agent: Adding new ACL flags

This commit is contained in:
Armon Dadgar 2014-08-05 11:05:55 -07:00
parent 2e56d505c0
commit 489772eda3
2 changed files with 73 additions and 0 deletions

View file

@ -194,6 +194,30 @@ type Config struct {
CheckUpdateInterval time.Duration `mapstructure:"-"`
CheckUpdateIntervalRaw string `mapstructure:"check_update_interval" json:"-"`
// ACLToken is the default token used to make requests if a per-request
// token is not provided. If not configured the 'anonymous' token is used.
ACLToken string `mapstructure:"acl_token" json:"-"`
// ACLDatacenter is the central datacenter that holds authoritative
// ACL records. This must be the same for the entire cluster.
// If this is not set, ACLs are not enabled. Off by default.
ACLDatacenter string `mapstructure:"acl_datacenter"`
// ACLCacheInterval is used to control how long ACLs are cached. This has
// a major impact on performance. By default, it is set to 30 seconds.
ACLCacheInterval time.Duration `mapstructure:"-"`
ACLCacheIntervalRaw string `mapstructure:"acl_cache_interval"`
// ACLDownPolicy is used to control the ACL interaction when we cannot
// reach the ACLDatacenter and the token is not in the cache.
// There are two modes:
// * deny - Deny all requests
// * extend-cache - Ignore the cache expiration, and allow cached
// ACL's to be used to service requests. This
// is the default. If the ACL is not in the cache,
// this acts like deny.
ACLDownPolicy string `mapstructure:"acl_down_policy"`
// AEInterval controls the anti-entropy interval. This is how often
// the agent attempts to reconcile it's local state with the server'
// representation of our state. Defaults to every 60s.
@ -246,6 +270,8 @@ func DefaultConfig() *Config {
Protocol: consul.ProtocolVersionMax,
CheckUpdateInterval: 5 * time.Minute,
AEInterval: time.Minute,
ACLCacheInterval: 30 * time.Second,
ACLDownPolicy: "extend-cache",
}
}
@ -341,6 +367,14 @@ func DecodeConfig(r io.Reader) (*Config, error) {
result.CheckUpdateInterval = dur
}
if raw := result.ACLCacheIntervalRaw; raw != "" {
dur, err := time.ParseDuration(raw)
if err != nil {
return nil, fmt.Errorf("ACLCacheInterval invalid: %v", err)
}
result.ACLCacheInterval = dur
}
return &result, nil
}
@ -583,6 +617,19 @@ func MergeConfig(a, b *Config) *Config {
if b.SyslogFacility != "" {
result.SyslogFacility = b.SyslogFacility
}
if b.ACLToken != "" {
result.ACLToken = b.ACLToken
}
if b.ACLDatacenter != "" {
result.ACLDatacenter = b.ACLDatacenter
}
if b.ACLCacheIntervalRaw != "" {
result.ACLCacheInterval = b.ACLCacheInterval
result.ACLCacheIntervalRaw = b.ACLCacheIntervalRaw
}
if b.ACLDownPolicy != "" {
result.ACLDownPolicy = b.ACLDownPolicy
}
// Copy the start join addresses
result.StartJoin = make([]string, 0, len(a.StartJoin)+len(b.StartJoin))

View file

@ -356,6 +356,27 @@ func TestDecodeConfig(t *testing.T) {
if config.CheckUpdateInterval != 10*time.Minute {
t.Fatalf("bad: %#v", config)
}
// ACLs
input = `{"acl_token": "1234", "acl_datacenter": "dc2",
"acl_cache_interval": "60s", "acl_down_policy": "deny"}`
config, err = DecodeConfig(bytes.NewReader([]byte(input)))
if err != nil {
t.Fatalf("err: %s", err)
}
if config.ACLToken != "1234" {
t.Fatalf("bad: %#v", config)
}
if config.ACLDatacenter != "dc2" {
t.Fatalf("bad: %#v", config)
}
if config.ACLCacheInterval != 60*time.Second {
t.Fatalf("bad: %#v", config)
}
if config.ACLDownPolicy != "deny" {
t.Fatalf("bad: %#v", config)
}
}
func TestDecodeConfig_Service(t *testing.T) {
@ -503,6 +524,11 @@ func TestMergeConfig(t *testing.T) {
RejoinAfterLeave: true,
CheckUpdateInterval: 8 * time.Minute,
CheckUpdateIntervalRaw: "8m",
ACLToken: "1234",
ACLDatacenter: "dc2",
ACLCacheInterval: 15 * time.Second,
ACLCacheIntervalRaw: "15s",
ACLDownPolicy: "deny",
}
c := MergeConfig(a, b)