mirror of https://github.com/hashicorp/consul
Changes to more idiomatic "ok" pattern for prefix getter.
parent
e283f9512e
commit
87ceb2f3de
|
@ -389,9 +389,9 @@ func (f *aclFilter) filterPreparedQueries(queries *structs.PreparedQueries) {
|
|||
for _, query := range *queries {
|
||||
// If no prefix ACL applies to this query then filter it, since
|
||||
// we know at this point the user doesn't have a management
|
||||
// token.
|
||||
prefix := query.GetACLPrefix()
|
||||
if prefix == nil || !f.acl.PreparedQueryRead(*prefix) {
|
||||
// token, otherwise see what the policy says.
|
||||
prefix, ok := query.GetACLPrefix()
|
||||
if !ok || !f.acl.PreparedQueryRead(prefix) {
|
||||
f.logger.Printf("[DEBUG] consul: dropping prepared query %q from result due to ACLs", query.ID)
|
||||
continue
|
||||
}
|
||||
|
|
|
@ -65,8 +65,8 @@ func (p *PreparedQuery) Apply(args *structs.PreparedQueryRequest, reply *string)
|
|||
// If prefix ACLs apply to the incoming query, then do an ACL check. We
|
||||
// need to make sure they have write access for whatever they are
|
||||
// proposing.
|
||||
if prefix := args.Query.GetACLPrefix(); prefix != nil {
|
||||
if acl != nil && !acl.PreparedQueryWrite(*prefix) {
|
||||
if prefix, ok := args.Query.GetACLPrefix(); ok {
|
||||
if acl != nil && !acl.PreparedQueryWrite(prefix) {
|
||||
p.srv.logger.Printf("[WARN] consul.prepared_query: Operation on prepared query '%s' denied due to ACLs", args.Query.ID)
|
||||
return permissionDeniedErr
|
||||
}
|
||||
|
@ -85,8 +85,8 @@ func (p *PreparedQuery) Apply(args *structs.PreparedQueryRequest, reply *string)
|
|||
return fmt.Errorf("Cannot modify non-existent prepared query: '%s'", args.Query.ID)
|
||||
}
|
||||
|
||||
if prefix := query.GetACLPrefix(); prefix != nil {
|
||||
if acl != nil && !acl.PreparedQueryWrite(*prefix) {
|
||||
if prefix, ok := query.GetACLPrefix(); ok {
|
||||
if acl != nil && !acl.PreparedQueryWrite(prefix) {
|
||||
p.srv.logger.Printf("[WARN] consul.prepared_query: Operation on prepared query '%s' denied due to ACLs", args.Query.ID)
|
||||
return permissionDeniedErr
|
||||
}
|
||||
|
@ -216,7 +216,7 @@ func (p *PreparedQuery) Get(args *structs.PreparedQuerySpecificRequest,
|
|||
// always allowed to see it if they have the ID.
|
||||
reply.Index = index
|
||||
reply.Queries = structs.PreparedQueries{query}
|
||||
if prefix := query.GetACLPrefix(); prefix == nil {
|
||||
if _, ok := query.GetACLPrefix(); !ok {
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
@ -73,13 +73,14 @@ type PreparedQuery struct {
|
|||
}
|
||||
|
||||
// GetACLPrefix returns the prefix to look up the prepared_query ACL policy for
|
||||
// this query, or nil if such a policy doesn't apply.
|
||||
func (pq *PreparedQuery) GetACLPrefix() *string {
|
||||
// this query, and whether the prefix applies to this query. You always need to
|
||||
// check the ok value before using the prefix.
|
||||
func (pq *PreparedQuery) GetACLPrefix() (string, bool) {
|
||||
if pq.Name != "" {
|
||||
return &pq.Name
|
||||
return pq.Name, true
|
||||
}
|
||||
|
||||
return nil
|
||||
return "", false
|
||||
}
|
||||
|
||||
type PreparedQueries []*PreparedQuery
|
||||
|
|
|
@ -6,12 +6,12 @@ import (
|
|||
|
||||
func TestStructs_PreparedQuery_GetACLPrefix(t *testing.T) {
|
||||
ephemeral := &PreparedQuery{}
|
||||
if prefix := ephemeral.GetACLPrefix(); prefix != nil {
|
||||
t.Fatalf("bad: %#v", prefix)
|
||||
if prefix, ok := ephemeral.GetACLPrefix(); ok {
|
||||
t.Fatalf("bad: %s", prefix)
|
||||
}
|
||||
|
||||
named := &PreparedQuery{Name: "hello"}
|
||||
if prefix := named.GetACLPrefix(); prefix == nil || *prefix != "hello" {
|
||||
if prefix, ok := named.GetACLPrefix(); !ok || prefix != "hello" {
|
||||
t.Fatalf("bad: %#v", prefix)
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue