mirror of
https://github.com/status-im/consul.git
synced 2025-01-11 06:16:08 +00:00
state: use constants and add tests for acl-policies table
This commit is contained in:
parent
0b0ec7f081
commit
340462dd72
@ -228,7 +228,7 @@ func (s *Restore) ACLToken(token *structs.ACLToken) error {
|
|||||||
|
|
||||||
// ACLPolicies is used when saving a snapshot
|
// ACLPolicies is used when saving a snapshot
|
||||||
func (s *Snapshot) ACLPolicies() (memdb.ResultIterator, error) {
|
func (s *Snapshot) ACLPolicies() (memdb.ResultIterator, error) {
|
||||||
iter, err := s.tx.Get("acl-policies", "id")
|
iter, err := s.tx.Get(tableACLPolicies, indexID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
@ -1212,8 +1212,8 @@ func (s *Store) ACLPolicyBatchGet(ws memdb.WatchSet, ids []string) (uint64, stru
|
|||||||
}
|
}
|
||||||
|
|
||||||
// We are specifically not wanting to call aclPolicyMaxIndex here as we always want the
|
// We are specifically not wanting to call aclPolicyMaxIndex here as we always want the
|
||||||
// index entry for the "acl-policies" table.
|
// index entry for the tableACLPolicies table.
|
||||||
idx := maxIndexTxn(tx, "acl-policies")
|
idx := maxIndexTxn(tx, tableACLPolicies)
|
||||||
|
|
||||||
return idx, policies, nil
|
return idx, policies, nil
|
||||||
}
|
}
|
||||||
|
@ -1,9 +1,10 @@
|
|||||||
package state
|
package state
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
memdb "github.com/hashicorp/go-memdb"
|
||||||
|
|
||||||
"github.com/hashicorp/consul/agent/consul/stream"
|
"github.com/hashicorp/consul/agent/consul/stream"
|
||||||
"github.com/hashicorp/consul/agent/structs"
|
"github.com/hashicorp/consul/agent/structs"
|
||||||
memdb "github.com/hashicorp/go-memdb"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
// aclChangeUnsubscribeEvent creates and returns stream.UnsubscribeEvents that
|
// aclChangeUnsubscribeEvent creates and returns stream.UnsubscribeEvents that
|
||||||
@ -27,7 +28,7 @@ func aclChangeUnsubscribeEvent(tx ReadTxn, changes Changes) ([]stream.Event, err
|
|||||||
}
|
}
|
||||||
secretIDs = appendSecretIDsFromTokenIterator(secretIDs, tokens)
|
secretIDs = appendSecretIDsFromTokenIterator(secretIDs, tokens)
|
||||||
|
|
||||||
case "acl-policies":
|
case tableACLPolicies:
|
||||||
policy := changeObject(change).(*structs.ACLPolicy)
|
policy := changeObject(change).(*structs.ACLPolicy)
|
||||||
tokens, err := aclTokenListByPolicy(tx, policy.ID, &policy.EnterpriseMeta)
|
tokens, err := aclTokenListByPolicy(tx, policy.ID, &policy.EnterpriseMeta)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -11,11 +11,11 @@ import (
|
|||||||
)
|
)
|
||||||
|
|
||||||
func aclPolicyInsert(tx *txn, policy *structs.ACLPolicy) error {
|
func aclPolicyInsert(tx *txn, policy *structs.ACLPolicy) error {
|
||||||
if err := tx.Insert("acl-policies", policy); err != nil {
|
if err := tx.Insert(tableACLPolicies, policy); err != nil {
|
||||||
return fmt.Errorf("failed inserting acl policy: %v", err)
|
return fmt.Errorf("failed inserting acl policy: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := indexUpdateMaxTxn(tx, policy.ModifyIndex, "acl-policies"); err != nil {
|
if err := indexUpdateMaxTxn(tx, policy.ModifyIndex, tableACLPolicies); err != nil {
|
||||||
return fmt.Errorf("failed updating acl policies index: %v", err)
|
return fmt.Errorf("failed updating acl policies index: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -23,32 +23,32 @@ func aclPolicyInsert(tx *txn, policy *structs.ACLPolicy) error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func aclPolicyGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
func aclPolicyGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||||
return tx.FirstWatch("acl-policies", "id", id)
|
return tx.FirstWatch(tableACLPolicies, indexID, id)
|
||||||
}
|
}
|
||||||
|
|
||||||
func aclPolicyGetByName(tx ReadTxn, name string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
func aclPolicyGetByName(tx ReadTxn, name string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||||
return tx.FirstWatch("acl-policies", "name", name)
|
return tx.FirstWatch(tableACLPolicies, indexName, name)
|
||||||
}
|
}
|
||||||
|
|
||||||
func aclPolicyList(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
func aclPolicyList(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||||
return tx.Get("acl-policies", "id")
|
return tx.Get(tableACLPolicies, indexID)
|
||||||
}
|
}
|
||||||
|
|
||||||
func aclPolicyDeleteWithPolicy(tx *txn, policy *structs.ACLPolicy, idx uint64) error {
|
func aclPolicyDeleteWithPolicy(tx *txn, policy *structs.ACLPolicy, idx uint64) error {
|
||||||
// remove the policy
|
// remove the policy
|
||||||
if err := tx.Delete("acl-policies", policy); err != nil {
|
if err := tx.Delete(tableACLPolicies, policy); err != nil {
|
||||||
return fmt.Errorf("failed deleting acl policy: %v", err)
|
return fmt.Errorf("failed deleting acl policy: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
// update the overall acl-policies index
|
// update the overall acl-policies index
|
||||||
if err := indexUpdateMaxTxn(tx, idx, "acl-policies"); err != nil {
|
if err := indexUpdateMaxTxn(tx, idx, tableACLPolicies); err != nil {
|
||||||
return fmt.Errorf("failed updating acl policies index: %v", err)
|
return fmt.Errorf("failed updating acl policies index: %v", err)
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func aclPolicyMaxIndex(tx ReadTxn, _ *structs.ACLPolicy, _ *structs.EnterpriseMeta) uint64 {
|
func aclPolicyMaxIndex(tx ReadTxn, _ *structs.ACLPolicy, _ *structs.EnterpriseMeta) uint64 {
|
||||||
return maxIndexTxn(tx, "acl-policies")
|
return maxIndexTxn(tx, tableACLPolicies)
|
||||||
}
|
}
|
||||||
|
|
||||||
func aclPolicyUpsertValidateEnterprise(*txn, *structs.ACLPolicy, *structs.ACLPolicy) error {
|
func aclPolicyUpsertValidateEnterprise(*txn, *structs.ACLPolicy, *structs.ACLPolicy) error {
|
||||||
|
35
agent/consul/state/acl_oss_test.go
Normal file
35
agent/consul/state/acl_oss_test.go
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
// +build !consulent
|
||||||
|
|
||||||
|
package state
|
||||||
|
|
||||||
|
import "github.com/hashicorp/consul/agent/structs"
|
||||||
|
|
||||||
|
func testIndexerTableACLPolicies() map[string]indexerTestCase {
|
||||||
|
obj := &structs.ACLPolicy{
|
||||||
|
ID: "123e4567-e89b-12d3-a456-426614174abc",
|
||||||
|
Name: "PoLiCyNaMe",
|
||||||
|
}
|
||||||
|
encodedID := []byte{0x12, 0x3e, 0x45, 0x67, 0xe8, 0x9b, 0x12, 0xd3, 0xa4, 0x56, 0x42, 0x66, 0x14, 0x17, 0x4a, 0xbc}
|
||||||
|
return map[string]indexerTestCase{
|
||||||
|
indexID: {
|
||||||
|
read: indexValue{
|
||||||
|
source: obj.ID,
|
||||||
|
expected: encodedID,
|
||||||
|
},
|
||||||
|
write: indexValue{
|
||||||
|
source: obj,
|
||||||
|
expected: encodedID,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
indexName: {
|
||||||
|
read: indexValue{
|
||||||
|
source: []interface{}{"PolicyName"},
|
||||||
|
expected: []byte("policyname\x00"),
|
||||||
|
},
|
||||||
|
write: indexValue{
|
||||||
|
source: obj,
|
||||||
|
expected: []byte("policyname\x00"),
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
}
|
@ -7,13 +7,14 @@ import (
|
|||||||
"testing"
|
"testing"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
memdb "github.com/hashicorp/go-memdb"
|
||||||
|
"github.com/hashicorp/go-uuid"
|
||||||
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
"github.com/hashicorp/consul/acl"
|
"github.com/hashicorp/consul/acl"
|
||||||
"github.com/hashicorp/consul/agent/structs"
|
"github.com/hashicorp/consul/agent/structs"
|
||||||
"github.com/hashicorp/consul/lib"
|
"github.com/hashicorp/consul/lib"
|
||||||
pbacl "github.com/hashicorp/consul/proto/pbacl"
|
pbacl "github.com/hashicorp/consul/proto/pbacl"
|
||||||
memdb "github.com/hashicorp/go-memdb"
|
|
||||||
"github.com/hashicorp/go-uuid"
|
|
||||||
"github.com/stretchr/testify/require"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
@ -3801,7 +3802,7 @@ func TestStateStore_ACLPolicies_Snapshot_Restore(t *testing.T) {
|
|||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
require.Equal(t, uint64(2), idx)
|
require.Equal(t, uint64(2), idx)
|
||||||
require.ElementsMatch(t, policies, res)
|
require.ElementsMatch(t, policies, res)
|
||||||
require.Equal(t, uint64(2), s.maxIndex("acl-policies"))
|
require.Equal(t, uint64(2), s.maxIndex(tableACLPolicies))
|
||||||
}()
|
}()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -128,6 +128,7 @@ func TestNewDBSchema_Indexers(t *testing.T) {
|
|||||||
require.NoError(t, schema.Validate())
|
require.NoError(t, schema.Validate())
|
||||||
|
|
||||||
var testcases = map[string]func() map[string]indexerTestCase{
|
var testcases = map[string]func() map[string]indexerTestCase{
|
||||||
|
tableACLPolicies: testIndexerTableACLPolicies,
|
||||||
tableChecks: testIndexerTableChecks,
|
tableChecks: testIndexerTableChecks,
|
||||||
tableServices: testIndexerTableServices,
|
tableServices: testIndexerTableServices,
|
||||||
tableNodes: testIndexerTableNodes,
|
tableNodes: testIndexerTableNodes,
|
||||||
|
Loading…
x
Reference in New Issue
Block a user