From 98a2e282be7b1cb6a9c8cd21e61a1a7ed125706e Mon Sep 17 00:00:00 2001 From: Mark Anderson Date: Tue, 5 Apr 2022 14:10:06 -0700 Subject: [PATCH] Fixup acl.EnterpriseMeta Signed-off-by: Mark Anderson --- agent/acl_test.go | 6 +- agent/agent.go | 20 +-- agent/agent_endpoint.go | 12 +- agent/agent_endpoint_oss.go | 4 +- agent/agent_endpoint_test.go | 2 +- agent/agent_oss.go | 7 +- agent/cache-types/connect_ca_leaf.go | 3 +- agent/cache-types/service_checks.go | 8 +- agent/check.go | 3 +- agent/checks/alias.go | 5 +- agent/checks/alias_test.go | 3 +- agent/config/config_oss.go | 7 +- agent/config_endpoint.go | 5 +- agent/config_endpoint_test.go | 3 +- agent/configentry/config_entry.go | 5 +- agent/connect/authz.go | 5 +- agent/connect/uri_agent.go | 4 +- agent/connect/uri_agent_oss.go | 6 +- agent/connect/uri_service.go | 8 +- agent/connect/uri_service_oss.go | 6 +- agent/connect_auth.go | 2 +- agent/consul/acl.go | 18 +-- agent/consul/acl_authmethod.go | 8 +- agent/consul/acl_endpoint.go | 6 +- agent/consul/acl_endpoint_oss.go | 10 +- agent/consul/acl_endpoint_test.go | 11 +- agent/consul/acl_oss.go | 4 +- agent/consul/acl_test.go | 3 +- agent/consul/authmethod/authmethods.go | 6 +- agent/consul/authmethod/kubeauth/k8s_oss.go | 7 +- agent/consul/authmethod/ssoauth/sso_oss.go | 4 +- agent/consul/authmethod/testauth/testing.go | 5 +- .../consul/authmethod/testauth/testing_oss.go | 6 +- agent/consul/auto_config_backend.go | 3 +- agent/consul/auto_config_endpoint.go | 6 +- agent/consul/catalog_endpoint_test.go | 5 +- agent/consul/client.go | 7 +- agent/consul/config_endpoint_test.go | 3 +- agent/consul/config_oss.go | 7 +- agent/consul/connect_ca_endpoint_test.go | 3 +- agent/consul/coordinate_endpoint_test.go | 5 +- agent/consul/discovery_chain_endpoint_test.go | 3 +- agent/consul/discoverychain/compile_oss.go | 7 +- agent/consul/enterprise_server_oss.go | 5 +- .../consul/federation_state_endpoint_test.go | 5 +- agent/consul/fsm/snapshot_oss_test.go | 3 +- agent/consul/health_endpoint_test.go | 3 +- agent/consul/helper_test.go | 10 +- agent/consul/intention_endpoint.go | 18 +-- agent/consul/intention_endpoint_test.go | 3 +- agent/consul/internal_endpoint.go | 2 +- agent/consul/internal_endpoint_test.go | 3 +- agent/consul/kvs_endpoint_test.go | 3 +- agent/consul/leader.go | 12 +- agent/consul/leader_connect_ca.go | 2 +- .../operator_autopilot_endpoint_test.go | 3 +- agent/consul/operator_raft_endpoint_test.go | 3 +- agent/consul/prepared_query_endpoint_test.go | 5 +- agent/consul/rpc_test.go | 4 +- agent/consul/serf_filter.go | 6 +- agent/consul/server.go | 6 +- agent/consul/server_oss.go | 7 +- agent/consul/server_overview.go | 6 +- agent/consul/session_endpoint_test.go | 3 +- agent/consul/session_ttl.go | 5 +- agent/consul/snapshot_endpoint_test.go | 3 +- agent/consul/state/acl.go | 95 ++++++------ agent/consul/state/acl_oss.go | 37 ++--- agent/consul/state/acl_oss_test.go | 7 +- agent/consul/state/acl_schema.go | 5 +- agent/consul/state/catalog.go | 142 +++++++++--------- agent/consul/state/catalog_events.go | 8 +- agent/consul/state/catalog_oss.go | 41 ++--- agent/consul/state/catalog_oss_test.go | 15 +- agent/consul/state/catalog_schema.go | 5 +- agent/consul/state/config_entry.go | 51 ++++--- agent/consul/state/config_entry_intention.go | 9 +- .../state/config_entry_intention_oss.go | 3 +- agent/consul/state/config_entry_oss.go | 11 +- agent/consul/state/config_entry_oss_test.go | 3 +- agent/consul/state/coordinate.go | 7 +- agent/consul/state/coordinate_oss.go | 5 +- agent/consul/state/coordinate_oss_test.go | 9 +- agent/consul/state/delay_oss.go | 7 +- agent/consul/state/graveyard.go | 6 +- agent/consul/state/graveyard_oss.go | 3 +- agent/consul/state/indexer.go | 3 +- agent/consul/state/intention.go | 6 +- agent/consul/state/intention_oss.go | 4 +- agent/consul/state/kvs.go | 25 +-- agent/consul/state/kvs_oss.go | 9 +- agent/consul/state/kvs_oss_test.go | 9 +- agent/consul/state/operations_oss.go | 4 +- agent/consul/state/query.go | 13 +- agent/consul/state/query_oss.go | 6 +- agent/consul/state/schema_oss.go | 4 +- agent/consul/state/session.go | 9 +- agent/consul/state/session_oss.go | 9 +- agent/consul/state/state_store.go | 3 +- agent/consul/state/state_store_test.go | 3 +- agent/consul/subscribe_backend.go | 2 +- agent/consul/txn_endpoint_test.go | 3 +- .../usagemetrics/usagemetrics_oss_test.go | 5 +- agent/delegate_mock_test.go | 6 +- agent/discovery_chain_endpoint.go | 3 +- agent/dns.go | 7 +- agent/dns_oss.go | 6 +- .../private/services/subscribe/subscribe.go | 6 +- .../services/subscribe/subscribe_test.go | 10 +- .../services/connectca/mock_ACLResolver.go | 9 +- .../grpc/public/services/connectca/server.go | 2 +- .../dataplane/get_supported_features.go | 5 +- .../dataplane/get_supported_features_test.go | 9 +- .../services/dataplane/mock_ACLResolver.go | 9 +- .../grpc/public/services/dataplane/server.go | 8 +- agent/grpc/public/testutils/acl.go | 3 +- agent/http_oss.go | 7 +- agent/intentions_endpoint.go | 23 +-- agent/intentions_endpoint_test.go | 3 +- agent/local/state.go | 24 +-- agent/local/state_test.go | 6 +- agent/operator_endpoint.go | 3 +- agent/proxycfg/manager_test.go | 5 +- agent/proxycfg/naming.go | 9 +- agent/proxycfg/naming_oss.go | 5 +- agent/proxycfg/snapshot.go | 4 +- agent/proxycfg/state_test.go | 7 +- agent/proxycfg/testing_ingress_gateway.go | 7 +- agent/proxycfg/upstreams.go | 7 +- agent/structs/acl_cache_test.go | 3 +- agent/structs/check_definition.go | 3 +- agent/structs/config_entry.go | 3 +- agent/structs/config_entry_test.go | 3 +- agent/structs/discovery_chain.go | 3 +- agent/structs/structs.go | 9 +- agent/submatview/store_integration_test.go | 2 +- agent/txn_endpoint.go | 7 +- agent/ui_endpoint.go | 6 +- agent/xds/endpoints.go | 3 +- agent/xds/listeners.go | 3 +- agent/xds/server_oss.go | 3 +- .../bindingrule/delete/bindingrule_delete.go | 3 +- .../bindingrule/update/bindingrule_update.go | 3 +- command/acl/policy/create/policy_create.go | 3 +- command/acl/policy/delete/policy_delete.go | 3 +- command/acl/policy/read/policy_read.go | 3 +- command/acl/policy/update/policy_update.go | 3 +- command/acl/role/create/role_create.go | 3 +- command/acl/role/delete/role_delete.go | 3 +- command/acl/role/read/role_read.go | 3 +- command/acl/role/update/role_update.go | 3 +- command/acl/rules/translate.go | 3 +- command/acl/token/clone/token_clone.go | 3 +- command/acl/token/create/token_create.go | 3 +- command/acl/token/delete/token_delete.go | 3 +- command/acl/token/formatter.go | 3 +- command/acl/token/read/token_read.go | 3 +- command/acl/token/update/token_update.go | 3 +- command/keyring/keyring.go | 4 +- command/logout/logout_test.go | 7 +- command/members/members.go | 4 +- proto/pbcommon/common_oss.go | 10 +- proto/pbconnect/connect.go | 7 +- proto/pbservice/convert_oss.go | 8 +- proto/pbservice/convert_oss_test.go | 4 +- 165 files changed, 717 insertions(+), 586 deletions(-) diff --git a/agent/acl_test.go b/agent/acl_test.go index 539cf5c074..995a3b6e6e 100644 --- a/agent/acl_test.go +++ b/agent/acl_test.go @@ -92,7 +92,7 @@ func (a *TestACLAgent) ResolveToken(secretID string) (acl.Authorizer, error) { return authz, err } -func (a *TestACLAgent) ResolveTokenAndDefaultMeta(secretID string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) { +func (a *TestACLAgent) ResolveTokenAndDefaultMeta(secretID string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) { authz, err := a.ResolveToken(secretID) if err != nil { return consul.ACLResolveResult{}, err @@ -133,10 +133,10 @@ func (a *TestACLAgent) LANMembers(f consul.LANMemberFilter) ([]serf.Member, erro func (a *TestACLAgent) AgentLocalMember() serf.Member { return serf.Member{} } -func (a *TestACLAgent) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (n int, err error) { +func (a *TestACLAgent) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (n int, err error) { return 0, fmt.Errorf("Unimplemented") } -func (a *TestACLAgent) RemoveFailedNode(node string, prune bool, entMeta *structs.EnterpriseMeta) error { +func (a *TestACLAgent) RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error { return fmt.Errorf("Unimplemented") } func (a *TestACLAgent) RPC(method string, args interface{}, reply interface{}) error { diff --git a/agent/agent.go b/agent/agent.go index 91d42cb738..c08316fd8e 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -164,16 +164,16 @@ type delegate interface { // JoinLAN is used to have Consul join the inner-DC pool The target address // should be another node inside the DC listening on the Serf LAN address - JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (n int, err error) + JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (n int, err error) // RemoveFailedNode is used to remove a failed node from the cluster. - RemoveFailedNode(node string, prune bool, entMeta *structs.EnterpriseMeta) error + RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error // ResolveTokenAndDefaultMeta returns an acl.Authorizer which authorizes // actions based on the permissions granted to the token. // If either entMeta or authzContext are non-nil they will be populated with the // default partition and namespace from the token. - ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) + ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) RPC(method string, args interface{}, reply interface{}) error SnapshotRPC(args *structs.SnapshotRequest, in io.Reader, out io.Writer, replyFn structs.SnapshotReplyFn) error @@ -1536,7 +1536,7 @@ func (a *Agent) ShutdownCh() <-chan struct{} { } // JoinLAN is used to have the agent join a LAN cluster -func (a *Agent) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (n int, err error) { +func (a *Agent) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (n int, err error) { a.logger.Info("(LAN) joining", "lan_addresses", addrs) n, err = a.delegate.JoinLAN(addrs, entMeta) if err == nil { @@ -1603,7 +1603,7 @@ func (a *Agent) RefreshPrimaryGatewayFallbackAddresses(addrs []string) error { } // ForceLeave is used to remove a failed node from the cluster -func (a *Agent) ForceLeave(node string, prune bool, entMeta *structs.EnterpriseMeta) error { +func (a *Agent) ForceLeave(node string, prune bool, entMeta *acl.EnterpriseMeta) error { a.logger.Info("Force leaving node", "node", node) err := a.delegate.RemoveFailedNode(node, prune, entMeta) @@ -1617,7 +1617,7 @@ func (a *Agent) ForceLeave(node string, prune bool, entMeta *structs.EnterpriseM } // ForceLeaveWAN is used to remove a failed node from the WAN cluster -func (a *Agent) ForceLeaveWAN(node string, prune bool, entMeta *structs.EnterpriseMeta) error { +func (a *Agent) ForceLeaveWAN(node string, prune bool, entMeta *acl.EnterpriseMeta) error { a.logger.Info("(WAN) Force leaving node", "node", node) srv, ok := a.delegate.(*consul.Server) @@ -1923,7 +1923,7 @@ func (a *Agent) purgeCheck(checkID structs.CheckID) error { type persistedServiceConfig struct { ServiceID string Defaults *structs.ServiceConfigResponse - structs.EnterpriseMeta + acl.EnterpriseMeta } func (a *Agent) makeServiceConfigFilePath(serviceID structs.ServiceID) string { @@ -2017,7 +2017,7 @@ func (a *Agent) readPersistedServiceConfigs() (map[structs.ServiceID]*structs.Se } } - if !structs.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.PartitionOrDefault()) { + if !acl.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.PartitionOrDefault()) { a.logger.Info("Purging service config file in wrong partition", "file", file, "partition", p.PartitionOrDefault(), @@ -3390,7 +3390,7 @@ func (a *Agent) loadServices(conf *config.RuntimeConfig, snap map[structs.CheckI } } - if !structs.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.Service.PartitionOrDefault()) { + if !acl.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.Service.PartitionOrDefault()) { a.logger.Info("Purging service file in wrong partition", "file", file, "partition", p.Service.EnterpriseMeta.PartitionOrDefault(), @@ -3546,7 +3546,7 @@ func (a *Agent) loadChecks(conf *config.RuntimeConfig, snap map[structs.CheckID] } } - if !structs.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.Check.PartitionOrDefault()) { + if !acl.EqualPartitions(a.AgentEnterpriseMeta().PartitionOrDefault(), p.Check.PartitionOrDefault()) { a.logger.Info("Purging check file in wrong partition", "file", file, "partition", p.Check.PartitionOrDefault(), diff --git a/agent/agent_endpoint.go b/agent/agent_endpoint.go index 67158f87a6..d9a516f966 100644 --- a/agent/agent_endpoint.go +++ b/agent/agent_endpoint.go @@ -308,7 +308,7 @@ func (s *HTTPHandlers) AgentServices(resp http.ResponseWriter, req *http.Request var token string s.parseToken(req, &token) - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -397,7 +397,7 @@ func (s *HTTPHandlers) AgentService(resp http.ResponseWriter, req *http.Request) var token string s.parseToken(req, &token) - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -471,7 +471,7 @@ func (s *HTTPHandlers) AgentChecks(resp http.ResponseWriter, req *http.Request) var token string s.parseToken(req, &token) - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -576,7 +576,7 @@ func (s *HTTPHandlers) AgentMembers(resp http.ResponseWriter, req *http.Request) // Older 'consul members' calls will default to adding segment=_all // so we only choose to use that request argument in the case where // the partition is also the default and ignore it the rest of the time. - if structs.IsDefaultPartition(filter.Partition) { + if acl.IsDefaultPartition(filter.Partition) { filter.AllSegments = true } } else { @@ -984,7 +984,7 @@ func (s *HTTPHandlers) AgentHealthServiceByID(resp http.ResponseWriter, req *htt return nil, &BadRequestError{Reason: "Missing serviceID"} } - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -1046,7 +1046,7 @@ func (s *HTTPHandlers) AgentHealthServiceByName(resp http.ResponseWriter, req *h return nil, &BadRequestError{Reason: "Missing service Name"} } - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } diff --git a/agent/agent_endpoint_oss.go b/agent/agent_endpoint_oss.go index 2c6585a4b4..b775b5e79f 100644 --- a/agent/agent_endpoint_oss.go +++ b/agent/agent_endpoint_oss.go @@ -6,9 +6,9 @@ package agent import ( "net/http" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) -func (s *HTTPHandlers) validateRequestPartition(_ http.ResponseWriter, _ *structs.EnterpriseMeta) bool { +func (s *HTTPHandlers) validateRequestPartition(_ http.ResponseWriter, _ *acl.EnterpriseMeta) bool { return true } diff --git a/agent/agent_endpoint_test.go b/agent/agent_endpoint_test.go index 70840f9502..1032434970 100644 --- a/agent/agent_endpoint_test.go +++ b/agent/agent_endpoint_test.go @@ -1640,7 +1640,7 @@ type fakeResolveTokenDelegate struct { authorizer acl.Authorizer } -func (f fakeResolveTokenDelegate) ResolveTokenAndDefaultMeta(_ string, _ *structs.EnterpriseMeta, _ *acl.AuthorizerContext) (consul.ACLResolveResult, error) { +func (f fakeResolveTokenDelegate) ResolveTokenAndDefaultMeta(_ string, _ *acl.EnterpriseMeta, _ *acl.AuthorizerContext) (consul.ACLResolveResult, error) { return consul.ACLResolveResult{Authorizer: f.authorizer}, nil } diff --git a/agent/agent_oss.go b/agent/agent_oss.go index b9b1f91dc0..43de920a51 100644 --- a/agent/agent_oss.go +++ b/agent/agent_oss.go @@ -6,6 +6,7 @@ package agent import ( "context" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/config" "github.com/hashicorp/consul/agent/consul" "github.com/hashicorp/consul/agent/structs" @@ -16,10 +17,10 @@ import ( type enterpriseAgent struct{} // fillAgentServiceEnterpriseMeta is a noop stub for the func defined agent_ent.go -func fillAgentServiceEnterpriseMeta(_ *api.AgentService, _ *structs.EnterpriseMeta) {} +func fillAgentServiceEnterpriseMeta(_ *api.AgentService, _ *acl.EnterpriseMeta) {} // fillHealthCheckEnterpriseMeta is a noop stub for the func defined agent_ent.go -func fillHealthCheckEnterpriseMeta(_ *api.HealthCheck, _ *structs.EnterpriseMeta) {} +func fillHealthCheckEnterpriseMeta(_ *api.HealthCheck, _ *acl.EnterpriseMeta) {} // initEnterprise is a noop stub for the func defined agent_ent.go func (a *Agent) initEnterprise(consulCfg *consul.Config) error { @@ -52,7 +53,7 @@ func (a *Agent) enterpriseStats() map[string]map[string]string { return nil } -func (a *Agent) AgentEnterpriseMeta() *structs.EnterpriseMeta { +func (a *Agent) AgentEnterpriseMeta() *acl.EnterpriseMeta { return structs.NodeEnterpriseMetaInDefaultPartition() } diff --git a/agent/cache-types/connect_ca_leaf.go b/agent/cache-types/connect_ca_leaf.go index 1950ef756b..3b382573a5 100644 --- a/agent/cache-types/connect_ca_leaf.go +++ b/agent/cache-types/connect_ca_leaf.go @@ -11,6 +11,7 @@ import ( "github.com/mitchellh/hashstructure" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/agent/cache" @@ -672,7 +673,7 @@ type ConnectCALeafRequest struct { MaxQueryTime time.Duration MustRevalidate bool - structs.EnterpriseMeta + acl.EnterpriseMeta } func (r *ConnectCALeafRequest) Key() string { diff --git a/agent/cache-types/service_checks.go b/agent/cache-types/service_checks.go index 9c0b7f2532..a42cb3a8ef 100644 --- a/agent/cache-types/service_checks.go +++ b/agent/cache-types/service_checks.go @@ -5,11 +5,13 @@ import ( "strconv" "time" + "github.com/hashicorp/go-memdb" + "github.com/mitchellh/hashstructure" + + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/local" "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/go-memdb" - "github.com/mitchellh/hashstructure" ) // Recommended name for registration. @@ -103,7 +105,7 @@ type ServiceHTTPChecksRequest struct { ServiceID string MinQueryIndex uint64 MaxQueryTime time.Duration - structs.EnterpriseMeta + acl.EnterpriseMeta } func (s *ServiceHTTPChecksRequest) CacheInfo() cache.RequestInfo { diff --git a/agent/check.go b/agent/check.go index 8f8bd5d089..da70a80053 100644 --- a/agent/check.go +++ b/agent/check.go @@ -1,6 +1,7 @@ package agent import ( + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/types" ) @@ -23,5 +24,5 @@ type persistedCheckState struct { Output string Status string Expires int64 - structs.EnterpriseMeta + acl.EnterpriseMeta } diff --git a/agent/checks/alias.go b/agent/checks/alias.go index 3cbb8ed827..9553745af1 100644 --- a/agent/checks/alias.go +++ b/agent/checks/alias.go @@ -6,6 +6,7 @@ import ( "sync" "time" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" ) @@ -35,7 +36,7 @@ type CheckAlias struct { stopLock sync.Mutex stopWg sync.WaitGroup - structs.EnterpriseMeta + acl.EnterpriseMeta } // AliasNotifier is a CheckNotifier specifically for the Alias check. @@ -46,7 +47,7 @@ type AliasNotifier interface { AddAliasCheck(structs.CheckID, structs.ServiceID, chan<- struct{}) error RemoveAliasCheck(structs.CheckID, structs.ServiceID) - Checks(*structs.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck + Checks(*acl.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck } // Start is used to start the check, runs until Stop() func (c *CheckAlias) Start() { diff --git a/agent/checks/alias_test.go b/agent/checks/alias_test.go index 941ffbc7c5..673e833044 100644 --- a/agent/checks/alias_test.go +++ b/agent/checks/alias_test.go @@ -7,6 +7,7 @@ import ( "testing" "time" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/mock" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" @@ -523,7 +524,7 @@ func (m *mockAliasNotify) AddAliasCheck(chkID structs.CheckID, serviceID structs func (m *mockAliasNotify) RemoveAliasCheck(chkID structs.CheckID, serviceID structs.ServiceID) { } -func (m *mockAliasNotify) Checks(*structs.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck { +func (m *mockAliasNotify) Checks(*acl.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck { return nil } diff --git a/agent/config/config_oss.go b/agent/config/config_oss.go index 7e061b8e56..5a297caccc 100644 --- a/agent/config/config_oss.go +++ b/agent/config/config_oss.go @@ -3,11 +3,14 @@ package config -import "github.com/hashicorp/consul/agent/structs" +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" +) // EnterpriseMeta stub type EnterpriseMeta struct{} -func (_ *EnterpriseMeta) ToStructs() structs.EnterpriseMeta { +func (_ *EnterpriseMeta) ToStructs() acl.EnterpriseMeta { return *structs.DefaultEnterpriseMetaInDefaultPartition() } diff --git a/agent/config_endpoint.go b/agent/config_endpoint.go index 4bd96d4363..637b8ab919 100644 --- a/agent/config_endpoint.go +++ b/agent/config_endpoint.go @@ -6,6 +6,7 @@ import ( "strconv" "strings" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -148,7 +149,7 @@ func (s *HTTPHandlers) ConfigApply(resp http.ResponseWriter, req *http.Request) } // Parse enterprise meta. - var meta structs.EnterpriseMeta + var meta acl.EnterpriseMeta if err := s.parseEntMetaForConfigEntryKind(args.Entry.GetKind(), req, &meta); err != nil { return nil, err } @@ -172,7 +173,7 @@ func (s *HTTPHandlers) ConfigApply(resp http.ResponseWriter, req *http.Request) return reply, nil } -func (s *HTTPHandlers) parseEntMetaForConfigEntryKind(kind string, req *http.Request, entMeta *structs.EnterpriseMeta) error { +func (s *HTTPHandlers) parseEntMetaForConfigEntryKind(kind string, req *http.Request, entMeta *acl.EnterpriseMeta) error { if kind == structs.ServiceIntentions { return s.parseEntMeta(req, entMeta) } diff --git a/agent/config_endpoint_test.go b/agent/config_endpoint_test.go index 3518d045e8..949b6be118 100644 --- a/agent/config_endpoint_test.go +++ b/agent/config_endpoint_test.go @@ -10,6 +10,7 @@ import ( "github.com/pkg/errors" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/testrpc" ) @@ -119,7 +120,7 @@ func TestConfig_Get(t *testing.T) { // Set indexes and EnterpriseMeta to expected values for assertions ce.CreateIndex = 12 ce.ModifyIndex = 13 - ce.EnterpriseMeta = structs.EnterpriseMeta{} + ce.EnterpriseMeta = acl.EnterpriseMeta{} out, err := a.srv.marshalJSON(req, obj) require.NoError(t, err) diff --git a/agent/configentry/config_entry.go b/agent/configentry/config_entry.go index 7ede093585..a34a197c48 100644 --- a/agent/configentry/config_entry.go +++ b/agent/configentry/config_entry.go @@ -1,6 +1,7 @@ package configentry import ( + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -11,7 +12,7 @@ import ( type KindName struct { Kind string Name string - structs.EnterpriseMeta + acl.EnterpriseMeta } // NewKindName returns a new KindName. The EnterpriseMeta values will be @@ -19,7 +20,7 @@ type KindName struct { // // Any caller which modifies the EnterpriseMeta field must call Normalize // before persisting or using the value as a map key. -func NewKindName(kind, name string, entMeta *structs.EnterpriseMeta) KindName { +func NewKindName(kind, name string, entMeta *acl.EnterpriseMeta) KindName { ret := KindName{ Kind: kind, Name: name, diff --git a/agent/connect/authz.go b/agent/connect/authz.go index ead8041747..f3beb1be60 100644 --- a/agent/connect/authz.go +++ b/agent/connect/authz.go @@ -1,6 +1,7 @@ package connect import ( + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -18,7 +19,7 @@ func AuthorizeIntentionTarget( switch matchType { case structs.IntentionMatchDestination: - if structs.PartitionOrDefault(ixn.DestinationPartition) != structs.PartitionOrDefault(targetAP) { + if acl.PartitionOrDefault(ixn.DestinationPartition) != acl.PartitionOrDefault(targetAP) { return false, false } @@ -33,7 +34,7 @@ func AuthorizeIntentionTarget( } case structs.IntentionMatchSource: - if structs.PartitionOrDefault(ixn.SourcePartition) != structs.PartitionOrDefault(targetAP) { + if acl.PartitionOrDefault(ixn.SourcePartition) != acl.PartitionOrDefault(targetAP) { return false, false } diff --git a/agent/connect/uri_agent.go b/agent/connect/uri_agent.go index 3d144b016a..fb86614cd8 100644 --- a/agent/connect/uri_agent.go +++ b/agent/connect/uri_agent.go @@ -3,7 +3,7 @@ package connect import ( "net/url" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) // SpiffeIDService is the structure to represent the SPIFFE ID for an agent. @@ -15,7 +15,7 @@ type SpiffeIDAgent struct { } func (id SpiffeIDAgent) PartitionOrDefault() string { - return structs.PartitionOrDefault(id.Partition) + return acl.PartitionOrDefault(id.Partition) } // URI returns the *url.URL for this SPIFFE ID. diff --git a/agent/connect/uri_agent_oss.go b/agent/connect/uri_agent_oss.go index 1ae6f18c3a..e24f9b5609 100644 --- a/agent/connect/uri_agent_oss.go +++ b/agent/connect/uri_agent_oss.go @@ -6,13 +6,13 @@ package connect import ( "fmt" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) // GetEnterpriseMeta will synthesize an EnterpriseMeta struct from the SpiffeIDAgent. // in OSS this just returns an empty (but never nil) struct pointer -func (id SpiffeIDAgent) GetEnterpriseMeta() *structs.EnterpriseMeta { - return &structs.EnterpriseMeta{} +func (id SpiffeIDAgent) GetEnterpriseMeta() *acl.EnterpriseMeta { + return &acl.EnterpriseMeta{} } func (id SpiffeIDAgent) uriPath() string { diff --git a/agent/connect/uri_service.go b/agent/connect/uri_service.go index 82ce662f66..34c55a92ce 100644 --- a/agent/connect/uri_service.go +++ b/agent/connect/uri_service.go @@ -3,7 +3,7 @@ package connect import ( "net/url" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) // SpiffeIDService is the structure to represent the SPIFFE ID for a service. @@ -16,15 +16,15 @@ type SpiffeIDService struct { } func (id SpiffeIDService) NamespaceOrDefault() string { - return structs.NamespaceOrDefault(id.Namespace) + return acl.NamespaceOrDefault(id.Namespace) } func (id SpiffeIDService) MatchesPartition(partition string) bool { - return id.PartitionOrDefault() == structs.PartitionOrDefault(partition) + return id.PartitionOrDefault() == acl.PartitionOrDefault(partition) } func (id SpiffeIDService) PartitionOrDefault() string { - return structs.PartitionOrDefault(id.Partition) + return acl.PartitionOrDefault(id.Partition) } // URI returns the *url.URL for this SPIFFE ID. diff --git a/agent/connect/uri_service_oss.go b/agent/connect/uri_service_oss.go index 8270f96c26..a20074e847 100644 --- a/agent/connect/uri_service_oss.go +++ b/agent/connect/uri_service_oss.go @@ -6,13 +6,13 @@ package connect import ( "fmt" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) // GetEnterpriseMeta will synthesize an EnterpriseMeta struct from the SpiffeIDService. // in OSS this just returns an empty (but never nil) struct pointer -func (id SpiffeIDService) GetEnterpriseMeta() *structs.EnterpriseMeta { - return &structs.EnterpriseMeta{} +func (id SpiffeIDService) GetEnterpriseMeta() *acl.EnterpriseMeta { + return &acl.EnterpriseMeta{} } func (id SpiffeIDService) uriPath() string { diff --git a/agent/connect_auth.go b/agent/connect_auth.go index bc89d50afd..9bd8a46ebb 100644 --- a/agent/connect_auth.go +++ b/agent/connect_auth.go @@ -72,7 +72,7 @@ func (a *Agent) ConnectAuthorize(token string, if !uriService.MatchesPartition(req.TargetPartition()) { reason = fmt.Sprintf("Mismatched partitions: %q != %q", uriService.PartitionOrDefault(), - structs.PartitionOrDefault(req.TargetPartition())) + acl.PartitionOrDefault(req.TargetPartition())) return false, reason, nil, nil } diff --git a/agent/consul/acl.go b/agent/consul/acl.go index 8b3d4e55ed..2c42642238 100644 --- a/agent/consul/acl.go +++ b/agent/consul/acl.go @@ -108,7 +108,7 @@ func (id *missingIdentity) IsLocal() bool { return false } -func (id *missingIdentity) EnterpriseMetadata() *structs.EnterpriseMeta { +func (id *missingIdentity) EnterpriseMetadata() *acl.EnterpriseMeta { return structs.DefaultEnterpriseMetaInDefaultPartition() } @@ -182,7 +182,7 @@ type ACLResolverSettings struct { ACLsEnabled bool Datacenter string NodeName string - EnterpriseMeta structs.EnterpriseMeta + EnterpriseMeta acl.EnterpriseMeta // ACLPolicyTTL is used to control the time-to-live of cached ACL policies. This has // a major impact on performance. By default, it is set to 30 seconds. @@ -264,7 +264,7 @@ type ACLResolver struct { agentRecoveryAuthz acl.Authorizer } -func agentRecoveryAuthorizer(nodeName string, entMeta *structs.EnterpriseMeta, aclConf *acl.Config) (acl.Authorizer, error) { +func agentRecoveryAuthorizer(nodeName string, entMeta *acl.EnterpriseMeta, aclConf *acl.Config) (acl.Authorizer, error) { var conf acl.Config if aclConf != nil { conf = *aclConf @@ -638,7 +638,7 @@ func (r *ACLResolver) resolvePoliciesForIdentity(identity structs.ACLIdentity) ( return filtered, nil } -func (r *ACLResolver) synthesizePoliciesForServiceIdentities(serviceIdentities []*structs.ACLServiceIdentity, entMeta *structs.EnterpriseMeta) []*structs.ACLPolicy { +func (r *ACLResolver) synthesizePoliciesForServiceIdentities(serviceIdentities []*structs.ACLServiceIdentity, entMeta *acl.EnterpriseMeta) []*structs.ACLPolicy { if len(serviceIdentities) == 0 { return nil } @@ -651,7 +651,7 @@ func (r *ACLResolver) synthesizePoliciesForServiceIdentities(serviceIdentities [ return syntheticPolicies } -func (r *ACLResolver) synthesizePoliciesForNodeIdentities(nodeIdentities []*structs.ACLNodeIdentity, entMeta *structs.EnterpriseMeta) []*structs.ACLPolicy { +func (r *ACLResolver) synthesizePoliciesForNodeIdentities(nodeIdentities []*structs.ACLNodeIdentity, entMeta *acl.EnterpriseMeta) []*structs.ACLPolicy { if len(nodeIdentities) == 0 { return nil } @@ -676,7 +676,7 @@ type plainACLResolver struct { func (r plainACLResolver) ResolveTokenAndDefaultMeta( token string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext, ) (acl.Authorizer, error) { // ACLResolver.ResolveTokenAndDefaultMeta returns a ACLResolveResult which @@ -1174,14 +1174,14 @@ func (r *ACLResolver) ACLsEnabled() bool { return true } -func (r *ACLResolver) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (ACLResolveResult, error) { +func (r *ACLResolver) ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (ACLResolveResult, error) { result, err := r.ResolveToken(token) if err != nil { return ACLResolveResult{}, err } if entMeta == nil { - entMeta = &structs.EnterpriseMeta{} + entMeta = &acl.EnterpriseMeta{} } // Default the EnterpriseMeta based on the Tokens meta or actual defaults @@ -1279,7 +1279,7 @@ func (f *aclFilter) filterHealthChecks(checks *structs.HealthChecks) bool { // filterServices is used to filter a set of services based on ACLs. Returns // true if any elements were removed. -func (f *aclFilter) filterServices(services structs.Services, entMeta *structs.EnterpriseMeta) bool { +func (f *aclFilter) filterServices(services structs.Services, entMeta *acl.EnterpriseMeta) bool { var authzContext acl.AuthorizerContext entMeta.FillAuthzContext(&authzContext) diff --git a/agent/consul/acl_authmethod.go b/agent/consul/acl_authmethod.go index b901ce131d..34035e159d 100644 --- a/agent/consul/acl_authmethod.go +++ b/agent/consul/acl_authmethod.go @@ -3,9 +3,11 @@ package consul import ( "fmt" + "github.com/hashicorp/go-bexpr" + + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/authmethod" "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/go-bexpr" // register these as a builtin auth method _ "github.com/hashicorp/consul/agent/consul/authmethod/awsauth" @@ -51,8 +53,8 @@ type aclBindings struct { func (s *Server) evaluateRoleBindings( validator authmethod.Validator, verifiedIdentity *authmethod.Identity, - methodMeta *structs.EnterpriseMeta, - targetMeta *structs.EnterpriseMeta, + methodMeta *acl.EnterpriseMeta, + targetMeta *acl.EnterpriseMeta, ) (*aclBindings, error) { // Only fetch rules that are relevant for this method. _, rules, err := s.fsm.State().ACLBindingRuleList(nil, validator.Name(), methodMeta) diff --git a/agent/consul/acl_endpoint.go b/agent/consul/acl_endpoint.go index bac938dfa8..77ca6edf3c 100644 --- a/agent/consul/acl_endpoint.go +++ b/agent/consul/acl_endpoint.go @@ -1000,7 +1000,7 @@ func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTok } var authzContext acl.AuthorizerContext - var requestMeta structs.EnterpriseMeta + var requestMeta acl.EnterpriseMeta authz, err := a.srv.ResolveTokenAndDefaultMeta(args.Token, &requestMeta, &authzContext) if err != nil { return err @@ -1012,7 +1012,7 @@ func (a *ACL) TokenList(args *structs.ACLTokenListRequest, reply *structs.ACLTok return err } - var methodMeta *structs.EnterpriseMeta + var methodMeta *acl.EnterpriseMeta if args.AuthMethod != "" { methodMeta = args.ACLAuthMethodEnterpriseMeta.ToEnterpriseMeta() // attempt to merge in the overall meta, wildcards will not be merged @@ -2449,7 +2449,7 @@ func (a *ACL) Login(args *structs.ACLLoginRequest, reply *structs.ACLToken) erro func (a *ACL) tokenSetFromAuthMethod( method *structs.ACLAuthMethod, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, tokenDescriptionPrefix string, tokenMetadata map[string]string, validator authmethod.Validator, diff --git a/agent/consul/acl_endpoint_oss.go b/agent/consul/acl_endpoint_oss.go index 3cc9e35d4f..e218826a6d 100644 --- a/agent/consul/acl_endpoint_oss.go +++ b/agent/consul/acl_endpoint_oss.go @@ -4,10 +4,12 @@ package consul import ( + memdb "github.com/hashicorp/go-memdb" + + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/authmethod" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/structs" - memdb "github.com/hashicorp/go-memdb" ) func (a *ACL) tokenUpsertValidateEnterprise(token *structs.ACLToken, existing *structs.ACLToken) error { @@ -36,10 +38,10 @@ func enterpriseAuthMethodValidation(method *structs.ACLAuthMethod, validator aut func computeTargetEnterpriseMeta( method *structs.ACLAuthMethod, verifiedIdentity *authmethod.Identity, -) (*structs.EnterpriseMeta, error) { - return &structs.EnterpriseMeta{}, nil +) (*acl.EnterpriseMeta, error) { + return &acl.EnterpriseMeta{}, nil } -func getTokenNamespaceDefaults(ws memdb.WatchSet, state *state.Store, entMeta *structs.EnterpriseMeta) ([]string, []string, error) { +func getTokenNamespaceDefaults(ws memdb.WatchSet, state *state.Store, entMeta *acl.EnterpriseMeta) ([]string, []string, error) { return nil, nil, nil } diff --git a/agent/consul/acl_endpoint_test.go b/agent/consul/acl_endpoint_test.go index 6378720702..1ceb3a0a2d 100644 --- a/agent/consul/acl_endpoint_test.go +++ b/agent/consul/acl_endpoint_test.go @@ -9,12 +9,13 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" - "github.com/hashicorp/consul-net-rpc/net/rpc" uuid "github.com/hashicorp/go-uuid" "github.com/stretchr/testify/require" "gopkg.in/square/go-jose.v2/jwt" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul-net-rpc/net/rpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/authmethod/kubeauth" "github.com/hashicorp/consul/agent/consul/authmethod/testauth" @@ -5415,7 +5416,7 @@ func TestValidateBindingRuleBindName(t *testing.T) { // upsertTestToken creates a token for testing purposes func upsertTestTokenInEntMeta(codec rpc.ClientCodec, initialManagementToken string, datacenter string, - tokenModificationFn func(token *structs.ACLToken), entMeta *structs.EnterpriseMeta) (*structs.ACLToken, error) { + tokenModificationFn func(token *structs.ACLToken), entMeta *acl.EnterpriseMeta) (*structs.ACLToken, error) { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() } @@ -5455,7 +5456,7 @@ func upsertTestToken(codec rpc.ClientCodec, initialManagementToken string, datac tokenModificationFn, structs.DefaultEnterpriseMetaInDefaultPartition()) } -func upsertTestTokenWithPolicyRulesInEntMeta(codec rpc.ClientCodec, initialManagementToken string, datacenter string, rules string, entMeta *structs.EnterpriseMeta) (*structs.ACLToken, error) { +func upsertTestTokenWithPolicyRulesInEntMeta(codec rpc.ClientCodec, initialManagementToken string, datacenter string, rules string, entMeta *acl.EnterpriseMeta) (*structs.ACLToken, error) { policy, err := upsertTestPolicyWithRulesInEntMeta(codec, initialManagementToken, datacenter, rules, entMeta) if err != nil { return nil, err @@ -5585,7 +5586,7 @@ func upsertTestPolicyWithRules(codec rpc.ClientCodec, initialManagementToken str return upsertTestPolicyWithRulesInEntMeta(codec, initialManagementToken, datacenter, rules, structs.DefaultEnterpriseMetaInDefaultPartition()) } -func upsertTestPolicyWithRulesInEntMeta(codec rpc.ClientCodec, initialManagementToken string, datacenter string, rules string, entMeta *structs.EnterpriseMeta) (*structs.ACLPolicy, error) { +func upsertTestPolicyWithRulesInEntMeta(codec rpc.ClientCodec, initialManagementToken string, datacenter string, rules string, entMeta *acl.EnterpriseMeta) (*structs.ACLPolicy, error) { return upsertTestCustomizedPolicy(codec, initialManagementToken, datacenter, func(policy *structs.ACLPolicy) { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() diff --git a/agent/consul/acl_oss.go b/agent/consul/acl_oss.go index 33b11a4160..1fe4fbbf81 100644 --- a/agent/consul/acl_oss.go +++ b/agent/consul/acl_oss.go @@ -13,7 +13,7 @@ import ( // EnterpriseACLResolverDelegate stub type EnterpriseACLResolverDelegate interface{} -func (s *Server) replicationEnterpriseMeta() *structs.EnterpriseMeta { +func (s *Server) replicationEnterpriseMeta() *acl.EnterpriseMeta { return structs.ReplicationEnterpriseMeta() } @@ -48,4 +48,4 @@ func (_ *ACLResolver) resolveLocallyManagedEnterpriseToken(_ string) (structs.AC return nil, nil, false } -func setEnterpriseConf(entMeta *structs.EnterpriseMeta, conf *acl.Config) {} +func setEnterpriseConf(entMeta *acl.EnterpriseMeta, conf *acl.Config) {} diff --git a/agent/consul/acl_test.go b/agent/consul/acl_test.go index 54dc3a6b56..49036ae4fc 100644 --- a/agent/consul/acl_test.go +++ b/agent/consul/acl_test.go @@ -9,12 +9,13 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/hashicorp/go-hclog" "github.com/hashicorp/go-uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/agent/token" diff --git a/agent/consul/authmethod/authmethods.go b/agent/consul/authmethod/authmethods.go index 3f701aa8b5..fbcd27e015 100644 --- a/agent/consul/authmethod/authmethods.go +++ b/agent/consul/authmethod/authmethods.go @@ -6,9 +6,11 @@ import ( "sort" "sync" - "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/go-hclog" "github.com/mitchellh/mapstructure" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" ) type Cache interface { @@ -62,7 +64,7 @@ type Identity struct { // in a bind name within a binding rule. ProjectedVars map[string]string - *structs.EnterpriseMeta + *acl.EnterpriseMeta } // ProjectedVarNames returns just the keyspace of the ProjectedVars map. diff --git a/agent/consul/authmethod/kubeauth/k8s_oss.go b/agent/consul/authmethod/kubeauth/k8s_oss.go index b3d74361e4..a023c24e7c 100644 --- a/agent/consul/authmethod/kubeauth/k8s_oss.go +++ b/agent/consul/authmethod/kubeauth/k8s_oss.go @@ -3,7 +3,10 @@ package kubeauth -import "github.com/hashicorp/consul/agent/structs" +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" +) type enterpriseConfig struct{} @@ -11,6 +14,6 @@ func enterpriseValidation(method *structs.ACLAuthMethod, config *Config) error { return nil } -func (v *Validator) k8sEntMetaFromFields(fields map[string]string) *structs.EnterpriseMeta { +func (v *Validator) k8sEntMetaFromFields(fields map[string]string) *acl.EnterpriseMeta { return nil } diff --git a/agent/consul/authmethod/ssoauth/sso_oss.go b/agent/consul/authmethod/ssoauth/sso_oss.go index 2f6bbe12ac..495ce482b2 100644 --- a/agent/consul/authmethod/ssoauth/sso_oss.go +++ b/agent/consul/authmethod/ssoauth/sso_oss.go @@ -6,7 +6,7 @@ package ssoauth import ( "fmt" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/internal/go-sso/oidcauth" ) @@ -17,7 +17,7 @@ func validateType(typ string) error { return nil } -func (v *Validator) ssoEntMetaFromClaims(_ *oidcauth.Claims) *structs.EnterpriseMeta { +func (v *Validator) ssoEntMetaFromClaims(_ *oidcauth.Claims) *acl.EnterpriseMeta { return nil } diff --git a/agent/consul/authmethod/testauth/testing.go b/agent/consul/authmethod/testauth/testing.go index 11e6fd7fcf..5ad0f1e490 100644 --- a/agent/consul/authmethod/testauth/testing.go +++ b/agent/consul/authmethod/testauth/testing.go @@ -5,11 +5,12 @@ import ( "fmt" "sync" + "github.com/hashicorp/go-hclog" + "github.com/hashicorp/go-uuid" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/authmethod" "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/go-hclog" - "github.com/hashicorp/go-uuid" ) func init() { diff --git a/agent/consul/authmethod/testauth/testing_oss.go b/agent/consul/authmethod/testauth/testing_oss.go index a3c9b4382c..d03a6ad876 100644 --- a/agent/consul/authmethod/testauth/testing_oss.go +++ b/agent/consul/authmethod/testauth/testing_oss.go @@ -3,12 +3,10 @@ package testauth -import ( - "github.com/hashicorp/consul/agent/structs" -) +import "github.com/hashicorp/consul/acl" type enterpriseConfig struct{} -func (v *Validator) testAuthEntMetaFromFields(fields map[string]string) *structs.EnterpriseMeta { +func (v *Validator) testAuthEntMetaFromFields(fields map[string]string) *acl.EnterpriseMeta { return nil } diff --git a/agent/consul/auto_config_backend.go b/agent/consul/auto_config_backend.go index aef6ad7baf..e77093d5ea 100644 --- a/agent/consul/auto_config_backend.go +++ b/agent/consul/auto_config_backend.go @@ -6,6 +6,7 @@ import ( "net" "time" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/metadata" "github.com/hashicorp/consul/agent/structs" @@ -40,7 +41,7 @@ func (b autoConfigBackend) DatacenterJoinAddresses(partition, segment string) ([ if segment != "" { return nil, fmt.Errorf("Failed to retrieve members for segment %s: %w", segment, err) } - return nil, fmt.Errorf("Failed to retrieve members for partition %s: %w", structs.PartitionOrDefault(partition), err) + return nil, fmt.Errorf("Failed to retrieve members for partition %s: %w", acl.PartitionOrDefault(partition), err) } var joinAddrs []string diff --git a/agent/consul/auto_config_endpoint.go b/agent/consul/auto_config_endpoint.go index 5ca15f33b6..088c9a3e0d 100644 --- a/agent/consul/auto_config_endpoint.go +++ b/agent/consul/auto_config_endpoint.go @@ -30,7 +30,7 @@ type AutoConfigOptions struct { } func (opts AutoConfigOptions) PartitionOrDefault() string { - return structs.PartitionOrDefault(opts.Partition) + return acl.PartitionOrDefault(opts.Partition) } type AutoConfigAuthorizer interface { @@ -99,7 +99,7 @@ func (a *jwtAuthorizer) Authorize(req *pbautoconf.AutoConfigRequest) (AutoConfig return AutoConfigOptions{}, err } - if id.Agent != req.Node || !structs.EqualPartitions(id.Partition, req.Partition) { + if id.Agent != req.Node || !acl.EqualPartitions(id.Partition, req.Partition) { return AutoConfigOptions{}, fmt.Errorf("Spiffe ID agent name (%s) of the certificate signing request is not for the correct node (%s)", printNodeName(id.Agent, id.Partition), @@ -392,7 +392,7 @@ func parseAutoConfigCSR(csr string) (*x509.CertificateRequest, *connect.SpiffeID } func printNodeName(nodeName, partition string) string { - if structs.IsDefaultPartition(partition) { + if acl.IsDefaultPartition(partition) { return nodeName } return partition + "/" + nodeName diff --git a/agent/consul/catalog_endpoint_test.go b/agent/consul/catalog_endpoint_test.go index cf4b024f09..d6d303c2bb 100644 --- a/agent/consul/catalog_endpoint_test.go +++ b/agent/consul/catalog_endpoint_test.go @@ -9,11 +9,12 @@ import ( "github.com/hashicorp/go-uuid" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" - "github.com/hashicorp/consul-net-rpc/net/rpc" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul-net-rpc/net/rpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" diff --git a/agent/consul/client.go b/agent/consul/client.go index 4709c31085..6a15acb94e 100644 --- a/agent/consul/client.go +++ b/agent/consul/client.go @@ -14,6 +14,7 @@ import ( "github.com/hashicorp/serf/serf" "golang.org/x/time/rate" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/router" "github.com/hashicorp/consul/agent/structs" @@ -192,7 +193,7 @@ func (c *Client) Leave() error { // JoinLAN is used to have Consul join the inner-DC pool The target address // should be another node inside the DC listening on the Serf LAN address -func (c *Client) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (int, error) { +func (c *Client) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (int, error) { // Partitions definitely have to match. if c.config.AgentEnterpriseMeta().PartitionOrDefault() != entMeta.PartitionOrDefault() { return 0, fmt.Errorf("target partition %q must match client agent partition %q", @@ -240,7 +241,7 @@ func (c *Client) LANMembers(filter LANMemberFilter) ([]serf.Member, error) { } // RemoveFailedNode is used to remove a failed node from the cluster. -func (c *Client) RemoveFailedNode(node string, prune bool, entMeta *structs.EnterpriseMeta) error { +func (c *Client) RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error { // Partitions definitely have to match. if c.config.AgentEnterpriseMeta().PartitionOrDefault() != entMeta.PartitionOrDefault() { return fmt.Errorf("client agent in partition %q cannot remove node in different partition %q", @@ -418,7 +419,7 @@ func (c *Client) ReloadConfig(config ReloadableConfig) error { return nil } -func (c *Client) AgentEnterpriseMeta() *structs.EnterpriseMeta { +func (c *Client) AgentEnterpriseMeta() *acl.EnterpriseMeta { return c.config.AgentEnterpriseMeta() } diff --git a/agent/consul/config_endpoint_test.go b/agent/consul/config_endpoint_test.go index e5c0b7f6df..3c60818e4b 100644 --- a/agent/consul/config_endpoint_test.go +++ b/agent/consul/config_endpoint_test.go @@ -7,10 +7,11 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" hashstructure_v2 "github.com/mitchellh/hashstructure/v2" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/configentry" "github.com/hashicorp/consul/agent/structs" diff --git a/agent/consul/config_oss.go b/agent/consul/config_oss.go index 63d3cb2a3f..bae469eaf8 100644 --- a/agent/consul/config_oss.go +++ b/agent/consul/config_oss.go @@ -3,8 +3,11 @@ package consul -import "github.com/hashicorp/consul/agent/structs" +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" +) -func (c *Config) AgentEnterpriseMeta() *structs.EnterpriseMeta { +func (c *Config) AgentEnterpriseMeta() *acl.EnterpriseMeta { return structs.NodeEnterpriseMetaInDefaultPartition() } diff --git a/agent/consul/connect_ca_endpoint_test.go b/agent/consul/connect_ca_endpoint_test.go index 3947214114..f69960f5f5 100644 --- a/agent/consul/connect_ca_endpoint_test.go +++ b/agent/consul/connect_ca_endpoint_test.go @@ -9,10 +9,11 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" ca "github.com/hashicorp/consul/agent/connect/ca" diff --git a/agent/consul/coordinate_endpoint_test.go b/agent/consul/coordinate_endpoint_test.go index 25cb41a5f7..471a92623c 100644 --- a/agent/consul/coordinate_endpoint_test.go +++ b/agent/consul/coordinate_endpoint_test.go @@ -9,11 +9,12 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" - "github.com/hashicorp/consul-net-rpc/net/rpc" "github.com/hashicorp/serf/coordinate" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul-net-rpc/net/rpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib" diff --git a/agent/consul/discovery_chain_endpoint_test.go b/agent/consul/discovery_chain_endpoint_test.go index e875ec25d4..1f9a82f14b 100644 --- a/agent/consul/discovery_chain_endpoint_test.go +++ b/agent/consul/discovery_chain_endpoint_test.go @@ -6,9 +6,10 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/structs" diff --git a/agent/consul/discoverychain/compile_oss.go b/agent/consul/discoverychain/compile_oss.go index 4aa43eb275..c0aa1118e1 100644 --- a/agent/consul/discoverychain/compile_oss.go +++ b/agent/consul/discoverychain/compile_oss.go @@ -3,8 +3,11 @@ package discoverychain -import "github.com/hashicorp/consul/agent/structs" +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" +) -func (c *compiler) GetEnterpriseMeta() *structs.EnterpriseMeta { +func (c *compiler) GetEnterpriseMeta() *acl.EnterpriseMeta { return structs.DefaultEnterpriseMetaInDefaultPartition() } diff --git a/agent/consul/enterprise_server_oss.go b/agent/consul/enterprise_server_oss.go index cad141c112..187d59e97f 100644 --- a/agent/consul/enterprise_server_oss.go +++ b/agent/consul/enterprise_server_oss.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/go-version" "github.com/hashicorp/serf/serf" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/pool" "github.com/hashicorp/consul/agent/structs" ) @@ -56,7 +57,7 @@ func (s *Server) revokeEnterpriseLeadership() error { return nil } -func (s *Server) validateEnterpriseRequest(entMeta *structs.EnterpriseMeta, write bool) error { +func (s *Server) validateEnterpriseRequest(entMeta *acl.EnterpriseMeta, write bool) error { return nil } @@ -109,6 +110,6 @@ func (s *Server) shutdownSerfLAN() { } } -func addEnterpriseSerfTags(_ map[string]string, _ *structs.EnterpriseMeta) { +func addEnterpriseSerfTags(_ map[string]string, _ *acl.EnterpriseMeta) { // do nothing } diff --git a/agent/consul/federation_state_endpoint_test.go b/agent/consul/federation_state_endpoint_test.go index 8cd8808269..2996224478 100644 --- a/agent/consul/federation_state_endpoint_test.go +++ b/agent/consul/federation_state_endpoint_test.go @@ -5,11 +5,12 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" - "github.com/hashicorp/consul-net-rpc/net/rpc" uuid "github.com/hashicorp/go-uuid" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul-net-rpc/net/rpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" diff --git a/agent/consul/fsm/snapshot_oss_test.go b/agent/consul/fsm/snapshot_oss_test.go index 6d14d6f2db..c75bbc1973 100644 --- a/agent/consul/fsm/snapshot_oss_test.go +++ b/agent/consul/fsm/snapshot_oss_test.go @@ -6,10 +6,11 @@ import ( "testing" "time" - "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" "github.com/hashicorp/go-raftchunking" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/state" diff --git a/agent/consul/health_endpoint_test.go b/agent/consul/health_endpoint_test.go index d84fbb21a4..4193f7fee0 100644 --- a/agent/consul/health_endpoint_test.go +++ b/agent/consul/health_endpoint_test.go @@ -5,10 +5,11 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/lib" diff --git a/agent/consul/helper_test.go b/agent/consul/helper_test.go index f5c37f14d4..807bb8be2b 100644 --- a/agent/consul/helper_test.go +++ b/agent/consul/helper_test.go @@ -6,12 +6,14 @@ import ( "net" "testing" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" - "github.com/hashicorp/consul-net-rpc/net/rpc" "github.com/hashicorp/raft" "github.com/hashicorp/serf/serf" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul-net-rpc/net/rpc" + + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/sdk/testutil/retry" @@ -116,9 +118,9 @@ func joinAddrWAN(s *Server) string { } type clientOrServer interface { - JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (int, error) + JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (int, error) LANMembersInAgentPartition() []serf.Member - AgentEnterpriseMeta() *structs.EnterpriseMeta + AgentEnterpriseMeta() *acl.EnterpriseMeta agentSegmentName() string } diff --git a/agent/consul/intention_endpoint.go b/agent/consul/intention_endpoint.go index 89a5f219a3..fc6db87db9 100644 --- a/agent/consul/intention_endpoint.go +++ b/agent/consul/intention_endpoint.go @@ -101,7 +101,7 @@ func (s *Intention) Apply(args *structs.IntentionRequest, reply *string) error { } // Get the ACL token for the request for the checks below. - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta authz, err := s.srv.ACLResolver.ResolveTokenAndDefaultMeta(args.Token, &entMeta, nil) if err != nil { return err @@ -162,7 +162,7 @@ func (s *Intention) Apply(args *structs.IntentionRequest, reply *string) error { func (s *Intention) computeApplyChangesLegacyCreate( accessorID string, authz acl.Authorizer, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, args *structs.IntentionRequest, ) (*structs.IntentionMutation, error) { // This variant is just for legacy UUID-based intentions. @@ -232,7 +232,7 @@ func (s *Intention) computeApplyChangesLegacyCreate( func (s *Intention) computeApplyChangesLegacyUpdate( accessorID string, authz acl.Authorizer, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, args *structs.IntentionRequest, ) (*structs.IntentionMutation, error) { // This variant is just for legacy UUID-based intentions. @@ -292,7 +292,7 @@ func (s *Intention) computeApplyChangesLegacyUpdate( func (s *Intention) computeApplyChangesUpsert( accessorID string, authz acl.Authorizer, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, args *structs.IntentionRequest, ) (*structs.IntentionMutation, error) { // This variant is just for config-entry based intentions. @@ -355,7 +355,7 @@ func (s *Intention) computeApplyChangesUpsert( func (s *Intention) computeApplyChangesLegacyDelete( accessorID string, authz acl.Authorizer, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, args *structs.IntentionRequest, ) (*structs.IntentionMutation, error) { _, _, ixn, err := s.srv.fsm.State().IntentionGet(nil, args.Intention.ID) @@ -380,7 +380,7 @@ func (s *Intention) computeApplyChangesLegacyDelete( func (s *Intention) computeApplyChangesDelete( accessorID string, authz acl.Authorizer, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, args *structs.IntentionRequest, ) (*structs.IntentionMutation, error) { args.Intention.FillPartitionAndNamespace(entMeta, true) @@ -425,7 +425,7 @@ func (s *Intention) Get(args *structs.IntentionQueryRequest, reply *structs.Inde } // Get the ACL token for the request for the checks below. - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta authz, err := s.srv.ResolveTokenAndDefaultMeta(args.Token, &entMeta, nil) if err != nil { return err @@ -574,7 +574,7 @@ func (s *Intention) Match(args *structs.IntentionQueryRequest, reply *structs.In } // Get the ACL token for the request for the checks below. - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta authz, err := s.srv.ResolveTokenAndDefaultMeta(args.Token, &entMeta, nil) if err != nil { return err @@ -695,7 +695,7 @@ func (s *Intention) Check(args *structs.IntentionQueryRequest, reply *structs.In } // Get the ACL token for the request for the checks below. - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta authz, err := s.srv.ResolveTokenAndDefaultMeta(args.Token, &entMeta, nil) if err != nil { return err diff --git a/agent/consul/intention_endpoint_test.go b/agent/consul/intention_endpoint_test.go index e1a35bf62e..1fc0db35e9 100644 --- a/agent/consul/intention_endpoint_test.go +++ b/agent/consul/intention_endpoint_test.go @@ -6,9 +6,10 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil" diff --git a/agent/consul/internal_endpoint.go b/agent/consul/internal_endpoint.go index 9c2f2c75db..d78f20046b 100644 --- a/agent/consul/internal_endpoint.go +++ b/agent/consul/internal_endpoint.go @@ -362,7 +362,7 @@ func (m *Internal) GatewayIntentions(args *structs.IntentionQueryRequest, reply } // Get the ACL token for the request for the checks below. - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta var authzContext acl.AuthorizerContext authz, err := m.srv.ResolveTokenAndDefaultMeta(args.Token, &entMeta, &authzContext) diff --git a/agent/consul/internal_endpoint_test.go b/agent/consul/internal_endpoint_test.go index e639c003fe..7f5e59a0af 100644 --- a/agent/consul/internal_endpoint_test.go +++ b/agent/consul/internal_endpoint_test.go @@ -8,10 +8,11 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" diff --git a/agent/consul/kvs_endpoint_test.go b/agent/consul/kvs_endpoint_test.go index 10c94e7025..1289ac6553 100644 --- a/agent/consul/kvs_endpoint_test.go +++ b/agent/consul/kvs_endpoint_test.go @@ -5,9 +5,10 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" diff --git a/agent/consul/leader.go b/agent/consul/leader.go index b6291ee565..f40faed42a 100644 --- a/agent/consul/leader.go +++ b/agent/consul/leader.go @@ -883,7 +883,7 @@ func (s *Server) bootstrapConfigEntries(entries []structs.ConfigEntry) error { // reconcileReaped is used to reconcile nodes that have failed and been reaped // from Serf but remain in the catalog. This is done by looking for unknown nodes with serfHealth checks registered. // We generate a "reap" event to cause the node to be cleaned up. -func (s *Server) reconcileReaped(known map[string]struct{}, nodeEntMeta *structs.EnterpriseMeta) error { +func (s *Server) reconcileReaped(known map[string]struct{}, nodeEntMeta *acl.EnterpriseMeta) error { if nodeEntMeta == nil { nodeEntMeta = structs.NodeEnterpriseMetaInDefaultPartition() } @@ -1016,7 +1016,7 @@ func (s *Server) shouldHandleMember(member serf.Member) bool { // handleAliveMember is used to ensure the node // is registered, with a passing health check. -func (s *Server) handleAliveMember(member serf.Member, nodeEntMeta *structs.EnterpriseMeta) error { +func (s *Server) handleAliveMember(member serf.Member, nodeEntMeta *acl.EnterpriseMeta) error { if nodeEntMeta == nil { nodeEntMeta = structs.NodeEnterpriseMetaInDefaultPartition() } @@ -1122,7 +1122,7 @@ AFTER_CHECK: // handleFailedMember is used to mark the node's status // as being critical, along with all checks as unknown. -func (s *Server) handleFailedMember(member serf.Member, nodeEntMeta *structs.EnterpriseMeta) error { +func (s *Server) handleFailedMember(member serf.Member, nodeEntMeta *acl.EnterpriseMeta) error { if nodeEntMeta == nil { nodeEntMeta = structs.NodeEnterpriseMetaInDefaultPartition() } @@ -1184,18 +1184,18 @@ func (s *Server) handleFailedMember(member serf.Member, nodeEntMeta *structs.Ent // handleLeftMember is used to handle members that gracefully // left. They are deregistered if necessary. -func (s *Server) handleLeftMember(member serf.Member, nodeEntMeta *structs.EnterpriseMeta) error { +func (s *Server) handleLeftMember(member serf.Member, nodeEntMeta *acl.EnterpriseMeta) error { return s.handleDeregisterMember("left", member, nodeEntMeta) } // handleReapMember is used to handle members that have been // reaped after a prolonged failure. They are deregistered. -func (s *Server) handleReapMember(member serf.Member, nodeEntMeta *structs.EnterpriseMeta) error { +func (s *Server) handleReapMember(member serf.Member, nodeEntMeta *acl.EnterpriseMeta) error { return s.handleDeregisterMember("reaped", member, nodeEntMeta) } // handleDeregisterMember is used to deregister a member of a given reason -func (s *Server) handleDeregisterMember(reason string, member serf.Member, nodeEntMeta *structs.EnterpriseMeta) error { +func (s *Server) handleDeregisterMember(reason string, member serf.Member, nodeEntMeta *acl.EnterpriseMeta) error { if nodeEntMeta == nil { nodeEntMeta = structs.NodeEnterpriseMetaInDefaultPartition() } diff --git a/agent/consul/leader_connect_ca.go b/agent/consul/leader_connect_ca.go index 899ff494a0..88d3c5d422 100644 --- a/agent/consul/leader_connect_ca.go +++ b/agent/consul/leader_connect_ca.go @@ -1439,7 +1439,7 @@ func (c *CAManager) SignCertificate(csr *x509.CertificateRequest, spiffeID conne return nil, fmt.Errorf("SPIFFE ID in CSR must be a service or agent ID") } - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if isService { if !signingID.CanSign(spiffeID) { return nil, fmt.Errorf("SPIFFE ID in CSR from a different trust domain: %s, "+ diff --git a/agent/consul/operator_autopilot_endpoint_test.go b/agent/consul/operator_autopilot_endpoint_test.go index e28f30dabf..a0a300c6da 100644 --- a/agent/consul/operator_autopilot_endpoint_test.go +++ b/agent/consul/operator_autopilot_endpoint_test.go @@ -5,11 +5,12 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/hashicorp/raft" autopilot "github.com/hashicorp/raft-autopilot" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil/retry" diff --git a/agent/consul/operator_raft_endpoint_test.go b/agent/consul/operator_raft_endpoint_test.go index e9e055e680..be60ec66a3 100644 --- a/agent/consul/operator_raft_endpoint_test.go +++ b/agent/consul/operator_raft_endpoint_test.go @@ -7,10 +7,11 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/hashicorp/raft" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/freeport" diff --git a/agent/consul/prepared_query_endpoint_test.go b/agent/consul/prepared_query_endpoint_test.go index 8c67eb5d71..5a0aef3051 100644 --- a/agent/consul/prepared_query_endpoint_test.go +++ b/agent/consul/prepared_query_endpoint_test.go @@ -10,13 +10,14 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" - "github.com/hashicorp/consul-net-rpc/net/rpc" "github.com/hashicorp/go-hclog" "github.com/hashicorp/serf/coordinate" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul-net-rpc/net/rpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" tokenStore "github.com/hashicorp/consul/agent/token" diff --git a/agent/consul/rpc_test.go b/agent/consul/rpc_test.go index d8bb45241a..0e236eed59 100644 --- a/agent/consul/rpc_test.go +++ b/agent/consul/rpc_test.go @@ -995,7 +995,7 @@ func TestRPC_LocalTokenStrippedOnForward(t *testing.T) { // Wait for it to replicate retry.Run(t, func(r *retry.R) { - _, p, err := s2.fsm.State().ACLPolicyGetByID(nil, kvPolicy.ID, &structs.EnterpriseMeta{}) + _, p, err := s2.fsm.State().ACLPolicyGetByID(nil, kvPolicy.ID, &acl.EnterpriseMeta{}) require.Nil(r, err) require.NotNil(r, p) }) @@ -1128,7 +1128,7 @@ func TestRPC_LocalTokenStrippedOnForward_GRPC(t *testing.T) { // Wait for it to replicate retry.Run(t, func(r *retry.R) { - _, p, err := s2.fsm.State().ACLPolicyGetByID(nil, policy.ID, &structs.EnterpriseMeta{}) + _, p, err := s2.fsm.State().ACLPolicyGetByID(nil, policy.ID, &acl.EnterpriseMeta{}) require.Nil(r, err) require.NotNil(r, p) }) diff --git a/agent/consul/serf_filter.go b/agent/consul/serf_filter.go index 4ea2811d20..ebd6db7591 100644 --- a/agent/consul/serf_filter.go +++ b/agent/consul/serf_filter.go @@ -3,7 +3,7 @@ package consul import ( "fmt" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) type LANMemberFilter struct { @@ -16,12 +16,12 @@ func (f LANMemberFilter) Validate() error { if f.AllSegments && f.Segment != "" { return fmt.Errorf("cannot specify both allSegments and segment filters") } - if (f.AllSegments || f.Segment != "") && !structs.IsDefaultPartition(f.Partition) { + if (f.AllSegments || f.Segment != "") && !acl.IsDefaultPartition(f.Partition) { return fmt.Errorf("segments do not exist outside of the default partition") } return nil } func (f LANMemberFilter) PartitionOrDefault() string { - return structs.PartitionOrDefault(f.Partition) + return acl.PartitionOrDefault(f.Partition) } diff --git a/agent/consul/server.go b/agent/consul/server.go index 2b40a615e5..c48204bb51 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -1230,7 +1230,7 @@ func (s *Server) WANMembers() []serf.Member { } // RemoveFailedNode is used to remove a failed node from the cluster. -func (s *Server) RemoveFailedNode(node string, prune bool, entMeta *structs.EnterpriseMeta) error { +func (s *Server) RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error { var removeFn func(*serf.Serf, string) error if prune { removeFn = (*serf.Serf).RemoveFailedNodePrune @@ -1250,7 +1250,7 @@ func (s *Server) RemoveFailedNode(node string, prune bool, entMeta *structs.Ente } // RemoveFailedNodeWAN is used to remove a failed node from the WAN cluster. -func (s *Server) RemoveFailedNodeWAN(wanNode string, prune bool, entMeta *structs.EnterpriseMeta) error { +func (s *Server) RemoveFailedNodeWAN(wanNode string, prune bool, entMeta *acl.EnterpriseMeta) error { var removeFn func(*serf.Serf, string) error if prune { removeFn = (*serf.Serf).RemoveFailedNodePrune @@ -1283,7 +1283,7 @@ func (s *Server) KeyManagerWAN() *serf.KeyManager { return s.serfWAN.KeyManager() } -func (s *Server) AgentEnterpriseMeta() *structs.EnterpriseMeta { +func (s *Server) AgentEnterpriseMeta() *acl.EnterpriseMeta { return s.config.AgentEnterpriseMeta() } diff --git a/agent/consul/server_oss.go b/agent/consul/server_oss.go index 0281b4d7ac..5ae2fc3ea6 100644 --- a/agent/consul/server_oss.go +++ b/agent/consul/server_oss.go @@ -14,6 +14,7 @@ import ( "github.com/hashicorp/serf/serf" "google.golang.org/grpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib" ) @@ -26,7 +27,7 @@ func (s *Server) enterpriseValidateJoinWAN() error { // JoinLAN is used to have Consul join the inner-DC pool The target address // should be another node inside the DC listening on the Serf LAN address -func (s *Server) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (int, error) { +func (s *Server) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (int, error) { return s.serfLAN.Join(addrs, true) } @@ -36,7 +37,7 @@ func (s *Server) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (int, func (s *Server) removeFailedNode( removeFn func(*serf.Serf, string) error, node, wanNode string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) error { maybeRemove := func(s *serf.Serf, node string) (bool, error) { if !isSerfMember(s, node) { @@ -155,6 +156,6 @@ func (s *Server) addEnterpriseStats(stats map[string]map[string]string) { // no-op } -func getSerfMemberEnterpriseMeta(member serf.Member) *structs.EnterpriseMeta { +func getSerfMemberEnterpriseMeta(member serf.Member) *acl.EnterpriseMeta { return structs.NodeEnterpriseMetaInDefaultPartition() } diff --git a/agent/consul/server_overview.go b/agent/consul/server_overview.go index b75ffed5d6..1c42f3483e 100644 --- a/agent/consul/server_overview.go +++ b/agent/consul/server_overview.go @@ -7,10 +7,12 @@ import ( "sync" "time" + "github.com/hashicorp/go-hclog" + + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/usagemetrics" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" - "github.com/hashicorp/go-hclog" ) type OverviewManager struct { @@ -69,7 +71,7 @@ func getCatalogOverview(catalog *structs.CatalogContents) *structs.CatalogSummar serviceInstanceChecks := make(map[string][]*structs.HealthCheck) checkSummaries := make(map[string]structs.HealthSummary) - entMetaIDString := func(id string, entMeta structs.EnterpriseMeta) string { + entMetaIDString := func(id string, entMeta acl.EnterpriseMeta) string { return fmt.Sprintf("%s/%s/%s", id, entMeta.PartitionOrEmpty(), entMeta.NamespaceOrEmpty()) } diff --git a/agent/consul/session_endpoint_test.go b/agent/consul/session_endpoint_test.go index cbfcdc43f7..277d326f3e 100644 --- a/agent/consul/session_endpoint_test.go +++ b/agent/consul/session_endpoint_test.go @@ -5,9 +5,10 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib/stringslice" diff --git a/agent/consul/session_ttl.go b/agent/consul/session_ttl.go index 7052d5db1b..1b2d1ff0c7 100644 --- a/agent/consul/session_ttl.go +++ b/agent/consul/session_ttl.go @@ -7,6 +7,7 @@ import ( "github.com/armon/go-metrics" "github.com/armon/go-metrics/prometheus" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -82,7 +83,7 @@ func (s *Server) resetSessionTimer(session *structs.Session) error { return nil } -func (s *Server) createSessionTimer(id string, ttl time.Duration, entMeta *structs.EnterpriseMeta) { +func (s *Server) createSessionTimer(id string, ttl time.Duration, entMeta *acl.EnterpriseMeta) { // Reset the session timer // Adjust the given TTL by the TTL multiplier. This is done // to give a client a grace period and to compensate for network @@ -95,7 +96,7 @@ func (s *Server) createSessionTimer(id string, ttl time.Duration, entMeta *struc // invalidateSession is invoked when a session TTL is reached and we // need to invalidate the session. -func (s *Server) invalidateSession(id string, entMeta *structs.EnterpriseMeta) { +func (s *Server) invalidateSession(id string, entMeta *acl.EnterpriseMeta) { defer metrics.MeasureSince([]string{"session_ttl", "invalidate"}, time.Now()) // Clear the session timer diff --git a/agent/consul/snapshot_endpoint_test.go b/agent/consul/snapshot_endpoint_test.go index 03e25f8471..29f60618be 100644 --- a/agent/consul/snapshot_endpoint_test.go +++ b/agent/consul/snapshot_endpoint_test.go @@ -7,10 +7,11 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" autopilot "github.com/hashicorp/raft-autopilot" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" diff --git a/agent/consul/state/acl.go b/agent/consul/state/acl.go index 877037fe26..61fa3337fb 100644 --- a/agent/consul/state/acl.go +++ b/agent/consul/state/acl.go @@ -6,6 +6,7 @@ import ( memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" pbacl "github.com/hashicorp/consul/proto/pbacl" ) @@ -571,17 +572,17 @@ func aclTokenSetTxn(tx WriteTxn, idx uint64, token *structs.ACLToken, opts ACLTo } // ACLTokenGetBySecret is used to look up an existing ACL token by its SecretID. -func (s *Store) ACLTokenGetBySecret(ws memdb.WatchSet, secret string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLToken, error) { +func (s *Store) ACLTokenGetBySecret(ws memdb.WatchSet, secret string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLToken, error) { return s.aclTokenGet(ws, secret, "id", entMeta) } // ACLTokenGetByAccessor is used to look up an existing ACL token by its AccessorID. -func (s *Store) ACLTokenGetByAccessor(ws memdb.WatchSet, accessor string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLToken, error) { +func (s *Store) ACLTokenGetByAccessor(ws memdb.WatchSet, accessor string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLToken, error) { return s.aclTokenGet(ws, accessor, indexAccessor, entMeta) } // aclTokenGet looks up a token using one of the indexes provided -func (s *Store) aclTokenGet(ws memdb.WatchSet, value, index string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLToken, error) { +func (s *Store) aclTokenGet(ws memdb.WatchSet, value, index string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLToken, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -616,7 +617,7 @@ func (s *Store) ACLTokenBatchGet(ws memdb.WatchSet, accessors []string) (uint64, return idx, tokens, nil } -func aclTokenGetTxn(tx ReadTxn, ws memdb.WatchSet, value, index string, entMeta *structs.EnterpriseMeta) (*structs.ACLToken, error) { +func aclTokenGetTxn(tx ReadTxn, ws memdb.WatchSet, value, index string, entMeta *acl.EnterpriseMeta) (*structs.ACLToken, error) { watchCh, rawToken, err := aclTokenGetFromIndex(tx, value, index, entMeta) if err != nil { return nil, fmt.Errorf("failed acl token lookup: %v", err) @@ -640,7 +641,7 @@ func aclTokenGetTxn(tx ReadTxn, ws memdb.WatchSet, value, index string, entMeta } // ACLTokenList return a list of ACL Tokens that match the policy, role, and method. -func (s *Store) ACLTokenList(ws memdb.WatchSet, local, global bool, policy, role, methodName string, methodMeta, entMeta *structs.EnterpriseMeta) (uint64, structs.ACLTokens, error) { +func (s *Store) ACLTokenList(ws memdb.WatchSet, local, global bool, policy, role, methodName string, methodMeta, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLTokens, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -799,7 +800,7 @@ func (s *Store) expiresIndexName(local bool) string { // ACLTokenDeleteByAccessor is used to remove an existing ACL from the state store. If // the ACL does not exist this is a no-op and no error is returned. -func (s *Store) ACLTokenDeleteByAccessor(idx uint64, accessor string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLTokenDeleteByAccessor(idx uint64, accessor string, entMeta *acl.EnterpriseMeta) error { return s.aclTokenDelete(idx, accessor, indexAccessor, entMeta) } @@ -816,7 +817,7 @@ func (s *Store) ACLTokenBatchDelete(idx uint64, tokenIDs []string) error { return tx.Commit() } -func (s *Store) aclTokenDelete(idx uint64, value, index string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) aclTokenDelete(idx uint64, value, index string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -827,7 +828,7 @@ func (s *Store) aclTokenDelete(idx uint64, value, index string, entMeta *structs return tx.Commit() } -func aclTokenDeleteTxn(tx WriteTxn, idx uint64, value, index string, entMeta *structs.EnterpriseMeta) error { +func aclTokenDeleteTxn(tx WriteTxn, idx uint64, value, index string, entMeta *acl.EnterpriseMeta) error { // Look up the existing token _, token, err := aclTokenGetFromIndex(tx, value, index, entMeta) if err != nil { @@ -845,7 +846,7 @@ func aclTokenDeleteTxn(tx WriteTxn, idx uint64, value, index string, entMeta *st return aclTokenDeleteWithToken(tx, token.(*structs.ACLToken), idx) } -func aclTokenDeleteAllForAuthMethodTxn(tx WriteTxn, idx uint64, methodName string, methodGlobalLocality bool, methodMeta *structs.EnterpriseMeta) error { +func aclTokenDeleteAllForAuthMethodTxn(tx WriteTxn, idx uint64, methodName string, methodGlobalLocality bool, methodMeta *acl.EnterpriseMeta) error { // collect all the tokens linked with the given auth method. iter, err := aclTokenListByAuthMethod(tx, methodName, methodMeta, methodMeta.WithWildcardNamespace()) if err != nil { @@ -966,15 +967,15 @@ func aclPolicySetTxn(tx WriteTxn, idx uint64, policy *structs.ACLPolicy) error { return aclPolicyInsert(tx, policy) } -func (s *Store) ACLPolicyGetByID(ws memdb.WatchSet, id string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) { +func (s *Store) ACLPolicyGetByID(ws memdb.WatchSet, id string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) { return s.aclPolicyGet(ws, id, aclPolicyGetByID, entMeta) } -func (s *Store) ACLPolicyGetByName(ws memdb.WatchSet, name string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) { +func (s *Store) ACLPolicyGetByName(ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) { return s.aclPolicyGet(ws, name, aclPolicyGetByName, entMeta) } -func aclPolicyGetByName(tx ReadTxn, name string, entMeta *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func aclPolicyGetByName(tx ReadTxn, name string, entMeta *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { // todo: accept non-pointer value if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -1006,9 +1007,9 @@ func (s *Store) ACLPolicyBatchGet(ws memdb.WatchSet, ids []string) (uint64, stru return idx, policies, nil } -type aclPolicyGetFn func(ReadTxn, string, *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) +type aclPolicyGetFn func(ReadTxn, string, *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) -func getPolicyWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclPolicyGetFn, entMeta *structs.EnterpriseMeta) (*structs.ACLPolicy, error) { +func getPolicyWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclPolicyGetFn, entMeta *acl.EnterpriseMeta) (*structs.ACLPolicy, error) { watchCh, policy, err := fn(tx, value, entMeta) if err != nil { return nil, fmt.Errorf("failed acl policy lookup: %v", err) @@ -1022,7 +1023,7 @@ func getPolicyWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclPolicyG return policy.(*structs.ACLPolicy), nil } -func (s *Store) aclPolicyGet(ws memdb.WatchSet, value string, fn aclPolicyGetFn, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) { +func (s *Store) aclPolicyGet(ws memdb.WatchSet, value string, fn aclPolicyGetFn, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLPolicy, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1036,7 +1037,7 @@ func (s *Store) aclPolicyGet(ws memdb.WatchSet, value string, fn aclPolicyGetFn, return idx, policy, nil } -func (s *Store) ACLPolicyList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.ACLPolicies, error) { +func (s *Store) ACLPolicyList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLPolicies, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1057,11 +1058,11 @@ func (s *Store) ACLPolicyList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta return idx, result, nil } -func (s *Store) ACLPolicyDeleteByID(idx uint64, id string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLPolicyDeleteByID(idx uint64, id string, entMeta *acl.EnterpriseMeta) error { return s.aclPolicyDelete(idx, id, aclPolicyGetByID, entMeta) } -func (s *Store) ACLPolicyDeleteByName(idx uint64, name string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLPolicyDeleteByName(idx uint64, name string, entMeta *acl.EnterpriseMeta) error { return s.aclPolicyDelete(idx, name, aclPolicyGetByName, entMeta) } @@ -1077,7 +1078,7 @@ func (s *Store) ACLPolicyBatchDelete(idx uint64, policyIDs []string) error { return tx.Commit() } -func (s *Store) aclPolicyDelete(idx uint64, value string, fn aclPolicyGetFn, entMeta *structs.EnterpriseMeta) error { +func (s *Store) aclPolicyDelete(idx uint64, value string, fn aclPolicyGetFn, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -1088,7 +1089,7 @@ func (s *Store) aclPolicyDelete(idx uint64, value string, fn aclPolicyGetFn, ent return tx.Commit() } -func aclPolicyDeleteTxn(tx WriteTxn, idx uint64, value string, fn aclPolicyGetFn, entMeta *structs.EnterpriseMeta) error { +func aclPolicyDeleteTxn(tx WriteTxn, idx uint64, value string, fn aclPolicyGetFn, entMeta *acl.EnterpriseMeta) error { // Look up the existing token _, rawPolicy, err := fn(tx, value, entMeta) if err != nil { @@ -1197,17 +1198,17 @@ func aclRoleSetTxn(tx WriteTxn, idx uint64, role *structs.ACLRole, allowMissing return aclRoleInsert(tx, role) } -type aclRoleGetFn func(ReadTxn, string, *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) +type aclRoleGetFn func(ReadTxn, string, *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) -func (s *Store) ACLRoleGetByID(ws memdb.WatchSet, id string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLRole, error) { +func (s *Store) ACLRoleGetByID(ws memdb.WatchSet, id string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLRole, error) { return s.aclRoleGet(ws, id, aclRoleGetByID, entMeta) } -func (s *Store) ACLRoleGetByName(ws memdb.WatchSet, name string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLRole, error) { +func (s *Store) ACLRoleGetByName(ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLRole, error) { return s.aclRoleGet(ws, name, aclRoleGetByName, entMeta) } -func aclRoleGetByName(tx ReadTxn, name string, entMeta *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func aclRoleGetByName(tx ReadTxn, name string, entMeta *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { // TODO: accept non-pointer value if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -1237,7 +1238,7 @@ func (s *Store) ACLRoleBatchGet(ws memdb.WatchSet, ids []string) (uint64, struct return idx, roles, nil } -func getRoleWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclRoleGetFn, entMeta *structs.EnterpriseMeta) (*structs.ACLRole, error) { +func getRoleWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclRoleGetFn, entMeta *acl.EnterpriseMeta) (*structs.ACLRole, error) { watchCh, rawRole, err := fn(tx, value, entMeta) if err != nil { return nil, fmt.Errorf("failed acl role lookup: %v", err) @@ -1256,7 +1257,7 @@ func getRoleWithTxn(tx ReadTxn, ws memdb.WatchSet, value string, fn aclRoleGetFn return nil, nil } -func (s *Store) aclRoleGet(ws memdb.WatchSet, value string, fn aclRoleGetFn, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLRole, error) { +func (s *Store) aclRoleGet(ws memdb.WatchSet, value string, fn aclRoleGetFn, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLRole, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1270,7 +1271,7 @@ func (s *Store) aclRoleGet(ws memdb.WatchSet, value string, fn aclRoleGetFn, ent return idx, role, nil } -func (s *Store) ACLRoleList(ws memdb.WatchSet, policy string, entMeta *structs.EnterpriseMeta) (uint64, structs.ACLRoles, error) { +func (s *Store) ACLRoleList(ws memdb.WatchSet, policy string, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLRoles, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1310,11 +1311,11 @@ func (s *Store) ACLRoleList(ws memdb.WatchSet, policy string, entMeta *structs.E return idx, result, nil } -func (s *Store) ACLRoleDeleteByID(idx uint64, id string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLRoleDeleteByID(idx uint64, id string, entMeta *acl.EnterpriseMeta) error { return s.aclRoleDelete(idx, id, aclRoleGetByID, entMeta) } -func (s *Store) ACLRoleDeleteByName(idx uint64, name string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLRoleDeleteByName(idx uint64, name string, entMeta *acl.EnterpriseMeta) error { return s.aclRoleDelete(idx, name, aclRoleGetByName, entMeta) } @@ -1330,7 +1331,7 @@ func (s *Store) ACLRoleBatchDelete(idx uint64, roleIDs []string) error { return tx.Commit() } -func (s *Store) aclRoleDelete(idx uint64, value string, fn aclRoleGetFn, entMeta *structs.EnterpriseMeta) error { +func (s *Store) aclRoleDelete(idx uint64, value string, fn aclRoleGetFn, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -1341,7 +1342,7 @@ func (s *Store) aclRoleDelete(idx uint64, value string, fn aclRoleGetFn, entMeta return tx.Commit() } -func aclRoleDeleteTxn(tx WriteTxn, idx uint64, value string, fn aclRoleGetFn, entMeta *structs.EnterpriseMeta) error { +func aclRoleDeleteTxn(tx WriteTxn, idx uint64, value string, fn aclRoleGetFn, entMeta *acl.EnterpriseMeta) error { // Look up the existing role _, rawRole, err := fn(tx, value, entMeta) if err != nil { @@ -1417,11 +1418,11 @@ func aclBindingRuleSetTxn(tx WriteTxn, idx uint64, rule *structs.ACLBindingRule) return aclBindingRuleInsert(tx, rule) } -func (s *Store) ACLBindingRuleGetByID(ws memdb.WatchSet, id string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLBindingRule, error) { +func (s *Store) ACLBindingRuleGetByID(ws memdb.WatchSet, id string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLBindingRule, error) { return s.aclBindingRuleGet(ws, id, entMeta) } -func (s *Store) aclBindingRuleGet(ws memdb.WatchSet, value string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLBindingRule, error) { +func (s *Store) aclBindingRuleGet(ws memdb.WatchSet, value string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLBindingRule, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1441,7 +1442,7 @@ func (s *Store) aclBindingRuleGet(ws memdb.WatchSet, value string, entMeta *stru return idx, rule, nil } -func (s *Store) ACLBindingRuleList(ws memdb.WatchSet, methodName string, entMeta *structs.EnterpriseMeta) (uint64, structs.ACLBindingRules, error) { +func (s *Store) ACLBindingRuleList(ws memdb.WatchSet, methodName string, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLBindingRules, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1471,7 +1472,7 @@ func (s *Store) ACLBindingRuleList(ws memdb.WatchSet, methodName string, entMeta return idx, result, nil } -func (s *Store) ACLBindingRuleDeleteByID(idx uint64, id string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLBindingRuleDeleteByID(idx uint64, id string, entMeta *acl.EnterpriseMeta) error { return s.aclBindingRuleDelete(idx, id, entMeta) } @@ -1485,7 +1486,7 @@ func (s *Store) ACLBindingRuleBatchDelete(idx uint64, bindingRuleIDs []string) e return tx.Commit() } -func (s *Store) aclBindingRuleDelete(idx uint64, id string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) aclBindingRuleDelete(idx uint64, id string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -1496,7 +1497,7 @@ func (s *Store) aclBindingRuleDelete(idx uint64, id string, entMeta *structs.Ent return tx.Commit() } -func aclBindingRuleDeleteTxn(tx WriteTxn, idx uint64, id string, entMeta *structs.EnterpriseMeta) error { +func aclBindingRuleDeleteTxn(tx WriteTxn, idx uint64, id string, entMeta *acl.EnterpriseMeta) error { // Look up the existing binding rule _, rawRule, err := aclBindingRuleGetByID(tx, id, entMeta) if err != nil { @@ -1515,7 +1516,7 @@ func aclBindingRuleDeleteTxn(tx WriteTxn, idx uint64, id string, entMeta *struct return nil } -func aclBindingRuleDeleteAllForAuthMethodTxn(tx WriteTxn, idx uint64, methodName string, entMeta *structs.EnterpriseMeta) error { +func aclBindingRuleDeleteAllForAuthMethodTxn(tx WriteTxn, idx uint64, methodName string, entMeta *acl.EnterpriseMeta) error { // collect them all iter, err := aclBindingRuleListByAuthMethod(tx, methodName, entMeta) if err != nil { @@ -1596,11 +1597,11 @@ func aclAuthMethodSetTxn(tx WriteTxn, idx uint64, method *structs.ACLAuthMethod) return aclAuthMethodInsert(tx, method) } -func (s *Store) ACLAuthMethodGetByName(ws memdb.WatchSet, name string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLAuthMethod, error) { +func (s *Store) ACLAuthMethodGetByName(ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLAuthMethod, error) { return s.aclAuthMethodGet(ws, name, entMeta) } -func (s *Store) aclAuthMethodGet(ws memdb.WatchSet, name string, entMeta *structs.EnterpriseMeta) (uint64, *structs.ACLAuthMethod, error) { +func (s *Store) aclAuthMethodGet(ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (uint64, *structs.ACLAuthMethod, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1614,7 +1615,7 @@ func (s *Store) aclAuthMethodGet(ws memdb.WatchSet, name string, entMeta *struct return idx, method, nil } -func getAuthMethodWithTxn(tx ReadTxn, ws memdb.WatchSet, name string, entMeta *structs.EnterpriseMeta) (*structs.ACLAuthMethod, error) { +func getAuthMethodWithTxn(tx ReadTxn, ws memdb.WatchSet, name string, entMeta *acl.EnterpriseMeta) (*structs.ACLAuthMethod, error) { watchCh, rawMethod, err := aclAuthMethodGetByName(tx, name, entMeta) if err != nil { return nil, fmt.Errorf("failed acl auth method lookup: %v", err) @@ -1628,7 +1629,7 @@ func getAuthMethodWithTxn(tx ReadTxn, ws memdb.WatchSet, name string, entMeta *s return nil, nil } -func (s *Store) ACLAuthMethodList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.ACLAuthMethods, error) { +func (s *Store) ACLAuthMethodList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.ACLAuthMethods, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1650,11 +1651,11 @@ func (s *Store) ACLAuthMethodList(ws memdb.WatchSet, entMeta *structs.Enterprise return idx, result, nil } -func (s *Store) ACLAuthMethodDeleteByName(idx uint64, name string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLAuthMethodDeleteByName(idx uint64, name string, entMeta *acl.EnterpriseMeta) error { return s.aclAuthMethodDelete(idx, name, entMeta) } -func (s *Store) ACLAuthMethodBatchDelete(idx uint64, names []string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) ACLAuthMethodBatchDelete(idx uint64, names []string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -1669,7 +1670,7 @@ func (s *Store) ACLAuthMethodBatchDelete(idx uint64, names []string, entMeta *st return tx.Commit() } -func (s *Store) aclAuthMethodDelete(idx uint64, name string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) aclAuthMethodDelete(idx uint64, name string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -1680,7 +1681,7 @@ func (s *Store) aclAuthMethodDelete(idx uint64, name string, entMeta *structs.En return tx.Commit() } -func aclAuthMethodDeleteTxn(tx WriteTxn, idx uint64, name string, entMeta *structs.EnterpriseMeta) error { +func aclAuthMethodDeleteTxn(tx WriteTxn, idx uint64, name string, entMeta *acl.EnterpriseMeta) error { // Look up the existing method _, rawMethod, err := aclAuthMethodGetByName(tx, name, entMeta) if err != nil { @@ -1704,7 +1705,7 @@ func aclAuthMethodDeleteTxn(tx WriteTxn, idx uint64, name string, entMeta *struc return aclAuthMethodDeleteWithMethod(tx, method, idx) } -func aclTokenList(tx ReadTxn, entMeta *structs.EnterpriseMeta, locality bool) (memdb.ResultIterator, error) { +func aclTokenList(tx ReadTxn, entMeta *acl.EnterpriseMeta, locality bool) (memdb.ResultIterator, error) { // TODO: accept non-pointer value if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() diff --git a/agent/consul/state/acl_oss.go b/agent/consul/state/acl_oss.go index d7bed1d804..67a272c242 100644 --- a/agent/consul/state/acl_oss.go +++ b/agent/consul/state/acl_oss.go @@ -9,17 +9,18 @@ import ( memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) -func updateTableIndexEntries(tx WriteTxn, tableName string, modifyIndex uint64, _ *structs.EnterpriseMeta) error { +func updateTableIndexEntries(tx WriteTxn, tableName string, modifyIndex uint64, _ *acl.EnterpriseMeta) error { if err := indexUpdateMaxTxn(tx, modifyIndex, tableName); err != nil { return fmt.Errorf("failed updating %s index: %v", tableName, err) } return nil } -func aclPolicyGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func aclPolicyGetByID(tx ReadTxn, id string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableACLPolicies, indexID, id) } @@ -36,7 +37,7 @@ func aclPolicyDeleteWithPolicy(tx WriteTxn, policy *structs.ACLPolicy, idx uint6 return nil } -func aclPolicyMaxIndex(tx ReadTxn, _ *structs.ACLPolicy, _ *structs.EnterpriseMeta) uint64 { +func aclPolicyMaxIndex(tx ReadTxn, _ *structs.ACLPolicy, _ *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableACLPolicies) } @@ -52,23 +53,23 @@ func (s *Store) ACLPolicyUpsertValidateEnterprise(*structs.ACLPolicy, *structs.A ///// ACL Token Functions ///// /////////////////////////////////////////////////////////////////////////////// -func aclTokenGetFromIndex(tx ReadTxn, id string, index string, entMeta *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func aclTokenGetFromIndex(tx ReadTxn, id string, index string, entMeta *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableACLTokens, index, id) } -func aclTokenListAll(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func aclTokenListAll(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableACLTokens, indexID) } -func aclTokenListByPolicy(tx ReadTxn, policy string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func aclTokenListByPolicy(tx ReadTxn, policy string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableACLTokens, indexPolicies, Query{Value: policy}) } -func aclTokenListByRole(tx ReadTxn, role string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func aclTokenListByRole(tx ReadTxn, role string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableACLTokens, indexRoles, Query{Value: role}) } -func aclTokenListByAuthMethod(tx ReadTxn, authMethod string, _, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func aclTokenListByAuthMethod(tx ReadTxn, authMethod string, _, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableACLTokens, indexAuthMethod, AuthMethodQuery{Value: authMethod}) } @@ -85,7 +86,7 @@ func aclTokenDeleteWithToken(tx WriteTxn, token *structs.ACLToken, idx uint64) e return nil } -func aclTokenMaxIndex(tx ReadTxn, _ *structs.ACLToken, entMeta *structs.EnterpriseMeta) uint64 { +func aclTokenMaxIndex(tx ReadTxn, _ *structs.ACLToken, entMeta *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableACLTokens) } @@ -101,7 +102,7 @@ func (s *Store) ACLTokenUpsertValidateEnterprise(token *structs.ACLToken, existi ///// ACL Role Functions ///// /////////////////////////////////////////////////////////////////////////////// -func aclRoleGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func aclRoleGetByID(tx ReadTxn, id string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableACLRoles, indexID, id) } @@ -118,7 +119,7 @@ func aclRoleDeleteWithRole(tx WriteTxn, role *structs.ACLRole, idx uint64) error return nil } -func aclRoleMaxIndex(tx ReadTxn, _ *structs.ACLRole, _ *structs.EnterpriseMeta) uint64 { +func aclRoleMaxIndex(tx ReadTxn, _ *structs.ACLRole, _ *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableACLRoles) } @@ -134,15 +135,15 @@ func (s *Store) ACLRoleUpsertValidateEnterprise(role *structs.ACLRole, existing ///// ACL Binding Rule Functions ///// /////////////////////////////////////////////////////////////////////////////// -func aclBindingRuleGetByID(tx ReadTxn, id string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func aclBindingRuleGetByID(tx ReadTxn, id string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableACLBindingRules, indexID, id) } -func aclBindingRuleList(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func aclBindingRuleList(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableACLBindingRules, indexID) } -func aclBindingRuleListByAuthMethod(tx ReadTxn, method string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func aclBindingRuleListByAuthMethod(tx ReadTxn, method string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableACLBindingRules, indexAuthMethod, Query{Value: method}) } @@ -159,7 +160,7 @@ func aclBindingRuleDeleteWithRule(tx WriteTxn, rule *structs.ACLBindingRule, idx return nil } -func aclBindingRuleMaxIndex(tx ReadTxn, _ *structs.ACLBindingRule, entMeta *structs.EnterpriseMeta) uint64 { +func aclBindingRuleMaxIndex(tx ReadTxn, _ *structs.ACLBindingRule, entMeta *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableACLBindingRules) } @@ -175,11 +176,11 @@ func (s *Store) ACLBindingRuleUpsertValidateEnterprise(rule *structs.ACLBindingR ///// ACL Auth Method Functions ///// /////////////////////////////////////////////////////////////////////////////// -func aclAuthMethodGetByName(tx ReadTxn, method string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func aclAuthMethodGetByName(tx ReadTxn, method string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableACLAuthMethods, indexID, Query{Value: method}) } -func aclAuthMethodList(tx ReadTxn, entMeta *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func aclAuthMethodList(tx ReadTxn, entMeta *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableACLAuthMethods, indexID) } @@ -196,7 +197,7 @@ func aclAuthMethodDeleteWithMethod(tx WriteTxn, method *structs.ACLAuthMethod, i return nil } -func aclAuthMethodMaxIndex(tx ReadTxn, _ *structs.ACLAuthMethod, entMeta *structs.EnterpriseMeta) uint64 { +func aclAuthMethodMaxIndex(tx ReadTxn, _ *structs.ACLAuthMethod, entMeta *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableACLAuthMethods) } diff --git a/agent/consul/state/acl_oss_test.go b/agent/consul/state/acl_oss_test.go index 22b3c3b94a..f86afc1a34 100644 --- a/agent/consul/state/acl_oss_test.go +++ b/agent/consul/state/acl_oss_test.go @@ -3,7 +3,10 @@ package state -import "github.com/hashicorp/consul/agent/structs" +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" +) func testIndexerTableACLPolicies() map[string]indexerTestCase { obj := &structs.ACLPolicy{ @@ -177,7 +180,7 @@ func testIndexerTableACLBindingRules() map[string]indexerTestCase { func testIndexerTableACLAuthMethods() map[string]indexerTestCase { obj := &structs.ACLAuthMethod{ Name: "ThEAuthMethod", - EnterpriseMeta: structs.EnterpriseMeta{}, + EnterpriseMeta: acl.EnterpriseMeta{}, } encodedName := []byte{0x74, 0x68, 0x65, 0x61, 0x75, 0x74, 0x68, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x0} return map[string]indexerTestCase{ diff --git a/agent/consul/state/acl_schema.go b/agent/consul/state/acl_schema.go index 1e8f415f46..f2b77dcbf7 100644 --- a/agent/consul/state/acl_schema.go +++ b/agent/consul/state/acl_schema.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -227,9 +228,9 @@ func indexFromUUIDQuery(raw interface{}) ([]byte, error) { func prefixIndexFromUUIDQuery(arg interface{}) ([]byte, error) { switch v := arg.(type) { - case *structs.EnterpriseMeta: + case *acl.EnterpriseMeta: return nil, nil - case structs.EnterpriseMeta: + case acl.EnterpriseMeta: return nil, nil case Query: return variableLengthUUIDStringToBytes(v.Value) diff --git a/agent/consul/state/catalog.go b/agent/consul/state/catalog.go index b882931d6d..db256cfe10 100644 --- a/agent/consul/state/catalog.go +++ b/agent/consul/state/catalog.go @@ -57,7 +57,7 @@ func (s *Snapshot) Nodes() (memdb.ResultIterator, error) { // Services is used to pull the full list of services for a given node for use // during snapshots. -func (s *Snapshot) Services(node string, entMeta *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func (s *Snapshot) Services(node string, entMeta *acl.EnterpriseMeta) (memdb.ResultIterator, error) { // TODO: accept non-pointer value if entMeta == nil { entMeta = structs.NodeEnterpriseMetaInDefaultPartition() @@ -70,7 +70,7 @@ func (s *Snapshot) Services(node string, entMeta *structs.EnterpriseMeta) (memdb // Checks is used to pull the full list of checks for a given node for use // during snapshots. -func (s *Snapshot) Checks(node string, entMeta *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func (s *Snapshot) Checks(node string, entMeta *acl.EnterpriseMeta) (memdb.ResultIterator, error) { // TODO: accept non-pointer value if entMeta == nil { entMeta = structs.NodeEnterpriseMetaInDefaultPartition() @@ -136,7 +136,7 @@ func (s *Store) ensureCheckIfNodeMatches( nodePartition string, check *structs.HealthCheck, ) error { - if !strings.EqualFold(check.Node, node) || !structs.EqualPartitions(nodePartition, check.PartitionOrDefault()) { + if !strings.EqualFold(check.Node, node) || !acl.EqualPartitions(nodePartition, check.PartitionOrDefault()) { return fmt.Errorf("check node %q does not match node %q", printNodeName(check.Node, check.PartitionOrDefault()), printNodeName(node, nodePartition), @@ -149,7 +149,7 @@ func (s *Store) ensureCheckIfNodeMatches( } func printNodeName(nodeName, partition string) string { - if structs.IsDefaultPartition(partition) { + if acl.IsDefaultPartition(partition) { return nodeName } return partition + "/" + nodeName @@ -396,7 +396,7 @@ func (s *Store) ensureNodeTxn(tx WriteTxn, idx uint64, preserveIndexes bool, nod } // GetNode is used to retrieve a node registration by node name ID. -func (s *Store) GetNode(nodeNameOrID string, entMeta *structs.EnterpriseMeta) (uint64, *structs.Node, error) { +func (s *Store) GetNode(nodeNameOrID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.Node, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -416,7 +416,7 @@ func (s *Store) GetNode(nodeNameOrID string, entMeta *structs.EnterpriseMeta) (u return idx, node, nil } -func getNodeTxn(tx ReadTxn, nodeNameOrID string, entMeta *structs.EnterpriseMeta) (*structs.Node, error) { +func getNodeTxn(tx ReadTxn, nodeNameOrID string, entMeta *acl.EnterpriseMeta) (*structs.Node, error) { node, err := tx.First(tableNodes, indexID, Query{ Value: nodeNameOrID, EnterpriseMeta: *entMeta, @@ -430,7 +430,7 @@ func getNodeTxn(tx ReadTxn, nodeNameOrID string, entMeta *structs.EnterpriseMeta return nil, nil } -func getNodeIDTxn(tx ReadTxn, id types.NodeID, entMeta *structs.EnterpriseMeta) (*structs.Node, error) { +func getNodeIDTxn(tx ReadTxn, id types.NodeID, entMeta *acl.EnterpriseMeta) (*structs.Node, error) { node, err := tx.First(tableNodes, indexUUID+"_prefix", Query{ Value: string(id), EnterpriseMeta: *entMeta, @@ -445,7 +445,7 @@ func getNodeIDTxn(tx ReadTxn, id types.NodeID, entMeta *structs.EnterpriseMeta) } // GetNodeID is used to retrieve a node registration by node ID. -func (s *Store) GetNodeID(id types.NodeID, entMeta *structs.EnterpriseMeta) (uint64, *structs.Node, error) { +func (s *Store) GetNodeID(id types.NodeID, entMeta *acl.EnterpriseMeta) (uint64, *structs.Node, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -463,7 +463,7 @@ func (s *Store) GetNodeID(id types.NodeID, entMeta *structs.EnterpriseMeta) (uin } // Nodes is used to return all of the known nodes. -func (s *Store) Nodes(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Nodes, error) { +func (s *Store) Nodes(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Nodes, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -491,7 +491,7 @@ func (s *Store) Nodes(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint6 } // NodesByMeta is used to return all nodes with the given metadata key/value pairs. -func (s *Store) NodesByMeta(ws memdb.WatchSet, filters map[string]string, entMeta *structs.EnterpriseMeta) (uint64, structs.Nodes, error) { +func (s *Store) NodesByMeta(ws memdb.WatchSet, filters map[string]string, entMeta *acl.EnterpriseMeta) (uint64, structs.Nodes, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -537,7 +537,7 @@ func (s *Store) NodesByMeta(ws memdb.WatchSet, filters map[string]string, entMet } // DeleteNode is used to delete a given node by its ID. -func (s *Store) DeleteNode(idx uint64, nodeName string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) DeleteNode(idx uint64, nodeName string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -557,7 +557,7 @@ func (s *Store) DeleteNode(idx uint64, nodeName string, entMeta *structs.Enterpr // deleteNodeCASTxn is used to try doing a node delete operation with a given // raft index. If the CAS index specified is not equal to the last observed index for // the given check, then the call is a noop, otherwise a normal check delete is invoked. -func (s *Store) deleteNodeCASTxn(tx WriteTxn, idx, cidx uint64, nodeName string, entMeta *structs.EnterpriseMeta) (bool, error) { +func (s *Store) deleteNodeCASTxn(tx WriteTxn, idx, cidx uint64, nodeName string, entMeta *acl.EnterpriseMeta) (bool, error) { // Look up the node. node, err := getNodeTxn(tx, nodeName, entMeta) if err != nil { @@ -584,7 +584,7 @@ func (s *Store) deleteNodeCASTxn(tx WriteTxn, idx, cidx uint64, nodeName string, // deleteNodeTxn is the inner method used for removing a node from // the store within a given transaction. -func (s *Store) deleteNodeTxn(tx WriteTxn, idx uint64, nodeName string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) deleteNodeTxn(tx WriteTxn, idx uint64, nodeName string, entMeta *acl.EnterpriseMeta) error { // TODO: accept non-pointer value if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -978,7 +978,7 @@ func terminatingGatewayVirtualIPsSupported(tx ReadTxn, ws memdb.WatchSet) (bool, } // Services returns all services along with a list of associated tags. -func (s *Store) Services(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Services, error) { +func (s *Store) Services(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Services, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1018,14 +1018,14 @@ func (s *Store) Services(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (ui return idx, results, nil } -func (s *Store) ServiceList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceList, error) { +func (s *Store) ServiceList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceList, error) { tx := s.db.Txn(false) defer tx.Abort() return serviceListTxn(tx, ws, entMeta) } -func serviceListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceList, error) { +func serviceListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceList, error) { idx := catalogServicesMaxIndex(tx, entMeta) services, err := tx.Get(tableServices, indexID+"_prefix", entMeta) @@ -1049,7 +1049,7 @@ func serviceListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.EnterpriseMe } // ServicesByNodeMeta returns all services, filtered by the given node metadata. -func (s *Store) ServicesByNodeMeta(ws memdb.WatchSet, filters map[string]string, entMeta *structs.EnterpriseMeta) (uint64, structs.Services, error) { +func (s *Store) ServicesByNodeMeta(ws memdb.WatchSet, filters map[string]string, entMeta *acl.EnterpriseMeta) (uint64, structs.Services, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1144,7 +1144,7 @@ func (s *Store) ServicesByNodeMeta(ws memdb.WatchSet, filters map[string]string, // * return when the last instance of a service is removed // * block until an instance for this service is available, or another // service is unregistered. -func maxIndexForService(tx ReadTxn, serviceName string, serviceExists, checks bool, entMeta *structs.EnterpriseMeta) uint64 { +func maxIndexForService(tx ReadTxn, serviceName string, serviceExists, checks bool, entMeta *acl.EnterpriseMeta) uint64 { idx, _ := maxIndexAndWatchChForService(tx, serviceName, serviceExists, checks, entMeta) return idx } @@ -1163,7 +1163,7 @@ func maxIndexForService(tx ReadTxn, serviceName string, serviceExists, checks bo // returned for the chan. This allows for blocking watchers to _only_ watch this // one chan in the common case, falling back to watching all touched MemDB // indexes in more complicated cases. -func maxIndexAndWatchChForService(tx ReadTxn, serviceName string, serviceExists, checks bool, entMeta *structs.EnterpriseMeta) (uint64, <-chan struct{}) { +func maxIndexAndWatchChForService(tx ReadTxn, serviceName string, serviceExists, checks bool, entMeta *acl.EnterpriseMeta) (uint64, <-chan struct{}) { if !serviceExists { res, err := catalogServiceLastExtinctionIndex(tx, entMeta) if missingIdx, ok := res.(*IndexEntry); ok && err == nil { @@ -1207,7 +1207,7 @@ func maxIndexAndWatchChsForServiceNodes(tx ReadTxn, // ConnectServiceNodes returns the nodes associated with a Connect // compatible destination for the given service name. This will include // both proxies and native integrations. -func (s *Store) ConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { +func (s *Store) ConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { tx := s.db.ReadTxn() defer tx.Abort() @@ -1220,7 +1220,7 @@ func (s *Store) ConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMe } // ServiceNodes returns the nodes associated with a given service name. -func (s *Store) ServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { +func (s *Store) ServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { tx := s.db.ReadTxn() defer tx.Abort() @@ -1294,7 +1294,7 @@ func serviceNodesTxn(tx ReadTxn, ws memdb.WatchSet, index string, q Query) (uint // ServiceTagNodes returns the nodes associated with a given service, filtering // out services that don't contain the given tags. -func (s *Store) ServiceTagNodes(ws memdb.WatchSet, service string, tags []string, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { +func (s *Store) ServiceTagNodes(ws memdb.WatchSet, service string, tags []string, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1364,7 +1364,7 @@ func serviceTagsFilter(sn *structs.ServiceNode, tags []string) bool { // ServiceAddressNodes returns the nodes associated with a given service, filtering // out services that don't match the given serviceAddress -func (s *Store) ServiceAddressNodes(ws memdb.WatchSet, address string, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { +func (s *Store) ServiceAddressNodes(ws memdb.WatchSet, address string, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1401,7 +1401,7 @@ func (s *Store) ServiceAddressNodes(ws memdb.WatchSet, address string, entMeta * // parseServiceNodes iterates over a services query and fills in the node details, // returning a ServiceNodes slice. -func parseServiceNodes(tx ReadTxn, ws memdb.WatchSet, services structs.ServiceNodes, entMeta *structs.EnterpriseMeta) (structs.ServiceNodes, error) { +func parseServiceNodes(tx ReadTxn, ws memdb.WatchSet, services structs.ServiceNodes, entMeta *acl.EnterpriseMeta) (structs.ServiceNodes, error) { // We don't want to track an unlimited number of nodes, so we pull a // top-level watch to use as a fallback. allNodes, err := tx.Get(tableNodes, indexID+"_prefix", entMeta) @@ -1446,7 +1446,7 @@ func parseServiceNodes(tx ReadTxn, ws memdb.WatchSet, services structs.ServiceNo // NodeService is used to retrieve a specific service associated with the given // node. -func (s *Store) NodeService(nodeName string, serviceID string, entMeta *structs.EnterpriseMeta) (uint64, *structs.NodeService, error) { +func (s *Store) NodeService(nodeName string, serviceID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.NodeService, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1462,7 +1462,7 @@ func (s *Store) NodeService(nodeName string, serviceID string, entMeta *structs. return idx, service, nil } -func getNodeServiceTxn(tx ReadTxn, nodeName, serviceID string, entMeta *structs.EnterpriseMeta) (*structs.NodeService, error) { +func getNodeServiceTxn(tx ReadTxn, nodeName, serviceID string, entMeta *acl.EnterpriseMeta) (*structs.NodeService, error) { // TODO: pass non-pointer type for ent meta if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -1485,7 +1485,7 @@ func getNodeServiceTxn(tx ReadTxn, nodeName, serviceID string, entMeta *structs. return nil, nil } -func (s *Store) nodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *structs.EnterpriseMeta, allowWildcard bool) (bool, uint64, *structs.Node, memdb.ResultIterator, error) { +func (s *Store) nodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *acl.EnterpriseMeta, allowWildcard bool) (bool, uint64, *structs.Node, memdb.ResultIterator, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1555,7 +1555,7 @@ func (s *Store) nodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *st } // NodeServices is used to query service registrations by node name or UUID. -func (s *Store) NodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *structs.EnterpriseMeta) (uint64, *structs.NodeServices, error) { +func (s *Store) NodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.NodeServices, error) { done, idx, node, services, err := s.nodeServices(ws, nodeNameOrID, entMeta, false) if done || err != nil { return idx, nil, err @@ -1579,7 +1579,7 @@ func (s *Store) NodeServices(ws memdb.WatchSet, nodeNameOrID string, entMeta *st } // NodeServices is used to query service registrations by node name or UUID. -func (s *Store) NodeServiceList(ws memdb.WatchSet, nodeNameOrID string, entMeta *structs.EnterpriseMeta) (uint64, *structs.NodeServiceList, error) { +func (s *Store) NodeServiceList(ws memdb.WatchSet, nodeNameOrID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.NodeServiceList, error) { done, idx, node, services, err := s.nodeServices(ws, nodeNameOrID, entMeta, true) if done || err != nil { return idx, nil, err @@ -1606,7 +1606,7 @@ func (s *Store) NodeServiceList(ws memdb.WatchSet, nodeNameOrID string, entMeta } // DeleteService is used to delete a given service associated with a node. -func (s *Store) DeleteService(idx uint64, nodeName, serviceID string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) DeleteService(idx uint64, nodeName, serviceID string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -1621,7 +1621,7 @@ func (s *Store) DeleteService(idx uint64, nodeName, serviceID string, entMeta *s // deleteServiceCASTxn is used to try doing a service delete operation with a given // raft index. If the CAS index specified is not equal to the last observed index for // the given service, then the call is a noop, otherwise a normal delete is invoked. -func (s *Store) deleteServiceCASTxn(tx WriteTxn, idx, cidx uint64, nodeName, serviceID string, entMeta *structs.EnterpriseMeta) (bool, error) { +func (s *Store) deleteServiceCASTxn(tx WriteTxn, idx, cidx uint64, nodeName, serviceID string, entMeta *acl.EnterpriseMeta) (bool, error) { // Look up the service. service, err := getNodeServiceTxn(tx, nodeName, serviceID, entMeta) if err != nil { @@ -1648,7 +1648,7 @@ func (s *Store) deleteServiceCASTxn(tx WriteTxn, idx, cidx uint64, nodeName, ser // deleteServiceTxn is the inner method called to remove a service // registration within an existing transaction. -func (s *Store) deleteServiceTxn(tx WriteTxn, idx uint64, nodeName, serviceID string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) deleteServiceTxn(tx WriteTxn, idx uint64, nodeName, serviceID string, entMeta *acl.EnterpriseMeta) error { // TODO: pass non-pointer type for ent meta if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -1751,7 +1751,7 @@ func (s *Store) deleteServiceTxn(tx WriteTxn, idx uint64, nodeName, serviceID st // freeServiceVirtualIP is used to free a virtual IP for a service after the last instance // is removed. -func freeServiceVirtualIP(tx WriteTxn, svc string, excludeGateway *structs.ServiceName, entMeta *structs.EnterpriseMeta) error { +func freeServiceVirtualIP(tx WriteTxn, svc string, excludeGateway *structs.ServiceName, entMeta *acl.EnterpriseMeta) error { supported, err := virtualIPsSupported(tx, nil) if err != nil { return err @@ -1818,7 +1818,7 @@ func (s *Store) EnsureCheck(idx uint64, hc *structs.HealthCheck) error { } // updateAllServiceIndexesOfNode updates the Raft index of all the services associated with this node -func updateAllServiceIndexesOfNode(tx WriteTxn, idx uint64, nodeID string, entMeta *structs.EnterpriseMeta) error { +func updateAllServiceIndexesOfNode(tx WriteTxn, idx uint64, nodeID string, entMeta *acl.EnterpriseMeta) error { services, err := tx.Get(tableServices, indexNode, Query{ Value: nodeID, EnterpriseMeta: *entMeta.WithWildcardNamespace(), @@ -1977,7 +1977,7 @@ func (s *Store) ensureCheckTxn(tx WriteTxn, idx uint64, preserveIndexes bool, hc // NodeCheck is used to retrieve a specific check associated with the given // node. -func (s *Store) NodeCheck(nodeName string, checkID types.CheckID, entMeta *structs.EnterpriseMeta) (uint64, *structs.HealthCheck, error) { +func (s *Store) NodeCheck(nodeName string, checkID types.CheckID, entMeta *acl.EnterpriseMeta) (uint64, *structs.HealthCheck, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -1986,7 +1986,7 @@ func (s *Store) NodeCheck(nodeName string, checkID types.CheckID, entMeta *struc // nodeCheckTxn is used as the inner method to handle reading a health check // from the state store. -func getNodeCheckTxn(tx ReadTxn, nodeName string, checkID types.CheckID, entMeta *structs.EnterpriseMeta) (uint64, *structs.HealthCheck, error) { +func getNodeCheckTxn(tx ReadTxn, nodeName string, checkID types.CheckID, entMeta *acl.EnterpriseMeta) (uint64, *structs.HealthCheck, error) { // Get the table index. idx := catalogChecksMaxIndex(tx, entMeta) @@ -2009,7 +2009,7 @@ func getNodeCheckTxn(tx ReadTxn, nodeName string, checkID types.CheckID, entMeta // NodeChecks is used to retrieve checks associated with the // given node from the state store. -func (s *Store) NodeChecks(ws memdb.WatchSet, nodeName string, entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) { +func (s *Store) NodeChecks(ws memdb.WatchSet, nodeName string, entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2037,7 +2037,7 @@ func (s *Store) NodeChecks(ws memdb.WatchSet, nodeName string, entMeta *structs. // ServiceChecks is used to get all checks associated with a // given service ID. The query is performed against a service // _name_ instead of a service ID. -func (s *Store) ServiceChecks(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) { +func (s *Store) ServiceChecks(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2065,7 +2065,7 @@ func (s *Store) ServiceChecks(ws memdb.WatchSet, serviceName string, entMeta *st // given service ID, filtered by the given node metadata values. The query // is performed against a service _name_ instead of a service ID. func (s *Store) ServiceChecksByNodeMeta(ws memdb.WatchSet, serviceName string, - filters map[string]string, entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) { + filters map[string]string, entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2088,7 +2088,7 @@ func (s *Store) ServiceChecksByNodeMeta(ws memdb.WatchSet, serviceName string, // ChecksInState is used to query the state store for all checks // which are in the provided state. -func (s *Store) ChecksInState(ws memdb.WatchSet, state string, entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) { +func (s *Store) ChecksInState(ws memdb.WatchSet, state string, entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2106,7 +2106,7 @@ func (s *Store) ChecksInState(ws memdb.WatchSet, state string, entMeta *structs. // ChecksInStateByNodeMeta is used to query the state store for all checks // which are in the provided state, filtered by the given node metadata values. -func (s *Store) ChecksInStateByNodeMeta(ws memdb.WatchSet, state string, filters map[string]string, entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) { +func (s *Store) ChecksInStateByNodeMeta(ws memdb.WatchSet, state string, filters map[string]string, entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2118,7 +2118,7 @@ func (s *Store) ChecksInStateByNodeMeta(ws memdb.WatchSet, state string, filters return parseChecksByNodeMeta(tx, ws, idx, iter, filters, entMeta) } -func checksInStateTxn(tx ReadTxn, ws memdb.WatchSet, state string, entMeta *structs.EnterpriseMeta) (uint64, memdb.ResultIterator, error) { +func checksInStateTxn(tx ReadTxn, ws memdb.WatchSet, state string, entMeta *acl.EnterpriseMeta) (uint64, memdb.ResultIterator, error) { // Get the table index. idx := catalogChecksMaxIndex(tx, entMeta) @@ -2147,7 +2147,7 @@ func checksInStateTxn(tx ReadTxn, ws memdb.WatchSet, state string, entMeta *stru // repetitive code for returning health checks filtered by node metadata fields. func parseChecksByNodeMeta(tx ReadTxn, ws memdb.WatchSet, idx uint64, iter memdb.ResultIterator, filters map[string]string, - entMeta *structs.EnterpriseMeta) (uint64, structs.HealthChecks, error) { + entMeta *acl.EnterpriseMeta) (uint64, structs.HealthChecks, error) { // We don't want to track an unlimited number of nodes, so we pull a // top-level watch to use as a fallback. @@ -2183,7 +2183,7 @@ func parseChecksByNodeMeta(tx ReadTxn, ws memdb.WatchSet, } // DeleteCheck is used to delete a health check registration. -func (s *Store) DeleteCheck(idx uint64, node string, checkID types.CheckID, entMeta *structs.EnterpriseMeta) error { +func (s *Store) DeleteCheck(idx uint64, node string, checkID types.CheckID, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -2198,7 +2198,7 @@ func (s *Store) DeleteCheck(idx uint64, node string, checkID types.CheckID, entM // deleteCheckCASTxn is used to try doing a check delete operation with a given // raft index. If the CAS index specified is not equal to the last observed index for // the given check, then the call is a noop, otherwise a normal check delete is invoked. -func (s *Store) deleteCheckCASTxn(tx WriteTxn, idx, cidx uint64, node string, checkID types.CheckID, entMeta *structs.EnterpriseMeta) (bool, error) { +func (s *Store) deleteCheckCASTxn(tx WriteTxn, idx, cidx uint64, node string, checkID types.CheckID, entMeta *acl.EnterpriseMeta) (bool, error) { // Try to retrieve the existing health check. _, hc, err := getNodeCheckTxn(tx, node, checkID, entMeta) if err != nil { @@ -2227,7 +2227,7 @@ func (s *Store) deleteCheckCASTxn(tx WriteTxn, idx, cidx uint64, node string, ch type NodeServiceQuery struct { Node string Service string - structs.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer @@ -2244,7 +2244,7 @@ func (q NodeServiceQuery) PartitionOrDefault() string { // deleteCheckTxn is the inner method used to call a health // check deletion within an existing transaction. -func (s *Store) deleteCheckTxn(tx WriteTxn, idx uint64, node string, checkID types.CheckID, entMeta *structs.EnterpriseMeta) error { +func (s *Store) deleteCheckTxn(tx WriteTxn, idx uint64, node string, checkID types.CheckID, entMeta *acl.EnterpriseMeta) error { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() } @@ -2337,19 +2337,19 @@ func (s *Store) CombinedCheckServiceNodes(ws memdb.WatchSet, service structs.Ser } // CheckServiceNodes is used to query all nodes and checks for a given service. -func (s *Store) CheckServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func (s *Store) CheckServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { return s.checkServiceNodes(ws, serviceName, false, entMeta) } // CheckConnectServiceNodes is used to query all nodes and checks for Connect // compatible endpoints for a given service. -func (s *Store) CheckConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func (s *Store) CheckConnectServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { return s.checkServiceNodes(ws, serviceName, true, entMeta) } // CheckIngressServiceNodes is used to query all nodes and checks for ingress // endpoints for a given service. -func (s *Store) CheckIngressServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func (s *Store) CheckIngressServiceNodes(ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2385,14 +2385,14 @@ func (s *Store) CheckIngressServiceNodes(ws memdb.WatchSet, serviceName string, return maxIdx, results, nil } -func (s *Store) checkServiceNodes(ws memdb.WatchSet, serviceName string, connect bool, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func (s *Store) checkServiceNodes(ws memdb.WatchSet, serviceName string, connect bool, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { tx := s.db.Txn(false) defer tx.Abort() return checkServiceNodesTxn(tx, ws, serviceName, connect, entMeta) } -func checkServiceNodesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, connect bool, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func checkServiceNodesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, connect bool, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { index := indexService if connect { index = indexConnect @@ -2526,7 +2526,7 @@ func checkServiceNodesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, con // CheckServiceTagNodes is used to query all nodes and checks for a given // service, filtering out services that don't contain the given tag. -func (s *Store) CheckServiceTagNodes(ws memdb.WatchSet, serviceName string, tags []string, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func (s *Store) CheckServiceTagNodes(ws memdb.WatchSet, serviceName string, tags []string, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2559,7 +2559,7 @@ func (s *Store) CheckServiceTagNodes(ws memdb.WatchSet, serviceName string, tags } // GatewayServices is used to query all services associated with a gateway -func (s *Store) GatewayServices(ws memdb.WatchSet, gateway string, entMeta *structs.EnterpriseMeta) (uint64, structs.GatewayServices, error) { +func (s *Store) GatewayServices(ws memdb.WatchSet, gateway string, entMeta *acl.EnterpriseMeta) (uint64, structs.GatewayServices, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2631,7 +2631,7 @@ func serviceNamesOfKindTxn(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKi func parseCheckServiceNodes( tx ReadTxn, ws memdb.WatchSet, idx uint64, services structs.ServiceNodes, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, err error) (uint64, structs.CheckServiceNodes, error) { if err != nil { return 0, nil, err @@ -2722,7 +2722,7 @@ func parseCheckServiceNodes( // NodeInfo is used to generate a dump of a single node. The dump includes // all services and checks which are registered against the node. -func (s *Store) NodeInfo(ws memdb.WatchSet, node string, entMeta *structs.EnterpriseMeta) (uint64, structs.NodeDump, error) { +func (s *Store) NodeInfo(ws memdb.WatchSet, node string, entMeta *acl.EnterpriseMeta) (uint64, structs.NodeDump, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2748,7 +2748,7 @@ func (s *Store) NodeInfo(ws memdb.WatchSet, node string, entMeta *structs.Enterp // NodeDump is used to generate a dump of all nodes. This call is expensive // as it has to query every node, service, and check. The response can also // be quite large since there is currently no filtering applied. -func (s *Store) NodeDump(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.NodeDump, error) { +func (s *Store) NodeDump(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.NodeDump, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2764,7 +2764,7 @@ func (s *Store) NodeDump(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (ui return parseNodes(tx, ws, idx, nodes, entMeta) } -func (s *Store) ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind bool, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func (s *Store) ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind bool, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -2775,7 +2775,7 @@ func (s *Store) ServiceDump(ws memdb.WatchSet, kind structs.ServiceKind, useKind } } -func serviceDumpAllTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func serviceDumpAllTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { // Get the table index idx := catalogMaxIndexWatch(tx, ws, entMeta, true) @@ -2793,7 +2793,7 @@ func serviceDumpAllTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.Enterpris return parseCheckServiceNodes(tx, nil, idx, results, entMeta, err) } -func serviceDumpKindTxn(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKind, entMeta *structs.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { +func serviceDumpKindTxn(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKind, entMeta *acl.EnterpriseMeta) (uint64, structs.CheckServiceNodes, error) { // unlike when we are dumping all services here we only need to watch the kind specific index entry for changing (or nodes, checks) // updating any services, nodes or checks will bump the appropriate service kind index so there is no need to watch any of the individual // entries @@ -2821,7 +2821,7 @@ func serviceDumpKindTxn(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKind, // containing the nodes along with all of their associated services // and/or health checks. func parseNodes(tx ReadTxn, ws memdb.WatchSet, idx uint64, - iter memdb.ResultIterator, entMeta *structs.EnterpriseMeta) (uint64, structs.NodeDump, error) { + iter memdb.ResultIterator, entMeta *acl.EnterpriseMeta) (uint64, structs.NodeDump, error) { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -2900,7 +2900,7 @@ func checkSessionsTxn(tx ReadTxn, hc *structs.HealthCheck) ([]*sessionCheck, err } // updateGatewayServices associates services with gateways as specified in a gateway config entry -func updateGatewayServices(tx WriteTxn, idx uint64, conf structs.ConfigEntry, entMeta *structs.EnterpriseMeta) error { +func updateGatewayServices(tx WriteTxn, idx uint64, conf structs.ConfigEntry, entMeta *acl.EnterpriseMeta) error { var ( noChange bool gatewayServices structs.GatewayServices @@ -2970,7 +2970,7 @@ func updateGatewayServices(tx WriteTxn, idx uint64, conf structs.ConfigEntry, en return nil } -func getTermGatewayVirtualIPs(tx WriteTxn, services []structs.LinkedService, entMeta *structs.EnterpriseMeta) (map[string]structs.ServiceAddress, error) { +func getTermGatewayVirtualIPs(tx WriteTxn, services []structs.LinkedService, entMeta *acl.EnterpriseMeta) (map[string]structs.ServiceAddress, error) { addrs := make(map[string]structs.ServiceAddress, len(services)) for _, s := range services { sn := structs.ServiceName{Name: s.Name, EnterpriseMeta: *entMeta} @@ -2985,7 +2985,7 @@ func getTermGatewayVirtualIPs(tx WriteTxn, services []structs.LinkedService, ent return addrs, nil } -func updateTerminatingGatewayVirtualIPs(tx WriteTxn, idx uint64, conf *structs.TerminatingGatewayConfigEntry, entMeta *structs.EnterpriseMeta) error { +func updateTerminatingGatewayVirtualIPs(tx WriteTxn, idx uint64, conf *structs.TerminatingGatewayConfigEntry, entMeta *acl.EnterpriseMeta) error { // Build the current map of services with virtual IPs for this gateway services := conf.Services addrs, err := getTermGatewayVirtualIPs(tx, services, entMeta) @@ -3067,7 +3067,7 @@ func ingressConfigGatewayServices( tx ReadTxn, gateway structs.ServiceName, conf structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (bool, structs.GatewayServices, error) { entry, ok := conf.(*structs.IngressGatewayConfigEntry) if !ok { @@ -3112,7 +3112,7 @@ func terminatingConfigGatewayServices( tx ReadTxn, gateway structs.ServiceName, conf structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (bool, structs.GatewayServices, error) { entry, ok := conf.(*structs.TerminatingGatewayConfigEntry) if !ok { @@ -3149,7 +3149,7 @@ func terminatingConfigGatewayServices( } // updateGatewayNamespace is used to target all services within a namespace -func updateGatewayNamespace(tx WriteTxn, idx uint64, service *structs.GatewayService, entMeta *structs.EnterpriseMeta) error { +func updateGatewayNamespace(tx WriteTxn, idx uint64, service *structs.GatewayService, entMeta *acl.EnterpriseMeta) error { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() } @@ -3343,7 +3343,7 @@ func (s *Store) collectGatewayServices(tx ReadTxn, ws memdb.WatchSet, iter memdb // TODO(ingress): How to handle index rolling back when a config entry is // deleted that references a service? // We might need something like the service_last_extinction index? -func serviceGatewayNodes(tx ReadTxn, ws memdb.WatchSet, service string, kind structs.ServiceKind, entMeta *structs.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { +func serviceGatewayNodes(tx ReadTxn, ws memdb.WatchSet, service string, kind structs.ServiceKind, entMeta *acl.EnterpriseMeta) (uint64, structs.ServiceNodes, error) { // Look up gateway name associated with the service gws, err := tx.Get(tableGatewayServices, indexService, structs.NewServiceName(service, entMeta)) if err != nil { @@ -3448,7 +3448,7 @@ func (s *Store) ServiceTopology( dc, service string, kind structs.ServiceKind, defaultAllow acl.EnforcementDecision, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *structs.ServiceTopology, error) { tx := s.db.ReadTxn() defer tx.Abort() @@ -3883,7 +3883,7 @@ func updateMeshTopology(tx WriteTxn, idx uint64, node string, svc *structs.NodeS oldUpstreams := make(map[structs.ServiceName]bool) if e, ok := existing.(*structs.ServiceNode); ok { for _, u := range e.ServiceProxy.Upstreams { - upstreamMeta := structs.NewEnterpriseMetaWithPartition(e.PartitionOrDefault(), u.DestinationNamespace) + upstreamMeta := acl.NewEnterpriseMetaWithPartition(e.PartitionOrDefault(), u.DestinationNamespace) sn := structs.NewServiceName(u.DestinationName, &upstreamMeta) oldUpstreams[sn] = true @@ -3899,7 +3899,7 @@ func updateMeshTopology(tx WriteTxn, idx uint64, node string, svc *structs.NodeS } // TODO (freddy): Account for upstream datacenter - upstreamMeta := structs.NewEnterpriseMetaWithPartition(svc.PartitionOrDefault(), u.DestinationNamespace) + upstreamMeta := acl.NewEnterpriseMetaWithPartition(svc.PartitionOrDefault(), u.DestinationNamespace) upstream := structs.NewServiceName(u.DestinationName, &upstreamMeta) obj, err := tx.First(tableMeshTopology, indexID, upstream, downstream) diff --git a/agent/consul/state/catalog_events.go b/agent/consul/state/catalog_events.go index eaca440a8e..91e1bf361c 100644 --- a/agent/consul/state/catalog_events.go +++ b/agent/consul/state/catalog_events.go @@ -16,7 +16,7 @@ import ( // a specific service. type EventSubjectService struct { Key string - EnterpriseMeta structs.EnterpriseMeta + EnterpriseMeta acl.EnterpriseMeta overrideKey string overrideNamespace string @@ -128,7 +128,7 @@ func serviceHealthSnapshot(db ReadDB, topic stream.Topic) stream.SnapshotFunc { type nodeServiceTuple struct { Node string ServiceID string - EntMeta structs.EnterpriseMeta + EntMeta acl.EnterpriseMeta } func newNodeServiceTupleFromServiceNode(sn *structs.ServiceNode) nodeServiceTuple { @@ -553,7 +553,7 @@ func getPayloadCheckServiceNode(payload stream.Payload) *structs.CheckServiceNod // given node. This mirrors some of the the logic in the oddly-named // parseCheckServiceNodes but is more efficient since we know they are all on // the same node. -func newServiceHealthEventsForNode(tx ReadTxn, idx uint64, node string, entMeta *structs.EnterpriseMeta) ([]stream.Event, error) { +func newServiceHealthEventsForNode(tx ReadTxn, idx uint64, node string, entMeta *acl.EnterpriseMeta) ([]stream.Event, error) { services, err := tx.Get(tableServices, indexNode, Query{ Value: node, EnterpriseMeta: *entMeta, @@ -580,7 +580,7 @@ func newServiceHealthEventsForNode(tx ReadTxn, idx uint64, node string, entMeta // getNodeAndNodeChecks returns a the node structure and a function that returns // the full list of checks for a specific service on that node. -func getNodeAndChecks(tx ReadTxn, node string, entMeta *structs.EnterpriseMeta) (*structs.Node, serviceChecksFunc, error) { +func getNodeAndChecks(tx ReadTxn, node string, entMeta *acl.EnterpriseMeta) (*structs.Node, serviceChecksFunc, error) { // Fetch the node nodeRaw, err := tx.First(tableNodes, indexID, Query{ Value: node, diff --git a/agent/consul/state/catalog_oss.go b/agent/consul/state/catalog_oss.go index f2902ca719..8a30d45892 100644 --- a/agent/consul/state/catalog_oss.go +++ b/agent/consul/state/catalog_oss.go @@ -9,20 +9,21 @@ import ( memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) func withEnterpriseSchema(_ *memdb.DBSchema) {} -func serviceIndexName(name string, _ *structs.EnterpriseMeta) string { +func serviceIndexName(name string, _ *acl.EnterpriseMeta) string { return fmt.Sprintf("service.%s", name) } -func serviceKindIndexName(kind structs.ServiceKind, _ *structs.EnterpriseMeta) string { +func serviceKindIndexName(kind structs.ServiceKind, _ *acl.EnterpriseMeta) string { return "service_kind." + kind.Normalized() } -func catalogUpdateNodesIndexes(tx WriteTxn, idx uint64, entMeta *structs.EnterpriseMeta) error { +func catalogUpdateNodesIndexes(tx WriteTxn, idx uint64, entMeta *acl.EnterpriseMeta) error { // overall nodes index if err := indexUpdateMaxTxn(tx, idx, tableNodes); err != nil { return fmt.Errorf("failed updating index: %s", err) @@ -31,7 +32,7 @@ func catalogUpdateNodesIndexes(tx WriteTxn, idx uint64, entMeta *structs.Enterpr return nil } -func catalogUpdateServicesIndexes(tx WriteTxn, idx uint64, _ *structs.EnterpriseMeta) error { +func catalogUpdateServicesIndexes(tx WriteTxn, idx uint64, _ *acl.EnterpriseMeta) error { // overall services index if err := indexUpdateMaxTxn(tx, idx, tableServices); err != nil { return fmt.Errorf("failed updating index: %s", err) @@ -40,7 +41,7 @@ func catalogUpdateServicesIndexes(tx WriteTxn, idx uint64, _ *structs.Enterprise return nil } -func catalogUpdateServiceKindIndexes(tx WriteTxn, kind structs.ServiceKind, idx uint64, _ *structs.EnterpriseMeta) error { +func catalogUpdateServiceKindIndexes(tx WriteTxn, kind structs.ServiceKind, idx uint64, _ *acl.EnterpriseMeta) error { // service-kind index if err := indexUpdateMaxTxn(tx, idx, serviceKindIndexName(kind, nil)); err != nil { return fmt.Errorf("failed updating index: %s", err) @@ -49,7 +50,7 @@ func catalogUpdateServiceKindIndexes(tx WriteTxn, kind structs.ServiceKind, idx return nil } -func catalogUpdateServiceIndexes(tx WriteTxn, serviceName string, idx uint64, _ *structs.EnterpriseMeta) error { +func catalogUpdateServiceIndexes(tx WriteTxn, serviceName string, idx uint64, _ *acl.EnterpriseMeta) error { // per-service index if err := indexUpdateMaxTxn(tx, idx, serviceIndexName(serviceName, nil)); err != nil { return fmt.Errorf("failed updating index: %s", err) @@ -58,7 +59,7 @@ func catalogUpdateServiceIndexes(tx WriteTxn, serviceName string, idx uint64, _ return nil } -func catalogUpdateServiceExtinctionIndex(tx WriteTxn, idx uint64, _ *structs.EnterpriseMeta) error { +func catalogUpdateServiceExtinctionIndex(tx WriteTxn, idx uint64, _ *acl.EnterpriseMeta) error { if err := tx.Insert(tableIndex, &IndexEntry{indexServiceExtinction, idx}); err != nil { return fmt.Errorf("failed updating missing service extinction index: %s", err) } @@ -109,49 +110,49 @@ func catalogInsertService(tx WriteTxn, svc *structs.ServiceNode) error { return nil } -func catalogNodesMaxIndex(tx ReadTxn, entMeta *structs.EnterpriseMeta) uint64 { +func catalogNodesMaxIndex(tx ReadTxn, entMeta *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableNodes) } -func catalogServicesMaxIndex(tx ReadTxn, _ *structs.EnterpriseMeta) uint64 { +func catalogServicesMaxIndex(tx ReadTxn, _ *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableServices) } -func catalogServiceMaxIndex(tx ReadTxn, serviceName string, _ *structs.EnterpriseMeta) (<-chan struct{}, interface{}, error) { +func catalogServiceMaxIndex(tx ReadTxn, serviceName string, _ *acl.EnterpriseMeta) (<-chan struct{}, interface{}, error) { return tx.FirstWatch(tableIndex, "id", serviceIndexName(serviceName, nil)) } -func catalogServiceKindMaxIndex(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKind, entMeta *structs.EnterpriseMeta) uint64 { +func catalogServiceKindMaxIndex(tx ReadTxn, ws memdb.WatchSet, kind structs.ServiceKind, entMeta *acl.EnterpriseMeta) uint64 { return maxIndexWatchTxn(tx, ws, serviceKindIndexName(kind, nil)) } -func catalogServiceListNoWildcard(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func catalogServiceListNoWildcard(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableServices, indexID) } -func catalogServiceListByNode(tx ReadTxn, node string, _ *structs.EnterpriseMeta, _ bool) (memdb.ResultIterator, error) { +func catalogServiceListByNode(tx ReadTxn, node string, _ *acl.EnterpriseMeta, _ bool) (memdb.ResultIterator, error) { return tx.Get(tableServices, indexNode, Query{Value: node}) } -func catalogServiceLastExtinctionIndex(tx ReadTxn, _ *structs.EnterpriseMeta) (interface{}, error) { +func catalogServiceLastExtinctionIndex(tx ReadTxn, _ *acl.EnterpriseMeta) (interface{}, error) { return tx.First(tableIndex, "id", indexServiceExtinction) } -func catalogMaxIndex(tx ReadTxn, _ *structs.EnterpriseMeta, checks bool) uint64 { +func catalogMaxIndex(tx ReadTxn, _ *acl.EnterpriseMeta, checks bool) uint64 { if checks { return maxIndexTxn(tx, tableNodes, tableServices, tableChecks) } return maxIndexTxn(tx, tableNodes, tableServices) } -func catalogMaxIndexWatch(tx ReadTxn, ws memdb.WatchSet, _ *structs.EnterpriseMeta, checks bool) uint64 { +func catalogMaxIndexWatch(tx ReadTxn, ws memdb.WatchSet, _ *acl.EnterpriseMeta, checks bool) uint64 { if checks { return maxIndexWatchTxn(tx, ws, tableNodes, tableServices, tableChecks) } return maxIndexWatchTxn(tx, ws, tableNodes, tableServices) } -func catalogUpdateCheckIndexes(tx WriteTxn, idx uint64, _ *structs.EnterpriseMeta) error { +func catalogUpdateCheckIndexes(tx WriteTxn, idx uint64, _ *acl.EnterpriseMeta) error { // update the universal index entry if err := tx.Insert(tableIndex, &IndexEntry{tableChecks, idx}); err != nil { return fmt.Errorf("failed updating index: %s", err) @@ -159,7 +160,7 @@ func catalogUpdateCheckIndexes(tx WriteTxn, idx uint64, _ *structs.EnterpriseMet return nil } -func catalogChecksMaxIndex(tx ReadTxn, _ *structs.EnterpriseMeta) uint64 { +func catalogChecksMaxIndex(tx ReadTxn, _ *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableChecks) } @@ -180,11 +181,11 @@ func catalogInsertCheck(tx WriteTxn, chk *structs.HealthCheck, idx uint64) error return nil } -func validateRegisterRequestTxn(_ ReadTxn, _ *structs.RegisterRequest, _ bool) (*structs.EnterpriseMeta, error) { +func validateRegisterRequestTxn(_ ReadTxn, _ *structs.RegisterRequest, _ bool) (*acl.EnterpriseMeta, error) { return nil, nil } -func (s *Store) ValidateRegisterRequest(_ *structs.RegisterRequest) (*structs.EnterpriseMeta, error) { +func (s *Store) ValidateRegisterRequest(_ *structs.RegisterRequest) (*acl.EnterpriseMeta, error) { return nil, nil } diff --git a/agent/consul/state/catalog_oss_test.go b/agent/consul/state/catalog_oss_test.go index 5811416b15..9edaff833b 100644 --- a/agent/consul/state/catalog_oss_test.go +++ b/agent/consul/state/catalog_oss_test.go @@ -6,6 +6,7 @@ package state import ( "net" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/types" ) @@ -33,7 +34,7 @@ func testIndexerTableChecks() map[string]indexerTestCase { }, prefix: []indexValue{ { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { @@ -193,11 +194,11 @@ func testIndexerTableNodes() map[string]indexerTestCase { }, prefix: []indexValue{ { - source: (*structs.EnterpriseMeta)(nil), + source: (*acl.EnterpriseMeta)(nil), expected: nil, }, { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { @@ -220,11 +221,11 @@ func testIndexerTableNodes() map[string]indexerTestCase { }, prefix: []indexValue{ { - source: (*structs.EnterpriseMeta)(nil), + source: (*acl.EnterpriseMeta)(nil), expected: nil, }, { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { // partial length @@ -286,11 +287,11 @@ func testIndexerTableServices() map[string]indexerTestCase { }, prefix: []indexValue{ { - source: (*structs.EnterpriseMeta)(nil), + source: (*acl.EnterpriseMeta)(nil), expected: nil, }, { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { diff --git a/agent/consul/state/catalog_schema.go b/agent/consul/state/catalog_schema.go index 9d0b447dc0..b2d0907dc8 100644 --- a/agent/consul/state/catalog_schema.go +++ b/agent/consul/state/catalog_schema.go @@ -8,6 +8,7 @@ import ( "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -589,7 +590,7 @@ type upstreamDownstream struct { type NodeCheckQuery struct { Node string CheckID string - structs.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer @@ -709,7 +710,7 @@ func kindServiceNameTableSchema() *memdb.TableSchema { type KindServiceNameQuery struct { Kind structs.ServiceKind Name string - structs.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer diff --git a/agent/consul/state/config_entry.go b/agent/consul/state/config_entry.go index 507388283d..1ae05bc11a 100644 --- a/agent/consul/state/config_entry.go +++ b/agent/consul/state/config_entry.go @@ -6,6 +6,7 @@ import ( memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/configentry" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/discoverychain" @@ -95,13 +96,13 @@ func (s *Restore) ConfigEntry(c structs.ConfigEntry) error { } // ConfigEntry is called to get a given config entry. -func (s *Store) ConfigEntry(ws memdb.WatchSet, kind, name string, entMeta *structs.EnterpriseMeta) (uint64, structs.ConfigEntry, error) { +func (s *Store) ConfigEntry(ws memdb.WatchSet, kind, name string, entMeta *acl.EnterpriseMeta) (uint64, structs.ConfigEntry, error) { tx := s.db.Txn(false) defer tx.Abort() return configEntryTxn(tx, ws, kind, name, entMeta) } -func configEntryTxn(tx ReadTxn, ws memdb.WatchSet, kind, name string, entMeta *structs.EnterpriseMeta) (uint64, structs.ConfigEntry, error) { +func configEntryTxn(tx ReadTxn, ws memdb.WatchSet, kind, name string, entMeta *acl.EnterpriseMeta) (uint64, structs.ConfigEntry, error) { // Get the index idx := maxIndexTxn(tx, tableConfigEntries) @@ -124,19 +125,19 @@ func configEntryTxn(tx ReadTxn, ws memdb.WatchSet, kind, name string, entMeta *s } // ConfigEntries is called to get all config entry objects. -func (s *Store) ConfigEntries(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) { +func (s *Store) ConfigEntries(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) { return s.ConfigEntriesByKind(ws, "", entMeta) } // ConfigEntriesByKind is called to get all config entry objects with the given kind. // If kind is empty, all config entries will be returned. -func (s *Store) ConfigEntriesByKind(ws memdb.WatchSet, kind string, entMeta *structs.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) { +func (s *Store) ConfigEntriesByKind(ws memdb.WatchSet, kind string, entMeta *acl.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) { tx := s.db.Txn(false) defer tx.Abort() return configEntriesByKindTxn(tx, ws, kind, entMeta) } -func configEntriesByKindTxn(tx ReadTxn, ws memdb.WatchSet, kind string, entMeta *structs.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) { +func configEntriesByKindTxn(tx ReadTxn, ws memdb.WatchSet, kind string, entMeta *acl.EnterpriseMeta) (uint64, []structs.ConfigEntry, error) { // Get the index and watch for updates idx := maxIndexWatchTxn(tx, ws, tableConfigEntries) @@ -278,7 +279,7 @@ func (s *Store) DeleteConfigEntryCAS(idx, cidx uint64, conf structs.ConfigEntry) return err == nil, err } -func (s *Store) DeleteConfigEntry(idx uint64, kind, name string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) DeleteConfigEntry(idx uint64, kind, name string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -290,7 +291,7 @@ func (s *Store) DeleteConfigEntry(idx uint64, kind, name string, entMeta *struct } // TODO: accept structs.ConfigEntry instead of individual fields -func deleteConfigEntryTxn(tx WriteTxn, idx uint64, kind, name string, entMeta *structs.EnterpriseMeta) error { +func deleteConfigEntryTxn(tx WriteTxn, idx uint64, kind, name string, entMeta *acl.EnterpriseMeta) error { q := configentry.NewKindName(kind, name, entMeta) existing, err := tx.First(tableConfigEntries, indexID, q) if err != nil { @@ -423,7 +424,7 @@ var serviceGraphKinds = []string{ } // discoveryChainTargets will return a list of services listed as a target for the input's discovery chain -func (s *Store) discoveryChainTargetsTxn(tx ReadTxn, ws memdb.WatchSet, dc, service string, entMeta *structs.EnterpriseMeta) (uint64, []structs.ServiceName, error) { +func (s *Store) discoveryChainTargetsTxn(tx ReadTxn, ws memdb.WatchSet, dc, service string, entMeta *acl.EnterpriseMeta) (uint64, []structs.ServiceName, error) { source := structs.NewServiceName(service, entMeta) req := discoverychain.CompileRequest{ ServiceName: source.Name, @@ -438,7 +439,7 @@ func (s *Store) discoveryChainTargetsTxn(tx ReadTxn, ws memdb.WatchSet, dc, serv var resp []structs.ServiceName for _, t := range chain.Targets { - em := structs.NewEnterpriseMetaWithPartition(entMeta.PartitionOrDefault(), t.Namespace) + em := acl.NewEnterpriseMetaWithPartition(entMeta.PartitionOrDefault(), t.Namespace) target := structs.NewServiceName(t.Service, &em) // TODO (freddy): Allow upstream DC and encode in response @@ -494,7 +495,7 @@ func (s *Store) discoveryChainSourcesTxn(tx ReadTxn, ws memdb.WatchSet, dc strin } for _, t := range chain.Targets { - em := structs.NewEnterpriseMetaWithPartition(sn.PartitionOrDefault(), t.Namespace) + em := acl.NewEnterpriseMetaWithPartition(sn.PartitionOrDefault(), t.Namespace) candidate := structs.NewServiceName(t.Service, &em) if !candidate.Matches(destination) { @@ -740,7 +741,7 @@ func testCompileDiscoveryChain( tx ReadTxn, chainName string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (string, *structs.DiscoveryGraphNode, error) { _, speculativeEntries, err := readDiscoveryChainConfigEntriesTxn(tx, nil, chainName, overrides, entMeta) if err != nil { @@ -770,7 +771,7 @@ func testCompileDiscoveryChain( func (s *Store) ServiceDiscoveryChain( ws memdb.WatchSet, serviceName string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, req discoverychain.CompileRequest, ) (uint64, *structs.CompiledDiscoveryChain, *configentry.DiscoveryChainSet, error) { tx := s.db.ReadTxn() @@ -783,7 +784,7 @@ func (s *Store) serviceDiscoveryChainTxn( tx ReadTxn, ws memdb.WatchSet, serviceName string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, req discoverychain.CompileRequest, ) (uint64, *structs.CompiledDiscoveryChain, *configentry.DiscoveryChainSet, error) { @@ -821,7 +822,7 @@ func (s *Store) serviceDiscoveryChainTxn( func (s *Store) ReadResolvedServiceConfigEntries( ws memdb.WatchSet, serviceName string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, upstreamIDs []structs.ServiceID, proxyMode structs.ProxyMode, ) (uint64, *configentry.ResolvedServiceConfigSet, error) { @@ -941,7 +942,7 @@ func (s *Store) ReadResolvedServiceConfigEntries( func (s *Store) ReadDiscoveryChainConfigEntries( ws memdb.WatchSet, serviceName string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *configentry.DiscoveryChainSet, error) { return s.readDiscoveryChainConfigEntries(ws, serviceName, nil, entMeta) } @@ -960,7 +961,7 @@ func (s *Store) readDiscoveryChainConfigEntries( ws memdb.WatchSet, serviceName string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *configentry.DiscoveryChainSet, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -972,7 +973,7 @@ func readDiscoveryChainConfigEntriesTxn( ws memdb.WatchSet, serviceName string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *configentry.DiscoveryChainSet, error) { res := configentry.NewDiscoveryChainSet() @@ -1179,7 +1180,7 @@ func getProxyConfigEntryTxn( ws memdb.WatchSet, name string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *structs.ProxyConfigEntry, error) { idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ProxyDefaults, name, overrides, entMeta) if err != nil { @@ -1204,7 +1205,7 @@ func getServiceConfigEntryTxn( ws memdb.WatchSet, serviceName string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *structs.ServiceConfigEntry, error) { idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ServiceDefaults, serviceName, overrides, entMeta) if err != nil { @@ -1229,7 +1230,7 @@ func getRouterConfigEntryTxn( ws memdb.WatchSet, serviceName string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *structs.ServiceRouterConfigEntry, error) { idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ServiceRouter, serviceName, overrides, entMeta) if err != nil { @@ -1254,7 +1255,7 @@ func getSplitterConfigEntryTxn( ws memdb.WatchSet, serviceName string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *structs.ServiceSplitterConfigEntry, error) { idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ServiceSplitter, serviceName, overrides, entMeta) if err != nil { @@ -1279,7 +1280,7 @@ func getResolverConfigEntryTxn( ws memdb.WatchSet, serviceName string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *structs.ServiceResolverConfigEntry, error) { idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ServiceResolver, serviceName, overrides, entMeta) if err != nil { @@ -1304,7 +1305,7 @@ func getServiceIntentionsConfigEntryTxn( ws memdb.WatchSet, name string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, *structs.ServiceIntentionsConfigEntry, error) { idx, entry, err := configEntryWithOverridesTxn(tx, ws, structs.ServiceIntentions, name, overrides, entMeta) if err != nil { @@ -1326,7 +1327,7 @@ func configEntryWithOverridesTxn( kind string, name string, overrides map[configentry.KindName]structs.ConfigEntry, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, ) (uint64, structs.ConfigEntry, error) { if len(overrides) > 0 { kn := configentry.NewKindName(kind, name, entMeta) @@ -1389,7 +1390,7 @@ func newConfigEntryQuery(c structs.ConfigEntry) configentry.KindName { // ConfigEntryKindQuery is used to lookup config entries by their kind. type ConfigEntryKindQuery struct { Kind string - structs.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer diff --git a/agent/consul/state/config_entry_intention.go b/agent/consul/state/config_entry_intention.go index ad0c976943..27c4912e6e 100644 --- a/agent/consul/state/config_entry_intention.go +++ b/agent/consul/state/config_entry_intention.go @@ -6,6 +6,7 @@ import ( memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -123,7 +124,7 @@ func (s *ServiceIntentionSourceIndex) FromArgs(args ...interface{}) ([]byte, err return []byte(arg.String() + "\x00"), nil } -func configIntentionsListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, bool, error) { +func configIntentionsListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, bool, error) { // unrolled part of configEntriesByKindTxn idx := maxIndexTxn(tx, tableConfigEntries) @@ -238,7 +239,7 @@ func configIntentionMatchOneTxn( } } -func readSourceIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, error) { +func readSourceIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, error) { idx := maxIndexTxn(tx, tableConfigEntries) var ( @@ -262,7 +263,7 @@ func readSourceIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, ser return idx, results, nil } -func readSourceIntentionsFromConfigEntriesForServiceTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta, results structs.Intentions) (structs.Intentions, error) { +func readSourceIntentionsFromConfigEntriesForServiceTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta, results structs.Intentions) (structs.Intentions, error) { sn := structs.NewServiceName(serviceName, entMeta) iter, err := tx.Get(tableConfigEntries, indexSource, sn) @@ -283,7 +284,7 @@ func readSourceIntentionsFromConfigEntriesForServiceTxn(tx ReadTxn, ws memdb.Wat return results, nil } -func readDestinationIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, error) { +func readDestinationIntentionsFromConfigEntriesTxn(tx ReadTxn, ws memdb.WatchSet, serviceName string, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, error) { idx := maxIndexTxn(tx, tableConfigEntries) var results structs.Intentions diff --git a/agent/consul/state/config_entry_intention_oss.go b/agent/consul/state/config_entry_intention_oss.go index d6fafe6211..c954c147c6 100644 --- a/agent/consul/state/config_entry_intention_oss.go +++ b/agent/consul/state/config_entry_intention_oss.go @@ -4,10 +4,11 @@ package state import ( + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) -func getIntentionPrecedenceMatchServiceNames(serviceName string, entMeta *structs.EnterpriseMeta) []structs.ServiceName { +func getIntentionPrecedenceMatchServiceNames(serviceName string, entMeta *acl.EnterpriseMeta) []structs.ServiceName { if serviceName == structs.WildcardSpecifier { return []structs.ServiceName{ structs.NewServiceName(structs.WildcardSpecifier, entMeta), diff --git a/agent/consul/state/config_entry_oss.go b/agent/consul/state/config_entry_oss.go index 9c3d6c7ea8..66a47eb860 100644 --- a/agent/consul/state/config_entry_oss.go +++ b/agent/consul/state/config_entry_oss.go @@ -9,6 +9,7 @@ import ( memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/configentry" "github.com/hashicorp/consul/agent/structs" ) @@ -17,9 +18,9 @@ func indexFromConfigEntryKindName(arg interface{}) ([]byte, error) { var b indexBuilder switch n := arg.(type) { - case *structs.EnterpriseMeta: + case *acl.EnterpriseMeta: return nil, nil - case structs.EnterpriseMeta: + case acl.EnterpriseMeta: return b.Bytes(), nil case ConfigEntryKindQuery: b.String(strings.ToLower(n.Kind)) @@ -37,7 +38,7 @@ func validateConfigEntryEnterprise(_ ReadTxn, _ structs.ConfigEntry) error { return nil } -func getAllConfigEntriesWithTxn(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func getAllConfigEntriesWithTxn(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableConfigEntries, indexID) } @@ -45,11 +46,11 @@ func getAllConfigEntriesByKindWithTxn(tx ReadTxn, kind string) (memdb.ResultIter return getConfigEntryKindsWithTxn(tx, kind, nil) } -func getConfigEntryKindsWithTxn(tx ReadTxn, kind string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func getConfigEntryKindsWithTxn(tx ReadTxn, kind string, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { return tx.Get(tableConfigEntries, indexID+"_prefix", ConfigEntryKindQuery{Kind: kind}) } -func configIntentionsConvertToList(iter memdb.ResultIterator, _ *structs.EnterpriseMeta) structs.Intentions { +func configIntentionsConvertToList(iter memdb.ResultIterator, _ *acl.EnterpriseMeta) structs.Intentions { var results structs.Intentions for v := iter.Next(); v != nil; v = iter.Next() { entry := v.(*structs.ServiceIntentionsConfigEntry) diff --git a/agent/consul/state/config_entry_oss_test.go b/agent/consul/state/config_entry_oss_test.go index 4c6595192a..13a56e18c6 100644 --- a/agent/consul/state/config_entry_oss_test.go +++ b/agent/consul/state/config_entry_oss_test.go @@ -4,6 +4,7 @@ package state import ( + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/configentry" "github.com/hashicorp/consul/agent/structs" ) @@ -24,7 +25,7 @@ func testIndexerTableConfigEntries() map[string]indexerTestCase { }, prefix: []indexValue{ { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { diff --git a/agent/consul/state/coordinate.go b/agent/consul/state/coordinate.go index f294adb7b6..0cbccf25c1 100644 --- a/agent/consul/state/coordinate.go +++ b/agent/consul/state/coordinate.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib" ) @@ -66,7 +67,7 @@ type CoordinateQuery struct { } func (c CoordinateQuery) PartitionOrDefault() string { - return structs.PartitionOrDefault(c.Partition) + return acl.PartitionOrDefault(c.Partition) } // coordinatesTableSchema returns a new table schema used for storing @@ -128,7 +129,7 @@ func (s *Restore) Coordinates(idx uint64, updates structs.Coordinates) error { // Coordinate returns a map of coordinates for the given node, indexed by // network segment. -func (s *Store) Coordinate(ws memdb.WatchSet, node string, entMeta *structs.EnterpriseMeta) (uint64, lib.CoordinateSet, error) { +func (s *Store) Coordinate(ws memdb.WatchSet, node string, entMeta *acl.EnterpriseMeta) (uint64, lib.CoordinateSet, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -157,7 +158,7 @@ func (s *Store) Coordinate(ws memdb.WatchSet, node string, entMeta *structs.Ente } // Coordinates queries for all nodes with coordinates. -func (s *Store) Coordinates(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Coordinates, error) { +func (s *Store) Coordinates(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Coordinates, error) { tx := s.db.Txn(false) defer tx.Abort() diff --git a/agent/consul/state/coordinate_oss.go b/agent/consul/state/coordinate_oss.go index d6b6042d71..8c86b768a0 100644 --- a/agent/consul/state/coordinate_oss.go +++ b/agent/consul/state/coordinate_oss.go @@ -6,14 +6,15 @@ package state import ( "fmt" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) -func coordinatesMaxIndex(tx ReadTxn, entMeta *structs.EnterpriseMeta) uint64 { +func coordinatesMaxIndex(tx ReadTxn, entMeta *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableCoordinates) } -func updateCoordinatesIndexes(tx WriteTxn, idx uint64, entMeta *structs.EnterpriseMeta) error { +func updateCoordinatesIndexes(tx WriteTxn, idx uint64, entMeta *acl.EnterpriseMeta) error { // Update the index. if err := indexUpdateMaxTxn(tx, idx, tableCoordinates); err != nil { return fmt.Errorf("failed updating index: %s", err) diff --git a/agent/consul/state/coordinate_oss_test.go b/agent/consul/state/coordinate_oss_test.go index 0bb08c1df0..d5d15547be 100644 --- a/agent/consul/state/coordinate_oss_test.go +++ b/agent/consul/state/coordinate_oss_test.go @@ -3,7 +3,10 @@ package state -import "github.com/hashicorp/consul/agent/structs" +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" +) func testIndexerTableCoordinates() map[string]indexerTestCase { return map[string]indexerTestCase{ @@ -24,11 +27,11 @@ func testIndexerTableCoordinates() map[string]indexerTestCase { }, prefix: []indexValue{ { - source: (*structs.EnterpriseMeta)(nil), + source: (*acl.EnterpriseMeta)(nil), expected: nil, }, { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { diff --git a/agent/consul/state/delay_oss.go b/agent/consul/state/delay_oss.go index 41b9a0405a..8167d6bfe4 100644 --- a/agent/consul/state/delay_oss.go +++ b/agent/consul/state/delay_oss.go @@ -4,9 +4,10 @@ package state import ( - "github.com/hashicorp/consul/agent/structs" "sync" "time" + + "github.com/hashicorp/consul/acl" ) // Delay is used to mark certain locks as unacquirable. When a lock is @@ -36,7 +37,7 @@ func NewDelay() *Delay { // GetExpiration returns the expiration time of a key lock delay. This must be // checked on the leader node, and not in KVSLock due to the variability of // clocks. -func (d *Delay) GetExpiration(key string, entMeta *structs.EnterpriseMeta) time.Time { +func (d *Delay) GetExpiration(key string, entMeta *acl.EnterpriseMeta) time.Time { d.lock.RLock() expires := d.delay[key] d.lock.RUnlock() @@ -45,7 +46,7 @@ func (d *Delay) GetExpiration(key string, entMeta *structs.EnterpriseMeta) time. // SetExpiration sets the expiration time for the lock delay to the given // delay from the given now time. -func (d *Delay) SetExpiration(key string, now time.Time, delay time.Duration, entMeta *structs.EnterpriseMeta) { +func (d *Delay) SetExpiration(key string, now time.Time, delay time.Duration, entMeta *acl.EnterpriseMeta) { d.lock.Lock() defer d.lock.Unlock() diff --git a/agent/consul/state/graveyard.go b/agent/consul/state/graveyard.go index 89601ea212..7058468811 100644 --- a/agent/consul/state/graveyard.go +++ b/agent/consul/state/graveyard.go @@ -5,7 +5,7 @@ import ( "github.com/hashicorp/go-memdb" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) // Tombstone is the internal type used to track tombstones. @@ -13,7 +13,7 @@ type Tombstone struct { Key string Index uint64 - structs.EnterpriseMeta + acl.EnterpriseMeta } func (t Tombstone) IDValue() string { @@ -33,7 +33,7 @@ func NewGraveyard(gc *TombstoneGC) *Graveyard { } // InsertTxn adds a new tombstone. -func (g *Graveyard) InsertTxn(tx WriteTxn, key string, idx uint64, entMeta *structs.EnterpriseMeta) error { +func (g *Graveyard) InsertTxn(tx WriteTxn, key string, idx uint64, entMeta *acl.EnterpriseMeta) error { stone := &Tombstone{ Key: key, Index: idx, diff --git a/agent/consul/state/graveyard_oss.go b/agent/consul/state/graveyard_oss.go index 71b6bd90b6..bccbe1ec72 100644 --- a/agent/consul/state/graveyard_oss.go +++ b/agent/consul/state/graveyard_oss.go @@ -6,6 +6,7 @@ package state import ( "fmt" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -28,7 +29,7 @@ func (g *Graveyard) insertTombstoneWithTxn(tx WriteTxn, _ string, stone *Tombsto // GetMaxIndexTxn returns the highest index tombstone whose key matches the // given context, using a prefix match. -func (g *Graveyard) GetMaxIndexTxn(tx ReadTxn, prefix string, _ *structs.EnterpriseMeta) (uint64, error) { +func (g *Graveyard) GetMaxIndexTxn(tx ReadTxn, prefix string, _ *acl.EnterpriseMeta) (uint64, error) { var lindex uint64 q := Query{Value: prefix, EnterpriseMeta: *structs.DefaultEnterpriseMetaInDefaultPartition()} stones, err := tx.Get(tableTombstones, indexID+"_prefix", q) diff --git a/agent/consul/state/indexer.go b/agent/consul/state/indexer.go index 7fa30a7d54..70b769c584 100644 --- a/agent/consul/state/indexer.go +++ b/agent/consul/state/indexer.go @@ -8,6 +8,7 @@ import ( "strings" "time" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -196,7 +197,7 @@ func (b *indexBuilder) Bool(v bool) { type TimeQuery struct { Value time.Time - structs.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer diff --git a/agent/consul/state/intention.go b/agent/consul/state/intention.go index f2f64500f3..2417f5741a 100644 --- a/agent/consul/state/intention.go +++ b/agent/consul/state/intention.go @@ -150,7 +150,7 @@ func areIntentionsInConfigEntries(tx ReadTxn, ws memdb.WatchSet) (bool, error) { // LegacyIntentions is like Intentions() but only returns legacy intentions. // This is exposed for migration purposes. -func (s *Store) LegacyIntentions(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, error) { +func (s *Store) LegacyIntentions(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -159,7 +159,7 @@ func (s *Store) LegacyIntentions(ws memdb.WatchSet, entMeta *structs.EnterpriseM } // Intentions returns the list of all intentions. The boolean response value is true if it came from config entries. -func (s *Store) Intentions(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, bool, error) { +func (s *Store) Intentions(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, bool, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -173,7 +173,7 @@ func (s *Store) Intentions(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) ( return configIntentionsListTxn(tx, ws, entMeta) } -func legacyIntentionsListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Intentions, bool, error) { +func legacyIntentionsListTxn(tx ReadTxn, ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Intentions, bool, error) { // Get the index idx := maxIndexTxn(tx, tableConnectIntentions) if idx < 1 { diff --git a/agent/consul/state/intention_oss.go b/agent/consul/state/intention_oss.go index e6872ab5bd..6c99e67496 100644 --- a/agent/consul/state/intention_oss.go +++ b/agent/consul/state/intention_oss.go @@ -6,10 +6,10 @@ package state import ( memdb "github.com/hashicorp/go-memdb" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) -func intentionListTxn(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { +func intentionListTxn(tx ReadTxn, _ *acl.EnterpriseMeta) (memdb.ResultIterator, error) { // Get all intentions return tx.Get(tableConnectIntentions, "id") } diff --git a/agent/consul/state/kvs.go b/agent/consul/state/kvs.go index 34639ace05..82aa842e8d 100644 --- a/agent/consul/state/kvs.go +++ b/agent/consul/state/kvs.go @@ -6,6 +6,7 @@ import ( "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -176,7 +177,7 @@ func kvsSetTxn(tx WriteTxn, idx uint64, entry *structs.DirEntry, updateSession b } // KVSGet is used to retrieve a key/value pair from the state store. -func (s *Store) KVSGet(ws memdb.WatchSet, key string, entMeta *structs.EnterpriseMeta) (uint64, *structs.DirEntry, error) { +func (s *Store) KVSGet(ws memdb.WatchSet, key string, entMeta *acl.EnterpriseMeta) (uint64, *structs.DirEntry, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -191,7 +192,7 @@ func (s *Store) KVSGet(ws memdb.WatchSet, key string, entMeta *structs.Enterpris // kvsGetTxn is the inner method that gets a KVS entry inside an existing // transaction. func kvsGetTxn(tx ReadTxn, - ws memdb.WatchSet, key string, entMeta structs.EnterpriseMeta) (uint64, *structs.DirEntry, error) { + ws memdb.WatchSet, key string, entMeta acl.EnterpriseMeta) (uint64, *structs.DirEntry, error) { // Get the table index. idx := kvsMaxIndex(tx, entMeta) @@ -212,7 +213,7 @@ func kvsGetTxn(tx ReadTxn, // is the max index of the returned kvs entries or applicable tombstones, or // else it's the full table indexes for kvs and tombstones. func (s *Store) KVSList(ws memdb.WatchSet, - prefix string, entMeta *structs.EnterpriseMeta) (uint64, structs.DirEntries, error) { + prefix string, entMeta *acl.EnterpriseMeta) (uint64, structs.DirEntries, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -228,7 +229,7 @@ func (s *Store) KVSList(ws memdb.WatchSet, // kvsListTxn is the inner method that gets a list of KVS entries matching a // prefix. func (s *Store) kvsListTxn(tx ReadTxn, - ws memdb.WatchSet, prefix string, entMeta structs.EnterpriseMeta) (uint64, structs.DirEntries, error) { + ws memdb.WatchSet, prefix string, entMeta acl.EnterpriseMeta) (uint64, structs.DirEntries, error) { // Get the table indexes. idx := kvsMaxIndex(tx, entMeta) @@ -262,7 +263,7 @@ func (s *Store) kvsListTxn(tx ReadTxn, // KVSDelete is used to perform a shallow delete on a single key in the // the state store. -func (s *Store) KVSDelete(idx uint64, key string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) KVSDelete(idx uint64, key string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -276,7 +277,7 @@ func (s *Store) KVSDelete(idx uint64, key string, entMeta *structs.EnterpriseMet // kvsDeleteTxn is the inner method used to perform the actual deletion // of a key/value pair within an existing transaction. -func (s *Store) kvsDeleteTxn(tx WriteTxn, idx uint64, key string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) kvsDeleteTxn(tx WriteTxn, idx uint64, key string, entMeta *acl.EnterpriseMeta) error { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -303,7 +304,7 @@ func (s *Store) kvsDeleteTxn(tx WriteTxn, idx uint64, key string, entMeta *struc // raft index. If the CAS index specified is not equal to the last // observed index for the given key, then the call is a noop, otherwise // a normal KV delete is invoked. -func (s *Store) KVSDeleteCAS(idx, cidx uint64, key string, entMeta *structs.EnterpriseMeta) (bool, error) { +func (s *Store) KVSDeleteCAS(idx, cidx uint64, key string, entMeta *acl.EnterpriseMeta) (bool, error) { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -318,7 +319,7 @@ func (s *Store) KVSDeleteCAS(idx, cidx uint64, key string, entMeta *structs.Ente // kvsDeleteCASTxn is the inner method that does a CAS delete within an existing // transaction. -func (s *Store) kvsDeleteCASTxn(tx WriteTxn, idx, cidx uint64, key string, entMeta *structs.EnterpriseMeta) (bool, error) { +func (s *Store) kvsDeleteCASTxn(tx WriteTxn, idx, cidx uint64, key string, entMeta *acl.EnterpriseMeta) (bool, error) { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() } @@ -390,7 +391,7 @@ func kvsSetCASTxn(tx WriteTxn, idx uint64, entry *structs.DirEntry) (bool, error // KVSDeleteTree is used to do a recursive delete on a key prefix // in the state store. If any keys are modified, the last index is // set, otherwise this is a no-op. -func (s *Store) KVSDeleteTree(idx uint64, prefix string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) KVSDeleteTree(idx uint64, prefix string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -403,7 +404,7 @@ func (s *Store) KVSDeleteTree(idx uint64, prefix string, entMeta *structs.Enterp // KVSLockDelay returns the expiration time for any lock delay associated with // the given key. -func (s *Store) KVSLockDelay(key string, entMeta *structs.EnterpriseMeta) time.Time { +func (s *Store) KVSLockDelay(key string, entMeta *acl.EnterpriseMeta) time.Time { return s.lockDelay.GetExpiration(key, entMeta) } @@ -527,7 +528,7 @@ func kvsUnlockTxn(tx WriteTxn, idx uint64, entry *structs.DirEntry) (bool, error // kvsCheckSessionTxn checks to see if the given session matches the current // entry for a key. func kvsCheckSessionTxn(tx WriteTxn, - key string, session string, entMeta *structs.EnterpriseMeta) (*structs.DirEntry, error) { + key string, session string, entMeta *acl.EnterpriseMeta) (*structs.DirEntry, error) { if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() @@ -552,7 +553,7 @@ func kvsCheckSessionTxn(tx WriteTxn, // kvsCheckIndexTxn checks to see if the given modify index matches the current // entry for a key. func kvsCheckIndexTxn(tx WriteTxn, - key string, cidx uint64, entMeta structs.EnterpriseMeta) (*structs.DirEntry, error) { + key string, cidx uint64, entMeta acl.EnterpriseMeta) (*structs.DirEntry, error) { entry, err := tx.First(tableKVs, indexID, Query{Value: key, EnterpriseMeta: entMeta}) if err != nil { diff --git a/agent/consul/state/kvs_oss.go b/agent/consul/state/kvs_oss.go index 598ffc39df..3ded432550 100644 --- a/agent/consul/state/kvs_oss.go +++ b/agent/consul/state/kvs_oss.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -25,7 +26,7 @@ func prefixIndexForIDValue(arg interface{}) ([]byte, error) { // DeletePrefix always uses a string, pass it along unmodified case string: return []byte(v), nil - case structs.EnterpriseMeta: + case acl.EnterpriseMeta: return nil, nil case singleValueID: var b indexBuilder @@ -56,7 +57,7 @@ func insertKVTxn(tx WriteTxn, entry *structs.DirEntry, updateMax bool, _ bool) e return nil } -func kvsListEntriesTxn(tx ReadTxn, ws memdb.WatchSet, prefix string, entMeta structs.EnterpriseMeta) (uint64, structs.DirEntries, error) { +func kvsListEntriesTxn(tx ReadTxn, ws memdb.WatchSet, prefix string, entMeta acl.EnterpriseMeta) (uint64, structs.DirEntries, error) { var ents structs.DirEntries var lindex uint64 @@ -79,7 +80,7 @@ func kvsListEntriesTxn(tx ReadTxn, ws memdb.WatchSet, prefix string, entMeta str // kvsDeleteTreeTxn is the inner method that does a recursive delete inside an // existing transaction. -func (s *Store) kvsDeleteTreeTxn(tx WriteTxn, idx uint64, prefix string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) kvsDeleteTreeTxn(tx WriteTxn, idx uint64, prefix string, entMeta *acl.EnterpriseMeta) error { // For prefix deletes, only insert one tombstone and delete the entire subtree deleted, err := tx.DeletePrefix(tableKVs, indexID+"_prefix", prefix) if err != nil { @@ -100,7 +101,7 @@ func (s *Store) kvsDeleteTreeTxn(tx WriteTxn, idx uint64, prefix string, entMeta return nil } -func kvsMaxIndex(tx ReadTxn, entMeta structs.EnterpriseMeta) uint64 { +func kvsMaxIndex(tx ReadTxn, entMeta acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, "kvs", "tombstones") } diff --git a/agent/consul/state/kvs_oss_test.go b/agent/consul/state/kvs_oss_test.go index 4ec7ac7a3d..7cee368938 100644 --- a/agent/consul/state/kvs_oss_test.go +++ b/agent/consul/state/kvs_oss_test.go @@ -3,7 +3,10 @@ package state -import "github.com/hashicorp/consul/agent/structs" +import ( + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/structs" +) func testIndexerTableKVs() map[string]indexerTestCase { return map[string]indexerTestCase{ @@ -22,7 +25,7 @@ func testIndexerTableKVs() map[string]indexerTestCase { expected: []byte("indexString"), }, { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { @@ -51,7 +54,7 @@ func testIndexerTableTombstones() map[string]indexerTestCase { expected: []byte("indexString"), }, { - source: structs.EnterpriseMeta{}, + source: acl.EnterpriseMeta{}, expected: nil, }, { diff --git a/agent/consul/state/operations_oss.go b/agent/consul/state/operations_oss.go index 7be71732d0..c1a3300ad5 100644 --- a/agent/consul/state/operations_oss.go +++ b/agent/consul/state/operations_oss.go @@ -6,11 +6,11 @@ package state import ( "github.com/hashicorp/go-memdb" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) func getCompoundWithTxn(tx ReadTxn, table, index string, - _ *structs.EnterpriseMeta, idxVals ...interface{}) (memdb.ResultIterator, error) { + _ *acl.EnterpriseMeta, idxVals ...interface{}) (memdb.ResultIterator, error) { return tx.Get(table, index, idxVals...) } diff --git a/agent/consul/state/query.go b/agent/consul/state/query.go index 7e08384488..b88fbe4fcc 100644 --- a/agent/consul/state/query.go +++ b/agent/consul/state/query.go @@ -5,6 +5,7 @@ import ( "fmt" "strings" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -12,7 +13,7 @@ import ( // enterprise identifier. type Query struct { Value string - structs.EnterpriseMeta + acl.EnterpriseMeta } func (q Query) IDValue() string { @@ -33,7 +34,7 @@ func (q Query) PartitionOrDefault() string { type MultiQuery struct { Value []string - structs.EnterpriseMeta + acl.EnterpriseMeta } func (q MultiQuery) IDValue() []string { @@ -118,7 +119,7 @@ func parseUUIDString(uuid string) ([]byte, error) { // enterprise identifier. type BoolQuery struct { Value bool - structs.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer @@ -138,7 +139,7 @@ func (q BoolQuery) PartitionOrDefault() string { type KeyValueQuery struct { Key string Value string - structs.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer @@ -168,8 +169,8 @@ func indexFromKeyValueQuery(arg interface{}) ([]byte, error) { type AuthMethodQuery struct { Value string - AuthMethodEntMeta structs.EnterpriseMeta - structs.EnterpriseMeta + AuthMethodEntMeta acl.EnterpriseMeta + acl.EnterpriseMeta } // NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer diff --git a/agent/consul/state/query_oss.go b/agent/consul/state/query_oss.go index 04fed3a6b1..0f11dce5f5 100644 --- a/agent/consul/state/query_oss.go +++ b/agent/consul/state/query_oss.go @@ -7,15 +7,15 @@ import ( "fmt" "strings" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) func prefixIndexFromQuery(arg interface{}) ([]byte, error) { var b indexBuilder switch v := arg.(type) { - case *structs.EnterpriseMeta: + case *acl.EnterpriseMeta: return nil, nil - case structs.EnterpriseMeta: + case acl.EnterpriseMeta: return nil, nil case Query: if v.Value == "" { diff --git a/agent/consul/state/schema_oss.go b/agent/consul/state/schema_oss.go index 758d224233..ea8e8a43e0 100644 --- a/agent/consul/state/schema_oss.go +++ b/agent/consul/state/schema_oss.go @@ -3,12 +3,12 @@ package state -import "github.com/hashicorp/consul/agent/structs" +import "github.com/hashicorp/consul/acl" func partitionedIndexEntryName(entry string, _ string) string { return entry } -func partitionedAndNamespacedIndexEntryName(entry string, _ *structs.EnterpriseMeta) string { +func partitionedAndNamespacedIndexEntryName(entry string, _ *acl.EnterpriseMeta) string { return entry } diff --git a/agent/consul/state/session.go b/agent/consul/state/session.go index 876e67f50f..cf2e78b6e5 100644 --- a/agent/consul/state/session.go +++ b/agent/consul/state/session.go @@ -8,6 +8,7 @@ import ( "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -291,7 +292,7 @@ func sessionCreateTxn(tx WriteTxn, idx uint64, sess *structs.Session) error { // SessionGet is used to retrieve an active session from the state store. func (s *Store) SessionGet(ws memdb.WatchSet, - sessionID string, entMeta *structs.EnterpriseMeta) (uint64, *structs.Session, error) { + sessionID string, entMeta *acl.EnterpriseMeta) (uint64, *structs.Session, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -318,7 +319,7 @@ func (s *Store) SessionGet(ws memdb.WatchSet, // NodeSessions returns a set of active sessions associated // with the given node ID. The returned index is the highest // index seen from the result set. -func (s *Store) NodeSessions(ws memdb.WatchSet, nodeID string, entMeta *structs.EnterpriseMeta) (uint64, structs.Sessions, error) { +func (s *Store) NodeSessions(ws memdb.WatchSet, nodeID string, entMeta *acl.EnterpriseMeta) (uint64, structs.Sessions, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -336,7 +337,7 @@ func (s *Store) NodeSessions(ws memdb.WatchSet, nodeID string, entMeta *structs. // SessionDestroy is used to remove an active session. This will // implicitly invalidate the session and invoke the specified // session destroy behavior. -func (s *Store) SessionDestroy(idx uint64, sessionID string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) SessionDestroy(idx uint64, sessionID string, entMeta *acl.EnterpriseMeta) error { tx := s.db.WriteTxn(idx) defer tx.Abort() @@ -350,7 +351,7 @@ func (s *Store) SessionDestroy(idx uint64, sessionID string, entMeta *structs.En // deleteSessionTxn is the inner method, which is used to do the actual // session deletion and handle session invalidation, etc. -func (s *Store) deleteSessionTxn(tx WriteTxn, idx uint64, sessionID string, entMeta *structs.EnterpriseMeta) error { +func (s *Store) deleteSessionTxn(tx WriteTxn, idx uint64, sessionID string, entMeta *acl.EnterpriseMeta) error { // Look up the session. if entMeta == nil { entMeta = structs.DefaultEnterpriseMetaInDefaultPartition() diff --git a/agent/consul/state/session_oss.go b/agent/consul/state/session_oss.go index d313fb5f99..96622387e6 100644 --- a/agent/consul/state/session_oss.go +++ b/agent/consul/state/session_oss.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" ) @@ -121,7 +122,7 @@ func allNodeSessionsTxn(tx ReadTxn, node string, _ string) (structs.Sessions, er } func nodeSessionsTxn(tx ReadTxn, - ws memdb.WatchSet, node string, entMeta *structs.EnterpriseMeta) (structs.Sessions, error) { + ws memdb.WatchSet, node string, entMeta *acl.EnterpriseMeta) (structs.Sessions, error) { sessions, err := tx.Get(tableSessions, indexNode, Query{Value: node}) if err != nil { @@ -136,7 +137,7 @@ func nodeSessionsTxn(tx ReadTxn, return result, nil } -func sessionMaxIndex(tx ReadTxn, entMeta *structs.EnterpriseMeta) uint64 { +func sessionMaxIndex(tx ReadTxn, entMeta *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, "sessions") } @@ -161,7 +162,7 @@ func validateSessionChecksTxn(tx ReadTxn, session *structs.Session) error { } // SessionList returns a slice containing all of the active sessions. -func (s *Store) SessionList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) (uint64, structs.Sessions, error) { +func (s *Store) SessionList(ws memdb.WatchSet, entMeta *acl.EnterpriseMeta) (uint64, structs.Sessions, error) { tx := s.db.Txn(false) defer tx.Abort() @@ -184,7 +185,7 @@ func (s *Store) SessionList(ws memdb.WatchSet, entMeta *structs.EnterpriseMeta) return idx, result, nil } -func maxIndexTxnSessions(tx *memdb.Txn, _ *structs.EnterpriseMeta) uint64 { +func maxIndexTxnSessions(tx *memdb.Txn, _ *acl.EnterpriseMeta) uint64 { return maxIndexTxn(tx, tableSessions) } diff --git a/agent/consul/state/state_store.go b/agent/consul/state/state_store.go index 2689ac1420..39a4371efe 100644 --- a/agent/consul/state/state_store.go +++ b/agent/consul/state/state_store.go @@ -8,6 +8,7 @@ import ( memdb "github.com/hashicorp/go-memdb" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/stream" "github.com/hashicorp/consul/agent/structs" ) @@ -143,7 +144,7 @@ type sessionCheck struct { Session string CheckID structs.CheckID - structs.EnterpriseMeta + acl.EnterpriseMeta } // NewStateStore creates a new in-memory state storage layer. diff --git a/agent/consul/state/state_store_test.go b/agent/consul/state/state_store_test.go index b617e0e460..0047d2531b 100644 --- a/agent/consul/state/state_store_test.go +++ b/agent/consul/state/state_store_test.go @@ -9,6 +9,7 @@ import ( "github.com/hashicorp/go-memdb" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/types" ) @@ -229,7 +230,7 @@ func testRegisterConnectNativeService(t *testing.T, s *Store, idx uint64, nodeID require.NoError(t, s.EnsureService(idx, nodeID, svc)) } -func testSetKey(t *testing.T, s *Store, idx uint64, key, value string, entMeta *structs.EnterpriseMeta) { +func testSetKey(t *testing.T, s *Store, idx uint64, key, value string, entMeta *acl.EnterpriseMeta) { entry := &structs.DirEntry{ Key: key, Value: []byte(value), diff --git a/agent/consul/subscribe_backend.go b/agent/consul/subscribe_backend.go index 8dc2d3cb2c..94b8671f4f 100644 --- a/agent/consul/subscribe_backend.go +++ b/agent/consul/subscribe_backend.go @@ -18,7 +18,7 @@ type subscribeBackend struct { // the endpoints. func (s subscribeBackend) ResolveTokenAndDefaultMeta( token string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext, ) (acl.Authorizer, error) { return s.srv.ResolveTokenAndDefaultMeta(token, entMeta, authzContext) diff --git a/agent/consul/txn_endpoint_test.go b/agent/consul/txn_endpoint_test.go index 4f82c98d60..868ea3b813 100644 --- a/agent/consul/txn_endpoint_test.go +++ b/agent/consul/txn_endpoint_test.go @@ -7,9 +7,10 @@ import ( "testing" "time" - msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" "github.com/stretchr/testify/require" + msgpackrpc "github.com/hashicorp/consul-net-rpc/net-rpc-msgpackrpc" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" diff --git a/agent/consul/usagemetrics/usagemetrics_oss_test.go b/agent/consul/usagemetrics/usagemetrics_oss_test.go index 5ab34256fa..9a25cb0ff2 100644 --- a/agent/consul/usagemetrics/usagemetrics_oss_test.go +++ b/agent/consul/usagemetrics/usagemetrics_oss_test.go @@ -12,6 +12,7 @@ import ( "github.com/hashicorp/serf/serf" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/consul/state" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil" @@ -1028,8 +1029,8 @@ func TestUsageReporter_emitKVUsage_OSS(t *testing.T) { require.NoError(t, s.KVSSet(5, &structs.DirEntry{Key: "b", Value: []byte{1}})) require.NoError(t, s.KVSSet(6, &structs.DirEntry{Key: "c", Value: []byte{1}})) require.NoError(t, s.KVSSet(7, &structs.DirEntry{Key: "d", Value: []byte{1}})) - require.NoError(t, s.KVSDelete(8, "d", &structs.EnterpriseMeta{})) - require.NoError(t, s.KVSDelete(9, "c", &structs.EnterpriseMeta{})) + require.NoError(t, s.KVSDelete(8, "d", &acl.EnterpriseMeta{})) + require.NoError(t, s.KVSDelete(9, "c", &acl.EnterpriseMeta{})) require.NoError(t, s.KVSSet(10, &structs.DirEntry{Key: "e", Value: []byte{1}})) require.NoError(t, s.KVSSet(11, &structs.DirEntry{Key: "f", Value: []byte{1}})) }, diff --git a/agent/delegate_mock_test.go b/agent/delegate_mock_test.go index 36b32f6892..5498e5f04d 100644 --- a/agent/delegate_mock_test.go +++ b/agent/delegate_mock_test.go @@ -38,16 +38,16 @@ func (m *delegateMock) AgentLocalMember() serf.Member { return m.Called().Get(0).(serf.Member) } -func (m *delegateMock) JoinLAN(addrs []string, entMeta *structs.EnterpriseMeta) (n int, err error) { +func (m *delegateMock) JoinLAN(addrs []string, entMeta *acl.EnterpriseMeta) (n int, err error) { ret := m.Called(addrs, entMeta) return ret.Int(0), ret.Error(1) } -func (m *delegateMock) RemoveFailedNode(node string, prune bool, entMeta *structs.EnterpriseMeta) error { +func (m *delegateMock) RemoveFailedNode(node string, prune bool, entMeta *acl.EnterpriseMeta) error { return m.Called(node, prune, entMeta).Error(0) } -func (m *delegateMock) ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) { +func (m *delegateMock) ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) { ret := m.Called(token, entMeta, authzContext) return ret.Get(0).(consul.ACLResolveResult), ret.Error(1) } diff --git a/agent/discovery_chain_endpoint.go b/agent/discovery_chain_endpoint.go index 666841ef32..e9bb631850 100644 --- a/agent/discovery_chain_endpoint.go +++ b/agent/discovery_chain_endpoint.go @@ -7,6 +7,7 @@ import ( "github.com/mitchellh/mapstructure" + "github.com/hashicorp/consul/acl" cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/lib/decode" @@ -28,7 +29,7 @@ func (s *HTTPHandlers) DiscoveryChainRead(resp http.ResponseWriter, req *http.Re } args.EvaluateInDatacenter = req.URL.Query().Get("compile-dc") - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } diff --git a/agent/dns.go b/agent/dns.go index 1deda3ebd4..a973056a1a 100644 --- a/agent/dns.go +++ b/agent/dns.go @@ -19,6 +19,7 @@ import ( "github.com/hashicorp/go-hclog" "github.com/miekg/dns" + "github.com/hashicorp/consul/acl" cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/config" agentdns "github.com/hashicorp/consul/agent/dns" @@ -103,7 +104,7 @@ type serviceLookup struct { MaxRecursionLevel int Connect bool Ingress bool - structs.EnterpriseMeta + acl.EnterpriseMeta } // DNSServer is used to wrap an Agent and expose various @@ -123,7 +124,7 @@ type DNSServer struct { // the recursor handler is only enabled if recursors are configured. This flag is used during config hot-reloading recursorEnabled uint32 - defaultEnterpriseMeta structs.EnterpriseMeta + defaultEnterpriseMeta acl.EnterpriseMeta } func NewDNSServer(a *Agent) (*DNSServer, error) { @@ -344,7 +345,7 @@ func serviceNodeCanonicalDNSName(sn *structs.ServiceNode, domain string) string return serviceCanonicalDNSName(sn.ServiceName, "service", sn.Datacenter, domain, &sn.EnterpriseMeta) } -func serviceIngressDNSName(service, datacenter, domain string, entMeta *structs.EnterpriseMeta) string { +func serviceIngressDNSName(service, datacenter, domain string, entMeta *acl.EnterpriseMeta) string { return serviceCanonicalDNSName(service, "ingress", datacenter, domain, entMeta) } diff --git a/agent/dns_oss.go b/agent/dns_oss.go index 1328195c87..9476e810f1 100644 --- a/agent/dns_oss.go +++ b/agent/dns_oss.go @@ -6,8 +6,8 @@ package agent import ( "fmt" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/config" - "github.com/hashicorp/consul/agent/structs" ) type enterpriseDNSConfig struct{} @@ -16,7 +16,7 @@ func getEnterpriseDNSConfig(conf *config.RuntimeConfig) enterpriseDNSConfig { return enterpriseDNSConfig{} } -func (d *DNSServer) parseDatacenterAndEnterpriseMeta(labels []string, _ *dnsConfig, datacenter *string, _ *structs.EnterpriseMeta) bool { +func (d *DNSServer) parseDatacenterAndEnterpriseMeta(labels []string, _ *dnsConfig, datacenter *string, _ *acl.EnterpriseMeta) bool { switch len(labels) { case 1: *datacenter = labels[0] @@ -27,6 +27,6 @@ func (d *DNSServer) parseDatacenterAndEnterpriseMeta(labels []string, _ *dnsConf return false } -func serviceCanonicalDNSName(name, kind, datacenter, domain string, _ *structs.EnterpriseMeta) string { +func serviceCanonicalDNSName(name, kind, datacenter, domain string, _ *acl.EnterpriseMeta) string { return fmt.Sprintf("%s.%s.%s.%s", name, kind, datacenter, domain) } diff --git a/agent/grpc/private/services/subscribe/subscribe.go b/agent/grpc/private/services/subscribe/subscribe.go index 18372b2002..c1b2f7e2d4 100644 --- a/agent/grpc/private/services/subscribe/subscribe.go +++ b/agent/grpc/private/services/subscribe/subscribe.go @@ -36,7 +36,7 @@ type Logger interface { var _ pbsubscribe.StateChangeSubscriptionServer = (*Server)(nil) type Backend interface { - ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error) + ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (acl.Authorizer, error) Forward(info structs.RPCInfo, f func(*grpc.ClientConn) error) (handled bool, err error) Subscribe(req *stream.SubscribeRequest) (*stream.Subscription, error) } @@ -51,7 +51,7 @@ func (h *Server) Subscribe(req *pbsubscribe.SubscribeRequest, serverStream pbsub logger.Trace("new subscription") defer logger.Trace("subscription closed") - entMeta := structs.NewEnterpriseMetaWithPartition(req.Partition, req.Namespace) + entMeta := acl.NewEnterpriseMetaWithPartition(req.Partition, req.Namespace) authz, err := h.Backend.ResolveTokenAndDefaultMeta(req.Token, &entMeta, nil) if err != nil { return err @@ -91,7 +91,7 @@ func (h *Server) Subscribe(req *pbsubscribe.SubscribeRequest, serverStream pbsub } } -func toStreamSubscribeRequest(req *pbsubscribe.SubscribeRequest, entMeta structs.EnterpriseMeta) *stream.SubscribeRequest { +func toStreamSubscribeRequest(req *pbsubscribe.SubscribeRequest, entMeta acl.EnterpriseMeta) *stream.SubscribeRequest { return &stream.SubscribeRequest{ Topic: req.Topic, Subject: state.EventSubjectService{ diff --git a/agent/grpc/private/services/subscribe/subscribe_test.go b/agent/grpc/private/services/subscribe/subscribe_test.go index a5a47a0770..d9d8d162d0 100644 --- a/agent/grpc/private/services/subscribe/subscribe_test.go +++ b/agent/grpc/private/services/subscribe/subscribe_test.go @@ -313,13 +313,13 @@ func getEvent(t *testing.T, ch chan eventOrError) *pbsubscribe.Event { type testBackend struct { store *state.Store - authorizer func(token string, entMeta *structs.EnterpriseMeta) acl.Authorizer + authorizer func(token string, entMeta *acl.EnterpriseMeta) acl.Authorizer forwardConn *gogrpc.ClientConn } func (b testBackend) ResolveTokenAndDefaultMeta( token string, - entMeta *structs.EnterpriseMeta, + entMeta *acl.EnterpriseMeta, _ *acl.AuthorizerContext, ) (acl.Authorizer, error) { return b.authorizer(token, entMeta), nil @@ -342,7 +342,7 @@ func newTestBackend() (*testBackend, error) { return nil, err } store := state.NewStateStoreWithEventPublisher(gc) - allowAll := func(string, *structs.EnterpriseMeta) acl.Authorizer { + allowAll := func(string, *acl.EnterpriseMeta) acl.Authorizer { return acl.AllowAll() } return &testBackend{store: store, authorizer: allowAll}, nil @@ -663,7 +663,7 @@ node "node1" { require.Equal(t, acl.Deny, authorizer.NodeRead("denied", nil)) // TODO: is there any easy way to do this with the acl package? - backend.authorizer = func(tok string, _ *structs.EnterpriseMeta) acl.Authorizer { + backend.authorizer = func(tok string, _ *acl.EnterpriseMeta) acl.Authorizer { if tok == token { return authorizer } @@ -859,7 +859,7 @@ node "node1" { require.Equal(t, acl.Deny, authorizer.NodeRead("denied", nil)) // TODO: is there any easy way to do this with the acl package? - backend.authorizer = func(tok string, _ *structs.EnterpriseMeta) acl.Authorizer { + backend.authorizer = func(tok string, _ *acl.EnterpriseMeta) acl.Authorizer { if tok == token { return authorizer } diff --git a/agent/grpc/public/services/connectca/mock_ACLResolver.go b/agent/grpc/public/services/connectca/mock_ACLResolver.go index bbc462c444..6b6a6a771b 100644 --- a/agent/grpc/public/services/connectca/mock_ACLResolver.go +++ b/agent/grpc/public/services/connectca/mock_ACLResolver.go @@ -3,10 +3,9 @@ package connectca import ( - acl "github.com/hashicorp/consul/acl" mock "github.com/stretchr/testify/mock" - structs "github.com/hashicorp/consul/agent/structs" + acl "github.com/hashicorp/consul/acl" ) // MockACLResolver is an autogenerated mock type for the ACLResolver type @@ -15,11 +14,11 @@ type MockACLResolver struct { } // ResolveTokenAndDefaultMeta provides a mock function with given fields: _a0, _a1, _a2 -func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *structs.EnterpriseMeta, _a2 *acl.AuthorizerContext) (acl.Authorizer, error) { +func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *acl.EnterpriseMeta, _a2 *acl.AuthorizerContext) (acl.Authorizer, error) { ret := _m.Called(_a0, _a1, _a2) var r0 acl.Authorizer - if rf, ok := ret.Get(0).(func(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) acl.Authorizer); ok { + if rf, ok := ret.Get(0).(func(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) acl.Authorizer); ok { r0 = rf(_a0, _a1, _a2) } else { if ret.Get(0) != nil { @@ -28,7 +27,7 @@ func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *structs.E } var r1 error - if rf, ok := ret.Get(1).(func(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) error); ok { + if rf, ok := ret.Get(1).(func(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) error); ok { r1 = rf(_a0, _a1, _a2) } else { r1 = ret.Error(1) diff --git a/agent/grpc/public/services/connectca/server.go b/agent/grpc/public/services/connectca/server.go index 64bced2dda..002f8e3448 100644 --- a/agent/grpc/public/services/connectca/server.go +++ b/agent/grpc/public/services/connectca/server.go @@ -30,7 +30,7 @@ type StateStore interface { //go:generate mockery -name ACLResolver -inpkg type ACLResolver interface { - ResolveTokenAndDefaultMeta(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) (acl.Authorizer, error) + ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (acl.Authorizer, error) } func NewServer(cfg Config) *Server { diff --git a/agent/grpc/public/services/dataplane/get_supported_features.go b/agent/grpc/public/services/dataplane/get_supported_features.go index 672e48f66f..f9a8171901 100644 --- a/agent/grpc/public/services/dataplane/get_supported_features.go +++ b/agent/grpc/public/services/dataplane/get_supported_features.go @@ -3,12 +3,13 @@ package dataplane import ( "context" + "google.golang.org/grpc/codes" + "google.golang.org/grpc/status" + acl "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/grpc/public" structs "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto-public/pbdataplane" - "google.golang.org/grpc/codes" - "google.golang.org/grpc/status" ) func (d *Server) SupportedDataplaneFeatures(ctx context.Context, req *pbdataplane.SupportedDataplaneFeaturesRequest) (*pbdataplane.SupportedDataplaneFeaturesResponse, error) { diff --git a/agent/grpc/public/services/dataplane/get_supported_features_test.go b/agent/grpc/public/services/dataplane/get_supported_features_test.go index 2b3c5e76de..36ac7400ca 100644 --- a/agent/grpc/public/services/dataplane/get_supported_features_test.go +++ b/agent/grpc/public/services/dataplane/get_supported_features_test.go @@ -4,15 +4,16 @@ import ( "context" "testing" - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/grpc/public" - "github.com/hashicorp/consul/agent/grpc/public/testutils" - "github.com/hashicorp/consul/proto-public/pbdataplane" "github.com/hashicorp/go-hclog" mock "github.com/stretchr/testify/mock" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/agent/grpc/public" + "github.com/hashicorp/consul/agent/grpc/public/testutils" + "github.com/hashicorp/consul/proto-public/pbdataplane" ) const testACLToken = "acl-token" diff --git a/agent/grpc/public/services/dataplane/mock_ACLResolver.go b/agent/grpc/public/services/dataplane/mock_ACLResolver.go index 364e17e66b..39d4b54770 100644 --- a/agent/grpc/public/services/dataplane/mock_ACLResolver.go +++ b/agent/grpc/public/services/dataplane/mock_ACLResolver.go @@ -3,10 +3,9 @@ package dataplane import ( - acl "github.com/hashicorp/consul/acl" mock "github.com/stretchr/testify/mock" - structs "github.com/hashicorp/consul/agent/structs" + acl "github.com/hashicorp/consul/acl" ) // MockACLResolver is an autogenerated mock type for the ACLResolver type @@ -15,11 +14,11 @@ type MockACLResolver struct { } // ResolveTokenAndDefaultMeta provides a mock function with given fields: _a0, _a1, _a2 -func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *structs.EnterpriseMeta, _a2 *acl.AuthorizerContext) (acl.Authorizer, error) { +func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *acl.EnterpriseMeta, _a2 *acl.AuthorizerContext) (acl.Authorizer, error) { ret := _m.Called(_a0, _a1, _a2) var r0 acl.Authorizer - if rf, ok := ret.Get(0).(func(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) acl.Authorizer); ok { + if rf, ok := ret.Get(0).(func(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) acl.Authorizer); ok { r0 = rf(_a0, _a1, _a2) } else { if ret.Get(0) != nil { @@ -28,7 +27,7 @@ func (_m *MockACLResolver) ResolveTokenAndDefaultMeta(_a0 string, _a1 *structs.E } var r1 error - if rf, ok := ret.Get(1).(func(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) error); ok { + if rf, ok := ret.Get(1).(func(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) error); ok { r1 = rf(_a0, _a1, _a2) } else { r1 = ret.Error(1) diff --git a/agent/grpc/public/services/dataplane/server.go b/agent/grpc/public/services/dataplane/server.go index 90a050e224..6c05a0d08f 100644 --- a/agent/grpc/public/services/dataplane/server.go +++ b/agent/grpc/public/services/dataplane/server.go @@ -1,11 +1,11 @@ package dataplane import ( - "github.com/hashicorp/consul/acl" - "github.com/hashicorp/consul/agent/structs" - "github.com/hashicorp/consul/proto-public/pbdataplane" "github.com/hashicorp/go-hclog" "google.golang.org/grpc" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/proto-public/pbdataplane" ) type Server struct { @@ -19,7 +19,7 @@ type Config struct { //go:generate mockery -name ACLResolver -inpkg type ACLResolver interface { - ResolveTokenAndDefaultMeta(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) (acl.Authorizer, error) + ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (acl.Authorizer, error) } func NewServer(cfg Config) *Server { diff --git a/agent/grpc/public/testutils/acl.go b/agent/grpc/public/testutils/acl.go index 0c640d2666..3bea248bae 100644 --- a/agent/grpc/public/testutils/acl.go +++ b/agent/grpc/public/testutils/acl.go @@ -3,8 +3,9 @@ package testutils import ( "testing" - "github.com/hashicorp/consul/acl" "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/acl" ) func TestAuthorizer(t *testing.T) acl.Authorizer { diff --git a/agent/http_oss.go b/agent/http_oss.go index 797070ea10..c14c31d8de 100644 --- a/agent/http_oss.go +++ b/agent/http_oss.go @@ -8,10 +8,11 @@ import ( "net/http" "strings" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) -func (s *HTTPHandlers) parseEntMeta(req *http.Request, entMeta *structs.EnterpriseMeta) error { +func (s *HTTPHandlers) parseEntMeta(req *http.Request, entMeta *acl.EnterpriseMeta) error { if headerNS := req.Header.Get("X-Consul-Namespace"); headerNS != "" { return BadRequestError{Reason: "Invalid header: \"X-Consul-Namespace\" - Namespaces are a Consul Enterprise feature"} } @@ -46,7 +47,7 @@ func (s *HTTPHandlers) validateEnterpriseIntentionNamespace(logName, ns string, return BadRequestError{Reason: "Invalid " + logName + "(" + ns + ")" + ": Namespaces is a Consul Enterprise feature"} } -func (s *HTTPHandlers) parseEntMetaNoWildcard(req *http.Request, _ *structs.EnterpriseMeta) error { +func (s *HTTPHandlers) parseEntMetaNoWildcard(req *http.Request, _ *acl.EnterpriseMeta) error { return s.parseEntMeta(req, nil) } @@ -88,7 +89,7 @@ func (s *HTTPHandlers) uiTemplateDataTransform(data map[string]interface{}) erro return nil } -func (s *HTTPHandlers) parseEntMetaPartition(req *http.Request, meta *structs.EnterpriseMeta) error { +func (s *HTTPHandlers) parseEntMetaPartition(req *http.Request, meta *acl.EnterpriseMeta) error { if headerAP := req.Header.Get("X-Consul-Partition"); headerAP != "" { return BadRequestError{Reason: "Invalid header: \"X-Consul-Partition\" - Partitions are a Consul Enterprise feature"} } diff --git a/agent/intentions_endpoint.go b/agent/intentions_endpoint.go index 4c326b4f1e..b99911f7f6 100644 --- a/agent/intentions_endpoint.go +++ b/agent/intentions_endpoint.go @@ -5,6 +5,7 @@ import ( "net/http" "strings" + "github.com/hashicorp/consul/acl" cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/consul" "github.com/hashicorp/consul/agent/structs" @@ -51,11 +52,11 @@ func (s *HTTPHandlers) IntentionList(resp http.ResponseWriter, req *http.Request func (s *HTTPHandlers) IntentionCreate(resp http.ResponseWriter, req *http.Request) (interface{}, error) { // Method is tested in IntentionEndpoint - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } - if entMeta.PartitionOrDefault() != structs.PartitionOrDefault("") { + if entMeta.PartitionOrDefault() != acl.PartitionOrDefault("") { return nil, BadRequestError{Reason: "Cannot use a partition with this endpoint"} } @@ -114,7 +115,7 @@ func (s *HTTPHandlers) IntentionMatch(resp http.ResponseWriter, req *http.Reques return nil, nil } - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -207,7 +208,7 @@ func (s *HTTPHandlers) IntentionCheck(resp http.ResponseWriter, req *http.Reques return nil, nil } - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -275,7 +276,7 @@ func (s *HTTPHandlers) IntentionExact(resp http.ResponseWriter, req *http.Reques // GET /v1/connect/intentions/exact func (s *HTTPHandlers) IntentionGetExact(resp http.ResponseWriter, req *http.Request) (interface{}, error) { - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -349,7 +350,7 @@ func (s *HTTPHandlers) IntentionGetExact(resp http.ResponseWriter, req *http.Req // PUT /v1/connect/intentions/exact func (s *HTTPHandlers) IntentionPutExact(resp http.ResponseWriter, req *http.Request) (interface{}, error) { - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -391,7 +392,7 @@ func (s *HTTPHandlers) IntentionPutExact(resp http.ResponseWriter, req *http.Req // DELETE /v1/connect/intentions/exact func (s *HTTPHandlers) IntentionDeleteExact(resp http.ResponseWriter, req *http.Request) (interface{}, error) { - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -427,7 +428,7 @@ func (s *HTTPHandlers) IntentionDeleteExact(resp http.ResponseWriter, req *http. // intentionCreateResponse is the response structure for creating an intention. type intentionCreateResponse struct{ ID string } -func parseIntentionQueryExact(req *http.Request, entMeta *structs.EnterpriseMeta) (*structs.IntentionQueryExact, error) { +func parseIntentionQueryExact(req *http.Request, entMeta *acl.EnterpriseMeta) (*structs.IntentionQueryExact, error) { q := req.URL.Query() // Extract the source/destination @@ -464,7 +465,7 @@ func parseIntentionQueryExact(req *http.Request, entMeta *structs.EnterpriseMeta return &exact, nil } -func parseIntentionStringComponent(input string, entMeta *structs.EnterpriseMeta) (string, string, string, error) { +func parseIntentionStringComponent(input string, entMeta *acl.EnterpriseMeta) (string, string, string, error) { ss := strings.Split(input, "/") switch len(ss) { case 1: // Name only @@ -547,11 +548,11 @@ func (s *HTTPHandlers) IntentionSpecificGet(id string, resp http.ResponseWriter, func (s *HTTPHandlers) IntentionSpecificUpdate(id string, resp http.ResponseWriter, req *http.Request) (interface{}, error) { // Method is tested in IntentionEndpoint - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } - if entMeta.PartitionOrDefault() != structs.PartitionOrDefault("") { + if entMeta.PartitionOrDefault() != acl.PartitionOrDefault("") { return nil, BadRequestError{Reason: "Cannot use a partition with this endpoint"} } diff --git a/agent/intentions_endpoint_test.go b/agent/intentions_endpoint_test.go index 5b7965c5c5..62190cf9ba 100644 --- a/agent/intentions_endpoint_test.go +++ b/agent/intentions_endpoint_test.go @@ -9,6 +9,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/sdk/testutil" "github.com/hashicorp/consul/testrpc" @@ -786,7 +787,7 @@ func TestParseIntentionStringComponent(t *testing.T) { for _, tc := range cases { t.Run(tc.TestName, func(t *testing.T) { - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta ap, ns, name, err := parseIntentionStringComponent(tc.Input, &entMeta) if tc.Err { require.Error(t, err) diff --git a/agent/local/state.go b/agent/local/state.go index e0bc8ae11f..9a2e00a943 100644 --- a/agent/local/state.go +++ b/agent/local/state.go @@ -154,7 +154,7 @@ func (c *CheckState) CriticalFor() time.Duration { type rpc interface { RPC(method string, args interface{}, reply interface{}) error - ResolveTokenAndDefaultMeta(token string, entMeta *structs.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) + ResolveTokenAndDefaultMeta(token string, entMeta *acl.EnterpriseMeta, authzContext *acl.AuthorizerContext) (consul.ACLResolveResult, error) } // State is used to represent the node's services, @@ -181,7 +181,7 @@ type State struct { // Config is the agent config config Config - agentEnterpriseMeta structs.EnterpriseMeta + agentEnterpriseMeta acl.EnterpriseMeta // nodeInfoInSync tracks whether the server has our correct top-level // node information in sync @@ -411,11 +411,11 @@ func (l *State) AllServices() map[structs.ServiceID]*structs.NodeService { // and are being kept in sync with the server // // Results are scoped to the provided namespace and partition. -func (l *State) Services(entMeta *structs.EnterpriseMeta) map[structs.ServiceID]*structs.NodeService { +func (l *State) Services(entMeta *acl.EnterpriseMeta) map[structs.ServiceID]*structs.NodeService { return l.listServices(true, entMeta) } -func (l *State) listServices(filtered bool, entMeta *structs.EnterpriseMeta) map[structs.ServiceID]*structs.NodeService { +func (l *State) listServices(filtered bool, entMeta *acl.EnterpriseMeta) map[structs.ServiceID]*structs.NodeService { l.RLock() defer l.RUnlock() @@ -487,7 +487,7 @@ func (l *State) setServiceStateLocked(s *ServiceState) { // ServiceStates returns a shallow copy of all service state records. // The service record still points to the original service record and // must not be modified. -func (l *State) ServiceStates(entMeta *structs.EnterpriseMeta) map[structs.ServiceID]*ServiceState { +func (l *State) ServiceStates(entMeta *acl.EnterpriseMeta) map[structs.ServiceID]*ServiceState { l.RLock() defer l.RUnlock() @@ -553,7 +553,7 @@ func (l *State) addCheckLocked(check *structs.HealthCheck, token string) error { // hard-set the node name and partition check.Node = l.config.NodeName - check.EnterpriseMeta = structs.NewEnterpriseMetaWithPartition( + check.EnterpriseMeta = acl.NewEnterpriseMetaWithPartition( l.agentEnterpriseMeta.PartitionOrEmpty(), check.NamespaceOrEmpty(), ) @@ -752,11 +752,11 @@ func (l *State) AllChecks() map[structs.CheckID]*structs.HealthCheck { // agent is aware of and are being kept in sync with the server // // Results are scoped to the provided namespace and partition. -func (l *State) Checks(entMeta *structs.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck { +func (l *State) Checks(entMeta *acl.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck { return l.listChecks(true, entMeta) } -func (l *State) listChecks(filtered bool, entMeta *structs.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck { +func (l *State) listChecks(filtered bool, entMeta *acl.EnterpriseMeta) map[structs.CheckID]*structs.HealthCheck { m := make(map[structs.CheckID]*structs.HealthCheck) for id, c := range l.listCheckStates(filtered, entMeta) { m[id] = c.Check @@ -846,11 +846,11 @@ func (l *State) AllCheckStates() map[structs.CheckID]*CheckState { // The defer timers still point to the original values and must not be modified. // // Results are scoped to the provided namespace and partition. -func (l *State) CheckStates(entMeta *structs.EnterpriseMeta) map[structs.CheckID]*CheckState { +func (l *State) CheckStates(entMeta *acl.EnterpriseMeta) map[structs.CheckID]*CheckState { return l.listCheckStates(true, entMeta) } -func (l *State) listCheckStates(filtered bool, entMeta *structs.EnterpriseMeta) map[structs.CheckID]*CheckState { +func (l *State) listCheckStates(filtered bool, entMeta *acl.EnterpriseMeta) map[structs.CheckID]*CheckState { l.RLock() defer l.RUnlock() @@ -883,11 +883,11 @@ func (l *State) AllCriticalCheckStates() map[structs.CheckID]*CheckState { // The defer timers still point to the original values and must not be modified. // // Results are scoped to the provided namespace and partition. -func (l *State) CriticalCheckStates(entMeta *structs.EnterpriseMeta) map[structs.CheckID]*CheckState { +func (l *State) CriticalCheckStates(entMeta *acl.EnterpriseMeta) map[structs.CheckID]*CheckState { return l.listCriticalCheckStates(true, entMeta) } -func (l *State) listCriticalCheckStates(filtered bool, entMeta *structs.EnterpriseMeta) map[structs.CheckID]*CheckState { +func (l *State) listCriticalCheckStates(filtered bool, entMeta *acl.EnterpriseMeta) map[structs.CheckID]*CheckState { l.RLock() defer l.RUnlock() diff --git a/agent/local/state_test.go b/agent/local/state_test.go index be4cb6aa4d..c75d0234c3 100644 --- a/agent/local/state_test.go +++ b/agent/local/state_test.go @@ -2156,7 +2156,7 @@ func TestAgent_sendCoordinate(t *testing.T) { }) } -func servicesInSync(state *local.State, wantServices int, entMeta *structs.EnterpriseMeta) error { +func servicesInSync(state *local.State, wantServices int, entMeta *acl.EnterpriseMeta) error { services := state.ServiceStates(entMeta) if got, want := len(services), wantServices; got != want { return fmt.Errorf("got %d services want %d", got, want) @@ -2169,7 +2169,7 @@ func servicesInSync(state *local.State, wantServices int, entMeta *structs.Enter return nil } -func checksInSync(state *local.State, wantChecks int, entMeta *structs.EnterpriseMeta) error { +func checksInSync(state *local.State, wantChecks int, entMeta *acl.EnterpriseMeta) error { checks := state.CheckStates(entMeta) if got, want := len(checks), wantChecks; got != want { return fmt.Errorf("got %d checks want %d", got, want) @@ -2421,6 +2421,6 @@ func (f *fakeRPC) RPC(method string, args interface{}, reply interface{}) error return nil } -func (f *fakeRPC) ResolveTokenAndDefaultMeta(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) (consul.ACLResolveResult, error) { +func (f *fakeRPC) ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (consul.ACLResolveResult, error) { return consul.ACLResolveResult{}, nil } diff --git a/agent/operator_endpoint.go b/agent/operator_endpoint.go index e43302aef3..4a33497a80 100644 --- a/agent/operator_endpoint.go +++ b/agent/operator_endpoint.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/raft" autopilot "github.com/hashicorp/raft-autopilot" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" ) @@ -175,7 +176,7 @@ func keyringErrorsOrNil(responses []*structs.KeyringResponse) error { } if response.Segment != "" { pool += " [segment: " + response.Segment + "]" - } else if !structs.IsDefaultPartition(response.Partition) { + } else if !acl.IsDefaultPartition(response.Partition) { pool += " [partition: " + response.Partition + "]" } errs = multierror.Append(errs, fmt.Errorf("%s error: %s", pool, response.Error)) diff --git a/agent/proxycfg/manager_test.go b/agent/proxycfg/manager_test.go index 61454a074b..9b62897033 100644 --- a/agent/proxycfg/manager_test.go +++ b/agent/proxycfg/manager_test.go @@ -10,6 +10,7 @@ import ( "github.com/stretchr/testify/require" "golang.org/x/time/rate" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/connect" @@ -251,7 +252,7 @@ func TestManager_BasicLifecycle(t *testing.T) { IntentionsSet: true, }, Datacenter: "dc1", - Locality: GatewayKey{Datacenter: "dc1", Partition: structs.PartitionOrDefault("")}, + Locality: GatewayKey{Datacenter: "dc1", Partition: acl.PartitionOrDefault("")}, }, }, { @@ -311,7 +312,7 @@ func TestManager_BasicLifecycle(t *testing.T) { IntentionsSet: true, }, Datacenter: "dc1", - Locality: GatewayKey{Datacenter: "dc1", Partition: structs.PartitionOrDefault("")}, + Locality: GatewayKey{Datacenter: "dc1", Partition: acl.PartitionOrDefault("")}, }, }, } diff --git a/agent/proxycfg/naming.go b/agent/proxycfg/naming.go index 5a5f209758..e222c8fe3c 100644 --- a/agent/proxycfg/naming.go +++ b/agent/proxycfg/naming.go @@ -3,6 +3,7 @@ package proxycfg import ( "strings" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) @@ -10,7 +11,7 @@ type UpstreamID struct { Type string Name string Datacenter string - structs.EnterpriseMeta + acl.EnterpriseMeta } func NewUpstreamID(u *structs.Upstream) UpstreamID { @@ -18,7 +19,7 @@ func NewUpstreamID(u *structs.Upstream) UpstreamID { Type: u.DestinationType, Name: u.DestinationName, Datacenter: u.Datacenter, - EnterpriseMeta: structs.NewEnterpriseMetaWithPartition( + EnterpriseMeta: acl.NewEnterpriseMetaWithPartition( u.DestinationPartition, u.DestinationNamespace, ), @@ -57,7 +58,7 @@ func NewUpstreamIDFromTargetID(tid string) UpstreamID { id := UpstreamID{ Name: split[0], - EnterpriseMeta: structs.NewEnterpriseMetaWithPartition(split[2], split[1]), + EnterpriseMeta: acl.NewEnterpriseMetaWithPartition(split[2], split[1]), Datacenter: split[3], } id.normalize() @@ -96,7 +97,7 @@ func UpstreamIDFromString(input string) UpstreamID { const upstreamTypePreparedQueryPrefix = structs.UpstreamDestTypePreparedQuery + ":" -func ParseUpstreamIDString(input string) (typ, dc, name string, meta *structs.EnterpriseMeta) { +func ParseUpstreamIDString(input string) (typ, dc, name string, meta *acl.EnterpriseMeta) { if strings.HasPrefix(input, upstreamTypePreparedQueryPrefix) { typ = structs.UpstreamDestTypePreparedQuery input = strings.TrimPrefix(input, upstreamTypePreparedQueryPrefix) diff --git a/agent/proxycfg/naming_oss.go b/agent/proxycfg/naming_oss.go index bbcf1d0e82..2ba2d99964 100644 --- a/agent/proxycfg/naming_oss.go +++ b/agent/proxycfg/naming_oss.go @@ -4,10 +4,11 @@ package proxycfg import ( + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) -func UpstreamIDString(typ, dc, name string, _ *structs.EnterpriseMeta) string { +func UpstreamIDString(typ, dc, name string, _ *acl.EnterpriseMeta) string { ret := name if dc != "" { @@ -21,7 +22,7 @@ func UpstreamIDString(typ, dc, name string, _ *structs.EnterpriseMeta) string { return typ + ":" + ret } -func parseInnerUpstreamIDString(input string) (string, *structs.EnterpriseMeta) { +func parseInnerUpstreamIDString(input string) (string, *acl.EnterpriseMeta) { return input, structs.DefaultEnterpriseMetaInDefaultPartition() } diff --git a/agent/proxycfg/snapshot.go b/agent/proxycfg/snapshot.go index cebf0b2e9c..7cf669a89d 100644 --- a/agent/proxycfg/snapshot.go +++ b/agent/proxycfg/snapshot.go @@ -86,7 +86,7 @@ type GatewayKey struct { func (k GatewayKey) String() string { resp := k.Datacenter - if !structs.IsDefaultPartition(k.Partition) { + if !acl.IsDefaultPartition(k.Partition) { resp = k.Partition + "." + resp } return resp @@ -97,7 +97,7 @@ func (k GatewayKey) IsEmpty() bool { } func (k GatewayKey) Matches(dc, partition string) bool { - return structs.EqualPartitions(k.Partition, partition) && k.Datacenter == dc + return acl.EqualPartitions(k.Partition, partition) && k.Datacenter == dc } func gatewayKeyFromString(s string) GatewayKey { diff --git a/agent/proxycfg/state_test.go b/agent/proxycfg/state_test.go index 5a88c2880a..29004eeaf1 100644 --- a/agent/proxycfg/state_test.go +++ b/agent/proxycfg/state_test.go @@ -10,6 +10,7 @@ import ( "github.com/hashicorp/go-hclog" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/consul/discoverychain" @@ -2581,7 +2582,7 @@ func Test_hostnameEndpoints(t *testing.T) { cases := []testCase{ { name: "same locality and no LAN hostname endpoints", - localKey: GatewayKey{Datacenter: "dc1", Partition: structs.PartitionOrDefault("")}, + localKey: GatewayKey{Datacenter: "dc1", Partition: acl.PartitionOrDefault("")}, nodes: structs.CheckServiceNodes{ { Node: &structs.Node{ @@ -2608,7 +2609,7 @@ func Test_hostnameEndpoints(t *testing.T) { }, { name: "same locality and one LAN hostname endpoint", - localKey: GatewayKey{Datacenter: "dc1", Partition: structs.PartitionOrDefault("")}, + localKey: GatewayKey{Datacenter: "dc1", Partition: acl.PartitionOrDefault("")}, nodes: structs.CheckServiceNodes{ { Node: &structs.Node{ @@ -2646,7 +2647,7 @@ func Test_hostnameEndpoints(t *testing.T) { }, { name: "different locality and one WAN hostname endpoint", - localKey: GatewayKey{Datacenter: "dc2", Partition: structs.PartitionOrDefault("")}, + localKey: GatewayKey{Datacenter: "dc2", Partition: acl.PartitionOrDefault("")}, nodes: structs.CheckServiceNodes{ { Node: &structs.Node{ diff --git a/agent/proxycfg/testing_ingress_gateway.go b/agent/proxycfg/testing_ingress_gateway.go index 7686993ba1..b0f09449df 100644 --- a/agent/proxycfg/testing_ingress_gateway.go +++ b/agent/proxycfg/testing_ingress_gateway.go @@ -6,6 +6,7 @@ import ( "github.com/mitchellh/go-testing-interface" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/discoverychain" @@ -882,13 +883,13 @@ func TestConfigSnapshotIngress_MultipleListenersDuplicateService(t testing.T) *C func TestConfigSnapshotIngressGatewayWithChain( t testing.T, variant string, - webEntMeta, fooEntMeta *structs.EnterpriseMeta, + webEntMeta, fooEntMeta *acl.EnterpriseMeta, ) *ConfigSnapshot { if webEntMeta == nil { - webEntMeta = &structs.EnterpriseMeta{} + webEntMeta = &acl.EnterpriseMeta{} } if fooEntMeta == nil { - fooEntMeta = &structs.EnterpriseMeta{} + fooEntMeta = &acl.EnterpriseMeta{} } var ( diff --git a/agent/proxycfg/upstreams.go b/agent/proxycfg/upstreams.go index f8daf340f0..e38ddeb63a 100644 --- a/agent/proxycfg/upstreams.go +++ b/agent/proxycfg/upstreams.go @@ -8,6 +8,7 @@ import ( "github.com/mitchellh/mapstructure" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" cachetype "github.com/hashicorp/consul/agent/cache-types" "github.com/hashicorp/consul/agent/structs" @@ -283,7 +284,7 @@ func (s *handlerUpstreams) resetWatchesFromChain( // Outside of transparent mode we only watch the chain target, B, // since A is a virtual service and traffic will not be sent to it. if !watchedChainEndpoints && s.proxyCfg.Mode == structs.ProxyModeTransparent { - chainEntMeta := structs.NewEnterpriseMetaWithPartition(chain.Partition, chain.Namespace) + chainEntMeta := acl.NewEnterpriseMetaWithPartition(chain.Partition, chain.Namespace) opts := targetWatchOpts{ upstreamID: uid, @@ -356,7 +357,7 @@ type targetWatchOpts struct { service string filter string datacenter string - entMeta *structs.EnterpriseMeta + entMeta *acl.EnterpriseMeta } func (s *handlerUpstreams) watchUpstreamTarget(ctx context.Context, snap *ConfigSnapshotUpstreams, opts targetWatchOpts) error { @@ -366,7 +367,7 @@ func (s *handlerUpstreams) watchUpstreamTarget(ctx context.Context, snap *Config "target", opts.chainID, ) - var finalMeta structs.EnterpriseMeta + var finalMeta acl.EnterpriseMeta finalMeta.Merge(opts.entMeta) correlationID := "upstream-target:" + opts.chainID + ":" + opts.upstreamID.String() diff --git a/agent/structs/acl_cache_test.go b/agent/structs/acl_cache_test.go index 2d527b7aa9..9a5ba3707f 100644 --- a/agent/structs/acl_cache_test.go +++ b/agent/structs/acl_cache_test.go @@ -3,8 +3,9 @@ package structs import ( "testing" - "github.com/hashicorp/consul/acl" "github.com/stretchr/testify/require" + + "github.com/hashicorp/consul/acl" ) func TestStructs_ACLCaches(t *testing.T) { diff --git a/agent/structs/check_definition.go b/agent/structs/check_definition.go index c6967d2fc3..5e77682706 100644 --- a/agent/structs/check_definition.go +++ b/agent/structs/check_definition.go @@ -1,9 +1,10 @@ package structs import ( - "github.com/hashicorp/consul/acl" "time" + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/lib" "github.com/hashicorp/consul/types" diff --git a/agent/structs/config_entry.go b/agent/structs/config_entry.go index 1fe7cad736..fabb5dae91 100644 --- a/agent/structs/config_entry.go +++ b/agent/structs/config_entry.go @@ -6,11 +6,12 @@ import ( "strings" "time" - "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" "github.com/hashicorp/go-multierror" "github.com/mitchellh/hashstructure" "github.com/mitchellh/mapstructure" + "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/lib" diff --git a/agent/structs/config_entry_test.go b/agent/structs/config_entry_test.go index 5203bcc004..90931907ef 100644 --- a/agent/structs/config_entry_test.go +++ b/agent/structs/config_entry_test.go @@ -7,12 +7,13 @@ import ( "time" "github.com/google/go-cmp/cmp" - "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" "github.com/hashicorp/hcl" "github.com/mitchellh/copystructure" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/sdk/testutil" diff --git a/agent/structs/discovery_chain.go b/agent/structs/discovery_chain.go index 17b9ee77aa..c2738f8421 100644 --- a/agent/structs/discovery_chain.go +++ b/agent/structs/discovery_chain.go @@ -3,9 +3,10 @@ package structs import ( "encoding/json" "fmt" - "github.com/hashicorp/consul/acl" "time" + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/lib" ) diff --git a/agent/structs/structs.go b/agent/structs/structs.go index 46dbbe7c5b..1ea8eb3cad 100644 --- a/agent/structs/structs.go +++ b/agent/structs/structs.go @@ -6,8 +6,6 @@ import ( "crypto/sha256" "encoding/json" "fmt" - "github.com/golang/protobuf/ptypes/duration" - "github.com/golang/protobuf/ptypes/timestamp" "math/rand" "reflect" "regexp" @@ -16,13 +14,18 @@ import ( "strings" "time" + "github.com/golang/protobuf/ptypes/duration" + "github.com/golang/protobuf/ptypes/timestamp" + "github.com/golang/protobuf/proto" - "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" "github.com/hashicorp/go-multierror" "github.com/hashicorp/serf/coordinate" "github.com/mitchellh/hashstructure" + "github.com/hashicorp/consul-net-rpc/go-msgpack/codec" + ptypes "github.com/golang/protobuf/ptypes" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/cache" "github.com/hashicorp/consul/api" diff --git a/agent/submatview/store_integration_test.go b/agent/submatview/store_integration_test.go index 69dab7cfcd..49cb67677a 100644 --- a/agent/submatview/store_integration_test.go +++ b/agent/submatview/store_integration_test.go @@ -142,7 +142,7 @@ type backend struct { pub *stream.EventPublisher } -func (b backend) ResolveTokenAndDefaultMeta(string, *structs.EnterpriseMeta, *acl.AuthorizerContext) (acl.Authorizer, error) { +func (b backend) ResolveTokenAndDefaultMeta(string, *acl.EnterpriseMeta, *acl.AuthorizerContext) (acl.Authorizer, error) { return acl.AllowAll(), nil } diff --git a/agent/txn_endpoint.go b/agent/txn_endpoint.go index 58a1cd4b0f..54338c86b8 100644 --- a/agent/txn_endpoint.go +++ b/agent/txn_endpoint.go @@ -7,6 +7,7 @@ import ( "strings" "time" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/types" @@ -147,7 +148,7 @@ func (s *HTTPHandlers) convertOps(resp http.ResponseWriter, req *http.Request) ( Value: in.KV.Value, Flags: in.KV.Flags, Session: in.KV.Session, - EnterpriseMeta: structs.NewEnterpriseMetaWithPartition( + EnterpriseMeta: acl.NewEnterpriseMetaWithPartition( in.KV.Partition, in.KV.Namespace, ), @@ -211,7 +212,7 @@ func (s *HTTPHandlers) convertOps(resp http.ResponseWriter, req *http.Request) ( Warning: svc.Weights.Warning, }, EnableTagOverride: svc.EnableTagOverride, - EnterpriseMeta: structs.NewEnterpriseMetaWithPartition( + EnterpriseMeta: acl.NewEnterpriseMetaWithPartition( svc.Partition, svc.Namespace, ), @@ -274,7 +275,7 @@ func (s *HTTPHandlers) convertOps(resp http.ResponseWriter, req *http.Request) ( Timeout: timeout, DeregisterCriticalServiceAfter: deregisterCriticalServiceAfter, }, - EnterpriseMeta: structs.NewEnterpriseMetaWithPartition( + EnterpriseMeta: acl.NewEnterpriseMetaWithPartition( check.Partition, check.Namespace, ), diff --git a/agent/ui_endpoint.go b/agent/ui_endpoint.go index 1defb241b9..dfe14e9d5a 100644 --- a/agent/ui_endpoint.go +++ b/agent/ui_endpoint.go @@ -37,7 +37,7 @@ type ServiceSummary struct { transparentProxySet bool ConnectNative bool - structs.EnterpriseMeta + acl.EnterpriseMeta } func (s *ServiceSummary) LessThan(other *ServiceSummary) bool { @@ -582,7 +582,7 @@ func (s *HTTPHandlers) UIGatewayIntentions(resp http.ResponseWriter, req *http.R return nil, nil } - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaNoWildcard(req, &entMeta); err != nil { return nil, err } @@ -642,7 +642,7 @@ func (s *HTTPHandlers) UIMetricsProxy(resp http.ResponseWriter, req *http.Reques // Clear the token from the headers so we don't end up proxying it. s.clearTokenFromHeaders(req) - var entMeta structs.EnterpriseMeta + var entMeta acl.EnterpriseMeta if err := s.parseEntMetaPartition(req, &entMeta); err != nil { return nil, err } diff --git a/agent/xds/endpoints.go b/agent/xds/endpoints.go index b1a38f0cd2..711f854b20 100644 --- a/agent/xds/endpoints.go +++ b/agent/xds/endpoints.go @@ -11,6 +11,7 @@ import ( "github.com/golang/protobuf/proto" bexpr "github.com/hashicorp/go-bexpr" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/proxycfg" "github.com/hashicorp/consul/agent/structs" @@ -564,7 +565,7 @@ func makeLoadAssignmentEndpointGroup( gatewayKey = localKey } - if gatewayKey.IsEmpty() || (structs.EqualPartitions(localKey.Partition, target.Partition) && localKey.Datacenter == target.Datacenter) { + if gatewayKey.IsEmpty() || (acl.EqualPartitions(localKey.Partition, target.Partition) && localKey.Datacenter == target.Datacenter) { // Gateways are not needed if the request isn't for a remote DC or partition. return loadAssignmentEndpointGroup{ Endpoints: realEndpoints, diff --git a/agent/xds/listeners.go b/agent/xds/listeners.go index bca152ad95..b9b7855b90 100644 --- a/agent/xds/listeners.go +++ b/agent/xds/listeners.go @@ -11,6 +11,7 @@ import ( "strings" "time" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/connect/ca" "github.com/hashicorp/consul/types" @@ -192,7 +193,7 @@ func (s *ResourceGenerator) listenersFromSnapshotConnectProxy(cfgSnap *proxycfg. // The virtualIPTag is used by consul-k8s to store the ClusterIP for a service. // We only match on this virtual IP if the upstream is in the proxy's partition. // This is because the IP is not guaranteed to be unique across k8s clusters. - if structs.EqualPartitions(e.Node.PartitionOrDefault(), cfgSnap.ProxyID.PartitionOrDefault()) { + if acl.EqualPartitions(e.Node.PartitionOrDefault(), cfgSnap.ProxyID.PartitionOrDefault()) { if vip := e.Service.TaggedAddresses[virtualIPTag]; vip.Address != "" { uniqueAddrs[vip.Address] = struct{}{} } diff --git a/agent/xds/server_oss.go b/agent/xds/server_oss.go index a9a01908de..dc5ab309ce 100644 --- a/agent/xds/server_oss.go +++ b/agent/xds/server_oss.go @@ -6,9 +6,10 @@ package xds import ( envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" ) -func parseEnterpriseMeta(node *envoy_core_v3.Node) *structs.EnterpriseMeta { +func parseEnterpriseMeta(node *envoy_core_v3.Node) *acl.EnterpriseMeta { return structs.DefaultEnterpriseMetaInDefaultPartition() } diff --git a/command/acl/bindingrule/delete/bindingrule_delete.go b/command/acl/bindingrule/delete/bindingrule_delete.go index 49dac4e590..9386992516 100644 --- a/command/acl/bindingrule/delete/bindingrule_delete.go +++ b/command/acl/bindingrule/delete/bindingrule_delete.go @@ -4,9 +4,10 @@ import ( "flag" "fmt" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/bindingrule/update/bindingrule_update.go b/command/acl/bindingrule/update/bindingrule_update.go index d3d0eb4625..aa667f01e4 100644 --- a/command/acl/bindingrule/update/bindingrule_update.go +++ b/command/acl/bindingrule/update/bindingrule_update.go @@ -5,11 +5,12 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/bindingrule" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/policy/create/policy_create.go b/command/acl/policy/create/policy_create.go index 00546ff183..46bc2b596c 100644 --- a/command/acl/policy/create/policy_create.go +++ b/command/acl/policy/create/policy_create.go @@ -6,13 +6,14 @@ import ( "io" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/api" aclhelpers "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/policy" "github.com/hashicorp/consul/command/flags" "github.com/hashicorp/consul/command/helpers" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/policy/delete/policy_delete.go b/command/acl/policy/delete/policy_delete.go index 109cdb9ac3..69d23d2a8b 100644 --- a/command/acl/policy/delete/policy_delete.go +++ b/command/acl/policy/delete/policy_delete.go @@ -4,9 +4,10 @@ import ( "flag" "fmt" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/policy/read/policy_read.go b/command/acl/policy/read/policy_read.go index c5be7f63b4..455f5e5f7d 100644 --- a/command/acl/policy/read/policy_read.go +++ b/command/acl/policy/read/policy_read.go @@ -5,11 +5,12 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/policy" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/policy/update/policy_update.go b/command/acl/policy/update/policy_update.go index 4af67cfe26..5d0768a803 100644 --- a/command/acl/policy/update/policy_update.go +++ b/command/acl/policy/update/policy_update.go @@ -6,12 +6,13 @@ import ( "io" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/policy" "github.com/hashicorp/consul/command/flags" "github.com/hashicorp/consul/command/helpers" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/role/create/role_create.go b/command/acl/role/create/role_create.go index c4f4804640..9afbfe8416 100644 --- a/command/acl/role/create/role_create.go +++ b/command/acl/role/create/role_create.go @@ -5,11 +5,12 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/role" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/role/delete/role_delete.go b/command/acl/role/delete/role_delete.go index d438583799..41fbb26a3c 100644 --- a/command/acl/role/delete/role_delete.go +++ b/command/acl/role/delete/role_delete.go @@ -4,9 +4,10 @@ import ( "flag" "fmt" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/role/read/role_read.go b/command/acl/role/read/role_read.go index 5d46dbad24..c22c48477a 100644 --- a/command/acl/role/read/role_read.go +++ b/command/acl/role/read/role_read.go @@ -5,11 +5,12 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/role" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/role/update/role_update.go b/command/acl/role/update/role_update.go index c9b116a300..d229fd47be 100644 --- a/command/acl/role/update/role_update.go +++ b/command/acl/role/update/role_update.go @@ -5,11 +5,12 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/role" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/rules/translate.go b/command/acl/rules/translate.go index cdd423943f..b8053ba74f 100644 --- a/command/acl/rules/translate.go +++ b/command/acl/rules/translate.go @@ -6,11 +6,12 @@ import ( "io" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/acl" aclhelpers "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/flags" "github.com/hashicorp/consul/command/helpers" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/token/clone/token_clone.go b/command/acl/token/clone/token_clone.go index 129a451cf9..c7c90435f6 100644 --- a/command/acl/token/clone/token_clone.go +++ b/command/acl/token/clone/token_clone.go @@ -5,10 +5,11 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/token" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/token/create/token_create.go b/command/acl/token/create/token_create.go index 15ac10cb9b..8be4724752 100644 --- a/command/acl/token/create/token_create.go +++ b/command/acl/token/create/token_create.go @@ -6,11 +6,12 @@ import ( "strings" "time" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/token" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/token/delete/token_delete.go b/command/acl/token/delete/token_delete.go index 94af0c1bce..4d265bcf6d 100644 --- a/command/acl/token/delete/token_delete.go +++ b/command/acl/token/delete/token_delete.go @@ -4,9 +4,10 @@ import ( "flag" "fmt" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/token/formatter.go b/command/acl/token/formatter.go index a1eb050ba8..cc56710020 100644 --- a/command/acl/token/formatter.go +++ b/command/acl/token/formatter.go @@ -6,6 +6,7 @@ import ( "fmt" "strings" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/api" ) @@ -165,7 +166,7 @@ func (f *prettyFormatter) FormatTokenExpanded(token *api.ACLTokenExpanded) (stri } } - entMeta := structs.NewEnterpriseMetaWithPartition(token.Partition, token.Namespace) + entMeta := acl.NewEnterpriseMetaWithPartition(token.Partition, token.Namespace) formatServiceIdentity := func(svcIdentity *api.ACLServiceIdentity, indent string) { if len(svcIdentity.Datacenters) > 0 { buffer.WriteString(fmt.Sprintf(indent+"Name: %s (Datacenters: %s)\n", svcIdentity.ServiceName, strings.Join(svcIdentity.Datacenters, ", "))) diff --git a/command/acl/token/read/token_read.go b/command/acl/token/read/token_read.go index 885d7d916a..4e66d9ea76 100644 --- a/command/acl/token/read/token_read.go +++ b/command/acl/token/read/token_read.go @@ -5,11 +5,12 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/token" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/acl/token/update/token_update.go b/command/acl/token/update/token_update.go index 4a8b97b4b5..7c9b4f20f2 100644 --- a/command/acl/token/update/token_update.go +++ b/command/acl/token/update/token_update.go @@ -5,11 +5,12 @@ import ( "fmt" "strings" + "github.com/mitchellh/cli" + "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/command/acl/token" "github.com/hashicorp/consul/command/flags" - "github.com/mitchellh/cli" ) func New(ui cli.Ui) *cmd { diff --git a/command/keyring/keyring.go b/command/keyring/keyring.go index 6c73c74297..b2f418c82b 100644 --- a/command/keyring/keyring.go +++ b/command/keyring/keyring.go @@ -7,8 +7,8 @@ import ( "github.com/mitchellh/cli" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent" - "github.com/hashicorp/consul/agent/structs" consulapi "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/flags" ) @@ -202,7 +202,7 @@ func poolName(dc string, wan bool, partition, segment string) string { var suffix string if segment != "" { suffix = fmt.Sprintf(" [%s]", segment) - } else if !structs.IsDefaultPartition(partition) { + } else if !acl.IsDefaultPartition(partition) { suffix = fmt.Sprintf(" [partition: %s]", partition) } return fmt.Sprintf("%s%s:\n", pool, suffix) diff --git a/command/logout/logout_test.go b/command/logout/logout_test.go index 82e82bc037..92520976d7 100644 --- a/command/logout/logout_test.go +++ b/command/logout/logout_test.go @@ -4,15 +4,16 @@ import ( "strings" "testing" + "github.com/hashicorp/go-uuid" + "github.com/mitchellh/cli" + "github.com/stretchr/testify/require" + "github.com/hashicorp/consul/agent" "github.com/hashicorp/consul/agent/consul/authmethod/kubeauth" "github.com/hashicorp/consul/agent/consul/authmethod/testauth" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/acl" "github.com/hashicorp/consul/testrpc" - "github.com/hashicorp/go-uuid" - "github.com/mitchellh/cli" - "github.com/stretchr/testify/require" ) func TestLogout_noTabs(t *testing.T) { diff --git a/command/members/members.go b/command/members/members.go index b7ce700aba..2541799cbc 100644 --- a/command/members/members.go +++ b/command/members/members.go @@ -12,7 +12,7 @@ import ( "github.com/mitchellh/cli" "github.com/ryanuber/columnize" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" consulapi "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/command/flags" ) @@ -94,7 +94,7 @@ func (c *cmd) Run(args []string) int { if member.Tags[consulapi.MemberTagKeyPartition] == "" { member.Tags[consulapi.MemberTagKeyPartition] = "default" } - if structs.IsDefaultPartition(member.Tags[consulapi.MemberTagKeyPartition]) { + if acl.IsDefaultPartition(member.Tags[consulapi.MemberTagKeyPartition]) { if c.segment == consulapi.AllSegments && member.Tags[consulapi.MemberTagKeyRole] == consulapi.MemberTagValueRoleServer { member.Tags[consulapi.MemberTagKeySegment] = "" } else if member.Tags[consulapi.MemberTagKeySegment] == "" { diff --git a/proto/pbcommon/common_oss.go b/proto/pbcommon/common_oss.go index 2dc2026e8e..0df88ec20b 100644 --- a/proto/pbcommon/common_oss.go +++ b/proto/pbcommon/common_oss.go @@ -3,21 +3,19 @@ package pbcommon -import ( - "github.com/hashicorp/consul/agent/structs" -) +import "github.com/hashicorp/consul/acl" var DefaultEnterpriseMeta = &EnterpriseMeta{} -func NewEnterpriseMetaFromStructs(_ structs.EnterpriseMeta) *EnterpriseMeta { +func NewEnterpriseMetaFromStructs(_ acl.EnterpriseMeta) *EnterpriseMeta { return &EnterpriseMeta{} } -func EnterpriseMetaToStructs(s *EnterpriseMeta, t *structs.EnterpriseMeta) { +func EnterpriseMetaToStructs(s *EnterpriseMeta, t *acl.EnterpriseMeta) { if s == nil { return } } -func EnterpriseMetaFromStructs(t *structs.EnterpriseMeta, s *EnterpriseMeta) { +func EnterpriseMetaFromStructs(t *acl.EnterpriseMeta, s *EnterpriseMeta) { if s == nil { return } diff --git a/proto/pbconnect/connect.go b/proto/pbconnect/connect.go index 2b13a12b3f..ae279b31aa 100644 --- a/proto/pbconnect/connect.go +++ b/proto/pbconnect/connect.go @@ -1,6 +1,7 @@ package pbconnect import ( + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/agent/structs" "github.com/hashicorp/consul/proto/pbcommon" ) @@ -29,14 +30,14 @@ func RaftIndexTo(f *pbcommon.RaftIndex) structs.RaftIndex { return *t } -func EnterpriseMetaFrom(f structs.EnterpriseMeta) *pbcommon.EnterpriseMeta { +func EnterpriseMetaFrom(f acl.EnterpriseMeta) *pbcommon.EnterpriseMeta { t := new(pbcommon.EnterpriseMeta) pbcommon.EnterpriseMetaFromStructs(&f, t) return t } -func EnterpriseMetaTo(f *pbcommon.EnterpriseMeta) structs.EnterpriseMeta { - t := new(structs.EnterpriseMeta) +func EnterpriseMetaTo(f *pbcommon.EnterpriseMeta) acl.EnterpriseMeta { + t := new(acl.EnterpriseMeta) pbcommon.EnterpriseMetaToStructs(f, t) return *t } diff --git a/proto/pbservice/convert_oss.go b/proto/pbservice/convert_oss.go index 4efb78bef5..5ecd2f7f45 100644 --- a/proto/pbservice/convert_oss.go +++ b/proto/pbservice/convert_oss.go @@ -4,14 +4,14 @@ package pbservice import ( - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/proto/pbcommon" ) -func EnterpriseMetaToStructs(_ *pbcommon.EnterpriseMeta) structs.EnterpriseMeta { - return structs.EnterpriseMeta{} +func EnterpriseMetaToStructs(_ *pbcommon.EnterpriseMeta) acl.EnterpriseMeta { + return acl.EnterpriseMeta{} } -func NewEnterpriseMetaFromStructs(_ structs.EnterpriseMeta) *pbcommon.EnterpriseMeta { +func NewEnterpriseMetaFromStructs(_ acl.EnterpriseMeta) *pbcommon.EnterpriseMeta { return &pbcommon.EnterpriseMeta{} } diff --git a/proto/pbservice/convert_oss_test.go b/proto/pbservice/convert_oss_test.go index 17717f0588..253da69e51 100644 --- a/proto/pbservice/convert_oss_test.go +++ b/proto/pbservice/convert_oss_test.go @@ -6,8 +6,8 @@ package pbservice import ( fuzz "github.com/google/gofuzz" - "github.com/hashicorp/consul/agent/structs" + "github.com/hashicorp/consul/acl" ) -func randEnterpriseMeta(_ *structs.EnterpriseMeta, _ fuzz.Continue) { +func randEnterpriseMeta(_ *acl.EnterpriseMeta, _ fuzz.Continue) { }