partitions/authmethod-index work from enterprise (#11056)

* partitions/authmethod-index work from enterprise Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-09-22 13:19:20 -07:00 · 2021-09-22 13:19:20 -07:00 · d88d9e71c2
parent f972048ebc
commit d88d9e71c2
5 changed files with 61 additions and 26 deletions
--- a/agent/consul/state/acl.go
+++ b/agent/consul/state/acl.go
@ -61,7 +61,7 @@ func (s *Restore) ACLBindingRule(rule *structs.ACLBindingRule) error {

 // ACLAuthMethods is used when saving a snapshot
 func (s *Snapshot) ACLAuthMethods() (memdb.ResultIterator, error) {
-	iter, err := s.tx.Get("acl-auth-methods", "id")
+	iter, err := s.tx.Get(tableACLAuthMethods, indexID)
 	if err != nil {
 		return nil, err
 	}
--- a/agent/consul/state/acl_oss.go
+++ b/agent/consul/state/acl_oss.go
@ -222,12 +222,12 @@ func (s *Store) ACLBindingRuleUpsertValidateEnterprise(rule *structs.ACLBindingR

 func aclAuthMethodInsert(tx WriteTxn, method *structs.ACLAuthMethod) error {
 	// insert the role into memdb
-	if err := tx.Insert("acl-auth-methods", method); err != nil {
+	if err := tx.Insert(tableACLAuthMethods, method); err != nil {
 		return fmt.Errorf("failed inserting acl role: %v", err)
 	}

 	// update the overall acl-auth-methods index
-	if err := indexUpdateMaxTxn(tx, method.ModifyIndex, "acl-auth-methods"); err != nil {
+	if err := indexUpdateMaxTxn(tx, method.ModifyIndex, tableACLAuthMethods); err != nil {
 		return fmt.Errorf("failed updating acl auth methods index: %v", err)
 	}

@ -235,28 +235,28 @@ func aclAuthMethodInsert(tx WriteTxn, method *structs.ACLAuthMethod) error {
 }

 func aclAuthMethodGetByName(tx ReadTxn, method string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
-	return tx.FirstWatch("acl-auth-methods", "id", method)
+	return tx.FirstWatch(tableACLAuthMethods, indexID, Query{Value: method})
 }

 func aclAuthMethodList(tx ReadTxn, entMeta *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
-	return tx.Get("acl-auth-methods", "id")
+	return tx.Get(tableACLAuthMethods, indexID)
 }

 func aclAuthMethodDeleteWithMethod(tx WriteTxn, method *structs.ACLAuthMethod, idx uint64) error {
 	// remove the method
-	if err := tx.Delete("acl-auth-methods", method); err != nil {
+	if err := tx.Delete(tableACLAuthMethods, method); err != nil {
 		return fmt.Errorf("failed deleting acl auth method: %v", err)
 	}

 	// update the overall acl-auth-methods index
-	if err := indexUpdateMaxTxn(tx, idx, "acl-auth-methods"); err != nil {
+	if err := indexUpdateMaxTxn(tx, idx, tableACLAuthMethods); err != nil {
 		return fmt.Errorf("failed updating acl auth methods index: %v", err)
 	}
 	return nil
 }

 func aclAuthMethodMaxIndex(tx ReadTxn, _ *structs.ACLAuthMethod, entMeta *structs.EnterpriseMeta) uint64 {
-	return maxIndexTxn(tx, "acl-auth-methods")
+	return maxIndexTxn(tx, tableACLAuthMethods)
 }

 func aclAuthMethodUpsertValidateEnterprise(_ ReadTxn, method *structs.ACLAuthMethod, existing *structs.ACLAuthMethod) error {
--- a/agent/consul/state/acl_oss_test.go
+++ b/agent/consul/state/acl_oss_test.go
@ -172,3 +172,23 @@ func testIndexerTableACLBindingRules() map[string]indexerTestCase {
 		},
 	}
 }
+
+func testIndexerTableACLAuthMethods() map[string]indexerTestCase {
+	obj := &structs.ACLAuthMethod{
+		Name:           "ThEAuthMethod",
+		EnterpriseMeta: structs.EnterpriseMeta{},
+	}
+	encodedName := []byte{0x74, 0x68, 0x65, 0x61, 0x75, 0x74, 0x68, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x0}
+	return map[string]indexerTestCase{
+		indexID: {
+			read: indexValue{
+				source:   obj.Name,
+				expected: encodedName,
+			},
+			write: indexValue{
+				source:   obj,
+				expected: encodedName,
+			},
+		},
+	}
+}
--- a/agent/consul/state/acl_schema.go
+++ b/agent/consul/state/acl_schema.go
@ -314,23 +314,6 @@ func indexAuthMethodFromACLBindingRule(raw interface{}) ([]byte, error) {
 	return b.Bytes(), nil
 }

-func authMethodsTableSchema() *memdb.TableSchema {
-	return &memdb.TableSchema{
-		Name: tableACLAuthMethods,
-		Indexes: map[string]*memdb.IndexSchema{
-			indexID: {
-				Name:         indexID,
-				AllowMissing: false,
-				Unique:       true,
-				Indexer: &memdb.StringFieldIndex{
-					Field:     "Name",
-					Lowercase: true,
-				},
-			},
-		},
-	}
-}
-
 func indexFromUUIDString(raw interface{}) ([]byte, error) {
 	index, ok := raw.(string)
 	if !ok {
@ -499,3 +482,35 @@ func indexExpiresFromACLToken(raw interface{}, local bool) ([]byte, error) {
 	b.Time(*p.ExpirationTime)
 	return b.Bytes(), nil
 }
+
+func authMethodsTableSchema() *memdb.TableSchema {
+	return &memdb.TableSchema{
+		Name: tableACLAuthMethods,
+		Indexes: map[string]*memdb.IndexSchema{
+			indexID: {
+				Name:         indexID,
+				AllowMissing: false,
+				Unique:       true,
+				Indexer: indexerSingle{
+					readIndex:  indexFromQuery,
+					writeIndex: indexNameFromACLAuthMethod,
+				},
+			},
+		},
+	}
+}
+
+func indexNameFromACLAuthMethod(raw interface{}) ([]byte, error) {
+	p, ok := raw.(*structs.ACLAuthMethod)
+	if !ok {
+		return nil, fmt.Errorf("unexpected type %T for structs.ACLAuthMethod index", raw)
+	}
+
+	if p.Name == "" {
+		return nil, errMissingValueForIndex
+	}
+
+	var b indexBuilder
+	b.String(strings.ToLower(p.Name))
+	return b.Bytes(), nil
+}
--- a/agent/consul/state/acl_test.go
+++ b/agent/consul/state/acl_test.go
@ -4149,7 +4149,7 @@ func TestStateStore_ACLAuthMethods_Snapshot_Restore(t *testing.T) {
 		require.NoError(t, err)
 		require.Equal(t, uint64(2), idx)
 		require.ElementsMatch(t, methods, res)
-		require.Equal(t, uint64(2), s.maxIndex("acl-auth-methods"))
+		require.Equal(t, uint64(2), s.maxIndex(tableACLAuthMethods))
 	}()
 }