diff --git a/agent/consul/state/acl.go b/agent/consul/state/acl.go index 9efc28ef7e..8023b95faf 100644 --- a/agent/consul/state/acl.go +++ b/agent/consul/state/acl.go @@ -61,7 +61,7 @@ func (s *Restore) ACLBindingRule(rule *structs.ACLBindingRule) error { // ACLAuthMethods is used when saving a snapshot func (s *Snapshot) ACLAuthMethods() (memdb.ResultIterator, error) { - iter, err := s.tx.Get("acl-auth-methods", "id") + iter, err := s.tx.Get(tableACLAuthMethods, indexID) if err != nil { return nil, err } diff --git a/agent/consul/state/acl_oss.go b/agent/consul/state/acl_oss.go index b8b97b65ef..fced3749d4 100644 --- a/agent/consul/state/acl_oss.go +++ b/agent/consul/state/acl_oss.go @@ -222,12 +222,12 @@ func (s *Store) ACLBindingRuleUpsertValidateEnterprise(rule *structs.ACLBindingR func aclAuthMethodInsert(tx WriteTxn, method *structs.ACLAuthMethod) error { // insert the role into memdb - if err := tx.Insert("acl-auth-methods", method); err != nil { + if err := tx.Insert(tableACLAuthMethods, method); err != nil { return fmt.Errorf("failed inserting acl role: %v", err) } // update the overall acl-auth-methods index - if err := indexUpdateMaxTxn(tx, method.ModifyIndex, "acl-auth-methods"); err != nil { + if err := indexUpdateMaxTxn(tx, method.ModifyIndex, tableACLAuthMethods); err != nil { return fmt.Errorf("failed updating acl auth methods index: %v", err) } @@ -235,28 +235,28 @@ func aclAuthMethodInsert(tx WriteTxn, method *structs.ACLAuthMethod) error { } func aclAuthMethodGetByName(tx ReadTxn, method string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { - return tx.FirstWatch("acl-auth-methods", "id", method) + return tx.FirstWatch(tableACLAuthMethods, indexID, Query{Value: method}) } func aclAuthMethodList(tx ReadTxn, entMeta *structs.EnterpriseMeta) (memdb.ResultIterator, error) { - return tx.Get("acl-auth-methods", "id") + return tx.Get(tableACLAuthMethods, indexID) } func aclAuthMethodDeleteWithMethod(tx WriteTxn, method *structs.ACLAuthMethod, idx uint64) error { // remove the method - if err := tx.Delete("acl-auth-methods", method); err != nil { + if err := tx.Delete(tableACLAuthMethods, method); err != nil { return fmt.Errorf("failed deleting acl auth method: %v", err) } // update the overall acl-auth-methods index - if err := indexUpdateMaxTxn(tx, idx, "acl-auth-methods"); err != nil { + if err := indexUpdateMaxTxn(tx, idx, tableACLAuthMethods); err != nil { return fmt.Errorf("failed updating acl auth methods index: %v", err) } return nil } func aclAuthMethodMaxIndex(tx ReadTxn, _ *structs.ACLAuthMethod, entMeta *structs.EnterpriseMeta) uint64 { - return maxIndexTxn(tx, "acl-auth-methods") + return maxIndexTxn(tx, tableACLAuthMethods) } func aclAuthMethodUpsertValidateEnterprise(_ ReadTxn, method *structs.ACLAuthMethod, existing *structs.ACLAuthMethod) error { diff --git a/agent/consul/state/acl_oss_test.go b/agent/consul/state/acl_oss_test.go index eab938c065..4ca8fce515 100644 --- a/agent/consul/state/acl_oss_test.go +++ b/agent/consul/state/acl_oss_test.go @@ -172,3 +172,23 @@ func testIndexerTableACLBindingRules() map[string]indexerTestCase { }, } } + +func testIndexerTableACLAuthMethods() map[string]indexerTestCase { + obj := &structs.ACLAuthMethod{ + Name: "ThEAuthMethod", + EnterpriseMeta: structs.EnterpriseMeta{}, + } + encodedName := []byte{0x74, 0x68, 0x65, 0x61, 0x75, 0x74, 0x68, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x0} + return map[string]indexerTestCase{ + indexID: { + read: indexValue{ + source: obj.Name, + expected: encodedName, + }, + write: indexValue{ + source: obj, + expected: encodedName, + }, + }, + } +} diff --git a/agent/consul/state/acl_schema.go b/agent/consul/state/acl_schema.go index 5c2f9a1818..20210182fd 100644 --- a/agent/consul/state/acl_schema.go +++ b/agent/consul/state/acl_schema.go @@ -314,23 +314,6 @@ func indexAuthMethodFromACLBindingRule(raw interface{}) ([]byte, error) { return b.Bytes(), nil } -func authMethodsTableSchema() *memdb.TableSchema { - return &memdb.TableSchema{ - Name: tableACLAuthMethods, - Indexes: map[string]*memdb.IndexSchema{ - indexID: { - Name: indexID, - AllowMissing: false, - Unique: true, - Indexer: &memdb.StringFieldIndex{ - Field: "Name", - Lowercase: true, - }, - }, - }, - } -} - func indexFromUUIDString(raw interface{}) ([]byte, error) { index, ok := raw.(string) if !ok { @@ -499,3 +482,35 @@ func indexExpiresFromACLToken(raw interface{}, local bool) ([]byte, error) { b.Time(*p.ExpirationTime) return b.Bytes(), nil } + +func authMethodsTableSchema() *memdb.TableSchema { + return &memdb.TableSchema{ + Name: tableACLAuthMethods, + Indexes: map[string]*memdb.IndexSchema{ + indexID: { + Name: indexID, + AllowMissing: false, + Unique: true, + Indexer: indexerSingle{ + readIndex: indexFromQuery, + writeIndex: indexNameFromACLAuthMethod, + }, + }, + }, + } +} + +func indexNameFromACLAuthMethod(raw interface{}) ([]byte, error) { + p, ok := raw.(*structs.ACLAuthMethod) + if !ok { + return nil, fmt.Errorf("unexpected type %T for structs.ACLAuthMethod index", raw) + } + + if p.Name == "" { + return nil, errMissingValueForIndex + } + + var b indexBuilder + b.String(strings.ToLower(p.Name)) + return b.Bytes(), nil +} diff --git a/agent/consul/state/acl_test.go b/agent/consul/state/acl_test.go index 3f11dd125c..768efb4087 100644 --- a/agent/consul/state/acl_test.go +++ b/agent/consul/state/acl_test.go @@ -4149,7 +4149,7 @@ func TestStateStore_ACLAuthMethods_Snapshot_Restore(t *testing.T) { require.NoError(t, err) require.Equal(t, uint64(2), idx) require.ElementsMatch(t, methods, res) - require.Equal(t, uint64(2), s.maxIndex("acl-auth-methods")) + require.Equal(t, uint64(2), s.maxIndex(tableACLAuthMethods)) }() }