status-im/consul
2
0
Fork 0
mirror of https://github.com/status-im/consul.git synced 2025-01-10 22:06:20 +00:00
Code Issues Projects Releases Wiki Activity

state: convert acl-policies table to new pattern

Browse Source
This commit is contained in:
Daniel Nephin 2021-03-16 15:29:30 -04:00
parent 340462dd72
commit eb6769ccc6
7 changed files with 73 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
agent/consul/state/acl.go
View File

@ -228,11 +228,7 @@ func (s *Restore) ACLToken(token *structs.ACLToken) error {
// ACLPolicies is used when saving a snapshot // ACLPolicies is used when saving a snapshot
func (s *Snapshot) ACLPolicies() (memdb.ResultIterator, error) { func (s *Snapshot) ACLPolicies() (memdb.ResultIterator, error) {
iter, err := s.tx.Get(tableACLPolicies, indexID) return s.tx.Get(tableACLPolicies, indexID)
if err != nil {
return nil, err
}
return iter, nil
} }
func (s *Restore) ACLPolicy(policy *structs.ACLPolicy) error { func (s *Restore) ACLPolicy(policy *structs.ACLPolicy) error {
@ -1162,7 +1158,8 @@ func aclPolicySetTxn(tx *txn, idx uint64, policy *structs.ACLPolicy) error {
} }
// ensure the name is unique (cannot conflict with another policy with a different ID) // ensure the name is unique (cannot conflict with another policy with a different ID)
_, nameMatch, err := aclPolicyGetByName(tx, policy.Name, &policy.EnterpriseMeta) q := Query{Value: policy.Name, EnterpriseMeta: policy.EnterpriseMeta}
nameMatch, err := tx.First(tableACLPolicies, indexName, q)
if err != nil { if err != nil {
return err return err
} }
@ -1195,6 +1192,15 @@ func (s *Store) ACLPolicyGetByName(ws memdb.WatchSet, name string, entMeta *stru
return s.aclPolicyGet(ws, name, aclPolicyGetByName, entMeta) return s.aclPolicyGet(ws, name, aclPolicyGetByName, entMeta)
} }
func aclPolicyGetByName(tx ReadTxn, name string, entMeta *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
// todo: accept non-pointer value
if entMeta == nil {
entMeta = structs.DefaultEnterpriseMeta()
}
q := Query{Value: name, EnterpriseMeta: *entMeta}
return tx.FirstWatch(tableACLPolicies, indexName, q)
}
func (s *Store) ACLPolicyBatchGet(ws memdb.WatchSet, ids []string) (uint64, structs.ACLPolicies, error) { func (s *Store) ACLPolicyBatchGet(ws memdb.WatchSet, ids []string) (uint64, structs.ACLPolicies, error) {
tx := s.db.Txn(false) tx := s.db.Txn(false)
defer tx.Abort() defer tx.Abort()
@ -1252,7 +1258,7 @@ func (s *Store) ACLPolicyList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta
tx := s.db.Txn(false) tx := s.db.Txn(false)
defer tx.Abort() defer tx.Abort()
iter, err := aclPolicyList(tx, entMeta) iter, err := tx.Get(tableACLPolicies, indexName+"_prefix", entMeta)
if err != nil { if err != nil {
return 0, nil, fmt.Errorf("failed acl policy lookup: %v", err) return 0, nil, fmt.Errorf("failed acl policy lookup: %v", err)
} }

24
agent/consul/state/acl_oss.go
View File

@ -4,6 +4,7 @@ package state
import ( import (
"fmt" "fmt"
"strings"
memdb "github.com/hashicorp/go-memdb" memdb "github.com/hashicorp/go-memdb"
@ -22,18 +23,25 @@ func aclPolicyInsert(tx *txn, policy *structs.ACLPolicy) error {
return nil return nil
} }
func indexNameFromACLPolicy(raw interface{}) ([]byte, error) {
p, ok := raw.(*structs.ACLPolicy)
if !ok {
return nil, fmt.Errorf("unexpected type %T for structs.ACLPolicy index", raw)
}
if p.Name == "" {
return nil, errMissingValueForIndex
}
var b indexBuilder
b.String(strings.ToLower(p.Name))
return b.Bytes(), nil
}
func aclPolicyGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { func aclPolicyGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
return tx.FirstWatch(tableACLPolicies, indexID, id) return tx.FirstWatch(tableACLPolicies, indexID, id)
} }
func aclPolicyGetByName(tx ReadTxn, name string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) {
return tx.FirstWatch(tableACLPolicies, indexName, name)
}
func aclPolicyList(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
return tx.Get(tableACLPolicies, indexID)
}
func aclPolicyDeleteWithPolicy(tx *txn, policy *structs.ACLPolicy, idx uint64) error { func aclPolicyDeleteWithPolicy(tx *txn, policy *structs.ACLPolicy, idx uint64) error {
// remove the policy // remove the policy
if err := tx.Delete(tableACLPolicies, policy); err != nil { if err := tx.Delete(tableACLPolicies, policy); err != nil {

2
agent/consul/state/acl_oss_test.go
View File

@ -23,7 +23,7 @@ func testIndexerTableACLPolicies() map[string]indexerTestCase {
}, },
indexName: { indexName: {
read: indexValue{ read: indexValue{
source: []interface{}{"PolicyName"}, source: Query{Value: "PolicyName"},
expected: []byte("policyname\x00"), expected: []byte("policyname\x00"),
}, },
write: indexValue{ write: indexValue{

8
agent/consul/state/acl_schema.go
View File

@ -125,10 +125,10 @@ func policiesTableSchema() *memdb.TableSchema {
Name: indexName, Name: indexName,
AllowMissing: false, AllowMissing: false,
Unique: true, Unique: true,
Indexer: &memdb.StringFieldIndex{ Indexer: indexerSingleWithPrefix{
Field: "Name", readIndex: readIndex(indexFromQuery),
// TODO (ACL-V2) - should we coerce to lowercase? writeIndex: writeIndex(indexNameFromACLPolicy),
Lowercase: true, prefixIndex: prefixIndex(prefixIndexFromQuery),
}, },
}, },
}, },

15
agent/consul/state/catalog_oss.go
View File

@ -103,21 +103,6 @@ func indexFromServiceNode(raw interface{}) ([]byte, error) {
return b.Bytes(), nil return b.Bytes(), nil
} }
func prefixIndexFromQuery(arg interface{}) ([]byte, error) {
var b indexBuilder
switch v := arg.(type) {
case *structs.EnterpriseMeta:
return nil, nil
case structs.EnterpriseMeta:
return nil, nil
case Query:
b.String(strings.ToLower(v.Value))
return b.Bytes(), nil
}
return nil, fmt.Errorf("unexpected type %T for NodeServiceQuery prefix index", arg)
}
func serviceIndexName(name string, _ *structs.EnterpriseMeta) string { func serviceIndexName(name string, _ *structs.EnterpriseMeta) string {
return fmt.Sprintf("service.%s", name) return fmt.Sprintf("service.%s", name)
} }

38
agent/consul/state/query_oss.go Normal file
View File

@ -0,0 +1,38 @@
// +build !consulent
package state
import (
"fmt"
"strings"
"github.com/hashicorp/consul/agent/structs"
)
// indexFromQuery builds an index key where Query.Value is lowercase, and is
// a required value.
func indexFromQuery(arg interface{}) ([]byte, error) {
q, ok := arg.(Query)
if !ok {
return nil, fmt.Errorf("unexpected type %T for Query index", arg)
}
var b indexBuilder
b.String(strings.ToLower(q.Value))
return b.Bytes(), nil
}
func prefixIndexFromQuery(arg interface{}) ([]byte, error) {
var b indexBuilder
switch v := arg.(type) {
case *structs.EnterpriseMeta:
return nil, nil
case structs.EnterpriseMeta:
return nil, nil
case Query:
b.String(strings.ToLower(v.Value))
return b.Bytes(), nil
}
return nil, fmt.Errorf("unexpected type %T for Query prefix index", arg)
}

2
agent/consul/state/testdata/TestStateStoreSchema.golden vendored
View File

@ -12,7 +12,7 @@ table=acl-policies
index=id unique index=id unique
indexer=github.com/hashicorp/go-memdb.UUIDFieldIndex Field=ID indexer=github.com/hashicorp/go-memdb.UUIDFieldIndex Field=ID
index=name unique index=name unique
indexer=github.com/hashicorp/go-memdb.StringFieldIndex Field=Name Lowercase=true indexer=github.com/hashicorp/consul/agent/consul/state.indexerSingleWithPrefix readIndex=github.com/hashicorp/consul/agent/consul/state.indexFromQuery writeIndex=github.com/hashicorp/consul/agent/consul/state.indexNameFromACLPolicy prefixIndex=github.com/hashicorp/consul/agent/consul/state.prefixIndexFromQuery
table=acl-roles table=acl-roles
index=id unique index=id unique