luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/acl_endpoint.go

292 lines
7.4 KiB
Go
Raw Normal View History

agent: ACL endpoint
2014-08-06 00:50:36 +00:00
package agent
import (
"fmt"
"net/http"
"strings"
agent: Support ACL upserting
2015-05-06 02:25:10 +00:00
acl: consolidate error handling (#3401) The error handling of the ACL code relies on the presence of certain magic error messages. Since the error values are sent via RPC between older and newer consul agents we cannot just replace the magic values with typed errors and switch to type checks since this would break compatibility with older clients. Therefore, this patch moves all magic ACL error messages into the acl package and provides default error values and helper functions which determine the type of error.
2017-08-23 14:52:48 +00:00
"github.com/hashicorp/consul/acl"
agent: move agent/consul/structs to agent/structs
2017-07-06 10:34:00 +00:00
"github.com/hashicorp/consul/agent/structs"
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
)
// aclCreateResponse is used to wrap the ACL ID
type aclCreateResponse struct {
ID string
}
Moves ACL disabled response logic down into endpoints. This lets us make the registration of endpoints less fancy, on the road to adding a registration mechanism.
2017-11-28 21:47:30 +00:00
// checkACLDisabled will return a standard response if ACLs are disabled. This
// returns true if they are disabled and we should not continue.
func (s *HTTPServer) checkACLDisabled(resp http.ResponseWriter, req *http.Request) bool {
if s.agent.config.ACLDatacenter != "" {
return false
}
agent: drop status code comments
2017-08-23 19:19:11 +00:00
resp.WriteHeader(http.StatusUnauthorized)
Use fmt.Fprint/Fprintf/Fprintln Used the following rewrite rules: gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 14:07:42 +00:00
fmt.Fprint(resp, "ACL support disabled")
Moves ACL disabled response logic down into endpoints. This lets us make the registration of endpoints less fancy, on the road to adding a registration mechanism.
2017-11-28 21:47:30 +00:00
return true
agent: Special handler if ACL support is disabled
2014-08-12 18:34:58 +00:00
}
Adds a new /v1/acl/bootstrap API (#3349)
2017-08-03 00:05:18 +00:00
// ACLBootstrap is used to perform a one-time ACL bootstrap operation on
// a cluster to get the first management token.
func (s *HTTPServer) ACLBootstrap(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
Moves ACL disabled response logic down into endpoints. This lets us make the registration of endpoints less fancy, on the road to adding a registration mechanism.
2017-11-28 21:47:30 +00:00
if s.checkACLDisabled(resp, req) {
return nil, nil
}
Adds a new /v1/acl/bootstrap API (#3349)
2017-08-03 00:05:18 +00:00
if req.Method != "PUT" {
agent: consolidate handling of 405 Method Not Allowed (#3405) * agent: consolidate http method not allowed checks This patch uses the error handling of the http handlers to handle HTTP method not allowed errors across all available endpoints. It also adds a test for testing whether the endpoints respond with the correct status code. * agent: do not panic on metrics tests * agent: drop other tests for MethodNotAllowed * agent: align /agent/join with reality /agent/join uses PUT instead of GET as documented. * agent: align /agent/check/{fail,warn,pass} with reality /agent/check/{fail,warn,pass} uses PUT instead of GET as documented. * fix some tests * Drop more tests for method not allowed * Align TestAgent_RegisterService_InvalidAddress with reality * Changes API client join to use PUT instead of GET. * Fixes agent endpoint verbs and removes obsolete tests. * Updates the change log.
2017-09-26 06:11:19 +00:00
return nil, MethodNotAllowedError{req.Method, []string{"PUT"}}
Adds a new /v1/acl/bootstrap API (#3349)
2017-08-03 00:05:18 +00:00
}
args := structs.DCSpecificRequest{
Datacenter: s.agent.config.ACLDatacenter,
}
var out structs.ACL
err := s.agent.RPC("ACL.Bootstrap", &args, &out)
if err != nil {
if strings.Contains(err.Error(), structs.ACLBootstrapNotAllowedErr.Error()) {
resp.WriteHeader(http.StatusForbidden)
acl: consolidate error handling (#3401) The error handling of the ACL code relies on the presence of certain magic error messages. Since the error values are sent via RPC between older and newer consul agents we cannot just replace the magic values with typed errors and switch to type checks since this would break compatibility with older clients. Therefore, this patch moves all magic ACL error messages into the acl package and provides default error values and helper functions which determine the type of error.
2017-08-23 14:52:48 +00:00
fmt.Fprint(resp, acl.PermissionDeniedError{Cause: err.Error()}.Error())
Adds a new /v1/acl/bootstrap API (#3349)
2017-08-03 00:05:18 +00:00
return nil, nil
} else {
return nil, err
}
}
return aclCreateResponse{out.ID}, nil
}
agent: Rename acl delete to destroy
2014-08-18 19:05:01 +00:00
func (s *HTTPServer) ACLDestroy(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
Moves ACL disabled response logic down into endpoints. This lets us make the registration of endpoints less fancy, on the road to adding a registration mechanism.
2017-11-28 21:47:30 +00:00
if s.checkACLDisabled(resp, req) {
return nil, nil
}
agent: Strict PUT for modifying ACLs
2014-08-19 21:28:34 +00:00
if req.Method != "PUT" {
agent: consolidate handling of 405 Method Not Allowed (#3405) * agent: consolidate http method not allowed checks This patch uses the error handling of the http handlers to handle HTTP method not allowed errors across all available endpoints. It also adds a test for testing whether the endpoints respond with the correct status code. * agent: do not panic on metrics tests * agent: drop other tests for MethodNotAllowed * agent: align /agent/join with reality /agent/join uses PUT instead of GET as documented. * agent: align /agent/check/{fail,warn,pass} with reality /agent/check/{fail,warn,pass} uses PUT instead of GET as documented. * fix some tests * Drop more tests for method not allowed * Align TestAgent_RegisterService_InvalidAddress with reality * Changes API client join to use PUT instead of GET. * Fixes agent endpoint verbs and removes obsolete tests. * Updates the change log.
2017-09-26 06:11:19 +00:00
return nil, MethodNotAllowedError{req.Method, []string{"PUT"}}
agent: Strict PUT for modifying ACLs
2014-08-19 21:28:34 +00:00
}
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
args := structs.ACLRequest{
agent: Adding token parsing
2014-08-12 18:35:22 +00:00
Datacenter: s.agent.config.ACLDatacenter,
Op: structs.ACLDelete,
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
}
agent: Adding token parsing
2014-08-12 18:35:22 +00:00
s.parseToken(req, &args.Token)
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
agent: ACL endpoint tests
2014-08-06 17:30:47 +00:00
// Pull out the acl id
agent: Rename acl delete to destroy
2014-08-18 19:05:01 +00:00
args.ACL.ID = strings.TrimPrefix(req.URL.Path, "/v1/acl/destroy/")
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
if args.ACL.ID == "" {
agent: drop status code comments
2017-08-23 19:19:11 +00:00
resp.WriteHeader(http.StatusBadRequest)
Use fmt.Fprint/Fprintf/Fprintln Used the following rewrite rules: gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 14:07:42 +00:00
fmt.Fprint(resp, "Missing ACL")
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
return nil, nil
}
var out string
if err := s.agent.RPC("ACL.Apply", &args, &out); err != nil {
return nil, err
}
return true, nil
}
func (s *HTTPServer) ACLCreate(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
Moves ACL disabled response logic down into endpoints. This lets us make the registration of endpoints less fancy, on the road to adding a registration mechanism.
2017-11-28 21:47:30 +00:00
if s.checkACLDisabled(resp, req) {
return nil, nil
}
agent: consolidate handling of 405 Method Not Allowed (#3405) * agent: consolidate http method not allowed checks This patch uses the error handling of the http handlers to handle HTTP method not allowed errors across all available endpoints. It also adds a test for testing whether the endpoints respond with the correct status code. * agent: do not panic on metrics tests * agent: drop other tests for MethodNotAllowed * agent: align /agent/join with reality /agent/join uses PUT instead of GET as documented. * agent: align /agent/check/{fail,warn,pass} with reality /agent/check/{fail,warn,pass} uses PUT instead of GET as documented. * fix some tests * Drop more tests for method not allowed * Align TestAgent_RegisterService_InvalidAddress with reality * Changes API client join to use PUT instead of GET. * Fixes agent endpoint verbs and removes obsolete tests. * Updates the change log.
2017-09-26 06:11:19 +00:00
if req.Method != "PUT" {
return nil, MethodNotAllowedError{req.Method, []string{"PUT"}}
}
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
return s.aclSet(resp, req, false)
}
func (s *HTTPServer) ACLUpdate(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
Moves ACL disabled response logic down into endpoints. This lets us make the registration of endpoints less fancy, on the road to adding a registration mechanism.
2017-11-28 21:47:30 +00:00
if s.checkACLDisabled(resp, req) {
return nil, nil
}
agent: consolidate handling of 405 Method Not Allowed (#3405) * agent: consolidate http method not allowed checks This patch uses the error handling of the http handlers to handle HTTP method not allowed errors across all available endpoints. It also adds a test for testing whether the endpoints respond with the correct status code. * agent: do not panic on metrics tests * agent: drop other tests for MethodNotAllowed * agent: align /agent/join with reality /agent/join uses PUT instead of GET as documented. * agent: align /agent/check/{fail,warn,pass} with reality /agent/check/{fail,warn,pass} uses PUT instead of GET as documented. * fix some tests * Drop more tests for method not allowed * Align TestAgent_RegisterService_InvalidAddress with reality * Changes API client join to use PUT instead of GET. * Fixes agent endpoint verbs and removes obsolete tests. * Updates the change log.
2017-09-26 06:11:19 +00:00
if req.Method != "PUT" {
return nil, MethodNotAllowedError{req.Method, []string{"PUT"}}
}
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
return s.aclSet(resp, req, true)
}
func (s *HTTPServer) aclSet(resp http.ResponseWriter, req *http.Request, update bool) (interface{}, error) {
if req.Method != "PUT" {
agent: consolidate handling of 405 Method Not Allowed (#3405) * agent: consolidate http method not allowed checks This patch uses the error handling of the http handlers to handle HTTP method not allowed errors across all available endpoints. It also adds a test for testing whether the endpoints respond with the correct status code. * agent: do not panic on metrics tests * agent: drop other tests for MethodNotAllowed * agent: align /agent/join with reality /agent/join uses PUT instead of GET as documented. * agent: align /agent/check/{fail,warn,pass} with reality /agent/check/{fail,warn,pass} uses PUT instead of GET as documented. * fix some tests * Drop more tests for method not allowed * Align TestAgent_RegisterService_InvalidAddress with reality * Changes API client join to use PUT instead of GET. * Fixes agent endpoint verbs and removes obsolete tests. * Updates the change log.
2017-09-26 06:11:19 +00:00
return nil, MethodNotAllowedError{req.Method, []string{"PUT"}}
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
}
args := structs.ACLRequest{
agent: Adding token parsing
2014-08-12 18:35:22 +00:00
Datacenter: s.agent.config.ACLDatacenter,
Op: structs.ACLSet,
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
ACL: structs.ACL{
Type: structs.ACLTypeClient,
},
}
agent: Adding token parsing
2014-08-12 18:35:22 +00:00
s.parseToken(req, &args.Token)
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
// Handle optional request body
if req.ContentLength > 0 {
if err := decodeBody(req, &args.ACL, nil); err != nil {
agent: drop status code comments
2017-08-23 19:19:11 +00:00
resp.WriteHeader(http.StatusBadRequest)
Use fmt.Fprint/Fprintf/Fprintln Used the following rewrite rules: gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 14:07:42 +00:00
fmt.Fprintf(resp, "Request decode failed: %v", err)
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
return nil, nil
}
}
agent: Support ACL upserting
2015-05-06 02:25:10 +00:00
// Ensure there is an ID set for update. ID is optional for
// create, as one will be generated if not provided.
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
if update && args.ACL.ID == "" {
agent: drop status code comments
2017-08-23 19:19:11 +00:00
resp.WriteHeader(http.StatusBadRequest)
Use fmt.Fprint/Fprintf/Fprintln Used the following rewrite rules: gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 14:07:42 +00:00
fmt.Fprint(resp, "ACL ID must be set")
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
return nil, nil
}
// Create the acl, get the ID
var out string
if err := s.agent.RPC("ACL.Apply", &args, &out); err != nil {
return nil, err
}
// Format the response as a JSON object
return aclCreateResponse{out}, nil
}
func (s *HTTPServer) ACLClone(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
Moves ACL disabled response logic down into endpoints. This lets us make the registration of endpoints less fancy, on the road to adding a registration mechanism.
2017-11-28 21:47:30 +00:00
if s.checkACLDisabled(resp, req) {
return nil, nil
}
agent: Strict PUT for modifying ACLs
2014-08-19 21:28:34 +00:00
if req.Method != "PUT" {
agent: consolidate handling of 405 Method Not Allowed (#3405) * agent: consolidate http method not allowed checks This patch uses the error handling of the http handlers to handle HTTP method not allowed errors across all available endpoints. It also adds a test for testing whether the endpoints respond with the correct status code. * agent: do not panic on metrics tests * agent: drop other tests for MethodNotAllowed * agent: align /agent/join with reality /agent/join uses PUT instead of GET as documented. * agent: align /agent/check/{fail,warn,pass} with reality /agent/check/{fail,warn,pass} uses PUT instead of GET as documented. * fix some tests * Drop more tests for method not allowed * Align TestAgent_RegisterService_InvalidAddress with reality * Changes API client join to use PUT instead of GET. * Fixes agent endpoint verbs and removes obsolete tests. * Updates the change log.
2017-09-26 06:11:19 +00:00
return nil, MethodNotAllowedError{req.Method, []string{"PUT"}}
agent: Strict PUT for modifying ACLs
2014-08-19 21:28:34 +00:00
}
agent: Adding token parsing
2014-08-12 18:35:22 +00:00
args := structs.ACLSpecificRequest{
Datacenter: s.agent.config.ACLDatacenter,
}
var dc string
if done := s.parse(resp, req, &dc, &args.QueryOptions); done {
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
return nil, nil
}
agent: ACL endpoint tests
2014-08-06 17:30:47 +00:00
// Pull out the acl id
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
args.ACL = strings.TrimPrefix(req.URL.Path, "/v1/acl/clone/")
if args.ACL == "" {
agent: drop status code comments
2017-08-23 19:19:11 +00:00
resp.WriteHeader(http.StatusBadRequest)
Use fmt.Fprint/Fprintf/Fprintln Used the following rewrite rules: gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 14:07:42 +00:00
fmt.Fprint(resp, "Missing ACL")
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
return nil, nil
}
var out structs.IndexedACLs
defer setMeta(resp, &out.QueryMeta)
if err := s.agent.RPC("ACL.Get", &args, &out); err != nil {
return nil, err
}
Changes ACL clone response to 403 if not authorized, or if token doesn't exist. (#3275) Fixes #1113
2017-07-15 03:43:30 +00:00
// Bail if the ACL is not found, this could be a 404 or a 403, so
// always just return a 403.
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
if len(out.ACLs) == 0 {
acl: consolidate error handling (#3401) The error handling of the ACL code relies on the presence of certain magic error messages. Since the error values are sent via RPC between older and newer consul agents we cannot just replace the magic values with typed errors and switch to type checks since this would break compatibility with older clients. Therefore, this patch moves all magic ACL error messages into the acl package and provides default error values and helper functions which determine the type of error.
2017-08-23 14:52:48 +00:00
return nil, acl.ErrPermissionDenied
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
}
// Create a new ACL
createArgs := structs.ACLRequest{
Datacenter: args.Datacenter,
Op: structs.ACLSet,
ACL: *out.ACLs[0],
}
createArgs.ACL.ID = ""
agent: Adding token parsing
2014-08-12 18:35:22 +00:00
createArgs.Token = args.Token
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
// Create the acl, get the ID
var outID string
if err := s.agent.RPC("ACL.Apply", &createArgs, &outID); err != nil {
return nil, err
}
// Format the response as a JSON object
return aclCreateResponse{outID}, nil
}
func (s *HTTPServer) ACLGet(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
Moves ACL disabled response logic down into endpoints. This lets us make the registration of endpoints less fancy, on the road to adding a registration mechanism.
2017-11-28 21:47:30 +00:00
if s.checkACLDisabled(resp, req) {
return nil, nil
}
agent: consolidate handling of 405 Method Not Allowed (#3405) * agent: consolidate http method not allowed checks This patch uses the error handling of the http handlers to handle HTTP method not allowed errors across all available endpoints. It also adds a test for testing whether the endpoints respond with the correct status code. * agent: do not panic on metrics tests * agent: drop other tests for MethodNotAllowed * agent: align /agent/join with reality /agent/join uses PUT instead of GET as documented. * agent: align /agent/check/{fail,warn,pass} with reality /agent/check/{fail,warn,pass} uses PUT instead of GET as documented. * fix some tests * Drop more tests for method not allowed * Align TestAgent_RegisterService_InvalidAddress with reality * Changes API client join to use PUT instead of GET. * Fixes agent endpoint verbs and removes obsolete tests. * Updates the change log.
2017-09-26 06:11:19 +00:00
if req.Method != "GET" {
return nil, MethodNotAllowedError{req.Method, []string{"GET"}}
}
agent: Adding token parsing
2014-08-12 18:35:22 +00:00
args := structs.ACLSpecificRequest{
Datacenter: s.agent.config.ACLDatacenter,
}
var dc string
if done := s.parse(resp, req, &dc, &args.QueryOptions); done {
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
return nil, nil
}
agent: ACL endpoint tests
2014-08-06 17:30:47 +00:00
// Pull out the acl id
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
args.ACL = strings.TrimPrefix(req.URL.Path, "/v1/acl/info/")
if args.ACL == "" {
agent: drop status code comments
2017-08-23 19:19:11 +00:00
resp.WriteHeader(http.StatusBadRequest)
Use fmt.Fprint/Fprintf/Fprintln Used the following rewrite rules: gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c, d))) -> fmt.Fprintf(resp, a, b, c, d)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b, c))) -> fmt.Fprintf(resp, a, b, c)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a, b))) -> fmt.Fprintf(resp, a, b)' *.go gofmt -w -r 'resp.Write([]byte(fmt.Sprintf(a))) -> fmt.Fprint(resp, a)' *.go gofmt -w -r 'resp.Write([]byte(a + "\n")) -> fmt.Fprintln(resp, a)' *.go gofmt -w -r 'resp.Write([]byte(a)) -> fmt.Fprint(resp, a)' *.go
2017-04-20 14:07:42 +00:00
fmt.Fprint(resp, "Missing ACL")
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
return nil, nil
}
var out structs.IndexedACLs
defer setMeta(resp, &out.QueryMeta)
if err := s.agent.RPC("ACL.Get", &args, &out); err != nil {
return nil, err
}
Fixes nil slices from HTTP endpoints. These would manifest in the HTTP output as Javascript nulls instead of empty lists, so we had unintentionally changed the interface while porting to the new state store. We added code to each HTTP endpoint to convert nil slices to empty ones so they JSON-ify properly, and we added tests to catch this in the future.
2015-11-15 05:05:37 +00:00
// Use empty list instead of nil
if out.ACLs == nil {
out.ACLs = make(structs.ACLs, 0)
}
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
return out.ACLs, nil
}
func (s *HTTPServer) ACLList(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
Moves ACL disabled response logic down into endpoints. This lets us make the registration of endpoints less fancy, on the road to adding a registration mechanism.
2017-11-28 21:47:30 +00:00
if s.checkACLDisabled(resp, req) {
return nil, nil
}
agent: consolidate handling of 405 Method Not Allowed (#3405) * agent: consolidate http method not allowed checks This patch uses the error handling of the http handlers to handle HTTP method not allowed errors across all available endpoints. It also adds a test for testing whether the endpoints respond with the correct status code. * agent: do not panic on metrics tests * agent: drop other tests for MethodNotAllowed * agent: align /agent/join with reality /agent/join uses PUT instead of GET as documented. * agent: align /agent/check/{fail,warn,pass} with reality /agent/check/{fail,warn,pass} uses PUT instead of GET as documented. * fix some tests * Drop more tests for method not allowed * Align TestAgent_RegisterService_InvalidAddress with reality * Changes API client join to use PUT instead of GET. * Fixes agent endpoint verbs and removes obsolete tests. * Updates the change log.
2017-09-26 06:11:19 +00:00
if req.Method != "GET" {
return nil, MethodNotAllowedError{req.Method, []string{"GET"}}
}
agent: Adding token parsing
2014-08-12 18:35:22 +00:00
args := structs.DCSpecificRequest{
Datacenter: s.agent.config.ACLDatacenter,
}
var dc string
if done := s.parse(resp, req, &dc, &args.QueryOptions); done {
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
return nil, nil
}
var out structs.IndexedACLs
defer setMeta(resp, &out.QueryMeta)
if err := s.agent.RPC("ACL.List", &args, &out); err != nil {
return nil, err
}
Fixes nil slices from HTTP endpoints. These would manifest in the HTTP output as Javascript nulls instead of empty lists, so we had unintentionally changed the interface while porting to the new state store. We added code to each HTTP endpoint to convert nil slices to empty ones so they JSON-ify properly, and we added tests to catch this in the future.
2015-11-15 05:05:37 +00:00
// Use empty list instead of nil
if out.ACLs == nil {
out.ACLs = make(structs.ACLs, 0)
}
agent: ACL endpoint
2014-08-06 00:50:36 +00:00
return out.ACLs, nil
}
Adds an ACL replication status endpoint.
2016-08-05 04:32:36 +00:00
func (s *HTTPServer) ACLReplicationStatus(resp http.ResponseWriter, req *http.Request) (interface{}, error) {
Moves ACL disabled response logic down into endpoints. This lets us make the registration of endpoints less fancy, on the road to adding a registration mechanism.
2017-11-28 21:47:30 +00:00
if s.checkACLDisabled(resp, req) {
return nil, nil
}
agent: consolidate handling of 405 Method Not Allowed (#3405) * agent: consolidate http method not allowed checks This patch uses the error handling of the http handlers to handle HTTP method not allowed errors across all available endpoints. It also adds a test for testing whether the endpoints respond with the correct status code. * agent: do not panic on metrics tests * agent: drop other tests for MethodNotAllowed * agent: align /agent/join with reality /agent/join uses PUT instead of GET as documented. * agent: align /agent/check/{fail,warn,pass} with reality /agent/check/{fail,warn,pass} uses PUT instead of GET as documented. * fix some tests * Drop more tests for method not allowed * Align TestAgent_RegisterService_InvalidAddress with reality * Changes API client join to use PUT instead of GET. * Fixes agent endpoint verbs and removes obsolete tests. * Updates the change log.
2017-09-26 06:11:19 +00:00
if req.Method != "GET" {
return nil, MethodNotAllowedError{req.Method, []string{"GET"}}
}
Adds an ACL replication status endpoint.
2016-08-05 04:32:36 +00:00
// Note that we do not forward to the ACL DC here. This is a query for
// any DC that's doing replication.
args := structs.DCSpecificRequest{}
s.parseSource(req, &args.Source)
if done := s.parse(resp, req, &args.Datacenter, &args.QueryOptions); done {
return nil, nil
}
// Make the request.
var out structs.ACLReplicationStatus
if err := s.agent.RPC("ACL.ReplicationStatus", &args, &out); err != nil {
return nil, err
}
return out, nil
}