|
|
|
@ -203,10 +203,16 @@ type Config struct {
|
|
|
|
// If this is not set, ACLs are not enabled. Off by default.
|
|
|
|
// If this is not set, ACLs are not enabled. Off by default.
|
|
|
|
ACLDatacenter string `mapstructure:"acl_datacenter"`
|
|
|
|
ACLDatacenter string `mapstructure:"acl_datacenter"`
|
|
|
|
|
|
|
|
|
|
|
|
// ACLCacheInterval is used to control how long ACLs are cached. This has
|
|
|
|
// ACLTTL is used to control the time-to-live of cached ACLs . This has
|
|
|
|
// a major impact on performance. By default, it is set to 30 seconds.
|
|
|
|
// a major impact on performance. By default, it is set to 30 seconds.
|
|
|
|
ACLCacheInterval time.Duration `mapstructure:"-"`
|
|
|
|
ACLTTL time.Duration `mapstructure:"-"`
|
|
|
|
ACLCacheIntervalRaw string `mapstructure:"acl_cache_interval"`
|
|
|
|
ACLTTLRaw string `mapstructure:"acl_ttl"`
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// ACLDefaultPolicy is used to control the ACL interaction when
|
|
|
|
|
|
|
|
// there is no defined policy. This can be "allow" which means
|
|
|
|
|
|
|
|
// ACLs are used to black-list, or "deny" which means ACLs are
|
|
|
|
|
|
|
|
// white-lists.
|
|
|
|
|
|
|
|
ACLDefaultPolicy string `mapstructure:"acl_default_policy"`
|
|
|
|
|
|
|
|
|
|
|
|
// ACLDownPolicy is used to control the ACL interaction when we cannot
|
|
|
|
// ACLDownPolicy is used to control the ACL interaction when we cannot
|
|
|
|
// reach the ACLDatacenter and the token is not in the cache.
|
|
|
|
// reach the ACLDatacenter and the token is not in the cache.
|
|
|
|
@ -270,8 +276,9 @@ func DefaultConfig() *Config {
|
|
|
|
Protocol: consul.ProtocolVersionMax,
|
|
|
|
Protocol: consul.ProtocolVersionMax,
|
|
|
|
CheckUpdateInterval: 5 * time.Minute,
|
|
|
|
CheckUpdateInterval: 5 * time.Minute,
|
|
|
|
AEInterval: time.Minute,
|
|
|
|
AEInterval: time.Minute,
|
|
|
|
ACLCacheInterval: 30 * time.Second,
|
|
|
|
ACLTTL: 30 * time.Second,
|
|
|
|
ACLDownPolicy: "extend-cache",
|
|
|
|
ACLDownPolicy: "extend-cache",
|
|
|
|
|
|
|
|
ACLDefaultPolicy: "allow",
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@ -367,12 +374,12 @@ func DecodeConfig(r io.Reader) (*Config, error) {
|
|
|
|
result.CheckUpdateInterval = dur
|
|
|
|
result.CheckUpdateInterval = dur
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
if raw := result.ACLCacheIntervalRaw; raw != "" {
|
|
|
|
if raw := result.ACLTTLRaw; raw != "" {
|
|
|
|
dur, err := time.ParseDuration(raw)
|
|
|
|
dur, err := time.ParseDuration(raw)
|
|
|
|
if err != nil {
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("ACLCacheInterval invalid: %v", err)
|
|
|
|
return nil, fmt.Errorf("ACL TTL invalid: %v", err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
result.ACLCacheInterval = dur
|
|
|
|
result.ACLTTL = dur
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
return &result, nil
|
|
|
|
return &result, nil
|
|
|
|
@ -623,13 +630,16 @@ func MergeConfig(a, b *Config) *Config {
|
|
|
|
if b.ACLDatacenter != "" {
|
|
|
|
if b.ACLDatacenter != "" {
|
|
|
|
result.ACLDatacenter = b.ACLDatacenter
|
|
|
|
result.ACLDatacenter = b.ACLDatacenter
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if b.ACLCacheIntervalRaw != "" {
|
|
|
|
if b.ACLTTLRaw != "" {
|
|
|
|
result.ACLCacheInterval = b.ACLCacheInterval
|
|
|
|
result.ACLTTL = b.ACLTTL
|
|
|
|
result.ACLCacheIntervalRaw = b.ACLCacheIntervalRaw
|
|
|
|
result.ACLTTLRaw = b.ACLTTLRaw
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if b.ACLDownPolicy != "" {
|
|
|
|
if b.ACLDownPolicy != "" {
|
|
|
|
result.ACLDownPolicy = b.ACLDownPolicy
|
|
|
|
result.ACLDownPolicy = b.ACLDownPolicy
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if b.ACLDefaultPolicy != "" {
|
|
|
|
|
|
|
|
result.ACLDefaultPolicy = b.ACLDefaultPolicy
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Copy the start join addresses
|
|
|
|
// Copy the start join addresses
|
|
|
|
result.StartJoin = make([]string, 0, len(a.StartJoin)+len(b.StartJoin))
|
|
|
|
result.StartJoin = make([]string, 0, len(a.StartJoin)+len(b.StartJoin))
|
|
|
|
|
Armon Dadgar
10 years ago