2014-04-27 19:56:06 +00:00
|
|
|
package consul
|
|
|
|
|
|
|
|
|
|
import (
|
2015-07-07 00:28:09 +00:00
|
|
|
"fmt"
|
|
|
|
|
|
2017-08-23 14:52:48 +00:00
|
|
|
"github.com/hashicorp/consul/acl"
|
pkg refactor
command/agent/* -> agent/*
command/consul/* -> agent/consul/*
command/agent/command{,_test}.go -> command/agent{,_test}.go
command/base/command.go -> command/base.go
command/base/* -> command/*
commands.go -> command/commands.go
The script which did the refactor is:
(
cd $GOPATH/src/github.com/hashicorp/consul
git mv command/agent/command.go command/agent.go
git mv command/agent/command_test.go command/agent_test.go
git mv command/agent/flag_slice_value{,_test}.go command/
git mv command/agent .
git mv command/base/command.go command/base.go
git mv command/base/config_util{,_test}.go command/
git mv commands.go command/
git mv consul agent
rmdir command/base/
gsed -i -e 's|package agent|package command|' command/agent{,_test}.go
gsed -i -e 's|package agent|package command|' command/flag_slice_value{,_test}.go
gsed -i -e 's|package base|package command|' command/base.go command/config_util{,_test}.go
gsed -i -e 's|package main|package command|' command/commands.go
gsed -i -e 's|base.Command|BaseCommand|' command/commands.go
gsed -i -e 's|agent.Command|AgentCommand|' command/commands.go
gsed -i -e 's|\tCommand:|\tBaseCommand:|' command/commands.go
gsed -i -e 's|base\.||' command/commands.go
gsed -i -e 's|command\.||' command/commands.go
gsed -i -e 's|command|c|' main.go
gsed -i -e 's|range Commands|range command.Commands|' main.go
gsed -i -e 's|Commands: Commands|Commands: command.Commands|' main.go
gsed -i -e 's|base\.BoolValue|BoolValue|' command/operator_autopilot_set.go
gsed -i -e 's|base\.DurationValue|DurationValue|' command/operator_autopilot_set.go
gsed -i -e 's|base\.StringValue|StringValue|' command/operator_autopilot_set.go
gsed -i -e 's|base\.UintValue|UintValue|' command/operator_autopilot_set.go
gsed -i -e 's|\bCommand\b|BaseCommand|' command/base.go
gsed -i -e 's|BaseCommand Options|Command Options|' command/base.go
gsed -i -e 's|base.Command|BaseCommand|' command/*.go
gsed -i -e 's|c\.Command|c.BaseCommand|g' command/*.go
gsed -i -e 's|\tCommand:|\tBaseCommand:|' command/*_test.go
gsed -i -e 's|base\.||' command/*_test.go
gsed -i -e 's|\bCommand\b|AgentCommand|' command/agent{,_test}.go
gsed -i -e 's|cmd.AgentCommand|cmd.BaseCommand|' command/agent.go
gsed -i -e 's|cli.AgentCommand = new(Command)|cli.Command = new(AgentCommand)|' command/agent_test.go
gsed -i -e 's|exec.AgentCommand|exec.Command|' command/agent_test.go
gsed -i -e 's|exec.BaseCommand|exec.Command|' command/agent_test.go
gsed -i -e 's|NewTestAgent|agent.NewTestAgent|' command/agent_test.go
gsed -i -e 's|= TestConfig|= agent.TestConfig|' command/agent_test.go
gsed -i -e 's|: RetryJoin|: agent.RetryJoin|' command/agent_test.go
gsed -i -e 's|\.\./\.\./|../|' command/config_util_test.go
gsed -i -e 's|\bverifyUniqueListeners|VerifyUniqueListeners|' agent/config{,_test}.go command/agent.go
gsed -i -e 's|\bserfLANKeyring\b|SerfLANKeyring|g' agent/{agent,keyring,testagent}.go command/agent.go
gsed -i -e 's|\bserfWANKeyring\b|SerfWANKeyring|g' agent/{agent,keyring,testagent}.go command/agent.go
gsed -i -e 's|\bNewAgent\b|agent.New|g' command/agent{,_test}.go
gsed -i -e 's|\bNewAgent|New|' agent/{acl_test,agent,testagent}.go
gsed -i -e 's|\bAgent\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bBool\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bConfig\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bDefaultConfig\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bDevConfig\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bMergeConfig\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bReadConfigPaths\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bParseMetaPair\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bSerfLANKeyring\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bSerfWANKeyring\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|circonus\.agent|circonus|g' command/agent{,_test}.go
gsed -i -e 's|logger\.agent|logger|g' command/agent{,_test}.go
gsed -i -e 's|metrics\.agent|metrics|g' command/agent{,_test}.go
gsed -i -e 's|// agent.Agent|// agent|' command/agent{,_test}.go
gsed -i -e 's|a\.agent\.Config|a.Config|' command/agent{,_test}.go
gsed -i -e 's|agent\.AppendSliceValue|AppendSliceValue|' command/{configtest,validate}.go
gsed -i -e 's|consul/consul|agent/consul|' GNUmakefile
gsed -i -e 's|\.\./test|../../test|' agent/consul/server_test.go
# fix imports
f=$(grep -rl 'github.com/hashicorp/consul/command/agent' * | grep '\.go')
gsed -i -e 's|github.com/hashicorp/consul/command/agent|github.com/hashicorp/consul/agent|' $f
goimports -w $f
f=$(grep -rl 'github.com/hashicorp/consul/consul' * | grep '\.go')
gsed -i -e 's|github.com/hashicorp/consul/consul|github.com/hashicorp/consul/agent/consul|' $f
goimports -w $f
goimports -w command/*.go main.go
)
2017-06-09 22:28:28 +00:00
|
|
|
"github.com/hashicorp/consul/agent/consul/state"
|
2017-07-06 10:34:00 +00:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
2019-04-16 16:00:15 +00:00
|
|
|
bexpr "github.com/hashicorp/go-bexpr"
|
2020-01-28 23:50:41 +00:00
|
|
|
"github.com/hashicorp/go-hclog"
|
2017-01-24 17:06:51 +00:00
|
|
|
"github.com/hashicorp/go-memdb"
|
2017-08-14 14:36:07 +00:00
|
|
|
"github.com/hashicorp/go-multierror"
|
2014-10-02 06:09:00 +00:00
|
|
|
"github.com/hashicorp/serf/serf"
|
2014-04-27 19:56:06 +00:00
|
|
|
)
|
|
|
|
|
|
2014-04-28 21:44:36 +00:00
|
|
|
// Internal endpoint is used to query the miscellaneous info that
|
2014-04-27 19:56:06 +00:00
|
|
|
// does not necessarily fit into the other systems. It is also
|
|
|
|
|
// used to hold undocumented APIs that users should not rely on.
|
2014-04-28 21:44:36 +00:00
|
|
|
type Internal struct {
|
2020-01-28 23:50:41 +00:00
|
|
|
srv *Server
|
|
|
|
|
logger hclog.Logger
|
2014-04-27 19:56:06 +00:00
|
|
|
}
|
|
|
|
|
|
2015-06-09 19:36:25 +00:00
|
|
|
// NodeInfo is used to retrieve information about a specific node.
|
2014-04-28 21:44:36 +00:00
|
|
|
func (m *Internal) NodeInfo(args *structs.NodeSpecificRequest,
|
2014-04-27 19:56:06 +00:00
|
|
|
reply *structs.IndexedNodeDump) error {
|
2014-04-28 21:44:36 +00:00
|
|
|
if done, err := m.srv.forward("Internal.NodeInfo", args, args, reply); done {
|
2014-04-27 19:56:06 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-24 17:06:51 +00:00
|
|
|
return m.srv.blockingQuery(
|
2015-10-13 03:48:50 +00:00
|
|
|
&args.QueryOptions,
|
2014-04-27 19:56:06 +00:00
|
|
|
&reply.QueryMeta,
|
2017-04-21 00:46:29 +00:00
|
|
|
func(ws memdb.WatchSet, state *state.Store) error {
|
2019-12-10 02:26:41 +00:00
|
|
|
index, dump, err := state.NodeInfo(ws, args.Node, &args.EnterpriseMeta)
|
2015-10-13 03:48:50 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reply.Index, reply.Dump = index, dump
|
2015-06-11 19:48:38 +00:00
|
|
|
return m.srv.filterACL(args.Token, reply)
|
2014-04-27 19:56:06 +00:00
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-09 19:36:25 +00:00
|
|
|
// NodeDump is used to generate information about all of the nodes.
|
2014-04-28 21:44:36 +00:00
|
|
|
func (m *Internal) NodeDump(args *structs.DCSpecificRequest,
|
2014-04-27 19:56:06 +00:00
|
|
|
reply *structs.IndexedNodeDump) error {
|
2014-04-28 21:44:36 +00:00
|
|
|
if done, err := m.srv.forward("Internal.NodeDump", args, args, reply); done {
|
2014-04-27 19:56:06 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-16 16:00:15 +00:00
|
|
|
filter, err := bexpr.CreateFilter(args.Filter, nil, reply.Dump)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2017-01-24 17:06:51 +00:00
|
|
|
return m.srv.blockingQuery(
|
2015-10-13 03:48:50 +00:00
|
|
|
&args.QueryOptions,
|
2014-04-27 19:56:06 +00:00
|
|
|
&reply.QueryMeta,
|
2017-04-21 00:46:29 +00:00
|
|
|
func(ws memdb.WatchSet, state *state.Store) error {
|
2019-12-10 02:26:41 +00:00
|
|
|
index, dump, err := state.NodeDump(ws, &args.EnterpriseMeta)
|
2015-10-13 03:48:50 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reply.Index, reply.Dump = index, dump
|
2019-04-16 16:00:15 +00:00
|
|
|
if err := m.srv.filterACL(args.Token, reply); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
raw, err := filter.Execute(reply.Dump)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reply.Dump = raw.(structs.NodeDump)
|
|
|
|
|
return nil
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
2019-06-20 19:04:39 +00:00
|
|
|
func (m *Internal) ServiceDump(args *structs.ServiceDumpRequest, reply *structs.IndexedCheckServiceNodes) error {
|
2019-04-16 16:00:15 +00:00
|
|
|
if done, err := m.srv.forward("Internal.ServiceDump", args, args, reply); done {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
filter, err := bexpr.CreateFilter(args.Filter, nil, reply.Nodes)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return m.srv.blockingQuery(
|
|
|
|
|
&args.QueryOptions,
|
|
|
|
|
&reply.QueryMeta,
|
|
|
|
|
func(ws memdb.WatchSet, state *state.Store) error {
|
2019-12-10 02:26:41 +00:00
|
|
|
index, nodes, err := state.ServiceDump(ws, args.ServiceKind, args.UseServiceKind, &args.EnterpriseMeta)
|
2019-04-16 16:00:15 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reply.Index, reply.Nodes = index, nodes
|
|
|
|
|
if err := m.srv.filterACL(args.Token, reply); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
raw, err := filter.Execute(reply.Nodes)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reply.Nodes = raw.(structs.CheckServiceNodes)
|
|
|
|
|
return nil
|
2014-04-27 19:56:06 +00:00
|
|
|
})
|
|
|
|
|
}
|
2014-08-28 22:00:49 +00:00
|
|
|
|
|
|
|
|
// EventFire is a bit of an odd endpoint, but it allows for a cross-DC RPC
|
|
|
|
|
// call to fire an event. The primary use case is to enable user events being
|
|
|
|
|
// triggered in a remote DC.
|
|
|
|
|
func (m *Internal) EventFire(args *structs.EventFireRequest,
|
|
|
|
|
reply *structs.EventFireResponse) error {
|
|
|
|
|
if done, err := m.srv.forward("Internal.EventFire", args, args, reply); done {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-18 01:57:17 +00:00
|
|
|
// Check ACLs
|
2018-10-19 16:04:07 +00:00
|
|
|
rule, err := m.srv.ResolveToken(args.Token)
|
2015-06-18 01:57:17 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-15 20:58:50 +00:00
|
|
|
if rule != nil && rule.EventWrite(args.Name, nil) != acl.Allow {
|
2020-01-27 19:54:32 +00:00
|
|
|
accessorID := m.aclAccessorID(args.Token)
|
2020-01-28 23:50:41 +00:00
|
|
|
m.logger.Warn("user event blocked by ACLs", "event", args.Name, "accessorID", accessorID)
|
2017-08-23 14:52:48 +00:00
|
|
|
return acl.ErrPermissionDenied
|
2015-06-18 01:57:17 +00:00
|
|
|
}
|
|
|
|
|
|
2014-08-28 22:00:49 +00:00
|
|
|
// Set the query meta data
|
|
|
|
|
m.srv.setQueryMeta(&reply.QueryMeta)
|
|
|
|
|
|
2015-07-14 18:38:12 +00:00
|
|
|
// Add the consul prefix to the event name
|
|
|
|
|
eventName := userEventName(args.Name)
|
|
|
|
|
|
2017-08-14 14:36:07 +00:00
|
|
|
// Fire the event on all LAN segments
|
|
|
|
|
segments := m.srv.LANSegments()
|
|
|
|
|
var errs error
|
|
|
|
|
for name, segment := range segments {
|
|
|
|
|
err := segment.UserEvent(eventName, args.Payload, false)
|
|
|
|
|
if err != nil {
|
|
|
|
|
err = fmt.Errorf("error broadcasting event to segment %q: %v", name, err)
|
|
|
|
|
errs = multierror.Append(errs, err)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return errs
|
2014-08-28 22:00:49 +00:00
|
|
|
}
|
2014-09-24 23:39:14 +00:00
|
|
|
|
2014-10-09 17:25:53 +00:00
|
|
|
// KeyringOperation will query the WAN and LAN gossip keyrings of all nodes.
|
2014-10-03 00:10:54 +00:00
|
|
|
func (m *Internal) KeyringOperation(
|
2014-09-25 01:30:34 +00:00
|
|
|
args *structs.KeyringRequest,
|
|
|
|
|
reply *structs.KeyringResponses) error {
|
2014-09-24 23:39:14 +00:00
|
|
|
|
2015-07-07 00:28:09 +00:00
|
|
|
// Check ACLs
|
2018-10-19 16:04:07 +00:00
|
|
|
rule, err := m.srv.ResolveToken(args.Token)
|
2015-07-07 00:28:09 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
2017-08-23 14:52:48 +00:00
|
|
|
if rule != nil {
|
2015-07-07 00:28:09 +00:00
|
|
|
switch args.Operation {
|
|
|
|
|
case structs.KeyringList:
|
2019-10-15 20:58:50 +00:00
|
|
|
if rule.KeyringRead(nil) != acl.Allow {
|
2015-07-07 00:28:09 +00:00
|
|
|
return fmt.Errorf("Reading keyring denied by ACLs")
|
|
|
|
|
}
|
|
|
|
|
case structs.KeyringInstall:
|
|
|
|
|
fallthrough
|
|
|
|
|
case structs.KeyringUse:
|
|
|
|
|
fallthrough
|
|
|
|
|
case structs.KeyringRemove:
|
2019-10-15 20:58:50 +00:00
|
|
|
if rule.KeyringWrite(nil) != acl.Allow {
|
2015-07-07 00:28:09 +00:00
|
|
|
return fmt.Errorf("Modifying keyring denied due to ACLs")
|
|
|
|
|
}
|
|
|
|
|
default:
|
|
|
|
|
panic("Invalid keyring operation")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-08-12 18:11:11 +00:00
|
|
|
// Validate use of local-only
|
|
|
|
|
if args.LocalOnly && args.Operation != structs.KeyringList {
|
|
|
|
|
// Error aggressively to be clear about LocalOnly behavior
|
|
|
|
|
return fmt.Errorf("argument error: LocalOnly can only be used for List operations")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// args.LocalOnly should always be false for non-GET requests
|
|
|
|
|
if !args.LocalOnly {
|
|
|
|
|
// Only perform WAN keyring querying and RPC forwarding once
|
|
|
|
|
if !args.Forwarded && m.srv.serfWAN != nil {
|
|
|
|
|
args.Forwarded = true
|
|
|
|
|
m.executeKeyringOp(args, reply, true)
|
|
|
|
|
return m.srv.globalRPC("Internal.KeyringOperation", args, reply)
|
|
|
|
|
}
|
2014-09-24 23:39:14 +00:00
|
|
|
}
|
|
|
|
|
|
2014-10-09 17:25:53 +00:00
|
|
|
// Query the LAN keyring of this node's DC
|
2014-10-08 20:28:59 +00:00
|
|
|
m.executeKeyringOp(args, reply, false)
|
2014-09-24 23:39:14 +00:00
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-14 14:36:07 +00:00
|
|
|
// executeKeyringOp executes the keyring-related operation in the request
|
|
|
|
|
// on either the WAN or LAN pools.
|
2014-10-05 20:59:27 +00:00
|
|
|
func (m *Internal) executeKeyringOp(
|
2014-09-25 01:30:34 +00:00
|
|
|
args *structs.KeyringRequest,
|
2014-10-05 20:59:27 +00:00
|
|
|
reply *structs.KeyringResponses,
|
|
|
|
|
wan bool) {
|
|
|
|
|
|
|
|
|
|
if wan {
|
2017-08-14 14:36:07 +00:00
|
|
|
mgr := m.srv.KeyManagerWAN()
|
2017-09-07 19:17:39 +00:00
|
|
|
m.executeKeyringOpMgr(mgr, args, reply, wan, "")
|
2014-10-05 20:59:27 +00:00
|
|
|
} else {
|
2017-08-14 14:36:07 +00:00
|
|
|
segments := m.srv.LANSegments()
|
2017-09-07 19:17:39 +00:00
|
|
|
for name, segment := range segments {
|
2017-08-14 14:36:07 +00:00
|
|
|
mgr := segment.KeyManager()
|
2017-09-07 19:17:39 +00:00
|
|
|
m.executeKeyringOpMgr(mgr, args, reply, wan, name)
|
2017-08-14 14:36:07 +00:00
|
|
|
}
|
2014-10-05 20:59:27 +00:00
|
|
|
}
|
2017-08-14 14:36:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// executeKeyringOpMgr executes the appropriate keyring-related function based on
|
|
|
|
|
// the type of keyring operation in the request. It takes the KeyManager as an
|
|
|
|
|
// argument, so it can handle any operation for either LAN or WAN pools.
|
|
|
|
|
func (m *Internal) executeKeyringOpMgr(
|
|
|
|
|
mgr *serf.KeyManager,
|
|
|
|
|
args *structs.KeyringRequest,
|
|
|
|
|
reply *structs.KeyringResponses,
|
2017-09-07 19:26:58 +00:00
|
|
|
wan bool,
|
|
|
|
|
segment string) {
|
2017-08-14 14:36:07 +00:00
|
|
|
var serfResp *serf.KeyResponse
|
|
|
|
|
var err error
|
2014-10-03 00:10:54 +00:00
|
|
|
|
2017-02-02 02:42:41 +00:00
|
|
|
opts := &serf.KeyRequestOptions{RelayFactor: args.RelayFactor}
|
2014-10-03 00:10:54 +00:00
|
|
|
switch args.Operation {
|
|
|
|
|
case structs.KeyringList:
|
2017-02-02 02:42:41 +00:00
|
|
|
serfResp, err = mgr.ListKeysWithOptions(opts)
|
2014-10-03 00:10:54 +00:00
|
|
|
case structs.KeyringInstall:
|
2017-02-02 02:42:41 +00:00
|
|
|
serfResp, err = mgr.InstallKeyWithOptions(args.Key, opts)
|
2014-10-03 00:10:54 +00:00
|
|
|
case structs.KeyringUse:
|
2017-02-02 02:42:41 +00:00
|
|
|
serfResp, err = mgr.UseKeyWithOptions(args.Key, opts)
|
2014-10-03 00:10:54 +00:00
|
|
|
case structs.KeyringRemove:
|
2017-02-02 02:42:41 +00:00
|
|
|
serfResp, err = mgr.RemoveKeyWithOptions(args.Key, opts)
|
2014-09-24 23:39:14 +00:00
|
|
|
}
|
|
|
|
|
|
2014-10-02 06:09:00 +00:00
|
|
|
errStr := ""
|
|
|
|
|
if err != nil {
|
|
|
|
|
errStr = err.Error()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
reply.Responses = append(reply.Responses, &structs.KeyringResponse{
|
|
|
|
|
WAN: wan,
|
2014-10-06 22:14:30 +00:00
|
|
|
Datacenter: m.srv.config.Datacenter,
|
2017-09-07 19:17:39 +00:00
|
|
|
Segment: segment,
|
2014-10-02 06:09:00 +00:00
|
|
|
Messages: serfResp.Messages,
|
|
|
|
|
Keys: serfResp.Keys,
|
|
|
|
|
NumNodes: serfResp.NumNodes,
|
|
|
|
|
Error: errStr,
|
|
|
|
|
})
|
|
|
|
|
}
|
2020-01-27 19:54:32 +00:00
|
|
|
|
|
|
|
|
// aclAccessorID is used to convert an ACLToken's secretID to its accessorID for non-
|
|
|
|
|
// critical purposes, such as logging. Therefore we interpret all errors as empty-string
|
|
|
|
|
// so we can safely log it without handling non-critical errors at the usage site.
|
|
|
|
|
func (m *Internal) aclAccessorID(secretID string) string {
|
|
|
|
|
_, ident, err := m.srv.ResolveIdentityFromToken(secretID)
|
2020-01-29 17:16:08 +00:00
|
|
|
if acl.IsErrNotFound(err) {
|
|
|
|
|
return ""
|
|
|
|
|
}
|
2020-01-27 19:54:32 +00:00
|
|
|
if err != nil {
|
2020-01-29 17:16:08 +00:00
|
|
|
m.logger.Debug("non-critical error resolving acl token accessor for logging", "error", err)
|
2020-01-27 19:54:32 +00:00
|
|
|
return ""
|
|
|
|
|
}
|
|
|
|
|
if ident == nil {
|
|
|
|
|
return ""
|
|
|
|
|
}
|
|
|
|
|
return ident.ID()
|
|
|
|
|
}
|