From 93d4e99714d5788d7627f64fd02cae09ecd07b20 Mon Sep 17 00:00:00 2001 From: Patrick Hemmer Date: Tue, 1 Aug 2023 10:43:02 -0400 Subject: [PATCH] BUG/MINOR: acl: support built-in ACLs with acl() sample Built-in ACLs were not being searched by the acl() sample fetch. This fixes that so they are searched if no other match is found. --- reg-tests/sample_fetches/acl.vtc | 3 ++- src/acl.c | 6 +++++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/reg-tests/sample_fetches/acl.vtc b/reg-tests/sample_fetches/acl.vtc index 8f4f8fb24..21e6f4b52 100644 --- a/reg-tests/sample_fetches/acl.vtc +++ b/reg-tests/sample_fetches/acl.vtc @@ -18,7 +18,7 @@ haproxy h1 -conf { acl ACL3 acl(!ACL2) acl ACL4 acl(ACL2,!ACL3) - http-request return status 200 hdr x-acl "ACL1=%[acl(ACL1)] ACL2=%[acl(ACL2)] ACL3=%[acl(ACL3)] ACL4=%[acl(ACL4)]" + http-request return status 200 hdr x-acl "ACL1=%[acl(ACL1)] ACL2=%[acl(ACL2)] ACL3=%[acl(ACL3)] ACL4=%[acl(ACL4)] TRUE=%[acl(TRUE)]" } -start client c1 -connect ${h1_fe1_sock} { @@ -29,4 +29,5 @@ client c1 -connect ${h1_fe1_sock} { expect resp.http.x-acl ~ "ACL2=1" expect resp.http.x-acl ~ "ACL3=0" expect resp.http.x-acl ~ "ACL4=1" + expect resp.http.x-acl ~ "TRUE=1" } -run diff --git a/src/acl.c b/src/acl.c index 52a71f38e..c1f4edd1c 100644 --- a/src/acl.c +++ b/src/acl.c @@ -1350,7 +1350,11 @@ int smp_fetch_acl_parse(struct arg *args, char **err_msg) name++; } - if (!(acl_sample->terms[i].acl = find_acl_by_name(name, &curproxy->acl))) { + + if ( + !(acl_sample->terms[i].acl = find_acl_by_name(name, &curproxy->acl)) && + !(acl_sample->terms[i].acl = find_acl_default(name, &curproxy->acl, err_msg, NULL, NULL, 0)) + ) { memprintf(err_msg, "ACL '%s' not found", name); goto err; }