mirror of https://github.com/hashicorp/consul
agent: Changing ACL config names
parent
7e5fdeb64b
commit
9cd9a6bcc4
|
@ -203,10 +203,16 @@ type Config struct {
|
|||
// If this is not set, ACLs are not enabled. Off by default.
|
||||
ACLDatacenter string `mapstructure:"acl_datacenter"`
|
||||
|
||||
// ACLCacheInterval is used to control how long ACLs are cached. This has
|
||||
// ACLTTL is used to control the time-to-live of cached ACLs . This has
|
||||
// a major impact on performance. By default, it is set to 30 seconds.
|
||||
ACLCacheInterval time.Duration `mapstructure:"-"`
|
||||
ACLCacheIntervalRaw string `mapstructure:"acl_cache_interval"`
|
||||
ACLTTL time.Duration `mapstructure:"-"`
|
||||
ACLTTLRaw string `mapstructure:"acl_ttl"`
|
||||
|
||||
// ACLDefaultPolicy is used to control the ACL interaction when
|
||||
// there is no defined policy. This can be "allow" which means
|
||||
// ACLs are used to black-list, or "deny" which means ACLs are
|
||||
// white-lists.
|
||||
ACLDefaultPolicy string `mapstructure:"acl_default_policy"`
|
||||
|
||||
// ACLDownPolicy is used to control the ACL interaction when we cannot
|
||||
// reach the ACLDatacenter and the token is not in the cache.
|
||||
|
@ -270,8 +276,9 @@ func DefaultConfig() *Config {
|
|||
Protocol: consul.ProtocolVersionMax,
|
||||
CheckUpdateInterval: 5 * time.Minute,
|
||||
AEInterval: time.Minute,
|
||||
ACLCacheInterval: 30 * time.Second,
|
||||
ACLTTL: 30 * time.Second,
|
||||
ACLDownPolicy: "extend-cache",
|
||||
ACLDefaultPolicy: "allow",
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -367,12 +374,12 @@ func DecodeConfig(r io.Reader) (*Config, error) {
|
|||
result.CheckUpdateInterval = dur
|
||||
}
|
||||
|
||||
if raw := result.ACLCacheIntervalRaw; raw != "" {
|
||||
if raw := result.ACLTTLRaw; raw != "" {
|
||||
dur, err := time.ParseDuration(raw)
|
||||
if err != nil {
|
||||
return nil, fmt.Errorf("ACLCacheInterval invalid: %v", err)
|
||||
return nil, fmt.Errorf("ACL TTL invalid: %v", err)
|
||||
}
|
||||
result.ACLCacheInterval = dur
|
||||
result.ACLTTL = dur
|
||||
}
|
||||
|
||||
return &result, nil
|
||||
|
@ -623,13 +630,16 @@ func MergeConfig(a, b *Config) *Config {
|
|||
if b.ACLDatacenter != "" {
|
||||
result.ACLDatacenter = b.ACLDatacenter
|
||||
}
|
||||
if b.ACLCacheIntervalRaw != "" {
|
||||
result.ACLCacheInterval = b.ACLCacheInterval
|
||||
result.ACLCacheIntervalRaw = b.ACLCacheIntervalRaw
|
||||
if b.ACLTTLRaw != "" {
|
||||
result.ACLTTL = b.ACLTTL
|
||||
result.ACLTTLRaw = b.ACLTTLRaw
|
||||
}
|
||||
if b.ACLDownPolicy != "" {
|
||||
result.ACLDownPolicy = b.ACLDownPolicy
|
||||
}
|
||||
if b.ACLDefaultPolicy != "" {
|
||||
result.ACLDefaultPolicy = b.ACLDefaultPolicy
|
||||
}
|
||||
|
||||
// Copy the start join addresses
|
||||
result.StartJoin = make([]string, 0, len(a.StartJoin)+len(b.StartJoin))
|
||||
|
|
|
@ -359,7 +359,8 @@ func TestDecodeConfig(t *testing.T) {
|
|||
|
||||
// ACLs
|
||||
input = `{"acl_token": "1234", "acl_datacenter": "dc2",
|
||||
"acl_cache_interval": "60s", "acl_down_policy": "deny"}`
|
||||
"acl_cache_interval": "60s", "acl_down_policy": "deny",
|
||||
"acl_default_policy": "deny"}`
|
||||
config, err = DecodeConfig(bytes.NewReader([]byte(input)))
|
||||
if err != nil {
|
||||
t.Fatalf("err: %s", err)
|
||||
|
@ -377,6 +378,9 @@ func TestDecodeConfig(t *testing.T) {
|
|||
if config.ACLDownPolicy != "deny" {
|
||||
t.Fatalf("bad: %#v", config)
|
||||
}
|
||||
if config.ACLDefaultPolicy != "deny" {
|
||||
t.Fatalf("bad: %#v", config)
|
||||
}
|
||||
}
|
||||
|
||||
func TestDecodeConfig_Service(t *testing.T) {
|
||||
|
@ -526,9 +530,10 @@ func TestMergeConfig(t *testing.T) {
|
|||
CheckUpdateIntervalRaw: "8m",
|
||||
ACLToken: "1234",
|
||||
ACLDatacenter: "dc2",
|
||||
ACLCacheInterval: 15 * time.Second,
|
||||
ACLCacheIntervalRaw: "15s",
|
||||
ACLTTL: 15 * time.Second,
|
||||
ACLTTLRaw: "15s",
|
||||
ACLDownPolicy: "deny",
|
||||
ACLDefaultPolicy: "deny",
|
||||
}
|
||||
|
||||
c := MergeConfig(a, b)
|
||||
|
|
Loading…
Reference in New Issue