2023-03-28 18:39:22 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2018-10-19 16:04:07 +00:00
|
|
|
package consul
|
|
|
|
|
|
|
|
import (
|
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
|
|
)
|
|
|
|
|
2021-07-30 23:20:02 +00:00
|
|
|
var clientACLCacheConfig = &structs.ACLCachesConfig{
|
2018-10-19 16:04:07 +00:00
|
|
|
// The ACL cache configuration on client agents is more conservative than
|
|
|
|
// on the servers. It is assumed that individual client agents will have
|
|
|
|
// fewer distinct identities accessing the client than a server would
|
|
|
|
// and thus can put smaller limits on the amount of ACL caching done.
|
|
|
|
//
|
|
|
|
// Identities - number of identities/acl tokens that can be cached
|
|
|
|
Identities: 1024,
|
|
|
|
// Policies - number of unparsed ACL policies that can be cached
|
|
|
|
Policies: 128,
|
|
|
|
// ParsedPolicies - number of parsed ACL policies that can be cached
|
|
|
|
ParsedPolicies: 128,
|
|
|
|
// Authorizers - number of compiled multi-policy effective policies that can be cached
|
|
|
|
Authorizers: 256,
|
2019-04-15 20:43:19 +00:00
|
|
|
// Roles - number of ACL roles that can be cached
|
|
|
|
Roles: 128,
|
2018-10-19 16:04:07 +00:00
|
|
|
}
|
|
|
|
|
2021-07-30 23:20:02 +00:00
|
|
|
type clientACLResolverBackend struct {
|
|
|
|
// TODO: un-embed
|
|
|
|
*Client
|
|
|
|
}
|
|
|
|
|
2022-09-09 19:05:38 +00:00
|
|
|
func (c *clientACLResolverBackend) IsServerManagementToken(_ string) bool {
|
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2021-07-30 23:20:02 +00:00
|
|
|
func (c *clientACLResolverBackend) ACLDatacenter() string {
|
|
|
|
// For resolution running on clients servers within the current datacenter
|
2021-10-04 22:54:49 +00:00
|
|
|
// must be queried first to pick up local tokens.
|
2018-10-19 16:04:07 +00:00
|
|
|
return c.config.Datacenter
|
|
|
|
}
|
|
|
|
|
2021-07-30 23:20:02 +00:00
|
|
|
func (c *clientACLResolverBackend) ResolveIdentityFromToken(token string) (bool, structs.ACLIdentity, error) {
|
2018-10-19 16:04:07 +00:00
|
|
|
// clients do no local identity resolution at the moment
|
|
|
|
return false, nil, nil
|
|
|
|
}
|
|
|
|
|
2021-07-30 23:20:02 +00:00
|
|
|
func (c *clientACLResolverBackend) ResolvePolicyFromID(policyID string) (bool, *structs.ACLPolicy, error) {
|
2018-10-19 16:04:07 +00:00
|
|
|
// clients do no local policy resolution at the moment
|
|
|
|
return false, nil, nil
|
|
|
|
}
|
|
|
|
|
2021-07-30 23:20:02 +00:00
|
|
|
func (c *clientACLResolverBackend) ResolveRoleFromID(roleID string) (bool, *structs.ACLRole, error) {
|
2019-04-15 20:43:19 +00:00
|
|
|
// clients do no local role resolution at the moment
|
|
|
|
return false, nil, nil
|
|
|
|
}
|