From b8bf35f087aea14c36ece3ce22423df4d5430ed2 Mon Sep 17 00:00:00 2001 From: Armon Dadgar Date: Thu, 24 Aug 2017 09:53:30 -0700 Subject: [PATCH] ACL RPCs allow stale reads for scalability --- client/acl.go | 12 ++++++++---- nomad/leader.go | 16 ++++++++++------ 2 files changed, 18 insertions(+), 10 deletions(-) diff --git a/client/acl.go b/client/acl.go index a38567585..87ca8badd 100644 --- a/client/acl.go +++ b/client/acl.go @@ -124,8 +124,11 @@ func (c *Client) resolveTokenValue(secretID string) (*structs.ACLToken, error) { // Lookup the token req := structs.ResolveACLTokenRequest{ - SecretID: secretID, - QueryOptions: structs.QueryOptions{Region: c.Region()}, + SecretID: secretID, + QueryOptions: structs.QueryOptions{ + Region: c.Region(), + AllowStale: true, + }, } var resp structs.ResolveACLTokenResponse if err := c.RPC("ACL.ResolveToken", &req, &resp); err != nil { @@ -186,8 +189,9 @@ func (c *Client) resolvePolicies(secretID string, policies []string) ([]*structs req := structs.ACLPolicySetRequest{ Names: fetch, QueryOptions: structs.QueryOptions{ - Region: c.Region(), - SecretID: secretID, + Region: c.Region(), + SecretID: secretID, + AllowStale: true, }, } var resp structs.ACLPolicySetResponse diff --git a/nomad/leader.go b/nomad/leader.go index 212d80bcf..4fd21f790 100644 --- a/nomad/leader.go +++ b/nomad/leader.go @@ -674,7 +674,8 @@ REMOVE: func (s *Server) replicateACLPolicies(stopCh chan struct{}) { req := structs.ACLPolicyListRequest{ QueryOptions: structs.QueryOptions{ - Region: s.config.AuthoritativeRegion, + Region: s.config.AuthoritativeRegion, + AllowStale: true, }, } limiter := rate.NewLimiter(replicationRateLimit, int(replicationRateLimit)) @@ -720,8 +721,9 @@ START: req := structs.ACLPolicySetRequest{ Names: update, QueryOptions: structs.QueryOptions{ - Region: s.config.AuthoritativeRegion, - SecretID: s.ReplicationToken(), + Region: s.config.AuthoritativeRegion, + SecretID: s.ReplicationToken(), + AllowStale: true, }, } var reply structs.ACLPolicySetResponse @@ -816,7 +818,8 @@ func (s *Server) replicateACLTokens(stopCh chan struct{}) { req := structs.ACLTokenListRequest{ GlobalOnly: true, QueryOptions: structs.QueryOptions{ - Region: s.config.AuthoritativeRegion, + Region: s.config.AuthoritativeRegion, + AllowStale: true, }, } limiter := rate.NewLimiter(replicationRateLimit, int(replicationRateLimit)) @@ -862,8 +865,9 @@ START: req := structs.ACLTokenSetRequest{ AccessorIDS: update, QueryOptions: structs.QueryOptions{ - Region: s.config.AuthoritativeRegion, - SecretID: s.ReplicationToken(), + Region: s.config.AuthoritativeRegion, + SecretID: s.ReplicationToken(), + AllowStale: true, }, } var reply structs.ACLTokenSetResponse