github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

convert `indexAuthMethod` index to use `indexerSingle` (#11014) 

* convert `Roles` index to use `indexerSingle`

* fix oss build

* split authmethod write indexer to oss and ent

* add auth method unit tests
pull/11015/head
Dhia Ayachi 2021-09-10 16:56:56 -04:00 committed by GitHub
parent b6b4080dfb
commit ba4ee6e67c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 65 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
agent/consul/state/acl_oss.go
View File

@ -4,6 +4,7 @@ package state
import ( import (
"fmt" "fmt"
"strings"
memdb "github.com/hashicorp/go-memdb" memdb "github.com/hashicorp/go-memdb"
@ -94,7 +95,7 @@ func aclTokenListByRole(tx ReadTxn, role string, _ *structs.EnterpriseMeta) (mem
} }
func aclTokenListByAuthMethod(tx ReadTxn, authMethod string, _, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) { func aclTokenListByAuthMethod(tx ReadTxn, authMethod string, _, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
return tx.Get(tableACLTokens, "authmethod", authMethod) return tx.Get(tableACLTokens, indexAuthMethod, AuthMethodQuery{Value: authMethod})
} }
func aclTokenDeleteWithToken(tx WriteTxn, token *structs.ACLToken, idx uint64) error { func aclTokenDeleteWithToken(tx WriteTxn, token *structs.ACLToken, idx uint64) error {
@ -273,3 +274,19 @@ func aclAuthMethodUpsertValidateEnterprise(_ ReadTxn, method *structs.ACLAuthMet
func (s *Store) ACLAuthMethodUpsertValidateEnterprise(method *structs.ACLAuthMethod, existing *structs.ACLAuthMethod) error { func (s *Store) ACLAuthMethodUpsertValidateEnterprise(method *structs.ACLAuthMethod, existing *structs.ACLAuthMethod) error {
return nil return nil
} }
func indexAuthMethodFromACLToken(raw interface{}) ([]byte, error) {
p, ok := raw.(*structs.ACLToken)
if !ok {
return nil, fmt.Errorf("unexpected type %T for structs.ACLToken index", raw)
}
if p.AuthMethod == "" {
return nil, errMissingValueForIndex
}
var b indexBuilder
b.String(strings.ToLower(p.AuthMethod))
return b.Bytes(), nil
}

13
agent/consul/state/acl_oss_test.go
View File

@ -49,6 +49,7 @@ func testIndexerTableACLTokens() map[string]indexerTestCase {
Roles: []structs.ACLTokenRoleLink{ Roles: []structs.ACLTokenRoleLink{
{ID: roleID1}, {ID: roleID2}, {ID: roleID1}, {ID: roleID2},
}, },
AuthMethod: "test-Auth-Method",
} }
encodedPID1 := []byte{0x12, 0x3e, 0x45, 0x67, 0xe8, 0x9a, 0x12, 0xd7, 0xa4, 0x56, 0x42, 0x66, 0x14, 0x17, 0x40, 0x01} encodedPID1 := []byte{0x12, 0x3e, 0x45, 0x67, 0xe8, 0x9a, 0x12, 0xd7, 0xa4, 0x56, 0x42, 0x66, 0x14, 0x17, 0x40, 0x01}
encodedPID2 := []byte{0x12, 0x3e, 0x45, 0x67, 0xe8, 0x9a, 0x12, 0xd7, 0xa4, 0x56, 0x42, 0x66, 0x14, 0x17, 0x40, 0x02} encodedPID2 := []byte{0x12, 0x3e, 0x45, 0x67, 0xe8, 0x9a, 0x12, 0xd7, 0xa4, 0x56, 0x42, 0x66, 0x14, 0x17, 0x40, 0x02}
@ -79,6 +80,18 @@ func testIndexerTableACLTokens() map[string]indexerTestCase {
expected: [][]byte{encodedRID1, encodedRID2}, expected: [][]byte{encodedRID1, encodedRID2},
}, },
}, },
indexAuthMethod: {
read: indexValue{
source: AuthMethodQuery{
Value: "test-Auth-Method",
},
expected: []byte("test-auth-method\x00"),
},
write: indexValue{
source: obj,
expected: []byte("test-auth-method\x00"),
},
},
} }
} }

6
agent/consul/state/acl_schema.go
View File

@ -70,9 +70,9 @@ func tokensTableSchema() *memdb.TableSchema {
Name: indexAuthMethod, Name: indexAuthMethod,
AllowMissing: true, AllowMissing: true,
Unique: false, Unique: false,
Indexer: &memdb.StringFieldIndex{ Indexer: indexerSingle{
Field: "AuthMethod", readIndex: readIndex(indexFromAuthMethodQuery),
Lowercase: false, writeIndex: writeIndex(indexAuthMethodFromACLToken),
}, },
}, },
indexLocal: { indexLocal: {

18
agent/consul/state/query.go
View File

@ -128,3 +128,21 @@ func indexFromKeyValueQuery(arg interface{}) ([]byte, error) {
b.String(q.Value) b.String(q.Value)
return b.Bytes(), nil return b.Bytes(), nil
} }
type AuthMethodQuery struct {
Value string
AuthMethodEntMeta structs.EnterpriseMeta
structs.EnterpriseMeta
}
// NamespaceOrDefault exists because structs.EnterpriseMeta uses a pointer
// receiver for this method. Remove once that is fixed.
func (q AuthMethodQuery) NamespaceOrDefault() string {
return q.EnterpriseMeta.NamespaceOrDefault()
}
// PartitionOrDefault exists because structs.EnterpriseMeta uses a pointer
// receiver for this method. Remove once that is fixed.
func (q AuthMethodQuery) PartitionOrDefault() string {
return q.EnterpriseMeta.PartitionOrDefault()
}

13
agent/consul/state/query_oss.go
View File

@ -42,3 +42,16 @@ func prefixIndexFromServiceNameAsString(arg interface{}) ([]byte, error) {
return nil, fmt.Errorf("unexpected type %T for Query prefix index", arg) return nil, fmt.Errorf("unexpected type %T for Query prefix index", arg)
} }
// indexFromAuthMethodQuery builds an index key where Query.Value is lowercase, and is
// a required value.
func indexFromAuthMethodQuery(arg interface{}) ([]byte, error) {
q, ok := arg.(AuthMethodQuery)
if !ok {
return nil, fmt.Errorf("unexpected type %T for Query index", arg)
}
var b indexBuilder
b.String(strings.ToLower(q.Value))
return b.Bytes(), nil
}