Fixup acl.EnterpriseMeta
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
This commit is contained in:
parent
58ca8c8ed4
commit
ed3e42296d
|
@ -92,7 +92,7 @@ func (a *TestACLAgent) ResolveToken(secretID string) (acl.Authorizer, error) {
|
|||
return authz, err
|
||||
}
|
||||
|
||||
func (a *TestACLAgent) ResolveTokenAndDefaultMeta(secretID string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) {
|
||||
func (a *TestACLAgent) ResolveTokenAndDefaultMeta(secretID string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) {
|
||||
authz, err := a.ResolveToken(secretID)
|
||||
if err != nil {
|
||||
return consul.ACLResolveResult{}, err
|
||||
|
@ -133,10 +133,10 @@ func (a *TestACLAgent) LANMembers(f consul.LANMemberFilter) ([]serf.Member, erro
|
|||
func (a *TestACLAgent) AgentLocalMember() serf.Member {
|
||||
return serf.Member{}
|
||||
}
|
||||
func (a *TestACLAgent) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (n int, err error) {
|
||||
func (a *TestACLAgent) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (n int, err error) {
|
||||
return 0, fmt.Errorf("Unimplemented")
|
||||
}
|
||||
func (a *TestACLAgent) RemoveFailedNode(node string, prune bool, entMeta *structs.EnterpriseMeta) error {
|
||||
func (a *TestACLAgent) RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error {
|
||||
return fmt.Errorf("Unimplemented")
|
||||
}
|
||||
func (a *TestACLAgent) RPC(method string, args interface{}, reply interface{}) error {
|
||||
|
|
|
@ -164,16 +164,16 @@ type delegate interface {
|
|||
|
||||
// JoinLAN is used to have Consul join the inner-DC pool The target address
|
||||
// should be another node inside the DC listening on the Serf LAN address
|
||||
JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (n int, err error)
|
||||
JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (n int, err error)
|
||||
|
||||
// RemoveFailedNode is used to remove a failed node from the cluster.
|
||||
RemoveFailedNode(node string, prune bool, entMeta *structs.EnterpriseMeta) error
|
||||
RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error
|
||||
|
||||
// ResolveTokenAndDefaultMeta returns an acl.Authorizer which authorizes
|
||||
// actions based on the permissions granted to the token.
|
||||
// If either entMeta or authzContext are non-nil they will be populated with the
|
||||
// default partition and namespace from the token.
|
||||
ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error)
|
||||
ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error)
|
||||
|
||||
RPC(method string, args interface{}, reply interface{}) error
|
||||
SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer, replyFn structs.SnapshotReplyFn) error
|
||||
|
@ -1536,7 +1536,7 @@ func (a *Agent) ShutdownCh() <-chan struct{} {
|
|||
}
|
||||
|
||||
// JoinLAN is used to have the agent join a LAN cluster
|
||||
func (a *Agent) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (n int, err error) {
|
||||
func (a *Agent) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (n int, err error) {
|
||||
a.logger.Info("(LAN) joining", "lan_addresses", addrs)
|
||||
n, err = a.delegate.JoinLAN(addrs, entMeta)
|
||||
if err == nil {
|
||||
|
@ -1603,7 +1603,7 @@ func (a *Agent) RefreshPrimaryGatewayFallbackAddresses(addrs []string) error {
|
|||
}
|
||||
|
||||
// ForceLeave is used to remove a failed node from the cluster
|
||||
func (a *Agent) ForceLeave(node string, prune bool, entMeta *structs.EnterpriseMeta) error {
|
||||
func (a *Agent) ForceLeave(node string, prune bool, entMeta *acl.EnterpriseMeta) error {
|
||||
a.logger.Info("Force leaving node", "node", node)
|
||||
|
||||
err := a.delegate.RemoveFailedNode(node, prune, entMeta)
|
||||
|
@ -1617,7 +1617,7 @@ func (a *Agent) ForceLeave(node string, prune bool, entMeta *structs.EnterpriseM
|
|||
}
|
||||
|
||||
// ForceLeaveWAN is used to remove a failed node from the WAN cluster
|
||||
func (a *Agent) ForceLeaveWAN(node string, prune bool, entMeta *structs.EnterpriseMeta) error {
|
||||
func (a *Agent) ForceLeaveWAN(node string, prune bool, entMeta *acl.EnterpriseMeta) error {
|
||||
a.logger.Info("(WAN) Force leaving node", "node", node)
|
||||
|
||||
srv, ok := a.delegate.(*consul.Server)
|
||||
|
@ -1923,7 +1923,7 @@ func (a *Agent) purgeCheck(checkID structs.CheckID) error {
|
|||
type persistedServiceConfig struct {
|
||||
ServiceID string
|
||||
Defaults *structs.ServiceConfigResponse
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
func (a *Agent) makeServiceConfigFilePath(serviceID structs.ServiceID) string {
|
||||
|
@ -2017,7 +2017,7 @@ func (a *Agent) readPersistedServiceConfigs() (map[structs.ServiceID]*structs.Se
|
|||
}
|
||||
}
|
||||
|
||||
if !structs.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.PartitionOrDefault()) {
|
||||
if !acl.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.PartitionOrDefault()) {
|
||||
a.logger.Info("Purging service config file in wrong partition",
|
||||
"file", file,
|
||||
"partition", p.PartitionOrDefault(),
|
||||
|
@ -3390,7 +3390,7 @@ func (a *Agent) loadServices(conf *config.RuntimeConfig, snap map[structs.CheckI
|
|||
}
|
||||
}
|
||||
|
||||
if !structs.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.Service.PartitionOrDefault()) {
|
||||
if !acl.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.Service.PartitionOrDefault()) {
|
||||
a.logger.Info("Purging service file in wrong partition",
|
||||
"file", file,
|
||||
"partition", p.Service.EnterpriseMeta.PartitionOrDefault(),
|
||||
|
@ -3546,7 +3546,7 @@ func (a *Agent) loadChecks(conf *config.RuntimeConfig, snap map[structs.CheckID]
|
|||
}
|
||||
}
|
||||
|
||||
if !structs.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.Check.PartitionOrDefault()) {
|
||||
if !acl.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.Check.PartitionOrDefault()) {
|
||||
a.logger.Info("Purging check file in wrong partition",
|
||||
"file", file,
|
||||
"partition", p.Check.PartitionOrDefault(),
|
||||
|
|
|
@ -308,7 +308,7 @@ func (s *HTTPHandlers) AgentServices(resp http.ResponseWriter, req *http.Request
|
|||
var token string
|
||||
s.parseToken(req, &token)
|
||||
|
||||
var entMeta structs.EnterpriseMeta
|
||||
var entMeta acl.EnterpriseMeta
|
||||
if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -397,7 +397,7 @@ func (s *HTTPHandlers) AgentService(resp http.ResponseWriter, req *http.Request)
|
|||
var token string
|
||||
s.parseToken(req, &token)
|
||||
|
||||
var entMeta structs.EnterpriseMeta
|
||||
var entMeta acl.EnterpriseMeta
|
||||
if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -471,7 +471,7 @@ func (s *HTTPHandlers) AgentChecks(resp http.ResponseWriter, req *http.Request)
|
|||
var token string
|
||||
s.parseToken(req, &token)
|
||||
|
||||
var entMeta structs.EnterpriseMeta
|
||||
var entMeta acl.EnterpriseMeta
|
||||
if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -576,7 +576,7 @@ func (s *HTTPHandlers) AgentMembers(resp http.ResponseWriter, req *http.Request)
|
|||
// Older 'consul members' calls will default to adding segment=_all
|
||||
// so we only choose to use that request argument in the case where
|
||||
// the partition is also the default and ignore it the rest of the time.
|
||||
if structs.IsDefaultPartition(filter.Partition) {
|
||||
if acl.IsDefaultPartition(filter.Partition) {
|
||||
filter.AllSegments = true
|
||||
}
|
||||
} else {
|
||||
|
@ -984,7 +984,7 @@ func (s *HTTPHandlers) AgentHealthServiceByID(resp http.ResponseWriter, req *htt
|
|||
return nil, &BadRequestError{Reason: "Missing serviceID"}
|
||||
}
|
||||
|
||||
var entMeta structs.EnterpriseMeta
|
||||
var entMeta acl.EnterpriseMeta
|
||||
if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -1046,7 +1046,7 @@ func (s *HTTPHandlers) AgentHealthServiceByName(resp http.ResponseWriter, req *h
|
|||
return nil, &BadRequestError{Reason: "Missing service Name"}
|
||||
}
|
||||
|
||||
var entMeta structs.EnterpriseMeta
|
||||
var entMeta acl.EnterpriseMeta
|
||||
if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
@ -6,9 +6,9 @@ package agent
|
|||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/acl"
|
||||
)
|
||||
|
||||
func (s *HTTPHandlers) validateRequestPartition(_ http.ResponseWriter, _ *structs.EnterpriseMeta) bool {
|
||||
func (s *HTTPHandlers) validateRequestPartition(_ http.ResponseWriter, _ *acl.EnterpriseMeta) bool {
|
||||
return true
|
||||
}
|
||||
|
|
|
@ -1640,7 +1640,7 @@ type fakeResolveTokenDelegate struct {
|
|||
authorizer acl.Authorizer
|
||||
}
|
||||
|
||||
func (f fakeResolveTokenDelegate) ResolveTokenAndDefaultMeta(_ string, _ *structs.EnterpriseMeta, _ *acl.AuthorizerContext) (consul.ACLResolveResult, error) {
|
||||
func (f fakeResolveTokenDelegate) ResolveTokenAndDefaultMeta(_ string, _ *acl.EnterpriseMeta, _ *acl.AuthorizerContext) (consul.ACLResolveResult, error) {
|
||||
return consul.ACLResolveResult{Authorizer: f.authorizer}, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -6,6 +6,7 @@ package agent
|
|||
import (
|
||||
"context"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/config"
|
||||
"github.com/hashicorp/consul/agent/consul"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
|
@ -16,10 +17,10 @@ import (
|
|||
type enterpriseAgent struct{}
|
||||
|
||||
// fillAgentServiceEnterpriseMeta is a noop stub for the func defined agent_ent.go
|
||||
func fillAgentServiceEnterpriseMeta(_ *api.AgentService, _ *structs.EnterpriseMeta) {}
|
||||
func fillAgentServiceEnterpriseMeta(_ *api.AgentService, _ *acl.EnterpriseMeta) {}
|
||||
|
||||
// fillHealthCheckEnterpriseMeta is a noop stub for the func defined agent_ent.go
|
||||
func fillHealthCheckEnterpriseMeta(_ *api.HealthCheck, _ *structs.EnterpriseMeta) {}
|
||||
func fillHealthCheckEnterpriseMeta(_ *api.HealthCheck, _ *acl.EnterpriseMeta) {}
|
||||
|
||||
// initEnterprise is a noop stub for the func defined agent_ent.go
|
||||
func (a *Agent) initEnterprise(consulCfg *consul.Config) error {
|
||||
|
@ -52,7 +53,7 @@ func (a *Agent) enterpriseStats() map[string]map[string]string {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (a *Agent) AgentEnterpriseMeta() *structs.EnterpriseMeta {
|
||||
func (a *Agent) AgentEnterpriseMeta() *acl.EnterpriseMeta {
|
||||
return structs.NodeEnterpriseMetaInDefaultPartition()
|
||||
}
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@ import (
|
|||
|
||||
"github.com/mitchellh/hashstructure"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/lib"
|
||||
|
||||
"github.com/hashicorp/consul/agent/cache"
|
||||
|
@ -672,7 +673,7 @@ type ConnectCALeafRequest struct {
|
|||
MaxQueryTime time.Duration
|
||||
MustRevalidate bool
|
||||
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
func (r *ConnectCALeafRequest) Key() string {
|
||||
|
|
|
@ -5,11 +5,13 @@ import (
|
|||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/go-memdb"
|
||||
"github.com/mitchellh/hashstructure"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/cache"
|
||||
"github.com/hashicorp/consul/agent/local"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/go-memdb"
|
||||
"github.com/mitchellh/hashstructure"
|
||||
)
|
||||
|
||||
// Recommended name for registration.
|
||||
|
@ -103,7 +105,7 @@ type ServiceHTTPChecksRequest struct {
|
|||
ServiceID string
|
||||
MinQueryIndex uint64
|
||||
MaxQueryTime time.Duration
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
func (s *ServiceHTTPChecksRequest) CacheInfo() cache.RequestInfo {
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package agent
|
||||
|
||||
import (
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/types"
|
||||
)
|
||||
|
@ -23,5 +24,5 @@ type persistedCheckState struct {
|
|||
Output string
|
||||
Status string
|
||||
Expires int64
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/api"
|
||||
)
|
||||
|
@ -35,7 +36,7 @@ type CheckAlias struct {
|
|||
stopLock sync.Mutex
|
||||
stopWg sync.WaitGroup
|
||||
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
// AliasNotifier is a CheckNotifier specifically for the Alias check.
|
||||
|
@ -46,7 +47,7 @@ type AliasNotifier interface {
|
|||
|
||||
AddAliasCheck(structs.CheckID, structs.ServiceID, chan<- struct{}) error
|
||||
RemoveAliasCheck(structs.CheckID, structs.ServiceID)
|
||||
Checks(*structs.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck
|
||||
Checks(*acl.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck
|
||||
}
|
||||
|
||||
// Start is used to start the check, runs until Stop() func (c *CheckAlias) Start() {
|
||||
|
|
|
@ -7,6 +7,7 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/mock"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/api"
|
||||
|
@ -523,7 +524,7 @@ func (m *mockAliasNotify) AddAliasCheck(chkID structs.CheckID, serviceID structs
|
|||
func (m *mockAliasNotify) RemoveAliasCheck(chkID structs.CheckID, serviceID structs.ServiceID) {
|
||||
}
|
||||
|
||||
func (m *mockAliasNotify) Checks(*structs.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck {
|
||||
func (m *mockAliasNotify) Checks(*acl.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -3,11 +3,14 @@
|
|||
|
||||
package config
|
||||
|
||||
import "github.com/hashicorp/consul/agent/structs"
|
||||
import (
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
// EnterpriseMeta stub
|
||||
type EnterpriseMeta struct{}
|
||||
|
||||
func (_ *EnterpriseMeta) ToStructs() structs.EnterpriseMeta {
|
||||
func (_ *EnterpriseMeta) ToStructs() acl.EnterpriseMeta {
|
||||
return *structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
}
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
"strconv"
|
||||
"strings"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
|
@ -148,7 +149,7 @@ func (s *HTTPHandlers) ConfigApply(resp http.ResponseWriter, req *http.Request)
|
|||
}
|
||||
|
||||
// Parse enterprise meta.
|
||||
var meta structs.EnterpriseMeta
|
||||
var meta acl.EnterpriseMeta
|
||||
if err := s.parseEntMetaForConfigEntryKind(args.Entry.GetKind(), req, &meta); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -172,7 +173,7 @@ func (s *HTTPHandlers) ConfigApply(resp http.ResponseWriter, req *http.Request)
|
|||
return reply, nil
|
||||
}
|
||||
|
||||
func (s *HTTPHandlers) parseEntMetaForConfigEntryKind(kind string, req *http.Request, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *HTTPHandlers) parseEntMetaForConfigEntryKind(kind string, req *http.Request, entMeta *acl.EnterpriseMeta) error {
|
||||
if kind == structs.ServiceIntentions {
|
||||
return s.parseEntMeta(req, entMeta)
|
||||
}
|
||||
|
|
|
@ -10,6 +10,7 @@ import (
|
|||
"github.com/pkg/errors"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/testrpc"
|
||||
)
|
||||
|
@ -119,7 +120,7 @@ func TestConfig_Get(t *testing.T) {
|
|||
// Set indexes and EnterpriseMeta to expected values for assertions
|
||||
ce.CreateIndex = 12
|
||||
ce.ModifyIndex = 13
|
||||
ce.EnterpriseMeta = structs.EnterpriseMeta{}
|
||||
ce.EnterpriseMeta = acl.EnterpriseMeta{}
|
||||
|
||||
out, err := a.srv.marshalJSON(req, obj)
|
||||
require.NoError(t, err)
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package configentry
|
||||
|
||||
import (
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
|
@ -11,7 +12,7 @@ import (
|
|||
type KindName struct {
|
||||
Kind string
|
||||
Name string
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
// NewKindName returns a new KindName. The EnterpriseMeta values will be
|
||||
|
@ -19,7 +20,7 @@ type KindName struct {
|
|||
//
|
||||
// Any caller which modifies the EnterpriseMeta field must call Normalize
|
||||
// before persisting or using the value as a map key.
|
||||
func NewKindName(kind, name string, entMeta *structs.EnterpriseMeta) KindName {
|
||||
func NewKindName(kind, name string, entMeta *acl.EnterpriseMeta) KindName {
|
||||
ret := KindName{
|
||||
Kind: kind,
|
||||
Name: name,
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
package connect
|
||||
|
||||
import (
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
|
@ -18,7 +19,7 @@ func AuthorizeIntentionTarget(
|
|||
|
||||
switch matchType {
|
||||
case structs.IntentionMatchDestination:
|
||||
if structs.PartitionOrDefault(ixn.DestinationPartition) != structs.PartitionOrDefault(targetAP) {
|
||||
if acl.PartitionOrDefault(ixn.DestinationPartition) != acl.PartitionOrDefault(targetAP) {
|
||||
return false, false
|
||||
}
|
||||
|
||||
|
@ -33,7 +34,7 @@ func AuthorizeIntentionTarget(
|
|||
}
|
||||
|
||||
case structs.IntentionMatchSource:
|
||||
if structs.PartitionOrDefault(ixn.SourcePartition) != structs.PartitionOrDefault(targetAP) {
|
||||
if acl.PartitionOrDefault(ixn.SourcePartition) != acl.PartitionOrDefault(targetAP) {
|
||||
return false, false
|
||||
}
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ package connect
|
|||
import (
|
||||
"net/url"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/acl"
|
||||
)
|
||||
|
||||
// SpiffeIDService is the structure to represent the SPIFFE ID for an agent.
|
||||
|
@ -15,7 +15,7 @@ type SpiffeIDAgent struct {
|
|||
}
|
||||
|
||||
func (id SpiffeIDAgent) PartitionOrDefault() string {
|
||||
return structs.PartitionOrDefault(id.Partition)
|
||||
return acl.PartitionOrDefault(id.Partition)
|
||||
}
|
||||
|
||||
// URI returns the *url.URL for this SPIFFE ID.
|
||||
|
|
|
@ -6,13 +6,13 @@ package connect
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/acl"
|
||||
)
|
||||
|
||||
// GetEnterpriseMeta will synthesize an EnterpriseMeta struct from the SpiffeIDAgent.
|
||||
// in OSS this just returns an empty (but never nil) struct pointer
|
||||
func (id SpiffeIDAgent) GetEnterpriseMeta() *structs.EnterpriseMeta {
|
||||
return &structs.EnterpriseMeta{}
|
||||
func (id SpiffeIDAgent) GetEnterpriseMeta() *acl.EnterpriseMeta {
|
||||
return &acl.EnterpriseMeta{}
|
||||
}
|
||||
|
||||
func (id SpiffeIDAgent) uriPath() string {
|
||||
|
|
|
@ -3,7 +3,7 @@ package connect
|
|||
import (
|
||||
"net/url"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/acl"
|
||||
)
|
||||
|
||||
// SpiffeIDService is the structure to represent the SPIFFE ID for a service.
|
||||
|
@ -16,15 +16,15 @@ type SpiffeIDService struct {
|
|||
}
|
||||
|
||||
func (id SpiffeIDService) NamespaceOrDefault() string {
|
||||
return structs.NamespaceOrDefault(id.Namespace)
|
||||
return acl.NamespaceOrDefault(id.Namespace)
|
||||
}
|
||||
|
||||
func (id SpiffeIDService) MatchesPartition(partition string) bool {
|
||||
return id.PartitionOrDefault() == structs.PartitionOrDefault(partition)
|
||||
return id.PartitionOrDefault() == acl.PartitionOrDefault(partition)
|
||||
}
|
||||
|
||||
func (id SpiffeIDService) PartitionOrDefault() string {
|
||||
return structs.PartitionOrDefault(id.Partition)
|
||||
return acl.PartitionOrDefault(id.Partition)
|
||||
}
|
||||
|
||||
// URI returns the *url.URL for this SPIFFE ID.
|
||||
|
|
|
@ -6,13 +6,13 @@ package connect
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/acl"
|
||||
)
|
||||
|
||||
// GetEnterpriseMeta will synthesize an EnterpriseMeta struct from the SpiffeIDService.
|
||||
// in OSS this just returns an empty (but never nil) struct pointer
|
||||
func (id SpiffeIDService) GetEnterpriseMeta() *structs.EnterpriseMeta {
|
||||
return &structs.EnterpriseMeta{}
|
||||
func (id SpiffeIDService) GetEnterpriseMeta() *acl.EnterpriseMeta {
|
||||
return &acl.EnterpriseMeta{}
|
||||
}
|
||||
|
||||
func (id SpiffeIDService) uriPath() string {
|
||||
|
|
|
@ -72,7 +72,7 @@ func (a *Agent) ConnectAuthorize(token string,
|
|||
if !uriService.MatchesPartition(req.TargetPartition()) {
|
||||
reason = fmt.Sprintf("Mismatched partitions: %q != %q",
|
||||
uriService.PartitionOrDefault(),
|
||||
structs.PartitionOrDefault(req.TargetPartition()))
|
||||
acl.PartitionOrDefault(req.TargetPartition()))
|
||||
return false, reason, nil, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -108,7 +108,7 @@ func (id *missingIdentity) IsLocal() bool {
|
|||
return false
|
||||
}
|
||||
|
||||
func (id *missingIdentity) EnterpriseMetadata() *structs.EnterpriseMeta {
|
||||
func (id *missingIdentity) EnterpriseMetadata() *acl.EnterpriseMeta {
|
||||
return structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
}
|
||||
|
||||
|
@ -182,7 +182,7 @@ type ACLResolverSettings struct {
|
|||
ACLsEnabled bool
|
||||
Datacenter string
|
||||
NodeName string
|
||||
EnterpriseMeta structs.EnterpriseMeta
|
||||
EnterpriseMeta acl.EnterpriseMeta
|
||||
|
||||
// ACLPolicyTTL is used to control the time-to-live of cached ACL policies. This has
|
||||
// a major impact on performance. By default, it is set to 30 seconds.
|
||||
|
@ -264,7 +264,7 @@ type ACLResolver struct {
|
|||
agentRecoveryAuthz acl.Authorizer
|
||||
}
|
||||
|
||||
func agentRecoveryAuthorizer(nodeName string, entMeta *structs.EnterpriseMeta, aclConf *acl.Config) (acl.Authorizer, error) {
|
||||
func agentRecoveryAuthorizer(nodeName string, entMeta *acl.EnterpriseMeta, aclConf *acl.Config) (acl.Authorizer, error) {
|
||||
var conf acl.Config
|
||||
if aclConf != nil {
|
||||
conf = *aclConf
|
||||
|
@ -638,7 +638,7 @@ func (r *ACLResolver) resolvePoliciesForIdentity(identity structs.ACLIdentity) (
|
|||
return filtered, nil
|
||||
}
|
||||
|
||||
func (r *ACLResolver) synthesizePoliciesForServiceIdentities(serviceIdentities []*structs.ACLServiceIdentity, entMeta *structs.EnterpriseMeta) []*structs.ACLPolicy {
|
||||
func (r *ACLResolver) synthesizePoliciesForServiceIdentities(serviceIdentities []*structs.ACLServiceIdentity, entMeta *acl.EnterpriseMeta) []*structs.ACLPolicy {
|
||||
if len(serviceIdentities) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
@ -651,7 +651,7 @@ func (r *ACLResolver) synthesizePoliciesForServiceIdentities(serviceIdentities [
|
|||
return syntheticPolicies
|
||||
}
|
||||
|
||||
func (r *ACLResolver) synthesizePoliciesForNodeIdentities(nodeIdentities []*structs.ACLNodeIdentity, entMeta *structs.EnterpriseMeta) []*structs.ACLPolicy {
|
||||
func (r *ACLResolver) synthesizePoliciesForNodeIdentities(nodeIdentities []*structs.ACLNodeIdentity, entMeta *acl.EnterpriseMeta) []*structs.ACLPolicy {
|
||||
if len(nodeIdentities) == 0 {
|
||||
return nil
|
||||
}
|
||||
|
@ -676,7 +676,7 @@ type plainACLResolver struct {
|
|||
|
||||
func (r plainACLResolver) ResolveTokenAndDefaultMeta(
|
||||
token string,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
authzContext *acl.AuthorizerContext,
|
||||
) (acl.Authorizer, error) {
|
||||
// ACLResolver.ResolveTokenAndDefaultMeta returns a ACLResolveResult which
|
||||
|
@ -1174,14 +1174,14 @@ func (r *ACLResolver) ACLsEnabled() bool {
|
|||
return true
|
||||
}
|
||||
|
||||
func (r *ACLResolver) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (ACLResolveResult, error) {
|
||||
func (r *ACLResolver) ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (ACLResolveResult, error) {
|
||||
result, err := r.ResolveToken(token)
|
||||
if err != nil {
|
||||
return ACLResolveResult{}, err
|
||||
}
|
||||
|
||||
if entMeta == nil {
|
||||
entMeta = &structs.EnterpriseMeta{}
|
||||
entMeta = &acl.EnterpriseMeta{}
|
||||
}
|
||||
|
||||
// Default the EnterpriseMeta based on the Tokens meta or actual defaults
|
||||
|
@ -1279,7 +1279,7 @@ func (f *aclFilter) filterHealthChecks(checks *structs.HealthChecks) bool {
|
|||
|
||||
// filterServices is used to filter a set of services based on ACLs. Returns
|
||||
// true if any elements were removed.
|
||||
func (f *aclFilter) filterServices(services structs.Services, entMeta *structs.EnterpriseMeta) bool {
|
||||
func (f *aclFilter) filterServices(services structs.Services, entMeta *acl.EnterpriseMeta) bool {
|
||||
var authzContext acl.AuthorizerContext
|
||||
entMeta.FillAuthzContext(&authzContext)
|
||||
|
||||
|
|
|
@ -3,9 +3,11 @@ package consul
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/hashicorp/go-bexpr"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/consul/authmethod"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/go-bexpr"
|
||||
|
||||
// register these as a builtin auth method
|
||||
_ "github.com/hashicorp/consul/agent/consul/authmethod/awsauth"
|
||||
|
@ -51,8 +53,8 @@ type aclBindings struct {
|
|||
func (s *Server) evaluateRoleBindings(
|
||||
validator authmethod.Validator,
|
||||
verifiedIdentity *authmethod.Identity,
|
||||
methodMeta *structs.EnterpriseMeta,
|
||||
targetMeta *structs.EnterpriseMeta,
|
||||
methodMeta *acl.EnterpriseMeta,
|
||||
targetMeta *acl.EnterpriseMeta,
|
||||
) (*aclBindings, error) {
|
||||
// Only fetch rules that are relevant for this method.
|
||||
_, rules, err := s.fsm.State().ACLBindingRuleList(nil, validator.Name(), methodMeta)
|
||||
|
|
|
@ -1000,7 +1000,7 @@ func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTok
|
|||
}
|
||||
|
||||
var authzContext acl.AuthorizerContext
|
||||
var requestMeta structs.EnterpriseMeta
|
||||
var requestMeta acl.EnterpriseMeta
|
||||
authz, err := a.srv.ResolveTokenAndDefaultMeta(args.Token, &requestMeta, &authzContext)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -1012,7 +1012,7 @@ func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTok
|
|||
return err
|
||||
}
|
||||
|
||||
var methodMeta *structs.EnterpriseMeta
|
||||
var methodMeta *acl.EnterpriseMeta
|
||||
if args.AuthMethod != "" {
|
||||
methodMeta = args.ACLAuthMethodEnterpriseMeta.ToEnterpriseMeta()
|
||||
// attempt to merge in the overall meta, wildcards will not be merged
|
||||
|
@ -2449,7 +2449,7 @@ func (a *ACL) Login(args *structs.ACLLoginRequest, reply *structs.ACLToken) erro
|
|||
|
||||
func (a *ACL) tokenSetFromAuthMethod(
|
||||
method *structs.ACLAuthMethod,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
tokenDescriptionPrefix string,
|
||||
tokenMetadata map[string]string,
|
||||
validator authmethod.Validator,
|
||||
|
|
|
@ -4,10 +4,12 @@
|
|||
package consul
|
||||
|
||||
import (
|
||||
memdb "github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/consul/authmethod"
|
||||
"github.com/hashicorp/consul/agent/consul/state"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
memdb "github.com/hashicorp/go-memdb"
|
||||
)
|
||||
|
||||
func (a *ACL) tokenUpsertValidateEnterprise(token *structs.ACLToken, existing *structs.ACLToken) error {
|
||||
|
@ -36,10 +38,10 @@ func enterpriseAuthMethodValidation(method *structs.ACLAuthMethod, validator aut
|
|||
func computeTargetEnterpriseMeta(
|
||||
method *structs.ACLAuthMethod,
|
||||
verifiedIdentity *authmethod.Identity,
|
||||
) (*structs.EnterpriseMeta, error) {
|
||||
return &structs.EnterpriseMeta{}, nil
|
||||
) (*acl.EnterpriseMeta, error) {
|
||||
return &acl.EnterpriseMeta{}, nil
|
||||
}
|
||||
|
||||
func getTokenNamespaceDefaults(ws memdb.WatchSet, state *state.Store, entMeta *structs.EnterpriseMeta) ([]string, []string, error) {
|
||||
func getTokenNamespaceDefaults(ws memdb.WatchSet, state *state.Store, entMeta *acl.EnterpriseMeta) ([]string, []string, error) {
|
||||
return nil, nil, nil
|
||||
}
|
||||
|
|
|
@ -9,12 +9,13 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/hashicorp/consul-net-rpc/net/rpc"
|
||||
uuid "github.com/hashicorp/go-uuid"
|
||||
"github.com/stretchr/testify/require"
|
||||
"gopkg.in/square/go-jose.v2/jwt"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/hashicorp/consul-net-rpc/net/rpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/consul/authmethod/kubeauth"
|
||||
"github.com/hashicorp/consul/agent/consul/authmethod/testauth"
|
||||
|
@ -5415,7 +5416,7 @@ func TestValidateBindingRuleBindName(t *testing.T) {
|
|||
|
||||
// upsertTestToken creates a token for testing purposes
|
||||
func upsertTestTokenInEntMeta(codec rpc.ClientCodec, initialManagementToken string, datacenter string,
|
||||
tokenModificationFn func(token *structs.ACLToken), entMeta *structs.EnterpriseMeta) (*structs.ACLToken, error) {
|
||||
tokenModificationFn func(token *structs.ACLToken), entMeta *acl.EnterpriseMeta) (*structs.ACLToken, error) {
|
||||
if entMeta == nil {
|
||||
entMeta = structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
}
|
||||
|
@ -5455,7 +5456,7 @@ func upsertTestToken(codec rpc.ClientCodec, initialManagementToken string, datac
|
|||
tokenModificationFn, structs.DefaultEnterpriseMetaInDefaultPartition())
|
||||
}
|
||||
|
||||
func upsertTestTokenWithPolicyRulesInEntMeta(codec rpc.ClientCodec, initialManagementToken string, datacenter string, rules string, entMeta *structs.EnterpriseMeta) (*structs.ACLToken, error) {
|
||||
func upsertTestTokenWithPolicyRulesInEntMeta(codec rpc.ClientCodec, initialManagementToken string, datacenter string, rules string, entMeta *acl.EnterpriseMeta) (*structs.ACLToken, error) {
|
||||
policy, err := upsertTestPolicyWithRulesInEntMeta(codec, initialManagementToken, datacenter, rules, entMeta)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
@ -5585,7 +5586,7 @@ func upsertTestPolicyWithRules(codec rpc.ClientCodec, initialManagementToken str
|
|||
return upsertTestPolicyWithRulesInEntMeta(codec, initialManagementToken, datacenter, rules, structs.DefaultEnterpriseMetaInDefaultPartition())
|
||||
}
|
||||
|
||||
func upsertTestPolicyWithRulesInEntMeta(codec rpc.ClientCodec, initialManagementToken string, datacenter string, rules string, entMeta *structs.EnterpriseMeta) (*structs.ACLPolicy, error) {
|
||||
func upsertTestPolicyWithRulesInEntMeta(codec rpc.ClientCodec, initialManagementToken string, datacenter string, rules string, entMeta *acl.EnterpriseMeta) (*structs.ACLPolicy, error) {
|
||||
return upsertTestCustomizedPolicy(codec, initialManagementToken, datacenter, func(policy *structs.ACLPolicy) {
|
||||
if entMeta == nil {
|
||||
entMeta = structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
|
|
|
@ -13,7 +13,7 @@ import (
|
|||
// EnterpriseACLResolverDelegate stub
|
||||
type EnterpriseACLResolverDelegate interface{}
|
||||
|
||||
func (s *Server) replicationEnterpriseMeta() *structs.EnterpriseMeta {
|
||||
func (s *Server) replicationEnterpriseMeta() *acl.EnterpriseMeta {
|
||||
return structs.ReplicationEnterpriseMeta()
|
||||
}
|
||||
|
||||
|
@ -48,4 +48,4 @@ func (_ *ACLResolver) resolveLocallyManagedEnterpriseToken(_ string) (structs.AC
|
|||
return nil, nil, false
|
||||
}
|
||||
|
||||
func setEnterpriseConf(entMeta *structs.EnterpriseMeta, conf *acl.Config) {}
|
||||
func setEnterpriseConf(entMeta *acl.EnterpriseMeta, conf *acl.Config) {}
|
||||
|
|
|
@ -9,12 +9,13 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/go-uuid"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/agent/token"
|
||||
|
|
|
@ -6,9 +6,11 @@ import (
|
|||
"sort"
|
||||
"sync"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/mitchellh/mapstructure"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
type Cache interface {
|
||||
|
@ -62,7 +64,7 @@ type Identity struct {
|
|||
// in a bind name within a binding rule.
|
||||
ProjectedVars map[string]string
|
||||
|
||||
*structs.EnterpriseMeta
|
||||
*acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
// ProjectedVarNames returns just the keyspace of the ProjectedVars map.
|
||||
|
|
|
@ -3,7 +3,10 @@
|
|||
|
||||
package kubeauth
|
||||
|
||||
import "github.com/hashicorp/consul/agent/structs"
|
||||
import (
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
type enterpriseConfig struct{}
|
||||
|
||||
|
@ -11,6 +14,6 @@ func enterpriseValidation(method *structs.ACLAuthMethod, config *Config) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (v *Validator) k8sEntMetaFromFields(fields map[string]string) *structs.EnterpriseMeta {
|
||||
func (v *Validator) k8sEntMetaFromFields(fields map[string]string) *acl.EnterpriseMeta {
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -6,7 +6,7 @@ package ssoauth
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/internal/go-sso/oidcauth"
|
||||
)
|
||||
|
||||
|
@ -17,7 +17,7 @@ func validateType(typ string) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (v *Validator) ssoEntMetaFromClaims(_ *oidcauth.Claims) *structs.EnterpriseMeta {
|
||||
func (v *Validator) ssoEntMetaFromClaims(_ *oidcauth.Claims) *acl.EnterpriseMeta {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -5,11 +5,12 @@ import (
|
|||
"fmt"
|
||||
"sync"
|
||||
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/go-uuid"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/consul/authmethod"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/go-uuid"
|
||||
)
|
||||
|
||||
func init() {
|
||||
|
|
|
@ -3,12 +3,10 @@
|
|||
|
||||
package testauth
|
||||
|
||||
import (
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
import "github.com/hashicorp/consul/acl"
|
||||
|
||||
type enterpriseConfig struct{}
|
||||
|
||||
func (v *Validator) testAuthEntMetaFromFields(fields map[string]string) *structs.EnterpriseMeta {
|
||||
func (v *Validator) testAuthEntMetaFromFields(fields map[string]string) *acl.EnterpriseMeta {
|
||||
return nil
|
||||
}
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
"net"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/connect"
|
||||
"github.com/hashicorp/consul/agent/metadata"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
|
@ -40,7 +41,7 @@ func (b autoConfigBackend) DatacenterJoinAddresses(partition, segment string) ([
|
|||
if segment != "" {
|
||||
return nil, fmt.Errorf("Failed to retrieve members for segment %s: %w", segment, err)
|
||||
}
|
||||
return nil, fmt.Errorf("Failed to retrieve members for partition %s: %w", structs.PartitionOrDefault(partition), err)
|
||||
return nil, fmt.Errorf("Failed to retrieve members for partition %s: %w", acl.PartitionOrDefault(partition), err)
|
||||
}
|
||||
|
||||
var joinAddrs []string
|
||||
|
|
|
@ -30,7 +30,7 @@ type AutoConfigOptions struct {
|
|||
}
|
||||
|
||||
func (opts AutoConfigOptions) PartitionOrDefault() string {
|
||||
return structs.PartitionOrDefault(opts.Partition)
|
||||
return acl.PartitionOrDefault(opts.Partition)
|
||||
}
|
||||
|
||||
type AutoConfigAuthorizer interface {
|
||||
|
@ -99,7 +99,7 @@ func (a *jwtAuthorizer) Authorize(req *pbautoconf.AutoConfigRequest) (AutoConfig
|
|||
return AutoConfigOptions{}, err
|
||||
}
|
||||
|
||||
if id.Agent != req.Node || !structs.EqualPartitions(id.Partition, req.Partition) {
|
||||
if id.Agent != req.Node || !acl.EqualPartitions(id.Partition, req.Partition) {
|
||||
return AutoConfigOptions{},
|
||||
fmt.Errorf("Spiffe ID agent name (%s) of the certificate signing request is not for the correct node (%s)",
|
||||
printNodeName(id.Agent, id.Partition),
|
||||
|
@ -392,7 +392,7 @@ func parseAutoConfigCSR(csr string) (*x509.CertificateRequest, *connect.SpiffeID
|
|||
}
|
||||
|
||||
func printNodeName(nodeName, partition string) string {
|
||||
if structs.IsDefaultPartition(partition) {
|
||||
if acl.IsDefaultPartition(partition) {
|
||||
return nodeName
|
||||
}
|
||||
return partition + "/" + nodeName
|
||||
|
|
|
@ -9,11 +9,12 @@ import (
|
|||
|
||||
"github.com/hashicorp/go-uuid"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/hashicorp/consul-net-rpc/net/rpc"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/hashicorp/consul-net-rpc/net/rpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/api"
|
||||
|
|
|
@ -14,6 +14,7 @@ import (
|
|||
"github.com/hashicorp/serf/serf"
|
||||
"golang.org/x/time/rate"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/pool"
|
||||
"github.com/hashicorp/consul/agent/router"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
|
@ -192,7 +193,7 @@ func (c *Client) Leave() error {
|
|||
|
||||
// JoinLAN is used to have Consul join the inner-DC pool The target address
|
||||
// should be another node inside the DC listening on the Serf LAN address
|
||||
func (c *Client) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (int, error) {
|
||||
func (c *Client) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (int, error) {
|
||||
// Partitions definitely have to match.
|
||||
if c.config.AgentEnterpriseMeta().PartitionOrDefault() != entMeta.PartitionOrDefault() {
|
||||
return 0, fmt.Errorf("target partition %q must match client agent partition %q",
|
||||
|
@ -240,7 +241,7 @@ func (c *Client) LANMembers(filter LANMemberFilter) ([]serf.Member, error) {
|
|||
}
|
||||
|
||||
// RemoveFailedNode is used to remove a failed node from the cluster.
|
||||
func (c *Client) RemoveFailedNode(node string, prune bool, entMeta *structs.EnterpriseMeta) error {
|
||||
func (c *Client) RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error {
|
||||
// Partitions definitely have to match.
|
||||
if c.config.AgentEnterpriseMeta().PartitionOrDefault() != entMeta.PartitionOrDefault() {
|
||||
return fmt.Errorf("client agent in partition %q cannot remove node in different partition %q",
|
||||
|
@ -418,7 +419,7 @@ func (c *Client) ReloadConfig(config ReloadableConfig) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (c *Client) AgentEnterpriseMeta() *structs.EnterpriseMeta {
|
||||
func (c *Client) AgentEnterpriseMeta() *acl.EnterpriseMeta {
|
||||
return c.config.AgentEnterpriseMeta()
|
||||
}
|
||||
|
||||
|
|
|
@ -7,10 +7,11 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
hashstructure_v2 "github.com/mitchellh/hashstructure/v2"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/configentry"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
|
|
|
@ -3,8 +3,11 @@
|
|||
|
||||
package consul
|
||||
|
||||
import "github.com/hashicorp/consul/agent/structs"
|
||||
import (
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
func (c *Config) AgentEnterpriseMeta() *structs.EnterpriseMeta {
|
||||
func (c *Config) AgentEnterpriseMeta() *acl.EnterpriseMeta {
|
||||
return structs.NodeEnterpriseMetaInDefaultPartition()
|
||||
}
|
||||
|
|
|
@ -9,10 +9,11 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/connect"
|
||||
ca "github.com/hashicorp/consul/agent/connect/ca"
|
||||
|
|
|
@ -9,11 +9,12 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/hashicorp/consul-net-rpc/net/rpc"
|
||||
"github.com/hashicorp/serf/coordinate"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/hashicorp/consul-net-rpc/net/rpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/lib"
|
||||
|
|
|
@ -6,9 +6,10 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/connect"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
|
|
|
@ -3,8 +3,11 @@
|
|||
|
||||
package discoverychain
|
||||
|
||||
import "github.com/hashicorp/consul/agent/structs"
|
||||
import (
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
func (c *compiler) GetEnterpriseMeta() *structs.EnterpriseMeta {
|
||||
func (c *compiler) GetEnterpriseMeta() *acl.EnterpriseMeta {
|
||||
return structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
}
|
||||
|
|
|
@ -12,6 +12,7 @@ import (
|
|||
"github.com/hashicorp/go-version"
|
||||
"github.com/hashicorp/serf/serf"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/pool"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
@ -56,7 +57,7 @@ func (s *Server) revokeEnterpriseLeadership() error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) validateEnterpriseRequest(entMeta *structs.EnterpriseMeta, write bool) error {
|
||||
func (s *Server) validateEnterpriseRequest(entMeta *acl.EnterpriseMeta, write bool) error {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -109,6 +110,6 @@ func (s *Server) shutdownSerfLAN() {
|
|||
}
|
||||
}
|
||||
|
||||
func addEnterpriseSerfTags(_ map[string]string, _ *structs.EnterpriseMeta) {
|
||||
func addEnterpriseSerfTags(_ map[string]string, _ *acl.EnterpriseMeta) {
|
||||
// do nothing
|
||||
}
|
||||
|
|
|
@ -5,11 +5,12 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/hashicorp/consul-net-rpc/net/rpc"
|
||||
uuid "github.com/hashicorp/go-uuid"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/hashicorp/consul-net-rpc/net/rpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/api"
|
||||
|
|
|
@ -6,10 +6,11 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/consul-net-rpc/go-msgpack/codec"
|
||||
"github.com/hashicorp/go-raftchunking"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/hashicorp/consul-net-rpc/go-msgpack/codec"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/connect"
|
||||
"github.com/hashicorp/consul/agent/consul/state"
|
||||
|
|
|
@ -5,10 +5,11 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/api"
|
||||
"github.com/hashicorp/consul/lib"
|
||||
|
|
|
@ -6,12 +6,14 @@ import (
|
|||
"net"
|
||||
"testing"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/hashicorp/consul-net-rpc/net/rpc"
|
||||
"github.com/hashicorp/raft"
|
||||
"github.com/hashicorp/serf/serf"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/hashicorp/consul-net-rpc/net/rpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/api"
|
||||
"github.com/hashicorp/consul/sdk/testutil/retry"
|
||||
|
@ -116,9 +118,9 @@ func joinAddrWAN(s *Server) string {
|
|||
}
|
||||
|
||||
type clientOrServer interface {
|
||||
JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (int, error)
|
||||
JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (int, error)
|
||||
LANMembersInAgentPartition() []serf.Member
|
||||
AgentEnterpriseMeta() *structs.EnterpriseMeta
|
||||
AgentEnterpriseMeta() *acl.EnterpriseMeta
|
||||
agentSegmentName() string
|
||||
}
|
||||
|
||||
|
|
|
@ -101,7 +101,7 @@ func (s *Intention) Apply(args *structs.IntentionRequest, reply *string) error {
|
|||
}
|
||||
|
||||
// Get the ACL token for the request for the checks below.
|
||||
var entMeta structs.EnterpriseMeta
|
||||
var entMeta acl.EnterpriseMeta
|
||||
authz, err := s.srv.ACLResolver.ResolveTokenAndDefaultMeta(args.Token, &entMeta, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -162,7 +162,7 @@ func (s *Intention) Apply(args *structs.IntentionRequest, reply *string) error {
|
|||
func (s *Intention) computeApplyChangesLegacyCreate(
|
||||
accessorID string,
|
||||
authz acl.Authorizer,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
args *structs.IntentionRequest,
|
||||
) (*structs.IntentionMutation, error) {
|
||||
// This variant is just for legacy UUID-based intentions.
|
||||
|
@ -232,7 +232,7 @@ func (s *Intention) computeApplyChangesLegacyCreate(
|
|||
func (s *Intention) computeApplyChangesLegacyUpdate(
|
||||
accessorID string,
|
||||
authz acl.Authorizer,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
args *structs.IntentionRequest,
|
||||
) (*structs.IntentionMutation, error) {
|
||||
// This variant is just for legacy UUID-based intentions.
|
||||
|
@ -292,7 +292,7 @@ func (s *Intention) computeApplyChangesLegacyUpdate(
|
|||
func (s *Intention) computeApplyChangesUpsert(
|
||||
accessorID string,
|
||||
authz acl.Authorizer,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
args *structs.IntentionRequest,
|
||||
) (*structs.IntentionMutation, error) {
|
||||
// This variant is just for config-entry based intentions.
|
||||
|
@ -355,7 +355,7 @@ func (s *Intention) computeApplyChangesUpsert(
|
|||
func (s *Intention) computeApplyChangesLegacyDelete(
|
||||
accessorID string,
|
||||
authz acl.Authorizer,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
args *structs.IntentionRequest,
|
||||
) (*structs.IntentionMutation, error) {
|
||||
_, _, ixn, err := s.srv.fsm.State().IntentionGet(nil, args.Intention.ID)
|
||||
|
@ -380,7 +380,7 @@ func (s *Intention) computeApplyChangesLegacyDelete(
|
|||
func (s *Intention) computeApplyChangesDelete(
|
||||
accessorID string,
|
||||
authz acl.Authorizer,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
args *structs.IntentionRequest,
|
||||
) (*structs.IntentionMutation, error) {
|
||||
args.Intention.FillPartitionAndNamespace(entMeta, true)
|
||||
|
@ -425,7 +425,7 @@ func (s *Intention) Get(args *structs.IntentionQueryRequest, reply *structs.Inde
|
|||
}
|
||||
|
||||
// Get the ACL token for the request for the checks below.
|
||||
var entMeta structs.EnterpriseMeta
|
||||
var entMeta acl.EnterpriseMeta
|
||||
authz, err := s.srv.ResolveTokenAndDefaultMeta(args.Token, &entMeta, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -574,7 +574,7 @@ func (s *Intention) Match(args *structs.IntentionQueryRequest, reply *structs.In
|
|||
}
|
||||
|
||||
// Get the ACL token for the request for the checks below.
|
||||
var entMeta structs.EnterpriseMeta
|
||||
var entMeta acl.EnterpriseMeta
|
||||
authz, err := s.srv.ResolveTokenAndDefaultMeta(args.Token, &entMeta, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -695,7 +695,7 @@ func (s *Intention) Check(args *structs.IntentionQueryRequest, reply *structs.In
|
|||
}
|
||||
|
||||
// Get the ACL token for the request for the checks below.
|
||||
var entMeta structs.EnterpriseMeta
|
||||
var entMeta acl.EnterpriseMeta
|
||||
authz, err := s.srv.ResolveTokenAndDefaultMeta(args.Token, &entMeta, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
|
@ -6,9 +6,10 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/sdk/testutil"
|
||||
|
|
|
@ -362,7 +362,7 @@ func (m *Internal) GatewayIntentions(args *structs.IntentionQueryRequest, reply
|
|||
}
|
||||
|
||||
// Get the ACL token for the request for the checks below.
|
||||
var entMeta structs.EnterpriseMeta
|
||||
var entMeta acl.EnterpriseMeta
|
||||
var authzContext acl.AuthorizerContext
|
||||
|
||||
authz, err := m.srv.ResolveTokenAndDefaultMeta(args.Token, &entMeta, &authzContext)
|
||||
|
|
|
@ -8,10 +8,11 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/api"
|
||||
|
|
|
@ -5,9 +5,10 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/api"
|
||||
|
|
|
@ -883,7 +883,7 @@ func (s *Server) bootstrapConfigEntries(entries []structs.ConfigEntry) error {
|
|||
// reconcileReaped is used to reconcile nodes that have failed and been reaped
|
||||
// from Serf but remain in the catalog. This is done by looking for unknown nodes with serfHealth checks registered.
|
||||
// We generate a "reap" event to cause the node to be cleaned up.
|
||||
func (s *Server) reconcileReaped(known map[string]struct{}, nodeEntMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Server) reconcileReaped(known map[string]struct{}, nodeEntMeta *acl.EnterpriseMeta) error {
|
||||
if nodeEntMeta == nil {
|
||||
nodeEntMeta = structs.NodeEnterpriseMetaInDefaultPartition()
|
||||
}
|
||||
|
@ -1016,7 +1016,7 @@ func (s *Server) shouldHandleMember(member serf.Member) bool {
|
|||
|
||||
// handleAliveMember is used to ensure the node
|
||||
// is registered, with a passing health check.
|
||||
func (s *Server) handleAliveMember(member serf.Member, nodeEntMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Server) handleAliveMember(member serf.Member, nodeEntMeta *acl.EnterpriseMeta) error {
|
||||
if nodeEntMeta == nil {
|
||||
nodeEntMeta = structs.NodeEnterpriseMetaInDefaultPartition()
|
||||
}
|
||||
|
@ -1122,7 +1122,7 @@ AFTER_CHECK:
|
|||
|
||||
// handleFailedMember is used to mark the node's status
|
||||
// as being critical, along with all checks as unknown.
|
||||
func (s *Server) handleFailedMember(member serf.Member, nodeEntMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Server) handleFailedMember(member serf.Member, nodeEntMeta *acl.EnterpriseMeta) error {
|
||||
if nodeEntMeta == nil {
|
||||
nodeEntMeta = structs.NodeEnterpriseMetaInDefaultPartition()
|
||||
}
|
||||
|
@ -1184,18 +1184,18 @@ func (s *Server) handleFailedMember(member serf.Member, nodeEntMeta *structs.Ent
|
|||
|
||||
// handleLeftMember is used to handle members that gracefully
|
||||
// left. They are deregistered if necessary.
|
||||
func (s *Server) handleLeftMember(member serf.Member, nodeEntMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Server) handleLeftMember(member serf.Member, nodeEntMeta *acl.EnterpriseMeta) error {
|
||||
return s.handleDeregisterMember("left", member, nodeEntMeta)
|
||||
}
|
||||
|
||||
// handleReapMember is used to handle members that have been
|
||||
// reaped after a prolonged failure. They are deregistered.
|
||||
func (s *Server) handleReapMember(member serf.Member, nodeEntMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Server) handleReapMember(member serf.Member, nodeEntMeta *acl.EnterpriseMeta) error {
|
||||
return s.handleDeregisterMember("reaped", member, nodeEntMeta)
|
||||
}
|
||||
|
||||
// handleDeregisterMember is used to deregister a member of a given reason
|
||||
func (s *Server) handleDeregisterMember(reason string, member serf.Member, nodeEntMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Server) handleDeregisterMember(reason string, member serf.Member, nodeEntMeta *acl.EnterpriseMeta) error {
|
||||
if nodeEntMeta == nil {
|
||||
nodeEntMeta = structs.NodeEnterpriseMetaInDefaultPartition()
|
||||
}
|
||||
|
|
|
@ -1439,7 +1439,7 @@ func (c *CAManager) SignCertificate(csr *x509.CertificateRequest, spiffeID conne
|
|||
return nil, fmt.Errorf("SPIFFE ID in CSR must be a service or agent ID")
|
||||
}
|
||||
|
||||
var entMeta structs.EnterpriseMeta
|
||||
var entMeta acl.EnterpriseMeta
|
||||
if isService {
|
||||
if !signingID.CanSign(spiffeID) {
|
||||
return nil, fmt.Errorf("SPIFFE ID in CSR from a different trust domain: %s, "+
|
||||
|
|
|
@ -5,11 +5,12 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/hashicorp/raft"
|
||||
autopilot "github.com/hashicorp/raft-autopilot"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/sdk/testutil/retry"
|
||||
|
|
|
@ -7,10 +7,11 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/hashicorp/raft"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/sdk/freeport"
|
||||
|
|
|
@ -10,13 +10,14 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/hashicorp/consul-net-rpc/net/rpc"
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/serf/coordinate"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/hashicorp/consul-net-rpc/net/rpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
tokenStore "github.com/hashicorp/consul/agent/token"
|
||||
|
|
|
@ -995,7 +995,7 @@ func TestRPC_LocalTokenStrippedOnForward(t *testing.T) {
|
|||
|
||||
// Wait for it to replicate
|
||||
retry.Run(t, func(r *retry.R) {
|
||||
_, p, err := s2.fsm.State().ACLPolicyGetByID(nil, kvPolicy.ID, &structs.EnterpriseMeta{})
|
||||
_, p, err := s2.fsm.State().ACLPolicyGetByID(nil, kvPolicy.ID, &acl.EnterpriseMeta{})
|
||||
require.Nil(r, err)
|
||||
require.NotNil(r, p)
|
||||
})
|
||||
|
@ -1128,7 +1128,7 @@ func TestRPC_LocalTokenStrippedOnForward_GRPC(t *testing.T) {
|
|||
|
||||
// Wait for it to replicate
|
||||
retry.Run(t, func(r *retry.R) {
|
||||
_, p, err := s2.fsm.State().ACLPolicyGetByID(nil, policy.ID, &structs.EnterpriseMeta{})
|
||||
_, p, err := s2.fsm.State().ACLPolicyGetByID(nil, policy.ID, &acl.EnterpriseMeta{})
|
||||
require.Nil(r, err)
|
||||
require.NotNil(r, p)
|
||||
})
|
||||
|
|
|
@ -3,7 +3,7 @@ package consul
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/acl"
|
||||
)
|
||||
|
||||
type LANMemberFilter struct {
|
||||
|
@ -16,12 +16,12 @@ func (f LANMemberFilter) Validate() error {
|
|||
if f.AllSegments && f.Segment != "" {
|
||||
return fmt.Errorf("cannot specify both allSegments and segment filters")
|
||||
}
|
||||
if (f.AllSegments || f.Segment != "") && !structs.IsDefaultPartition(f.Partition) {
|
||||
if (f.AllSegments || f.Segment != "") && !acl.IsDefaultPartition(f.Partition) {
|
||||
return fmt.Errorf("segments do not exist outside of the default partition")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func (f LANMemberFilter) PartitionOrDefault() string {
|
||||
return structs.PartitionOrDefault(f.Partition)
|
||||
return acl.PartitionOrDefault(f.Partition)
|
||||
}
|
||||
|
|
|
@ -1230,7 +1230,7 @@ func (s *Server) WANMembers() []serf.Member {
|
|||
}
|
||||
|
||||
// RemoveFailedNode is used to remove a failed node from the cluster.
|
||||
func (s *Server) RemoveFailedNode(node string, prune bool, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Server) RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error {
|
||||
var removeFn func(*serf.Serf, string) error
|
||||
if prune {
|
||||
removeFn = (*serf.Serf).RemoveFailedNodePrune
|
||||
|
@ -1250,7 +1250,7 @@ func (s *Server) RemoveFailedNode(node string, prune bool, entMeta *structs.Ente
|
|||
}
|
||||
|
||||
// RemoveFailedNodeWAN is used to remove a failed node from the WAN cluster.
|
||||
func (s *Server) RemoveFailedNodeWAN(wanNode string, prune bool, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Server) RemoveFailedNodeWAN(wanNode string, prune bool, entMeta *acl.EnterpriseMeta) error {
|
||||
var removeFn func(*serf.Serf, string) error
|
||||
if prune {
|
||||
removeFn = (*serf.Serf).RemoveFailedNodePrune
|
||||
|
@ -1283,7 +1283,7 @@ func (s *Server) KeyManagerWAN() *serf.KeyManager {
|
|||
return s.serfWAN.KeyManager()
|
||||
}
|
||||
|
||||
func (s *Server) AgentEnterpriseMeta() *structs.EnterpriseMeta {
|
||||
func (s *Server) AgentEnterpriseMeta() *acl.EnterpriseMeta {
|
||||
return s.config.AgentEnterpriseMeta()
|
||||
}
|
||||
|
||||
|
|
|
@ -14,6 +14,7 @@ import (
|
|||
"github.com/hashicorp/serf/serf"
|
||||
"google.golang.org/grpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/lib"
|
||||
)
|
||||
|
@ -26,7 +27,7 @@ func (s *Server) enterpriseValidateJoinWAN() error {
|
|||
|
||||
// JoinLAN is used to have Consul join the inner-DC pool The target address
|
||||
// should be another node inside the DC listening on the Serf LAN address
|
||||
func (s *Server) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (int, error) {
|
||||
func (s *Server) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (int, error) {
|
||||
return s.serfLAN.Join(addrs, true)
|
||||
}
|
||||
|
||||
|
@ -36,7 +37,7 @@ func (s *Server) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (int,
|
|||
func (s *Server) removeFailedNode(
|
||||
removeFn func(*serf.Serf, string) error,
|
||||
node, wanNode string,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
) error {
|
||||
maybeRemove := func(s *serf.Serf, node string) (bool, error) {
|
||||
if !isSerfMember(s, node) {
|
||||
|
@ -155,6 +156,6 @@ func (s *Server) addEnterpriseStats(stats map[string]map[string]string) {
|
|||
// no-op
|
||||
}
|
||||
|
||||
func getSerfMemberEnterpriseMeta(member serf.Member) *structs.EnterpriseMeta {
|
||||
func getSerfMemberEnterpriseMeta(member serf.Member) *acl.EnterpriseMeta {
|
||||
return structs.NodeEnterpriseMetaInDefaultPartition()
|
||||
}
|
||||
|
|
|
@ -7,10 +7,12 @@ import (
|
|||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/go-hclog"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/consul/usagemetrics"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/api"
|
||||
"github.com/hashicorp/go-hclog"
|
||||
)
|
||||
|
||||
type OverviewManager struct {
|
||||
|
@ -69,7 +71,7 @@ func getCatalogOverview(catalog *structs.CatalogContents) *structs.CatalogSummar
|
|||
serviceInstanceChecks := make(map[string][]*structs.HealthCheck)
|
||||
checkSummaries := make(map[string]structs.HealthSummary)
|
||||
|
||||
entMetaIDString := func(id string, entMeta structs.EnterpriseMeta) string {
|
||||
entMetaIDString := func(id string, entMeta acl.EnterpriseMeta) string {
|
||||
return fmt.Sprintf("%s/%s/%s", id, entMeta.PartitionOrEmpty(), entMeta.NamespaceOrEmpty())
|
||||
}
|
||||
|
||||
|
|
|
@ -5,9 +5,10 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/lib/stringslice"
|
||||
|
|
|
@ -7,6 +7,7 @@ import (
|
|||
"github.com/armon/go-metrics"
|
||||
"github.com/armon/go-metrics/prometheus"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
|
@ -82,7 +83,7 @@ func (s *Server) resetSessionTimer(session *structs.Session) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func (s *Server) createSessionTimer(id string, ttl time.Duration, entMeta *structs.EnterpriseMeta) {
|
||||
func (s *Server) createSessionTimer(id string, ttl time.Duration, entMeta *acl.EnterpriseMeta) {
|
||||
// Reset the session timer
|
||||
// Adjust the given TTL by the TTL multiplier. This is done
|
||||
// to give a client a grace period and to compensate for network
|
||||
|
@ -95,7 +96,7 @@ func (s *Server) createSessionTimer(id string, ttl time.Duration, entMeta *struc
|
|||
|
||||
// invalidateSession is invoked when a session TTL is reached and we
|
||||
// need to invalidate the session.
|
||||
func (s *Server) invalidateSession(id string, entMeta *structs.EnterpriseMeta) {
|
||||
func (s *Server) invalidateSession(id string, entMeta *acl.EnterpriseMeta) {
|
||||
defer metrics.MeasureSince([]string{"session_ttl", "invalidate"}, time.Now())
|
||||
|
||||
// Clear the session timer
|
||||
|
|
|
@ -7,10 +7,11 @@ import (
|
|||
"testing"
|
||||
"time"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
autopilot "github.com/hashicorp/raft-autopilot"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/api"
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
|
||||
memdb "github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
pbacl "github.com/hashicorp/consul/proto/pbacl"
|
||||
)
|
||||
|
@ -571,17 +572,17 @@ func aclTokenSetTxn(tx WriteTxn, idx uint64, token *structs.ACLToken, opts ACLTo
|
|||
}
|
||||
|
||||
// ACLTokenGetBySecret is used to look up an existing ACL token by its SecretID.
|
||||
func (s *Store) ACLTokenGetBySecret(ws memdb.WatchSet, secret string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLToken, error) {
|
||||
func (s *Store) ACLTokenGetBySecret(ws memdb.WatchSet, secret string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLToken, error) {
|
||||
return s.aclTokenGet(ws, secret, "id", entMeta)
|
||||
}
|
||||
|
||||
// ACLTokenGetByAccessor is used to look up an existing ACL token by its AccessorID.
|
||||
func (s *Store) ACLTokenGetByAccessor(ws memdb.WatchSet, accessor string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLToken, error) {
|
||||
func (s *Store) ACLTokenGetByAccessor(ws memdb.WatchSet, accessor string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLToken, error) {
|
||||
return s.aclTokenGet(ws, accessor, indexAccessor, entMeta)
|
||||
}
|
||||
|
||||
// aclTokenGet looks up a token using one of the indexes provided
|
||||
func (s *Store) aclTokenGet(ws memdb.WatchSet, value, index string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLToken, error) {
|
||||
func (s *Store) aclTokenGet(ws memdb.WatchSet, value, index string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLToken, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -616,7 +617,7 @@ func (s *Store) ACLTokenBatchGet(ws memdb.WatchSet, accessors []string) (uint64,
|
|||
return idx, tokens, nil
|
||||
}
|
||||
|
||||
func aclTokenGetTxn(tx ReadTxn, ws memdb.WatchSet, value, index string, entMeta *structs.EnterpriseMeta) (*structs.ACLToken, error) {
|
||||
func aclTokenGetTxn(tx ReadTxn, ws memdb.WatchSet, value, index string, entMeta *acl.EnterpriseMeta) (*structs.ACLToken, error) {
|
||||
watchCh, rawToken, err := aclTokenGetFromIndex(tx, value, index, entMeta)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed acl token lookup: %v", err)
|
||||
|
@ -640,7 +641,7 @@ func aclTokenGetTxn(tx ReadTxn, ws memdb.WatchSet, value, index string, entMeta
|
|||
}
|
||||
|
||||
// ACLTokenList return a list of ACL Tokens that match the policy, role, and method.
|
||||
func (s *Store) ACLTokenList(ws memdb.WatchSet, local, global bool, policy, role, methodName string, methodMeta, entMeta *structs.EnterpriseMeta) (uint64, structs.ACLTokens, error) {
|
||||
func (s *Store) ACLTokenList(ws memdb.WatchSet, local, global bool, policy, role, methodName string, methodMeta, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLTokens, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -799,7 +800,7 @@ func (s *Store) expiresIndexName(local bool) string {
|
|||
|
||||
// ACLTokenDeleteByAccessor is used to remove an existing ACL from the state store. If
|
||||
// the ACL does not exist this is a no-op and no error is returned.
|
||||
func (s *Store) ACLTokenDeleteByAccessor(idx uint64, accessor string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) ACLTokenDeleteByAccessor(idx uint64, accessor string, entMeta *acl.EnterpriseMeta) error {
|
||||
return s.aclTokenDelete(idx, accessor, indexAccessor, entMeta)
|
||||
}
|
||||
|
||||
|
@ -816,7 +817,7 @@ func (s *Store) ACLTokenBatchDelete(idx uint64, tokenIDs []string) error {
|
|||
return tx.Commit()
|
||||
}
|
||||
|
||||
func (s *Store) aclTokenDelete(idx uint64, value, index string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) aclTokenDelete(idx uint64, value, index string, entMeta *acl.EnterpriseMeta) error {
|
||||
tx := s.db.WriteTxn(idx)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -827,7 +828,7 @@ func (s *Store) aclTokenDelete(idx uint64, value, index string, entMeta *structs
|
|||
return tx.Commit()
|
||||
}
|
||||
|
||||
func aclTokenDeleteTxn(tx WriteTxn, idx uint64, value, index string, entMeta *structs.EnterpriseMeta) error {
|
||||
func aclTokenDeleteTxn(tx WriteTxn, idx uint64, value, index string, entMeta *acl.EnterpriseMeta) error {
|
||||
// Look up the existing token
|
||||
_, token, err := aclTokenGetFromIndex(tx, value, index, entMeta)
|
||||
if err != nil {
|
||||
|
@ -845,7 +846,7 @@ func aclTokenDeleteTxn(tx WriteTxn, idx uint64, value, index string, entMeta *st
|
|||
return aclTokenDeleteWithToken(tx, token.(*structs.ACLToken), idx)
|
||||
}
|
||||
|
||||
func aclTokenDeleteAllForAuthMethodTxn(tx WriteTxn, idx uint64, methodName string, methodGlobalLocality bool, methodMeta *structs.EnterpriseMeta) error {
|
||||
func aclTokenDeleteAllForAuthMethodTxn(tx WriteTxn, idx uint64, methodName string, methodGlobalLocality bool, methodMeta *acl.EnterpriseMeta) error {
|
||||
// collect all the tokens linked with the given auth method.
|
||||
iter, err := aclTokenListByAuthMethod(tx, methodName, methodMeta, methodMeta.WithWildcardNamespace())
|
||||
if err != nil {
|
||||
|
@ -966,15 +967,15 @@ func aclPolicySetTxn(tx WriteTxn, idx uint64, policy *structs.ACLPolicy) error {
|
|||
return aclPolicyInsert(tx, policy)
|
||||
}
|
||||
|
||||
func (s *Store) ACLPolicyGetByID(ws memdb.WatchSet, id string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) {
|
||||
func (s *Store) ACLPolicyGetByID(ws memdb.WatchSet, id string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) {
|
||||
return s.aclPolicyGet(ws, id, aclPolicyGetByID, entMeta)
|
||||
}
|
||||
|
||||
func (s *Store) ACLPolicyGetByName(ws memdb.WatchSet, name string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) {
|
||||
func (s *Store) ACLPolicyGetByName(ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) {
|
||||
return s.aclPolicyGet(ws, name, aclPolicyGetByName, entMeta)
|
||||
}
|
||||
|
||||
func aclPolicyGetByName(tx ReadTxn, name string, entMeta *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
func aclPolicyGetByName(tx ReadTxn, name string, entMeta *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
// todo: accept non-pointer value
|
||||
if entMeta == nil {
|
||||
entMeta = structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
|
@ -1006,9 +1007,9 @@ func (s *Store) ACLPolicyBatchGet(ws memdb.WatchSet, ids []string) (uint64, stru
|
|||
return idx, policies, nil
|
||||
}
|
||||
|
||||
type aclPolicyGetFn func(ReadTxn, string, *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error)
|
||||
type aclPolicyGetFn func(ReadTxn, string, *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error)
|
||||
|
||||
func getPolicyWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclPolicyGetFn, entMeta *structs.EnterpriseMeta) (*structs.ACLPolicy, error) {
|
||||
func getPolicyWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclPolicyGetFn, entMeta *acl.EnterpriseMeta) (*structs.ACLPolicy, error) {
|
||||
watchCh, policy, err := fn(tx, value, entMeta)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed acl policy lookup: %v", err)
|
||||
|
@ -1022,7 +1023,7 @@ func getPolicyWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclPolicyG
|
|||
return policy.(*structs.ACLPolicy), nil
|
||||
}
|
||||
|
||||
func (s *Store) aclPolicyGet(ws memdb.WatchSet, value string, fn aclPolicyGetFn, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) {
|
||||
func (s *Store) aclPolicyGet(ws memdb.WatchSet, value string, fn aclPolicyGetFn, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1036,7 +1037,7 @@ func (s *Store) aclPolicyGet(ws memdb.WatchSet, value string, fn aclPolicyGetFn,
|
|||
return idx, policy, nil
|
||||
}
|
||||
|
||||
func (s *Store) ACLPolicyList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.ACLPolicies, error) {
|
||||
func (s *Store) ACLPolicyList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLPolicies, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1057,11 +1058,11 @@ func (s *Store) ACLPolicyList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta
|
|||
return idx, result, nil
|
||||
}
|
||||
|
||||
func (s *Store) ACLPolicyDeleteByID(idx uint64, id string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) ACLPolicyDeleteByID(idx uint64, id string, entMeta *acl.EnterpriseMeta) error {
|
||||
return s.aclPolicyDelete(idx, id, aclPolicyGetByID, entMeta)
|
||||
}
|
||||
|
||||
func (s *Store) ACLPolicyDeleteByName(idx uint64, name string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) ACLPolicyDeleteByName(idx uint64, name string, entMeta *acl.EnterpriseMeta) error {
|
||||
return s.aclPolicyDelete(idx, name, aclPolicyGetByName, entMeta)
|
||||
}
|
||||
|
||||
|
@ -1077,7 +1078,7 @@ func (s *Store) ACLPolicyBatchDelete(idx uint64, policyIDs []string) error {
|
|||
return tx.Commit()
|
||||
}
|
||||
|
||||
func (s *Store) aclPolicyDelete(idx uint64, value string, fn aclPolicyGetFn, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) aclPolicyDelete(idx uint64, value string, fn aclPolicyGetFn, entMeta *acl.EnterpriseMeta) error {
|
||||
tx := s.db.WriteTxn(idx)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1088,7 +1089,7 @@ func (s *Store) aclPolicyDelete(idx uint64, value string, fn aclPolicyGetFn, ent
|
|||
return tx.Commit()
|
||||
}
|
||||
|
||||
func aclPolicyDeleteTxn(tx WriteTxn, idx uint64, value string, fn aclPolicyGetFn, entMeta *structs.EnterpriseMeta) error {
|
||||
func aclPolicyDeleteTxn(tx WriteTxn, idx uint64, value string, fn aclPolicyGetFn, entMeta *acl.EnterpriseMeta) error {
|
||||
// Look up the existing token
|
||||
_, rawPolicy, err := fn(tx, value, entMeta)
|
||||
if err != nil {
|
||||
|
@ -1197,17 +1198,17 @@ func aclRoleSetTxn(tx WriteTxn, idx uint64, role *structs.ACLRole, allowMissing
|
|||
return aclRoleInsert(tx, role)
|
||||
}
|
||||
|
||||
type aclRoleGetFn func(ReadTxn, string, *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error)
|
||||
type aclRoleGetFn func(ReadTxn, string, *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error)
|
||||
|
||||
func (s *Store) ACLRoleGetByID(ws memdb.WatchSet, id string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLRole, error) {
|
||||
func (s *Store) ACLRoleGetByID(ws memdb.WatchSet, id string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLRole, error) {
|
||||
return s.aclRoleGet(ws, id, aclRoleGetByID, entMeta)
|
||||
}
|
||||
|
||||
func (s *Store) ACLRoleGetByName(ws memdb.WatchSet, name string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLRole, error) {
|
||||
func (s *Store) ACLRoleGetByName(ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLRole, error) {
|
||||
return s.aclRoleGet(ws, name, aclRoleGetByName, entMeta)
|
||||
}
|
||||
|
||||
func aclRoleGetByName(tx ReadTxn, name string, entMeta *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
func aclRoleGetByName(tx ReadTxn, name string, entMeta *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
// TODO: accept non-pointer value
|
||||
if entMeta == nil {
|
||||
entMeta = structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
|
@ -1237,7 +1238,7 @@ func (s *Store) ACLRoleBatchGet(ws memdb.WatchSet, ids []string) (uint64, struct
|
|||
return idx, roles, nil
|
||||
}
|
||||
|
||||
func getRoleWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclRoleGetFn, entMeta *structs.EnterpriseMeta) (*structs.ACLRole, error) {
|
||||
func getRoleWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclRoleGetFn, entMeta *acl.EnterpriseMeta) (*structs.ACLRole, error) {
|
||||
watchCh, rawRole, err := fn(tx, value, entMeta)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed acl role lookup: %v", err)
|
||||
|
@ -1256,7 +1257,7 @@ func getRoleWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclRoleGetFn
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
func (s *Store) aclRoleGet(ws memdb.WatchSet, value string, fn aclRoleGetFn, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLRole, error) {
|
||||
func (s *Store) aclRoleGet(ws memdb.WatchSet, value string, fn aclRoleGetFn, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLRole, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1270,7 +1271,7 @@ func (s *Store) aclRoleGet(ws memdb.WatchSet, value string, fn aclRoleGetFn, ent
|
|||
return idx, role, nil
|
||||
}
|
||||
|
||||
func (s *Store) ACLRoleList(ws memdb.WatchSet, policy string, entMeta *structs.EnterpriseMeta) (uint64, structs.ACLRoles, error) {
|
||||
func (s *Store) ACLRoleList(ws memdb.WatchSet, policy string, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLRoles, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1310,11 +1311,11 @@ func (s *Store) ACLRoleList(ws memdb.WatchSet, policy string, entMeta *structs.E
|
|||
return idx, result, nil
|
||||
}
|
||||
|
||||
func (s *Store) ACLRoleDeleteByID(idx uint64, id string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) ACLRoleDeleteByID(idx uint64, id string, entMeta *acl.EnterpriseMeta) error {
|
||||
return s.aclRoleDelete(idx, id, aclRoleGetByID, entMeta)
|
||||
}
|
||||
|
||||
func (s *Store) ACLRoleDeleteByName(idx uint64, name string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) ACLRoleDeleteByName(idx uint64, name string, entMeta *acl.EnterpriseMeta) error {
|
||||
return s.aclRoleDelete(idx, name, aclRoleGetByName, entMeta)
|
||||
}
|
||||
|
||||
|
@ -1330,7 +1331,7 @@ func (s *Store) ACLRoleBatchDelete(idx uint64, roleIDs []string) error {
|
|||
return tx.Commit()
|
||||
}
|
||||
|
||||
func (s *Store) aclRoleDelete(idx uint64, value string, fn aclRoleGetFn, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) aclRoleDelete(idx uint64, value string, fn aclRoleGetFn, entMeta *acl.EnterpriseMeta) error {
|
||||
tx := s.db.WriteTxn(idx)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1341,7 +1342,7 @@ func (s *Store) aclRoleDelete(idx uint64, value string, fn aclRoleGetFn, entMeta
|
|||
return tx.Commit()
|
||||
}
|
||||
|
||||
func aclRoleDeleteTxn(tx WriteTxn, idx uint64, value string, fn aclRoleGetFn, entMeta *structs.EnterpriseMeta) error {
|
||||
func aclRoleDeleteTxn(tx WriteTxn, idx uint64, value string, fn aclRoleGetFn, entMeta *acl.EnterpriseMeta) error {
|
||||
// Look up the existing role
|
||||
_, rawRole, err := fn(tx, value, entMeta)
|
||||
if err != nil {
|
||||
|
@ -1417,11 +1418,11 @@ func aclBindingRuleSetTxn(tx WriteTxn, idx uint64, rule *structs.ACLBindingRule)
|
|||
return aclBindingRuleInsert(tx, rule)
|
||||
}
|
||||
|
||||
func (s *Store) ACLBindingRuleGetByID(ws memdb.WatchSet, id string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLBindingRule, error) {
|
||||
func (s *Store) ACLBindingRuleGetByID(ws memdb.WatchSet, id string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLBindingRule, error) {
|
||||
return s.aclBindingRuleGet(ws, id, entMeta)
|
||||
}
|
||||
|
||||
func (s *Store) aclBindingRuleGet(ws memdb.WatchSet, value string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLBindingRule, error) {
|
||||
func (s *Store) aclBindingRuleGet(ws memdb.WatchSet, value string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLBindingRule, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1441,7 +1442,7 @@ func (s *Store) aclBindingRuleGet(ws memdb.WatchSet, value string, entMeta *stru
|
|||
return idx, rule, nil
|
||||
}
|
||||
|
||||
func (s *Store) ACLBindingRuleList(ws memdb.WatchSet, methodName string, entMeta *structs.EnterpriseMeta) (uint64, structs.ACLBindingRules, error) {
|
||||
func (s *Store) ACLBindingRuleList(ws memdb.WatchSet, methodName string, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLBindingRules, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1471,7 +1472,7 @@ func (s *Store) ACLBindingRuleList(ws memdb.WatchSet, methodName string, entMeta
|
|||
return idx, result, nil
|
||||
}
|
||||
|
||||
func (s *Store) ACLBindingRuleDeleteByID(idx uint64, id string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) ACLBindingRuleDeleteByID(idx uint64, id string, entMeta *acl.EnterpriseMeta) error {
|
||||
return s.aclBindingRuleDelete(idx, id, entMeta)
|
||||
}
|
||||
|
||||
|
@ -1485,7 +1486,7 @@ func (s *Store) ACLBindingRuleBatchDelete(idx uint64, bindingRuleIDs []string) e
|
|||
return tx.Commit()
|
||||
}
|
||||
|
||||
func (s *Store) aclBindingRuleDelete(idx uint64, id string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) aclBindingRuleDelete(idx uint64, id string, entMeta *acl.EnterpriseMeta) error {
|
||||
tx := s.db.WriteTxn(idx)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1496,7 +1497,7 @@ func (s *Store) aclBindingRuleDelete(idx uint64, id string, entMeta *structs.Ent
|
|||
return tx.Commit()
|
||||
}
|
||||
|
||||
func aclBindingRuleDeleteTxn(tx WriteTxn, idx uint64, id string, entMeta *structs.EnterpriseMeta) error {
|
||||
func aclBindingRuleDeleteTxn(tx WriteTxn, idx uint64, id string, entMeta *acl.EnterpriseMeta) error {
|
||||
// Look up the existing binding rule
|
||||
_, rawRule, err := aclBindingRuleGetByID(tx, id, entMeta)
|
||||
if err != nil {
|
||||
|
@ -1515,7 +1516,7 @@ func aclBindingRuleDeleteTxn(tx WriteTxn, idx uint64, id string, entMeta *struct
|
|||
return nil
|
||||
}
|
||||
|
||||
func aclBindingRuleDeleteAllForAuthMethodTxn(tx WriteTxn, idx uint64, methodName string, entMeta *structs.EnterpriseMeta) error {
|
||||
func aclBindingRuleDeleteAllForAuthMethodTxn(tx WriteTxn, idx uint64, methodName string, entMeta *acl.EnterpriseMeta) error {
|
||||
// collect them all
|
||||
iter, err := aclBindingRuleListByAuthMethod(tx, methodName, entMeta)
|
||||
if err != nil {
|
||||
|
@ -1596,11 +1597,11 @@ func aclAuthMethodSetTxn(tx WriteTxn, idx uint64, method *structs.ACLAuthMethod)
|
|||
return aclAuthMethodInsert(tx, method)
|
||||
}
|
||||
|
||||
func (s *Store) ACLAuthMethodGetByName(ws memdb.WatchSet, name string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLAuthMethod, error) {
|
||||
func (s *Store) ACLAuthMethodGetByName(ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLAuthMethod, error) {
|
||||
return s.aclAuthMethodGet(ws, name, entMeta)
|
||||
}
|
||||
|
||||
func (s *Store) aclAuthMethodGet(ws memdb.WatchSet, name string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLAuthMethod, error) {
|
||||
func (s *Store) aclAuthMethodGet(ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLAuthMethod, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1614,7 +1615,7 @@ func (s *Store) aclAuthMethodGet(ws memdb.WatchSet, name string, entMeta *struct
|
|||
return idx, method, nil
|
||||
}
|
||||
|
||||
func getAuthMethodWithTxn(tx ReadTxn, ws memdb.WatchSet, name string, entMeta *structs.EnterpriseMeta) (*structs.ACLAuthMethod, error) {
|
||||
func getAuthMethodWithTxn(tx ReadTxn, ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (*structs.ACLAuthMethod, error) {
|
||||
watchCh, rawMethod, err := aclAuthMethodGetByName(tx, name, entMeta)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("failed acl auth method lookup: %v", err)
|
||||
|
@ -1628,7 +1629,7 @@ func getAuthMethodWithTxn(tx ReadTxn, ws memdb.WatchSet, name string, entMeta *s
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
func (s *Store) ACLAuthMethodList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.ACLAuthMethods, error) {
|
||||
func (s *Store) ACLAuthMethodList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLAuthMethods, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1650,11 +1651,11 @@ func (s *Store) ACLAuthMethodList(ws memdb.WatchSet, entMeta *structs.Enterprise
|
|||
return idx, result, nil
|
||||
}
|
||||
|
||||
func (s *Store) ACLAuthMethodDeleteByName(idx uint64, name string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) ACLAuthMethodDeleteByName(idx uint64, name string, entMeta *acl.EnterpriseMeta) error {
|
||||
return s.aclAuthMethodDelete(idx, name, entMeta)
|
||||
}
|
||||
|
||||
func (s *Store) ACLAuthMethodBatchDelete(idx uint64, names []string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) ACLAuthMethodBatchDelete(idx uint64, names []string, entMeta *acl.EnterpriseMeta) error {
|
||||
tx := s.db.WriteTxn(idx)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1669,7 +1670,7 @@ func (s *Store) ACLAuthMethodBatchDelete(idx uint64, names []string, entMeta *st
|
|||
return tx.Commit()
|
||||
}
|
||||
|
||||
func (s *Store) aclAuthMethodDelete(idx uint64, name string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) aclAuthMethodDelete(idx uint64, name string, entMeta *acl.EnterpriseMeta) error {
|
||||
tx := s.db.WriteTxn(idx)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1680,7 +1681,7 @@ func (s *Store) aclAuthMethodDelete(idx uint64, name string, entMeta *structs.En
|
|||
return tx.Commit()
|
||||
}
|
||||
|
||||
func aclAuthMethodDeleteTxn(tx WriteTxn, idx uint64, name string, entMeta *structs.EnterpriseMeta) error {
|
||||
func aclAuthMethodDeleteTxn(tx WriteTxn, idx uint64, name string, entMeta *acl.EnterpriseMeta) error {
|
||||
// Look up the existing method
|
||||
_, rawMethod, err := aclAuthMethodGetByName(tx, name, entMeta)
|
||||
if err != nil {
|
||||
|
@ -1704,7 +1705,7 @@ func aclAuthMethodDeleteTxn(tx WriteTxn, idx uint64, name string, entMeta *struc
|
|||
return aclAuthMethodDeleteWithMethod(tx, method, idx)
|
||||
}
|
||||
|
||||
func aclTokenList(tx ReadTxn, entMeta *structs.EnterpriseMeta, locality bool) (memdb.ResultIterator, error) {
|
||||
func aclTokenList(tx ReadTxn, entMeta *acl.EnterpriseMeta, locality bool) (memdb.ResultIterator, error) {
|
||||
// TODO: accept non-pointer value
|
||||
if entMeta == nil {
|
||||
entMeta = structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
|
|
|
@ -9,17 +9,18 @@ import (
|
|||
|
||||
memdb "github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
func updateTableIndexEntries(tx WriteTxn, tableName string, modifyIndex uint64, _ *structs.EnterpriseMeta) error {
|
||||
func updateTableIndexEntries(tx WriteTxn, tableName string, modifyIndex uint64, _ *acl.EnterpriseMeta) error {
|
||||
if err := indexUpdateMaxTxn(tx, modifyIndex, tableName); err != nil {
|
||||
return fmt.Errorf("failed updating %s index: %v", tableName, err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func aclPolicyGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
func aclPolicyGetByID(tx ReadTxn, id string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
return tx.FirstWatch(tableACLPolicies, indexID, id)
|
||||
}
|
||||
|
||||
|
@ -36,7 +37,7 @@ func aclPolicyDeleteWithPolicy(tx WriteTxn, policy *structs.ACLPolicy, idx uint6
|
|||
return nil
|
||||
}
|
||||
|
||||
func aclPolicyMaxIndex(tx ReadTxn, _ *structs.ACLPolicy, _ *structs.EnterpriseMeta) uint64 {
|
||||
func aclPolicyMaxIndex(tx ReadTxn, _ *structs.ACLPolicy, _ *acl.EnterpriseMeta) uint64 {
|
||||
return maxIndexTxn(tx, tableACLPolicies)
|
||||
}
|
||||
|
||||
|
@ -52,23 +53,23 @@ func (s *Store) ACLPolicyUpsertValidateEnterprise(*structs.ACLPolicy, *structs.A
|
|||
///// ACL Token Functions /////
|
||||
///////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
func aclTokenGetFromIndex(tx ReadTxn, id string, index string, entMeta *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
func aclTokenGetFromIndex(tx ReadTxn, id string, index string, entMeta *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
return tx.FirstWatch(tableACLTokens, index, id)
|
||||
}
|
||||
|
||||
func aclTokenListAll(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
func aclTokenListAll(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get(tableACLTokens, indexID)
|
||||
}
|
||||
|
||||
func aclTokenListByPolicy(tx ReadTxn, policy string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
func aclTokenListByPolicy(tx ReadTxn, policy string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get(tableACLTokens, indexPolicies, Query{Value: policy})
|
||||
}
|
||||
|
||||
func aclTokenListByRole(tx ReadTxn, role string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
func aclTokenListByRole(tx ReadTxn, role string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get(tableACLTokens, indexRoles, Query{Value: role})
|
||||
}
|
||||
|
||||
func aclTokenListByAuthMethod(tx ReadTxn, authMethod string, _, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
func aclTokenListByAuthMethod(tx ReadTxn, authMethod string, _, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get(tableACLTokens, indexAuthMethod, AuthMethodQuery{Value: authMethod})
|
||||
}
|
||||
|
||||
|
@ -85,7 +86,7 @@ func aclTokenDeleteWithToken(tx WriteTxn, token *structs.ACLToken, idx uint64) e
|
|||
return nil
|
||||
}
|
||||
|
||||
func aclTokenMaxIndex(tx ReadTxn, _ *structs.ACLToken, entMeta *structs.EnterpriseMeta) uint64 {
|
||||
func aclTokenMaxIndex(tx ReadTxn, _ *structs.ACLToken, entMeta *acl.EnterpriseMeta) uint64 {
|
||||
return maxIndexTxn(tx, tableACLTokens)
|
||||
}
|
||||
|
||||
|
@ -101,7 +102,7 @@ func (s *Store) ACLTokenUpsertValidateEnterprise(token *structs.ACLToken, existi
|
|||
///// ACL Role Functions /////
|
||||
///////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
func aclRoleGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
func aclRoleGetByID(tx ReadTxn, id string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
return tx.FirstWatch(tableACLRoles, indexID, id)
|
||||
}
|
||||
|
||||
|
@ -118,7 +119,7 @@ func aclRoleDeleteWithRole(tx WriteTxn, role *structs.ACLRole, idx uint64) error
|
|||
return nil
|
||||
}
|
||||
|
||||
func aclRoleMaxIndex(tx ReadTxn, _ *structs.ACLRole, _ *structs.EnterpriseMeta) uint64 {
|
||||
func aclRoleMaxIndex(tx ReadTxn, _ *structs.ACLRole, _ *acl.EnterpriseMeta) uint64 {
|
||||
return maxIndexTxn(tx, tableACLRoles)
|
||||
}
|
||||
|
||||
|
@ -134,15 +135,15 @@ func (s *Store) ACLRoleUpsertValidateEnterprise(role *structs.ACLRole, existing
|
|||
///// ACL Binding Rule Functions /////
|
||||
///////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
func aclBindingRuleGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
func aclBindingRuleGetByID(tx ReadTxn, id string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
return tx.FirstWatch(tableACLBindingRules, indexID, id)
|
||||
}
|
||||
|
||||
func aclBindingRuleList(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
func aclBindingRuleList(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get(tableACLBindingRules, indexID)
|
||||
}
|
||||
|
||||
func aclBindingRuleListByAuthMethod(tx ReadTxn, method string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
func aclBindingRuleListByAuthMethod(tx ReadTxn, method string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get(tableACLBindingRules, indexAuthMethod, Query{Value: method})
|
||||
}
|
||||
|
||||
|
@ -159,7 +160,7 @@ func aclBindingRuleDeleteWithRule(tx WriteTxn, rule *structs.ACLBindingRule, idx
|
|||
return nil
|
||||
}
|
||||
|
||||
func aclBindingRuleMaxIndex(tx ReadTxn, _ *structs.ACLBindingRule, entMeta *structs.EnterpriseMeta) uint64 {
|
||||
func aclBindingRuleMaxIndex(tx ReadTxn, _ *structs.ACLBindingRule, entMeta *acl.EnterpriseMeta) uint64 {
|
||||
return maxIndexTxn(tx, tableACLBindingRules)
|
||||
}
|
||||
|
||||
|
@ -175,11 +176,11 @@ func (s *Store) ACLBindingRuleUpsertValidateEnterprise(rule *structs.ACLBindingR
|
|||
///// ACL Auth Method Functions /////
|
||||
///////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
func aclAuthMethodGetByName(tx ReadTxn, method string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
func aclAuthMethodGetByName(tx ReadTxn, method string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
return tx.FirstWatch(tableACLAuthMethods, indexID, Query{Value: method})
|
||||
}
|
||||
|
||||
func aclAuthMethodList(tx ReadTxn, entMeta *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
func aclAuthMethodList(tx ReadTxn, entMeta *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get(tableACLAuthMethods, indexID)
|
||||
}
|
||||
|
||||
|
@ -196,7 +197,7 @@ func aclAuthMethodDeleteWithMethod(tx WriteTxn, method *structs.ACLAuthMethod, i
|
|||
return nil
|
||||
}
|
||||
|
||||
func aclAuthMethodMaxIndex(tx ReadTxn, _ *structs.ACLAuthMethod, entMeta *structs.EnterpriseMeta) uint64 {
|
||||
func aclAuthMethodMaxIndex(tx ReadTxn, _ *structs.ACLAuthMethod, entMeta *acl.EnterpriseMeta) uint64 {
|
||||
return maxIndexTxn(tx, tableACLAuthMethods)
|
||||
}
|
||||
|
||||
|
|
|
@ -3,7 +3,10 @@
|
|||
|
||||
package state
|
||||
|
||||
import "github.com/hashicorp/consul/agent/structs"
|
||||
import (
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
func testIndexerTableACLPolicies() map[string]indexerTestCase {
|
||||
obj := &structs.ACLPolicy{
|
||||
|
@ -177,7 +180,7 @@ func testIndexerTableACLBindingRules() map[string]indexerTestCase {
|
|||
func testIndexerTableACLAuthMethods() map[string]indexerTestCase {
|
||||
obj := &structs.ACLAuthMethod{
|
||||
Name: "ThEAuthMethod",
|
||||
EnterpriseMeta: structs.EnterpriseMeta{},
|
||||
EnterpriseMeta: acl.EnterpriseMeta{},
|
||||
}
|
||||
encodedName := []byte{0x74, 0x68, 0x65, 0x61, 0x75, 0x74, 0x68, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x0}
|
||||
return map[string]indexerTestCase{
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
|
||||
"github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
|
@ -227,9 +228,9 @@ func indexFromUUIDQuery(raw interface{}) ([]byte, error) {
|
|||
|
||||
func prefixIndexFromUUIDQuery(arg interface{}) ([]byte, error) {
|
||||
switch v := arg.(type) {
|
||||
case *structs.EnterpriseMeta:
|
||||
case *acl.EnterpriseMeta:
|
||||
return nil, nil
|
||||
case structs.EnterpriseMeta:
|
||||
case acl.EnterpriseMeta:
|
||||
return nil, nil
|
||||
case Query:
|
||||
return variableLengthUUIDStringToBytes(v.Value)
|
||||
|
|
|
@ -57,7 +57,7 @@ func (s *Snapshot) Nodes() (memdb.ResultIterator, error) {
|
|||
|
||||
// Services is used to pull the full list of services for a given node for use
|
||||
// during snapshots.
|
||||
func (s *Snapshot) Services(node string, entMeta *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
func (s *Snapshot) Services(node string, entMeta *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
// TODO: accept non-pointer value
|
||||
if entMeta == nil {
|
||||
entMeta = structs.NodeEnterpriseMetaInDefaultPartition()
|
||||
|
@ -70,7 +70,7 @@ func (s *Snapshot) Services(node string, entMeta *structs.EnterpriseMeta) (memdb
|
|||
|
||||
// Checks is used to pull the full list of checks for a given node for use
|
||||
// during snapshots.
|
||||
func (s *Snapshot) Checks(node string, entMeta *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
func (s *Snapshot) Checks(node string, entMeta *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
// TODO: accept non-pointer value
|
||||
if entMeta == nil {
|
||||
entMeta = structs.NodeEnterpriseMetaInDefaultPartition()
|
||||
|
@ -136,7 +136,7 @@ func (s *Store) ensureCheckIfNodeMatches(
|
|||
nodePartition string,
|
||||
check *structs.HealthCheck,
|
||||
) error {
|
||||
if !strings.EqualFold(check.Node, node) || !structs.EqualPartitions(nodePartition, check.PartitionOrDefault()) {
|
||||
if !strings.EqualFold(check.Node, node) || !acl.EqualPartitions(nodePartition, check.PartitionOrDefault()) {
|
||||
return fmt.Errorf("check node %q does not match node %q",
|
||||
printNodeName(check.Node, check.PartitionOrDefault()),
|
||||
printNodeName(node, nodePartition),
|
||||
|
@ -149,7 +149,7 @@ func (s *Store) ensureCheckIfNodeMatches(
|
|||
}
|
||||
|
||||
func printNodeName(nodeName, partition string) string {
|
||||
if structs.IsDefaultPartition(partition) {
|
||||
if acl.IsDefaultPartition(partition) {
|
||||
return nodeName
|
||||
}
|
||||
return partition + "/" + nodeName
|
||||
|
@ -396,7 +396,7 @@ func (s *Store) ensureNodeTxn(tx WriteTxn, idx uint64, preserveIndexes bool, nod
|
|||
}
|
||||
|
||||
// GetNode is used to retrieve a node registration by node name ID.
|
||||
func (s *Store) GetNode(nodeNameOrID string, entMeta *structs.EnterpriseMeta) (uint64, *structs.Node, error) {
|
||||
func (s *Store) GetNode(nodeNameOrID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.Node, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -416,7 +416,7 @@ func (s *Store) GetNode(nodeNameOrID string, entMeta *structs.EnterpriseMeta) (u
|
|||
return idx, node, nil
|
||||
}
|
||||
|
||||
func getNodeTxn(tx ReadTxn, nodeNameOrID string, entMeta *structs.EnterpriseMeta) (*structs.Node, error) {
|
||||
func getNodeTxn(tx ReadTxn, nodeNameOrID string, entMeta *acl.EnterpriseMeta) (*structs.Node, error) {
|
||||
node, err := tx.First(tableNodes, indexID, Query{
|
||||
Value: nodeNameOrID,
|
||||
EnterpriseMeta: *entMeta,
|
||||
|
@ -430,7 +430,7 @@ func getNodeTxn(tx ReadTxn, nodeNameOrID string, entMeta *structs.EnterpriseMeta
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
func getNodeIDTxn(tx ReadTxn, id types.NodeID, entMeta *structs.EnterpriseMeta) (*structs.Node, error) {
|
||||
func getNodeIDTxn(tx ReadTxn, id types.NodeID, entMeta *acl.EnterpriseMeta) (*structs.Node, error) {
|
||||
node, err := tx.First(tableNodes, indexUUID+"_prefix", Query{
|
||||
Value: string(id),
|
||||
EnterpriseMeta: *entMeta,
|
||||
|
@ -445,7 +445,7 @@ func getNodeIDTxn(tx ReadTxn, id types.NodeID, entMeta *structs.EnterpriseMeta)
|
|||
}
|
||||
|
||||
// GetNodeID is used to retrieve a node registration by node ID.
|
||||
func (s *Store) GetNodeID(id types.NodeID, entMeta *structs.EnterpriseMeta) (uint64, *structs.Node, error) {
|
||||
func (s *Store) GetNodeID(id types.NodeID, entMeta *acl.EnterpriseMeta) (uint64, *structs.Node, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -463,7 +463,7 @@ func (s *Store) GetNodeID(id types.NodeID, entMeta *structs.EnterpriseMeta) (uin
|
|||
}
|
||||
|
||||
// Nodes is used to return all of the known nodes.
|
||||
func (s *Store) Nodes(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Nodes, error) {
|
||||
func (s *Store) Nodes(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Nodes, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -491,7 +491,7 @@ func (s *Store) Nodes(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint6
|
|||
}
|
||||
|
||||
// NodesByMeta is used to return all nodes with the given metadata key/value pairs.
|
||||
func (s *Store) NodesByMeta(ws memdb.WatchSet, filters map[string]string, entMeta *structs.EnterpriseMeta) (uint64, structs.Nodes, error) {
|
||||
func (s *Store) NodesByMeta(ws memdb.WatchSet, filters map[string]string, entMeta *acl.EnterpriseMeta) (uint64, structs.Nodes, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -537,7 +537,7 @@ func (s *Store) NodesByMeta(ws memdb.WatchSet, filters map[string]string, entMet
|
|||
}
|
||||
|
||||
// DeleteNode is used to delete a given node by its ID.
|
||||
func (s *Store) DeleteNode(idx uint64, nodeName string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) DeleteNode(idx uint64, nodeName string, entMeta *acl.EnterpriseMeta) error {
|
||||
tx := s.db.WriteTxn(idx)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -557,7 +557,7 @@ func (s *Store) DeleteNode(idx uint64, nodeName string, entMeta *structs.Enterpr
|
|||
// deleteNodeCASTxn is used to try doing a node delete operation with a given
|
||||
// raft index. If the CAS index specified is not equal to the last observed index for
|
||||
// the given check, then the call is a noop, otherwise a normal check delete is invoked.
|
||||
func (s *Store) deleteNodeCASTxn(tx WriteTxn, idx, cidx uint64, nodeName string, entMeta *structs.EnterpriseMeta) (bool, error) {
|
||||
func (s *Store) deleteNodeCASTxn(tx WriteTxn, idx, cidx uint64, nodeName string, entMeta *acl.EnterpriseMeta) (bool, error) {
|
||||
// Look up the node.
|
||||
node, err := getNodeTxn(tx, nodeName, entMeta)
|
||||
if err != nil {
|
||||
|
@ -584,7 +584,7 @@ func (s *Store) deleteNodeCASTxn(tx WriteTxn, idx, cidx uint64, nodeName string,
|
|||
|
||||
// deleteNodeTxn is the inner method used for removing a node from
|
||||
// the store within a given transaction.
|
||||
func (s *Store) deleteNodeTxn(tx WriteTxn, idx uint64, nodeName string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) deleteNodeTxn(tx WriteTxn, idx uint64, nodeName string, entMeta *acl.EnterpriseMeta) error {
|
||||
// TODO: accept non-pointer value
|
||||
if entMeta == nil {
|
||||
entMeta = structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
|
@ -978,7 +978,7 @@ func terminatingGatewayVirtualIPsSupported(tx ReadTxn, ws memdb.WatchSet) (bool,
|
|||
}
|
||||
|
||||
// Services returns all services along with a list of associated tags.
|
||||
func (s *Store) Services(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Services, error) {
|
||||
func (s *Store) Services(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Services, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1018,14 +1018,14 @@ func (s *Store) Services(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (ui
|
|||
return idx, results, nil
|
||||
}
|
||||
|
||||
func (s *Store) ServiceList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceList, error) {
|
||||
func (s *Store) ServiceList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceList, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
return serviceListTxn(tx, ws, entMeta)
|
||||
}
|
||||
|
||||
func serviceListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceList, error) {
|
||||
func serviceListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceList, error) {
|
||||
idx := catalogServicesMaxIndex(tx, entMeta)
|
||||
|
||||
services, err := tx.Get(tableServices, indexID+"_prefix", entMeta)
|
||||
|
@ -1049,7 +1049,7 @@ func serviceListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.EnterpriseMe
|
|||
}
|
||||
|
||||
// ServicesByNodeMeta returns all services, filtered by the given node metadata.
|
||||
func (s *Store) ServicesByNodeMeta(ws memdb.WatchSet, filters map[string]string, entMeta *structs.EnterpriseMeta) (uint64, structs.Services, error) {
|
||||
func (s *Store) ServicesByNodeMeta(ws memdb.WatchSet, filters map[string]string, entMeta *acl.EnterpriseMeta) (uint64, structs.Services, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1144,7 +1144,7 @@ func (s *Store) ServicesByNodeMeta(ws memdb.WatchSet, filters map[string]string,
|
|||
// * return when the last instance of a service is removed
|
||||
// * block until an instance for this service is available, or another
|
||||
// service is unregistered.
|
||||
func maxIndexForService(tx ReadTxn, serviceName string, serviceExists, checks bool, entMeta *structs.EnterpriseMeta) uint64 {
|
||||
func maxIndexForService(tx ReadTxn, serviceName string, serviceExists, checks bool, entMeta *acl.EnterpriseMeta) uint64 {
|
||||
idx, _ := maxIndexAndWatchChForService(tx, serviceName, serviceExists, checks, entMeta)
|
||||
return idx
|
||||
}
|
||||
|
@ -1163,7 +1163,7 @@ func maxIndexForService(tx ReadTxn, serviceName string, serviceExists, checks bo
|
|||
// returned for the chan. This allows for blocking watchers to _only_ watch this
|
||||
// one chan in the common case, falling back to watching all touched MemDB
|
||||
// indexes in more complicated cases.
|
||||
func maxIndexAndWatchChForService(tx ReadTxn, serviceName string, serviceExists, checks bool, entMeta *structs.EnterpriseMeta) (uint64, <-chan struct{}) {
|
||||
func maxIndexAndWatchChForService(tx ReadTxn, serviceName string, serviceExists, checks bool, entMeta *acl.EnterpriseMeta) (uint64, <-chan struct{}) {
|
||||
if !serviceExists {
|
||||
res, err := catalogServiceLastExtinctionIndex(tx, entMeta)
|
||||
if missingIdx, ok := res.(*IndexEntry); ok && err == nil {
|
||||
|
@ -1207,7 +1207,7 @@ func maxIndexAndWatchChsForServiceNodes(tx ReadTxn,
|
|||
// ConnectServiceNodes returns the nodes associated with a Connect
|
||||
// compatible destination for the given service name. This will include
|
||||
// both proxies and native integrations.
|
||||
func (s *Store) ConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceNodes, error) {
|
||||
func (s *Store) ConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceNodes, error) {
|
||||
tx := s.db.ReadTxn()
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1220,7 +1220,7 @@ func (s *Store) ConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMe
|
|||
}
|
||||
|
||||
// ServiceNodes returns the nodes associated with a given service name.
|
||||
func (s *Store) ServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceNodes, error) {
|
||||
func (s *Store) ServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceNodes, error) {
|
||||
tx := s.db.ReadTxn()
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1294,7 +1294,7 @@ func serviceNodesTxn(tx ReadTxn, ws memdb.WatchSet, index string, q Query) (uint
|
|||
|
||||
// ServiceTagNodes returns the nodes associated with a given service, filtering
|
||||
// out services that don't contain the given tags.
|
||||
func (s *Store) ServiceTagNodes(ws memdb.WatchSet, service string, tags []string, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceNodes, error) {
|
||||
func (s *Store) ServiceTagNodes(ws memdb.WatchSet, service string, tags []string, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceNodes, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1364,7 +1364,7 @@ func serviceTagsFilter(sn *structs.ServiceNode, tags []string) bool {
|
|||
|
||||
// ServiceAddressNodes returns the nodes associated with a given service, filtering
|
||||
// out services that don't match the given serviceAddress
|
||||
func (s *Store) ServiceAddressNodes(ws memdb.WatchSet, address string, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceNodes, error) {
|
||||
func (s *Store) ServiceAddressNodes(ws memdb.WatchSet, address string, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceNodes, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1401,7 +1401,7 @@ func (s *Store) ServiceAddressNodes(ws memdb.WatchSet, address string, entMeta *
|
|||
|
||||
// parseServiceNodes iterates over a services query and fills in the node details,
|
||||
// returning a ServiceNodes slice.
|
||||
func parseServiceNodes(tx ReadTxn, ws memdb.WatchSet, services structs.ServiceNodes, entMeta *structs.EnterpriseMeta) (structs.ServiceNodes, error) {
|
||||
func parseServiceNodes(tx ReadTxn, ws memdb.WatchSet, services structs.ServiceNodes, entMeta *acl.EnterpriseMeta) (structs.ServiceNodes, error) {
|
||||
// We don't want to track an unlimited number of nodes, so we pull a
|
||||
// top-level watch to use as a fallback.
|
||||
allNodes, err := tx.Get(tableNodes, indexID+"_prefix", entMeta)
|
||||
|
@ -1446,7 +1446,7 @@ func parseServiceNodes(tx ReadTxn, ws memdb.WatchSet, services structs.ServiceNo
|
|||
|
||||
// NodeService is used to retrieve a specific service associated with the given
|
||||
// node.
|
||||
func (s *Store) NodeService(nodeName string, serviceID string, entMeta *structs.EnterpriseMeta) (uint64, *structs.NodeService, error) {
|
||||
func (s *Store) NodeService(nodeName string, serviceID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.NodeService, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1462,7 +1462,7 @@ func (s *Store) NodeService(nodeName string, serviceID string, entMeta *structs.
|
|||
return idx, service, nil
|
||||
}
|
||||
|
||||
func getNodeServiceTxn(tx ReadTxn, nodeName, serviceID string, entMeta *structs.EnterpriseMeta) (*structs.NodeService, error) {
|
||||
func getNodeServiceTxn(tx ReadTxn, nodeName, serviceID string, entMeta *acl.EnterpriseMeta) (*structs.NodeService, error) {
|
||||
// TODO: pass non-pointer type for ent meta
|
||||
if entMeta == nil {
|
||||
entMeta = structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
|
@ -1485,7 +1485,7 @@ func getNodeServiceTxn(tx ReadTxn, nodeName, serviceID string, entMeta *structs.
|
|||
return nil, nil
|
||||
}
|
||||
|
||||
func (s *Store) nodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *structs.EnterpriseMeta, allowWildcard bool) (bool, uint64, *structs.Node, memdb.ResultIterator, error) {
|
||||
func (s *Store) nodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *acl.EnterpriseMeta, allowWildcard bool) (bool, uint64, *structs.Node, memdb.ResultIterator, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1555,7 +1555,7 @@ func (s *Store) nodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *st
|
|||
}
|
||||
|
||||
// NodeServices is used to query service registrations by node name or UUID.
|
||||
func (s *Store) NodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *structs.EnterpriseMeta) (uint64, *structs.NodeServices, error) {
|
||||
func (s *Store) NodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.NodeServices, error) {
|
||||
done, idx, node, services, err := s.nodeServices(ws, nodeNameOrID, entMeta, false)
|
||||
if done || err != nil {
|
||||
return idx, nil, err
|
||||
|
@ -1579,7 +1579,7 @@ func (s *Store) NodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *st
|
|||
}
|
||||
|
||||
// NodeServices is used to query service registrations by node name or UUID.
|
||||
func (s *Store) NodeServiceList(ws memdb.WatchSet, nodeNameOrID string, entMeta *structs.EnterpriseMeta) (uint64, *structs.NodeServiceList, error) {
|
||||
func (s *Store) NodeServiceList(ws memdb.WatchSet, nodeNameOrID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.NodeServiceList, error) {
|
||||
done, idx, node, services, err := s.nodeServices(ws, nodeNameOrID, entMeta, true)
|
||||
if done || err != nil {
|
||||
return idx, nil, err
|
||||
|
@ -1606,7 +1606,7 @@ func (s *Store) NodeServiceList(ws memdb.WatchSet, nodeNameOrID string, entMeta
|
|||
}
|
||||
|
||||
// DeleteService is used to delete a given service associated with a node.
|
||||
func (s *Store) DeleteService(idx uint64, nodeName, serviceID string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) DeleteService(idx uint64, nodeName, serviceID string, entMeta *acl.EnterpriseMeta) error {
|
||||
tx := s.db.WriteTxn(idx)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1621,7 +1621,7 @@ func (s *Store) DeleteService(idx uint64, nodeName, serviceID string, entMeta *s
|
|||
// deleteServiceCASTxn is used to try doing a service delete operation with a given
|
||||
// raft index. If the CAS index specified is not equal to the last observed index for
|
||||
// the given service, then the call is a noop, otherwise a normal delete is invoked.
|
||||
func (s *Store) deleteServiceCASTxn(tx WriteTxn, idx, cidx uint64, nodeName, serviceID string, entMeta *structs.EnterpriseMeta) (bool, error) {
|
||||
func (s *Store) deleteServiceCASTxn(tx WriteTxn, idx, cidx uint64, nodeName, serviceID string, entMeta *acl.EnterpriseMeta) (bool, error) {
|
||||
// Look up the service.
|
||||
service, err := getNodeServiceTxn(tx, nodeName, serviceID, entMeta)
|
||||
if err != nil {
|
||||
|
@ -1648,7 +1648,7 @@ func (s *Store) deleteServiceCASTxn(tx WriteTxn, idx, cidx uint64, nodeName, ser
|
|||
|
||||
// deleteServiceTxn is the inner method called to remove a service
|
||||
// registration within an existing transaction.
|
||||
func (s *Store) deleteServiceTxn(tx WriteTxn, idx uint64, nodeName, serviceID string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) deleteServiceTxn(tx WriteTxn, idx uint64, nodeName, serviceID string, entMeta *acl.EnterpriseMeta) error {
|
||||
// TODO: pass non-pointer type for ent meta
|
||||
if entMeta == nil {
|
||||
entMeta = structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
|
@ -1751,7 +1751,7 @@ func (s *Store) deleteServiceTxn(tx WriteTxn, idx uint64, nodeName, serviceID st
|
|||
|
||||
// freeServiceVirtualIP is used to free a virtual IP for a service after the last instance
|
||||
// is removed.
|
||||
func freeServiceVirtualIP(tx WriteTxn, svc string, excludeGateway *structs.ServiceName, entMeta *structs.EnterpriseMeta) error {
|
||||
func freeServiceVirtualIP(tx WriteTxn, svc string, excludeGateway *structs.ServiceName, entMeta *acl.EnterpriseMeta) error {
|
||||
supported, err := virtualIPsSupported(tx, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
|
@ -1818,7 +1818,7 @@ func (s *Store) EnsureCheck(idx uint64, hc *structs.HealthCheck) error {
|
|||
}
|
||||
|
||||
// updateAllServiceIndexesOfNode updates the Raft index of all the services associated with this node
|
||||
func updateAllServiceIndexesOfNode(tx WriteTxn, idx uint64, nodeID string, entMeta *structs.EnterpriseMeta) error {
|
||||
func updateAllServiceIndexesOfNode(tx WriteTxn, idx uint64, nodeID string, entMeta *acl.EnterpriseMeta) error {
|
||||
services, err := tx.Get(tableServices, indexNode, Query{
|
||||
Value: nodeID,
|
||||
EnterpriseMeta: *entMeta.WithWildcardNamespace(),
|
||||
|
@ -1977,7 +1977,7 @@ func (s *Store) ensureCheckTxn(tx WriteTxn, idx uint64, preserveIndexes bool, hc
|
|||
|
||||
// NodeCheck is used to retrieve a specific check associated with the given
|
||||
// node.
|
||||
func (s *Store) NodeCheck(nodeName string, checkID types.CheckID, entMeta *structs.EnterpriseMeta) (uint64, *structs.HealthCheck, error) {
|
||||
func (s *Store) NodeCheck(nodeName string, checkID types.CheckID, entMeta *acl.EnterpriseMeta) (uint64, *structs.HealthCheck, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -1986,7 +1986,7 @@ func (s *Store) NodeCheck(nodeName string, checkID types.CheckID, entMeta *struc
|
|||
|
||||
// nodeCheckTxn is used as the inner method to handle reading a health check
|
||||
// from the state store.
|
||||
func getNodeCheckTxn(tx ReadTxn, nodeName string, checkID types.CheckID, entMeta *structs.EnterpriseMeta) (uint64, *structs.HealthCheck, error) {
|
||||
func getNodeCheckTxn(tx ReadTxn, nodeName string, checkID types.CheckID, entMeta *acl.EnterpriseMeta) (uint64, *structs.HealthCheck, error) {
|
||||
// Get the table index.
|
||||
idx := catalogChecksMaxIndex(tx, entMeta)
|
||||
|
||||
|
@ -2009,7 +2009,7 @@ func getNodeCheckTxn(tx ReadTxn, nodeName string, checkID types.CheckID, entMeta
|
|||
|
||||
// NodeChecks is used to retrieve checks associated with the
|
||||
// given node from the state store.
|
||||
func (s *Store) NodeChecks(ws memdb.WatchSet, nodeName string, entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) {
|
||||
func (s *Store) NodeChecks(ws memdb.WatchSet, nodeName string, entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -2037,7 +2037,7 @@ func (s *Store) NodeChecks(ws memdb.WatchSet, nodeName string, entMeta *structs.
|
|||
// ServiceChecks is used to get all checks associated with a
|
||||
// given service ID. The query is performed against a service
|
||||
// _name_ instead of a service ID.
|
||||
func (s *Store) ServiceChecks(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) {
|
||||
func (s *Store) ServiceChecks(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -2065,7 +2065,7 @@ func (s *Store) ServiceChecks(ws memdb.WatchSet, serviceName string, entMeta *st
|
|||
// given service ID, filtered by the given node metadata values. The query
|
||||
// is performed against a service _name_ instead of a service ID.
|
||||
func (s *Store) ServiceChecksByNodeMeta(ws memdb.WatchSet, serviceName string,
|
||||
filters map[string]string, entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) {
|
||||
filters map[string]string, entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) {
|
||||
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
@ -2088,7 +2088,7 @@ func (s *Store) ServiceChecksByNodeMeta(ws memdb.WatchSet, serviceName string,
|
|||
|
||||
// ChecksInState is used to query the state store for all checks
|
||||
// which are in the provided state.
|
||||
func (s *Store) ChecksInState(ws memdb.WatchSet, state string, entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) {
|
||||
func (s *Store) ChecksInState(ws memdb.WatchSet, state string, entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -2106,7 +2106,7 @@ func (s *Store) ChecksInState(ws memdb.WatchSet, state string, entMeta *structs.
|
|||
|
||||
// ChecksInStateByNodeMeta is used to query the state store for all checks
|
||||
// which are in the provided state, filtered by the given node metadata values.
|
||||
func (s *Store) ChecksInStateByNodeMeta(ws memdb.WatchSet, state string, filters map[string]string, entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) {
|
||||
func (s *Store) ChecksInStateByNodeMeta(ws memdb.WatchSet, state string, filters map[string]string, entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -2118,7 +2118,7 @@ func (s *Store) ChecksInStateByNodeMeta(ws memdb.WatchSet, state string, filters
|
|||
return parseChecksByNodeMeta(tx, ws, idx, iter, filters, entMeta)
|
||||
}
|
||||
|
||||
func checksInStateTxn(tx ReadTxn, ws memdb.WatchSet, state string, entMeta *structs.EnterpriseMeta) (uint64, memdb.ResultIterator, error) {
|
||||
func checksInStateTxn(tx ReadTxn, ws memdb.WatchSet, state string, entMeta *acl.EnterpriseMeta) (uint64, memdb.ResultIterator, error) {
|
||||
// Get the table index.
|
||||
idx := catalogChecksMaxIndex(tx, entMeta)
|
||||
|
||||
|
@ -2147,7 +2147,7 @@ func checksInStateTxn(tx ReadTxn, ws memdb.WatchSet, state string, entMeta *stru
|
|||
// repetitive code for returning health checks filtered by node metadata fields.
|
||||
func parseChecksByNodeMeta(tx ReadTxn, ws memdb.WatchSet,
|
||||
idx uint64, iter memdb.ResultIterator, filters map[string]string,
|
||||
entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) {
|
||||
entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) {
|
||||
|
||||
// We don't want to track an unlimited number of nodes, so we pull a
|
||||
// top-level watch to use as a fallback.
|
||||
|
@ -2183,7 +2183,7 @@ func parseChecksByNodeMeta(tx ReadTxn, ws memdb.WatchSet,
|
|||
}
|
||||
|
||||
// DeleteCheck is used to delete a health check registration.
|
||||
func (s *Store) DeleteCheck(idx uint64, node string, checkID types.CheckID, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) DeleteCheck(idx uint64, node string, checkID types.CheckID, entMeta *acl.EnterpriseMeta) error {
|
||||
tx := s.db.WriteTxn(idx)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -2198,7 +2198,7 @@ func (s *Store) DeleteCheck(idx uint64, node string, checkID types.CheckID, entM
|
|||
// deleteCheckCASTxn is used to try doing a check delete operation with a given
|
||||
// raft index. If the CAS index specified is not equal to the last observed index for
|
||||
// the given check, then the call is a noop, otherwise a normal check delete is invoked.
|
||||
func (s *Store) deleteCheckCASTxn(tx WriteTxn, idx, cidx uint64, node string, checkID types.CheckID, entMeta *structs.EnterpriseMeta) (bool, error) {
|
||||
func (s *Store) deleteCheckCASTxn(tx WriteTxn, idx, cidx uint64, node string, checkID types.CheckID, entMeta *acl.EnterpriseMeta) (bool, error) {
|
||||
// Try to retrieve the existing health check.
|
||||
_, hc, err := getNodeCheckTxn(tx, node, checkID, entMeta)
|
||||
if err != nil {
|
||||
|
@ -2227,7 +2227,7 @@ func (s *Store) deleteCheckCASTxn(tx WriteTxn, idx, cidx uint64, node string, ch
|
|||
type NodeServiceQuery struct {
|
||||
Node string
|
||||
Service string
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
// NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer
|
||||
|
@ -2244,7 +2244,7 @@ func (q NodeServiceQuery) PartitionOrDefault() string {
|
|||
|
||||
// deleteCheckTxn is the inner method used to call a health
|
||||
// check deletion within an existing transaction.
|
||||
func (s *Store) deleteCheckTxn(tx WriteTxn, idx uint64, node string, checkID types.CheckID, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) deleteCheckTxn(tx WriteTxn, idx uint64, node string, checkID types.CheckID, entMeta *acl.EnterpriseMeta) error {
|
||||
if entMeta == nil {
|
||||
entMeta = structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
}
|
||||
|
@ -2337,19 +2337,19 @@ func (s *Store) CombinedCheckServiceNodes(ws memdb.WatchSet, service structs.Ser
|
|||
}
|
||||
|
||||
// CheckServiceNodes is used to query all nodes and checks for a given service.
|
||||
func (s *Store) CheckServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
func (s *Store) CheckServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
return s.checkServiceNodes(ws, serviceName, false, entMeta)
|
||||
}
|
||||
|
||||
// CheckConnectServiceNodes is used to query all nodes and checks for Connect
|
||||
// compatible endpoints for a given service.
|
||||
func (s *Store) CheckConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
func (s *Store) CheckConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
return s.checkServiceNodes(ws, serviceName, true, entMeta)
|
||||
}
|
||||
|
||||
// CheckIngressServiceNodes is used to query all nodes and checks for ingress
|
||||
// endpoints for a given service.
|
||||
func (s *Store) CheckIngressServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
func (s *Store) CheckIngressServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -2385,14 +2385,14 @@ func (s *Store) CheckIngressServiceNodes(ws memdb.WatchSet, serviceName string,
|
|||
return maxIdx, results, nil
|
||||
}
|
||||
|
||||
func (s *Store) checkServiceNodes(ws memdb.WatchSet, serviceName string, connect bool, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
func (s *Store) checkServiceNodes(ws memdb.WatchSet, serviceName string, connect bool, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
return checkServiceNodesTxn(tx, ws, serviceName, connect, entMeta)
|
||||
}
|
||||
|
||||
func checkServiceNodesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, connect bool, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
func checkServiceNodesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, connect bool, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
index := indexService
|
||||
if connect {
|
||||
index = indexConnect
|
||||
|
@ -2526,7 +2526,7 @@ func checkServiceNodesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, con
|
|||
|
||||
// CheckServiceTagNodes is used to query all nodes and checks for a given
|
||||
// service, filtering out services that don't contain the given tag.
|
||||
func (s *Store) CheckServiceTagNodes(ws memdb.WatchSet, serviceName string, tags []string, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
func (s *Store) CheckServiceTagNodes(ws memdb.WatchSet, serviceName string, tags []string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -2559,7 +2559,7 @@ func (s *Store) CheckServiceTagNodes(ws memdb.WatchSet, serviceName string, tags
|
|||
}
|
||||
|
||||
// GatewayServices is used to query all services associated with a gateway
|
||||
func (s *Store) GatewayServices(ws memdb.WatchSet, gateway string, entMeta *structs.EnterpriseMeta) (uint64, structs.GatewayServices, error) {
|
||||
func (s *Store) GatewayServices(ws memdb.WatchSet, gateway string, entMeta *acl.EnterpriseMeta) (uint64, structs.GatewayServices, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -2631,7 +2631,7 @@ func serviceNamesOfKindTxn(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKi
|
|||
func parseCheckServiceNodes(
|
||||
tx ReadTxn, ws memdb.WatchSet, idx uint64,
|
||||
services structs.ServiceNodes,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
err error) (uint64, structs.CheckServiceNodes, error) {
|
||||
if err != nil {
|
||||
return 0, nil, err
|
||||
|
@ -2722,7 +2722,7 @@ func parseCheckServiceNodes(
|
|||
|
||||
// NodeInfo is used to generate a dump of a single node. The dump includes
|
||||
// all services and checks which are registered against the node.
|
||||
func (s *Store) NodeInfo(ws memdb.WatchSet, node string, entMeta *structs.EnterpriseMeta) (uint64, structs.NodeDump, error) {
|
||||
func (s *Store) NodeInfo(ws memdb.WatchSet, node string, entMeta *acl.EnterpriseMeta) (uint64, structs.NodeDump, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -2748,7 +2748,7 @@ func (s *Store) NodeInfo(ws memdb.WatchSet, node string, entMeta *structs.Enterp
|
|||
// NodeDump is used to generate a dump of all nodes. This call is expensive
|
||||
// as it has to query every node, service, and check. The response can also
|
||||
// be quite large since there is currently no filtering applied.
|
||||
func (s *Store) NodeDump(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.NodeDump, error) {
|
||||
func (s *Store) NodeDump(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.NodeDump, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -2764,7 +2764,7 @@ func (s *Store) NodeDump(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (ui
|
|||
return parseNodes(tx, ws, idx, nodes, entMeta)
|
||||
}
|
||||
|
||||
func (s *Store) ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind bool, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
func (s *Store) ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind bool, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -2775,7 +2775,7 @@ func (s *Store) ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind
|
|||
}
|
||||
}
|
||||
|
||||
func serviceDumpAllTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
func serviceDumpAllTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
// Get the table index
|
||||
idx := catalogMaxIndexWatch(tx, ws, entMeta, true)
|
||||
|
||||
|
@ -2793,7 +2793,7 @@ func serviceDumpAllTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.Enterpris
|
|||
return parseCheckServiceNodes(tx, nil, idx, results, entMeta, err)
|
||||
}
|
||||
|
||||
func serviceDumpKindTxn(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKind, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
func serviceDumpKindTxn(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKind, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) {
|
||||
// unlike when we are dumping all services here we only need to watch the kind specific index entry for changing (or nodes, checks)
|
||||
// updating any services, nodes or checks will bump the appropriate service kind index so there is no need to watch any of the individual
|
||||
// entries
|
||||
|
@ -2821,7 +2821,7 @@ func serviceDumpKindTxn(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKind,
|
|||
// containing the nodes along with all of their associated services
|
||||
// and/or health checks.
|
||||
func parseNodes(tx ReadTxn, ws memdb.WatchSet, idx uint64,
|
||||
iter memdb.ResultIterator, entMeta *structs.EnterpriseMeta) (uint64, structs.NodeDump, error) {
|
||||
iter memdb.ResultIterator, entMeta *acl.EnterpriseMeta) (uint64, structs.NodeDump, error) {
|
||||
|
||||
if entMeta == nil {
|
||||
entMeta = structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
|
@ -2900,7 +2900,7 @@ func checkSessionsTxn(tx ReadTxn, hc *structs.HealthCheck) ([]*sessionCheck, err
|
|||
}
|
||||
|
||||
// updateGatewayServices associates services with gateways as specified in a gateway config entry
|
||||
func updateGatewayServices(tx WriteTxn, idx uint64, conf structs.ConfigEntry, entMeta *structs.EnterpriseMeta) error {
|
||||
func updateGatewayServices(tx WriteTxn, idx uint64, conf structs.ConfigEntry, entMeta *acl.EnterpriseMeta) error {
|
||||
var (
|
||||
noChange bool
|
||||
gatewayServices structs.GatewayServices
|
||||
|
@ -2970,7 +2970,7 @@ func updateGatewayServices(tx WriteTxn, idx uint64, conf structs.ConfigEntry, en
|
|||
return nil
|
||||
}
|
||||
|
||||
func getTermGatewayVirtualIPs(tx WriteTxn, services []structs.LinkedService, entMeta *structs.EnterpriseMeta) (map[string]structs.ServiceAddress, error) {
|
||||
func getTermGatewayVirtualIPs(tx WriteTxn, services []structs.LinkedService, entMeta *acl.EnterpriseMeta) (map[string]structs.ServiceAddress, error) {
|
||||
addrs := make(map[string]structs.ServiceAddress, len(services))
|
||||
for _, s := range services {
|
||||
sn := structs.ServiceName{Name: s.Name, EnterpriseMeta: *entMeta}
|
||||
|
@ -2985,7 +2985,7 @@ func getTermGatewayVirtualIPs(tx WriteTxn, services []structs.LinkedService, ent
|
|||
return addrs, nil
|
||||
}
|
||||
|
||||
func updateTerminatingGatewayVirtualIPs(tx WriteTxn, idx uint64, conf *structs.TerminatingGatewayConfigEntry, entMeta *structs.EnterpriseMeta) error {
|
||||
func updateTerminatingGatewayVirtualIPs(tx WriteTxn, idx uint64, conf *structs.TerminatingGatewayConfigEntry, entMeta *acl.EnterpriseMeta) error {
|
||||
// Build the current map of services with virtual IPs for this gateway
|
||||
services := conf.Services
|
||||
addrs, err := getTermGatewayVirtualIPs(tx, services, entMeta)
|
||||
|
@ -3067,7 +3067,7 @@ func ingressConfigGatewayServices(
|
|||
tx ReadTxn,
|
||||
gateway structs.ServiceName,
|
||||
conf structs.ConfigEntry,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
) (bool, structs.GatewayServices, error) {
|
||||
entry, ok := conf.(*structs.IngressGatewayConfigEntry)
|
||||
if !ok {
|
||||
|
@ -3112,7 +3112,7 @@ func terminatingConfigGatewayServices(
|
|||
tx ReadTxn,
|
||||
gateway structs.ServiceName,
|
||||
conf structs.ConfigEntry,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
) (bool, structs.GatewayServices, error) {
|
||||
entry, ok := conf.(*structs.TerminatingGatewayConfigEntry)
|
||||
if !ok {
|
||||
|
@ -3149,7 +3149,7 @@ func terminatingConfigGatewayServices(
|
|||
}
|
||||
|
||||
// updateGatewayNamespace is used to target all services within a namespace
|
||||
func updateGatewayNamespace(tx WriteTxn, idx uint64, service *structs.GatewayService, entMeta *structs.EnterpriseMeta) error {
|
||||
func updateGatewayNamespace(tx WriteTxn, idx uint64, service *structs.GatewayService, entMeta *acl.EnterpriseMeta) error {
|
||||
if entMeta == nil {
|
||||
entMeta = structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
}
|
||||
|
@ -3343,7 +3343,7 @@ func (s *Store) collectGatewayServices(tx ReadTxn, ws memdb.WatchSet, iter memdb
|
|||
// TODO(ingress): How to handle index rolling back when a config entry is
|
||||
// deleted that references a service?
|
||||
// We might need something like the service_last_extinction index?
|
||||
func serviceGatewayNodes(tx ReadTxn, ws memdb.WatchSet, service string, kind structs.ServiceKind, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceNodes, error) {
|
||||
func serviceGatewayNodes(tx ReadTxn, ws memdb.WatchSet, service string, kind structs.ServiceKind, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceNodes, error) {
|
||||
// Look up gateway name associated with the service
|
||||
gws, err := tx.Get(tableGatewayServices, indexService, structs.NewServiceName(service, entMeta))
|
||||
if err != nil {
|
||||
|
@ -3448,7 +3448,7 @@ func (s *Store) ServiceTopology(
|
|||
dc, service string,
|
||||
kind structs.ServiceKind,
|
||||
defaultAllow acl.EnforcementDecision,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
) (uint64, *structs.ServiceTopology, error) {
|
||||
tx := s.db.ReadTxn()
|
||||
defer tx.Abort()
|
||||
|
@ -3883,7 +3883,7 @@ func updateMeshTopology(tx WriteTxn, idx uint64, node string, svc *structs.NodeS
|
|||
oldUpstreams := make(map[structs.ServiceName]bool)
|
||||
if e, ok := existing.(*structs.ServiceNode); ok {
|
||||
for _, u := range e.ServiceProxy.Upstreams {
|
||||
upstreamMeta := structs.NewEnterpriseMetaWithPartition(e.PartitionOrDefault(), u.DestinationNamespace)
|
||||
upstreamMeta := acl.NewEnterpriseMetaWithPartition(e.PartitionOrDefault(), u.DestinationNamespace)
|
||||
sn := structs.NewServiceName(u.DestinationName, &upstreamMeta)
|
||||
|
||||
oldUpstreams[sn] = true
|
||||
|
@ -3899,7 +3899,7 @@ func updateMeshTopology(tx WriteTxn, idx uint64, node string, svc *structs.NodeS
|
|||
}
|
||||
|
||||
// TODO (freddy): Account for upstream datacenter
|
||||
upstreamMeta := structs.NewEnterpriseMetaWithPartition(svc.PartitionOrDefault(), u.DestinationNamespace)
|
||||
upstreamMeta := acl.NewEnterpriseMetaWithPartition(svc.PartitionOrDefault(), u.DestinationNamespace)
|
||||
upstream := structs.NewServiceName(u.DestinationName, &upstreamMeta)
|
||||
|
||||
obj, err := tx.First(tableMeshTopology, indexID, upstream, downstream)
|
||||
|
|
|
@ -16,7 +16,7 @@ import (
|
|||
// a specific service.
|
||||
type EventSubjectService struct {
|
||||
Key string
|
||||
EnterpriseMeta structs.EnterpriseMeta
|
||||
EnterpriseMeta acl.EnterpriseMeta
|
||||
|
||||
overrideKey string
|
||||
overrideNamespace string
|
||||
|
@ -128,7 +128,7 @@ func serviceHealthSnapshot(db ReadDB, topic stream.Topic) stream.SnapshotFunc {
|
|||
type nodeServiceTuple struct {
|
||||
Node string
|
||||
ServiceID string
|
||||
EntMeta structs.EnterpriseMeta
|
||||
EntMeta acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
func newNodeServiceTupleFromServiceNode(sn *structs.ServiceNode) nodeServiceTuple {
|
||||
|
@ -553,7 +553,7 @@ func getPayloadCheckServiceNode(payload stream.Payload) *structs.CheckServiceNod
|
|||
// given node. This mirrors some of the the logic in the oddly-named
|
||||
// parseCheckServiceNodes but is more efficient since we know they are all on
|
||||
// the same node.
|
||||
func newServiceHealthEventsForNode(tx ReadTxn, idx uint64, node string, entMeta *structs.EnterpriseMeta) ([]stream.Event, error) {
|
||||
func newServiceHealthEventsForNode(tx ReadTxn, idx uint64, node string, entMeta *acl.EnterpriseMeta) ([]stream.Event, error) {
|
||||
services, err := tx.Get(tableServices, indexNode, Query{
|
||||
Value: node,
|
||||
EnterpriseMeta: *entMeta,
|
||||
|
@ -580,7 +580,7 @@ func newServiceHealthEventsForNode(tx ReadTxn, idx uint64, node string, entMeta
|
|||
|
||||
// getNodeAndNodeChecks returns a the node structure and a function that returns
|
||||
// the full list of checks for a specific service on that node.
|
||||
func getNodeAndChecks(tx ReadTxn, node string, entMeta *structs.EnterpriseMeta) (*structs.Node, serviceChecksFunc, error) {
|
||||
func getNodeAndChecks(tx ReadTxn, node string, entMeta *acl.EnterpriseMeta) (*structs.Node, serviceChecksFunc, error) {
|
||||
// Fetch the node
|
||||
nodeRaw, err := tx.First(tableNodes, indexID, Query{
|
||||
Value: node,
|
||||
|
|
|
@ -9,20 +9,21 @@ import (
|
|||
|
||||
memdb "github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
func withEnterpriseSchema(_ *memdb.DBSchema) {}
|
||||
|
||||
func serviceIndexName(name string, _ *structs.EnterpriseMeta) string {
|
||||
func serviceIndexName(name string, _ *acl.EnterpriseMeta) string {
|
||||
return fmt.Sprintf("service.%s", name)
|
||||
}
|
||||
|
||||
func serviceKindIndexName(kind structs.ServiceKind, _ *structs.EnterpriseMeta) string {
|
||||
func serviceKindIndexName(kind structs.ServiceKind, _ *acl.EnterpriseMeta) string {
|
||||
return "service_kind." + kind.Normalized()
|
||||
}
|
||||
|
||||
func catalogUpdateNodesIndexes(tx WriteTxn, idx uint64, entMeta *structs.EnterpriseMeta) error {
|
||||
func catalogUpdateNodesIndexes(tx WriteTxn, idx uint64, entMeta *acl.EnterpriseMeta) error {
|
||||
// overall nodes index
|
||||
if err := indexUpdateMaxTxn(tx, idx, tableNodes); err != nil {
|
||||
return fmt.Errorf("failed updating index: %s", err)
|
||||
|
@ -31,7 +32,7 @@ func catalogUpdateNodesIndexes(tx WriteTxn, idx uint64, entMeta *structs.Enterpr
|
|||
return nil
|
||||
}
|
||||
|
||||
func catalogUpdateServicesIndexes(tx WriteTxn, idx uint64, _ *structs.EnterpriseMeta) error {
|
||||
func catalogUpdateServicesIndexes(tx WriteTxn, idx uint64, _ *acl.EnterpriseMeta) error {
|
||||
// overall services index
|
||||
if err := indexUpdateMaxTxn(tx, idx, tableServices); err != nil {
|
||||
return fmt.Errorf("failed updating index: %s", err)
|
||||
|
@ -40,7 +41,7 @@ func catalogUpdateServicesIndexes(tx WriteTxn, idx uint64, _ *structs.Enterprise
|
|||
return nil
|
||||
}
|
||||
|
||||
func catalogUpdateServiceKindIndexes(tx WriteTxn, kind structs.ServiceKind, idx uint64, _ *structs.EnterpriseMeta) error {
|
||||
func catalogUpdateServiceKindIndexes(tx WriteTxn, kind structs.ServiceKind, idx uint64, _ *acl.EnterpriseMeta) error {
|
||||
// service-kind index
|
||||
if err := indexUpdateMaxTxn(tx, idx, serviceKindIndexName(kind, nil)); err != nil {
|
||||
return fmt.Errorf("failed updating index: %s", err)
|
||||
|
@ -49,7 +50,7 @@ func catalogUpdateServiceKindIndexes(tx WriteTxn, kind structs.ServiceKind, idx
|
|||
return nil
|
||||
}
|
||||
|
||||
func catalogUpdateServiceIndexes(tx WriteTxn, serviceName string, idx uint64, _ *structs.EnterpriseMeta) error {
|
||||
func catalogUpdateServiceIndexes(tx WriteTxn, serviceName string, idx uint64, _ *acl.EnterpriseMeta) error {
|
||||
// per-service index
|
||||
if err := indexUpdateMaxTxn(tx, idx, serviceIndexName(serviceName, nil)); err != nil {
|
||||
return fmt.Errorf("failed updating index: %s", err)
|
||||
|
@ -58,7 +59,7 @@ func catalogUpdateServiceIndexes(tx WriteTxn, serviceName string, idx uint64, _
|
|||
return nil
|
||||
}
|
||||
|
||||
func catalogUpdateServiceExtinctionIndex(tx WriteTxn, idx uint64, _ *structs.EnterpriseMeta) error {
|
||||
func catalogUpdateServiceExtinctionIndex(tx WriteTxn, idx uint64, _ *acl.EnterpriseMeta) error {
|
||||
if err := tx.Insert(tableIndex, &IndexEntry{indexServiceExtinction, idx}); err != nil {
|
||||
return fmt.Errorf("failed updating missing service extinction index: %s", err)
|
||||
}
|
||||
|
@ -109,49 +110,49 @@ func catalogInsertService(tx WriteTxn, svc *structs.ServiceNode) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func catalogNodesMaxIndex(tx ReadTxn, entMeta *structs.EnterpriseMeta) uint64 {
|
||||
func catalogNodesMaxIndex(tx ReadTxn, entMeta *acl.EnterpriseMeta) uint64 {
|
||||
return maxIndexTxn(tx, tableNodes)
|
||||
}
|
||||
|
||||
func catalogServicesMaxIndex(tx ReadTxn, _ *structs.EnterpriseMeta) uint64 {
|
||||
func catalogServicesMaxIndex(tx ReadTxn, _ *acl.EnterpriseMeta) uint64 {
|
||||
return maxIndexTxn(tx, tableServices)
|
||||
}
|
||||
|
||||
func catalogServiceMaxIndex(tx ReadTxn, serviceName string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
func catalogServiceMaxIndex(tx ReadTxn, serviceName string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
return tx.FirstWatch(tableIndex, "id", serviceIndexName(serviceName, nil))
|
||||
}
|
||||
|
||||
func catalogServiceKindMaxIndex(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKind, entMeta *structs.EnterpriseMeta) uint64 {
|
||||
func catalogServiceKindMaxIndex(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKind, entMeta *acl.EnterpriseMeta) uint64 {
|
||||
return maxIndexWatchTxn(tx, ws, serviceKindIndexName(kind, nil))
|
||||
}
|
||||
|
||||
func catalogServiceListNoWildcard(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
func catalogServiceListNoWildcard(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get(tableServices, indexID)
|
||||
}
|
||||
|
||||
func catalogServiceListByNode(tx ReadTxn, node string, _ *structs.EnterpriseMeta, _ bool) (memdb.ResultIterator, error) {
|
||||
func catalogServiceListByNode(tx ReadTxn, node string, _ *acl.EnterpriseMeta, _ bool) (memdb.ResultIterator, error) {
|
||||
return tx.Get(tableServices, indexNode, Query{Value: node})
|
||||
}
|
||||
|
||||
func catalogServiceLastExtinctionIndex(tx ReadTxn, _ *structs.EnterpriseMeta) (interface{}, error) {
|
||||
func catalogServiceLastExtinctionIndex(tx ReadTxn, _ *acl.EnterpriseMeta) (interface{}, error) {
|
||||
return tx.First(tableIndex, "id", indexServiceExtinction)
|
||||
}
|
||||
|
||||
func catalogMaxIndex(tx ReadTxn, _ *structs.EnterpriseMeta, checks bool) uint64 {
|
||||
func catalogMaxIndex(tx ReadTxn, _ *acl.EnterpriseMeta, checks bool) uint64 {
|
||||
if checks {
|
||||
return maxIndexTxn(tx, tableNodes, tableServices, tableChecks)
|
||||
}
|
||||
return maxIndexTxn(tx, tableNodes, tableServices)
|
||||
}
|
||||
|
||||
func catalogMaxIndexWatch(tx ReadTxn, ws memdb.WatchSet, _ *structs.EnterpriseMeta, checks bool) uint64 {
|
||||
func catalogMaxIndexWatch(tx ReadTxn, ws memdb.WatchSet, _ *acl.EnterpriseMeta, checks bool) uint64 {
|
||||
if checks {
|
||||
return maxIndexWatchTxn(tx, ws, tableNodes, tableServices, tableChecks)
|
||||
}
|
||||
return maxIndexWatchTxn(tx, ws, tableNodes, tableServices)
|
||||
}
|
||||
|
||||
func catalogUpdateCheckIndexes(tx WriteTxn, idx uint64, _ *structs.EnterpriseMeta) error {
|
||||
func catalogUpdateCheckIndexes(tx WriteTxn, idx uint64, _ *acl.EnterpriseMeta) error {
|
||||
// update the universal index entry
|
||||
if err := tx.Insert(tableIndex, &IndexEntry{tableChecks, idx}); err != nil {
|
||||
return fmt.Errorf("failed updating index: %s", err)
|
||||
|
@ -159,7 +160,7 @@ func catalogUpdateCheckIndexes(tx WriteTxn, idx uint64, _ *structs.EnterpriseMet
|
|||
return nil
|
||||
}
|
||||
|
||||
func catalogChecksMaxIndex(tx ReadTxn, _ *structs.EnterpriseMeta) uint64 {
|
||||
func catalogChecksMaxIndex(tx ReadTxn, _ *acl.EnterpriseMeta) uint64 {
|
||||
return maxIndexTxn(tx, tableChecks)
|
||||
}
|
||||
|
||||
|
@ -180,11 +181,11 @@ func catalogInsertCheck(tx WriteTxn, chk *structs.HealthCheck, idx uint64) error
|
|||
return nil
|
||||
}
|
||||
|
||||
func validateRegisterRequestTxn(_ ReadTxn, _ *structs.RegisterRequest, _ bool) (*structs.EnterpriseMeta, error) {
|
||||
func validateRegisterRequestTxn(_ ReadTxn, _ *structs.RegisterRequest, _ bool) (*acl.EnterpriseMeta, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func (s *Store) ValidateRegisterRequest(_ *structs.RegisterRequest) (*structs.EnterpriseMeta, error) {
|
||||
func (s *Store) ValidateRegisterRequest(_ *structs.RegisterRequest) (*acl.EnterpriseMeta, error) {
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
|
|
|
@ -6,6 +6,7 @@ package state
|
|||
import (
|
||||
"net"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/types"
|
||||
)
|
||||
|
@ -33,7 +34,7 @@ func testIndexerTableChecks() map[string]indexerTestCase {
|
|||
},
|
||||
prefix: []indexValue{
|
||||
{
|
||||
source: structs.EnterpriseMeta{},
|
||||
source: acl.EnterpriseMeta{},
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
|
@ -193,11 +194,11 @@ func testIndexerTableNodes() map[string]indexerTestCase {
|
|||
},
|
||||
prefix: []indexValue{
|
||||
{
|
||||
source: (*structs.EnterpriseMeta)(nil),
|
||||
source: (*acl.EnterpriseMeta)(nil),
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
source: structs.EnterpriseMeta{},
|
||||
source: acl.EnterpriseMeta{},
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
|
@ -220,11 +221,11 @@ func testIndexerTableNodes() map[string]indexerTestCase {
|
|||
},
|
||||
prefix: []indexValue{
|
||||
{
|
||||
source: (*structs.EnterpriseMeta)(nil),
|
||||
source: (*acl.EnterpriseMeta)(nil),
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
source: structs.EnterpriseMeta{},
|
||||
source: acl.EnterpriseMeta{},
|
||||
expected: nil,
|
||||
},
|
||||
{ // partial length
|
||||
|
@ -286,11 +287,11 @@ func testIndexerTableServices() map[string]indexerTestCase {
|
|||
},
|
||||
prefix: []indexValue{
|
||||
{
|
||||
source: (*structs.EnterpriseMeta)(nil),
|
||||
source: (*acl.EnterpriseMeta)(nil),
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
source: structs.EnterpriseMeta{},
|
||||
source: acl.EnterpriseMeta{},
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
|
||||
"github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
|
@ -589,7 +590,7 @@ type upstreamDownstream struct {
|
|||
type NodeCheckQuery struct {
|
||||
Node string
|
||||
CheckID string
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
// NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer
|
||||
|
@ -709,7 +710,7 @@ func kindServiceNameTableSchema() *memdb.TableSchema {
|
|||
type KindServiceNameQuery struct {
|
||||
Kind structs.ServiceKind
|
||||
Name string
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
// NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
|
||||
memdb "github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/configentry"
|
||||
"github.com/hashicorp/consul/agent/connect"
|
||||
"github.com/hashicorp/consul/agent/consul/discoverychain"
|
||||
|
@ -95,13 +96,13 @@ func (s *Restore) ConfigEntry(c structs.ConfigEntry) error {
|
|||
}
|
||||
|
||||
// ConfigEntry is called to get a given config entry.
|
||||
func (s *Store) ConfigEntry(ws memdb.WatchSet, kind, name string, entMeta *structs.EnterpriseMeta) (uint64, structs.ConfigEntry, error) {
|
||||
func (s *Store) ConfigEntry(ws memdb.WatchSet, kind, name string, entMeta *acl.EnterpriseMeta) (uint64, structs.ConfigEntry, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
return configEntryTxn(tx, ws, kind, name, entMeta)
|
||||
}
|
||||
|
||||
func configEntryTxn(tx ReadTxn, ws memdb.WatchSet, kind, name string, entMeta *structs.EnterpriseMeta) (uint64, structs.ConfigEntry, error) {
|
||||
func configEntryTxn(tx ReadTxn, ws memdb.WatchSet, kind, name string, entMeta *acl.EnterpriseMeta) (uint64, structs.ConfigEntry, error) {
|
||||
// Get the index
|
||||
idx := maxIndexTxn(tx, tableConfigEntries)
|
||||
|
||||
|
@ -124,19 +125,19 @@ func configEntryTxn(tx ReadTxn, ws memdb.WatchSet, kind, name string, entMeta *s
|
|||
}
|
||||
|
||||
// ConfigEntries is called to get all config entry objects.
|
||||
func (s *Store) ConfigEntries(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) {
|
||||
func (s *Store) ConfigEntries(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) {
|
||||
return s.ConfigEntriesByKind(ws, "", entMeta)
|
||||
}
|
||||
|
||||
// ConfigEntriesByKind is called to get all config entry objects with the given kind.
|
||||
// If kind is empty, all config entries will be returned.
|
||||
func (s *Store) ConfigEntriesByKind(ws memdb.WatchSet, kind string, entMeta *structs.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) {
|
||||
func (s *Store) ConfigEntriesByKind(ws memdb.WatchSet, kind string, entMeta *acl.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
return configEntriesByKindTxn(tx, ws, kind, entMeta)
|
||||
}
|
||||
|
||||
func configEntriesByKindTxn(tx ReadTxn, ws memdb.WatchSet, kind string, entMeta *structs.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) {
|
||||
func configEntriesByKindTxn(tx ReadTxn, ws memdb.WatchSet, kind string, entMeta *acl.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) {
|
||||
// Get the index and watch for updates
|
||||
idx := maxIndexWatchTxn(tx, ws, tableConfigEntries)
|
||||
|
||||
|
@ -278,7 +279,7 @@ func (s *Store) DeleteConfigEntryCAS(idx, cidx uint64, conf structs.ConfigEntry)
|
|||
return err == nil, err
|
||||
}
|
||||
|
||||
func (s *Store) DeleteConfigEntry(idx uint64, kind, name string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) DeleteConfigEntry(idx uint64, kind, name string, entMeta *acl.EnterpriseMeta) error {
|
||||
tx := s.db.WriteTxn(idx)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -290,7 +291,7 @@ func (s *Store) DeleteConfigEntry(idx uint64, kind, name string, entMeta *struct
|
|||
}
|
||||
|
||||
// TODO: accept structs.ConfigEntry instead of individual fields
|
||||
func deleteConfigEntryTxn(tx WriteTxn, idx uint64, kind, name string, entMeta *structs.EnterpriseMeta) error {
|
||||
func deleteConfigEntryTxn(tx WriteTxn, idx uint64, kind, name string, entMeta *acl.EnterpriseMeta) error {
|
||||
q := configentry.NewKindName(kind, name, entMeta)
|
||||
existing, err := tx.First(tableConfigEntries, indexID, q)
|
||||
if err != nil {
|
||||
|
@ -423,7 +424,7 @@ var serviceGraphKinds = []string{
|
|||
}
|
||||
|
||||
// discoveryChainTargets will return a list of services listed as a target for the input's discovery chain
|
||||
func (s *Store) discoveryChainTargetsTxn(tx ReadTxn, ws memdb.WatchSet, dc, service string, entMeta *structs.EnterpriseMeta) (uint64, []structs.ServiceName, error) {
|
||||
func (s *Store) discoveryChainTargetsTxn(tx ReadTxn, ws memdb.WatchSet, dc, service string, entMeta *acl.EnterpriseMeta) (uint64, []structs.ServiceName, error) {
|
||||
source := structs.NewServiceName(service, entMeta)
|
||||
req := discoverychain.CompileRequest{
|
||||
ServiceName: source.Name,
|
||||
|
@ -438,7 +439,7 @@ func (s *Store) discoveryChainTargetsTxn(tx ReadTxn, ws memdb.WatchSet, dc, serv
|
|||
|
||||
var resp []structs.ServiceName
|
||||
for _, t := range chain.Targets {
|
||||
em := structs.NewEnterpriseMetaWithPartition(entMeta.PartitionOrDefault(), t.Namespace)
|
||||
em := acl.NewEnterpriseMetaWithPartition(entMeta.PartitionOrDefault(), t.Namespace)
|
||||
target := structs.NewServiceName(t.Service, &em)
|
||||
|
||||
// TODO (freddy): Allow upstream DC and encode in response
|
||||
|
@ -494,7 +495,7 @@ func (s *Store) discoveryChainSourcesTxn(tx ReadTxn, ws memdb.WatchSet, dc strin
|
|||
}
|
||||
|
||||
for _, t := range chain.Targets {
|
||||
em := structs.NewEnterpriseMetaWithPartition(sn.PartitionOrDefault(), t.Namespace)
|
||||
em := acl.NewEnterpriseMetaWithPartition(sn.PartitionOrDefault(), t.Namespace)
|
||||
candidate := structs.NewServiceName(t.Service, &em)
|
||||
|
||||
if !candidate.Matches(destination) {
|
||||
|
@ -740,7 +741,7 @@ func testCompileDiscoveryChain(
|
|||
tx ReadTxn,
|
||||
chainName string,
|
||||
overrides map[configentry.KindName]structs.ConfigEntry,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
) (string, *structs.DiscoveryGraphNode, error) {
|
||||
_, speculativeEntries, err := readDiscoveryChainConfigEntriesTxn(tx, nil, chainName, overrides, entMeta)
|
||||
if err != nil {
|
||||
|
@ -770,7 +771,7 @@ func testCompileDiscoveryChain(
|
|||
func (s *Store) ServiceDiscoveryChain(
|
||||
ws memdb.WatchSet,
|
||||
serviceName string,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
req discoverychain.CompileRequest,
|
||||
) (uint64, *structs.CompiledDiscoveryChain, *configentry.DiscoveryChainSet, error) {
|
||||
tx := s.db.ReadTxn()
|
||||
|
@ -783,7 +784,7 @@ func (s *Store) serviceDiscoveryChainTxn(
|
|||
tx ReadTxn,
|
||||
ws memdb.WatchSet,
|
||||
serviceName string,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
req discoverychain.CompileRequest,
|
||||
) (uint64, *structs.CompiledDiscoveryChain, *configentry.DiscoveryChainSet, error) {
|
||||
|
||||
|
@ -821,7 +822,7 @@ func (s *Store) serviceDiscoveryChainTxn(
|
|||
func (s *Store) ReadResolvedServiceConfigEntries(
|
||||
ws memdb.WatchSet,
|
||||
serviceName string,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
upstreamIDs []structs.ServiceID,
|
||||
proxyMode structs.ProxyMode,
|
||||
) (uint64, *configentry.ResolvedServiceConfigSet, error) {
|
||||
|
@ -941,7 +942,7 @@ func (s *Store) ReadResolvedServiceConfigEntries(
|
|||
func (s *Store) ReadDiscoveryChainConfigEntries(
|
||||
ws memdb.WatchSet,
|
||||
serviceName string,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
) (uint64, *configentry.DiscoveryChainSet, error) {
|
||||
return s.readDiscoveryChainConfigEntries(ws, serviceName, nil, entMeta)
|
||||
}
|
||||
|
@ -960,7 +961,7 @@ func (s *Store) readDiscoveryChainConfigEntries(
|
|||
ws memdb.WatchSet,
|
||||
serviceName string,
|
||||
overrides map[configentry.KindName]structs.ConfigEntry,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
) (uint64, *configentry.DiscoveryChainSet, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
@ -972,7 +973,7 @@ func readDiscoveryChainConfigEntriesTxn(
|
|||
ws memdb.WatchSet,
|
||||
serviceName string,
|
||||
overrides map[configentry.KindName]structs.ConfigEntry,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
) (uint64, *configentry.DiscoveryChainSet, error) {
|
||||
res := configentry.NewDiscoveryChainSet()
|
||||
|
||||
|
@ -1179,7 +1180,7 @@ func getProxyConfigEntryTxn(
|
|||
ws memdb.WatchSet,
|
||||
name string,
|
||||
overrides map[configentry.KindName]structs.ConfigEntry,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
) (uint64, *structs.ProxyConfigEntry, error) {
|
||||
idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ProxyDefaults, name, overrides, entMeta)
|
||||
if err != nil {
|
||||
|
@ -1204,7 +1205,7 @@ func getServiceConfigEntryTxn(
|
|||
ws memdb.WatchSet,
|
||||
serviceName string,
|
||||
overrides map[configentry.KindName]structs.ConfigEntry,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
) (uint64, *structs.ServiceConfigEntry, error) {
|
||||
idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ServiceDefaults, serviceName, overrides, entMeta)
|
||||
if err != nil {
|
||||
|
@ -1229,7 +1230,7 @@ func getRouterConfigEntryTxn(
|
|||
ws memdb.WatchSet,
|
||||
serviceName string,
|
||||
overrides map[configentry.KindName]structs.ConfigEntry,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
) (uint64, *structs.ServiceRouterConfigEntry, error) {
|
||||
idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ServiceRouter, serviceName, overrides, entMeta)
|
||||
if err != nil {
|
||||
|
@ -1254,7 +1255,7 @@ func getSplitterConfigEntryTxn(
|
|||
ws memdb.WatchSet,
|
||||
serviceName string,
|
||||
overrides map[configentry.KindName]structs.ConfigEntry,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
) (uint64, *structs.ServiceSplitterConfigEntry, error) {
|
||||
idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ServiceSplitter, serviceName, overrides, entMeta)
|
||||
if err != nil {
|
||||
|
@ -1279,7 +1280,7 @@ func getResolverConfigEntryTxn(
|
|||
ws memdb.WatchSet,
|
||||
serviceName string,
|
||||
overrides map[configentry.KindName]structs.ConfigEntry,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
) (uint64, *structs.ServiceResolverConfigEntry, error) {
|
||||
idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ServiceResolver, serviceName, overrides, entMeta)
|
||||
if err != nil {
|
||||
|
@ -1304,7 +1305,7 @@ func getServiceIntentionsConfigEntryTxn(
|
|||
ws memdb.WatchSet,
|
||||
name string,
|
||||
overrides map[configentry.KindName]structs.ConfigEntry,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
) (uint64, *structs.ServiceIntentionsConfigEntry, error) {
|
||||
idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ServiceIntentions, name, overrides, entMeta)
|
||||
if err != nil {
|
||||
|
@ -1326,7 +1327,7 @@ func configEntryWithOverridesTxn(
|
|||
kind string,
|
||||
name string,
|
||||
overrides map[configentry.KindName]structs.ConfigEntry,
|
||||
entMeta *structs.EnterpriseMeta,
|
||||
entMeta *acl.EnterpriseMeta,
|
||||
) (uint64, structs.ConfigEntry, error) {
|
||||
if len(overrides) > 0 {
|
||||
kn := configentry.NewKindName(kind, name, entMeta)
|
||||
|
@ -1389,7 +1390,7 @@ func newConfigEntryQuery(c structs.ConfigEntry) configentry.KindName {
|
|||
// ConfigEntryKindQuery is used to lookup config entries by their kind.
|
||||
type ConfigEntryKindQuery struct {
|
||||
Kind string
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
// NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
|
||||
memdb "github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
|
@ -123,7 +124,7 @@ func (s *ServiceIntentionSourceIndex) FromArgs(args ...interface{}) ([]byte, err
|
|||
return []byte(arg.String() + "\x00"), nil
|
||||
}
|
||||
|
||||
func configIntentionsListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, bool, error) {
|
||||
func configIntentionsListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, bool, error) {
|
||||
// unrolled part of configEntriesByKindTxn
|
||||
|
||||
idx := maxIndexTxn(tx, tableConfigEntries)
|
||||
|
@ -238,7 +239,7 @@ func configIntentionMatchOneTxn(
|
|||
}
|
||||
}
|
||||
|
||||
func readSourceIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, error) {
|
||||
func readSourceIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, error) {
|
||||
idx := maxIndexTxn(tx, tableConfigEntries)
|
||||
|
||||
var (
|
||||
|
@ -262,7 +263,7 @@ func readSourceIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, ser
|
|||
return idx, results, nil
|
||||
}
|
||||
|
||||
func readSourceIntentionsFromConfigEntriesForServiceTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta, results structs.Intentions) (structs.Intentions, error) {
|
||||
func readSourceIntentionsFromConfigEntriesForServiceTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, results structs.Intentions) (structs.Intentions, error) {
|
||||
sn := structs.NewServiceName(serviceName, entMeta)
|
||||
|
||||
iter, err := tx.Get(tableConfigEntries, indexSource, sn)
|
||||
|
@ -283,7 +284,7 @@ func readSourceIntentionsFromConfigEntriesForServiceTxn(tx ReadTxn, ws memdb.Wat
|
|||
return results, nil
|
||||
}
|
||||
|
||||
func readDestinationIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, error) {
|
||||
func readDestinationIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, error) {
|
||||
idx := maxIndexTxn(tx, tableConfigEntries)
|
||||
|
||||
var results structs.Intentions
|
||||
|
|
|
@ -4,10 +4,11 @@
|
|||
package state
|
||||
|
||||
import (
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
func getIntentionPrecedenceMatchServiceNames(serviceName string, entMeta *structs.EnterpriseMeta) []structs.ServiceName {
|
||||
func getIntentionPrecedenceMatchServiceNames(serviceName string, entMeta *acl.EnterpriseMeta) []structs.ServiceName {
|
||||
if serviceName == structs.WildcardSpecifier {
|
||||
return []structs.ServiceName{
|
||||
structs.NewServiceName(structs.WildcardSpecifier, entMeta),
|
||||
|
|
|
@ -9,6 +9,7 @@ import (
|
|||
|
||||
memdb "github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/configentry"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
@ -17,9 +18,9 @@ func indexFromConfigEntryKindName(arg interface{}) ([]byte, error) {
|
|||
var b indexBuilder
|
||||
|
||||
switch n := arg.(type) {
|
||||
case *structs.EnterpriseMeta:
|
||||
case *acl.EnterpriseMeta:
|
||||
return nil, nil
|
||||
case structs.EnterpriseMeta:
|
||||
case acl.EnterpriseMeta:
|
||||
return b.Bytes(), nil
|
||||
case ConfigEntryKindQuery:
|
||||
b.String(strings.ToLower(n.Kind))
|
||||
|
@ -37,7 +38,7 @@ func validateConfigEntryEnterprise(_ ReadTxn, _ structs.ConfigEntry) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
func getAllConfigEntriesWithTxn(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
func getAllConfigEntriesWithTxn(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get(tableConfigEntries, indexID)
|
||||
}
|
||||
|
||||
|
@ -45,11 +46,11 @@ func getAllConfigEntriesByKindWithTxn(tx ReadTxn, kind string) (memdb.ResultIter
|
|||
return getConfigEntryKindsWithTxn(tx, kind, nil)
|
||||
}
|
||||
|
||||
func getConfigEntryKindsWithTxn(tx ReadTxn, kind string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
func getConfigEntryKindsWithTxn(tx ReadTxn, kind string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get(tableConfigEntries, indexID+"_prefix", ConfigEntryKindQuery{Kind: kind})
|
||||
}
|
||||
|
||||
func configIntentionsConvertToList(iter memdb.ResultIterator, _ *structs.EnterpriseMeta) structs.Intentions {
|
||||
func configIntentionsConvertToList(iter memdb.ResultIterator, _ *acl.EnterpriseMeta) structs.Intentions {
|
||||
var results structs.Intentions
|
||||
for v := iter.Next(); v != nil; v = iter.Next() {
|
||||
entry := v.(*structs.ServiceIntentionsConfigEntry)
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
package state
|
||||
|
||||
import (
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/configentry"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
@ -24,7 +25,7 @@ func testIndexerTableConfigEntries() map[string]indexerTestCase {
|
|||
},
|
||||
prefix: []indexValue{
|
||||
{
|
||||
source: structs.EnterpriseMeta{},
|
||||
source: acl.EnterpriseMeta{},
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
|
||||
"github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/lib"
|
||||
)
|
||||
|
@ -66,7 +67,7 @@ type CoordinateQuery struct {
|
|||
}
|
||||
|
||||
func (c CoordinateQuery) PartitionOrDefault() string {
|
||||
return structs.PartitionOrDefault(c.Partition)
|
||||
return acl.PartitionOrDefault(c.Partition)
|
||||
}
|
||||
|
||||
// coordinatesTableSchema returns a new table schema used for storing
|
||||
|
@ -128,7 +129,7 @@ func (s *Restore) Coordinates(idx uint64, updates structs.Coordinates) error {
|
|||
|
||||
// Coordinate returns a map of coordinates for the given node, indexed by
|
||||
// network segment.
|
||||
func (s *Store) Coordinate(ws memdb.WatchSet, node string, entMeta *structs.EnterpriseMeta) (uint64, lib.CoordinateSet, error) {
|
||||
func (s *Store) Coordinate(ws memdb.WatchSet, node string, entMeta *acl.EnterpriseMeta) (uint64, lib.CoordinateSet, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -157,7 +158,7 @@ func (s *Store) Coordinate(ws memdb.WatchSet, node string, entMeta *structs.Ente
|
|||
}
|
||||
|
||||
// Coordinates queries for all nodes with coordinates.
|
||||
func (s *Store) Coordinates(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Coordinates, error) {
|
||||
func (s *Store) Coordinates(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Coordinates, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
|
|
@ -6,14 +6,15 @@ package state
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
func coordinatesMaxIndex(tx ReadTxn, entMeta *structs.EnterpriseMeta) uint64 {
|
||||
func coordinatesMaxIndex(tx ReadTxn, entMeta *acl.EnterpriseMeta) uint64 {
|
||||
return maxIndexTxn(tx, tableCoordinates)
|
||||
}
|
||||
|
||||
func updateCoordinatesIndexes(tx WriteTxn, idx uint64, entMeta *structs.EnterpriseMeta) error {
|
||||
func updateCoordinatesIndexes(tx WriteTxn, idx uint64, entMeta *acl.EnterpriseMeta) error {
|
||||
// Update the index.
|
||||
if err := indexUpdateMaxTxn(tx, idx, tableCoordinates); err != nil {
|
||||
return fmt.Errorf("failed updating index: %s", err)
|
||||
|
|
|
@ -3,7 +3,10 @@
|
|||
|
||||
package state
|
||||
|
||||
import "github.com/hashicorp/consul/agent/structs"
|
||||
import (
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
func testIndexerTableCoordinates() map[string]indexerTestCase {
|
||||
return map[string]indexerTestCase{
|
||||
|
@ -24,11 +27,11 @@ func testIndexerTableCoordinates() map[string]indexerTestCase {
|
|||
},
|
||||
prefix: []indexValue{
|
||||
{
|
||||
source: (*structs.EnterpriseMeta)(nil),
|
||||
source: (*acl.EnterpriseMeta)(nil),
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
source: structs.EnterpriseMeta{},
|
||||
source: acl.EnterpriseMeta{},
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
|
|
|
@ -4,9 +4,10 @@
|
|||
package state
|
||||
|
||||
import (
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"sync"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
)
|
||||
|
||||
// Delay is used to mark certain locks as unacquirable. When a lock is
|
||||
|
@ -36,7 +37,7 @@ func NewDelay() *Delay {
|
|||
// GetExpiration returns the expiration time of a key lock delay. This must be
|
||||
// checked on the leader node, and not in KVSLock due to the variability of
|
||||
// clocks.
|
||||
func (d *Delay) GetExpiration(key string, entMeta *structs.EnterpriseMeta) time.Time {
|
||||
func (d *Delay) GetExpiration(key string, entMeta *acl.EnterpriseMeta) time.Time {
|
||||
d.lock.RLock()
|
||||
expires := d.delay[key]
|
||||
d.lock.RUnlock()
|
||||
|
@ -45,7 +46,7 @@ func (d *Delay) GetExpiration(key string, entMeta *structs.EnterpriseMeta) time.
|
|||
|
||||
// SetExpiration sets the expiration time for the lock delay to the given
|
||||
// delay from the given now time.
|
||||
func (d *Delay) SetExpiration(key string, now time.Time, delay time.Duration, entMeta *structs.EnterpriseMeta) {
|
||||
func (d *Delay) SetExpiration(key string, now time.Time, delay time.Duration, entMeta *acl.EnterpriseMeta) {
|
||||
d.lock.Lock()
|
||||
defer d.lock.Unlock()
|
||||
|
||||
|
|
|
@ -5,7 +5,7 @@ import (
|
|||
|
||||
"github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/acl"
|
||||
)
|
||||
|
||||
// Tombstone is the internal type used to track tombstones.
|
||||
|
@ -13,7 +13,7 @@ type Tombstone struct {
|
|||
Key string
|
||||
Index uint64
|
||||
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
func (t Tombstone) IDValue() string {
|
||||
|
@ -33,7 +33,7 @@ func NewGraveyard(gc *TombstoneGC) *Graveyard {
|
|||
}
|
||||
|
||||
// InsertTxn adds a new tombstone.
|
||||
func (g *Graveyard) InsertTxn(tx WriteTxn, key string, idx uint64, entMeta *structs.EnterpriseMeta) error {
|
||||
func (g *Graveyard) InsertTxn(tx WriteTxn, key string, idx uint64, entMeta *acl.EnterpriseMeta) error {
|
||||
stone := &Tombstone{
|
||||
Key: key,
|
||||
Index: idx,
|
||||
|
|
|
@ -6,6 +6,7 @@ package state
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
|
@ -28,7 +29,7 @@ func (g *Graveyard) insertTombstoneWithTxn(tx WriteTxn, _ string, stone *Tombsto
|
|||
|
||||
// GetMaxIndexTxn returns the highest index tombstone whose key matches the
|
||||
// given context, using a prefix match.
|
||||
func (g *Graveyard) GetMaxIndexTxn(tx ReadTxn, prefix string, _ *structs.EnterpriseMeta) (uint64, error) {
|
||||
func (g *Graveyard) GetMaxIndexTxn(tx ReadTxn, prefix string, _ *acl.EnterpriseMeta) (uint64, error) {
|
||||
var lindex uint64
|
||||
q := Query{Value: prefix, EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition()}
|
||||
stones, err := tx.Get(tableTombstones, indexID+"_prefix", q)
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
|
@ -196,7 +197,7 @@ func (b *indexBuilder) Bool(v bool) {
|
|||
|
||||
type TimeQuery struct {
|
||||
Value time.Time
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
// NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer
|
||||
|
|
|
@ -150,7 +150,7 @@ func areIntentionsInConfigEntries(tx ReadTxn, ws memdb.WatchSet) (bool, error) {
|
|||
|
||||
// LegacyIntentions is like Intentions() but only returns legacy intentions.
|
||||
// This is exposed for migration purposes.
|
||||
func (s *Store) LegacyIntentions(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, error) {
|
||||
func (s *Store) LegacyIntentions(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -159,7 +159,7 @@ func (s *Store) LegacyIntentions(ws memdb.WatchSet, entMeta *structs.EnterpriseM
|
|||
}
|
||||
|
||||
// Intentions returns the list of all intentions. The boolean response value is true if it came from config entries.
|
||||
func (s *Store) Intentions(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, bool, error) {
|
||||
func (s *Store) Intentions(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, bool, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -173,7 +173,7 @@ func (s *Store) Intentions(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (
|
|||
return configIntentionsListTxn(tx, ws, entMeta)
|
||||
}
|
||||
|
||||
func legacyIntentionsListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, bool, error) {
|
||||
func legacyIntentionsListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, bool, error) {
|
||||
// Get the index
|
||||
idx := maxIndexTxn(tx, tableConnectIntentions)
|
||||
if idx < 1 {
|
||||
|
|
|
@ -6,10 +6,10 @@ package state
|
|||
import (
|
||||
memdb "github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/acl"
|
||||
)
|
||||
|
||||
func intentionListTxn(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
func intentionListTxn(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
// Get all intentions
|
||||
return tx.Get(tableConnectIntentions, "id")
|
||||
}
|
||||
|
|
|
@ -6,6 +6,7 @@ import (
|
|||
|
||||
"github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
|
@ -176,7 +177,7 @@ func kvsSetTxn(tx WriteTxn, idx uint64, entry *structs.DirEntry, updateSession b
|
|||
}
|
||||
|
||||
// KVSGet is used to retrieve a key/value pair from the state store.
|
||||
func (s *Store) KVSGet(ws memdb.WatchSet, key string, entMeta *structs.EnterpriseMeta) (uint64, *structs.DirEntry, error) {
|
||||
func (s *Store) KVSGet(ws memdb.WatchSet, key string, entMeta *acl.EnterpriseMeta) (uint64, *structs.DirEntry, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -191,7 +192,7 @@ func (s *Store) KVSGet(ws memdb.WatchSet, key string, entMeta *structs.Enterpris
|
|||
// kvsGetTxn is the inner method that gets a KVS entry inside an existing
|
||||
// transaction.
|
||||
func kvsGetTxn(tx ReadTxn,
|
||||
ws memdb.WatchSet, key string, entMeta structs.EnterpriseMeta) (uint64, *structs.DirEntry, error) {
|
||||
ws memdb.WatchSet, key string, entMeta acl.EnterpriseMeta) (uint64, *structs.DirEntry, error) {
|
||||
|
||||
// Get the table index.
|
||||
idx := kvsMaxIndex(tx, entMeta)
|
||||
|
@ -212,7 +213,7 @@ func kvsGetTxn(tx ReadTxn,
|
|||
// is the max index of the returned kvs entries or applicable tombstones, or
|
||||
// else it's the full table indexes for kvs and tombstones.
|
||||
func (s *Store) KVSList(ws memdb.WatchSet,
|
||||
prefix string, entMeta *structs.EnterpriseMeta) (uint64, structs.DirEntries, error) {
|
||||
prefix string, entMeta *acl.EnterpriseMeta) (uint64, structs.DirEntries, error) {
|
||||
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
@ -228,7 +229,7 @@ func (s *Store) KVSList(ws memdb.WatchSet,
|
|||
// kvsListTxn is the inner method that gets a list of KVS entries matching a
|
||||
// prefix.
|
||||
func (s *Store) kvsListTxn(tx ReadTxn,
|
||||
ws memdb.WatchSet, prefix string, entMeta structs.EnterpriseMeta) (uint64, structs.DirEntries, error) {
|
||||
ws memdb.WatchSet, prefix string, entMeta acl.EnterpriseMeta) (uint64, structs.DirEntries, error) {
|
||||
|
||||
// Get the table indexes.
|
||||
idx := kvsMaxIndex(tx, entMeta)
|
||||
|
@ -262,7 +263,7 @@ func (s *Store) kvsListTxn(tx ReadTxn,
|
|||
|
||||
// KVSDelete is used to perform a shallow delete on a single key in the
|
||||
// the state store.
|
||||
func (s *Store) KVSDelete(idx uint64, key string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) KVSDelete(idx uint64, key string, entMeta *acl.EnterpriseMeta) error {
|
||||
tx := s.db.WriteTxn(idx)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -276,7 +277,7 @@ func (s *Store) KVSDelete(idx uint64, key string, entMeta *structs.EnterpriseMet
|
|||
|
||||
// kvsDeleteTxn is the inner method used to perform the actual deletion
|
||||
// of a key/value pair within an existing transaction.
|
||||
func (s *Store) kvsDeleteTxn(tx WriteTxn, idx uint64, key string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) kvsDeleteTxn(tx WriteTxn, idx uint64, key string, entMeta *acl.EnterpriseMeta) error {
|
||||
|
||||
if entMeta == nil {
|
||||
entMeta = structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
|
@ -303,7 +304,7 @@ func (s *Store) kvsDeleteTxn(tx WriteTxn, idx uint64, key string, entMeta *struc
|
|||
// raft index. If the CAS index specified is not equal to the last
|
||||
// observed index for the given key, then the call is a noop, otherwise
|
||||
// a normal KV delete is invoked.
|
||||
func (s *Store) KVSDeleteCAS(idx, cidx uint64, key string, entMeta *structs.EnterpriseMeta) (bool, error) {
|
||||
func (s *Store) KVSDeleteCAS(idx, cidx uint64, key string, entMeta *acl.EnterpriseMeta) (bool, error) {
|
||||
tx := s.db.WriteTxn(idx)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -318,7 +319,7 @@ func (s *Store) KVSDeleteCAS(idx, cidx uint64, key string, entMeta *structs.Ente
|
|||
|
||||
// kvsDeleteCASTxn is the inner method that does a CAS delete within an existing
|
||||
// transaction.
|
||||
func (s *Store) kvsDeleteCASTxn(tx WriteTxn, idx, cidx uint64, key string, entMeta *structs.EnterpriseMeta) (bool, error) {
|
||||
func (s *Store) kvsDeleteCASTxn(tx WriteTxn, idx, cidx uint64, key string, entMeta *acl.EnterpriseMeta) (bool, error) {
|
||||
if entMeta == nil {
|
||||
entMeta = structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
}
|
||||
|
@ -390,7 +391,7 @@ func kvsSetCASTxn(tx WriteTxn, idx uint64, entry *structs.DirEntry) (bool, error
|
|||
// KVSDeleteTree is used to do a recursive delete on a key prefix
|
||||
// in the state store. If any keys are modified, the last index is
|
||||
// set, otherwise this is a no-op.
|
||||
func (s *Store) KVSDeleteTree(idx uint64, prefix string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) KVSDeleteTree(idx uint64, prefix string, entMeta *acl.EnterpriseMeta) error {
|
||||
tx := s.db.WriteTxn(idx)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -403,7 +404,7 @@ func (s *Store) KVSDeleteTree(idx uint64, prefix string, entMeta *structs.Enterp
|
|||
|
||||
// KVSLockDelay returns the expiration time for any lock delay associated with
|
||||
// the given key.
|
||||
func (s *Store) KVSLockDelay(key string, entMeta *structs.EnterpriseMeta) time.Time {
|
||||
func (s *Store) KVSLockDelay(key string, entMeta *acl.EnterpriseMeta) time.Time {
|
||||
return s.lockDelay.GetExpiration(key, entMeta)
|
||||
}
|
||||
|
||||
|
@ -527,7 +528,7 @@ func kvsUnlockTxn(tx WriteTxn, idx uint64, entry *structs.DirEntry) (bool, error
|
|||
// kvsCheckSessionTxn checks to see if the given session matches the current
|
||||
// entry for a key.
|
||||
func kvsCheckSessionTxn(tx WriteTxn,
|
||||
key string, session string, entMeta *structs.EnterpriseMeta) (*structs.DirEntry, error) {
|
||||
key string, session string, entMeta *acl.EnterpriseMeta) (*structs.DirEntry, error) {
|
||||
|
||||
if entMeta == nil {
|
||||
entMeta = structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
|
@ -552,7 +553,7 @@ func kvsCheckSessionTxn(tx WriteTxn,
|
|||
// kvsCheckIndexTxn checks to see if the given modify index matches the current
|
||||
// entry for a key.
|
||||
func kvsCheckIndexTxn(tx WriteTxn,
|
||||
key string, cidx uint64, entMeta structs.EnterpriseMeta) (*structs.DirEntry, error) {
|
||||
key string, cidx uint64, entMeta acl.EnterpriseMeta) (*structs.DirEntry, error) {
|
||||
|
||||
entry, err := tx.First(tableKVs, indexID, Query{Value: key, EnterpriseMeta: entMeta})
|
||||
if err != nil {
|
||||
|
|
|
@ -9,6 +9,7 @@ import (
|
|||
|
||||
"github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
|
@ -25,7 +26,7 @@ func prefixIndexForIDValue(arg interface{}) ([]byte, error) {
|
|||
// DeletePrefix always uses a string, pass it along unmodified
|
||||
case string:
|
||||
return []byte(v), nil
|
||||
case structs.EnterpriseMeta:
|
||||
case acl.EnterpriseMeta:
|
||||
return nil, nil
|
||||
case singleValueID:
|
||||
var b indexBuilder
|
||||
|
@ -56,7 +57,7 @@ func insertKVTxn(tx WriteTxn, entry *structs.DirEntry, updateMax bool, _ bool) e
|
|||
return nil
|
||||
}
|
||||
|
||||
func kvsListEntriesTxn(tx ReadTxn, ws memdb.WatchSet, prefix string, entMeta structs.EnterpriseMeta) (uint64, structs.DirEntries, error) {
|
||||
func kvsListEntriesTxn(tx ReadTxn, ws memdb.WatchSet, prefix string, entMeta acl.EnterpriseMeta) (uint64, structs.DirEntries, error) {
|
||||
var ents structs.DirEntries
|
||||
var lindex uint64
|
||||
|
||||
|
@ -79,7 +80,7 @@ func kvsListEntriesTxn(tx ReadTxn, ws memdb.WatchSet, prefix string, entMeta str
|
|||
|
||||
// kvsDeleteTreeTxn is the inner method that does a recursive delete inside an
|
||||
// existing transaction.
|
||||
func (s *Store) kvsDeleteTreeTxn(tx WriteTxn, idx uint64, prefix string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) kvsDeleteTreeTxn(tx WriteTxn, idx uint64, prefix string, entMeta *acl.EnterpriseMeta) error {
|
||||
// For prefix deletes, only insert one tombstone and delete the entire subtree
|
||||
deleted, err := tx.DeletePrefix(tableKVs, indexID+"_prefix", prefix)
|
||||
if err != nil {
|
||||
|
@ -100,7 +101,7 @@ func (s *Store) kvsDeleteTreeTxn(tx WriteTxn, idx uint64, prefix string, entMeta
|
|||
return nil
|
||||
}
|
||||
|
||||
func kvsMaxIndex(tx ReadTxn, entMeta structs.EnterpriseMeta) uint64 {
|
||||
func kvsMaxIndex(tx ReadTxn, entMeta acl.EnterpriseMeta) uint64 {
|
||||
return maxIndexTxn(tx, "kvs", "tombstones")
|
||||
}
|
||||
|
||||
|
|
|
@ -3,7 +3,10 @@
|
|||
|
||||
package state
|
||||
|
||||
import "github.com/hashicorp/consul/agent/structs"
|
||||
import (
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
func testIndexerTableKVs() map[string]indexerTestCase {
|
||||
return map[string]indexerTestCase{
|
||||
|
@ -22,7 +25,7 @@ func testIndexerTableKVs() map[string]indexerTestCase {
|
|||
expected: []byte("indexString"),
|
||||
},
|
||||
{
|
||||
source: structs.EnterpriseMeta{},
|
||||
source: acl.EnterpriseMeta{},
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
|
@ -51,7 +54,7 @@ func testIndexerTableTombstones() map[string]indexerTestCase {
|
|||
expected: []byte("indexString"),
|
||||
},
|
||||
{
|
||||
source: structs.EnterpriseMeta{},
|
||||
source: acl.EnterpriseMeta{},
|
||||
expected: nil,
|
||||
},
|
||||
{
|
||||
|
|
|
@ -6,11 +6,11 @@ package state
|
|||
import (
|
||||
"github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/acl"
|
||||
)
|
||||
|
||||
func getCompoundWithTxn(tx ReadTxn, table, index string,
|
||||
_ *structs.EnterpriseMeta, idxVals ...interface{}) (memdb.ResultIterator, error) {
|
||||
_ *acl.EnterpriseMeta, idxVals ...interface{}) (memdb.ResultIterator, error) {
|
||||
|
||||
return tx.Get(table, index, idxVals...)
|
||||
}
|
||||
|
|
|
@ -5,6 +5,7 @@ import (
|
|||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
|
@ -12,7 +13,7 @@ import (
|
|||
// enterprise identifier.
|
||||
type Query struct {
|
||||
Value string
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
func (q Query) IDValue() string {
|
||||
|
@ -33,7 +34,7 @@ func (q Query) PartitionOrDefault() string {
|
|||
|
||||
type MultiQuery struct {
|
||||
Value []string
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
func (q MultiQuery) IDValue() []string {
|
||||
|
@ -118,7 +119,7 @@ func parseUUIDString(uuid string) ([]byte, error) {
|
|||
// enterprise identifier.
|
||||
type BoolQuery struct {
|
||||
Value bool
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
// NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer
|
||||
|
@ -138,7 +139,7 @@ func (q BoolQuery) PartitionOrDefault() string {
|
|||
type KeyValueQuery struct {
|
||||
Key string
|
||||
Value string
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
// NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer
|
||||
|
@ -168,8 +169,8 @@ func indexFromKeyValueQuery(arg interface{}) ([]byte, error) {
|
|||
|
||||
type AuthMethodQuery struct {
|
||||
Value string
|
||||
AuthMethodEntMeta structs.EnterpriseMeta
|
||||
structs.EnterpriseMeta
|
||||
AuthMethodEntMeta acl.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
// NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer
|
||||
|
|
|
@ -7,15 +7,15 @@ import (
|
|||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/acl"
|
||||
)
|
||||
|
||||
func prefixIndexFromQuery(arg interface{}) ([]byte, error) {
|
||||
var b indexBuilder
|
||||
switch v := arg.(type) {
|
||||
case *structs.EnterpriseMeta:
|
||||
case *acl.EnterpriseMeta:
|
||||
return nil, nil
|
||||
case structs.EnterpriseMeta:
|
||||
case acl.EnterpriseMeta:
|
||||
return nil, nil
|
||||
case Query:
|
||||
if v.Value == "" {
|
||||
|
|
|
@ -3,12 +3,12 @@
|
|||
|
||||
package state
|
||||
|
||||
import "github.com/hashicorp/consul/agent/structs"
|
||||
import "github.com/hashicorp/consul/acl"
|
||||
|
||||
func partitionedIndexEntryName(entry string, _ string) string {
|
||||
return entry
|
||||
}
|
||||
|
||||
func partitionedAndNamespacedIndexEntryName(entry string, _ *structs.EnterpriseMeta) string {
|
||||
func partitionedAndNamespacedIndexEntryName(entry string, _ *acl.EnterpriseMeta) string {
|
||||
return entry
|
||||
}
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
|
||||
"github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
||||
|
@ -291,7 +292,7 @@ func sessionCreateTxn(tx WriteTxn, idx uint64, sess *structs.Session) error {
|
|||
|
||||
// SessionGet is used to retrieve an active session from the state store.
|
||||
func (s *Store) SessionGet(ws memdb.WatchSet,
|
||||
sessionID string, entMeta *structs.EnterpriseMeta) (uint64, *structs.Session, error) {
|
||||
sessionID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.Session, error) {
|
||||
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
@ -318,7 +319,7 @@ func (s *Store) SessionGet(ws memdb.WatchSet,
|
|||
// NodeSessions returns a set of active sessions associated
|
||||
// with the given node ID. The returned index is the highest
|
||||
// index seen from the result set.
|
||||
func (s *Store) NodeSessions(ws memdb.WatchSet, nodeID string, entMeta *structs.EnterpriseMeta) (uint64, structs.Sessions, error) {
|
||||
func (s *Store) NodeSessions(ws memdb.WatchSet, nodeID string, entMeta *acl.EnterpriseMeta) (uint64, structs.Sessions, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -336,7 +337,7 @@ func (s *Store) NodeSessions(ws memdb.WatchSet, nodeID string, entMeta *structs.
|
|||
// SessionDestroy is used to remove an active session. This will
|
||||
// implicitly invalidate the session and invoke the specified
|
||||
// session destroy behavior.
|
||||
func (s *Store) SessionDestroy(idx uint64, sessionID string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) SessionDestroy(idx uint64, sessionID string, entMeta *acl.EnterpriseMeta) error {
|
||||
tx := s.db.WriteTxn(idx)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -350,7 +351,7 @@ func (s *Store) SessionDestroy(idx uint64, sessionID string, entMeta *structs.En
|
|||
|
||||
// deleteSessionTxn is the inner method, which is used to do the actual
|
||||
// session deletion and handle session invalidation, etc.
|
||||
func (s *Store) deleteSessionTxn(tx WriteTxn, idx uint64, sessionID string, entMeta *structs.EnterpriseMeta) error {
|
||||
func (s *Store) deleteSessionTxn(tx WriteTxn, idx uint64, sessionID string, entMeta *acl.EnterpriseMeta) error {
|
||||
// Look up the session.
|
||||
if entMeta == nil {
|
||||
entMeta = structs.DefaultEnterpriseMetaInDefaultPartition()
|
||||
|
|
|
@ -9,6 +9,7 @@ import (
|
|||
|
||||
"github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/api"
|
||||
)
|
||||
|
@ -121,7 +122,7 @@ func allNodeSessionsTxn(tx ReadTxn, node string, _ string) (structs.Sessions, er
|
|||
}
|
||||
|
||||
func nodeSessionsTxn(tx ReadTxn,
|
||||
ws memdb.WatchSet, node string, entMeta *structs.EnterpriseMeta) (structs.Sessions, error) {
|
||||
ws memdb.WatchSet, node string, entMeta *acl.EnterpriseMeta) (structs.Sessions, error) {
|
||||
|
||||
sessions, err := tx.Get(tableSessions, indexNode, Query{Value: node})
|
||||
if err != nil {
|
||||
|
@ -136,7 +137,7 @@ func nodeSessionsTxn(tx ReadTxn,
|
|||
return result, nil
|
||||
}
|
||||
|
||||
func sessionMaxIndex(tx ReadTxn, entMeta *structs.EnterpriseMeta) uint64 {
|
||||
func sessionMaxIndex(tx ReadTxn, entMeta *acl.EnterpriseMeta) uint64 {
|
||||
return maxIndexTxn(tx, "sessions")
|
||||
}
|
||||
|
||||
|
@ -161,7 +162,7 @@ func validateSessionChecksTxn(tx ReadTxn, session *structs.Session) error {
|
|||
}
|
||||
|
||||
// SessionList returns a slice containing all of the active sessions.
|
||||
func (s *Store) SessionList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Sessions, error) {
|
||||
func (s *Store) SessionList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Sessions, error) {
|
||||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
|
@ -184,7 +185,7 @@ func (s *Store) SessionList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta)
|
|||
return idx, result, nil
|
||||
}
|
||||
|
||||
func maxIndexTxnSessions(tx *memdb.Txn, _ *structs.EnterpriseMeta) uint64 {
|
||||
func maxIndexTxnSessions(tx *memdb.Txn, _ *acl.EnterpriseMeta) uint64 {
|
||||
return maxIndexTxn(tx, tableSessions)
|
||||
}
|
||||
|
||||
|
|
|
@ -8,6 +8,7 @@ import (
|
|||
|
||||
memdb "github.com/hashicorp/go-memdb"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/consul/stream"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
)
|
||||
|
@ -143,7 +144,7 @@ type sessionCheck struct {
|
|||
Session string
|
||||
|
||||
CheckID structs.CheckID
|
||||
structs.EnterpriseMeta
|
||||
acl.EnterpriseMeta
|
||||
}
|
||||
|
||||
// NewStateStore creates a new in-memory state storage layer.
|
||||
|
|
|
@ -9,6 +9,7 @@ import (
|
|||
"github.com/hashicorp/go-memdb"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
"github.com/hashicorp/consul/types"
|
||||
)
|
||||
|
@ -229,7 +230,7 @@ func testRegisterConnectNativeService(t *testing.T, s *Store, idx uint64, nodeID
|
|||
require.NoError(t, s.EnsureService(idx, nodeID, svc))
|
||||
}
|
||||
|
||||
func testSetKey(t *testing.T, s *Store, idx uint64, key, value string, entMeta *structs.EnterpriseMeta) {
|
||||
func testSetKey(t *testing.T, s *Store, idx uint64, key, value string, entMeta *acl.EnterpriseMeta) {
|
||||
entry := &structs.DirEntry{
|
||||
Key: key,
|
||||
Value: []byte(value),
|
||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue