consul: use keyring operation type to cut out duplicated logic

This commit is contained in:
Ryan Uber 2014-10-02 17:10:54 -07:00
parent 057c22db10
commit db0084ccd0
3 changed files with 44 additions and 64 deletions

View file

@ -84,26 +84,30 @@ func (a *Agent) keyringProcess(
func (a *Agent) ListKeys() (*structs.KeyringResponses, error) {
args := structs.KeyringRequest{}
args.AllowStale = true
return a.keyringProcess("Internal.ListKeys", &args)
args.Operation = structs.KeyringList
return a.keyringProcess("Internal.KeyringOperation", &args)
}
// InstallKey installs a new gossip encryption key
func (a *Agent) InstallKey(key string) (*structs.KeyringResponses, error) {
args := structs.KeyringRequest{Key: key}
args.AllowStale = true
return a.keyringProcess("Internal.InstallKey", &args)
args.Operation = structs.KeyringInstall
return a.keyringProcess("Internal.KeyringOperation", &args)
}
// UseKey changes the primary encryption key used to encrypt messages
func (a *Agent) UseKey(key string) (*structs.KeyringResponses, error) {
args := structs.KeyringRequest{Key: key}
args.AllowStale = true
return a.keyringProcess("Internal.UseKey", &args)
args.Operation = structs.KeyringUse
return a.keyringProcess("Internal.KeyringOperation", &args)
}
// RemoveKey will remove a gossip encryption key from the keyring
func (a *Agent) RemoveKey(key string) (*structs.KeyringResponses, error) {
args := structs.KeyringRequest{Key: key}
args.AllowStale = true
return a.keyringProcess("Internal.RemoveKey", &args)
args.Operation = structs.KeyringRemove
return a.keyringProcess("Internal.KeyringOperation", &args)
}

View file

@ -12,6 +12,15 @@ type Internal struct {
srv *Server
}
type KeyringOperation uint8
const (
listKeysOperation KeyringOperation = iota
installKeyOperation
useKeyOperation
removeKeyOperation
)
// ChecksInState is used to get all the checks in a given state
func (m *Internal) NodeInfo(args *structs.NodeSpecificRequest,
reply *structs.IndexedNodeDump) error {
@ -66,85 +75,42 @@ func (m *Internal) EventFire(args *structs.EventFireRequest,
// ListKeys will query the WAN and LAN gossip keyrings of all nodes, adding
// results into a collective response as we go.
func (m *Internal) ListKeys(
func (m *Internal) KeyringOperation(
args *structs.KeyringRequest,
reply *structs.KeyringResponses) error {
dc := m.srv.config.Datacenter
respLAN, err := m.srv.KeyManagerLAN().ListKeys()
respLAN, err := m.doKeyringOperation(args, m.srv.KeyManagerLAN())
ingestKeyringResponse(respLAN, reply, dc, false, err)
if !args.Forwarded {
respWAN, err := m.srv.KeyManagerWAN().ListKeys()
respWAN, err := m.doKeyringOperation(args, m.srv.KeyManagerWAN())
ingestKeyringResponse(respWAN, reply, dc, true, err)
args.Forwarded = true
m.srv.globalRPC("Internal.ListKeys", args, reply)
return m.srv.globalRPC("Internal.KeyringOperation", args, reply)
}
return nil
}
// InstallKey broadcasts a new encryption key to all nodes. This involves
// installing a new key on every node across all datacenters.
func (m *Internal) InstallKey(
func (m *Internal) doKeyringOperation(
args *structs.KeyringRequest,
reply *structs.KeyringResponses) error {
mgr *serf.KeyManager) (r *serf.KeyResponse, err error) {
dc := m.srv.config.Datacenter
respLAN, err := m.srv.KeyManagerLAN().InstallKey(args.Key)
ingestKeyringResponse(respLAN, reply, dc, false, err)
if !args.Forwarded {
respWAN, err := m.srv.KeyManagerWAN().InstallKey(args.Key)
ingestKeyringResponse(respWAN, reply, dc, true, err)
args.Forwarded = true
m.srv.globalRPC("Internal.InstallKey", args, reply)
switch args.Operation {
case structs.KeyringList:
r, err = mgr.ListKeys()
case structs.KeyringInstall:
r, err = mgr.InstallKey(args.Key)
case structs.KeyringUse:
r, err = mgr.UseKey(args.Key)
case structs.KeyringRemove:
r, err = mgr.RemoveKey(args.Key)
}
return nil
}
// UseKey instructs all nodes to change the key they are using to
// encrypt gossip messages.
func (m *Internal) UseKey(
args *structs.KeyringRequest,
reply *structs.KeyringResponses) error {
dc := m.srv.config.Datacenter
respLAN, err := m.srv.KeyManagerLAN().UseKey(args.Key)
ingestKeyringResponse(respLAN, reply, dc, false, err)
if !args.Forwarded {
respWAN, err := m.srv.KeyManagerWAN().UseKey(args.Key)
ingestKeyringResponse(respWAN, reply, dc, true, err)
args.Forwarded = true
m.srv.globalRPC("Internal.UseKey", args, reply)
}
return nil
}
// RemoveKey instructs all nodes to drop the specified key from the keyring.
func (m *Internal) RemoveKey(
args *structs.KeyringRequest,
reply *structs.KeyringResponses) error {
dc := m.srv.config.Datacenter
respLAN, err := m.srv.KeyManagerLAN().RemoveKey(args.Key)
ingestKeyringResponse(respLAN, reply, dc, false, err)
if !args.Forwarded {
respWAN, err := m.srv.KeyManagerWAN().RemoveKey(args.Key)
ingestKeyringResponse(respWAN, reply, dc, true, err)
args.Forwarded = true
m.srv.globalRPC("Internal.RemoveKey", args, reply)
}
return nil
return r, err
}
// ingestKeyringResponse is a helper method to pick the relative information

View file

@ -554,9 +554,19 @@ type CompoundResponse interface {
New() interface{}
}
type KeyringOp string
const (
KeyringList KeyringOp = "list"
KeyringInstall = "install"
KeyringUse = "use"
KeyringRemove = "remove"
)
// KeyringRequest encapsulates a request to modify an encryption keyring.
// It can be used for install, remove, or use key type operations.
type KeyringRequest struct {
Operation KeyringOp
Key string
Datacenter string
Forwarded bool