mirror of https://github.com/status-im/consul.git
convert indexSecret to the new index (#11007)
This commit is contained in:
parent
6e6cf1c043
commit
584faec6e3
|
@ -163,7 +163,7 @@ func (s *TokenExpirationIndex) FromArgs(args ...interface{}) ([]byte, error) {
|
|||
|
||||
// ACLTokens is used when saving a snapshot
|
||||
func (s *Snapshot) ACLTokens() (memdb.ResultIterator, error) {
|
||||
iter, err := s.tx.Get("acl-tokens", "id")
|
||||
iter, err := s.tx.Get(tableACLTokens, "id")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
@ -772,7 +772,7 @@ func (s *Store) ACLTokenBatchGet(ws memdb.WatchSet, accessors []string) (uint64,
|
|||
}
|
||||
}
|
||||
|
||||
idx := maxIndexTxn(tx, "acl-tokens")
|
||||
idx := maxIndexTxn(tx, tableACLTokens)
|
||||
|
||||
return idx, tokens, nil
|
||||
}
|
||||
|
@ -884,7 +884,7 @@ func (s *Store) ACLTokenListUpgradeable(max int) (structs.ACLTokens, <-chan stru
|
|||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
iter, err := tx.Get("acl-tokens", "needs-upgrade", true)
|
||||
iter, err := tx.Get(tableACLTokens, "needs-upgrade", true)
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("failed acl token listing: %v", err)
|
||||
}
|
||||
|
@ -906,7 +906,7 @@ func (s *Store) ACLTokenMinExpirationTime(local bool) (time.Time, error) {
|
|||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
item, err := tx.First("acl-tokens", s.expiresIndexName(local))
|
||||
item, err := tx.First(tableACLTokens, s.expiresIndexName(local))
|
||||
if err != nil {
|
||||
return time.Time{}, fmt.Errorf("failed acl token listing: %v", err)
|
||||
}
|
||||
|
@ -926,7 +926,7 @@ func (s *Store) ACLTokenListExpired(local bool, asOf time.Time, max int) (struct
|
|||
tx := s.db.Txn(false)
|
||||
defer tx.Abort()
|
||||
|
||||
iter, err := tx.Get("acl-tokens", s.expiresIndexName(local))
|
||||
iter, err := tx.Get(tableACLTokens, s.expiresIndexName(local))
|
||||
if err != nil {
|
||||
return nil, nil, fmt.Errorf("failed acl token listing: %v", err)
|
||||
}
|
||||
|
|
|
@ -16,7 +16,7 @@ func aclChangeUnsubscribeEvent(tx ReadTxn, changes Changes) ([]stream.Event, err
|
|||
|
||||
for _, change := range changes.Changes {
|
||||
switch change.Table {
|
||||
case "acl-tokens":
|
||||
case tableACLTokens:
|
||||
token := changeObject(change).(*structs.ACLToken)
|
||||
secretIDs = append(secretIDs, token.SecretID)
|
||||
|
||||
|
|
|
@ -57,12 +57,12 @@ func (s *Store) ACLPolicyUpsertValidateEnterprise(*structs.ACLPolicy, *structs.A
|
|||
|
||||
func aclTokenInsert(tx WriteTxn, token *structs.ACLToken) error {
|
||||
// insert the token into memdb
|
||||
if err := tx.Insert("acl-tokens", token); err != nil {
|
||||
if err := tx.Insert(tableACLTokens, token); err != nil {
|
||||
return fmt.Errorf("failed inserting acl token: %v", err)
|
||||
}
|
||||
|
||||
// update the overall acl-tokens index
|
||||
if err := indexUpdateMaxTxn(tx, token.ModifyIndex, "acl-tokens"); err != nil {
|
||||
if err := indexUpdateMaxTxn(tx, token.ModifyIndex, tableACLTokens); err != nil {
|
||||
return fmt.Errorf("failed updating acl tokens index: %v", err)
|
||||
}
|
||||
|
||||
|
@ -70,48 +70,48 @@ func aclTokenInsert(tx WriteTxn, token *structs.ACLToken) error {
|
|||
}
|
||||
|
||||
func aclTokenGetFromIndex(tx ReadTxn, id string, index string, entMeta *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
|
||||
return tx.FirstWatch("acl-tokens", index, id)
|
||||
return tx.FirstWatch(tableACLTokens, index, id)
|
||||
}
|
||||
|
||||
func aclTokenListAll(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get("acl-tokens", "id")
|
||||
return tx.Get(tableACLTokens, "id")
|
||||
}
|
||||
|
||||
func aclTokenListLocal(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get("acl-tokens", "local", true)
|
||||
return tx.Get(tableACLTokens, "local", true)
|
||||
}
|
||||
|
||||
func aclTokenListGlobal(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get("acl-tokens", "local", false)
|
||||
return tx.Get(tableACLTokens, "local", false)
|
||||
}
|
||||
|
||||
func aclTokenListByPolicy(tx ReadTxn, policy string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get("acl-tokens", "policies", policy)
|
||||
return tx.Get(tableACLTokens, "policies", policy)
|
||||
}
|
||||
|
||||
func aclTokenListByRole(tx ReadTxn, role string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get("acl-tokens", "roles", role)
|
||||
return tx.Get(tableACLTokens, "roles", role)
|
||||
}
|
||||
|
||||
func aclTokenListByAuthMethod(tx ReadTxn, authMethod string, _, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get("acl-tokens", "authmethod", authMethod)
|
||||
return tx.Get(tableACLTokens, "authmethod", authMethod)
|
||||
}
|
||||
|
||||
func aclTokenDeleteWithToken(tx WriteTxn, token *structs.ACLToken, idx uint64) error {
|
||||
// remove the token
|
||||
if err := tx.Delete("acl-tokens", token); err != nil {
|
||||
if err := tx.Delete(tableACLTokens, token); err != nil {
|
||||
return fmt.Errorf("failed deleting acl token: %v", err)
|
||||
}
|
||||
|
||||
// update the overall acl-tokens index
|
||||
if err := indexUpdateMaxTxn(tx, idx, "acl-tokens"); err != nil {
|
||||
if err := indexUpdateMaxTxn(tx, idx, tableACLTokens); err != nil {
|
||||
return fmt.Errorf("failed updating acl tokens index: %v", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func aclTokenMaxIndex(tx ReadTxn, _ *structs.ACLToken, entMeta *structs.EnterpriseMeta) uint64 {
|
||||
return maxIndexTxn(tx, "acl-tokens")
|
||||
return maxIndexTxn(tx, tableACLTokens)
|
||||
}
|
||||
|
||||
func aclTokenUpsertValidateEnterprise(tx WriteTxn, token *structs.ACLToken, existing *structs.ACLToken) error {
|
||||
|
|
|
@ -42,9 +42,9 @@ func tokensTableSchema() *memdb.TableSchema {
|
|||
Name: indexID,
|
||||
AllowMissing: false,
|
||||
Unique: true,
|
||||
Indexer: &memdb.StringFieldIndex{
|
||||
Field: "SecretID",
|
||||
Lowercase: false,
|
||||
Indexer: indexerSingle{
|
||||
readIndex: readIndex(indexFromStringCaseSensitive),
|
||||
writeIndex: writeIndex(indexSecretIDFromACLToken),
|
||||
},
|
||||
},
|
||||
indexPolicies: {
|
||||
|
@ -324,3 +324,29 @@ func indexAccessorIDFromACLToken(raw interface{}) ([]byte, error) {
|
|||
b.Raw(uuid)
|
||||
return b.Bytes(), nil
|
||||
}
|
||||
|
||||
func indexSecretIDFromACLToken(raw interface{}) ([]byte, error) {
|
||||
p, ok := raw.(*structs.ACLToken)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("unexpected type %T for structs.ACLToken index", raw)
|
||||
}
|
||||
|
||||
if p.SecretID == "" {
|
||||
return nil, errMissingValueForIndex
|
||||
}
|
||||
|
||||
var b indexBuilder
|
||||
b.String(p.SecretID)
|
||||
return b.Bytes(), nil
|
||||
}
|
||||
|
||||
func indexFromStringCaseSensitive(raw interface{}) ([]byte, error) {
|
||||
q, ok := raw.(string)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("unexpected type %T for string prefix query", raw)
|
||||
}
|
||||
|
||||
var b indexBuilder
|
||||
b.String(q)
|
||||
return b.Bytes(), nil
|
||||
}
|
||||
|
|
|
@ -3737,7 +3737,7 @@ func TestStateStore_ACLTokens_Snapshot_Restore(t *testing.T) {
|
|||
require.NoError(t, err)
|
||||
require.Equal(t, uint64(4), idx)
|
||||
require.ElementsMatch(t, tokens, res)
|
||||
require.Equal(t, uint64(4), s.maxIndex("acl-tokens"))
|
||||
require.Equal(t, uint64(4), s.maxIndex(tableACLTokens))
|
||||
}()
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue