2023-03-28 21:12:41 +01:00
|
|
|
// Copyright (c) HashiCorp, Inc.
|
|
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
|
2020-01-13 15:51:40 -05:00
|
|
|
package acl
|
|
|
|
|
|
|
|
const (
|
|
|
|
WildcardName = "*"
|
2023-01-09 13:28:53 -05:00
|
|
|
|
|
|
|
// AnonymousTokenID is the AccessorID of the anonymous token.
|
|
|
|
// When logging or displaying to users, use acl.AliasIfAnonymousToken
|
|
|
|
// to convert this to AnonymousTokenAlias.
|
2023-02-09 14:34:02 -06:00
|
|
|
AnonymousTokenID = "00000000-0000-0000-0000-000000000002"
|
|
|
|
AnonymousTokenAlias = "anonymous token"
|
|
|
|
AnonymousTokenSecret = "anonymous"
|
2023-08-01 10:12:14 -07:00
|
|
|
|
|
|
|
ReservedBuiltinPrefix = "builtin/"
|
2020-01-13 15:51:40 -05:00
|
|
|
)
|
|
|
|
|
2020-07-09 16:38:50 -07:00
|
|
|
// Config encapsulates all of the generic configuration parameters used for
|
2020-01-13 15:51:40 -05:00
|
|
|
// policy parsing and enforcement
|
|
|
|
type Config struct {
|
|
|
|
// WildcardName is the string that represents a request to authorize a wildcard permission
|
|
|
|
WildcardName string
|
|
|
|
|
|
|
|
// embedded enterprise configuration
|
|
|
|
EnterpriseConfig
|
|
|
|
}
|
|
|
|
|
2021-10-27 10:47:57 -06:00
|
|
|
type ExportFetcher interface {
|
|
|
|
// ExportsForPartition returns the config entry defining exports for a partition
|
2021-12-02 23:50:38 -07:00
|
|
|
ExportsForPartition(partition string) ExportedServices
|
2021-10-27 10:47:57 -06:00
|
|
|
}
|
|
|
|
|
2021-12-02 23:50:38 -07:00
|
|
|
type ExportedServices struct {
|
2022-11-09 13:02:58 -08:00
|
|
|
// Data is a map of [namespace] -> [service] -> [list of partitions the service is exported to]
|
|
|
|
// This includes both the names of typical service instances and their corresponding sidecar proxy
|
|
|
|
// instance names. Meaning that if "web" is exported, "web-sidecar-proxy" instances will also be
|
|
|
|
// shown as exported.
|
2021-10-27 10:47:57 -06:00
|
|
|
Data map[string]map[string][]string
|
2021-10-24 18:28:46 -04:00
|
|
|
}
|
|
|
|
|
2020-01-13 15:51:40 -05:00
|
|
|
// GetWildcardName will retrieve the configured wildcard name or provide a default
|
|
|
|
// in the case that the config is Nil or the wildcard name is unset.
|
|
|
|
func (c *Config) GetWildcardName() string {
|
|
|
|
if c == nil || c.WildcardName == "" {
|
|
|
|
return WildcardName
|
|
|
|
}
|
|
|
|
return c.WildcardName
|
|
|
|
}
|
|
|
|
|
|
|
|
// Close will relinquish any resources this Config might be holding on to or
|
|
|
|
// managing.
|
|
|
|
func (c *Config) Close() {
|
|
|
|
if c != nil {
|
|
|
|
c.EnterpriseConfig.Close()
|
|
|
|
}
|
|
|
|
}
|
2023-01-09 13:28:53 -05:00
|
|
|
|
|
|
|
// AliasIfAnonymousToken returns the string "anonymous token" if
|
|
|
|
// accessorID is acl.AnonymousTokenID. Used for better
|
|
|
|
// UX when logging the accessorID.
|
|
|
|
func AliasIfAnonymousToken(accessorID string) string {
|
|
|
|
if accessorID == AnonymousTokenID {
|
|
|
|
return AnonymousTokenAlias
|
|
|
|
}
|
|
|
|
return accessorID
|
|
|
|
}
|