TrueCloudLab
/
frostfs-sdk-go
28
0
Fork 18
Code Issues 27 Pull Requests 2 Actions Releases Activity

[#49] bearer: Allow empty eacl if token is impersonated 

Signed-off-by: Denis Kirillov <d.kirillov@yadro.com>
pull/67/head
Denis Kirillov 2023-05-04 18:01:07 +03:00
parent d4fe9a193d
commit 15b4287092
2 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
bearer/bearer.go
View File

@ -46,10 +46,12 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error {
return errors.New("missing token body")
}
b.impersonate = body.GetImpersonate()
eaclTable := body.GetEACL()
if b.eaclTableSet = eaclTable != nil; b.eaclTableSet {
b.eaclTable = *eacl.NewTableFromV2(eaclTable)
} else if checkFieldPresence {
} else if checkFieldPresence && !b.impersonate {
return errors.New("missing eACL table")
}
@ -70,8 +72,6 @@ func (b *Token) readFromV2(m acl.BearerToken, checkFieldPresence bool) error {
return errors.New("missing token lifetime")
}
b.impersonate = body.GetImpersonate()
sig := m.GetSignature()
if b.sigSet = sig != nil; sig != nil {
b.sig = *sig

4
bearer/bearer_test.go
View File

@ -323,6 +323,10 @@ func TestToken_ReadFromV2(t *testing.T) {
require.NoError(t, val.ReadFromV2(m))
body.SetEACL(nil)
body.SetImpersonate(true)
require.NoError(t, val.ReadFromV2(m))
var m2 acl.BearerToken
val.WriteToV2(&m2)