open-consul/agent/grpc-external/services/resource/list.go

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0

package resource

import (
	"context"

	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/status"

	"github.com/hashicorp/consul/acl"
	"github.com/hashicorp/consul/internal/storage"
	"github.com/hashicorp/consul/proto-public/pbresource"
)

func (s *Server) List(ctx context.Context, req *pbresource.ListRequest) (*pbresource.ListResponse, error) {
	// check type
	reg, err := s.resolveType(req.Type)
	if err != nil {
		return nil, err
	}

	authz, err := s.getAuthorizer(tokenFromContext(ctx))
	if err != nil {
		return nil, err
	}

	// check acls
	err = reg.ACLs.List(authz, req.Tenancy)
	switch {
	case acl.IsErrPermissionDenied(err):
		return nil, status.Error(codes.PermissionDenied, err.Error())
	case err != nil:
		return nil, status.Errorf(codes.Internal, "failed list acl: %v", err)
	}

	resources, err := s.Backend.List(
		ctx,
		readConsistencyFrom(ctx),
		storage.UnversionedTypeFrom(req.Type),
		req.Tenancy,
		req.NamePrefix,
	)
	if err != nil {
		return nil, status.Errorf(codes.Internal, "failed list: %v", err)
	}

	result := make([]*pbresource.Resource, 0)
	for _, resource := range resources {
		// filter out non-matching GroupVersion
		if resource.Id.Type.GroupVersion != req.Type.GroupVersion {
			continue
		}

		// filter out items that don't pass read ACLs
		err = reg.ACLs.Read(authz, resource.Id)
		switch {
		case acl.IsErrPermissionDenied(err):
			continue
		case err != nil:
			return nil, status.Errorf(codes.Internal, "failed read acl: %v", err)
		}
		result = append(result, resource)
	}
	return &pbresource.ListResponse{Resources: result}, nil
}
Copyright headers for missing files/folders (#16708) * copyright headers for agent folder 2023-03-28 22:48:58 +00:00			`// Copyright (c) HashiCorp, Inc.`
			`// SPDX-License-Identifier: MPL-2.0`

Resource service List(..) endpoint (#16753) 2023-03-27 21:25:27 +00:00			`package resource`

			`import (`
			`"context"`

Check acls on resource `Read`, `List`, and `WatchList` (#16842) 2023-04-11 11:10:14 +00:00			`"google.golang.org/grpc/codes"`
			`"google.golang.org/grpc/status"`

			`"github.com/hashicorp/consul/acl"`
Resource service List(..) endpoint (#16753) 2023-03-27 21:25:27 +00:00			`"github.com/hashicorp/consul/internal/storage"`
			`"github.com/hashicorp/consul/proto-public/pbresource"`
			`)`

			`func (s Server) List(ctx context.Context, req pbresource.ListRequest) (*pbresource.ListResponse, error) {`
Check acls on resource `Read`, `List`, and `WatchList` (#16842) 2023-04-11 11:10:14 +00:00			`// check type`
			`reg, err := s.resolveType(req.Type)`
			`if err != nil {`
Resource service List(..) endpoint (#16753) 2023-03-27 21:25:27 +00:00			`return nil, err`
			`}`

Check acls on resource `Read`, `List`, and `WatchList` (#16842) 2023-04-11 11:10:14 +00:00			`authz, err := s.getAuthorizer(tokenFromContext(ctx))`
Resource service List(..) endpoint (#16753) 2023-03-27 21:25:27 +00:00			`if err != nil {`
			`return nil, err`
			`}`

Check acls on resource `Read`, `List`, and `WatchList` (#16842) 2023-04-11 11:10:14 +00:00			`// check acls`
			`err = reg.ACLs.List(authz, req.Tenancy)`
			`switch {`
			`case acl.IsErrPermissionDenied(err):`
			`return nil, status.Error(codes.PermissionDenied, err.Error())`
			`case err != nil:`
			`return nil, status.Errorf(codes.Internal, "failed list acl: %v", err)`
			`}`

			`resources, err := s.Backend.List(`
			`ctx,`
			`readConsistencyFrom(ctx),`
			`storage.UnversionedTypeFrom(req.Type),`
			`req.Tenancy,`
			`req.NamePrefix,`
			`)`
			`if err != nil {`
			`return nil, status.Errorf(codes.Internal, "failed list: %v", err)`
			`}`

Resource service List(..) endpoint (#16753) 2023-03-27 21:25:27 +00:00			`result := make([]*pbresource.Resource, 0)`
			`for _, resource := range resources {`
Check acls on resource `Read`, `List`, and `WatchList` (#16842) 2023-04-11 11:10:14 +00:00			`// filter out non-matching GroupVersion`
			`if resource.Id.Type.GroupVersion != req.Type.GroupVersion {`
			`continue`
			`}`

			`// filter out items that don't pass read ACLs`
			`err = reg.ACLs.Read(authz, resource.Id)`
			`switch {`
			`case acl.IsErrPermissionDenied(err):`
			`continue`
			`case err != nil:`
			`return nil, status.Errorf(codes.Internal, "failed read acl: %v", err)`
Resource service List(..) endpoint (#16753) 2023-03-27 21:25:27 +00:00			`}`
Check acls on resource `Read`, `List`, and `WatchList` (#16842) 2023-04-11 11:10:14 +00:00			`result = append(result, resource)`
Resource service List(..) endpoint (#16753) 2023-03-27 21:25:27 +00:00			`}`
			`return &pbresource.ListResponse{Resources: result}, nil`
			`}`