From 9f12fbd3cc9a4a832c05161251758f865279ed1e Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Wed, 15 Sep 2021 13:26:08 -0700 Subject: [PATCH] ACL Binding Rules table partitioning (#11044) * ACL Binding Rules table partitioning Signed-off-by: Mark Anderson --- agent/consul/state/acl.go | 2 +- agent/consul/state/acl_oss.go | 4 ++-- agent/consul/state/acl_oss_test.go | 12 ++++++++++++ agent/consul/state/acl_schema.go | 18 ++++++++++++++++-- 4 files changed, 31 insertions(+), 5 deletions(-) diff --git a/agent/consul/state/acl.go b/agent/consul/state/acl.go index b8e4370e09..12d08496ea 100644 --- a/agent/consul/state/acl.go +++ b/agent/consul/state/acl.go @@ -48,7 +48,7 @@ func (s *Restore) ACLRole(role *structs.ACLRole) error { // ACLBindingRules is used when saving a snapshot func (s *Snapshot) ACLBindingRules() (memdb.ResultIterator, error) { - iter, err := s.tx.Get(tableACLBindingRules, "id") + iter, err := s.tx.Get(tableACLBindingRules, indexID) if err != nil { return nil, err } diff --git a/agent/consul/state/acl_oss.go b/agent/consul/state/acl_oss.go index 05a45b33bd..b8b97b65ef 100644 --- a/agent/consul/state/acl_oss.go +++ b/agent/consul/state/acl_oss.go @@ -180,11 +180,11 @@ func aclBindingRuleInsert(tx WriteTxn, rule *structs.ACLBindingRule) error { } func aclBindingRuleGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { - return tx.FirstWatch(tableACLBindingRules, "id", id) + return tx.FirstWatch(tableACLBindingRules, indexID, id) } func aclBindingRuleList(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { - return tx.Get(tableACLBindingRules, "id") + return tx.Get(tableACLBindingRules, indexID) } func aclBindingRuleListByAuthMethod(tx ReadTxn, method string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { diff --git a/agent/consul/state/acl_oss_test.go b/agent/consul/state/acl_oss_test.go index 8f64020e22..eab938c065 100644 --- a/agent/consul/state/acl_oss_test.go +++ b/agent/consul/state/acl_oss_test.go @@ -147,7 +147,19 @@ func testIndexerTableACLBindingRules() map[string]indexerTestCase { ID: "123e4567-e89a-12d7-a456-426614174abc", AuthMethod: "BinDingRuLe", } + encodedID := []byte{0x12, 0x3e, 0x45, 0x67, 0xe8, 0x9a, 0x12, 0xd7, 0xa4, 0x56, 0x42, 0x66, 0x14, 0x17, 0x4a, 0xbc} + return map[string]indexerTestCase{ + indexID: { + read: indexValue{ + source: obj.ID, + expected: encodedID, + }, + write: indexValue{ + source: obj, + expected: encodedID, + }, + }, indexAuthMethod: { read: indexValue{ source: Query{Value: "BinDingRuLe"}, diff --git a/agent/consul/state/acl_schema.go b/agent/consul/state/acl_schema.go index d58ef06462..5c2f9a1818 100644 --- a/agent/consul/state/acl_schema.go +++ b/agent/consul/state/acl_schema.go @@ -268,8 +268,9 @@ func bindingRulesTableSchema() *memdb.TableSchema { Name: indexID, AllowMissing: false, Unique: true, - Indexer: &memdb.UUIDFieldIndex{ - Field: "ID", + Indexer: indexerSingle{ + readIndex: readIndex(indexFromUUIDString), + writeIndex: writeIndex(indexIDFromACLBindingRule), }, }, indexAuthMethod: { @@ -285,6 +286,19 @@ func bindingRulesTableSchema() *memdb.TableSchema { } } +func indexIDFromACLBindingRule(raw interface{}) ([]byte, error) { + p, ok := raw.(*structs.ACLBindingRule) + if !ok { + return nil, fmt.Errorf("unexpected type %T for structs.ACLBindingRule index", raw) + } + vv, err := uuidStringToBytes(p.ID) + if err != nil { + return nil, err + } + + return vv, err +} + func indexAuthMethodFromACLBindingRule(raw interface{}) ([]byte, error) { p, ok := raw.(*structs.ACLBindingRule) if !ok {