2023-03-28 18:39:22 +00:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2021-01-29 01:05:09 +00:00
|
|
|
package state
|
|
|
|
|
|
|
|
import (
|
2021-03-29 18:07:36 +00:00
|
|
|
"fmt"
|
|
|
|
"strings"
|
|
|
|
|
2021-01-29 01:05:09 +00:00
|
|
|
"github.com/hashicorp/go-memdb"
|
|
|
|
|
|
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
tableACLTokens = "acl-tokens"
|
|
|
|
tableACLPolicies = "acl-policies"
|
|
|
|
tableACLRoles = "acl-roles"
|
|
|
|
tableACLBindingRules = "acl-binding-rules"
|
|
|
|
tableACLAuthMethods = "acl-auth-methods"
|
|
|
|
|
2021-09-13 18:37:16 +00:00
|
|
|
indexAccessor = "accessor"
|
|
|
|
indexPolicies = "policies"
|
|
|
|
indexRoles = "roles"
|
|
|
|
indexAuthMethod = "authmethod"
|
|
|
|
indexLocality = "locality"
|
|
|
|
indexName = "name"
|
|
|
|
indexExpiresGlobal = "expires-global"
|
|
|
|
indexExpiresLocal = "expires-local"
|
2021-01-29 01:05:09 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func tokensTableSchema() *memdb.TableSchema {
|
|
|
|
return &memdb.TableSchema{
|
|
|
|
Name: tableACLTokens,
|
|
|
|
Indexes: map[string]*memdb.IndexSchema{
|
2021-09-09 20:28:04 +00:00
|
|
|
indexAccessor: {
|
2023-01-27 15:17:07 +00:00
|
|
|
Name: indexAccessor,
|
|
|
|
AllowMissing: false,
|
2021-01-29 01:05:09 +00:00
|
|
|
Unique: true,
|
2022-06-23 15:07:19 +00:00
|
|
|
Indexer: indexerSingle[string, *structs.ACLToken]{
|
|
|
|
readIndex: indexFromUUIDString,
|
|
|
|
writeIndex: indexAccessorIDFromACLToken,
|
2021-01-29 01:05:09 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
indexID: {
|
|
|
|
Name: indexID,
|
|
|
|
AllowMissing: false,
|
|
|
|
Unique: true,
|
2022-06-23 15:07:19 +00:00
|
|
|
Indexer: indexerSingle[string, *structs.ACLToken]{
|
|
|
|
readIndex: indexFromStringCaseSensitive,
|
|
|
|
writeIndex: indexSecretIDFromACLToken,
|
2021-01-29 01:05:09 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
indexPolicies: {
|
|
|
|
Name: indexPolicies,
|
|
|
|
// Need to allow missing for the anonymous token
|
|
|
|
AllowMissing: true,
|
|
|
|
Unique: false,
|
2022-06-23 15:07:19 +00:00
|
|
|
Indexer: indexerMulti[Query, *structs.ACLToken]{
|
|
|
|
readIndex: indexFromUUIDQuery,
|
|
|
|
writeIndexMulti: indexPoliciesFromACLToken,
|
2021-09-10 18:57:37 +00:00
|
|
|
},
|
2021-01-29 01:05:09 +00:00
|
|
|
},
|
|
|
|
indexRoles: {
|
|
|
|
Name: indexRoles,
|
|
|
|
AllowMissing: true,
|
|
|
|
Unique: false,
|
2022-06-23 15:07:19 +00:00
|
|
|
Indexer: indexerMulti[Query, *structs.ACLToken]{
|
|
|
|
readIndex: indexFromUUIDQuery,
|
|
|
|
writeIndexMulti: indexRolesFromACLToken,
|
2021-09-10 20:04:33 +00:00
|
|
|
},
|
2021-01-29 01:05:09 +00:00
|
|
|
},
|
|
|
|
indexAuthMethod: {
|
|
|
|
Name: indexAuthMethod,
|
|
|
|
AllowMissing: true,
|
|
|
|
Unique: false,
|
2022-06-23 15:07:19 +00:00
|
|
|
Indexer: indexerSingle[AuthMethodQuery, *structs.ACLToken]{
|
|
|
|
readIndex: indexFromAuthMethodQuery,
|
|
|
|
writeIndex: indexAuthMethodFromACLToken,
|
2021-01-29 01:05:09 +00:00
|
|
|
},
|
|
|
|
},
|
2021-09-13 15:53:00 +00:00
|
|
|
indexLocality: {
|
|
|
|
Name: indexLocality,
|
2021-01-29 01:05:09 +00:00
|
|
|
AllowMissing: false,
|
|
|
|
Unique: false,
|
2022-06-23 15:07:19 +00:00
|
|
|
Indexer: indexerSingle[BoolQuery, *structs.ACLToken]{
|
|
|
|
readIndex: indexFromBoolQuery,
|
|
|
|
writeIndex: indexLocalFromACLToken,
|
2021-01-29 01:05:09 +00:00
|
|
|
},
|
|
|
|
},
|
2021-09-13 18:37:16 +00:00
|
|
|
indexExpiresGlobal: {
|
|
|
|
Name: indexExpiresGlobal,
|
2021-01-29 01:05:09 +00:00
|
|
|
AllowMissing: true,
|
|
|
|
Unique: false,
|
2022-06-23 15:07:19 +00:00
|
|
|
Indexer: indexerSingle[*TimeQuery, *structs.ACLToken]{
|
|
|
|
readIndex: indexFromTimeQuery,
|
|
|
|
writeIndex: indexExpiresGlobalFromACLToken,
|
2021-09-13 18:37:16 +00:00
|
|
|
},
|
2021-01-29 01:05:09 +00:00
|
|
|
},
|
2021-09-13 18:37:16 +00:00
|
|
|
indexExpiresLocal: {
|
|
|
|
Name: indexExpiresLocal,
|
2021-01-29 01:05:09 +00:00
|
|
|
AllowMissing: true,
|
|
|
|
Unique: false,
|
2022-06-23 15:07:19 +00:00
|
|
|
Indexer: indexerSingle[*TimeQuery, *structs.ACLToken]{
|
|
|
|
readIndex: indexFromTimeQuery,
|
|
|
|
writeIndex: indexExpiresLocalFromACLToken,
|
2021-09-13 18:37:16 +00:00
|
|
|
},
|
2021-01-29 01:05:09 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func policiesTableSchema() *memdb.TableSchema {
|
|
|
|
return &memdb.TableSchema{
|
|
|
|
Name: tableACLPolicies,
|
|
|
|
Indexes: map[string]*memdb.IndexSchema{
|
|
|
|
indexID: {
|
|
|
|
Name: indexID,
|
|
|
|
AllowMissing: false,
|
|
|
|
Unique: true,
|
|
|
|
Indexer: &memdb.UUIDFieldIndex{
|
|
|
|
Field: "ID",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
indexName: {
|
|
|
|
Name: indexName,
|
|
|
|
AllowMissing: false,
|
|
|
|
Unique: true,
|
2022-06-23 15:07:19 +00:00
|
|
|
Indexer: indexerSingleWithPrefix[Query, *structs.ACLPolicy, any]{
|
2021-03-29 18:07:36 +00:00
|
|
|
readIndex: indexFromQuery,
|
|
|
|
writeIndex: indexNameFromACLPolicy,
|
|
|
|
prefixIndex: prefixIndexFromQuery,
|
2021-01-29 01:05:09 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexNameFromACLPolicy(p *structs.ACLPolicy) ([]byte, error) {
|
2021-03-29 18:07:36 +00:00
|
|
|
if p.Name == "" {
|
|
|
|
return nil, errMissingValueForIndex
|
|
|
|
}
|
|
|
|
|
|
|
|
var b indexBuilder
|
|
|
|
b.String(strings.ToLower(p.Name))
|
|
|
|
return b.Bytes(), nil
|
|
|
|
}
|
|
|
|
|
2021-01-29 01:05:09 +00:00
|
|
|
func rolesTableSchema() *memdb.TableSchema {
|
|
|
|
return &memdb.TableSchema{
|
|
|
|
Name: tableACLRoles,
|
|
|
|
Indexes: map[string]*memdb.IndexSchema{
|
|
|
|
indexID: {
|
|
|
|
Name: indexID,
|
|
|
|
AllowMissing: false,
|
|
|
|
Unique: true,
|
|
|
|
Indexer: &memdb.UUIDFieldIndex{
|
|
|
|
Field: "ID",
|
|
|
|
},
|
|
|
|
},
|
|
|
|
indexName: {
|
|
|
|
Name: indexName,
|
|
|
|
AllowMissing: false,
|
|
|
|
Unique: true,
|
2022-06-23 15:07:19 +00:00
|
|
|
Indexer: indexerSingleWithPrefix[Query, *structs.ACLRole, any]{
|
2021-03-29 18:07:36 +00:00
|
|
|
readIndex: indexFromQuery,
|
|
|
|
writeIndex: indexNameFromACLRole,
|
|
|
|
prefixIndex: prefixIndexFromQuery,
|
2021-01-29 01:05:09 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
indexPolicies: {
|
|
|
|
Name: indexPolicies,
|
|
|
|
// Need to allow missing for the anonymous token
|
|
|
|
AllowMissing: true,
|
|
|
|
Unique: false,
|
2022-06-23 15:07:19 +00:00
|
|
|
Indexer: indexerMulti[Query, *structs.ACLRole]{
|
2021-03-29 18:07:36 +00:00
|
|
|
readIndex: indexFromUUIDQuery,
|
|
|
|
writeIndexMulti: multiIndexPolicyFromACLRole,
|
2021-03-19 20:07:55 +00:00
|
|
|
},
|
2021-01-29 01:05:09 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexNameFromACLRole(r *structs.ACLRole) ([]byte, error) {
|
|
|
|
if r.Name == "" {
|
2021-03-29 18:07:36 +00:00
|
|
|
return nil, errMissingValueForIndex
|
|
|
|
}
|
|
|
|
|
|
|
|
var b indexBuilder
|
2022-06-23 15:07:19 +00:00
|
|
|
b.String(strings.ToLower(r.Name))
|
2021-03-29 18:07:36 +00:00
|
|
|
return b.Bytes(), nil
|
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexFromUUIDQuery(q Query) ([]byte, error) {
|
2021-03-29 18:07:36 +00:00
|
|
|
return uuidStringToBytes(q.Value)
|
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func prefixIndexFromUUIDWithPeerQuery(q Query) ([]byte, error) {
|
|
|
|
var b indexBuilder
|
|
|
|
peername := q.PeerOrEmpty()
|
|
|
|
if peername == "" {
|
|
|
|
b.String(structs.LocalPeerKeyword)
|
|
|
|
} else {
|
|
|
|
b.String(strings.ToLower(peername))
|
2021-08-19 21:17:59 +00:00
|
|
|
}
|
2022-06-23 15:07:19 +00:00
|
|
|
uuidBytes, err := variableLengthUUIDStringToBytes(q.Value)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
}
|
2022-06-23 15:07:19 +00:00
|
|
|
return append(b.Bytes(), uuidBytes...), nil
|
peering: initial sync (#12842)
- Add endpoints related to peering: read, list, generate token, initiate peering
- Update node/service/check table indexing to account for peers
- Foundational changes for pushing service updates to a peer
- Plumb peer name through Health.ServiceNodes path
see: ENT-1765, ENT-1280, ENT-1283, ENT-1283, ENT-1756, ENT-1739, ENT-1750, ENT-1679,
ENT-1709, ENT-1704, ENT-1690, ENT-1689, ENT-1702, ENT-1701, ENT-1683, ENT-1663,
ENT-1650, ENT-1678, ENT-1628, ENT-1658, ENT-1640, ENT-1637, ENT-1597, ENT-1634,
ENT-1613, ENT-1616, ENT-1617, ENT-1591, ENT-1588, ENT-1596, ENT-1572, ENT-1555
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Evan Culver <eculver@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
2022-04-21 22:34:40 +00:00
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func multiIndexPolicyFromACLRole(r *structs.ACLRole) ([][]byte, error) {
|
|
|
|
count := len(r.Policies)
|
2021-03-29 18:07:36 +00:00
|
|
|
if count == 0 {
|
|
|
|
return nil, errMissingValueForIndex
|
|
|
|
}
|
|
|
|
|
|
|
|
vals := make([][]byte, 0, count)
|
2022-06-23 15:07:19 +00:00
|
|
|
for _, link := range r.Policies {
|
2021-03-29 18:07:36 +00:00
|
|
|
v, err := uuidStringToBytes(link.ID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
vals = append(vals, v)
|
|
|
|
}
|
|
|
|
|
|
|
|
return vals, nil
|
|
|
|
}
|
|
|
|
|
2021-01-29 01:05:09 +00:00
|
|
|
func bindingRulesTableSchema() *memdb.TableSchema {
|
|
|
|
return &memdb.TableSchema{
|
|
|
|
Name: tableACLBindingRules,
|
|
|
|
Indexes: map[string]*memdb.IndexSchema{
|
|
|
|
indexID: {
|
|
|
|
Name: indexID,
|
|
|
|
AllowMissing: false,
|
|
|
|
Unique: true,
|
2022-06-23 15:07:19 +00:00
|
|
|
Indexer: indexerSingle[string, *structs.ACLBindingRule]{
|
|
|
|
readIndex: indexFromUUIDString,
|
|
|
|
writeIndex: indexIDFromACLBindingRule,
|
2021-01-29 01:05:09 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
indexAuthMethod: {
|
|
|
|
Name: indexAuthMethod,
|
|
|
|
AllowMissing: false,
|
|
|
|
Unique: false,
|
2022-06-23 15:07:19 +00:00
|
|
|
Indexer: indexerSingle[Query, *structs.ACLBindingRule]{
|
2021-09-15 13:34:19 +00:00
|
|
|
readIndex: indexFromQuery,
|
|
|
|
writeIndex: indexAuthMethodFromACLBindingRule,
|
2021-01-29 01:05:09 +00:00
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexIDFromACLBindingRule(r *structs.ACLBindingRule) ([]byte, error) {
|
|
|
|
vv, err := uuidStringToBytes(r.ID)
|
2021-09-15 20:26:08 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return vv, err
|
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexAuthMethodFromACLBindingRule(r *structs.ACLBindingRule) ([]byte, error) {
|
|
|
|
if r.AuthMethod == "" {
|
2021-09-15 13:34:19 +00:00
|
|
|
return nil, errMissingValueForIndex
|
|
|
|
}
|
|
|
|
|
|
|
|
var b indexBuilder
|
2022-06-23 15:07:19 +00:00
|
|
|
b.String(strings.ToLower(r.AuthMethod))
|
2021-09-15 13:34:19 +00:00
|
|
|
return b.Bytes(), nil
|
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexFromUUIDString(raw string) ([]byte, error) {
|
|
|
|
uuid, err := uuidStringToBytes(raw)
|
2021-09-09 20:28:04 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
var b indexBuilder
|
|
|
|
b.Raw(uuid)
|
|
|
|
return b.Bytes(), nil
|
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexAccessorIDFromACLToken(t *structs.ACLToken) ([]byte, error) {
|
|
|
|
if t.AccessorID == "" {
|
2021-09-09 20:28:04 +00:00
|
|
|
return nil, errMissingValueForIndex
|
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
uuid, err := uuidStringToBytes(t.AccessorID)
|
2021-09-09 20:28:04 +00:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
var b indexBuilder
|
|
|
|
b.Raw(uuid)
|
|
|
|
return b.Bytes(), nil
|
|
|
|
}
|
2021-09-10 13:10:11 +00:00
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexSecretIDFromACLToken(t *structs.ACLToken) ([]byte, error) {
|
|
|
|
if t.SecretID == "" {
|
2021-09-10 13:10:11 +00:00
|
|
|
return nil, errMissingValueForIndex
|
|
|
|
}
|
|
|
|
|
|
|
|
var b indexBuilder
|
2022-06-23 15:07:19 +00:00
|
|
|
b.String(t.SecretID)
|
2021-09-10 13:10:11 +00:00
|
|
|
return b.Bytes(), nil
|
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexFromStringCaseSensitive(s string) ([]byte, error) {
|
2021-09-10 13:10:11 +00:00
|
|
|
var b indexBuilder
|
2022-06-23 15:07:19 +00:00
|
|
|
b.String(s)
|
2021-09-10 13:10:11 +00:00
|
|
|
return b.Bytes(), nil
|
|
|
|
}
|
2021-09-10 18:57:37 +00:00
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexPoliciesFromACLToken(token *structs.ACLToken) ([][]byte, error) {
|
2021-09-10 18:57:37 +00:00
|
|
|
links := token.Policies
|
|
|
|
|
|
|
|
numLinks := len(links)
|
|
|
|
if numLinks == 0 {
|
|
|
|
return nil, errMissingValueForIndex
|
|
|
|
}
|
|
|
|
|
|
|
|
vals := make([][]byte, numLinks)
|
|
|
|
|
|
|
|
for i, link := range links {
|
|
|
|
id, err := uuidStringToBytes(link.ID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
vals[i] = id
|
|
|
|
}
|
|
|
|
|
|
|
|
return vals, nil
|
|
|
|
}
|
2021-09-10 20:04:33 +00:00
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexRolesFromACLToken(token *structs.ACLToken) ([][]byte, error) {
|
2021-09-10 20:04:33 +00:00
|
|
|
links := token.Roles
|
|
|
|
|
|
|
|
numLinks := len(links)
|
|
|
|
if numLinks == 0 {
|
|
|
|
return nil, errMissingValueForIndex
|
|
|
|
}
|
|
|
|
|
|
|
|
vals := make([][]byte, numLinks)
|
|
|
|
|
|
|
|
for i, link := range links {
|
|
|
|
id, err := uuidStringToBytes(link.ID)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
vals[i] = id
|
|
|
|
}
|
|
|
|
|
|
|
|
return vals, nil
|
|
|
|
}
|
2021-09-13 15:53:00 +00:00
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexFromBoolQuery(q BoolQuery) ([]byte, error) {
|
2021-09-13 15:53:00 +00:00
|
|
|
var b indexBuilder
|
|
|
|
b.Bool(q.Value)
|
|
|
|
return b.Bytes(), nil
|
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexLocalFromACLToken(token *structs.ACLToken) ([]byte, error) {
|
2021-09-13 15:53:00 +00:00
|
|
|
var b indexBuilder
|
2022-06-23 15:07:19 +00:00
|
|
|
b.Bool(token.Local)
|
2021-09-13 15:53:00 +00:00
|
|
|
return b.Bytes(), nil
|
|
|
|
}
|
2021-09-13 18:37:16 +00:00
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexFromTimeQuery(q *TimeQuery) ([]byte, error) {
|
2021-09-13 18:37:16 +00:00
|
|
|
var b indexBuilder
|
2022-06-23 15:07:19 +00:00
|
|
|
b.Time(q.Value)
|
2021-09-13 18:37:16 +00:00
|
|
|
return b.Bytes(), nil
|
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexExpiresLocalFromACLToken(token *structs.ACLToken) ([]byte, error) {
|
|
|
|
return indexExpiresFromACLToken(token, true)
|
2021-09-13 18:37:16 +00:00
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexExpiresGlobalFromACLToken(token *structs.ACLToken) ([]byte, error) {
|
|
|
|
return indexExpiresFromACLToken(token, false)
|
2021-09-13 18:37:16 +00:00
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexExpiresFromACLToken(t *structs.ACLToken, local bool) ([]byte, error) {
|
|
|
|
if t.Local != local {
|
2021-09-13 18:37:16 +00:00
|
|
|
return nil, errMissingValueForIndex
|
|
|
|
}
|
2022-06-23 15:07:19 +00:00
|
|
|
if !t.HasExpirationTime() {
|
2021-09-13 18:37:16 +00:00
|
|
|
return nil, errMissingValueForIndex
|
|
|
|
}
|
2022-06-23 15:07:19 +00:00
|
|
|
if t.ExpirationTime.Unix() < 0 {
|
|
|
|
return nil, fmt.Errorf("token expiration time cannot be before the unix epoch: %s", t.ExpirationTime)
|
2021-09-13 18:37:16 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
var b indexBuilder
|
2022-06-23 15:07:19 +00:00
|
|
|
b.Time(*t.ExpirationTime)
|
2021-09-13 18:37:16 +00:00
|
|
|
return b.Bytes(), nil
|
|
|
|
}
|
2021-09-22 20:19:20 +00:00
|
|
|
|
|
|
|
func authMethodsTableSchema() *memdb.TableSchema {
|
|
|
|
return &memdb.TableSchema{
|
|
|
|
Name: tableACLAuthMethods,
|
|
|
|
Indexes: map[string]*memdb.IndexSchema{
|
|
|
|
indexID: {
|
|
|
|
Name: indexID,
|
|
|
|
AllowMissing: false,
|
|
|
|
Unique: true,
|
2022-06-23 15:07:19 +00:00
|
|
|
Indexer: indexerSingle[Query, *structs.ACLAuthMethod]{
|
2021-09-22 20:19:20 +00:00
|
|
|
readIndex: indexFromQuery,
|
|
|
|
writeIndex: indexNameFromACLAuthMethod,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-06-23 15:07:19 +00:00
|
|
|
func indexNameFromACLAuthMethod(m *structs.ACLAuthMethod) ([]byte, error) {
|
|
|
|
if m.Name == "" {
|
2021-09-22 20:19:20 +00:00
|
|
|
return nil, errMissingValueForIndex
|
|
|
|
}
|
|
|
|
|
|
|
|
var b indexBuilder
|
2022-06-23 15:07:19 +00:00
|
|
|
b.String(strings.ToLower(m.Name))
|
2021-09-22 20:19:20 +00:00
|
|
|
return b.Bytes(), nil
|
|
|
|
}
|