2014-08-06 00:50:36 +00:00
|
|
|
package agent
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
"strings"
|
2015-05-06 02:25:10 +00:00
|
|
|
|
|
|
|
"github.com/hashicorp/consul/consul/structs"
|
2014-08-06 00:50:36 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// aclCreateResponse is used to wrap the ACL ID
|
|
|
|
type aclCreateResponse struct {
|
|
|
|
ID string
|
|
|
|
}
|
|
|
|
|
2014-08-12 18:34:58 +00:00
|
|
|
// aclDisabled handles if ACL datacenter is not configured
|
|
|
|
func aclDisabled(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
|
|
|
resp.WriteHeader(401)
|
|
|
|
resp.Write([]byte("ACL support disabled"))
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
2014-08-18 19:05:01 +00:00
|
|
|
func (s *HTTPServer) ACLDestroy(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
2014-08-19 21:28:34 +00:00
|
|
|
// Mandate a PUT request
|
|
|
|
if req.Method != "PUT" {
|
|
|
|
resp.WriteHeader(405)
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
2014-08-06 00:50:36 +00:00
|
|
|
args := structs.ACLRequest{
|
2014-08-12 18:35:22 +00:00
|
|
|
Datacenter: s.agent.config.ACLDatacenter,
|
|
|
|
Op: structs.ACLDelete,
|
2014-08-06 00:50:36 +00:00
|
|
|
}
|
2014-08-12 18:35:22 +00:00
|
|
|
s.parseToken(req, &args.Token)
|
2014-08-06 00:50:36 +00:00
|
|
|
|
2014-08-06 17:30:47 +00:00
|
|
|
// Pull out the acl id
|
2014-08-18 19:05:01 +00:00
|
|
|
args.ACL.ID = strings.TrimPrefix(req.URL.Path, "/v1/acl/destroy/")
|
2014-08-06 00:50:36 +00:00
|
|
|
if args.ACL.ID == "" {
|
|
|
|
resp.WriteHeader(400)
|
|
|
|
resp.Write([]byte("Missing ACL"))
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
var out string
|
|
|
|
if err := s.agent.RPC("ACL.Apply", &args, &out); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return true, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *HTTPServer) ACLCreate(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
|
|
|
return s.aclSet(resp, req, false)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *HTTPServer) ACLUpdate(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
|
|
|
return s.aclSet(resp, req, true)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *HTTPServer) aclSet(resp http.ResponseWriter, req *http.Request, update bool) (interface{}, error) {
|
|
|
|
// Mandate a PUT request
|
|
|
|
if req.Method != "PUT" {
|
|
|
|
resp.WriteHeader(405)
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
args := structs.ACLRequest{
|
2014-08-12 18:35:22 +00:00
|
|
|
Datacenter: s.agent.config.ACLDatacenter,
|
|
|
|
Op: structs.ACLSet,
|
2014-08-06 00:50:36 +00:00
|
|
|
ACL: structs.ACL{
|
|
|
|
Type: structs.ACLTypeClient,
|
|
|
|
},
|
|
|
|
}
|
2014-08-12 18:35:22 +00:00
|
|
|
s.parseToken(req, &args.Token)
|
2014-08-06 00:50:36 +00:00
|
|
|
|
|
|
|
// Handle optional request body
|
|
|
|
if req.ContentLength > 0 {
|
|
|
|
if err := decodeBody(req, &args.ACL, nil); err != nil {
|
|
|
|
resp.WriteHeader(400)
|
|
|
|
resp.Write([]byte(fmt.Sprintf("Request decode failed: %v", err)))
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-05-06 02:25:10 +00:00
|
|
|
// Ensure there is an ID set for update. ID is optional for
|
|
|
|
// create, as one will be generated if not provided.
|
2014-08-06 00:50:36 +00:00
|
|
|
if update && args.ACL.ID == "" {
|
|
|
|
resp.WriteHeader(400)
|
|
|
|
resp.Write([]byte(fmt.Sprintf("ACL ID must be set")))
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create the acl, get the ID
|
|
|
|
var out string
|
|
|
|
if err := s.agent.RPC("ACL.Apply", &args, &out); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Format the response as a JSON object
|
|
|
|
return aclCreateResponse{out}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *HTTPServer) ACLClone(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
2014-08-19 21:28:34 +00:00
|
|
|
// Mandate a PUT request
|
|
|
|
if req.Method != "PUT" {
|
|
|
|
resp.WriteHeader(405)
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
2014-08-12 18:35:22 +00:00
|
|
|
args := structs.ACLSpecificRequest{
|
|
|
|
Datacenter: s.agent.config.ACLDatacenter,
|
|
|
|
}
|
|
|
|
var dc string
|
|
|
|
if done := s.parse(resp, req, &dc, &args.QueryOptions); done {
|
2014-08-06 00:50:36 +00:00
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
2014-08-06 17:30:47 +00:00
|
|
|
// Pull out the acl id
|
2014-08-06 00:50:36 +00:00
|
|
|
args.ACL = strings.TrimPrefix(req.URL.Path, "/v1/acl/clone/")
|
|
|
|
if args.ACL == "" {
|
|
|
|
resp.WriteHeader(400)
|
|
|
|
resp.Write([]byte("Missing ACL"))
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
var out structs.IndexedACLs
|
|
|
|
defer setMeta(resp, &out.QueryMeta)
|
|
|
|
if err := s.agent.RPC("ACL.Get", &args, &out); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Bail if the ACL is not found
|
|
|
|
if len(out.ACLs) == 0 {
|
|
|
|
resp.WriteHeader(404)
|
|
|
|
resp.Write([]byte(fmt.Sprintf("Target ACL not found")))
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Create a new ACL
|
|
|
|
createArgs := structs.ACLRequest{
|
|
|
|
Datacenter: args.Datacenter,
|
|
|
|
Op: structs.ACLSet,
|
|
|
|
ACL: *out.ACLs[0],
|
|
|
|
}
|
|
|
|
createArgs.ACL.ID = ""
|
2014-08-12 18:35:22 +00:00
|
|
|
createArgs.Token = args.Token
|
2014-08-06 00:50:36 +00:00
|
|
|
|
|
|
|
// Create the acl, get the ID
|
|
|
|
var outID string
|
|
|
|
if err := s.agent.RPC("ACL.Apply", &createArgs, &outID); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
// Format the response as a JSON object
|
|
|
|
return aclCreateResponse{outID}, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *HTTPServer) ACLGet(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
2014-08-12 18:35:22 +00:00
|
|
|
args := structs.ACLSpecificRequest{
|
|
|
|
Datacenter: s.agent.config.ACLDatacenter,
|
|
|
|
}
|
|
|
|
var dc string
|
|
|
|
if done := s.parse(resp, req, &dc, &args.QueryOptions); done {
|
2014-08-06 00:50:36 +00:00
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
2014-08-06 17:30:47 +00:00
|
|
|
// Pull out the acl id
|
2014-08-06 00:50:36 +00:00
|
|
|
args.ACL = strings.TrimPrefix(req.URL.Path, "/v1/acl/info/")
|
|
|
|
if args.ACL == "" {
|
|
|
|
resp.WriteHeader(400)
|
|
|
|
resp.Write([]byte("Missing ACL"))
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
var out structs.IndexedACLs
|
|
|
|
defer setMeta(resp, &out.QueryMeta)
|
|
|
|
if err := s.agent.RPC("ACL.Get", &args, &out); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2015-11-15 05:05:37 +00:00
|
|
|
|
|
|
|
// Use empty list instead of nil
|
|
|
|
if out.ACLs == nil {
|
|
|
|
out.ACLs = make(structs.ACLs, 0)
|
|
|
|
}
|
2014-08-06 00:50:36 +00:00
|
|
|
return out.ACLs, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (s *HTTPServer) ACLList(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
2014-08-12 18:35:22 +00:00
|
|
|
args := structs.DCSpecificRequest{
|
|
|
|
Datacenter: s.agent.config.ACLDatacenter,
|
|
|
|
}
|
|
|
|
var dc string
|
|
|
|
if done := s.parse(resp, req, &dc, &args.QueryOptions); done {
|
2014-08-06 00:50:36 +00:00
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
var out structs.IndexedACLs
|
|
|
|
defer setMeta(resp, &out.QueryMeta)
|
|
|
|
if err := s.agent.RPC("ACL.List", &args, &out); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
2015-11-15 05:05:37 +00:00
|
|
|
|
|
|
|
// Use empty list instead of nil
|
|
|
|
if out.ACLs == nil {
|
|
|
|
out.ACLs = make(structs.ACLs, 0)
|
|
|
|
}
|
2014-08-06 00:50:36 +00:00
|
|
|
return out.ACLs, nil
|
|
|
|
}
|
2016-08-05 04:32:36 +00:00
|
|
|
|
|
|
|
func (s *HTTPServer) ACLReplicationStatus(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
|
|
|
|
// Note that we do not forward to the ACL DC here. This is a query for
|
|
|
|
// any DC that's doing replication.
|
|
|
|
args := structs.DCSpecificRequest{}
|
|
|
|
s.parseSource(req, &args.Source)
|
|
|
|
if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
|
|
|
|
return nil, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Make the request.
|
|
|
|
var out structs.ACLReplicationStatus
|
|
|
|
if err := s.agent.RPC("ACL.ReplicationStatus", &args, &out); err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
return out, nil
|
|
|
|
}
|