||||
|
|
|
|||
Loading…
Reference in a new issue