From e664dbc35261d4ed6712893a5c164db8a9955fef Mon Sep 17 00:00:00 2001 From: Dhia Ayachi Date: Thu, 23 Sep 2021 15:26:09 -0400 Subject: [PATCH] Refactor table index acl phase 2 (#11133) * extract common methods from oss and ent * remove unreachable code * add missing normalize for binding rules * fix oss to use Query --- agent/consul/state/acl.go | 48 +++++++++++++++++++++++++ agent/consul/state/acl_oss.go | 66 ++--------------------------------- 2 files changed, 51 insertions(+), 63 deletions(-) diff --git a/agent/consul/state/acl.go b/agent/consul/state/acl.go index 8023b95faf..548bb7c957 100644 --- a/agent/consul/state/acl.go +++ b/agent/consul/state/acl.go @@ -1741,3 +1741,51 @@ func intFromBool(cond bool) byte { } return 0 } + +func aclPolicyInsert(tx WriteTxn, policy *structs.ACLPolicy) error { + if err := tx.Insert(tableACLPolicies, policy); err != nil { + return fmt.Errorf("failed inserting acl policy: %v", err) + } + return updateTableIndexEntries(tx, tableACLPolicies, policy.ModifyIndex, &policy.EnterpriseMeta) +} + +func aclRoleInsert(tx WriteTxn, role *structs.ACLRole) error { + // insert the role into memdb + if err := tx.Insert(tableACLRoles, role); err != nil { + return fmt.Errorf("failed inserting acl role: %v", err) + } + + // update acl-roles index + return updateTableIndexEntries(tx, tableACLRoles, role.ModifyIndex, &role.EnterpriseMeta) +} + +func aclTokenInsert(tx WriteTxn, token *structs.ACLToken) error { + // insert the token into memdb + if err := tx.Insert(tableACLTokens, token); err != nil { + return fmt.Errorf("failed inserting acl token: %v", err) + } + // update the overall acl-tokens index + return updateTableIndexEntries(tx, tableACLTokens, token.ModifyIndex, token.EnterpriseMetadata()) +} + +func aclAuthMethodInsert(tx WriteTxn, method *structs.ACLAuthMethod) error { + // insert the auth method into memdb + if err := tx.Insert(tableACLAuthMethods, method); err != nil { + return fmt.Errorf("failed inserting acl role: %v", err) + } + + // update acl-auth-methods index + return updateTableIndexEntries(tx, tableACLAuthMethods, method.ModifyIndex, &method.EnterpriseMeta) +} + +func aclBindingRuleInsert(tx WriteTxn, rule *structs.ACLBindingRule) error { + rule.EnterpriseMeta.Normalize() + + // insert the role into memdb + if err := tx.Insert(tableACLBindingRules, rule); err != nil { + return fmt.Errorf("failed inserting acl role: %v", err) + } + + // update acl-binding-rules index + return updateTableIndexEntries(tx, tableACLBindingRules, rule.ModifyIndex, &rule.EnterpriseMeta) +} diff --git a/agent/consul/state/acl_oss.go b/agent/consul/state/acl_oss.go index fced3749d4..25483fa3e1 100644 --- a/agent/consul/state/acl_oss.go +++ b/agent/consul/state/acl_oss.go @@ -11,15 +11,10 @@ import ( "github.com/hashicorp/consul/agent/structs" ) -func aclPolicyInsert(tx WriteTxn, policy *structs.ACLPolicy) error { - if err := tx.Insert(tableACLPolicies, policy); err != nil { - return fmt.Errorf("failed inserting acl policy: %v", err) +func updateTableIndexEntries(tx WriteTxn, tableName string, modifyIndex uint64, _ *structs.EnterpriseMeta) error { + if err := indexUpdateMaxTxn(tx, modifyIndex, tableName); err != nil { + return fmt.Errorf("failed updating %s index: %v", tableName, err) } - - if err := indexUpdateMaxTxn(tx, policy.ModifyIndex, tableACLPolicies); err != nil { - return fmt.Errorf("failed updating acl policies index: %v", err) - } - return nil } @@ -56,20 +51,6 @@ func (s *Store) ACLPolicyUpsertValidateEnterprise(*structs.ACLPolicy, *structs.A ///// ACL Token Functions ///// /////////////////////////////////////////////////////////////////////////////// -func aclTokenInsert(tx WriteTxn, token *structs.ACLToken) error { - // insert the token into memdb - if err := tx.Insert(tableACLTokens, token); err != nil { - return fmt.Errorf("failed inserting acl token: %v", err) - } - - // update the overall acl-tokens index - if err := indexUpdateMaxTxn(tx, token.ModifyIndex, tableACLTokens); err != nil { - return fmt.Errorf("failed updating acl tokens index: %v", err) - } - - return nil -} - func aclTokenGetFromIndex(tx ReadTxn, id string, index string, entMeta *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableACLTokens, index, id) } @@ -119,19 +100,6 @@ func (s *Store) ACLTokenUpsertValidateEnterprise(token *structs.ACLToken, existi ///// ACL Role Functions ///// /////////////////////////////////////////////////////////////////////////////// -func aclRoleInsert(tx WriteTxn, role *structs.ACLRole) error { - // insert the role into memdb - if err := tx.Insert(tableACLRoles, role); err != nil { - return fmt.Errorf("failed inserting acl role: %v", err) - } - - // update the overall acl-roles index - if err := indexUpdateMaxTxn(tx, role.ModifyIndex, tableACLRoles); err != nil { - return fmt.Errorf("failed updating acl roles index: %v", err) - } - return nil -} - func aclRoleGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableACLRoles, indexID, id) } @@ -165,20 +133,6 @@ func (s *Store) ACLRoleUpsertValidateEnterprise(role *structs.ACLRole, existing ///// ACL Binding Rule Functions ///// /////////////////////////////////////////////////////////////////////////////// -func aclBindingRuleInsert(tx WriteTxn, rule *structs.ACLBindingRule) error { - // insert the role into memdb - if err := tx.Insert(tableACLBindingRules, rule); err != nil { - return fmt.Errorf("failed inserting acl role: %v", err) - } - - // update the overall acl-binding-rules index - if err := indexUpdateMaxTxn(tx, rule.ModifyIndex, tableACLBindingRules); err != nil { - return fmt.Errorf("failed updating acl binding-rules index: %v", err) - } - - return nil -} - func aclBindingRuleGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableACLBindingRules, indexID, id) } @@ -220,20 +174,6 @@ func (s *Store) ACLBindingRuleUpsertValidateEnterprise(rule *structs.ACLBindingR ///// ACL Auth Method Functions ///// /////////////////////////////////////////////////////////////////////////////// -func aclAuthMethodInsert(tx WriteTxn, method *structs.ACLAuthMethod) error { - // insert the role into memdb - if err := tx.Insert(tableACLAuthMethods, method); err != nil { - return fmt.Errorf("failed inserting acl role: %v", err) - } - - // update the overall acl-auth-methods index - if err := indexUpdateMaxTxn(tx, method.ModifyIndex, tableACLAuthMethods); err != nil { - return fmt.Errorf("failed updating acl auth methods index: %v", err) - } - - return nil -} - func aclAuthMethodGetByName(tx ReadTxn, method string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableACLAuthMethods, indexID, Query{Value: method}) }