agent: write-level keyring ACLs work

This commit is contained in:
Ryan Uber 2015-07-07 10:36:51 -06:00
parent bffc0861cc
commit 5c65bc7df2
4 changed files with 18 additions and 12 deletions

View File

@ -128,19 +128,22 @@ func (a *Agent) ListKeys(token string) (*structs.KeyringResponses, error) {
} }
// InstallKey installs a new gossip encryption key // InstallKey installs a new gossip encryption key
func (a *Agent) InstallKey(key string) (*structs.KeyringResponses, error) { func (a *Agent) InstallKey(key, token string) (*structs.KeyringResponses, error) {
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringInstall} args := structs.KeyringRequest{Key: key, Operation: structs.KeyringInstall}
args.Token = token
return a.keyringProcess(&args) return a.keyringProcess(&args)
} }
// UseKey changes the primary encryption key used to encrypt messages // UseKey changes the primary encryption key used to encrypt messages
func (a *Agent) UseKey(key string) (*structs.KeyringResponses, error) { func (a *Agent) UseKey(key, token string) (*structs.KeyringResponses, error) {
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringUse} args := structs.KeyringRequest{Key: key, Operation: structs.KeyringUse}
args.Token = token
return a.keyringProcess(&args) return a.keyringProcess(&args)
} }
// RemoveKey will remove a gossip encryption key from the keyring // RemoveKey will remove a gossip encryption key from the keyring
func (a *Agent) RemoveKey(key string) (*structs.KeyringResponses, error) { func (a *Agent) RemoveKey(key, token string) (*structs.KeyringResponses, error) {
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringRemove} args := structs.KeyringRequest{Key: key, Operation: structs.KeyringRemove}
args.Token = token
return a.keyringProcess(&args) return a.keyringProcess(&args)
} }

View File

@ -636,11 +636,11 @@ func (i *AgentRPC) handleKeyring(client *rpcClient, seq uint64, cmd, token strin
case listKeysCommand: case listKeysCommand:
queryResp, err = i.agent.ListKeys(token) queryResp, err = i.agent.ListKeys(token)
case installKeyCommand: case installKeyCommand:
queryResp, err = i.agent.InstallKey(req.Key) queryResp, err = i.agent.InstallKey(req.Key, token)
case useKeyCommand: case useKeyCommand:
queryResp, err = i.agent.UseKey(req.Key) queryResp, err = i.agent.UseKey(req.Key, token)
case removeKeyCommand: case removeKeyCommand:
queryResp, err = i.agent.RemoveKey(req.Key) queryResp, err = i.agent.RemoveKey(req.Key, token)
default: default:
respHeader := responseHeader{Seq: seq, Error: unsupportedCommand} respHeader := responseHeader{Seq: seq, Error: unsupportedCommand}
client.Send(&respHeader, nil) client.Send(&respHeader, nil)

View File

@ -199,10 +199,11 @@ func (c *RPCClient) ListKeys(token string) (keyringResponse, error) {
return resp, err return resp, err
} }
func (c *RPCClient) InstallKey(key string) (keyringResponse, error) { func (c *RPCClient) InstallKey(key, token string) (keyringResponse, error) {
header := requestHeader{ header := requestHeader{
Command: installKeyCommand, Command: installKeyCommand,
Seq: c.getSeq(), Seq: c.getSeq(),
Token: token,
} }
req := keyringRequest{key} req := keyringRequest{key}
var resp keyringResponse var resp keyringResponse
@ -210,10 +211,11 @@ func (c *RPCClient) InstallKey(key string) (keyringResponse, error) {
return resp, err return resp, err
} }
func (c *RPCClient) UseKey(key string) (keyringResponse, error) { func (c *RPCClient) UseKey(key, token string) (keyringResponse, error) {
header := requestHeader{ header := requestHeader{
Command: useKeyCommand, Command: useKeyCommand,
Seq: c.getSeq(), Seq: c.getSeq(),
Token: token,
} }
req := keyringRequest{key} req := keyringRequest{key}
var resp keyringResponse var resp keyringResponse
@ -221,10 +223,11 @@ func (c *RPCClient) UseKey(key string) (keyringResponse, error) {
return resp, err return resp, err
} }
func (c *RPCClient) RemoveKey(key string) (keyringResponse, error) { func (c *RPCClient) RemoveKey(key, token string) (keyringResponse, error) {
header := requestHeader{ header := requestHeader{
Command: removeKeyCommand, Command: removeKeyCommand,
Seq: c.getSeq(), Seq: c.getSeq(),
Token: token,
} }
req := keyringRequest{key} req := keyringRequest{key}
var resp keyringResponse var resp keyringResponse

View File

@ -80,7 +80,7 @@ func (c *KeyringCommand) Run(args []string) int {
if installKey != "" { if installKey != "" {
c.Ui.Info("Installing new gossip encryption key...") c.Ui.Info("Installing new gossip encryption key...")
r, err := client.InstallKey(installKey) r, err := client.InstallKey(installKey, token)
if err != nil { if err != nil {
c.Ui.Error(fmt.Sprintf("error: %s", err)) c.Ui.Error(fmt.Sprintf("error: %s", err))
return 1 return 1
@ -90,7 +90,7 @@ func (c *KeyringCommand) Run(args []string) int {
if useKey != "" { if useKey != "" {
c.Ui.Info("Changing primary gossip encryption key...") c.Ui.Info("Changing primary gossip encryption key...")
r, err := client.UseKey(useKey) r, err := client.UseKey(useKey, token)
if err != nil { if err != nil {
c.Ui.Error(fmt.Sprintf("error: %s", err)) c.Ui.Error(fmt.Sprintf("error: %s", err))
return 1 return 1
@ -100,7 +100,7 @@ func (c *KeyringCommand) Run(args []string) int {
if removeKey != "" { if removeKey != "" {
c.Ui.Info("Removing gossip encryption key...") c.Ui.Info("Removing gossip encryption key...")
r, err := client.RemoveKey(removeKey) r, err := client.RemoveKey(removeKey, token)
if err != nil { if err != nil {
c.Ui.Error(fmt.Sprintf("error: %s", err)) c.Ui.Error(fmt.Sprintf("error: %s", err))
return 1 return 1