mirror of https://github.com/status-im/consul.git
consul: simplify keyring operations
This commit is contained in:
parent
ee03c6a4b8
commit
648c7cdc8e
|
@ -117,10 +117,7 @@ func loadKeyringFile(c *serf.Config) error {
|
||||||
|
|
||||||
// keyringProcess is used to abstract away the semantic similarities in
|
// keyringProcess is used to abstract away the semantic similarities in
|
||||||
// performing various operations on the encryption keyring.
|
// performing various operations on the encryption keyring.
|
||||||
func (a *Agent) keyringProcess(
|
func (a *Agent) keyringProcess(args *structs.KeyringRequest) (*structs.KeyringResponses, error) {
|
||||||
method string,
|
|
||||||
args *structs.KeyringRequest) (*structs.KeyringResponses, error) {
|
|
||||||
|
|
||||||
// Allow any server to handle the request, since this is
|
// Allow any server to handle the request, since this is
|
||||||
// done over the gossip protocol.
|
// done over the gossip protocol.
|
||||||
args.AllowStale = true
|
args.AllowStale = true
|
||||||
|
@ -129,7 +126,7 @@ func (a *Agent) keyringProcess(
|
||||||
if a.server == nil {
|
if a.server == nil {
|
||||||
return nil, fmt.Errorf("keyring operations must run against a server node")
|
return nil, fmt.Errorf("keyring operations must run against a server node")
|
||||||
}
|
}
|
||||||
if err := a.RPC(method, args, &reply); err != nil {
|
if err := a.RPC("Internal.KeyringOperation", args, &reply); err != nil {
|
||||||
return &reply, err
|
return &reply, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -140,23 +137,23 @@ func (a *Agent) keyringProcess(
|
||||||
// includes both servers and clients in all DC's.
|
// includes both servers and clients in all DC's.
|
||||||
func (a *Agent) ListKeys() (*structs.KeyringResponses, error) {
|
func (a *Agent) ListKeys() (*structs.KeyringResponses, error) {
|
||||||
args := structs.KeyringRequest{Operation: structs.KeyringList}
|
args := structs.KeyringRequest{Operation: structs.KeyringList}
|
||||||
return a.keyringProcess("Internal.KeyringOperation", &args)
|
return a.keyringProcess(&args)
|
||||||
}
|
}
|
||||||
|
|
||||||
// InstallKey installs a new gossip encryption key
|
// InstallKey installs a new gossip encryption key
|
||||||
func (a *Agent) InstallKey(key string) (*structs.KeyringResponses, error) {
|
func (a *Agent) InstallKey(key string) (*structs.KeyringResponses, error) {
|
||||||
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringInstall}
|
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringInstall}
|
||||||
return a.keyringProcess("Internal.KeyringOperation", &args)
|
return a.keyringProcess(&args)
|
||||||
}
|
}
|
||||||
|
|
||||||
// UseKey changes the primary encryption key used to encrypt messages
|
// UseKey changes the primary encryption key used to encrypt messages
|
||||||
func (a *Agent) UseKey(key string) (*structs.KeyringResponses, error) {
|
func (a *Agent) UseKey(key string) (*structs.KeyringResponses, error) {
|
||||||
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringUse}
|
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringUse}
|
||||||
return a.keyringProcess("Internal.KeyringOperation", &args)
|
return a.keyringProcess(&args)
|
||||||
}
|
}
|
||||||
|
|
||||||
// RemoveKey will remove a gossip encryption key from the keyring
|
// RemoveKey will remove a gossip encryption key from the keyring
|
||||||
func (a *Agent) RemoveKey(key string) (*structs.KeyringResponses, error) {
|
func (a *Agent) RemoveKey(key string) (*structs.KeyringResponses, error) {
|
||||||
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringRemove}
|
args := structs.KeyringRequest{Key: key, Operation: structs.KeyringRemove}
|
||||||
return a.keyringProcess("Internal.KeyringOperation", &args)
|
return a.keyringProcess(&args)
|
||||||
}
|
}
|
||||||
|
|
|
@ -72,10 +72,9 @@ func (m *Internal) KeyringOperation(
|
||||||
reply *structs.KeyringResponses) error {
|
reply *structs.KeyringResponses) error {
|
||||||
|
|
||||||
m.executeKeyringOp(args, reply, false)
|
m.executeKeyringOp(args, reply, false)
|
||||||
|
|
||||||
if !args.Forwarded {
|
if !args.Forwarded {
|
||||||
m.executeKeyringOp(args, reply, true)
|
|
||||||
args.Forwarded = true
|
args.Forwarded = true
|
||||||
|
m.executeKeyringOp(args, reply, true)
|
||||||
return m.srv.globalRPC("Internal.KeyringOperation", args, reply)
|
return m.srv.globalRPC("Internal.KeyringOperation", args, reply)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -92,10 +91,8 @@ func (m *Internal) executeKeyringOp(
|
||||||
|
|
||||||
var serfResp *serf.KeyResponse
|
var serfResp *serf.KeyResponse
|
||||||
var err error
|
var err error
|
||||||
|
|
||||||
dc := m.srv.config.Datacenter
|
|
||||||
|
|
||||||
var mgr *serf.KeyManager
|
var mgr *serf.KeyManager
|
||||||
|
|
||||||
if wan {
|
if wan {
|
||||||
mgr = m.srv.KeyManagerWAN()
|
mgr = m.srv.KeyManagerWAN()
|
||||||
} else {
|
} else {
|
||||||
|
@ -120,7 +117,7 @@ func (m *Internal) executeKeyringOp(
|
||||||
|
|
||||||
reply.Responses = append(reply.Responses, &structs.KeyringResponse{
|
reply.Responses = append(reply.Responses, &structs.KeyringResponse{
|
||||||
WAN: wan,
|
WAN: wan,
|
||||||
Datacenter: dc,
|
Datacenter: m.srv.config.Datacenter,
|
||||||
Messages: serfResp.Messages,
|
Messages: serfResp.Messages,
|
||||||
Keys: serfResp.Keys,
|
Keys: serfResp.Keys,
|
||||||
NumNodes: serfResp.NumNodes,
|
NumNodes: serfResp.NumNodes,
|
||||||
|
|
|
@ -229,11 +229,8 @@ func (s *Server) forwardDC(method, dc string, args interface{}, reply interface{
|
||||||
func (s *Server) globalRPC(method string, args interface{},
|
func (s *Server) globalRPC(method string, args interface{},
|
||||||
reply structs.CompoundResponse) error {
|
reply structs.CompoundResponse) error {
|
||||||
|
|
||||||
if reply == nil {
|
totalDC := len(s.remoteConsuls)
|
||||||
return fmt.Errorf("nil reply struct")
|
if totalDC == 1 {
|
||||||
}
|
|
||||||
rlen := len(s.remoteConsuls)
|
|
||||||
if rlen < 2 {
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -253,17 +250,14 @@ func (s *Server) globalRPC(method string, args interface{},
|
||||||
}()
|
}()
|
||||||
}
|
}
|
||||||
|
|
||||||
done := 0
|
replies := 0
|
||||||
for {
|
for replies < totalDC {
|
||||||
select {
|
select {
|
||||||
case err := <-errorCh:
|
case err := <-errorCh:
|
||||||
return err
|
return err
|
||||||
case rr := <-respCh:
|
case rr := <-respCh:
|
||||||
reply.Add(rr)
|
reply.Add(rr)
|
||||||
done++
|
replies++
|
||||||
}
|
|
||||||
if done == rlen {
|
|
||||||
break
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
|
Loading…
Reference in New Issue