lib/auth: add NewTokenPossibleMultitenant() for parsing auth token, which can be multitenant

Disallow parsing multitenant token at auth.NewToken().

Use auth.NewTokenPossibleMultitenant() at vminsert only. All the other callers should call auth.NewToken(),
since they do not support multitenant token.

This is a follow-up for f0c06b428e

Updates https://github.com/VictoriaMetrics/VictoriaMetrics/issues/4910
This commit is contained in:
Aliaksandr Valialkin 2023-08-30 14:08:47 +02:00
parent 137fa19d9c
commit 1bba4c5118
No known key found for this signature in database
GPG Key ID: A72BEC6CD3D0DED1
2 changed files with 30 additions and 5 deletions

View File

@ -24,12 +24,7 @@ func (t *Token) String() string {
} }
// NewToken returns new Token for the given authToken. // NewToken returns new Token for the given authToken.
//
// If authToken == "multitenant", then nil Token is returned.
func NewToken(authToken string) (*Token, error) { func NewToken(authToken string) (*Token, error) {
if authToken == "multitenant" {
return nil, nil
}
var t Token var t Token
if err := t.Init(authToken); err != nil { if err := t.Init(authToken); err != nil {
return nil, err return nil, err
@ -37,6 +32,16 @@ func NewToken(authToken string) (*Token, error) {
return &t, nil return &t, nil
} }
// NewTokenPossibleMultitenant returns new Token for the given authToken.
//
// If authToken == "multitenant", then nil Token is returned.
func NewTokenPossibleMultitenant(authToken string) (*Token, error) {
if authToken == "multitenant" {
return nil, nil
}
return NewToken(authToken)
}
// Init initializes t from authToken. // Init initializes t from authToken.
func (t *Token) Init(authToken string) error { func (t *Token) Init(authToken string) error {
tmp := strings.Split(authToken, ":") tmp := strings.Split(authToken, ":")

View File

@ -26,6 +26,24 @@ func TestNewTokenSuccess(t *testing.T) {
f("1:4294967295", "1:4294967295") f("1:4294967295", "1:4294967295")
// max uint32 accountID and projectID // max uint32 accountID and projectID
f("4294967295:4294967295", "4294967295:4294967295") f("4294967295:4294967295", "4294967295:4294967295")
}
func TestNewTokenPossibleMultitenantSuccess(t *testing.T) {
f := func(token string, want string) {
t.Helper()
newToken, err := NewTokenPossibleMultitenant(token)
if err != nil {
t.Fatalf("unexpected error: %s", err)
}
got := newToken.String()
if got != want {
t.Fatalf("unexpected NewToken() result;got\n%s\nwant\n%s", got, want)
}
}
// token with accountID only
f("1", "1")
// token with accountID and projecTID
f("1:2", "1:2")
// multitenant // multitenant
f("multitenant", "multitenant") f("multitenant", "multitenant")
} }
@ -75,4 +93,6 @@ func TestNewTokenFailure(t *testing.T) {
f("a:b:c") f("a:b:c")
// many int parts in the token" // many int parts in the token"
f("1:2:3") f("1:2:3")
// multitenant
f("multitenant")
} }