2017-11-29 20:43:27 +00:00
|
|
|
package fsm
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"time"
|
|
|
|
|
2019-04-08 17:05:51 +00:00
|
|
|
metrics "github.com/armon/go-metrics"
|
2017-11-29 20:43:27 +00:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
|
|
"github.com/hashicorp/consul/api"
|
|
|
|
)
|
|
|
|
|
|
|
|
func init() {
|
|
|
|
registerCommand(structs.RegisterRequestType, (*FSM).applyRegister)
|
|
|
|
registerCommand(structs.DeregisterRequestType, (*FSM).applyDeregister)
|
|
|
|
registerCommand(structs.KVSRequestType, (*FSM).applyKVSOperation)
|
|
|
|
registerCommand(structs.SessionRequestType, (*FSM).applySessionOperation)
|
2018-10-19 16:04:07 +00:00
|
|
|
// DEPRECATED (ACL-Legacy-Compat) - Only needed for v1 ACL compat
|
2017-11-29 20:43:27 +00:00
|
|
|
registerCommand(structs.ACLRequestType, (*FSM).applyACLOperation)
|
|
|
|
registerCommand(structs.TombstoneRequestType, (*FSM).applyTombstoneOperation)
|
|
|
|
registerCommand(structs.CoordinateBatchUpdateType, (*FSM).applyCoordinateBatchUpdate)
|
|
|
|
registerCommand(structs.PreparedQueryRequestType, (*FSM).applyPreparedQueryOperation)
|
|
|
|
registerCommand(structs.TxnRequestType, (*FSM).applyTxn)
|
|
|
|
registerCommand(structs.AutopilotRequestType, (*FSM).applyAutopilotUpdate)
|
2018-02-28 18:28:07 +00:00
|
|
|
registerCommand(structs.IntentionRequestType, (*FSM).applyIntentionOperation)
|
2018-03-21 17:10:53 +00:00
|
|
|
registerCommand(structs.ConnectCARequestType, (*FSM).applyConnectCAOperation)
|
2018-10-31 20:00:46 +00:00
|
|
|
registerCommand(structs.ACLTokenSetRequestType, (*FSM).applyACLTokenSetOperation)
|
2018-10-19 16:04:07 +00:00
|
|
|
registerCommand(structs.ACLTokenDeleteRequestType, (*FSM).applyACLTokenDeleteOperation)
|
|
|
|
registerCommand(structs.ACLBootstrapRequestType, (*FSM).applyACLTokenBootstrap)
|
2018-10-31 20:00:46 +00:00
|
|
|
registerCommand(structs.ACLPolicySetRequestType, (*FSM).applyACLPolicySetOperation)
|
2018-10-19 16:04:07 +00:00
|
|
|
registerCommand(structs.ACLPolicyDeleteRequestType, (*FSM).applyACLPolicyDeleteOperation)
|
2019-01-11 21:04:57 +00:00
|
|
|
registerCommand(structs.ConnectCALeafRequestType, (*FSM).applyConnectCALeafOperation)
|
2019-03-28 06:56:35 +00:00
|
|
|
registerCommand(structs.ConfigEntryRequestType, (*FSM).applyConfigEntryOperation)
|
2019-04-15 20:43:19 +00:00
|
|
|
registerCommand(structs.ACLRoleSetRequestType, (*FSM).applyACLRoleSetOperation)
|
|
|
|
registerCommand(structs.ACLRoleDeleteRequestType, (*FSM).applyACLRoleDeleteOperation)
|
2019-04-26 17:49:28 +00:00
|
|
|
registerCommand(structs.ACLBindingRuleSetRequestType, (*FSM).applyACLBindingRuleSetOperation)
|
|
|
|
registerCommand(structs.ACLBindingRuleDeleteRequestType, (*FSM).applyACLBindingRuleDeleteOperation)
|
|
|
|
registerCommand(structs.ACLAuthMethodSetRequestType, (*FSM).applyACLAuthMethodSetOperation)
|
|
|
|
registerCommand(structs.ACLAuthMethodDeleteRequestType, (*FSM).applyACLAuthMethodDeleteOperation)
|
2020-03-09 20:59:02 +00:00
|
|
|
registerCommand(structs.FederationStateRequestType, (*FSM).applyFederationStateOperation)
|
2017-11-29 20:43:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyRegister(buf []byte, index uint64) interface{} {
|
|
|
|
defer metrics.MeasureSince([]string{"fsm", "register"}, time.Now())
|
|
|
|
var req structs.RegisterRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
// Apply all updates in a single transaction
|
|
|
|
if err := c.state.EnsureRegistration(index, &req); err != nil {
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("EnsureRegistration failed", "error", err)
|
2017-11-29 20:43:27 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyDeregister(buf []byte, index uint64) interface{} {
|
|
|
|
defer metrics.MeasureSince([]string{"fsm", "deregister"}, time.Now())
|
|
|
|
var req structs.DeregisterRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
// Either remove the service entry or the whole node. The precedence
|
|
|
|
// here is also baked into vetDeregisterWithACL() in acl.go, so if you
|
|
|
|
// make changes here, be sure to also adjust the code over there.
|
|
|
|
if req.ServiceID != "" {
|
2019-12-10 02:26:41 +00:00
|
|
|
if err := c.state.DeleteService(index, req.Node, req.ServiceID, &req.EnterpriseMeta); err != nil {
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("DeleteNodeService failed", "error", err)
|
2017-11-29 20:43:27 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
} else if req.CheckID != "" {
|
2019-12-10 02:26:41 +00:00
|
|
|
if err := c.state.DeleteCheck(index, req.Node, req.CheckID, &req.EnterpriseMeta); err != nil {
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("DeleteNodeCheck failed", "error", err)
|
2017-11-29 20:43:27 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if err := c.state.DeleteNode(index, req.Node); err != nil {
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("DeleteNode failed", "error", err)
|
2017-11-29 20:43:27 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyKVSOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.KVSRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "kvs"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
switch req.Op {
|
|
|
|
case api.KVSet:
|
|
|
|
return c.state.KVSSet(index, &req.DirEnt)
|
|
|
|
case api.KVDelete:
|
2019-11-25 17:57:35 +00:00
|
|
|
return c.state.KVSDelete(index, req.DirEnt.Key, &req.DirEnt.EnterpriseMeta)
|
2017-11-29 20:43:27 +00:00
|
|
|
case api.KVDeleteCAS:
|
2019-11-25 17:57:35 +00:00
|
|
|
act, err := c.state.KVSDeleteCAS(index, req.DirEnt.ModifyIndex, req.DirEnt.Key, &req.DirEnt.EnterpriseMeta)
|
2017-11-29 20:43:27 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return act
|
|
|
|
case api.KVDeleteTree:
|
2019-11-25 17:57:35 +00:00
|
|
|
return c.state.KVSDeleteTree(index, req.DirEnt.Key, &req.DirEnt.EnterpriseMeta)
|
2017-11-29 20:43:27 +00:00
|
|
|
case api.KVCAS:
|
|
|
|
act, err := c.state.KVSSetCAS(index, &req.DirEnt)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return act
|
|
|
|
case api.KVLock:
|
|
|
|
act, err := c.state.KVSLock(index, &req.DirEnt)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return act
|
|
|
|
case api.KVUnlock:
|
|
|
|
act, err := c.state.KVSUnlock(index, &req.DirEnt)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return act
|
|
|
|
default:
|
|
|
|
err := fmt.Errorf("Invalid KVS operation '%s'", req.Op)
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("Invalid KVS operation", "operation", req.Op)
|
2017-11-29 20:43:27 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applySessionOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.SessionRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "session"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
switch req.Op {
|
|
|
|
case structs.SessionCreate:
|
|
|
|
if err := c.state.SessionCreate(index, &req.Session); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return req.Session.ID
|
|
|
|
case structs.SessionDestroy:
|
2019-11-25 17:07:04 +00:00
|
|
|
return c.state.SessionDestroy(index, req.Session.ID, &req.Session.EnterpriseMeta)
|
2017-11-29 20:43:27 +00:00
|
|
|
default:
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("Invalid Session operation", "operation", req.Op)
|
2017-11-29 20:43:27 +00:00
|
|
|
return fmt.Errorf("Invalid Session operation '%s'", req.Op)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-19 16:04:07 +00:00
|
|
|
// DEPRECATED (ACL-Legacy-Compat) - Only needed for legacy compat
|
2017-11-29 20:43:27 +00:00
|
|
|
func (c *FSM) applyACLOperation(buf []byte, index uint64) interface{} {
|
2018-10-19 16:04:07 +00:00
|
|
|
// TODO (ACL-Legacy-Compat) - Should we warn here somehow about using deprecated features
|
|
|
|
// maybe emit a second metric?
|
2017-11-29 20:43:27 +00:00
|
|
|
var req structs.ACLRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
switch req.Op {
|
|
|
|
case structs.ACLBootstrapInit:
|
2018-10-19 16:04:07 +00:00
|
|
|
enabled, _, err := c.state.CanBootstrapACLToken()
|
2017-11-29 20:43:27 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return enabled
|
|
|
|
case structs.ACLBootstrapNow:
|
2018-11-02 17:00:39 +00:00
|
|
|
// This is a bootstrap request from a non-upgraded node
|
2018-10-19 16:04:07 +00:00
|
|
|
if err := c.state.ACLBootstrap(index, 0, req.ACL.Convert(), true); err != nil {
|
2017-11-29 20:43:27 +00:00
|
|
|
return err
|
|
|
|
}
|
2018-10-19 16:04:07 +00:00
|
|
|
|
2019-04-08 17:05:51 +00:00
|
|
|
// No need to check expiration times as those did not exist in legacy tokens.
|
2019-10-24 18:38:09 +00:00
|
|
|
if _, token, err := c.state.ACLTokenGetBySecret(nil, req.ACL.ID, nil); err != nil {
|
2018-10-19 16:04:07 +00:00
|
|
|
return err
|
|
|
|
} else {
|
|
|
|
acl, err := token.Convert()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return acl
|
|
|
|
}
|
|
|
|
|
2017-11-29 20:43:27 +00:00
|
|
|
case structs.ACLForceSet, structs.ACLSet:
|
2018-10-19 16:04:07 +00:00
|
|
|
if err := c.state.ACLTokenSet(index, req.ACL.Convert(), true); err != nil {
|
2017-11-29 20:43:27 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return req.ACL.ID
|
|
|
|
case structs.ACLDelete:
|
2019-10-24 18:38:09 +00:00
|
|
|
return c.state.ACLTokenDeleteBySecret(index, req.ACL.ID, nil)
|
2017-11-29 20:43:27 +00:00
|
|
|
default:
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("Invalid ACL operation", "operation", req.Op)
|
2017-11-29 20:43:27 +00:00
|
|
|
return fmt.Errorf("Invalid ACL operation '%s'", req.Op)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyTombstoneOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.TombstoneRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "tombstone"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
switch req.Op {
|
|
|
|
case structs.TombstoneReap:
|
|
|
|
return c.state.ReapTombstones(req.ReapIndex)
|
|
|
|
default:
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("Invalid Tombstone operation", "operation", req.Op)
|
2017-11-29 20:43:27 +00:00
|
|
|
return fmt.Errorf("Invalid Tombstone operation '%s'", req.Op)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// applyCoordinateBatchUpdate processes a batch of coordinate updates and applies
|
|
|
|
// them in a single underlying transaction. This interface isn't 1:1 with the outer
|
|
|
|
// update interface that the coordinate endpoint exposes, so we made it single
|
|
|
|
// purpose and avoided the opcode convention.
|
|
|
|
func (c *FSM) applyCoordinateBatchUpdate(buf []byte, index uint64) interface{} {
|
|
|
|
var updates structs.Coordinates
|
|
|
|
if err := structs.Decode(buf, &updates); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode batch updates: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSince([]string{"fsm", "coordinate", "batch-update"}, time.Now())
|
|
|
|
if err := c.state.CoordinateBatchUpdate(index, updates); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// applyPreparedQueryOperation applies the given prepared query operation to the
|
|
|
|
// state store.
|
|
|
|
func (c *FSM) applyPreparedQueryOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.PreparedQueryRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "prepared-query"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
switch req.Op {
|
|
|
|
case structs.PreparedQueryCreate, structs.PreparedQueryUpdate:
|
|
|
|
return c.state.PreparedQuerySet(index, req.Query)
|
|
|
|
case structs.PreparedQueryDelete:
|
|
|
|
return c.state.PreparedQueryDelete(index, req.Query.ID)
|
|
|
|
default:
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("Invalid PreparedQuery operation", "operation", req.Op)
|
2017-11-29 20:43:27 +00:00
|
|
|
return fmt.Errorf("Invalid PreparedQuery operation '%s'", req.Op)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyTxn(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.TxnRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSince([]string{"fsm", "txn"}, time.Now())
|
|
|
|
results, errors := c.state.TxnRW(index, req.Ops)
|
|
|
|
return structs.TxnResponse{
|
|
|
|
Results: results,
|
|
|
|
Errors: errors,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyAutopilotUpdate(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.AutopilotSetConfigRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSince([]string{"fsm", "autopilot"}, time.Now())
|
|
|
|
|
|
|
|
if req.CAS {
|
|
|
|
act, err := c.state.AutopilotCASConfig(index, req.Config.ModifyIndex, &req.Config)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return act
|
|
|
|
}
|
|
|
|
return c.state.AutopilotSetConfig(index, &req.Config)
|
|
|
|
}
|
2018-02-28 18:28:07 +00:00
|
|
|
|
|
|
|
// applyIntentionOperation applies the given intention operation to the state store.
|
|
|
|
func (c *FSM) applyIntentionOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.IntentionRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"consul", "fsm", "intention"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "intention"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
switch req.Op {
|
|
|
|
case structs.IntentionOpCreate, structs.IntentionOpUpdate:
|
|
|
|
return c.state.IntentionSet(index, req.Intention)
|
|
|
|
case structs.IntentionOpDelete:
|
2018-03-01 05:21:59 +00:00
|
|
|
return c.state.IntentionDelete(index, req.Intention.ID)
|
2018-02-28 18:28:07 +00:00
|
|
|
default:
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("Invalid Intention operation", "operation", req.Op)
|
2018-02-28 18:28:07 +00:00
|
|
|
return fmt.Errorf("Invalid Intention operation '%s'", req.Op)
|
|
|
|
}
|
|
|
|
}
|
2018-03-21 17:10:53 +00:00
|
|
|
|
|
|
|
// applyConnectCAOperation applies the given CA operation to the state store.
|
|
|
|
func (c *FSM) applyConnectCAOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.CARequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"consul", "fsm", "ca"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "ca"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
switch req.Op {
|
2018-04-07 00:58:45 +00:00
|
|
|
case structs.CAOpSetConfig:
|
|
|
|
if req.Config.ModifyIndex != 0 {
|
|
|
|
act, err := c.state.CACheckAndSetConfig(index, req.Config.ModifyIndex, req.Config)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return act
|
|
|
|
}
|
|
|
|
|
|
|
|
return c.state.CASetConfig(index, req.Config)
|
|
|
|
case structs.CAOpSetRoots:
|
2018-03-21 17:10:53 +00:00
|
|
|
act, err := c.state.CARootSetCAS(index, req.Index, req.Roots)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2018-04-20 08:30:34 +00:00
|
|
|
return act
|
|
|
|
case structs.CAOpSetProviderState:
|
|
|
|
act, err := c.state.CASetProviderState(index, req.ProviderState)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2018-04-21 01:46:02 +00:00
|
|
|
return act
|
|
|
|
case structs.CAOpDeleteProviderState:
|
|
|
|
if err := c.state.CADeleteProviderState(req.ProviderState.ID); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return true
|
|
|
|
case structs.CAOpSetRootsAndConfig:
|
|
|
|
act, err := c.state.CARootSetCAS(index, req.Index, req.Roots)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2018-11-07 06:46:06 +00:00
|
|
|
if !act {
|
|
|
|
return act
|
|
|
|
}
|
2018-04-21 01:46:02 +00:00
|
|
|
|
2018-11-07 06:46:06 +00:00
|
|
|
act, err = c.state.CACheckAndSetConfig(index+1, req.Config.ModifyIndex, req.Config)
|
|
|
|
if err != nil {
|
2018-04-21 01:46:02 +00:00
|
|
|
return err
|
|
|
|
}
|
2018-03-21 17:10:53 +00:00
|
|
|
return act
|
2020-01-09 15:32:19 +00:00
|
|
|
case structs.CAOpIncrementProviderSerialNumber:
|
|
|
|
sn, err := c.state.CAIncrementProviderSerialNumber()
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
return sn
|
2018-03-21 17:10:53 +00:00
|
|
|
default:
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("Invalid CA operation", "operation", req.Op)
|
2018-03-21 17:10:53 +00:00
|
|
|
return fmt.Errorf("Invalid CA operation '%s'", req.Op)
|
|
|
|
}
|
|
|
|
}
|
2018-10-19 16:04:07 +00:00
|
|
|
|
2019-01-11 21:04:57 +00:00
|
|
|
func (c *FSM) applyConnectCALeafOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.CALeafRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "ca", "leaf"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: string(req.Op)}})
|
|
|
|
switch req.Op {
|
|
|
|
case structs.CALeafOpIncrementIndex:
|
|
|
|
if err := c.state.CALeafSetIndex(index); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return index
|
|
|
|
default:
|
2020-01-28 23:50:41 +00:00
|
|
|
c.logger.Warn("Invalid CA Leaf operation", "operation", req.Op)
|
2019-01-11 21:04:57 +00:00
|
|
|
return fmt.Errorf("Invalid CA operation '%s'", req.Op)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-31 20:00:46 +00:00
|
|
|
func (c *FSM) applyACLTokenSetOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLTokenBatchSetRequest
|
2018-10-19 16:04:07 +00:00
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "token"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
|
|
|
|
2019-05-03 19:22:44 +00:00
|
|
|
return c.state.ACLTokenBatchSet(index, req.Tokens, req.CAS, req.AllowMissingLinks, req.ProhibitUnprivileged)
|
2018-10-19 16:04:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyACLTokenDeleteOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLTokenBatchDeleteRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "token"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
|
2018-10-31 20:00:46 +00:00
|
|
|
return c.state.ACLTokenBatchDelete(index, req.TokenIDs)
|
2018-10-19 16:04:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyACLTokenBootstrap(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLTokenBootstrapRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "token"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "bootstrap"}})
|
|
|
|
return c.state.ACLBootstrap(index, req.ResetIndex, &req.Token, false)
|
|
|
|
}
|
|
|
|
|
2018-10-31 20:00:46 +00:00
|
|
|
func (c *FSM) applyACLPolicySetOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLPolicyBatchSetRequest
|
2018-10-19 16:04:07 +00:00
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "policy"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
|
|
|
|
2018-10-31 20:00:46 +00:00
|
|
|
return c.state.ACLPolicyBatchSet(index, req.Policies)
|
2018-10-19 16:04:07 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyACLPolicyDeleteOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLPolicyBatchDeleteRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "policy"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
|
2018-10-31 20:00:46 +00:00
|
|
|
return c.state.ACLPolicyBatchDelete(index, req.PolicyIDs)
|
2018-10-19 16:04:07 +00:00
|
|
|
}
|
2019-03-19 22:56:17 +00:00
|
|
|
|
2019-03-28 06:56:35 +00:00
|
|
|
func (c *FSM) applyConfigEntryOperation(buf []byte, index uint64) interface{} {
|
2019-03-20 23:13:13 +00:00
|
|
|
req := structs.ConfigEntryRequest{
|
|
|
|
Entry: &structs.ProxyConfigEntry{},
|
|
|
|
}
|
2019-03-19 22:56:17 +00:00
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
2019-03-20 23:13:13 +00:00
|
|
|
|
2019-03-19 22:56:17 +00:00
|
|
|
switch req.Op {
|
2019-04-29 22:08:09 +00:00
|
|
|
case structs.ConfigEntryUpsertCAS:
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "config_entry", req.Entry.GetKind()}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
2020-01-24 15:04:58 +00:00
|
|
|
updated, err := c.state.EnsureConfigEntryCAS(index, req.Entry.GetRaftIndex().ModifyIndex, req.Entry, req.Entry.GetEnterpriseMeta())
|
2019-04-29 22:08:09 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return updated
|
2019-03-19 22:56:17 +00:00
|
|
|
case structs.ConfigEntryUpsert:
|
2019-03-20 23:13:13 +00:00
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "config_entry", req.Entry.GetKind()}, time.Now(),
|
2019-03-19 22:56:17 +00:00
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
2020-01-24 15:04:58 +00:00
|
|
|
if err := c.state.EnsureConfigEntry(index, req.Entry, req.Entry.GetEnterpriseMeta()); err != nil {
|
2019-04-30 23:27:16 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
return true
|
2019-03-19 22:56:17 +00:00
|
|
|
case structs.ConfigEntryDelete:
|
2019-03-20 23:13:13 +00:00
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "config_entry", req.Entry.GetKind()}, time.Now(),
|
2019-03-19 22:56:17 +00:00
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
2020-01-24 15:04:58 +00:00
|
|
|
return c.state.DeleteConfigEntry(index, req.Entry.GetKind(), req.Entry.GetName(), req.Entry.GetEnterpriseMeta())
|
2019-03-19 22:56:17 +00:00
|
|
|
default:
|
|
|
|
return fmt.Errorf("invalid config entry operation type: %v", req.Op)
|
|
|
|
}
|
|
|
|
}
|
2019-04-15 20:43:19 +00:00
|
|
|
|
|
|
|
func (c *FSM) applyACLRoleSetOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLRoleBatchSetRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "role"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
|
|
|
|
2019-05-02 20:02:21 +00:00
|
|
|
return c.state.ACLRoleBatchSet(index, req.Roles, req.AllowMissingLinks)
|
2019-04-15 20:43:19 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyACLRoleDeleteOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLRoleBatchDeleteRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "role"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
|
|
|
|
return c.state.ACLRoleBatchDelete(index, req.RoleIDs)
|
|
|
|
}
|
2019-04-26 17:49:28 +00:00
|
|
|
|
|
|
|
func (c *FSM) applyACLBindingRuleSetOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLBindingRuleBatchSetRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "bindingrule"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
|
|
|
|
|
|
|
return c.state.ACLBindingRuleBatchSet(index, req.BindingRules)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyACLBindingRuleDeleteOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLBindingRuleBatchDeleteRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "bindingrule"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
|
|
|
|
return c.state.ACLBindingRuleBatchDelete(index, req.BindingRuleIDs)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyACLAuthMethodSetOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLAuthMethodBatchSetRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "authmethod"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
|
|
|
|
|
|
|
return c.state.ACLAuthMethodBatchSet(index, req.AuthMethods)
|
|
|
|
}
|
|
|
|
|
|
|
|
func (c *FSM) applyACLAuthMethodDeleteOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.ACLAuthMethodBatchDeleteRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "acl", "authmethod"}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
|
2019-10-24 18:38:09 +00:00
|
|
|
return c.state.ACLAuthMethodBatchDelete(index, req.AuthMethodNames, &req.EnterpriseMeta)
|
2019-04-26 17:49:28 +00:00
|
|
|
}
|
2020-03-09 20:59:02 +00:00
|
|
|
|
|
|
|
func (c *FSM) applyFederationStateOperation(buf []byte, index uint64) interface{} {
|
|
|
|
var req structs.FederationStateRequest
|
|
|
|
if err := structs.Decode(buf, &req); err != nil {
|
|
|
|
panic(fmt.Errorf("failed to decode request: %v", err))
|
|
|
|
}
|
|
|
|
|
|
|
|
switch req.Op {
|
|
|
|
case structs.FederationStateUpsert:
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "federation_state", req.State.Datacenter}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "upsert"}})
|
|
|
|
if err := c.state.FederationStateSet(index, req.State); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
return true
|
|
|
|
case structs.FederationStateDelete:
|
|
|
|
defer metrics.MeasureSinceWithLabels([]string{"fsm", "federation_state", req.State.Datacenter}, time.Now(),
|
|
|
|
[]metrics.Label{{Name: "op", Value: "delete"}})
|
|
|
|
return c.state.FederationStateDelete(index, req.State.Datacenter)
|
|
|
|
default:
|
|
|
|
return fmt.Errorf("invalid federation state operation type: %v", req.Op)
|
|
|
|
}
|
|
|
|
}
|