open-consul/consul/acl_endpoint.go

124 lines
2.9 KiB
Go
Raw Normal View History

2014-08-06 00:05:59 +00:00
package consul
import (
"fmt"
"github.com/armon/go-metrics"
"github.com/hashicorp/consul/consul/structs"
"time"
)
// ACL endpoint is used to manipulate ACLs
type ACL struct {
srv *Server
}
// Apply is used to apply a modifying request to the data store. This should
// only be used for operations that modify the data
func (a *ACL) Apply(args *structs.ACLRequest, reply *string) error {
if done, err := a.srv.forward("ACL.Apply", args, args, reply); done {
return err
}
defer metrics.MeasureSince([]string{"consul", "acl", "apply"}, time.Now())
2014-08-06 17:30:47 +00:00
switch args.Op {
case structs.ACLSet:
// Verify the ACL type
switch args.ACL.Type {
case structs.ACLTypeClient:
case structs.ACLTypeManagement:
default:
return fmt.Errorf("Invalid ACL Type")
}
// TODO: Validate the rules compile
//
2014-08-06 00:05:59 +00:00
2014-08-06 17:30:47 +00:00
case structs.ACLDelete:
if args.ACL.ID == "" {
return fmt.Errorf("Missing ACL ID")
}
default:
return fmt.Errorf("Invalid ACL Operation")
2014-08-06 00:05:59 +00:00
}
// Apply the update
resp, err := a.srv.raftApply(structs.ACLRequestType, args)
if err != nil {
a.srv.logger.Printf("[ERR] consul.acl: Apply failed: %v", err)
return err
}
if respErr, ok := resp.(error); ok {
return respErr
}
// Check if the return type is a string
if respString, ok := resp.(string); ok {
*reply = respString
}
return nil
}
// Get is used to retrieve a single ACL
func (a *ACL) Get(args *structs.ACLSpecificRequest,
reply *structs.IndexedACLs) error {
if done, err := a.srv.forward("ACL.Get", args, args, reply); done {
return err
}
// Get the local state
state := a.srv.fsm.State()
return a.srv.blockingRPC(&args.QueryOptions,
&reply.QueryMeta,
state.QueryTables("ACLGet"),
func() error {
index, acl, err := state.ACLGet(args.ACL)
reply.Index = index
if acl != nil {
reply.ACLs = structs.ACLs{acl}
}
return err
})
}
2014-08-08 22:32:43 +00:00
// GetPolicy is used to retrieve a compiled policy object with a TTL. Does not
// support a blocking query.
func (a *ACL) GetPolicy(args *structs.ACLSpecificRequest, reply *structs.ACLPolicy) error {
if done, err := a.srv.forward("ACL.GetPolicy", args, args, reply); done {
return err
}
// Get the policy via the cache
policy, err := a.srv.aclAuthCache.GetACLPolicy(args.ACL)
if err != nil {
return err
}
// Setup the response
2014-08-08 22:52:52 +00:00
conf := a.srv.config
2014-08-08 22:32:43 +00:00
reply.Policy = policy
2014-08-08 22:52:52 +00:00
reply.Root = conf.ACLDefaultPolicy
reply.TTL = conf.ACLTTL
2014-08-08 22:32:43 +00:00
a.srv.setQueryMeta(&reply.QueryMeta)
return nil
}
2014-08-06 00:05:59 +00:00
// List is used to list all the ACLs
func (a *ACL) List(args *structs.DCSpecificRequest,
reply *structs.IndexedACLs) error {
if done, err := a.srv.forward("ACL.List", args, args, reply); done {
return err
}
// Get the local state
state := a.srv.fsm.State()
return a.srv.blockingRPC(&args.QueryOptions,
&reply.QueryMeta,
state.QueryTables("ACLList"),
func() error {
var err error
reply.Index, reply.ACLs, err = state.ACLList()
return err
})
}