mirror of https://github.com/hashicorp/consul
convert indexPolicies in ACLTokens table to the new index (#11011)
parent
584faec6e3
commit
f3f0654038
|
@ -11,57 +11,6 @@ import (
|
|||
pbacl "github.com/hashicorp/consul/proto/pbacl"
|
||||
)
|
||||
|
||||
type TokenPoliciesIndex struct {
|
||||
}
|
||||
|
||||
func (s *TokenPoliciesIndex) FromObject(obj interface{}) (bool, [][]byte, error) {
|
||||
token, ok := obj.(*structs.ACLToken)
|
||||
if !ok {
|
||||
return false, nil, fmt.Errorf("object is not an ACLToken")
|
||||
}
|
||||
|
||||
links := token.Policies
|
||||
|
||||
numLinks := len(links)
|
||||
if numLinks == 0 {
|
||||
return false, nil, nil
|
||||
}
|
||||
|
||||
vals := make([][]byte, 0, numLinks)
|
||||
for _, link := range links {
|
||||
vals = append(vals, []byte(link.ID+"\x00"))
|
||||
}
|
||||
|
||||
return true, vals, nil
|
||||
}
|
||||
|
||||
func (s *TokenPoliciesIndex) FromArgs(args ...interface{}) ([]byte, error) {
|
||||
if len(args) != 1 {
|
||||
return nil, fmt.Errorf("must provide only a single argument")
|
||||
}
|
||||
arg, ok := args[0].(string)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("argument must be a string: %#v", args[0])
|
||||
}
|
||||
// Add the null character as a terminator
|
||||
arg += "\x00"
|
||||
return []byte(arg), nil
|
||||
}
|
||||
|
||||
func (s *TokenPoliciesIndex) PrefixFromArgs(args ...interface{}) ([]byte, error) {
|
||||
val, err := s.FromArgs(args...)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Strip the null terminator, the rest is a prefix
|
||||
n := len(val)
|
||||
if n > 0 {
|
||||
return val[:n-1], nil
|
||||
}
|
||||
return val, nil
|
||||
}
|
||||
|
||||
type TokenRolesIndex struct {
|
||||
}
|
||||
|
||||
|
|
|
@ -86,7 +86,7 @@ func aclTokenListGlobal(tx ReadTxn, _ *structs.EnterpriseMeta) (memdb.ResultIter
|
|||
}
|
||||
|
||||
func aclTokenListByPolicy(tx ReadTxn, policy string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
return tx.Get(tableACLTokens, "policies", policy)
|
||||
return tx.Get(tableACLTokens, indexPolicies, Query{Value: policy})
|
||||
}
|
||||
|
||||
func aclTokenListByRole(tx ReadTxn, role string, _ *structs.EnterpriseMeta) (memdb.ResultIterator, error) {
|
||||
|
|
|
@ -34,6 +34,34 @@ func testIndexerTableACLPolicies() map[string]indexerTestCase {
|
|||
}
|
||||
}
|
||||
|
||||
func testIndexerTableACLTokens() map[string]indexerTestCase {
|
||||
policyID1 := "123e4567-e89a-12d7-a456-426614174001"
|
||||
policyID2 := "123e4567-e89a-12d7-a456-426614174002"
|
||||
obj := &structs.ACLToken{
|
||||
AccessorID: "123e4567-e89a-12d7-a456-426614174abc",
|
||||
SecretID: "123e4567-e89a-12d7-a456-426614174abd",
|
||||
Policies: []structs.ACLTokenPolicyLink{
|
||||
{ID: policyID1}, {ID: policyID2},
|
||||
},
|
||||
}
|
||||
encodedPID1 := []byte{0x12, 0x3e, 0x45, 0x67, 0xe8, 0x9a, 0x12, 0xd7, 0xa4, 0x56, 0x42, 0x66, 0x14, 0x17, 0x40, 0x01}
|
||||
encodedPID2 := []byte{0x12, 0x3e, 0x45, 0x67, 0xe8, 0x9a, 0x12, 0xd7, 0xa4, 0x56, 0x42, 0x66, 0x14, 0x17, 0x40, 0x02}
|
||||
return map[string]indexerTestCase{
|
||||
indexPolicies: {
|
||||
read: indexValue{
|
||||
source: Query{
|
||||
Value: policyID1,
|
||||
},
|
||||
expected: encodedPID1,
|
||||
},
|
||||
writeMulti: indexValueMulti{
|
||||
source: obj,
|
||||
expected: [][]byte{encodedPID1, encodedPID2},
|
||||
},
|
||||
},
|
||||
}
|
||||
}
|
||||
|
||||
func testIndexerTableACLRoles() map[string]indexerTestCase {
|
||||
policyID1 := "123e4567-e89a-12d7-a456-426614174001"
|
||||
policyID2 := "123e4567-e89a-12d7-a456-426614174002"
|
||||
|
|
|
@ -52,7 +52,10 @@ func tokensTableSchema() *memdb.TableSchema {
|
|||
// Need to allow missing for the anonymous token
|
||||
AllowMissing: true,
|
||||
Unique: false,
|
||||
Indexer: &TokenPoliciesIndex{},
|
||||
Indexer: indexerMulti{
|
||||
readIndex: readIndex(indexFromUUIDQuery),
|
||||
writeIndexMulti: writeIndexMulti(indexPoliciesFromACLToken),
|
||||
},
|
||||
},
|
||||
indexRoles: {
|
||||
Name: indexRoles,
|
||||
|
@ -350,3 +353,28 @@ func indexFromStringCaseSensitive(raw interface{}) ([]byte, error) {
|
|||
b.String(q)
|
||||
return b.Bytes(), nil
|
||||
}
|
||||
|
||||
func indexPoliciesFromACLToken(raw interface{}) ([][]byte, error) {
|
||||
token, ok := raw.(*structs.ACLToken)
|
||||
if !ok {
|
||||
return nil, fmt.Errorf("unexpected type %T for structs.ACLToken index", raw)
|
||||
}
|
||||
links := token.Policies
|
||||
|
||||
numLinks := len(links)
|
||||
if numLinks == 0 {
|
||||
return nil, errMissingValueForIndex
|
||||
}
|
||||
|
||||
vals := make([][]byte, numLinks)
|
||||
|
||||
for i, link := range links {
|
||||
id, err := uuidStringToBytes(link.ID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
vals[i] = id
|
||||
}
|
||||
|
||||
return vals, nil
|
||||
}
|
||||
|
|
|
@ -40,6 +40,7 @@ func TestNewDBSchema_Indexers(t *testing.T) {
|
|||
// acl
|
||||
tableACLPolicies: testIndexerTableACLPolicies,
|
||||
tableACLRoles: testIndexerTableACLRoles,
|
||||
tableACLTokens: testIndexerTableACLTokens,
|
||||
// catalog
|
||||
tableChecks: testIndexerTableChecks,
|
||||
tableServices: testIndexerTableServices,
|
||||
|
|
Loading…
Reference in New Issue