github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #905 from maver1ck/master 

Consul prefix services ACLs
pull/912/head
Armon Dadgar 10 years ago
parent
f3a8f907fb 11425734d5
commit
e111c38dc3
2 changed files with 15 additions and 11 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 18
      acl/acl.go
  2. 8
      acl/acl_test.go

18
acl/acl.go
Unescape View File

@ -135,7 +135,7 @@ type PolicyACL struct {
keyRules *radix.Tree
// serviceRules contains the service policies
serviceRules map[string]string
serviceRules *radix.Tree
}
// New is used to construct a policy based ACL from a set of policies
@ -144,7 +144,7 @@ func New(parent ACL, policy *Policy) (*PolicyACL, error) {
p := &PolicyACL{
parent: parent,
keyRules: radix.New(),
serviceRules: make(map[string]string, len(policy.Services)),
serviceRules: radix.New(),
}
// Load the key policy
@ -154,7 +154,7 @@ func New(parent ACL, policy *Policy) (*PolicyACL, error) {
// Load the service policy
for _, sp := range policy.Services {
p.serviceRules[sp.Name] = sp.Policy
p.serviceRules.Insert(sp.Name, sp.Policy)
}
return p, nil
}
@ -231,10 +231,8 @@ func (p *PolicyACL) KeyWritePrefix(prefix string) bool {
// ServiceRead checks if reading (discovery) of a service is allowed
func (p *PolicyACL) ServiceRead(name string) bool {
// Check for an exact rule or catch-all
rule, ok := p.serviceRules[name]
if !ok {
rule, ok = p.serviceRules[""]
}
_, rule, ok := p.serviceRules.LongestPrefix(name)
if ok {
switch rule {
case ServicePolicyWrite:
@ -253,10 +251,8 @@ func (p *PolicyACL) ServiceRead(name string) bool {
// ServiceWrite checks if writing (registering) a service is allowed
func (p *PolicyACL) ServiceWrite(name string) bool {
// Check for an exact rule or catch-all
rule, ok := p.serviceRules[name]
if !ok {
rule, ok = p.serviceRules[""]
}
_, rule, ok := p.serviceRules.LongestPrefix(name)
if ok {
switch rule {
case ServicePolicyWrite:

8
acl/acl_test.go
Unescape View File

@ -127,6 +127,10 @@ func TestPolicyACL(t *testing.T) {
Name: "bar",
Policy: ServicePolicyDeny,
},
&ServicePolicy{
Name: "barfoo",
Policy: ServicePolicyWrite,
},
},
}
acl, err := New(all, policy)
@ -171,6 +175,10 @@ func TestPolicyACL(t *testing.T) {
{"other", true, true},
{"foo", true, false},
{"bar", false, false},
{"foobar", true, false},
{"barfo", false, false},
{"barfoo", true, true},
{"barfoo2", true, true},
}
for _, c := range scases {
if c.read != acl.ServiceRead(c.inp) {

Write Preview
Loading…
Cancel
Save