mirror of https://github.com/hashicorp/consul
R.B. Boyer
GitHub
commit
397e9cd459
|
|
@ -462,7 +462,6 @@ func NewServerLogger(config *Config, logger *log.Logger, tokens *token.Store) (*
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Initialize Autopilot. This must happen before starting leadership monitoring
|
// Initialize Autopilot. This must happen before starting leadership monitoring
|
||||||
// as establishing leadership could attempt to use autopilot and cause a panic.
|
// as establishing leadership could attempt to use autopilot and cause a panic.
|
||||||
s.initAutopilot(config)
|
s.initAutopilot(config)
|
||||||
|
|
@ -514,6 +513,7 @@ func (s *Server) setupRaft() error {
|
||||||
MaxPool: 3,
|
MaxPool: 3,
|
||||||
Timeout: 10 * time.Second,
|
Timeout: 10 * time.Second,
|
||||||
ServerAddressProvider: serverAddressProvider,
|
ServerAddressProvider: serverAddressProvider,
|
||||||
|
Logger: s.logger,
|
||||||
}
|
}
|
||||||
|
|
||||||
trans := raft.NewNetworkTransportWithConfig(transConfig)
|
trans := raft.NewNetworkTransportWithConfig(transConfig)
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ type TokenPoliciesIndex struct {
|
||||||
func (s *TokenPoliciesIndex) FromObject(obj interface{}) (bool, [][]byte, error) {
|
func (s *TokenPoliciesIndex) FromObject(obj interface{}) (bool, [][]byte, error) {
|
||||||
token, ok := obj.(*structs.ACLToken)
|
token, ok := obj.(*structs.ACLToken)
|
||||||
if !ok {
|
if !ok {
|
||||||
return false, nil, fmt.Errorf("object is not an ACLTokenPolicyLink")
|
return false, nil, fmt.Errorf("object is not an ACLToken")
|
||||||
}
|
}
|
||||||
|
|
||||||
links := token.Policies
|
links := token.Policies
|
||||||
|
|
@ -641,14 +641,13 @@ func (s *Store) aclPolicySetTxn(tx *memdb.Txn, idx uint64, policy *structs.ACLPo
|
||||||
return ErrMissingACLPolicyName
|
return ErrMissingACLPolicyName
|
||||||
}
|
}
|
||||||
|
|
||||||
var policyMatch *structs.ACLPolicy
|
|
||||||
existing, err := tx.First("acl-policies", "id", policy.ID)
|
existing, err := tx.First("acl-policies", "id", policy.ID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("failed acl policy lookup: %v", err)
|
return fmt.Errorf("failed acl policy lookup: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if existing != nil {
|
if existing != nil {
|
||||||
policyMatch = existing.(*structs.ACLPolicy)
|
policyMatch := existing.(*structs.ACLPolicy)
|
||||||
|
|
||||||
if policy.ID == structs.ACLPolicyGlobalManagementID {
|
if policy.ID == structs.ACLPolicyGlobalManagementID {
|
||||||
// Only the name and description are modifiable
|
// Only the name and description are modifiable
|
||||||
|
|
|
||||||
|
|
@ -21,20 +21,20 @@ var (
|
||||||
// is attempted with an empty session ID.
|
// is attempted with an empty session ID.
|
||||||
ErrMissingSessionID = errors.New("Missing session ID")
|
ErrMissingSessionID = errors.New("Missing session ID")
|
||||||
|
|
||||||
// ErrMissingACLTokenSecret is returned when an token set is called on
|
// ErrMissingACLTokenSecret is returned when a token set is called on a
|
||||||
// an token with an empty SecretID.
|
// token with an empty SecretID.
|
||||||
ErrMissingACLTokenSecret = errors.New("Missing ACL Token SecretID")
|
ErrMissingACLTokenSecret = errors.New("Missing ACL Token SecretID")
|
||||||
|
|
||||||
// ErrMissingACLTokenAccessor is returned when an token set is called on
|
// ErrMissingACLTokenAccessor is returned when a token set is called on a
|
||||||
// an token with an empty AccessorID.
|
// token with an empty AccessorID.
|
||||||
ErrMissingACLTokenAccessor = errors.New("Missing ACL Token AccessorID")
|
ErrMissingACLTokenAccessor = errors.New("Missing ACL Token AccessorID")
|
||||||
|
|
||||||
// ErrMissingACLPolicyID is returned when an policy set is called on
|
// ErrMissingACLPolicyID is returned when a policy set is called on a
|
||||||
// an policy with an empty ID.
|
// policy with an empty ID.
|
||||||
ErrMissingACLPolicyID = errors.New("Missing ACL Policy ID")
|
ErrMissingACLPolicyID = errors.New("Missing ACL Policy ID")
|
||||||
|
|
||||||
// ErrMissingACLPolicyName is returned when an policy set is called on
|
// ErrMissingACLPolicyName is returned when a policy set is called on a
|
||||||
// an policy with an empty Name.
|
// policy with an empty Name.
|
||||||
ErrMissingACLPolicyName = errors.New("Missing ACL Policy Name")
|
ErrMissingACLPolicyName = errors.New("Missing ACL Policy Name")
|
||||||
|
|
||||||
// ErrMissingQueryID is returned when a Query set is called on
|
// ErrMissingQueryID is returned when a Query set is called on
|
||||||
|
|
|
||||||
|
|
@ -41,7 +41,7 @@ func (c *cmd) init() {
|
||||||
c.flags = flag.NewFlagSet("", flag.ContinueOnError)
|
c.flags = flag.NewFlagSet("", flag.ContinueOnError)
|
||||||
c.flags.BoolVar(&c.showMeta, "meta", false, "Indicates that policy metadata such "+
|
c.flags.BoolVar(&c.showMeta, "meta", false, "Indicates that policy metadata such "+
|
||||||
"as the content hash and raft indices should be shown for each entry")
|
"as the content hash and raft indices should be shown for each entry")
|
||||||
c.flags.StringVar(&c.name, "name", "", "The new policies name. This flag is required.")
|
c.flags.StringVar(&c.name, "name", "", "The new policy's name. This flag is required.")
|
||||||
c.flags.StringVar(&c.description, "description", "", "A description of the policy")
|
c.flags.StringVar(&c.description, "description", "", "A description of the policy")
|
||||||
c.flags.Var((*flags.AppendSliceValue)(&c.datacenters), "valid-datacenter", "Datacenter "+
|
c.flags.Var((*flags.AppendSliceValue)(&c.datacenters), "valid-datacenter", "Datacenter "+
|
||||||
"that the policy should be valid within. This flag may be specified multiple times")
|
"that the policy should be valid within. This flag may be specified multiple times")
|
||||||
|
|
|
||||||
|
|
@ -82,7 +82,7 @@ Usage: `consul acl policy create [options] [args]`
|
||||||
* `-meta` - Indicates that policy metadata such as the content hash and raft
|
* `-meta` - Indicates that policy metadata such as the content hash and raft
|
||||||
indices should be shown for each entry.
|
indices should be shown for each entry.
|
||||||
|
|
||||||
* `-name=<string>` - The new policies name. This flag is required.
|
* `-name=<string>` - The new policy's name. This flag is required.
|
||||||
|
|
||||||
* `-rules=<string>` - The policy rules. May be prefixed with '@' to indicate that the
|
* `-rules=<string>` - The policy rules. May be prefixed with '@' to indicate that the
|
||||||
value is a file path to load the rules from. '-' may also be given
|
value is a file path to load the rules from. '-' may also be given
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue