2023-03-28 18:39:22 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2021-11-16 18:04:01 +00:00
|
|
|
//go:build !consulent
|
2019-10-24 18:38:09 +00:00
|
|
|
// +build !consulent
|
|
|
|
|
|
|
|
package state
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2021-09-10 20:56:56 +00:00
|
|
|
"strings"
|
2019-10-24 18:38:09 +00:00
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
"github.com/hashicorp/go-memdb"
|
2019-10-24 18:38:09 +00:00
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
"github.com/hashicorp/consul/acl"
|
2021-01-29 01:05:09 +00:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
|
|
)
|
2019-10-24 18:38:09 +00:00
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func updateTableIndexEntries(tx WriteTxn, tableName string, modifyIndex uint64, _ *acl.EnterpriseMeta) error {
|
2021-09-23 19:26:09 +00:00
|
|
|
if err := indexUpdateMaxTxn(tx, modifyIndex, tableName); err != nil {
|
|
|
|
return fmt.Errorf("failed updating %s index: %v", tableName, err)
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclPolicyGetByID(tx ReadTxn, id string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
2021-03-16 19:29:30 +00:00
|
|
|
return tx.FirstWatch(tableACLPolicies, indexID, id)
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-03-08 22:41:10 +00:00
|
|
|
func aclPolicyDeleteWithPolicy(tx WriteTxn, policy *structs.ACLPolicy, idx uint64) error {
|
2019-10-24 18:38:09 +00:00
|
|
|
// remove the policy
|
2021-03-16 18:53:56 +00:00
|
|
|
if err := tx.Delete(tableACLPolicies, policy); err != nil {
|
2019-10-24 18:38:09 +00:00
|
|
|
return fmt.Errorf("failed deleting acl policy: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// update the overall acl-policies index
|
2021-03-16 18:53:56 +00:00
|
|
|
if err := indexUpdateMaxTxn(tx, idx, tableACLPolicies); err != nil {
|
2019-10-24 18:38:09 +00:00
|
|
|
return fmt.Errorf("failed updating acl policies index: %v", err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclPolicyMaxIndex(tx ReadTxn, _ *structs.ACLPolicy, _ *acl.EnterpriseMeta) uint64 {
|
2021-03-16 18:53:56 +00:00
|
|
|
return maxIndexTxn(tx, tableACLPolicies)
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-03-08 22:41:10 +00:00
|
|
|
func aclPolicyUpsertValidateEnterprise(ReadTxn, *structs.ACLPolicy, *structs.ACLPolicy) error {
|
2019-10-24 18:38:09 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Store) ACLPolicyUpsertValidateEnterprise(*structs.ACLPolicy, *structs.ACLPolicy) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
///// ACL Token Functions /////
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclTokenGetFromIndex(tx ReadTxn, id string, index string, entMeta *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
2021-09-10 13:10:11 +00:00
|
|
|
return tx.FirstWatch(tableACLTokens, index, id)
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclTokenListAll(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
2021-09-15 14:24:04 +00:00
|
|
|
return tx.Get(tableACLTokens, indexID)
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclTokenListByPolicy(tx ReadTxn, policy string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
2021-09-10 18:57:37 +00:00
|
|
|
return tx.Get(tableACLTokens, indexPolicies, Query{Value: policy})
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclTokenListByRole(tx ReadTxn, role string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
2021-09-10 20:04:33 +00:00
|
|
|
return tx.Get(tableACLTokens, indexRoles, Query{Value: role})
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclTokenListByAuthMethod(tx ReadTxn, authMethod string, _, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
2021-09-10 20:56:56 +00:00
|
|
|
return tx.Get(tableACLTokens, indexAuthMethod, AuthMethodQuery{Value: authMethod})
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-03-08 22:41:10 +00:00
|
|
|
func aclTokenDeleteWithToken(tx WriteTxn, token *structs.ACLToken, idx uint64) error {
|
2019-10-24 18:38:09 +00:00
|
|
|
// remove the token
|
2021-09-10 13:10:11 +00:00
|
|
|
if err := tx.Delete(tableACLTokens, token); err != nil {
|
2019-10-24 18:38:09 +00:00
|
|
|
return fmt.Errorf("failed deleting acl token: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// update the overall acl-tokens index
|
2021-09-10 13:10:11 +00:00
|
|
|
if err := indexUpdateMaxTxn(tx, idx, tableACLTokens); err != nil {
|
2019-10-24 18:38:09 +00:00
|
|
|
return fmt.Errorf("failed updating acl tokens index: %v", err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclTokenMaxIndex(tx ReadTxn, _ *structs.ACLToken, entMeta *acl.EnterpriseMeta) uint64 {
|
2021-09-10 13:10:11 +00:00
|
|
|
return maxIndexTxn(tx, tableACLTokens)
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-03-08 22:41:10 +00:00
|
|
|
func aclTokenUpsertValidateEnterprise(tx WriteTxn, token *structs.ACLToken, existing *structs.ACLToken) error {
|
2019-10-24 18:38:09 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Store) ACLTokenUpsertValidateEnterprise(token *structs.ACLToken, existing *structs.ACLToken) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
///// ACL Role Functions /////
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclRoleGetByID(tx ReadTxn, id string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
2021-03-16 20:39:22 +00:00
|
|
|
return tx.FirstWatch(tableACLRoles, indexID, id)
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-03-08 22:41:10 +00:00
|
|
|
func aclRoleDeleteWithRole(tx WriteTxn, role *structs.ACLRole, idx uint64) error {
|
2019-10-24 18:38:09 +00:00
|
|
|
// remove the role
|
2021-03-16 20:39:22 +00:00
|
|
|
if err := tx.Delete(tableACLRoles, role); err != nil {
|
2019-10-24 18:38:09 +00:00
|
|
|
return fmt.Errorf("failed deleting acl role: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// update the overall acl-roles index
|
2021-03-16 20:39:22 +00:00
|
|
|
if err := indexUpdateMaxTxn(tx, idx, tableACLRoles); err != nil {
|
2019-10-24 18:38:09 +00:00
|
|
|
return fmt.Errorf("failed updating acl policies index: %v", err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclRoleMaxIndex(tx ReadTxn, _ *structs.ACLRole, _ *acl.EnterpriseMeta) uint64 {
|
2021-03-16 20:39:22 +00:00
|
|
|
return maxIndexTxn(tx, tableACLRoles)
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-03-08 22:41:10 +00:00
|
|
|
func aclRoleUpsertValidateEnterprise(tx WriteTxn, role *structs.ACLRole, existing *structs.ACLRole) error {
|
2019-10-24 18:38:09 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Store) ACLRoleUpsertValidateEnterprise(role *structs.ACLRole, existing *structs.ACLRole) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
///// ACL Binding Rule Functions /////
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclBindingRuleGetByID(tx ReadTxn, id string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
2021-09-15 20:26:08 +00:00
|
|
|
return tx.FirstWatch(tableACLBindingRules, indexID, id)
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclBindingRuleList(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
2021-09-15 20:26:08 +00:00
|
|
|
return tx.Get(tableACLBindingRules, indexID)
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclBindingRuleListByAuthMethod(tx ReadTxn, method string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
2021-09-15 13:34:19 +00:00
|
|
|
return tx.Get(tableACLBindingRules, indexAuthMethod, Query{Value: method})
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-03-08 22:41:10 +00:00
|
|
|
func aclBindingRuleDeleteWithRule(tx WriteTxn, rule *structs.ACLBindingRule, idx uint64) error {
|
2021-09-15 13:34:19 +00:00
|
|
|
// remove the acl-binding-rule
|
|
|
|
if err := tx.Delete(tableACLBindingRules, rule); err != nil {
|
2019-10-24 18:38:09 +00:00
|
|
|
return fmt.Errorf("failed deleting acl binding rule: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// update the overall acl-binding-rules index
|
2021-09-15 13:34:19 +00:00
|
|
|
if err := indexUpdateMaxTxn(tx, idx, tableACLBindingRules); err != nil {
|
2019-10-24 18:38:09 +00:00
|
|
|
return fmt.Errorf("failed updating acl binding rules index: %v", err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclBindingRuleMaxIndex(tx ReadTxn, _ *structs.ACLBindingRule, entMeta *acl.EnterpriseMeta) uint64 {
|
2021-09-15 13:34:19 +00:00
|
|
|
return maxIndexTxn(tx, tableACLBindingRules)
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-03-08 22:41:10 +00:00
|
|
|
func aclBindingRuleUpsertValidateEnterprise(tx ReadTxn, rule *structs.ACLBindingRule, existing *structs.ACLBindingRule) error {
|
2019-10-24 18:38:09 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Store) ACLBindingRuleUpsertValidateEnterprise(rule *structs.ACLBindingRule, existing *structs.ACLBindingRule) error {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
///// ACL Auth Method Functions /////
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclAuthMethodGetByName(tx ReadTxn, method string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
2021-09-22 20:19:20 +00:00
|
|
|
return tx.FirstWatch(tableACLAuthMethods, indexID, Query{Value: method})
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclAuthMethodList(tx ReadTxn, entMeta *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
2021-09-22 20:19:20 +00:00
|
|
|
return tx.Get(tableACLAuthMethods, indexID)
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-03-08 22:41:10 +00:00
|
|
|
func aclAuthMethodDeleteWithMethod(tx WriteTxn, method *structs.ACLAuthMethod, idx uint64) error {
|
2019-10-24 18:38:09 +00:00
|
|
|
// remove the method
|
2021-09-22 20:19:20 +00:00
|
|
|
if err := tx.Delete(tableACLAuthMethods, method); err != nil {
|
2019-10-24 18:38:09 +00:00
|
|
|
return fmt.Errorf("failed deleting acl auth method: %v", err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// update the overall acl-auth-methods index
|
2021-09-22 20:19:20 +00:00
|
|
|
if err := indexUpdateMaxTxn(tx, idx, tableACLAuthMethods); err != nil {
|
2019-10-24 18:38:09 +00:00
|
|
|
return fmt.Errorf("failed updating acl auth methods index: %v", err)
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2022-04-05 21:10:06 +00:00
|
|
|
func aclAuthMethodMaxIndex(tx ReadTxn, _ *structs.ACLAuthMethod, entMeta *acl.EnterpriseMeta) uint64 {
|
2021-09-22 20:19:20 +00:00
|
|
|
return maxIndexTxn(tx, tableACLAuthMethods)
|
2019-10-24 18:38:09 +00:00
|
|
|
}
|
|
|
|
|
2021-03-08 22:41:10 +00:00
|
|
|
func aclAuthMethodUpsertValidateEnterprise(_ ReadTxn, method *structs.ACLAuthMethod, existing *structs.ACLAuthMethod) error {
|
2019-10-24 18:38:09 +00:00
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *Store) ACLAuthMethodUpsertValidateEnterprise(method *structs.ACLAuthMethod, existing *structs.ACLAuthMethod) error {
|
|
|
|
return nil
|
|
|
|
}
|
2021-09-10 20:56:56 +00:00
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexAuthMethodFromACLToken(t *structs.ACLToken) ([]byte, error) {
|
|
|
|
if t.AuthMethod == "" {
|
2021-09-10 20:56:56 +00:00
|
|
|
return nil, errMissingValueForIndex
|
|
|
|
}
|
|
|
|
|
|
|
|
var b indexBuilder
|
2022-06-23 15:07:19 +00:00
|
|
|
b.String(strings.ToLower(t.AuthMethod))
|
2021-09-10 20:56:56 +00:00
|
|
|
|
|
|
|
return b.Bytes(), nil
|
|
|
|
}
|