6bfdb48560
Introduces two new public gRPC endpoints (`Login` and `Logout`) and includes refactoring of the equivalent net/rpc endpoints to enable the majority of logic to be reused (i.e. by extracting the `Binder` and `TokenWriter` types). This contains the OSS portions of the following enterprise commits: - 75fcdbfcfa6af21d7128cb2544829ead0b1df603 - bce14b714151af74a7f0110843d640204082630a - cc508b70fbf58eda144d9af3d71bd0f483985893
38 lines
1.2 KiB
Go
38 lines
1.2 KiB
Go
package consul
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/hashicorp/consul/agent/consul/authmethod"
|
|
"github.com/hashicorp/consul/agent/structs"
|
|
|
|
// register these as a builtin auth method
|
|
_ "github.com/hashicorp/consul/agent/consul/authmethod/awsauth"
|
|
_ "github.com/hashicorp/consul/agent/consul/authmethod/kubeauth"
|
|
_ "github.com/hashicorp/consul/agent/consul/authmethod/ssoauth"
|
|
)
|
|
|
|
type authMethodValidatorEntry struct {
|
|
Validator authmethod.Validator
|
|
ModifyIndex uint64 // the raft index when this last changed
|
|
}
|
|
|
|
// loadAuthMethodValidator returns an authmethod.Validator for the given auth
|
|
// method configuration. If the cache is up to date as-of the provided index
|
|
// then the cached version is returned, otherwise a new validator is created
|
|
// and cached.
|
|
func (s *Server) loadAuthMethodValidator(idx uint64, method *structs.ACLAuthMethod) (authmethod.Validator, error) {
|
|
if prevIdx, v, ok := s.aclAuthMethodValidators.GetValidator(method); ok && idx <= prevIdx {
|
|
return v, nil
|
|
}
|
|
|
|
v, err := authmethod.NewValidator(s.logger, method)
|
|
if err != nil {
|
|
return nil, fmt.Errorf("auth method validator for %q could not be initialized: %v", method.Name, err)
|
|
}
|
|
|
|
v = s.aclAuthMethodValidators.PutValidatorIfNewer(method, v, idx)
|
|
|
|
return v, nil
|
|
}
|