open-consul/agent/consul/state/acl_schema.go

package state

import (
	"fmt"
	"strings"

	"github.com/hashicorp/go-memdb"

	"github.com/hashicorp/consul/agent/structs"
)

const (
	tableACLTokens       = "acl-tokens"
	tableACLPolicies     = "acl-policies"
	tableACLRoles        = "acl-roles"
	tableACLBindingRules = "acl-binding-rules"
	tableACLAuthMethods  = "acl-auth-methods"

	indexAccessor      = "accessor"
	indexPolicies      = "policies"
	indexRoles         = "roles"
	indexAuthMethod    = "authmethod"
	indexLocality      = "locality"
	indexName          = "name"
	indexExpiresGlobal = "expires-global"
	indexExpiresLocal  = "expires-local"
)

func tokensTableSchema() *memdb.TableSchema {
	return &memdb.TableSchema{
		Name: tableACLTokens,
		Indexes: map[string]*memdb.IndexSchema{
			indexAccessor: {
				Name: indexAccessor,
				// DEPRECATED (ACL-Legacy-Compat) - we should not AllowMissing here once legacy compat is removed
				AllowMissing: true,
				Unique:       true,
				Indexer: indexerSingle{
					readIndex:  readIndex(indexFromUUIDString),
					writeIndex: writeIndex(indexAccessorIDFromACLToken),
				},
			},
			indexID: {
				Name:         indexID,
				AllowMissing: false,
				Unique:       true,
				Indexer: indexerSingle{
					readIndex:  readIndex(indexFromStringCaseSensitive),
					writeIndex: writeIndex(indexSecretIDFromACLToken),
				},
			},
			indexPolicies: {
				Name: indexPolicies,
				// Need to allow missing for the anonymous token
				AllowMissing: true,
				Unique:       false,
				Indexer: indexerMulti{
					readIndex:       readIndex(indexFromUUIDQuery),
					writeIndexMulti: writeIndexMulti(indexPoliciesFromACLToken),
				},
			},
			indexRoles: {
				Name:         indexRoles,
				AllowMissing: true,
				Unique:       false,
				Indexer: indexerMulti{
					readIndex:       readIndex(indexFromUUIDQuery),
					writeIndexMulti: writeIndexMulti(indexRolesFromACLToken),
				},
			},
			indexAuthMethod: {
				Name:         indexAuthMethod,
				AllowMissing: true,
				Unique:       false,
				Indexer: indexerSingle{
					readIndex:  readIndex(indexFromAuthMethodQuery),
					writeIndex: writeIndex(indexAuthMethodFromACLToken),
				},
			},
			indexLocality: {
				Name:         indexLocality,
				AllowMissing: false,
				Unique:       false,
				Indexer: indexerSingle{
					readIndex:  readIndex(indexFromBoolQuery),
					writeIndex: writeIndex(indexLocalFromACLToken),
				},
			},
			indexExpiresGlobal: {
				Name:         indexExpiresGlobal,
				AllowMissing: true,
				Unique:       false,
				Indexer: indexerSingle{
					readIndex:  readIndex(indexFromTimeQuery),
					writeIndex: writeIndex(indexExpiresGlobalFromACLToken),
				},
			},
			indexExpiresLocal: {
				Name:         indexExpiresLocal,
				AllowMissing: true,
				Unique:       false,
				Indexer: indexerSingle{
					readIndex:  readIndex(indexFromTimeQuery),
					writeIndex: writeIndex(indexExpiresLocalFromACLToken),
				},
			},

			//DEPRECATED (ACL-Legacy-Compat) - This index is only needed while we support upgrading v1 to v2 acls
			// This table indexes all the ACL tokens that do not have an AccessorID
			"needs-upgrade": {
				Name:         "needs-upgrade",
				AllowMissing: false,
				Unique:       false,
				Indexer: &memdb.ConditionalIndex{
					Conditional: func(obj interface{}) (bool, error) {
						if token, ok := obj.(*structs.ACLToken); ok {
							return token.AccessorID == "", nil
						}
						return false, nil
					},
				},
			},
		},
	}
}

func policiesTableSchema() *memdb.TableSchema {
	return &memdb.TableSchema{
		Name: tableACLPolicies,
		Indexes: map[string]*memdb.IndexSchema{
			indexID: {
				Name:         indexID,
				AllowMissing: false,
				Unique:       true,
				Indexer: &memdb.UUIDFieldIndex{
					Field: "ID",
				},
			},
			indexName: {
				Name:         indexName,
				AllowMissing: false,
				Unique:       true,
				Indexer: indexerSingleWithPrefix{
					readIndex:   indexFromQuery,
					writeIndex:  indexNameFromACLPolicy,
					prefixIndex: prefixIndexFromQuery,
				},
			},
		},
	}
}

func indexNameFromACLPolicy(raw interface{}) ([]byte, error) {
	p, ok := raw.(*structs.ACLPolicy)
	if !ok {
		return nil, fmt.Errorf("unexpected type %T for structs.ACLPolicy index", raw)
	}

	if p.Name == "" {
		return nil, errMissingValueForIndex
	}

	var b indexBuilder
	b.String(strings.ToLower(p.Name))
	return b.Bytes(), nil
}

func rolesTableSchema() *memdb.TableSchema {
	return &memdb.TableSchema{
		Name: tableACLRoles,
		Indexes: map[string]*memdb.IndexSchema{
			indexID: {
				Name:         indexID,
				AllowMissing: false,
				Unique:       true,
				Indexer: &memdb.UUIDFieldIndex{
					Field: "ID",
				},
			},
			indexName: {
				Name:         indexName,
				AllowMissing: false,
				Unique:       true,
				Indexer: indexerSingleWithPrefix{
					readIndex:   indexFromQuery,
					writeIndex:  indexNameFromACLRole,
					prefixIndex: prefixIndexFromQuery,
				},
			},
			indexPolicies: {
				Name: indexPolicies,
				// Need to allow missing for the anonymous token
				AllowMissing: true,
				Unique:       false,
				Indexer: indexerMulti{
					readIndex:       indexFromUUIDQuery,
					writeIndexMulti: multiIndexPolicyFromACLRole,
				},
			},
		},
	}
}

func indexNameFromACLRole(raw interface{}) ([]byte, error) {
	p, ok := raw.(*structs.ACLRole)
	if !ok {
		return nil, fmt.Errorf("unexpected type %T for structs.ACLRole index", raw)
	}

	if p.Name == "" {
		return nil, errMissingValueForIndex
	}

	var b indexBuilder
	b.String(strings.ToLower(p.Name))
	return b.Bytes(), nil
}

func indexFromUUIDQuery(raw interface{}) ([]byte, error) {
	q, ok := raw.(Query)
	if !ok {
		return nil, fmt.Errorf("unexpected type %T for UUIDQuery index", raw)
	}
	return uuidStringToBytes(q.Value)
}

func prefixIndexFromUUIDQuery(arg interface{}) ([]byte, error) {
	switch v := arg.(type) {
	case *structs.EnterpriseMeta:
		return nil, nil
	case structs.EnterpriseMeta:
		return nil, nil
	case Query:
		return variableLengthUUIDStringToBytes(v.Value)
	}

	return nil, fmt.Errorf("unexpected type %T for Query prefix index", arg)
}

func multiIndexPolicyFromACLRole(raw interface{}) ([][]byte, error) {
	role, ok := raw.(*structs.ACLRole)
	if !ok {
		return nil, fmt.Errorf("unexpected type %T for structs.ACLRole index", raw)
	}

	count := len(role.Policies)
	if count == 0 {
		return nil, errMissingValueForIndex
	}

	vals := make([][]byte, 0, count)
	for _, link := range role.Policies {
		v, err := uuidStringToBytes(link.ID)
		if err != nil {
			return nil, err
		}
		vals = append(vals, v)
	}

	return vals, nil
}

func bindingRulesTableSchema() *memdb.TableSchema {
	return &memdb.TableSchema{
		Name: tableACLBindingRules,
		Indexes: map[string]*memdb.IndexSchema{
			indexID: {
				Name:         indexID,
				AllowMissing: false,
				Unique:       true,
				Indexer: &memdb.UUIDFieldIndex{
					Field: "ID",
				},
			},
			indexAuthMethod: {
				Name:         indexAuthMethod,
				AllowMissing: false,
				Unique:       false,
				Indexer: indexerSingle{
					readIndex:  indexFromQuery,
					writeIndex: indexAuthMethodFromACLBindingRule,
				},
			},
		},
	}
}

func indexAuthMethodFromACLBindingRule(raw interface{}) ([]byte, error) {
	p, ok := raw.(*structs.ACLBindingRule)
	if !ok {
		return nil, fmt.Errorf("unexpected type %T for structs.ACLBindingRule index", raw)
	}

	if p.AuthMethod == "" {
		return nil, errMissingValueForIndex
	}

	var b indexBuilder
	b.String(strings.ToLower(p.AuthMethod))
	return b.Bytes(), nil
}

func authMethodsTableSchema() *memdb.TableSchema {
	return &memdb.TableSchema{
		Name: tableACLAuthMethods,
		Indexes: map[string]*memdb.IndexSchema{
			indexID: {
				Name:         indexID,
				AllowMissing: false,
				Unique:       true,
				Indexer: &memdb.StringFieldIndex{
					Field:     "Name",
					Lowercase: true,
				},
			},
		},
	}
}

func indexFromUUIDString(raw interface{}) ([]byte, error) {
	index, ok := raw.(string)
	if !ok {
		return nil, fmt.Errorf("unexpected type %T for UUID string index", raw)
	}
	uuid, err := uuidStringToBytes(index)
	if err != nil {
		return nil, err
	}
	var b indexBuilder
	b.Raw(uuid)
	return b.Bytes(), nil
}

func indexAccessorIDFromACLToken(raw interface{}) ([]byte, error) {
	p, ok := raw.(*structs.ACLToken)
	if !ok {
		return nil, fmt.Errorf("unexpected type %T for structs.ACLToken index", raw)
	}

	if p.AccessorID == "" {
		return nil, errMissingValueForIndex
	}

	uuid, err := uuidStringToBytes(p.AccessorID)
	if err != nil {
		return nil, err
	}
	var b indexBuilder
	b.Raw(uuid)
	return b.Bytes(), nil
}

func indexSecretIDFromACLToken(raw interface{}) ([]byte, error) {
	p, ok := raw.(*structs.ACLToken)
	if !ok {
		return nil, fmt.Errorf("unexpected type %T for structs.ACLToken index", raw)
	}

	if p.SecretID == "" {
		return nil, errMissingValueForIndex
	}

	var b indexBuilder
	b.String(p.SecretID)
	return b.Bytes(), nil
}

func indexFromStringCaseSensitive(raw interface{}) ([]byte, error) {
	q, ok := raw.(string)
	if !ok {
		return nil, fmt.Errorf("unexpected type %T for string prefix query", raw)
	}

	var b indexBuilder
	b.String(q)
	return b.Bytes(), nil
}

func indexPoliciesFromACLToken(raw interface{}) ([][]byte, error) {
	token, ok := raw.(*structs.ACLToken)
	if !ok {
		return nil, fmt.Errorf("unexpected type %T for structs.ACLToken index", raw)
	}
	links := token.Policies

	numLinks := len(links)
	if numLinks == 0 {
		return nil, errMissingValueForIndex
	}

	vals := make([][]byte, numLinks)

	for i, link := range links {
		id, err := uuidStringToBytes(link.ID)
		if err != nil {
			return nil, err
		}
		vals[i] = id
	}

	return vals, nil
}

func indexRolesFromACLToken(raw interface{}) ([][]byte, error) {
	token, ok := raw.(*structs.ACLToken)
	if !ok {
		return nil, fmt.Errorf("unexpected type %T for structs.ACLToken index", raw)
	}
	links := token.Roles

	numLinks := len(links)
	if numLinks == 0 {
		return nil, errMissingValueForIndex
	}

	vals := make([][]byte, numLinks)

	for i, link := range links {
		id, err := uuidStringToBytes(link.ID)
		if err != nil {
			return nil, err
		}
		vals[i] = id
	}

	return vals, nil
}

func indexFromBoolQuery(raw interface{}) ([]byte, error) {
	q, ok := raw.(BoolQuery)
	if !ok {
		return nil, fmt.Errorf("unexpected type %T for BoolQuery index", raw)
	}
	var b indexBuilder
	b.Bool(q.Value)
	return b.Bytes(), nil
}

func indexLocalFromACLToken(raw interface{}) ([]byte, error) {
	p, ok := raw.(*structs.ACLToken)
	if !ok {
		return nil, fmt.Errorf("unexpected type %T for structs.ACLPolicy index", raw)
	}

	var b indexBuilder
	b.Bool(p.Local)
	return b.Bytes(), nil
}

func indexFromTimeQuery(arg interface{}) ([]byte, error) {
	p, ok := arg.(*TimeQuery)
	if !ok {
		return nil, fmt.Errorf("unexpected type %T for TimeQuery index", arg)
	}

	var b indexBuilder
	b.Time(p.Value)
	return b.Bytes(), nil
}

func indexExpiresLocalFromACLToken(raw interface{}) ([]byte, error) {
	return indexExpiresFromACLToken(raw, true)
}

func indexExpiresGlobalFromACLToken(raw interface{}) ([]byte, error) {
	return indexExpiresFromACLToken(raw, false)
}

func indexExpiresFromACLToken(raw interface{}, local bool) ([]byte, error) {
	p, ok := raw.(*structs.ACLToken)
	if !ok {
		return nil, fmt.Errorf("unexpected type %T for structs.ACLToken index", raw)
	}
	if p.Local != local {
		return nil, errMissingValueForIndex
	}
	if !p.HasExpirationTime() {
		return nil, errMissingValueForIndex
	}
	if p.ExpirationTime.Unix() < 0 {
		return nil, fmt.Errorf("token expiration time cannot be before the unix epoch: %s", p.ExpirationTime)
	}

	var b indexBuilder
	b.Time(*p.ExpirationTime)
	return b.Bytes(), nil
}
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`package state`

			`import (`
state: remove duplication in acl tables schema 2021-03-29 18:07:36 +00:00			`"fmt"`
			`"strings"`

state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`"github.com/hashicorp/go-memdb"`

			`"github.com/hashicorp/consul/agent/structs"`
			`)`

			`const (`
			`tableACLTokens = "acl-tokens"`
			`tableACLPolicies = "acl-policies"`
			`tableACLRoles = "acl-roles"`
			`tableACLBindingRules = "acl-binding-rules"`
			`tableACLAuthMethods = "acl-auth-methods"`

convert expiration indexed in ACLToken table to use `indexerSingle` (#11018) * move intFromBool to be available for oss * add expiry indexes * remove dead code: `TokenExpirationIndex` * fix remove indexer `TokenExpirationIndex` * fix rebase issue 2021-09-13 18:37:16 +00:00			`indexAccessor = "accessor"`
			`indexPolicies = "policies"`
			`indexRoles = "roles"`
			`indexAuthMethod = "authmethod"`
			`indexLocality = "locality"`
			`indexName = "name"`
			`indexExpiresGlobal = "expires-global"`
			`indexExpiresLocal = "expires-local"`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`)`

			`func tokensTableSchema() *memdb.TableSchema {`
			`return &memdb.TableSchema{`
			`Name: tableACLTokens,`
			`Indexes: map[string]*memdb.IndexSchema{`
convert indexAccessor to the new index (#11002) 2021-09-09 20:28:04 +00:00			`indexAccessor: {`
			`Name: indexAccessor,`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`// DEPRECATED (ACL-Legacy-Compat) - we should not AllowMissing here once legacy compat is removed`
			`AllowMissing: true,`
			`Unique: true,`
convert indexAccessor to the new index (#11002) 2021-09-09 20:28:04 +00:00			`Indexer: indexerSingle{`
			`readIndex: readIndex(indexFromUUIDString),`
			`writeIndex: writeIndex(indexAccessorIDFromACLToken),`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`},`
			`},`
			`indexID: {`
			`Name: indexID,`
			`AllowMissing: false,`
			`Unique: true,`
convert indexSecret to the new index (#11007) 2021-09-10 13:10:11 +00:00			`Indexer: indexerSingle{`
			`readIndex: readIndex(indexFromStringCaseSensitive),`
			`writeIndex: writeIndex(indexSecretIDFromACLToken),`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`},`
			`},`
			`indexPolicies: {`
			`Name: indexPolicies,`
			`// Need to allow missing for the anonymous token`
			`AllowMissing: true,`
			`Unique: false,`
convert indexPolicies in ACLTokens table to the new index (#11011) 2021-09-10 18:57:37 +00:00			`Indexer: indexerMulti{`
			`readIndex: readIndex(indexFromUUIDQuery),`
			`writeIndexMulti: writeIndexMulti(indexPoliciesFromACLToken),`
			`},`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`},`
			`indexRoles: {`
			`Name: indexRoles,`
			`AllowMissing: true,`
			`Unique: false,`
convert `Roles` index to use `indexerMulti` (#11013) * convert `Roles` index to use `indexerMulti` * add role test in oss * fix oss to use the right index func * preallocate slice 2021-09-10 20:04:33 +00:00			`Indexer: indexerMulti{`
			`readIndex: readIndex(indexFromUUIDQuery),`
			`writeIndexMulti: writeIndexMulti(indexRolesFromACLToken),`
			`},`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`},`
			`indexAuthMethod: {`
			`Name: indexAuthMethod,`
			`AllowMissing: true,`
			`Unique: false,`
convert `indexAuthMethod` index to use `indexerSingle` (#11014) * convert `Roles` index to use `indexerSingle` * fix oss build * split authmethod write indexer to oss and ent * add auth method unit tests 2021-09-10 20:56:56 +00:00			`Indexer: indexerSingle{`
			`readIndex: readIndex(indexFromAuthMethodQuery),`
			`writeIndex: writeIndex(indexAuthMethodFromACLToken),`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`},`
			`},`
add locality indexer partitioning (#11016) * convert `Roles` index to use `indexerSingle` * split authmethod write indexer to oss and ent * add index locality * add locality unit tests * move intFromBool to be available for oss * use Bool func * refactor `aclTokenList` to merge func 2021-09-13 15:53:00 +00:00			`indexLocality: {`
			`Name: indexLocality,`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`AllowMissing: false,`
			`Unique: false,`
add locality indexer partitioning (#11016) * convert `Roles` index to use `indexerSingle` * split authmethod write indexer to oss and ent * add index locality * add locality unit tests * move intFromBool to be available for oss * use Bool func * refactor `aclTokenList` to merge func 2021-09-13 15:53:00 +00:00			`Indexer: indexerSingle{`
			`readIndex: readIndex(indexFromBoolQuery),`
			`writeIndex: writeIndex(indexLocalFromACLToken),`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`},`
			`},`
convert expiration indexed in ACLToken table to use `indexerSingle` (#11018) * move intFromBool to be available for oss * add expiry indexes * remove dead code: `TokenExpirationIndex` * fix remove indexer `TokenExpirationIndex` * fix rebase issue 2021-09-13 18:37:16 +00:00			`indexExpiresGlobal: {`
			`Name: indexExpiresGlobal,`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`AllowMissing: true,`
			`Unique: false,`
convert expiration indexed in ACLToken table to use `indexerSingle` (#11018) * move intFromBool to be available for oss * add expiry indexes * remove dead code: `TokenExpirationIndex` * fix remove indexer `TokenExpirationIndex` * fix rebase issue 2021-09-13 18:37:16 +00:00			`Indexer: indexerSingle{`
			`readIndex: readIndex(indexFromTimeQuery),`
			`writeIndex: writeIndex(indexExpiresGlobalFromACLToken),`
			`},`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`},`
convert expiration indexed in ACLToken table to use `indexerSingle` (#11018) * move intFromBool to be available for oss * add expiry indexes * remove dead code: `TokenExpirationIndex` * fix remove indexer `TokenExpirationIndex` * fix rebase issue 2021-09-13 18:37:16 +00:00			`indexExpiresLocal: {`
			`Name: indexExpiresLocal,`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`AllowMissing: true,`
			`Unique: false,`
convert expiration indexed in ACLToken table to use `indexerSingle` (#11018) * move intFromBool to be available for oss * add expiry indexes * remove dead code: `TokenExpirationIndex` * fix remove indexer `TokenExpirationIndex` * fix rebase issue 2021-09-13 18:37:16 +00:00			`Indexer: indexerSingle{`
			`readIndex: readIndex(indexFromTimeQuery),`
			`writeIndex: writeIndex(indexExpiresLocalFromACLToken),`
			`},`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`},`

			`//DEPRECATED (ACL-Legacy-Compat) - This index is only needed while we support upgrading v1 to v2 acls`
			`// This table indexes all the ACL tokens that do not have an AccessorID`
			`"needs-upgrade": {`
			`Name: "needs-upgrade",`
			`AllowMissing: false,`
			`Unique: false,`
			`Indexer: &memdb.ConditionalIndex{`
			`Conditional: func(obj interface{}) (bool, error) {`
			`if token, ok := obj.(*structs.ACLToken); ok {`
			`return token.AccessorID == "", nil`
			`}`
			`return false, nil`
			`},`
			`},`
			`},`
			`},`
			`}`
			`}`

			`func policiesTableSchema() *memdb.TableSchema {`
			`return &memdb.TableSchema{`
			`Name: tableACLPolicies,`
			`Indexes: map[string]*memdb.IndexSchema{`
			`indexID: {`
			`Name: indexID,`
			`AllowMissing: false,`
			`Unique: true,`
			`Indexer: &memdb.UUIDFieldIndex{`
			`Field: "ID",`
			`},`
			`},`
			`indexName: {`
			`Name: indexName,`
			`AllowMissing: false,`
			`Unique: true,`
state: convert acl-policies table to new pattern 2021-03-16 19:29:30 +00:00			`Indexer: indexerSingleWithPrefix{`
state: remove duplication in acl tables schema 2021-03-29 18:07:36 +00:00			`readIndex: indexFromQuery,`
			`writeIndex: indexNameFromACLPolicy,`
			`prefixIndex: prefixIndexFromQuery,`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`},`
			`},`
			`},`
			`}`
			`}`

state: remove duplication in acl tables schema 2021-03-29 18:07:36 +00:00			`func indexNameFromACLPolicy(raw interface{}) ([]byte, error) {`
			`p, ok := raw.(*structs.ACLPolicy)`
			`if !ok {`
			`return nil, fmt.Errorf("unexpected type %T for structs.ACLPolicy index", raw)`
			`}`

			`if p.Name == "" {`
			`return nil, errMissingValueForIndex`
			`}`

			`var b indexBuilder`
			`b.String(strings.ToLower(p.Name))`
			`return b.Bytes(), nil`
			`}`

state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`func rolesTableSchema() *memdb.TableSchema {`
			`return &memdb.TableSchema{`
			`Name: tableACLRoles,`
			`Indexes: map[string]*memdb.IndexSchema{`
			`indexID: {`
			`Name: indexID,`
			`AllowMissing: false,`
			`Unique: true,`
			`Indexer: &memdb.UUIDFieldIndex{`
			`Field: "ID",`
			`},`
			`},`
			`indexName: {`
			`Name: indexName,`
			`AllowMissing: false,`
			`Unique: true,`
state: convert acl-roles.name index to the functional indexer pattern 2021-03-17 17:57:40 +00:00			`Indexer: indexerSingleWithPrefix{`
state: remove duplication in acl tables schema 2021-03-29 18:07:36 +00:00			`readIndex: indexFromQuery,`
			`writeIndex: indexNameFromACLRole,`
			`prefixIndex: prefixIndexFromQuery,`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`},`
			`},`
			`indexPolicies: {`
			`Name: indexPolicies,`
			`// Need to allow missing for the anonymous token`
			`AllowMissing: true,`
			`Unique: false,`
state: convert acl-roles.policies index to new pattern 2021-03-19 20:07:55 +00:00			`Indexer: indexerMulti{`
state: remove duplication in acl tables schema 2021-03-29 18:07:36 +00:00			`readIndex: indexFromUUIDQuery,`
			`writeIndexMulti: multiIndexPolicyFromACLRole,`
state: convert acl-roles.policies index to new pattern 2021-03-19 20:07:55 +00:00			`},`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`},`
			`},`
			`}`
			`}`

state: remove duplication in acl tables schema 2021-03-29 18:07:36 +00:00			`func indexNameFromACLRole(raw interface{}) ([]byte, error) {`
			`p, ok := raw.(*structs.ACLRole)`
			`if !ok {`
			`return nil, fmt.Errorf("unexpected type %T for structs.ACLRole index", raw)`
			`}`

			`if p.Name == "" {`
			`return nil, errMissingValueForIndex`
			`}`

			`var b indexBuilder`
			`b.String(strings.ToLower(p.Name))`
			`return b.Bytes(), nil`
			`}`

			`func indexFromUUIDQuery(raw interface{}) ([]byte, error) {`
			`q, ok := raw.(Query)`
			`if !ok {`
			`return nil, fmt.Errorf("unexpected type %T for UUIDQuery index", raw)`
			`}`
			`return uuidStringToBytes(q.Value)`
			`}`

state: partition the nodes.uuid and nodes.meta indexes as well (#10882) 2021-08-19 21:17:59 +00:00			`func prefixIndexFromUUIDQuery(arg interface{}) ([]byte, error) {`
			`switch v := arg.(type) {`
			`case *structs.EnterpriseMeta:`
			`return nil, nil`
			`case structs.EnterpriseMeta:`
			`return nil, nil`
			`case Query:`
			`return variableLengthUUIDStringToBytes(v.Value)`
			`}`

			`return nil, fmt.Errorf("unexpected type %T for Query prefix index", arg)`
			`}`

state: remove duplication in acl tables schema 2021-03-29 18:07:36 +00:00			`func multiIndexPolicyFromACLRole(raw interface{}) ([][]byte, error) {`
			`role, ok := raw.(*structs.ACLRole)`
			`if !ok {`
			`return nil, fmt.Errorf("unexpected type %T for structs.ACLRole index", raw)`
			`}`

			`count := len(role.Policies)`
			`if count == 0 {`
			`return nil, errMissingValueForIndex`
			`}`

			`vals := make([][]byte, 0, count)`
			`for _, link := range role.Policies {`
			`v, err := uuidStringToBytes(link.ID)`
			`if err != nil {`
			`return nil, err`
			`}`
			`vals = append(vals, v)`
			`}`

			`return vals, nil`
			`}`

state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`func bindingRulesTableSchema() *memdb.TableSchema {`
			`return &memdb.TableSchema{`
			`Name: tableACLBindingRules,`
			`Indexes: map[string]*memdb.IndexSchema{`
			`indexID: {`
			`Name: indexID,`
			`AllowMissing: false,`
			`Unique: true,`
			`Indexer: &memdb.UUIDFieldIndex{`
			`Field: "ID",`
			`},`
			`},`
			`indexAuthMethod: {`
			`Name: indexAuthMethod,`
			`AllowMissing: false,`
			`Unique: false,`
Refactor `indexAuthMethod` in `tableACLBindingRules` (#11029) * Port consul-enterprise #1123 to OSS Signed-off-by: Mark Anderson <manderson@hashicorp.com> * Fixup missing query field Signed-off-by: Mark Anderson <manderson@hashicorp.com> * change to re-trigger ci system Signed-off-by: Mark Anderson <manderson@hashicorp.com> 2021-09-15 13:34:19 +00:00			`Indexer: indexerSingle{`
			`readIndex: indexFromQuery,`
			`writeIndex: indexAuthMethodFromACLBindingRule,`
state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`},`
			`},`
			`},`
			`}`
			`}`

Refactor `indexAuthMethod` in `tableACLBindingRules` (#11029) * Port consul-enterprise #1123 to OSS Signed-off-by: Mark Anderson <manderson@hashicorp.com> * Fixup missing query field Signed-off-by: Mark Anderson <manderson@hashicorp.com> * change to re-trigger ci system Signed-off-by: Mark Anderson <manderson@hashicorp.com> 2021-09-15 13:34:19 +00:00			`func indexAuthMethodFromACLBindingRule(raw interface{}) ([]byte, error) {`
			`p, ok := raw.(*structs.ACLBindingRule)`
			`if !ok {`
			`return nil, fmt.Errorf("unexpected type %T for structs.ACLBindingRule index", raw)`
			`}`

			`if p.AuthMethod == "" {`
			`return nil, errMissingValueForIndex`
			`}`

			`var b indexBuilder`
			`b.String(strings.ToLower(p.AuthMethod))`
			`return b.Bytes(), nil`
			`}`

state: Move ACL schema indexes to match Ent and use constants for table and index names. 2021-01-29 01:05:09 +00:00			`func authMethodsTableSchema() *memdb.TableSchema {`
			`return &memdb.TableSchema{`
			`Name: tableACLAuthMethods,`
			`Indexes: map[string]*memdb.IndexSchema{`
			`indexID: {`
			`Name: indexID,`
			`AllowMissing: false,`
			`Unique: true,`
			`Indexer: &memdb.StringFieldIndex{`
			`Field: "Name",`
			`Lowercase: true,`
			`},`
			`},`
			`},`
			`}`
			`}`
convert indexAccessor to the new index (#11002) 2021-09-09 20:28:04 +00:00
			`func indexFromUUIDString(raw interface{}) ([]byte, error) {`
			`index, ok := raw.(string)`
			`if !ok {`
			`return nil, fmt.Errorf("unexpected type %T for UUID string index", raw)`
			`}`
			`uuid, err := uuidStringToBytes(index)`
			`if err != nil {`
			`return nil, err`
			`}`
			`var b indexBuilder`
			`b.Raw(uuid)`
			`return b.Bytes(), nil`
			`}`

			`func indexAccessorIDFromACLToken(raw interface{}) ([]byte, error) {`
			`p, ok := raw.(*structs.ACLToken)`
			`if !ok {`
			`return nil, fmt.Errorf("unexpected type %T for structs.ACLToken index", raw)`
			`}`

			`if p.AccessorID == "" {`
			`return nil, errMissingValueForIndex`
			`}`

			`uuid, err := uuidStringToBytes(p.AccessorID)`
			`if err != nil {`
			`return nil, err`
			`}`
			`var b indexBuilder`
			`b.Raw(uuid)`
			`return b.Bytes(), nil`
			`}`
convert indexSecret to the new index (#11007) 2021-09-10 13:10:11 +00:00
			`func indexSecretIDFromACLToken(raw interface{}) ([]byte, error) {`
			`p, ok := raw.(*structs.ACLToken)`
			`if !ok {`
			`return nil, fmt.Errorf("unexpected type %T for structs.ACLToken index", raw)`
			`}`

			`if p.SecretID == "" {`
			`return nil, errMissingValueForIndex`
			`}`

			`var b indexBuilder`
			`b.String(p.SecretID)`
			`return b.Bytes(), nil`
			`}`

			`func indexFromStringCaseSensitive(raw interface{}) ([]byte, error) {`
			`q, ok := raw.(string)`
			`if !ok {`
			`return nil, fmt.Errorf("unexpected type %T for string prefix query", raw)`
			`}`

			`var b indexBuilder`
			`b.String(q)`
			`return b.Bytes(), nil`
			`}`
convert indexPolicies in ACLTokens table to the new index (#11011) 2021-09-10 18:57:37 +00:00
			`func indexPoliciesFromACLToken(raw interface{}) ([][]byte, error) {`
			`token, ok := raw.(*structs.ACLToken)`
			`if !ok {`
			`return nil, fmt.Errorf("unexpected type %T for structs.ACLToken index", raw)`
			`}`
			`links := token.Policies`

			`numLinks := len(links)`
			`if numLinks == 0 {`
			`return nil, errMissingValueForIndex`
			`}`

			`vals := make([][]byte, numLinks)`

			`for i, link := range links {`
			`id, err := uuidStringToBytes(link.ID)`
			`if err != nil {`
			`return nil, err`
			`}`
			`vals[i] = id`
			`}`

			`return vals, nil`
			`}`
convert `Roles` index to use `indexerMulti` (#11013) * convert `Roles` index to use `indexerMulti` * add role test in oss * fix oss to use the right index func * preallocate slice 2021-09-10 20:04:33 +00:00
			`func indexRolesFromACLToken(raw interface{}) ([][]byte, error) {`
			`token, ok := raw.(*structs.ACLToken)`
			`if !ok {`
			`return nil, fmt.Errorf("unexpected type %T for structs.ACLToken index", raw)`
			`}`
			`links := token.Roles`

			`numLinks := len(links)`
			`if numLinks == 0 {`
			`return nil, errMissingValueForIndex`
			`}`

			`vals := make([][]byte, numLinks)`

			`for i, link := range links {`
			`id, err := uuidStringToBytes(link.ID)`
			`if err != nil {`
			`return nil, err`
			`}`
			`vals[i] = id`
			`}`

			`return vals, nil`
			`}`
add locality indexer partitioning (#11016) * convert `Roles` index to use `indexerSingle` * split authmethod write indexer to oss and ent * add index locality * add locality unit tests * move intFromBool to be available for oss * use Bool func * refactor `aclTokenList` to merge func 2021-09-13 15:53:00 +00:00
			`func indexFromBoolQuery(raw interface{}) ([]byte, error) {`
			`q, ok := raw.(BoolQuery)`
			`if !ok {`
			`return nil, fmt.Errorf("unexpected type %T for BoolQuery index", raw)`
			`}`
			`var b indexBuilder`
			`b.Bool(q.Value)`
			`return b.Bytes(), nil`
			`}`

			`func indexLocalFromACLToken(raw interface{}) ([]byte, error) {`
			`p, ok := raw.(*structs.ACLToken)`
			`if !ok {`
			`return nil, fmt.Errorf("unexpected type %T for structs.ACLPolicy index", raw)`
			`}`

			`var b indexBuilder`
			`b.Bool(p.Local)`
			`return b.Bytes(), nil`
			`}`
convert expiration indexed in ACLToken table to use `indexerSingle` (#11018) * move intFromBool to be available for oss * add expiry indexes * remove dead code: `TokenExpirationIndex` * fix remove indexer `TokenExpirationIndex` * fix rebase issue 2021-09-13 18:37:16 +00:00
			`func indexFromTimeQuery(arg interface{}) ([]byte, error) {`
			`p, ok := arg.(*TimeQuery)`
			`if !ok {`
			`return nil, fmt.Errorf("unexpected type %T for TimeQuery index", arg)`
			`}`

			`var b indexBuilder`
			`b.Time(p.Value)`
			`return b.Bytes(), nil`
			`}`

			`func indexExpiresLocalFromACLToken(raw interface{}) ([]byte, error) {`
			`return indexExpiresFromACLToken(raw, true)`
			`}`

			`func indexExpiresGlobalFromACLToken(raw interface{}) ([]byte, error) {`
			`return indexExpiresFromACLToken(raw, false)`
			`}`

			`func indexExpiresFromACLToken(raw interface{}, local bool) ([]byte, error) {`
			`p, ok := raw.(*structs.ACLToken)`
			`if !ok {`
			`return nil, fmt.Errorf("unexpected type %T for structs.ACLToken index", raw)`
			`}`
			`if p.Local != local {`
			`return nil, errMissingValueForIndex`
			`}`
			`if !p.HasExpirationTime() {`
			`return nil, errMissingValueForIndex`
			`}`
			`if p.ExpirationTime.Unix() < 0 {`
			`return nil, fmt.Errorf("token expiration time cannot be before the unix epoch: %s", p.ExpirationTime)`
			`}`

			`var b indexBuilder`
			`b.Time(*p.ExpirationTime)`
			`return b.Bytes(), nil`
			`}`