2014-05-16 21:36:14 +00:00
|
|
|
package consul
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
2014-10-09 18:54:47 +00:00
|
|
|
"time"
|
|
|
|
|
2014-05-16 21:36:14 +00:00
|
|
|
"github.com/armon/go-metrics"
|
2020-11-14 00:26:08 +00:00
|
|
|
"github.com/armon/go-metrics/prometheus"
|
2017-08-23 14:52:48 +00:00
|
|
|
"github.com/hashicorp/consul/acl"
|
pkg refactor
command/agent/* -> agent/*
command/consul/* -> agent/consul/*
command/agent/command{,_test}.go -> command/agent{,_test}.go
command/base/command.go -> command/base.go
command/base/* -> command/*
commands.go -> command/commands.go
The script which did the refactor is:
(
cd $GOPATH/src/github.com/hashicorp/consul
git mv command/agent/command.go command/agent.go
git mv command/agent/command_test.go command/agent_test.go
git mv command/agent/flag_slice_value{,_test}.go command/
git mv command/agent .
git mv command/base/command.go command/base.go
git mv command/base/config_util{,_test}.go command/
git mv commands.go command/
git mv consul agent
rmdir command/base/
gsed -i -e 's|package agent|package command|' command/agent{,_test}.go
gsed -i -e 's|package agent|package command|' command/flag_slice_value{,_test}.go
gsed -i -e 's|package base|package command|' command/base.go command/config_util{,_test}.go
gsed -i -e 's|package main|package command|' command/commands.go
gsed -i -e 's|base.Command|BaseCommand|' command/commands.go
gsed -i -e 's|agent.Command|AgentCommand|' command/commands.go
gsed -i -e 's|\tCommand:|\tBaseCommand:|' command/commands.go
gsed -i -e 's|base\.||' command/commands.go
gsed -i -e 's|command\.||' command/commands.go
gsed -i -e 's|command|c|' main.go
gsed -i -e 's|range Commands|range command.Commands|' main.go
gsed -i -e 's|Commands: Commands|Commands: command.Commands|' main.go
gsed -i -e 's|base\.BoolValue|BoolValue|' command/operator_autopilot_set.go
gsed -i -e 's|base\.DurationValue|DurationValue|' command/operator_autopilot_set.go
gsed -i -e 's|base\.StringValue|StringValue|' command/operator_autopilot_set.go
gsed -i -e 's|base\.UintValue|UintValue|' command/operator_autopilot_set.go
gsed -i -e 's|\bCommand\b|BaseCommand|' command/base.go
gsed -i -e 's|BaseCommand Options|Command Options|' command/base.go
gsed -i -e 's|base.Command|BaseCommand|' command/*.go
gsed -i -e 's|c\.Command|c.BaseCommand|g' command/*.go
gsed -i -e 's|\tCommand:|\tBaseCommand:|' command/*_test.go
gsed -i -e 's|base\.||' command/*_test.go
gsed -i -e 's|\bCommand\b|AgentCommand|' command/agent{,_test}.go
gsed -i -e 's|cmd.AgentCommand|cmd.BaseCommand|' command/agent.go
gsed -i -e 's|cli.AgentCommand = new(Command)|cli.Command = new(AgentCommand)|' command/agent_test.go
gsed -i -e 's|exec.AgentCommand|exec.Command|' command/agent_test.go
gsed -i -e 's|exec.BaseCommand|exec.Command|' command/agent_test.go
gsed -i -e 's|NewTestAgent|agent.NewTestAgent|' command/agent_test.go
gsed -i -e 's|= TestConfig|= agent.TestConfig|' command/agent_test.go
gsed -i -e 's|: RetryJoin|: agent.RetryJoin|' command/agent_test.go
gsed -i -e 's|\.\./\.\./|../|' command/config_util_test.go
gsed -i -e 's|\bverifyUniqueListeners|VerifyUniqueListeners|' agent/config{,_test}.go command/agent.go
gsed -i -e 's|\bserfLANKeyring\b|SerfLANKeyring|g' agent/{agent,keyring,testagent}.go command/agent.go
gsed -i -e 's|\bserfWANKeyring\b|SerfWANKeyring|g' agent/{agent,keyring,testagent}.go command/agent.go
gsed -i -e 's|\bNewAgent\b|agent.New|g' command/agent{,_test}.go
gsed -i -e 's|\bNewAgent|New|' agent/{acl_test,agent,testagent}.go
gsed -i -e 's|\bAgent\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bBool\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bConfig\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bDefaultConfig\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bDevConfig\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bMergeConfig\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bReadConfigPaths\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bParseMetaPair\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bSerfLANKeyring\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|\bSerfWANKeyring\b|agent.&|g' command/agent{,_test}.go
gsed -i -e 's|circonus\.agent|circonus|g' command/agent{,_test}.go
gsed -i -e 's|logger\.agent|logger|g' command/agent{,_test}.go
gsed -i -e 's|metrics\.agent|metrics|g' command/agent{,_test}.go
gsed -i -e 's|// agent.Agent|// agent|' command/agent{,_test}.go
gsed -i -e 's|a\.agent\.Config|a.Config|' command/agent{,_test}.go
gsed -i -e 's|agent\.AppendSliceValue|AppendSliceValue|' command/{configtest,validate}.go
gsed -i -e 's|consul/consul|agent/consul|' GNUmakefile
gsed -i -e 's|\.\./test|../../test|' agent/consul/server_test.go
# fix imports
f=$(grep -rl 'github.com/hashicorp/consul/command/agent' * | grep '\.go')
gsed -i -e 's|github.com/hashicorp/consul/command/agent|github.com/hashicorp/consul/agent|' $f
goimports -w $f
f=$(grep -rl 'github.com/hashicorp/consul/consul' * | grep '\.go')
gsed -i -e 's|github.com/hashicorp/consul/consul|github.com/hashicorp/consul/agent/consul|' $f
goimports -w $f
goimports -w command/*.go main.go
)
2017-06-09 22:28:28 +00:00
|
|
|
"github.com/hashicorp/consul/agent/consul/state"
|
2017-07-06 10:34:00 +00:00
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
2020-01-28 23:50:41 +00:00
|
|
|
"github.com/hashicorp/go-hclog"
|
2017-01-24 18:08:14 +00:00
|
|
|
"github.com/hashicorp/go-memdb"
|
2016-01-29 19:42:34 +00:00
|
|
|
"github.com/hashicorp/go-uuid"
|
2014-05-16 21:36:14 +00:00
|
|
|
)
|
|
|
|
|
2020-11-14 00:26:08 +00:00
|
|
|
var SessionEndpointSummaries = []prometheus.SummaryDefinition{
|
|
|
|
{
|
|
|
|
Name: []string{"session", "apply"},
|
2020-11-16 19:02:11 +00:00
|
|
|
Help: "Measures the time spent applying a session update.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
{
|
|
|
|
Name: []string{"session", "renew"},
|
2020-11-16 19:02:11 +00:00
|
|
|
Help: "Measures the time spent renewing a session.",
|
2020-11-14 00:26:08 +00:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
2014-05-16 21:36:14 +00:00
|
|
|
// Session endpoint is used to manipulate sessions for KV
|
|
|
|
type Session struct {
|
2020-01-28 23:50:41 +00:00
|
|
|
srv *Server
|
|
|
|
logger hclog.Logger
|
2014-05-16 21:36:14 +00:00
|
|
|
}
|
|
|
|
|
2020-03-05 16:06:09 +00:00
|
|
|
// in v1.7.0 we renamed Session -> SessionID. While its more descriptive of what
|
|
|
|
// we actually expect, it did break the RPC API for the SessionSpecificRequest. Now
|
|
|
|
// we have to put back the original name and support both with the new name being
|
|
|
|
// the canonical name and the other being considered only when the main one is empty.
|
|
|
|
func fixupSessionSpecificRequest(args *structs.SessionSpecificRequest) {
|
|
|
|
if args.SessionID == "" {
|
|
|
|
args.SessionID = args.Session
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-05-16 21:36:14 +00:00
|
|
|
// Apply is used to apply a modifying request to the data store. This should
|
|
|
|
// only be used for operations that modify the data
|
|
|
|
func (s *Session) Apply(args *structs.SessionRequest, reply *string) error {
|
2020-07-07 19:45:08 +00:00
|
|
|
if done, err := s.srv.ForwardRPC("Session.Apply", args, args, reply); done {
|
2014-05-16 21:36:14 +00:00
|
|
|
return err
|
|
|
|
}
|
2017-10-04 23:43:27 +00:00
|
|
|
defer metrics.MeasureSince([]string{"session", "apply"}, time.Now())
|
2014-05-16 21:36:14 +00:00
|
|
|
|
|
|
|
// Verify the args
|
|
|
|
if args.Session.ID == "" && args.Op == structs.SessionDestroy {
|
|
|
|
return fmt.Errorf("Must provide ID")
|
|
|
|
}
|
|
|
|
if args.Session.Node == "" && args.Op == structs.SessionCreate {
|
|
|
|
return fmt.Errorf("Must provide Node")
|
|
|
|
}
|
2014-12-12 23:43:34 +00:00
|
|
|
|
2019-12-10 02:26:41 +00:00
|
|
|
// The entMeta to populate is the one in the Session struct, not SessionRequest
|
2019-11-25 17:57:35 +00:00
|
|
|
// This is because the Session is what is passed to downstream functions like raftApply
|
2019-12-18 18:46:53 +00:00
|
|
|
var authzContext acl.AuthorizerContext
|
2019-11-25 17:57:35 +00:00
|
|
|
|
2016-12-13 05:59:22 +00:00
|
|
|
// Fetch the ACL token, if any, and apply the policy.
|
2019-12-18 18:46:53 +00:00
|
|
|
authz, err := s.srv.ResolveTokenAndDefaultMeta(args.Token, &args.Session.EnterpriseMeta, &authzContext)
|
2016-12-13 05:59:22 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2019-11-25 17:07:04 +00:00
|
|
|
|
2019-12-18 18:46:53 +00:00
|
|
|
if err := s.srv.validateEnterpriseRequest(&args.Session.EnterpriseMeta, true); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2020-05-29 21:16:03 +00:00
|
|
|
if authz != nil {
|
2016-12-13 05:59:22 +00:00
|
|
|
switch args.Op {
|
|
|
|
case structs.SessionDestroy:
|
|
|
|
state := s.srv.fsm.State()
|
2019-11-25 17:07:04 +00:00
|
|
|
_, existing, err := state.SessionGet(nil, args.Session.ID, &args.Session.EnterpriseMeta)
|
2016-12-13 05:59:22 +00:00
|
|
|
if err != nil {
|
2017-04-13 22:03:17 +00:00
|
|
|
return fmt.Errorf("Session lookup failed: %v", err)
|
|
|
|
}
|
|
|
|
if existing == nil {
|
2020-02-18 16:13:15 +00:00
|
|
|
return nil
|
2016-12-13 05:59:22 +00:00
|
|
|
}
|
2019-12-18 18:46:53 +00:00
|
|
|
if authz.SessionWrite(existing.Node, &authzContext) != acl.Allow {
|
2017-08-23 14:52:48 +00:00
|
|
|
return acl.ErrPermissionDenied
|
2016-12-13 05:59:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
case structs.SessionCreate:
|
2019-12-18 18:46:53 +00:00
|
|
|
if authz.SessionWrite(args.Session.Node, &authzContext) != acl.Allow {
|
2017-08-23 14:52:48 +00:00
|
|
|
return acl.ErrPermissionDenied
|
2016-12-13 05:59:22 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
default:
|
2016-12-14 10:57:12 +00:00
|
|
|
return fmt.Errorf("Invalid session operation %q", args.Op)
|
2016-12-13 05:59:22 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-12-12 23:43:34 +00:00
|
|
|
// Ensure that the specified behavior is allowed
|
2014-11-20 19:29:18 +00:00
|
|
|
switch args.Session.Behavior {
|
2014-11-21 00:16:07 +00:00
|
|
|
case "":
|
2014-12-12 23:43:34 +00:00
|
|
|
// Default behavior to Release for backwards compatibility
|
|
|
|
args.Session.Behavior = structs.SessionKeysRelease
|
|
|
|
case structs.SessionKeysRelease:
|
|
|
|
case structs.SessionKeysDelete:
|
2014-11-21 00:16:07 +00:00
|
|
|
default:
|
|
|
|
return fmt.Errorf("Invalid Behavior setting '%s'", args.Session.Behavior)
|
2014-11-20 02:11:41 +00:00
|
|
|
}
|
2014-12-12 23:43:34 +00:00
|
|
|
|
|
|
|
// Ensure the Session TTL is valid if provided
|
2014-11-25 16:06:14 +00:00
|
|
|
if args.Session.TTL != "" {
|
|
|
|
ttl, err := time.ParseDuration(args.Session.TTL)
|
|
|
|
if err != nil {
|
|
|
|
return fmt.Errorf("Session TTL '%s' invalid: %v", args.Session.TTL, err)
|
|
|
|
}
|
|
|
|
|
2015-03-27 05:30:04 +00:00
|
|
|
if ttl != 0 && (ttl < s.srv.config.SessionTTLMin || ttl > structs.SessionTTLMax) {
|
2014-12-12 23:43:34 +00:00
|
|
|
return fmt.Errorf("Invalid Session TTL '%d', must be between [%v=%v]",
|
2015-03-27 05:30:04 +00:00
|
|
|
ttl, s.srv.config.SessionTTLMin, structs.SessionTTLMax)
|
2014-11-25 16:06:14 +00:00
|
|
|
}
|
|
|
|
}
|
2014-05-16 21:36:14 +00:00
|
|
|
|
2014-10-09 18:54:47 +00:00
|
|
|
// If this is a create, we must generate the Session ID. This must
|
|
|
|
// be done prior to appending to the raft log, because the ID is not
|
|
|
|
// deterministic. Once the entry is in the log, the state update MUST
|
|
|
|
// be deterministic or the followers will not converge.
|
|
|
|
if args.Op == structs.SessionCreate {
|
|
|
|
// Generate a new session ID, verify uniqueness
|
2015-10-13 05:21:39 +00:00
|
|
|
state := s.srv.fsm.State()
|
2014-10-09 18:54:47 +00:00
|
|
|
for {
|
2016-01-29 19:42:34 +00:00
|
|
|
var err error
|
|
|
|
if args.Session.ID, err = uuid.GenerateUUID(); err != nil {
|
2020-01-28 23:50:41 +00:00
|
|
|
s.logger.Error("UUID generation failed", "error", err)
|
2016-01-29 19:42:34 +00:00
|
|
|
return err
|
|
|
|
}
|
2019-11-25 17:07:04 +00:00
|
|
|
_, sess, err := state.SessionGet(nil, args.Session.ID, &args.Session.EnterpriseMeta)
|
2014-10-09 18:54:47 +00:00
|
|
|
if err != nil {
|
2020-01-28 23:50:41 +00:00
|
|
|
s.logger.Error("Session lookup failed", "error", err)
|
2014-10-09 18:54:47 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
if sess == nil {
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-05-16 21:36:14 +00:00
|
|
|
// Apply the update
|
|
|
|
resp, err := s.srv.raftApply(structs.SessionRequestType, args)
|
|
|
|
if err != nil {
|
2020-01-28 23:50:41 +00:00
|
|
|
s.logger.Error("Apply failed", "error", err)
|
2014-05-16 21:36:14 +00:00
|
|
|
return err
|
|
|
|
}
|
2014-11-25 16:06:14 +00:00
|
|
|
|
|
|
|
if args.Op == structs.SessionCreate && args.Session.TTL != "" {
|
2014-12-12 23:43:34 +00:00
|
|
|
// If we created a session with a TTL, reset the expiration timer
|
|
|
|
s.srv.resetSessionTimer(args.Session.ID, &args.Session)
|
|
|
|
} else if args.Op == structs.SessionDestroy {
|
|
|
|
// If we destroyed a session, it might potentially have a TTL,
|
|
|
|
// and we need to clear the timer
|
2014-11-25 16:06:14 +00:00
|
|
|
s.srv.clearSessionTimer(args.Session.ID)
|
|
|
|
}
|
|
|
|
|
2014-05-16 21:36:14 +00:00
|
|
|
if respErr, ok := resp.(error); ok {
|
|
|
|
return respErr
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check if the return type is a string
|
|
|
|
if respString, ok := resp.(string); ok {
|
|
|
|
*reply = respString
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get is used to retrieve a single session
|
2014-05-16 22:49:17 +00:00
|
|
|
func (s *Session) Get(args *structs.SessionSpecificRequest,
|
2014-05-16 21:36:14 +00:00
|
|
|
reply *structs.IndexedSessions) error {
|
2020-07-07 19:45:08 +00:00
|
|
|
if done, err := s.srv.ForwardRPC("Session.Get", args, args, reply); done {
|
2014-05-16 21:36:14 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2020-03-05 16:06:09 +00:00
|
|
|
fixupSessionSpecificRequest(args)
|
|
|
|
|
2019-12-18 18:46:53 +00:00
|
|
|
var authzContext acl.AuthorizerContext
|
|
|
|
authz, err := s.srv.ResolveTokenAndDefaultMeta(args.Token, &args.EnterpriseMeta, &authzContext)
|
|
|
|
if err != nil {
|
2019-11-25 17:57:35 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-12-18 18:46:53 +00:00
|
|
|
if err := s.srv.validateEnterpriseRequest(&args.EnterpriseMeta, false); err != nil {
|
2019-11-25 17:57:35 +00:00
|
|
|
return err
|
|
|
|
}
|
2019-11-25 17:07:04 +00:00
|
|
|
|
2017-01-24 18:08:14 +00:00
|
|
|
return s.srv.blockingQuery(
|
2015-10-12 22:34:32 +00:00
|
|
|
&args.QueryOptions,
|
2014-05-16 21:36:14 +00:00
|
|
|
&reply.QueryMeta,
|
2017-04-21 00:46:29 +00:00
|
|
|
func(ws memdb.WatchSet, state *state.Store) error {
|
2019-11-25 17:07:04 +00:00
|
|
|
index, session, err := state.SessionGet(ws, args.SessionID, &args.EnterpriseMeta)
|
2015-10-12 22:34:32 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2014-05-16 21:36:14 +00:00
|
|
|
reply.Index = index
|
|
|
|
if session != nil {
|
|
|
|
reply.Sessions = structs.Sessions{session}
|
2015-01-13 20:02:30 +00:00
|
|
|
} else {
|
|
|
|
reply.Sessions = nil
|
2014-05-16 21:36:14 +00:00
|
|
|
}
|
2019-12-18 18:46:53 +00:00
|
|
|
if err := s.srv.filterACLWithAuthorizer(authz, reply); err != nil {
|
2016-12-13 05:59:22 +00:00
|
|
|
return err
|
|
|
|
}
|
2015-10-12 22:34:32 +00:00
|
|
|
return nil
|
2014-05-16 21:36:14 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// List is used to list all the active sessions
|
2019-11-25 17:07:04 +00:00
|
|
|
func (s *Session) List(args *structs.SessionSpecificRequest,
|
2014-05-16 21:36:14 +00:00
|
|
|
reply *structs.IndexedSessions) error {
|
2020-07-07 19:45:08 +00:00
|
|
|
if done, err := s.srv.ForwardRPC("Session.List", args, args, reply); done {
|
2014-05-16 21:36:14 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-12-18 18:46:53 +00:00
|
|
|
var authzContext acl.AuthorizerContext
|
|
|
|
authz, err := s.srv.ResolveTokenAndDefaultMeta(args.Token, &args.EnterpriseMeta, &authzContext)
|
|
|
|
if err != nil {
|
2019-11-25 17:57:35 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-12-18 18:46:53 +00:00
|
|
|
if err := s.srv.validateEnterpriseRequest(&args.EnterpriseMeta, false); err != nil {
|
2019-11-25 17:57:35 +00:00
|
|
|
return err
|
|
|
|
}
|
2019-11-25 17:07:04 +00:00
|
|
|
|
2017-01-24 18:08:14 +00:00
|
|
|
return s.srv.blockingQuery(
|
2015-10-12 22:34:32 +00:00
|
|
|
&args.QueryOptions,
|
2014-05-16 21:36:14 +00:00
|
|
|
&reply.QueryMeta,
|
2017-04-21 00:46:29 +00:00
|
|
|
func(ws memdb.WatchSet, state *state.Store) error {
|
2019-11-25 17:07:04 +00:00
|
|
|
index, sessions, err := state.SessionList(ws, &args.EnterpriseMeta)
|
2015-10-12 22:34:32 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
reply.Index, reply.Sessions = index, sessions
|
2019-12-18 18:46:53 +00:00
|
|
|
if err := s.srv.filterACLWithAuthorizer(authz, reply); err != nil {
|
2016-12-13 05:59:22 +00:00
|
|
|
return err
|
|
|
|
}
|
2015-10-12 22:34:32 +00:00
|
|
|
return nil
|
2014-05-16 21:36:14 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// NodeSessions is used to get all the sessions for a particular node
|
|
|
|
func (s *Session) NodeSessions(args *structs.NodeSpecificRequest,
|
|
|
|
reply *structs.IndexedSessions) error {
|
2020-07-07 19:45:08 +00:00
|
|
|
if done, err := s.srv.ForwardRPC("Session.NodeSessions", args, args, reply); done {
|
2014-05-16 21:36:14 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-12-18 18:46:53 +00:00
|
|
|
var authzContext acl.AuthorizerContext
|
|
|
|
authz, err := s.srv.ResolveTokenAndDefaultMeta(args.Token, &args.EnterpriseMeta, &authzContext)
|
|
|
|
if err != nil {
|
2019-11-25 17:57:35 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-12-18 18:46:53 +00:00
|
|
|
if err := s.srv.validateEnterpriseRequest(&args.EnterpriseMeta, false); err != nil {
|
2019-11-25 17:57:35 +00:00
|
|
|
return err
|
|
|
|
}
|
2019-11-25 17:07:04 +00:00
|
|
|
|
2017-01-24 18:08:14 +00:00
|
|
|
return s.srv.blockingQuery(
|
2015-10-12 22:34:32 +00:00
|
|
|
&args.QueryOptions,
|
2014-05-16 21:36:14 +00:00
|
|
|
&reply.QueryMeta,
|
2017-04-21 00:46:29 +00:00
|
|
|
func(ws memdb.WatchSet, state *state.Store) error {
|
2019-11-25 17:07:04 +00:00
|
|
|
index, sessions, err := state.NodeSessions(ws, args.Node, &args.EnterpriseMeta)
|
2015-10-12 22:34:32 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
reply.Index, reply.Sessions = index, sessions
|
2019-12-18 18:46:53 +00:00
|
|
|
if err := s.srv.filterACLWithAuthorizer(authz, reply); err != nil {
|
2016-12-13 05:59:22 +00:00
|
|
|
return err
|
|
|
|
}
|
2015-10-12 22:34:32 +00:00
|
|
|
return nil
|
2014-05-16 21:36:14 +00:00
|
|
|
})
|
|
|
|
}
|
2014-11-25 16:06:14 +00:00
|
|
|
|
|
|
|
// Renew is used to renew the TTL on a single session
|
|
|
|
func (s *Session) Renew(args *structs.SessionSpecificRequest,
|
|
|
|
reply *structs.IndexedSessions) error {
|
2020-07-07 19:45:08 +00:00
|
|
|
if done, err := s.srv.ForwardRPC("Session.Renew", args, args, reply); done {
|
2014-11-25 16:06:14 +00:00
|
|
|
return err
|
|
|
|
}
|
2020-03-05 16:06:09 +00:00
|
|
|
|
|
|
|
fixupSessionSpecificRequest(args)
|
|
|
|
|
2017-10-04 23:43:27 +00:00
|
|
|
defer metrics.MeasureSince([]string{"session", "renew"}, time.Now())
|
2014-11-25 16:06:14 +00:00
|
|
|
|
2019-12-18 18:46:53 +00:00
|
|
|
// Fetch the ACL token, if any, and apply the policy.
|
|
|
|
var authzContext acl.AuthorizerContext
|
|
|
|
authz, err := s.srv.ResolveTokenAndDefaultMeta(args.Token, &args.EnterpriseMeta, &authzContext)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2019-11-25 17:57:35 +00:00
|
|
|
if err := s.srv.validateEnterpriseRequest(&args.EnterpriseMeta, true); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2019-11-25 17:07:04 +00:00
|
|
|
|
2016-12-13 05:59:22 +00:00
|
|
|
// Get the session, from local state.
|
2015-10-13 05:21:39 +00:00
|
|
|
state := s.srv.fsm.State()
|
2019-11-25 17:07:04 +00:00
|
|
|
index, session, err := state.SessionGet(nil, args.SessionID, &args.EnterpriseMeta)
|
2014-12-12 23:43:34 +00:00
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2014-11-25 16:06:14 +00:00
|
|
|
reply.Index = index
|
2016-12-13 05:59:22 +00:00
|
|
|
if session == nil {
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
2020-05-29 21:16:03 +00:00
|
|
|
if authz != nil && authz.SessionWrite(session.Node, &authzContext) != acl.Allow {
|
2019-12-18 18:46:53 +00:00
|
|
|
return acl.ErrPermissionDenied
|
2014-11-25 16:06:14 +00:00
|
|
|
}
|
2016-12-13 05:59:22 +00:00
|
|
|
|
|
|
|
// Reset the session TTL timer.
|
|
|
|
reply.Sessions = structs.Sessions{session}
|
2019-11-25 17:07:04 +00:00
|
|
|
if err := s.srv.resetSessionTimer(args.SessionID, session); err != nil {
|
2020-01-28 23:50:41 +00:00
|
|
|
s.logger.Error("Session renew failed", "error", err)
|
2016-12-13 05:59:22 +00:00
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
2014-12-12 23:43:34 +00:00
|
|
|
return nil
|
2014-11-25 16:06:14 +00:00
|
|
|
}
|