Merge pull request #10814 from hashicorp/dnephin/acl-resolver-4
acl: remove ACLDisabledTTL
This commit is contained in:
commit
9c99249427
|
@ -3,13 +3,14 @@ package autoconf
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/mitchellh/mapstructure"
|
||||
|
||||
"github.com/hashicorp/consul/agent/config"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/proto"
|
||||
"github.com/hashicorp/consul/proto/pbautoconf"
|
||||
"github.com/hashicorp/consul/proto/pbconfig"
|
||||
"github.com/hashicorp/consul/proto/pbconnect"
|
||||
"github.com/mitchellh/mapstructure"
|
||||
)
|
||||
|
||||
// translateAgentConfig is meant to take in a proto/pbconfig.Config type
|
||||
|
@ -48,7 +49,6 @@ func translateConfig(c *pbconfig.Config) config.Config {
|
|||
DownPolicy: stringPtrOrNil(a.DownPolicy),
|
||||
DefaultPolicy: stringPtrOrNil(a.DefaultPolicy),
|
||||
EnableKeyListPolicy: &a.EnableKeyListPolicy,
|
||||
DisabledTTL: stringPtrOrNil(a.DisabledTTL),
|
||||
EnableTokenPersistence: &a.EnableTokenPersistence,
|
||||
}
|
||||
|
||||
|
|
|
@ -4,11 +4,12 @@ import (
|
|||
"fmt"
|
||||
"testing"
|
||||
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/hashicorp/consul/agent/config"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
pbconfig "github.com/hashicorp/consul/proto/pbconfig"
|
||||
"github.com/hashicorp/consul/proto/pbconnect"
|
||||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func stringPointer(s string) *string {
|
||||
|
@ -65,7 +66,6 @@ func TestTranslateConfig(t *testing.T) {
|
|||
DownPolicy: "deny",
|
||||
DefaultPolicy: "deny",
|
||||
EnableKeyListPolicy: true,
|
||||
DisabledTTL: "4s",
|
||||
EnableTokenPersistence: true,
|
||||
MSPDisableBootstrap: false,
|
||||
Tokens: &pbconfig.ACLTokens{
|
||||
|
@ -127,7 +127,6 @@ func TestTranslateConfig(t *testing.T) {
|
|||
DownPolicy: stringPointer("deny"),
|
||||
DefaultPolicy: stringPointer("deny"),
|
||||
EnableKeyListPolicy: boolPointer(true),
|
||||
DisabledTTL: stringPointer("4s"),
|
||||
EnableTokenPersistence: boolPointer(true),
|
||||
Tokens: config.Tokens{
|
||||
Master: stringPointer("99e7e490-6baf-43fc-9010-78b6aa9a6813"),
|
||||
|
|
|
@ -873,7 +873,6 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
|
|||
ACLPolicyTTL: b.durationVal("acl.policy_ttl", c.ACL.PolicyTTL),
|
||||
ACLTokenTTL: b.durationValWithDefault("acl.token_ttl", c.ACL.TokenTTL, b.durationVal("acl_ttl", c.ACLTTL)),
|
||||
ACLRoleTTL: b.durationVal("acl.role_ttl", c.ACL.RoleTTL),
|
||||
ACLDisabledTTL: b.durationVal("acl.disabled_ttl", c.ACL.DisabledTTL),
|
||||
ACLDownPolicy: stringValWithDefault(c.ACL.DownPolicy, stringVal(c.ACLDownPolicy)),
|
||||
ACLDefaultPolicy: stringValWithDefault(c.ACL.DefaultPolicy, stringVal(c.ACLDefaultPolicy)),
|
||||
},
|
||||
|
|
|
@ -268,8 +268,6 @@ type Config struct {
|
|||
SnapshotAgent map[string]interface{} `mapstructure:"snapshot_agent"`
|
||||
|
||||
// non-user configurable values
|
||||
// DEPRECATED (ACL-Legacy-Compat) - moved into the "acl" stanza
|
||||
ACLDisabledTTL *string `mapstructure:"acl_disabled_ttl"`
|
||||
AEInterval *string `mapstructure:"ae_interval"`
|
||||
CheckDeregisterIntervalMin *string `mapstructure:"check_deregister_interval_min"`
|
||||
CheckReapInterval *string `mapstructure:"check_reap_interval"`
|
||||
|
@ -741,7 +739,6 @@ type ACL struct {
|
|||
DefaultPolicy *string `mapstructure:"default_policy"`
|
||||
EnableKeyListPolicy *bool `mapstructure:"enable_key_list_policy"`
|
||||
Tokens Tokens `mapstructure:"tokens"`
|
||||
DisabledTTL *string `mapstructure:"disabled_ttl"`
|
||||
EnableTokenPersistence *bool `mapstructure:"enable_token_persistence"`
|
||||
|
||||
// Enterprise Only
|
||||
|
|
|
@ -184,9 +184,6 @@ func NonUserSource() Source {
|
|||
Name: "non-user",
|
||||
Format: "hcl",
|
||||
Data: `
|
||||
acl = {
|
||||
disabled_ttl = "120s"
|
||||
}
|
||||
check_deregister_interval_min = "1m"
|
||||
check_reap_interval = "30s"
|
||||
ae_interval = "1m"
|
||||
|
|
|
@ -5241,7 +5241,6 @@ func TestLoad_FullConfig(t *testing.T) {
|
|||
ACLsEnabled: true,
|
||||
Datacenter: "rzo029wg",
|
||||
NodeName: "otlLxGaI",
|
||||
ACLDisabledTTL: 120 * time.Second,
|
||||
ACLDefaultPolicy: "72c2e7a0",
|
||||
ACLDownPolicy: "03eb2aee",
|
||||
ACLTokenTTL: 3321 * time.Second,
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
"ACLMasterToken": "hidden",
|
||||
"ACLResolverSettings": {
|
||||
"ACLDefaultPolicy": "",
|
||||
"ACLDisabledTTL": "0s",
|
||||
"ACLDownPolicy": "",
|
||||
"ACLPolicyTTL": "0s",
|
||||
"ACLRoleTTL": "0s",
|
||||
|
|
|
@ -199,10 +199,11 @@ type ACLResolverConfig struct {
|
|||
// Delegate that implements some helper functionality that is server/client specific
|
||||
Delegate ACLResolverDelegate
|
||||
|
||||
// AutoDisable indicates that RPC responses should be checked and if they indicate ACLs are disabled
|
||||
// remotely then disable them locally as well. This is particularly useful for the client agent
|
||||
// so that it can detect when the servers have gotten ACLs enabled.
|
||||
AutoDisable bool
|
||||
// DisableDuration is the length of time to leave ACLs disabled when an RPC
|
||||
// request to a server indicates that the ACL system is disabled. If set to
|
||||
// 0 then ACLs will not be disabled locally. This value is always set to 0 on
|
||||
// Servers.
|
||||
DisableDuration time.Duration
|
||||
|
||||
// ACLConfig is the configuration necessary to pass through to the acl package when creating authorizers
|
||||
// and when authorizing access
|
||||
|
@ -212,6 +213,8 @@ type ACLResolverConfig struct {
|
|||
Tokens *token.Store
|
||||
}
|
||||
|
||||
const aclClientDisabledTTL = 30 * time.Second
|
||||
|
||||
// TODO: rename the fields to remove the ACL prefix
|
||||
type ACLResolverSettings struct {
|
||||
ACLsEnabled bool
|
||||
|
@ -228,11 +231,6 @@ type ACLResolverSettings struct {
|
|||
// a major impact on performance. By default, it is set to 30 seconds.
|
||||
ACLRoleTTL time.Duration
|
||||
|
||||
// ACLDisabledTTL is used by agents to determine how long they will
|
||||
// wait to check again with the servers if they discover ACLs are not
|
||||
// enabled. (not user configurable)
|
||||
ACLDisabledTTL time.Duration
|
||||
|
||||
// ACLDownPolicy is used to control the ACL interaction when we cannot
|
||||
// reach the PrimaryDatacenter and the token is not in the cache.
|
||||
// There are the following modes:
|
||||
|
@ -295,8 +293,9 @@ type ACLResolver struct {
|
|||
|
||||
down acl.Authorizer
|
||||
|
||||
autoDisable bool
|
||||
disabled time.Time
|
||||
disableDuration time.Duration
|
||||
disabledUntil time.Time
|
||||
// disabledLock synchronizes access to disabledUntil
|
||||
disabledLock sync.RWMutex
|
||||
|
||||
agentMasterAuthz acl.Authorizer
|
||||
|
@ -367,7 +366,7 @@ func NewACLResolver(config *ACLResolverConfig) (*ACLResolver, error) {
|
|||
delegate: config.Delegate,
|
||||
aclConf: config.ACLConfig,
|
||||
cache: cache,
|
||||
autoDisable: config.AutoDisable,
|
||||
disableDuration: config.DisableDuration,
|
||||
down: down,
|
||||
tokens: config.Tokens,
|
||||
agentMasterAuthz: authz,
|
||||
|
@ -1195,17 +1194,15 @@ func (r *ACLResolver) resolveTokenToIdentityAndRoles(token string) (structs.ACLI
|
|||
return lastIdentity, nil, lastErr
|
||||
}
|
||||
|
||||
func (r *ACLResolver) disableACLsWhenUpstreamDisabled(err error) error {
|
||||
if !r.autoDisable || err == nil || !acl.IsErrDisabled(err) {
|
||||
return err
|
||||
func (r *ACLResolver) handleACLDisabledError(err error) {
|
||||
if r.disableDuration == 0 || err == nil || !acl.IsErrDisabled(err) {
|
||||
return
|
||||
}
|
||||
|
||||
r.logger.Debug("ACLs disabled on upstream servers, will retry", "retry_interval", r.config.ACLDisabledTTL)
|
||||
r.logger.Debug("ACLs disabled on servers, will retry", "retry_interval", r.disableDuration)
|
||||
r.disabledLock.Lock()
|
||||
r.disabled = time.Now().Add(r.config.ACLDisabledTTL)
|
||||
r.disabledUntil = time.Now().Add(r.disableDuration)
|
||||
r.disabledLock.Unlock()
|
||||
|
||||
return err
|
||||
}
|
||||
|
||||
func (r *ACLResolver) resolveLocallyManagedToken(token string) (structs.ACLIdentity, acl.Authorizer, bool) {
|
||||
|
@ -1241,14 +1238,15 @@ func (r *ACLResolver) ResolveTokenToIdentityAndAuthorizer(token string) (structs
|
|||
|
||||
if r.delegate.UseLegacyACLs() {
|
||||
identity, authorizer, err := r.resolveTokenLegacy(token)
|
||||
return identity, authorizer, r.disableACLsWhenUpstreamDisabled(err)
|
||||
r.handleACLDisabledError(err)
|
||||
return identity, authorizer, err
|
||||
}
|
||||
|
||||
defer metrics.MeasureSince([]string{"acl", "ResolveToken"}, time.Now())
|
||||
|
||||
identity, policies, err := r.resolveTokenToIdentityAndPolicies(token)
|
||||
if err != nil {
|
||||
r.disableACLsWhenUpstreamDisabled(err)
|
||||
r.handleACLDisabledError(err)
|
||||
if IsACLRemoteError(err) {
|
||||
r.logger.Error("Error resolving token", "error", err)
|
||||
return &missingIdentity{reason: "primary-dc-down", token: token}, r.down, nil
|
||||
|
@ -1305,7 +1303,8 @@ func (r *ACLResolver) ResolveTokenToIdentity(token string) (structs.ACLIdentity,
|
|||
|
||||
if r.delegate.UseLegacyACLs() {
|
||||
identity, _, err := r.resolveTokenLegacy(token)
|
||||
return identity, r.disableACLsWhenUpstreamDisabled(err)
|
||||
r.handleACLDisabledError(err)
|
||||
return identity, err
|
||||
}
|
||||
|
||||
defer metrics.MeasureSince([]string{"acl", "ResolveTokenToIdentity"}, time.Now())
|
||||
|
@ -1319,11 +1318,11 @@ func (r *ACLResolver) ACLsEnabled() bool {
|
|||
return false
|
||||
}
|
||||
|
||||
if r.autoDisable {
|
||||
if r.disableDuration != 0 {
|
||||
// Whether ACLs are disabled according to RPCs failing with a ACLs Disabled error
|
||||
r.disabledLock.RLock()
|
||||
defer r.disabledLock.RUnlock()
|
||||
return !time.Now().Before(r.disabled)
|
||||
return time.Now().After(r.disabledUntil)
|
||||
}
|
||||
|
||||
return true
|
||||
|
|
|
@ -731,8 +731,8 @@ func newTestACLResolver(t *testing.T, delegate *ACLResolverTestDelegate, cb func
|
|||
Authorizers: 4,
|
||||
Roles: 4,
|
||||
},
|
||||
AutoDisable: true,
|
||||
Delegate: delegate,
|
||||
DisableDuration: aclClientDisabledTTL,
|
||||
Delegate: delegate,
|
||||
}
|
||||
|
||||
if cb != nil {
|
||||
|
@ -3565,7 +3565,7 @@ func TestACLResolver_AgentMaster(t *testing.T) {
|
|||
r := newTestACLResolver(t, d, func(cfg *ACLResolverConfig) {
|
||||
cfg.Tokens = &tokens
|
||||
cfg.Config.NodeName = "foo"
|
||||
cfg.AutoDisable = false
|
||||
cfg.DisableDuration = 0
|
||||
})
|
||||
|
||||
tokens.UpdateAgentMasterToken("9a184a11-5599-459e-b71a-550e5f9a5a23", token.TokenSourceConfig)
|
||||
|
@ -3580,3 +3580,61 @@ func TestACLResolver_AgentMaster(t *testing.T) {
|
|||
require.Equal(t, acl.Allow, authz.NodeRead("bar", nil))
|
||||
require.Equal(t, acl.Deny, authz.NodeWrite("bar", nil))
|
||||
}
|
||||
|
||||
func TestACLResolver_ACLsEnabled(t *testing.T) {
|
||||
type testCase struct {
|
||||
name string
|
||||
resolver *ACLResolver
|
||||
enabled bool
|
||||
}
|
||||
|
||||
run := func(t *testing.T, tc testCase) {
|
||||
require.Equal(t, tc.enabled, tc.resolver.ACLsEnabled())
|
||||
}
|
||||
|
||||
var testCases = []testCase{
|
||||
{
|
||||
name: "config disabled",
|
||||
resolver: &ACLResolver{},
|
||||
},
|
||||
{
|
||||
name: "config enabled, disableDuration=0 (Server)",
|
||||
resolver: &ACLResolver{
|
||||
config: ACLResolverSettings{ACLsEnabled: true},
|
||||
},
|
||||
enabled: true,
|
||||
},
|
||||
{
|
||||
name: "config enabled, disabled by RPC (Client)",
|
||||
resolver: &ACLResolver{
|
||||
config: ACLResolverSettings{ACLsEnabled: true},
|
||||
disableDuration: 10 * time.Second,
|
||||
disabledUntil: time.Now().Add(5 * time.Second),
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "config enabled, past disabledUntil (Client)",
|
||||
resolver: &ACLResolver{
|
||||
config: ACLResolverSettings{ACLsEnabled: true},
|
||||
disableDuration: 10 * time.Second,
|
||||
disabledUntil: time.Now().Add(-5 * time.Second),
|
||||
},
|
||||
enabled: true,
|
||||
},
|
||||
{
|
||||
name: "config enabled, no disabledUntil (Client)",
|
||||
resolver: &ACLResolver{
|
||||
config: ACLResolverSettings{ACLsEnabled: true},
|
||||
disableDuration: 10 * time.Second,
|
||||
},
|
||||
enabled: true,
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range testCases {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
run(t, tc)
|
||||
})
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -191,7 +191,6 @@ func (ac *AutoConfig) updateACLsInConfig(opts AutoConfigOptions, resp *pbautocon
|
|||
PolicyTTL: ac.config.ACLResolverSettings.ACLPolicyTTL.String(),
|
||||
RoleTTL: ac.config.ACLResolverSettings.ACLRoleTTL.String(),
|
||||
TokenTTL: ac.config.ACLResolverSettings.ACLTokenTTL.String(),
|
||||
DisabledTTL: ac.config.ACLResolverSettings.ACLDisabledTTL.String(),
|
||||
DownPolicy: ac.config.ACLResolverSettings.ACLDownPolicy,
|
||||
DefaultPolicy: ac.config.ACLResolverSettings.ACLDefaultPolicy,
|
||||
EnableKeyListPolicy: ac.config.ACLEnableKeyListPolicy,
|
||||
|
|
|
@ -153,8 +153,6 @@ func TestAutoConfigInitialConfiguration(t *testing.T) {
|
|||
}
|
||||
c.AutoConfigAuthzAllowReuse = true
|
||||
|
||||
c.ACLResolverSettings.ACLDisabledTTL = 12 * time.Second
|
||||
|
||||
cafile := path.Join(c.DataDir, "cacert.pem")
|
||||
err := ioutil.WriteFile(cafile, []byte(cacert), 0600)
|
||||
require.NoError(t, err)
|
||||
|
@ -265,7 +263,6 @@ func TestAutoConfigInitialConfiguration(t *testing.T) {
|
|||
PolicyTTL: "30s",
|
||||
TokenTTL: "30s",
|
||||
RoleTTL: "30s",
|
||||
DisabledTTL: "12s",
|
||||
DownPolicy: "extend-cache",
|
||||
DefaultPolicy: "deny",
|
||||
Tokens: &pbconfig.ACLTokens{
|
||||
|
@ -725,7 +722,6 @@ func TestAutoConfig_updateACLsInConfig(t *testing.T) {
|
|||
ACLPolicyTTL: 7 * time.Second,
|
||||
ACLRoleTTL: 10 * time.Second,
|
||||
ACLTokenTTL: 12 * time.Second,
|
||||
ACLDisabledTTL: 31 * time.Second,
|
||||
ACLDefaultPolicy: "allow",
|
||||
ACLDownPolicy: "deny",
|
||||
},
|
||||
|
@ -739,7 +735,6 @@ func TestAutoConfig_updateACLsInConfig(t *testing.T) {
|
|||
PolicyTTL: "7s",
|
||||
RoleTTL: "10s",
|
||||
TokenTTL: "12s",
|
||||
DisabledTTL: "31s",
|
||||
DownPolicy: "deny",
|
||||
DefaultPolicy: "allow",
|
||||
EnableKeyListPolicy: true,
|
||||
|
@ -759,7 +754,6 @@ func TestAutoConfig_updateACLsInConfig(t *testing.T) {
|
|||
ACLPolicyTTL: 7 * time.Second,
|
||||
ACLRoleTTL: 10 * time.Second,
|
||||
ACLTokenTTL: 12 * time.Second,
|
||||
ACLDisabledTTL: 31 * time.Second,
|
||||
ACLDefaultPolicy: "allow",
|
||||
ACLDownPolicy: "deny",
|
||||
},
|
||||
|
@ -773,7 +767,6 @@ func TestAutoConfig_updateACLsInConfig(t *testing.T) {
|
|||
PolicyTTL: "7s",
|
||||
RoleTTL: "10s",
|
||||
TokenTTL: "12s",
|
||||
DisabledTTL: "31s",
|
||||
DownPolicy: "deny",
|
||||
DefaultPolicy: "allow",
|
||||
EnableKeyListPolicy: true,
|
||||
|
|
|
@ -123,13 +123,13 @@ func NewClient(config *Config, deps Deps) (*Client, error) {
|
|||
|
||||
c.useNewACLs = 0
|
||||
aclConfig := ACLResolverConfig{
|
||||
Config: config.ACLResolverSettings,
|
||||
Delegate: c,
|
||||
Logger: c.logger,
|
||||
AutoDisable: true,
|
||||
CacheConfig: clientACLCacheConfig,
|
||||
ACLConfig: newACLConfig(c.logger),
|
||||
Tokens: deps.Tokens,
|
||||
Config: config.ACLResolverSettings,
|
||||
Delegate: c,
|
||||
Logger: c.logger,
|
||||
DisableDuration: aclClientDisabledTTL,
|
||||
CacheConfig: clientACLCacheConfig,
|
||||
ACLConfig: newACLConfig(c.logger),
|
||||
Tokens: deps.Tokens,
|
||||
}
|
||||
var err error
|
||||
if c.acls, err = NewACLResolver(&aclConfig); err != nil {
|
||||
|
|
|
@ -450,7 +450,6 @@ func DefaultConfig() *Config {
|
|||
ACLPolicyTTL: 30 * time.Second,
|
||||
ACLTokenTTL: 30 * time.Second,
|
||||
ACLRoleTTL: 30 * time.Second,
|
||||
ACLDisabledTTL: 30 * time.Second,
|
||||
ACLDownPolicy: "extend-cache",
|
||||
ACLDefaultPolicy: "allow",
|
||||
},
|
||||
|
|
|
@ -345,6 +345,9 @@ func TestCAManager_UpdateConfigWhileRenewIntermediate(t *testing.T) {
|
|||
}
|
||||
|
||||
func TestCAManager_SignLeafWithExpiredCert(t *testing.T) {
|
||||
if testing.Short() {
|
||||
t.Skip("too slow for testing.Short")
|
||||
}
|
||||
|
||||
args := []struct {
|
||||
testName string
|
||||
|
|
|
@ -429,7 +429,6 @@ func NewServer(config *Config, flat Deps) (*Server, error) {
|
|||
Config: config.ACLResolverSettings,
|
||||
Delegate: s,
|
||||
CacheConfig: serverACLCacheConfig,
|
||||
AutoDisable: false,
|
||||
Logger: logger,
|
||||
ACLConfig: s.aclConfig,
|
||||
Tokens: flat.Tokens,
|
||||
|
|
|
@ -323,20 +323,22 @@ func (m *TLS) GetPreferServerCipherSuites() bool {
|
|||
}
|
||||
|
||||
type ACL struct {
|
||||
Enabled bool `protobuf:"varint,1,opt,name=Enabled,proto3" json:"Enabled,omitempty"`
|
||||
PolicyTTL string `protobuf:"bytes,2,opt,name=PolicyTTL,proto3" json:"PolicyTTL,omitempty"`
|
||||
RoleTTL string `protobuf:"bytes,3,opt,name=RoleTTL,proto3" json:"RoleTTL,omitempty"`
|
||||
TokenTTL string `protobuf:"bytes,4,opt,name=TokenTTL,proto3" json:"TokenTTL,omitempty"`
|
||||
DownPolicy string `protobuf:"bytes,5,opt,name=DownPolicy,proto3" json:"DownPolicy,omitempty"`
|
||||
DefaultPolicy string `protobuf:"bytes,6,opt,name=DefaultPolicy,proto3" json:"DefaultPolicy,omitempty"`
|
||||
EnableKeyListPolicy bool `protobuf:"varint,7,opt,name=EnableKeyListPolicy,proto3" json:"EnableKeyListPolicy,omitempty"`
|
||||
Tokens *ACLTokens `protobuf:"bytes,8,opt,name=Tokens,proto3" json:"Tokens,omitempty"`
|
||||
DisabledTTL string `protobuf:"bytes,9,opt,name=DisabledTTL,proto3" json:"DisabledTTL,omitempty"`
|
||||
EnableTokenPersistence bool `protobuf:"varint,10,opt,name=EnableTokenPersistence,proto3" json:"EnableTokenPersistence,omitempty"`
|
||||
MSPDisableBootstrap bool `protobuf:"varint,11,opt,name=MSPDisableBootstrap,proto3" json:"MSPDisableBootstrap,omitempty"`
|
||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||
XXX_unrecognized []byte `json:"-"`
|
||||
XXX_sizecache int32 `json:"-"`
|
||||
Enabled bool `protobuf:"varint,1,opt,name=Enabled,proto3" json:"Enabled,omitempty"`
|
||||
PolicyTTL string `protobuf:"bytes,2,opt,name=PolicyTTL,proto3" json:"PolicyTTL,omitempty"`
|
||||
RoleTTL string `protobuf:"bytes,3,opt,name=RoleTTL,proto3" json:"RoleTTL,omitempty"`
|
||||
TokenTTL string `protobuf:"bytes,4,opt,name=TokenTTL,proto3" json:"TokenTTL,omitempty"`
|
||||
DownPolicy string `protobuf:"bytes,5,opt,name=DownPolicy,proto3" json:"DownPolicy,omitempty"`
|
||||
DefaultPolicy string `protobuf:"bytes,6,opt,name=DefaultPolicy,proto3" json:"DefaultPolicy,omitempty"`
|
||||
EnableKeyListPolicy bool `protobuf:"varint,7,opt,name=EnableKeyListPolicy,proto3" json:"EnableKeyListPolicy,omitempty"`
|
||||
Tokens *ACLTokens `protobuf:"bytes,8,opt,name=Tokens,proto3" json:"Tokens,omitempty"`
|
||||
// Deprecated_DisabledTTL is deprecated. It is no longer populated and should
|
||||
// be ignored by clients.
|
||||
Deprecated_DisabledTTL string `protobuf:"bytes,9,opt,name=Deprecated_DisabledTTL,json=DeprecatedDisabledTTL,proto3" json:"Deprecated_DisabledTTL,omitempty"` // Deprecated: Do not use.
|
||||
EnableTokenPersistence bool `protobuf:"varint,10,opt,name=EnableTokenPersistence,proto3" json:"EnableTokenPersistence,omitempty"`
|
||||
MSPDisableBootstrap bool `protobuf:"varint,11,opt,name=MSPDisableBootstrap,proto3" json:"MSPDisableBootstrap,omitempty"`
|
||||
XXX_NoUnkeyedLiteral struct{} `json:"-"`
|
||||
XXX_unrecognized []byte `json:"-"`
|
||||
XXX_sizecache int32 `json:"-"`
|
||||
}
|
||||
|
||||
func (m *ACL) Reset() { *m = ACL{} }
|
||||
|
@ -428,9 +430,10 @@ func (m *ACL) GetTokens() *ACLTokens {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (m *ACL) GetDisabledTTL() string {
|
||||
// Deprecated: Do not use.
|
||||
func (m *ACL) GetDeprecated_DisabledTTL() string {
|
||||
if m != nil {
|
||||
return m.DisabledTTL
|
||||
return m.Deprecated_DisabledTTL
|
||||
}
|
||||
return ""
|
||||
}
|
||||
|
@ -676,57 +679,58 @@ func init() {
|
|||
func init() { proto.RegisterFile("proto/pbconfig/config.proto", fileDescriptor_aefa824db7b74d77) }
|
||||
|
||||
var fileDescriptor_aefa824db7b74d77 = []byte{
|
||||
// 787 bytes of a gzipped FileDescriptorProto
|
||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x55, 0xdd, 0x6e, 0xe2, 0x46,
|
||||
0x14, 0xae, 0xe3, 0xc4, 0x09, 0x43, 0x1b, 0x25, 0x93, 0x88, 0x5a, 0xfd, 0xa1, 0xc8, 0xaa, 0x22,
|
||||
0x5a, 0x55, 0xa1, 0xa2, 0x6a, 0x55, 0x55, 0xbd, 0x21, 0x10, 0xb5, 0x34, 0x40, 0x91, 0x4d, 0x53,
|
||||
0xa9, 0x77, 0xc6, 0x0c, 0x30, 0xaa, 0x99, 0xb1, 0xc6, 0x43, 0x22, 0xde, 0xa4, 0xd7, 0x7d, 0x83,
|
||||
0x7d, 0x8b, 0xbd, 0xdc, 0x47, 0xd8, 0xcd, 0xbe, 0xc0, 0x3e, 0xc2, 0xea, 0xcc, 0x8c, 0x8d, 0x9d,
|
||||
0x85, 0x2b, 0x38, 0xdf, 0xf7, 0xcd, 0x99, 0x6f, 0xe6, 0x9c, 0x33, 0x46, 0x9f, 0x27, 0x82, 0x4b,
|
||||
0xde, 0x4a, 0xa6, 0x11, 0x67, 0x73, 0xba, 0x68, 0xe9, 0x9f, 0x6b, 0x85, 0x62, 0x47, 0x47, 0xde,
|
||||
0x8b, 0x03, 0xe4, 0x74, 0xd5, 0x5f, 0x5c, 0x47, 0xa8, 0x17, 0xca, 0x30, 0x22, 0x4c, 0x12, 0xe1,
|
||||
0x5a, 0x0d, 0xab, 0x59, 0xf1, 0x0b, 0x08, 0xfe, 0x0e, 0x9d, 0x8f, 0x05, 0x5d, 0x85, 0x62, 0x53,
|
||||
0x90, 0x1d, 0x28, 0xd9, 0x87, 0x04, 0xfe, 0x0c, 0x9d, 0x8c, 0xf8, 0x8c, 0x8c, 0xc2, 0x15, 0x71,
|
||||
0x6d, 0x25, 0xca, 0x63, 0xdc, 0x40, 0xd5, 0x80, 0x2c, 0x56, 0x84, 0x49, 0x45, 0x1f, 0x2a, 0xba,
|
||||
0x08, 0xe1, 0x2f, 0x91, 0xdd, 0xe9, 0x0e, 0xdc, 0xa3, 0x86, 0xd5, 0xac, 0xb6, 0xab, 0xd7, 0xc6,
|
||||
0x7a, 0xa7, 0x3b, 0xf0, 0x01, 0xc7, 0x3f, 0xa2, 0x6a, 0x67, 0x2d, 0xf9, 0x2d, 0x8b, 0xc4, 0x26,
|
||||
0x91, 0xae, 0xa3, 0x64, 0x17, 0xb9, 0x6c, 0x4b, 0xf9, 0x45, 0x1d, 0xbe, 0x42, 0xce, 0x6f, 0x3c,
|
||||
0x4d, 0x69, 0xe2, 0x1e, 0xab, 0x15, 0xa7, 0xd9, 0x0a, 0x8d, 0xfa, 0x86, 0x85, 0xdd, 0x27, 0x83,
|
||||
0xc0, 0x3d, 0x29, 0xef, 0x3e, 0x19, 0x04, 0x3e, 0xe0, 0xde, 0x3c, 0x4b, 0x83, 0x7f, 0x46, 0xc8,
|
||||
0xe4, 0xa6, 0x9c, 0xa9, 0x2b, 0xab, 0xb6, 0xdd, 0x72, 0xd2, 0x2d, 0xef, 0x17, 0xb4, 0xd8, 0x43,
|
||||
0x1f, 0xfb, 0x44, 0x8a, 0xcd, 0x1f, 0x9c, 0xb2, 0x41, 0x67, 0xe4, 0x1e, 0x34, 0xec, 0x66, 0xc5,
|
||||
0x2f, 0x61, 0x9e, 0x44, 0x67, 0xcf, 0x73, 0xe0, 0x33, 0x64, 0xdf, 0x91, 0x8d, 0xa9, 0x0e, 0xfc,
|
||||
0xc5, 0x57, 0xe8, 0xf4, 0x9e, 0x08, 0x3a, 0xdf, 0xf4, 0x59, 0xc4, 0x57, 0x94, 0x2d, 0x54, 0x4d,
|
||||
0x4e, 0xfc, 0x67, 0xe8, 0x56, 0xf7, 0xe7, 0x5a, 0x2e, 0x38, 0xe8, 0xec, 0xa2, 0x2e, 0x43, 0xbd,
|
||||
0x37, 0x96, 0x3a, 0xfd, 0x0e, 0xbd, 0xb5, 0x4b, 0x8f, 0xdb, 0xe8, 0x52, 0x23, 0x01, 0x11, 0x0f,
|
||||
0x44, 0xfc, 0xce, 0x53, 0xc9, 0xa0, 0xaa, 0xda, 0xc5, 0x4e, 0x0e, 0x4e, 0xdf, 0xa5, 0xc9, 0x92,
|
||||
0x88, 0x60, 0x4d, 0x25, 0x49, 0x4d, 0x83, 0x94, 0x30, 0x68, 0xc7, 0x21, 0x65, 0xf7, 0x44, 0xa4,
|
||||
0x70, 0xb7, 0xba, 0x47, 0x0a, 0x08, 0xfe, 0x05, 0xb9, 0x63, 0x41, 0xe6, 0x44, 0xe8, 0xdc, 0xa5,
|
||||
0x7c, 0x47, 0x6a, 0xef, 0xbd, 0xbc, 0xf7, 0xbf, 0xad, 0xfa, 0x0b, 0xbb, 0xe8, 0xf8, 0x96, 0x85,
|
||||
0xd3, 0x98, 0xcc, 0xcc, 0xe1, 0xb2, 0x10, 0x7f, 0x81, 0x2a, 0x63, 0x1e, 0xd3, 0x68, 0x33, 0x99,
|
||||
0x0c, 0x4c, 0x93, 0x6f, 0x01, 0x58, 0xe7, 0xf3, 0x98, 0x00, 0xa7, 0xad, 0x67, 0x21, 0xb4, 0xfd,
|
||||
0x84, 0xff, 0x4b, 0x18, 0x50, 0xda, 0x73, 0x1e, 0xab, 0x01, 0xe3, 0x8f, 0x4c, 0xa7, 0x51, 0x1e,
|
||||
0x61, 0xc0, 0x72, 0x04, 0x7f, 0x8d, 0x3e, 0xe9, 0x91, 0x79, 0xb8, 0x8e, 0xa5, 0x91, 0x38, 0x4a,
|
||||
0x52, 0x06, 0xf1, 0xf7, 0xe8, 0x42, 0x9b, 0xbc, 0x23, 0x9b, 0x01, 0x4d, 0x33, 0xed, 0xb1, 0xf2,
|
||||
0xbf, 0x8b, 0xc2, 0xdf, 0x20, 0x47, 0x79, 0x48, 0x4d, 0x47, 0x9f, 0x17, 0xe6, 0x49, 0x13, 0xbe,
|
||||
0x11, 0xc0, 0x64, 0xf6, 0x68, 0xaa, 0xae, 0x00, 0x4e, 0x50, 0xd1, 0x93, 0x59, 0x80, 0xf0, 0x4f,
|
||||
0xa8, 0xa6, 0xf7, 0x50, 0x2b, 0xc6, 0x50, 0x8c, 0x54, 0x12, 0x16, 0x11, 0x17, 0x29, 0x07, 0x7b,
|
||||
0x58, 0xb0, 0x3d, 0x0c, 0xc6, 0x26, 0xd3, 0x0d, 0xe7, 0x32, 0x95, 0x22, 0x4c, 0xdc, 0xaa, 0xb6,
|
||||
0xbd, 0x83, 0xf2, 0xde, 0x59, 0xa8, 0x92, 0x3b, 0xc4, 0x35, 0xe4, 0x0c, 0xc3, 0x74, 0xfb, 0x32,
|
||||
0x99, 0x08, 0x1c, 0xfb, 0x24, 0x89, 0x69, 0x14, 0xaa, 0x19, 0xd4, 0xa5, 0x2a, 0x42, 0xa0, 0xe8,
|
||||
0x2c, 0x08, 0x93, 0x66, 0xb9, 0x2e, 0x58, 0x11, 0x82, 0x72, 0x9a, 0x3b, 0x36, 0x35, 0xcb, 0x42,
|
||||
0x7c, 0x89, 0x8e, 0x94, 0xd0, 0x54, 0x4b, 0x07, 0xf8, 0x6f, 0x54, 0x1b, 0x86, 0x2c, 0x5c, 0x90,
|
||||
0x19, 0xf4, 0x16, 0x8d, 0xc8, 0x58, 0xf0, 0x07, 0x3a, 0x23, 0xc2, 0x75, 0x1a, 0x76, 0xb3, 0xda,
|
||||
0xfe, 0xaa, 0x70, 0xc1, 0xcf, 0x14, 0xea, 0x34, 0xfe, 0x9e, 0xe5, 0xde, 0x5f, 0xe8, 0xd3, 0x3d,
|
||||
0x4b, 0xa0, 0x79, 0x3a, 0x51, 0x44, 0xd2, 0x94, 0x8b, 0x7e, 0x2f, 0x7b, 0x9d, 0xb7, 0x08, 0x34,
|
||||
0x5e, 0x40, 0x22, 0x41, 0x64, 0xbf, 0x67, 0x2e, 0x21, 0x8f, 0x3d, 0x5a, 0x7a, 0x2e, 0xe1, 0x0d,
|
||||
0x81, 0xe7, 0x4d, 0x77, 0xbc, 0x9a, 0xf5, 0x1a, 0x72, 0x7a, 0xa3, 0x20, 0xc8, 0xdf, 0x21, 0x13,
|
||||
0xc1, 0xf1, 0xfb, 0x63, 0x80, 0x6d, 0x05, 0xeb, 0x00, 0xb6, 0xea, 0xc4, 0x31, 0x7f, 0x84, 0x24,
|
||||
0x87, 0x2a, 0x49, 0x1e, 0xdf, 0xfc, 0xfa, 0xf2, 0xa9, 0x6e, 0xbd, 0x7a, 0xaa, 0x5b, 0xaf, 0x9f,
|
||||
0xea, 0xd6, 0x7f, 0x6f, 0xeb, 0x1f, 0xfd, 0xf3, 0xed, 0x82, 0xca, 0xe5, 0x7a, 0x7a, 0x1d, 0xf1,
|
||||
0x55, 0x6b, 0x19, 0xa6, 0x4b, 0x1a, 0x71, 0x91, 0xc0, 0xc7, 0x28, 0x5d, 0xc7, 0xad, 0xf2, 0x27,
|
||||
0x6a, 0xea, 0xa8, 0xf8, 0x87, 0xf7, 0x01, 0x00, 0x00, 0xff, 0xff, 0x5a, 0xef, 0x32, 0xac, 0xbb,
|
||||
0x06, 0x00, 0x00,
|
||||
// 802 bytes of a gzipped FileDescriptorProto
|
||||
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x74, 0x55, 0xdd, 0x8e, 0x22, 0x45,
|
||||
0x14, 0xb6, 0xa7, 0x77, 0x7a, 0x86, 0x83, 0x6e, 0x76, 0x6b, 0x57, 0xec, 0xf8, 0x83, 0xa4, 0x63,
|
||||
0x36, 0xa3, 0x31, 0x83, 0xc1, 0x68, 0xd4, 0x78, 0xc3, 0xc0, 0x46, 0x71, 0x01, 0x49, 0x37, 0xae,
|
||||
0x89, 0x37, 0xa6, 0x69, 0x0e, 0x50, 0xb1, 0xa9, 0xea, 0x54, 0x17, 0x3b, 0xe1, 0x4d, 0x7c, 0x0d,
|
||||
0xaf, 0x7d, 0x01, 0x2f, 0x7d, 0x04, 0x1d, 0x5f, 0xc0, 0x47, 0x30, 0xf5, 0xd3, 0x4d, 0xf7, 0x08,
|
||||
0x57, 0x70, 0xbe, 0xef, 0xab, 0x53, 0xe7, 0xaf, 0x4e, 0xc3, 0x3b, 0x99, 0xe0, 0x92, 0x77, 0xb3,
|
||||
0x45, 0xc2, 0xd9, 0x8a, 0xae, 0xbb, 0xe6, 0xe7, 0x5a, 0xa3, 0xc4, 0x33, 0x56, 0xf0, 0xdb, 0x19,
|
||||
0x78, 0x03, 0xfd, 0x97, 0xb4, 0x01, 0x86, 0xb1, 0x8c, 0x13, 0x64, 0x12, 0x85, 0xef, 0x74, 0x9c,
|
||||
0xab, 0x46, 0x58, 0x41, 0xc8, 0xc7, 0xf0, 0x78, 0x26, 0xe8, 0x36, 0x16, 0xfb, 0x8a, 0xec, 0x4c,
|
||||
0xcb, 0xfe, 0x4f, 0x90, 0xb7, 0xe1, 0x72, 0xca, 0x97, 0x38, 0x8d, 0xb7, 0xe8, 0xbb, 0x5a, 0x54,
|
||||
0xda, 0xa4, 0x03, 0xcd, 0x08, 0xd7, 0x5b, 0x64, 0x52, 0xd3, 0x0f, 0x34, 0x5d, 0x85, 0xc8, 0x7b,
|
||||
0xe0, 0xf6, 0x07, 0x63, 0xff, 0xbc, 0xe3, 0x5c, 0x35, 0x7b, 0xcd, 0x6b, 0x1b, 0x7a, 0x7f, 0x30,
|
||||
0x0e, 0x15, 0x4e, 0x3e, 0x83, 0x66, 0x7f, 0x27, 0xf9, 0x73, 0x96, 0x88, 0x7d, 0x26, 0x7d, 0x4f,
|
||||
0xcb, 0x9e, 0x94, 0xb2, 0x03, 0x15, 0x56, 0x75, 0xe4, 0x19, 0x78, 0xdf, 0xf0, 0x3c, 0xa7, 0x99,
|
||||
0x7f, 0xa1, 0x4f, 0x3c, 0x2c, 0x4e, 0x18, 0x34, 0xb4, 0xac, 0xba, 0x7d, 0x3e, 0x8e, 0xfc, 0xcb,
|
||||
0xfa, 0xed, 0xf3, 0x71, 0x14, 0x2a, 0x3c, 0x58, 0x15, 0x6e, 0xc8, 0x17, 0x00, 0xd6, 0x37, 0xe5,
|
||||
0x4c, 0x97, 0xac, 0xd9, 0xf3, 0xeb, 0x4e, 0x0f, 0x7c, 0x58, 0xd1, 0x92, 0x00, 0x5e, 0x0f, 0x51,
|
||||
0x8a, 0xfd, 0x77, 0x9c, 0xb2, 0x71, 0x7f, 0xea, 0x9f, 0x75, 0xdc, 0xab, 0x46, 0x58, 0xc3, 0x02,
|
||||
0x09, 0x8f, 0xee, 0xfb, 0x20, 0x8f, 0xc0, 0x7d, 0x81, 0x7b, 0xdb, 0x1d, 0xf5, 0x97, 0x3c, 0x83,
|
||||
0x87, 0x2f, 0x51, 0xd0, 0xd5, 0x7e, 0xc4, 0x12, 0xbe, 0xa5, 0x6c, 0xad, 0x7b, 0x72, 0x19, 0xde,
|
||||
0x43, 0x0f, 0xba, 0xef, 0x77, 0x72, 0xcd, 0x95, 0xce, 0xad, 0xea, 0x0a, 0x34, 0xf8, 0xdb, 0xd1,
|
||||
0xd9, 0x1f, 0xd1, 0x3b, 0xc7, 0xf4, 0xa4, 0x07, 0x4f, 0x0d, 0x12, 0xa1, 0x78, 0x85, 0xe2, 0x5b,
|
||||
0x9e, 0x4b, 0xa6, 0xba, 0x6a, 0xa2, 0x38, 0xca, 0xa9, 0xec, 0x07, 0x34, 0xdb, 0xa0, 0x88, 0x76,
|
||||
0x54, 0x62, 0x6e, 0x07, 0xa4, 0x86, 0xa9, 0x71, 0x9c, 0x50, 0xf6, 0x12, 0x45, 0xae, 0x6a, 0x6b,
|
||||
0x66, 0xa4, 0x82, 0x90, 0xaf, 0xc0, 0x9f, 0x09, 0x5c, 0xa1, 0x30, 0xbe, 0x6b, 0xfe, 0xce, 0xf5,
|
||||
0xdd, 0x27, 0xf9, 0xe0, 0x77, 0x57, 0xcf, 0x17, 0xf1, 0xe1, 0xe2, 0x39, 0x8b, 0x17, 0x29, 0x2e,
|
||||
0x6d, 0x72, 0x85, 0x49, 0xde, 0x85, 0xc6, 0x8c, 0xa7, 0x34, 0xd9, 0xcf, 0xe7, 0x63, 0x3b, 0xe4,
|
||||
0x07, 0x40, 0x9d, 0x0b, 0x79, 0x8a, 0x8a, 0x33, 0xa1, 0x17, 0xa6, 0x1a, 0xfb, 0x39, 0xff, 0x05,
|
||||
0x99, 0xa2, 0x4c, 0xcc, 0xa5, 0xad, 0x1f, 0x18, 0xbf, 0x65, 0xc6, 0x8d, 0x8e, 0x51, 0x3d, 0xb0,
|
||||
0x12, 0x21, 0x1f, 0xc0, 0x1b, 0x43, 0x5c, 0xc5, 0xbb, 0x54, 0x5a, 0x89, 0xa7, 0x25, 0x75, 0x90,
|
||||
0x7c, 0x02, 0x4f, 0x4c, 0x90, 0x2f, 0x70, 0x3f, 0xa6, 0x79, 0xa1, 0xbd, 0xd0, 0xf1, 0x1f, 0xa3,
|
||||
0xc8, 0x87, 0xe0, 0xe9, 0x18, 0x72, 0x3b, 0xd1, 0x8f, 0x2b, 0xef, 0xc9, 0x10, 0xa1, 0x15, 0x90,
|
||||
0x2f, 0xa1, 0x35, 0xc4, 0x4c, 0x60, 0x12, 0x4b, 0x5c, 0xfe, 0x3c, 0xa4, 0xb9, 0xae, 0x86, 0x4a,
|
||||
0xa6, 0xa1, 0x62, 0xb9, 0x39, 0xf3, 0x9d, 0xf0, 0xcd, 0x83, 0xa2, 0x22, 0x20, 0x9f, 0x43, 0xcb,
|
||||
0x5c, 0xae, 0x5d, 0xcd, 0x54, 0x97, 0x72, 0x89, 0x2c, 0x41, 0x1f, 0x74, 0x68, 0x27, 0x58, 0x95,
|
||||
0xcf, 0x24, 0x9a, 0x59, 0x4f, 0x37, 0x9c, 0xcb, 0x5c, 0x8a, 0x38, 0xf3, 0x9b, 0x26, 0x9f, 0x23,
|
||||
0x54, 0xf0, 0xaf, 0x03, 0x8d, 0x32, 0x74, 0xd2, 0x02, 0x6f, 0x12, 0xe7, 0x87, 0x95, 0x65, 0x2d,
|
||||
0xb5, 0x64, 0x42, 0xcc, 0x52, 0x9a, 0xc4, 0xfa, 0x71, 0x9a, 0x1e, 0x56, 0x21, 0xa5, 0xe8, 0xaf,
|
||||
0x91, 0x49, 0x7b, 0xdc, 0x74, 0xb2, 0x0a, 0xa9, 0x3e, 0xdb, 0xe2, 0xdb, 0x66, 0x16, 0x26, 0x79,
|
||||
0x0a, 0xe7, 0x5a, 0x68, 0xdb, 0x68, 0x0c, 0xf2, 0x23, 0xb4, 0x26, 0x31, 0x8b, 0xd7, 0xb8, 0x54,
|
||||
0x43, 0x47, 0x13, 0x9c, 0x09, 0xfe, 0x8a, 0x2e, 0x51, 0xf8, 0x5e, 0xc7, 0xbd, 0x6a, 0xf6, 0xde,
|
||||
0xaf, 0x54, 0xfe, 0x9e, 0x42, 0x67, 0x13, 0x9e, 0x38, 0x1e, 0xfc, 0x00, 0x6f, 0x9d, 0x38, 0xa2,
|
||||
0xa6, 0xaa, 0x9f, 0x24, 0x98, 0xe7, 0x5c, 0x8c, 0x86, 0xc5, 0xda, 0x3e, 0x20, 0x6a, 0x22, 0x23,
|
||||
0x4c, 0x04, 0xca, 0xd1, 0xd0, 0x16, 0xa1, 0xb4, 0x03, 0x5a, 0xdb, 0xa3, 0x6a, 0xb9, 0xa8, 0xbd,
|
||||
0x67, 0x9e, 0x82, 0x5e, 0x02, 0x2d, 0xf0, 0x86, 0xd3, 0x28, 0x2a, 0x17, 0x94, 0xb5, 0x54, 0xfa,
|
||||
0xa3, 0x99, 0x82, 0x5d, 0x0d, 0x1b, 0x43, 0x5d, 0xd5, 0x4f, 0x53, 0x7e, 0xab, 0x9c, 0x3c, 0xd0,
|
||||
0x4e, 0x4a, 0xfb, 0xe6, 0xeb, 0x3f, 0xee, 0xda, 0xce, 0x9f, 0x77, 0x6d, 0xe7, 0xaf, 0xbb, 0xb6,
|
||||
0xf3, 0xeb, 0x3f, 0xed, 0xd7, 0x7e, 0xfa, 0x68, 0x4d, 0xe5, 0x66, 0xb7, 0xb8, 0x4e, 0xf8, 0xb6,
|
||||
0xbb, 0x89, 0xf3, 0x0d, 0x4d, 0xb8, 0xc8, 0xd4, 0x57, 0x2a, 0xdf, 0xa5, 0xdd, 0xfa, 0xb7, 0x6b,
|
||||
0xe1, 0x69, 0xfb, 0xd3, 0xff, 0x02, 0x00, 0x00, 0xff, 0xff, 0x54, 0x4a, 0x4e, 0xf1, 0xd4, 0x06,
|
||||
0x00, 0x00,
|
||||
}
|
||||
|
||||
func (m *Config) Marshal() (dAtA []byte, err error) {
|
||||
|
@ -1049,10 +1053,10 @@ func (m *ACL) MarshalToSizedBuffer(dAtA []byte) (int, error) {
|
|||
i--
|
||||
dAtA[i] = 0x50
|
||||
}
|
||||
if len(m.DisabledTTL) > 0 {
|
||||
i -= len(m.DisabledTTL)
|
||||
copy(dAtA[i:], m.DisabledTTL)
|
||||
i = encodeVarintConfig(dAtA, i, uint64(len(m.DisabledTTL)))
|
||||
if len(m.Deprecated_DisabledTTL) > 0 {
|
||||
i -= len(m.Deprecated_DisabledTTL)
|
||||
copy(dAtA[i:], m.Deprecated_DisabledTTL)
|
||||
i = encodeVarintConfig(dAtA, i, uint64(len(m.Deprecated_DisabledTTL)))
|
||||
i--
|
||||
dAtA[i] = 0x4a
|
||||
}
|
||||
|
@ -1472,7 +1476,7 @@ func (m *ACL) Size() (n int) {
|
|||
l = m.Tokens.Size()
|
||||
n += 1 + l + sovConfig(uint64(l))
|
||||
}
|
||||
l = len(m.DisabledTTL)
|
||||
l = len(m.Deprecated_DisabledTTL)
|
||||
if l > 0 {
|
||||
n += 1 + l + sovConfig(uint64(l))
|
||||
}
|
||||
|
@ -2589,7 +2593,7 @@ func (m *ACL) Unmarshal(dAtA []byte) error {
|
|||
iNdEx = postIndex
|
||||
case 9:
|
||||
if wireType != 2 {
|
||||
return fmt.Errorf("proto: wrong wireType = %d for field DisabledTTL", wireType)
|
||||
return fmt.Errorf("proto: wrong wireType = %d for field Deprecated_DisabledTTL", wireType)
|
||||
}
|
||||
var stringLen uint64
|
||||
for shift := uint(0); ; shift += 7 {
|
||||
|
@ -2617,7 +2621,7 @@ func (m *ACL) Unmarshal(dAtA []byte) error {
|
|||
if postIndex > l {
|
||||
return io.ErrUnexpectedEOF
|
||||
}
|
||||
m.DisabledTTL = string(dAtA[iNdEx:postIndex])
|
||||
m.Deprecated_DisabledTTL = string(dAtA[iNdEx:postIndex])
|
||||
iNdEx = postIndex
|
||||
case 10:
|
||||
if wireType != 0 {
|
||||
|
|
|
@ -43,7 +43,9 @@ message ACL {
|
|||
string DefaultPolicy = 6;
|
||||
bool EnableKeyListPolicy = 7;
|
||||
ACLTokens Tokens = 8;
|
||||
string DisabledTTL = 9;
|
||||
// Deprecated_DisabledTTL is deprecated. It is no longer populated and should
|
||||
// be ignored by clients.
|
||||
string Deprecated_DisabledTTL = 9 [deprecated = true];
|
||||
bool EnableTokenPersistence = 10;
|
||||
bool MSPDisableBootstrap = 11;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue