From 38af9f2a9b7b8762d8e05a8faaed6cd0e232c2f2 Mon Sep 17 00:00:00 2001 From: Daniel Nephin Date: Wed, 5 May 2021 17:37:02 -0400 Subject: [PATCH] agent/local: only fallback to agent token for deletes Fallback to the default user token for synching registrations. --- agent/local/state.go | 42 +++++++++++++++--------------------------- 1 file changed, 15 insertions(+), 27 deletions(-) diff --git a/agent/local/state.go b/agent/local/state.go index 5eb396d1b..5b9d0cc7f 100644 --- a/agent/local/state.go +++ b/agent/local/state.go @@ -239,18 +239,13 @@ func (l *State) ServiceToken(id structs.ServiceID) string { } // aclTokenForServiceSync returns an ACL token associated with a service. If there is -// no ACL token associated with the service, falls back to the agent token, then to the -// user default token. +// no ACL token associated with the service, fallback is used to return a value. // This method is not synchronized and the lock must already be held. -func (l *State) aclTokenForServiceSync(id structs.ServiceID) string { - var token string - if s := l.services[id]; s != nil { - token = s.Token +func (l *State) aclTokenForServiceSync(id structs.ServiceID, fallback func() string) string { + if s := l.services[id]; s != nil && s.Token != "" { + return s.Token } - if token == "" { - token = l.tokens.AgentToken() - } - return token + return fallback() } // AddService is used to add a service entry to the local state. @@ -457,19 +452,13 @@ func (l *State) CheckToken(id structs.CheckID) string { } // aclTokenForCheckSync returns an ACL token associated with a check. If there is -// no ACL token associated with the check, falls back to the agent token, then to the -// user default token. +// no ACL token associated with the check, the callback is used to return a value. // This method is not synchronized and the lock must already be held. -func (l *State) aclTokenForCheckSync(id structs.CheckID) string { - var token string - c := l.checks[id] - if c != nil { - token = c.Token +func (l *State) aclTokenForCheckSync(id structs.CheckID, fallback func() string) string { + if c := l.checks[id]; c != nil && c.Token != "" { + return c.Token } - if token == "" { - token = l.tokens.AgentToken() - } - return token + return fallback() } // AddCheck is used to add a health check to the local state. @@ -1142,8 +1131,7 @@ func (l *State) deleteService(key structs.ServiceID) error { return fmt.Errorf("ServiceID missing") } - st := l.aclTokenForServiceSync(key) - + st := l.aclTokenForServiceSync(key, l.tokens.AgentToken) req := structs.DeregisterRequest{ Datacenter: l.config.Datacenter, Node: l.config.NodeName, @@ -1192,7 +1180,7 @@ func (l *State) deleteCheck(key structs.CheckID) error { return fmt.Errorf("CheckID missing") } - ct := l.aclTokenForCheckSync(key) + ct := l.aclTokenForCheckSync(key, l.tokens.AgentToken) req := structs.DeregisterRequest{ Datacenter: l.config.Datacenter, Node: l.config.NodeName, @@ -1236,7 +1224,7 @@ func (l *State) pruneCheck(id structs.CheckID) { // syncService is used to sync a service to the server func (l *State) syncService(key structs.ServiceID) error { - st := l.aclTokenForServiceSync(key) + st := l.aclTokenForServiceSync(key, l.tokens.UserToken) // If the service has associated checks that are out of sync, // piggyback them on the service sync so they are part of the @@ -1252,7 +1240,7 @@ func (l *State) syncService(key structs.ServiceID) error { if !key.Matches(c.Check.CompoundServiceID()) { continue } - if st != l.aclTokenForCheckSync(checkKey) { + if st != l.aclTokenForCheckSync(checkKey, l.tokens.UserToken) { continue } checks = append(checks, c.Check) @@ -1318,7 +1306,7 @@ func (l *State) syncService(key structs.ServiceID) error { // syncCheck is used to sync a check to the server func (l *State) syncCheck(key structs.CheckID) error { c := l.checks[key] - ct := l.aclTokenForCheckSync(key) + ct := l.aclTokenForCheckSync(key, l.tokens.UserToken) req := structs.RegisterRequest{ Datacenter: l.config.Datacenter, ID: l.config.NodeID,