Renames "prepared_query" ACL policy to "query".

This commit is contained in:
James Phillips 2016-02-24 16:57:55 -08:00
parent 3b91618d7d
commit 2f7eac8b86
5 changed files with 22 additions and 22 deletions

View File

@ -19,7 +19,7 @@ type Policy struct {
Keys []*KeyPolicy `hcl:"key,expand"`
Services []*ServicePolicy `hcl:"service,expand"`
Events []*EventPolicy `hcl:"event,expand"`
PreparedQueries []*PreparedQueryPolicy `hcl:"prepared_query,expand"`
PreparedQueries []*PreparedQueryPolicy `hcl:"query,expand"`
Keyring string `hcl:"keyring"`
}
@ -116,7 +116,7 @@ func Parse(rules string) (*Policy, error) {
// Validate the prepared query policies
for _, pq := range p.PreparedQueries {
if !isPolicyValid(pq.Policy) {
return nil, fmt.Errorf("Invalid prepared_query policy: %#v", pq)
return nil, fmt.Errorf("Invalid query policy: %#v", pq)
}
}

View File

@ -35,13 +35,13 @@ event "foo" {
event "bar" {
policy = "deny"
}
prepared_query "" {
query "" {
policy = "read"
}
prepared_query "foo" {
query "foo" {
policy = "write"
}
prepared_query "bar" {
query "bar" {
policy = "deny"
}
keyring = "deny"
@ -151,7 +151,7 @@ func TestACLPolicy_Parse_JSON(t *testing.T) {
"policy": "deny"
}
},
"prepared_query": {
"query": {
"": {
"policy": "read"
},
@ -257,7 +257,7 @@ func TestACLPolicy_Bad_Policy(t *testing.T) {
`key "" { policy = "nope" }`,
`service "" { policy = "nope" }`,
`event "" { policy = "nope" }`,
`prepared_query "" { policy = "nope" }`,
`query "" { policy = "nope" }`,
`keyring = "nope"`,
}
for _, c := range cases {

View File

@ -194,7 +194,7 @@ func TestPreparedQuery_Apply_ACLDeny(t *testing.T) {
var token string
{
var rules = `
prepared_query "redis" {
query "redis" {
policy = "write"
}
`
@ -585,7 +585,7 @@ func TestPreparedQuery_Get(t *testing.T) {
var token string
{
var rules = `
prepared_query "redis" {
query "redis" {
policy = "write"
}
`
@ -762,7 +762,7 @@ func TestPreparedQuery_List(t *testing.T) {
var token string
{
var rules = `
prepared_query "redis" {
query "redis" {
policy = "write"
}
`

View File

@ -48,7 +48,7 @@ its ID if it is created successfully.
By default, the datacenter of the agent is queried; however, the dc can be
provided using the "?dc=" query parameter.
If ACLs are enabled, then the client will need to supply a token with `prepared_query`
If ACLs are enabled, then the client will need to supply a token with `query`
write privileges sufficient to match the service name being queried and the `Name`
given to the query, if any. See also the note about the `Token` field below.
@ -166,7 +166,7 @@ provided using the "?dc=" query parameter. This endpoint supports blocking
queries and all consistency modes.
If ACLs are enabled, then the client will only see prepared queries for which their
token has `prepared_query` read privileges. A management token will be able to see all
token has `query` read privileges. A management token will be able to see all
prepared queries. Tokens will be displayed as `<hidden>` unless a management token is
used.
@ -211,7 +211,7 @@ The `PUT` method allows an existing prepared query to be updated.
By default, the datacenter of the agent is queried; however, the dc can be
provided using the "?dc=" query parameter.
If ACLs are enabled, then the client will need to supply a token with `prepared_query`
If ACLs are enabled, then the client will need to supply a token with `query`
write privileges sufficient to match the service name being queried and the `Name`
given to the query, if any.
@ -232,7 +232,7 @@ only with a single item present. If the query does not exist then a 404
status code will be returned.
If ACLs are enabled, then the client will only see prepared queries for which their
token has `prepared_query` read privileges. A management token will be able to see all
token has `query` read privileges. A management token will be able to see all
prepared queries. Tokens will be displayed as `<hidden>` unless a management token is
used.
@ -243,7 +243,7 @@ The `DELETE` method is used to delete a prepared query.
By default, the datacenter of the agent is queried; however, the dc can be
provided using the "?dc=" query parameter.
If ACLs are enabled, then the client will need to supply a token with `prepared_query`
If ACLs are enabled, then the client will need to supply a token with `query`
write privileges sufficient to match the service name being queried and the `Name`
given to the query, if any.

View File

@ -150,7 +150,7 @@ access to each API token based on the events they should be able to fire.
### Blacklist mode and Prepared Queries
After Consul 0.6.3, significant changes were made to ACLs for prepared queries,
incuding a new `prepared_query` ACL policy. See [Prepared Query ACLs](#prepared_query_acls) below for more details.
incuding a new `query` ACL policy. See [Prepared Query ACLs](#prepared_query_acls) below for more details.
### Blacklist mode and Keyring Operations
@ -261,7 +261,7 @@ event "destroy-" {
}
# Default prepared queries to read-only.
prepared_query "" {
query "" {
policy = "read"
}
@ -300,7 +300,7 @@ This is equivalent to the following JSON input:
"policy": "deny"
}
},
"prepared_query": {
"query": {
"": {
"policy": "read"
}
@ -375,7 +375,7 @@ These variations are covered here, with examples:
process to use via DNS.
* Static queries with a `Name` defined are controlled by the
[`prepared_query`](/docs/internals/acl.html#prepared_query_acls) ACL policy.
[`query`](/docs/internals/acl.html#prepared_query_acls) ACL policy.
Clients are required to have an ACL token with a prefix sufficient to cover
the name they are trying to manage, with a longest prefix match providing a
way to define more specific policies. Clients can list or read queries for
@ -431,7 +431,7 @@ These differences are outlined in the table below:
<tr>
<td>Create static query with `Name`</td>
<td>The ACL Token used to create the prepared query is checked to make sure it can access the service being queried. This token is captured as the `Token` to use when executing the prepared query.</td>
<td>The client token's `prepared_query` ACL policy is used to determine if the client is allowed to register a query for the given `Name`. No `Token` is captured by default unless specifically supplied by the client when creating the query.</td>
<td>The client token's `query` ACL policy is used to determine if the client is allowed to register a query for the given `Name`. No `Token` is captured by default unless specifically supplied by the client when creating the query.</td>
</tr>
<tr>
<td>Manage static query without `Name`</td>
@ -441,12 +441,12 @@ These differences are outlined in the table below:
<tr>
<td>Manage static query with a `Name`</td>
<td>The ACL token used to create the query, or a management token must be supplied in order to perform these operations.</td>
<td>Similar to create, the client token's `prepared_query` ACL policy is used to determine if these operations are allowed.</td>
<td>Similar to create, the client token's `query` ACL policy is used to determine if these operations are allowed.</td>
</tr>
<tr>
<td>List queries</td>
<td>A management token is required to list any queries.</td>
<td>The client token's `prepared_query` ACL policy is used to determine which queries they can see. Only management tokens can see prepared queries without `Name`.</td>
<td>The client token's `query` ACL policy is used to determine which queries they can see. Only management tokens can see prepared queries without `Name`.</td>
</tr>
<tr>
<td>Execute query</td>