consul: simplify keyring operations
This commit is contained in:
parent
66ad81ef13
commit
fcacee723b
|
@ -117,10 +117,7 @@ func loadKeyringFile(c *serf.Config) error {
|
|||
|
||||
// keyringProcess is used to abstract away the semantic similarities in
|
||||
// performing various operations on the encryption keyring.
|
||||
func (a *Agent) keyringProcess(
|
||||
method string,
|
||||
args *structs.KeyringRequest) (*structs.KeyringResponses, error) {
|
||||
|
||||
func (a *Agent) keyringProcess(args *structs.KeyringRequest) (*structs.KeyringResponses, error) {
|
||||
// Allow any server to handle the request, since this is
|
||||
// done over the gossip protocol.
|
||||
args.AllowStale = true
|
||||
|
@ -129,7 +126,7 @@ func (a *Agent) keyringProcess(
|
|||
if a.server == nil {
|
||||
return nil, fmt.Errorf("keyring operations must run against a server node")
|
||||
}
|
||||
if err := a.RPC(method, args, &reply); err != nil {
|
||||
if err := a.RPC("Internal.KeyringOperation", args, &reply); err != nil {
|
||||
return &reply, err
|
||||
}
|
||||
|
||||
|
@ -140,23 +137,23 @@ func (a *Agent) keyringProcess(
|
|||
// includes both servers and clients in all DC's.
|
||||
func (a *Agent) ListKeys() (*structs.KeyringResponses, error) {
|
||||
args := structs.KeyringRequest{Operation: structs.KeyringList}
|
||||
return a.keyringProcess("Internal.KeyringOperation", &args)
|
||||
return a.keyringProcess(&args)
|
||||
}
|
||||
|
||||
// InstallKey installs a new gossip encryption key
|
||||
func (a *Agent) InstallKey(key string) (*structs.KeyringResponses, error) {
|
||||
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringInstall}
|
||||
return a.keyringProcess("Internal.KeyringOperation", &args)
|
||||
return a.keyringProcess(&args)
|
||||
}
|
||||
|
||||
// UseKey changes the primary encryption key used to encrypt messages
|
||||
func (a *Agent) UseKey(key string) (*structs.KeyringResponses, error) {
|
||||
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringUse}
|
||||
return a.keyringProcess("Internal.KeyringOperation", &args)
|
||||
return a.keyringProcess(&args)
|
||||
}
|
||||
|
||||
// RemoveKey will remove a gossip encryption key from the keyring
|
||||
func (a *Agent) RemoveKey(key string) (*structs.KeyringResponses, error) {
|
||||
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringRemove}
|
||||
return a.keyringProcess("Internal.KeyringOperation", &args)
|
||||
return a.keyringProcess(&args)
|
||||
}
|
||||
|
|
|
@ -72,10 +72,9 @@ func (m *Internal) KeyringOperation(
|
|||
reply *structs.KeyringResponses) error {
|
||||
|
||||
m.executeKeyringOp(args, reply, false)
|
||||
|
||||
if !args.Forwarded {
|
||||
m.executeKeyringOp(args, reply, true)
|
||||
args.Forwarded = true
|
||||
m.executeKeyringOp(args, reply, true)
|
||||
return m.srv.globalRPC("Internal.KeyringOperation", args, reply)
|
||||
}
|
||||
|
||||
|
@ -92,10 +91,8 @@ func (m *Internal) executeKeyringOp(
|
|||
|
||||
var serfResp *serf.KeyResponse
|
||||
var err error
|
||||
|
||||
dc := m.srv.config.Datacenter
|
||||
|
||||
var mgr *serf.KeyManager
|
||||
|
||||
if wan {
|
||||
mgr = m.srv.KeyManagerWAN()
|
||||
} else {
|
||||
|
@ -120,7 +117,7 @@ func (m *Internal) executeKeyringOp(
|
|||
|
||||
reply.Responses = append(reply.Responses, &structs.KeyringResponse{
|
||||
WAN: wan,
|
||||
Datacenter: dc,
|
||||
Datacenter: m.srv.config.Datacenter,
|
||||
Messages: serfResp.Messages,
|
||||
Keys: serfResp.Keys,
|
||||
NumNodes: serfResp.NumNodes,
|
||||
|
|
|
@ -229,11 +229,8 @@ func (s *Server) forwardDC(method, dc string, args interface{}, reply interface{
|
|||
func (s *Server) globalRPC(method string, args interface{},
|
||||
reply structs.CompoundResponse) error {
|
||||
|
||||
if reply == nil {
|
||||
return fmt.Errorf("nil reply struct")
|
||||
}
|
||||
rlen := len(s.remoteConsuls)
|
||||
if rlen < 2 {
|
||||
totalDC := len(s.remoteConsuls)
|
||||
if totalDC == 1 {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
@ -253,17 +250,14 @@ func (s *Server) globalRPC(method string, args interface{},
|
|||
}()
|
||||
}
|
||||
|
||||
done := 0
|
||||
for {
|
||||
replies := 0
|
||||
for replies < totalDC {
|
||||
select {
|
||||
case err := <-errorCh:
|
||||
return err
|
||||
case rr := <-respCh:
|
||||
reply.Add(rr)
|
||||
done++
|
||||
}
|
||||
if done == rlen {
|
||||
break
|
||||
replies++
|
||||
}
|
||||
}
|
||||
return nil
|
||||
|
|
Loading…
Reference in New Issue