agent: Changing ACL config names

This commit is contained in:
Armon Dadgar 2014-08-05 15:03:47 -07:00
parent 7e5fdeb64b
commit 9cd9a6bcc4
2 changed files with 28 additions and 13 deletions

View File

@ -203,10 +203,16 @@ type Config struct {
// If this is not set, ACLs are not enabled. Off by default.
ACLDatacenter string `mapstructure:"acl_datacenter"`
// ACLCacheInterval is used to control how long ACLs are cached. This has
// ACLTTL is used to control the time-to-live of cached ACLs . This has
// a major impact on performance. By default, it is set to 30 seconds.
ACLCacheInterval time.Duration `mapstructure:"-"`
ACLCacheIntervalRaw string `mapstructure:"acl_cache_interval"`
ACLTTL time.Duration `mapstructure:"-"`
ACLTTLRaw string `mapstructure:"acl_ttl"`
// ACLDefaultPolicy is used to control the ACL interaction when
// there is no defined policy. This can be "allow" which means
// ACLs are used to black-list, or "deny" which means ACLs are
// white-lists.
ACLDefaultPolicy string `mapstructure:"acl_default_policy"`
// ACLDownPolicy is used to control the ACL interaction when we cannot
// reach the ACLDatacenter and the token is not in the cache.
@ -270,8 +276,9 @@ func DefaultConfig() *Config {
Protocol: consul.ProtocolVersionMax,
CheckUpdateInterval: 5 * time.Minute,
AEInterval: time.Minute,
ACLCacheInterval: 30 * time.Second,
ACLTTL: 30 * time.Second,
ACLDownPolicy: "extend-cache",
ACLDefaultPolicy: "allow",
}
}
@ -367,12 +374,12 @@ func DecodeConfig(r io.Reader) (*Config, error) {
result.CheckUpdateInterval = dur
}
if raw := result.ACLCacheIntervalRaw; raw != "" {
if raw := result.ACLTTLRaw; raw != "" {
dur, err := time.ParseDuration(raw)
if err != nil {
return nil, fmt.Errorf("ACLCacheInterval invalid: %v", err)
return nil, fmt.Errorf("ACL TTL invalid: %v", err)
}
result.ACLCacheInterval = dur
result.ACLTTL = dur
}
return &result, nil
@ -623,13 +630,16 @@ func MergeConfig(a, b *Config) *Config {
if b.ACLDatacenter != "" {
result.ACLDatacenter = b.ACLDatacenter
}
if b.ACLCacheIntervalRaw != "" {
result.ACLCacheInterval = b.ACLCacheInterval
result.ACLCacheIntervalRaw = b.ACLCacheIntervalRaw
if b.ACLTTLRaw != "" {
result.ACLTTL = b.ACLTTL
result.ACLTTLRaw = b.ACLTTLRaw
}
if b.ACLDownPolicy != "" {
result.ACLDownPolicy = b.ACLDownPolicy
}
if b.ACLDefaultPolicy != "" {
result.ACLDefaultPolicy = b.ACLDefaultPolicy
}
// Copy the start join addresses
result.StartJoin = make([]string, 0, len(a.StartJoin)+len(b.StartJoin))

View File

@ -359,7 +359,8 @@ func TestDecodeConfig(t *testing.T) {
// ACLs
input = `{"acl_token": "1234", "acl_datacenter": "dc2",
"acl_cache_interval": "60s", "acl_down_policy": "deny"}`
"acl_cache_interval": "60s", "acl_down_policy": "deny",
"acl_default_policy": "deny"}`
config, err = DecodeConfig(bytes.NewReader([]byte(input)))
if err != nil {
t.Fatalf("err: %s", err)
@ -377,6 +378,9 @@ func TestDecodeConfig(t *testing.T) {
if config.ACLDownPolicy != "deny" {
t.Fatalf("bad: %#v", config)
}
if config.ACLDefaultPolicy != "deny" {
t.Fatalf("bad: %#v", config)
}
}
func TestDecodeConfig_Service(t *testing.T) {
@ -526,9 +530,10 @@ func TestMergeConfig(t *testing.T) {
CheckUpdateIntervalRaw: "8m",
ACLToken: "1234",
ACLDatacenter: "dc2",
ACLCacheInterval: 15 * time.Second,
ACLCacheIntervalRaw: "15s",
ACLTTL: 15 * time.Second,
ACLTTLRaw: "15s",
ACLDownPolicy: "deny",
ACLDefaultPolicy: "deny",
}
c := MergeConfig(a, b)